Ubuntu "phones home" to Amazon etc !!!

Discussion in 'privacy problems' started by mirimir, Oct 11, 2012.

Thread Status:
Not open for further replies.
  1. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,025
    I don't know how I could have missed this!

    I just saw it in "Canonical asks desktop users to 'pay what you think Ubuntu is worth'" https://www.wilderssecurity.com/showthread.php?p=2129134#post2129134 .

    The Unity Dash forwards your searches to Amazon! Packets to Canonical's servers are not encrypted. Although Canonical supposedly doesn't share your identity with Amazon, Amazon does see the search terms, which might include sensitive information.

    There will reportedly be a kill switch for such searching in the 12.10 release.

    For now, you must run "sudo apt-get purge unity-lens-shopping". But that doesn't stop searches to their online One store.

    I may stop using Ubuntu over this. At least, Unity must go. I am gobsmacked!

    Here are some links:

    Mark Shuttleworth Explains Ubuntu’s New ‘Amazon Suggestions’ Feature
    -http://www.omgubuntu.co.uk/2012/09/mark-shuttleworth-explains-ubuntus-new-amazon-adware-feature-

    Ubuntu privacy blunder over Amazon ads continues
    -https://perot.me/ubuntu-privacy-blunder-over-amazon-ads-continues-

    Ubuntu Adds ‘Amazon Results’ Off Switch, Fixes NSFW Issues
    -http://www.omgubuntu.co.uk//2012/10/ubuntu-adds-amazon-results-off-switch-fixes-nsfw-issues-
     
  2. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    Well I hope you weren't one of those who, without realizing it, had local/private searches shared with both Canonical and Amazon.

    I don't think an OS vendor injecting themselves as an affiliate in merchant searches/transactions is a desirable model.
     
  3. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,413
    Yeah it's sad they have to do this. It just shows you they need the revenue.
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,025
    I don't care about the advertising angle. It's just mind boggling that such a huge privacy hole made it so close to the 12.10 release before someone caught it.

    Dash searches in Unity have always gone to the Canonical store. But, as Mark Shuttleworth noted, they have root anyway, so I might as well trust them.
     
  5. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Disabling this is as easy as disabling any other logging feature. Open Dash and type "privacy" - you get to control everything.

    Remember - anything typed in the Dash already goes to Canonical to search for relevant applications.

    I don't think this is sketchy at all. Frankly, it's one of the most overhyped situations I've seen in recent history.
     
  6. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,413
    Just money hungry, we must squeeze as much revenue as possible out of every consumer.
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,025
    Sharing information with third parties should always be opt-in.
     
  8. tlu

    tlu Guest

    While I generally agree with that, and while I agree that it's a bit questionable how this new feature is implemented (although changes might be coming, and a legal disclaimer has been added), calling this "phoning home" is pure sensationalism implying that this is equivalent to adware under Windows.

    Hungry is right in saying that this is "one of the most overhyped situations I've seen in recent history".
     
  9. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,871
    Not everything in life is free!!!:ninja:
     
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,025
    I posted in anger, I admit. However, communicating users' Dash searches to third parties, without warning, would be "phoning home" to them. I don't get how you can say that it wouldn't be. I'm not saying that it was malicious. It's just that they obviously weren't thinking about privacy when they designed it.

    The best approach, I think, would be making Dash searches purely local by default, with options of adding other sources (Canonical, Google, Amazon, etc). If I use the Software Center, I expect that it will query Canonical, because I'm looking for something that I don't already have. And I use a browser to search the Web. Why does Dash need to replicate all that, in addition to finding stuff locally?
     
  11. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    All they should really do is assign each user a random nonidentifying address and have the searches go through Canonical.

    This eliminates any privacy concern that might be there.

    I'm pretty sure they've already stated no private information is sent, just the search terms.
     
  12. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    I wasn't sure how to interpret that, so I pulled out the 11.10 and 12.04.1 discs I created for the rare occasion I want to boot with an alternate OS when doing (offline) troubleshooting. When searching via the Home Lens I only got local files and local applications. I had a sniffer inline and verified there was no network traffic. Even when searching via the Applications Lens I saw no network lookups (somewhere I saw someone say there was a local cache of available apps). There were online lookups when using the Music Lens. I didn't bother testing the Video Lens.

    The obvious concern would be the default lens... the Home Lens... in default configuration sending something off the local machine. I didn't see that happen with those previous versions. If you think it can and I somehow failed to trigger it, I would appreciate you telling me so.
     
  13. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,025
    @TheWindBringeth

    I haven't checked with Wireshark etc. In 11.10 I see non-local results in Apps and Music. I don't see anything non-local in the Home Lens.

    It's good to know that Music searches aren't done until you open the Lens :)
     
  14. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    @mirimir: Someone wanted my sniffing box so I made the testing brief. Can you search for local music OK with just the Home Lens or do you have to use the Music Lens to search for some things (artist tag for example)?
     
  15. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,025
    @TheWindBringeth

    I'm not the one to ask. I only use Dash to open apps.
     
  16. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    As a very privacy conscious person, I don't see a big deal with this. Canonical needs revenue, so I am willing to tolerate Amazon searches. If this were M$ or Apple, yeah I might be a bit outraged. But Canonical gives everyone an OS for free.

    If you don't like it, you are always welcome to send Canonical a donation, or buy music from their store or sign up for a premium Ubuntu One account. Besides, you can turn this functionality off completely.
     
Loading...
Thread Status:
Not open for further replies.