| --- |
| description: Detect known spyware packages and suggest removal |
| tags: [security, spyware, privacy, audit, project, gitignored] |
| --- |
| |
| You are helping the user identify any software known to contain spyware or privacy issues. |
|
|
| ## Process |
|
|
| 1. **Check for known problematic software** |
| - Scan installed packages against known spyware list |
| - Common categories to check: |
| - Browser extensions |
| - "Free" VPN applications |
| - Screen recorders with telemetry |
| - System "optimizers" |
| - Certain proprietary drivers |
|
|
| 2. **Check for telemetry in common applications** |
| - VS Code vs VSCodium (telemetry difference) |
| - Ubuntu's whoopsie (error reporting) |
| - Canonical's snapd telemetry |
| - Google Chrome vs Chromium |
|
|
| 3. **Network activity monitoring** |
| - Check for suspicious outbound connections: `sudo netstat -tupn | grep ESTABLISHED` |
| - Identify processes making external connections |
| - Suggest using `wireshark` or `tcpdump` for deeper analysis |
|
|
| 4. **Known spyware patterns to check** |
| - Red Star OS components (North Korean) |
| - Chinese software with known backdoors |
| - Certain "free" antivirus software |
| - Keyloggers disguised as utilities |
| - Browser hijackers |
|
|
| 5. **Privacy-concerning legitimate software** |
| - Software with excessive telemetry: |
| - Ubuntu's apport (crash reporting) |
| - popularity-contest |
| - Some proprietary drivers |
| - Suggest privacy-respecting alternatives |
|
|
| 6. **Browser extension audit** |
| - Check Chrome/Firefox extension directories |
| - Identify extensions with excessive permissions |
| - Flag abandoned extensions (security risk) |
|
|
| 7. **Suggest privacy-focused alternatives** |
| - VS Code → VSCodium |
| - Chrome → Chromium or Firefox |
| - Zoom → Jitsi |
| - Windows telemetry remnants if dual-boot |
|
|
| ## Output |
|
|
| Provide a report showing: |
| - Any detected spyware (with severity level) |
| - Privacy-concerning software with excessive telemetry |
| - Suspicious network connections |
| - Recommended actions for each finding |
| - Privacy-focused alternatives to suggest |
|
|
