[Bug 1200934] Re: evolution-source-registry crashed with SIGSEGV in g_hash_table_lookup()
** Changed in: ubuntu-gnome Status: Expired = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1200934 Title: evolution-source-registry crashed with SIGSEGV in g_hash_table_lookup() To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-gnome/+bug/1200934/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1312673] Re: software-properties-gtk crashed with aptsources.distro.NoDistroTemplateException in get_sources(): Error: could not find a distribution template for Ubuntu/utopic
** Changed in: software-properties (Ubuntu) Assignee: (unassigned) = Mike Davis (mdavi86) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1312673 Title: software-properties-gtk crashed with aptsources.distro.NoDistroTemplateException in get_sources(): Error: could not find a distribution template for Ubuntu/utopic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1312673/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1073114] Online Smart Scopes Do Not Respect User Privacy
I do not agree, this bug has not been solved and should remain open.. as titled the “bug” is “online smart scopes do not respect user privacy” and from what i can tell; the new setup still does not respect user privacy.. keystrokes typed in search are still sent to canonical services (correct me if i’m wrong). and the scopes scope is still opt-out.. and does not appear to address the EFF’s concerns at all.. Mike Davis IOA On Mar 31, 2014, at 9:34 PM, Benjamin Kerensa 1073...@bugs.launchpad.net wrote: @mlaverdiere: I agree this announcement addresses any privacy concerns users should have do we have a likely milestone to attach it to and is it worth marking Fix Committed? ** Changed in: libunity (Ubuntu Quantal) Status: Confirmed = Won't Fix ** Changed in: libunity (Ubuntu Raring) Status: Confirmed = Won't Fix ** Changed in: unity-lens-shopping (Ubuntu Quantal) Status: Confirmed = Won't Fix ** Changed in: unity-lens-shopping (Ubuntu Raring) Status: Confirmed = Won't Fix ** Changed in: unity-lens-shopping (Ubuntu) Milestone: None = later ** Changed in: libunity (Ubuntu) Milestone: None = later ** Changed in: unity-lens-shopping (Ubuntu) Status: Confirmed = In Progress ** Changed in: libunity (Ubuntu) Status: Confirmed = In Progress -- You received this bug notification because you are subscribed to a duplicate bug report (1074780). https://bugs.launchpad.net/bugs/1073114 Title: Online Smart Scopes Do Not Respect User Privacy Status in “libunity” package in Ubuntu: In Progress Status in “unity-lens-shopping” package in Ubuntu: In Progress Status in “libunity” source package in Quantal: Won't Fix Status in “unity-lens-shopping” source package in Quantal: Won't Fix Status in “libunity” source package in Raring: Won't Fix Status in “unity-lens-shopping” source package in Raring: Won't Fix Bug description: See this from the Electronic Frontier Foundation (EFF), a well respected international non-profit digital rights advocacy and legal organization (as described on Wikipedia): https://www.eff.org/deeplinks/2012/10/privacy-ubuntu-1210-amazon-ads- and-data-leaks Obviously, despite some improvements that have came late in the 12.10 development cycle, there are still serious privacy concerns with the unity shopping lens. To be more precise, here are the main problems to be fixed according to EFF: - Disable Include online search results by default. - Explain in detail what Canonical does with search queries and IP addresses, how long it stores them, and in what circumstances it gives them to third parties. - Make the Search Results tab of the Privacy settings let users toggle on and off specific online search results, as some users might want Amazon products in their search results, but never anything from Facebook. Here is another related bug: #1055952 Direct data leaking to Amazon: https://bugs.launchpad.net/ubuntu/+source/unity-lens- shopping/+bug/1055952 ProblemType: Bug DistroRelease: Ubuntu 12.10 Package: unity-lens-shopping 6.8.0-0ubuntu1 Uname: Linux 3.5.6-030506-generic x86_64 NonfreeKernelModules: wl ApportVersion: 2.6.1-0ubuntu6 Architecture: amd64 Date: Tue Oct 30 06:35:38 2012 InstallationDate: Installed on 2012-02-12 (260 days ago) InstallationMedia: Ubuntu 11.10 Oneiric Ocelot - Release amd64 (20111012) MarkForUpload: True SourcePackage: unity-lens-shopping UpgradeStatus: Upgraded to quantal on 2012-09-28 (31 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libunity/+bug/1073114/+subscriptions -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1073114 Title: Online Smart Scopes Do Not Respect User Privacy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libunity/+bug/1073114/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1200934] Re: evolution-source-registry crashed with SIGSEGV in g_hash_table_lookup()
