Trixbox Phone Home

At work we use tons of open source software. Off the top of my head, I can name15:

  1. Gentoo, both desktop and server
  2. Apache 2
  3. Subversion
  4. MySQL
  5. OpenLDAP
  6. Zend Framework
  7. phpMyAdmin
  8. phpLDAPadmin
  9. MediaWiki
  10. Aptana
  11. PuTTy
  12. Mozilla Firefox
  13. Mozilla Thunderbird
  14. Open Office
  15. trixbox

That last one, trixbox, made the news recently when it was recently discovered that the software contacts a Fonality server once every 24 hours by itself. This process sends information about the hardware setup it’s running on and a few configuration details. This is all done via allowing a remote server to execute root-privileged commands on the local box. You can read this forum thread for more details.

The problem here is mainly that no one knew any of this was happening. So, naturally, when people find out about it, they feel duped. Now, this certainly should have been a better described “feature”, sure. But, I’m not overly concerned about it. The script doesn’t gather anything like phone numbers or email addresses. The theoretical problem is if this “feature” was abused in some way. It looks like their in the process of updating this part of their system and I’m satisfied with the changes they’re making to correct the potential problems with it.

Leave a Reply

Your email address will not be published. Required fields are marked *