** Also affects: ubuntu Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1200934 Title: evolution-source-registry crashed with SIGSEGV in g_hash_table_lookup() To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-gnome/+bug/1200934/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1200934] Re: evolution-source-registry crashed with SIGSEGV in g_hash_table_lookup()
** Changed in: ubuntu Status: New = Confirmed ** No longer affects: ubuntu ** Also affects: ubuntu Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1200934 Title: evolution-source-registry crashed with SIGSEGV in g_hash_table_lookup() To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-gnome/+bug/1200934/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1073114] Shopping Lens Does Not Respect User Privacy
FIX: I have begun advocating alternate distributions after mr shuttleworth's most recent statements on the direction of the fix. to date, there has been no public announcement (by ubuntu) on the dangers presented to users by the addition of the lens which has been done for many other applications not directly produced by ubuntu. if i were to put my cynical hat on i might believe that this shyness might be due to some financial incentive provided by the lens (or the consumers of its data).. but to date no one has confirmed or denied that the lens functions primarily as a fund raising mechanism.. instead this feature is pitched as something the community wants.. Instead the fixes seem to be centered around sneaky legal maneuvers like implied consent; and temporary disablement of the plugin for any given session rather then opt-in or easy, permanent, removal. frankly, i think it shows a lack of respect for the community and i'm deeply concerned that this is the direction being taken from the top of the organization; I'm moving on. maybe you should too. -mike On Feb 8, 2013, at 7:42 AM, ctvoigt 1073...@bugs.launchpad.net wrote: a cool feature, but should not be activated by default. or: the lens perhaps could be implemented the way, that result query (privacy lag) is sent when the shopping area is clicked the first time -- You received this bug notification because you are subscribed to a duplicate bug report (1074780). https://bugs.launchpad.net/bugs/1073114 Title: Shopping Lens Does Not Respect User Privacy Status in “libunity” package in Ubuntu: Confirmed Status in “unity-lens-shopping” package in Ubuntu: Confirmed Status in “libunity” source package in Quantal: Confirmed Status in “unity-lens-shopping” source package in Quantal: Confirmed Status in “libunity” source package in Raring: Confirmed Status in “unity-lens-shopping” source package in Raring: Confirmed Bug description: See this from the Electronic Frontier Foundation (EFF), a well respected international non-profit digital rights advocacy and legal organization (as described on Wikipedia): https://www.eff.org/deeplinks/2012/10/privacy-ubuntu-1210-amazon-ads- and-data-leaks Obviously, despite some improvements that have came late in the 12.10 development cycle, there are still serious privacy concerns with the unity shopping lens. To be more precise, here are the main problems to be fixed according to EFF: - Disable Include online search results by default. - Explain in detail what Canonical does with search queries and IP addresses, how long it stores them, and in what circumstances it gives them to third parties. - Make the Search Results tab of the Privacy settings let users toggle on and off specific online search results, as some users might want Amazon products in their search results, but never anything from Facebook. Here is another related bug: #1055952 Direct data leaking to Amazon: https://bugs.launchpad.net/ubuntu/+source/unity-lens- shopping/+bug/1055952 ProblemType: Bug DistroRelease: Ubuntu 12.10 Package: unity-lens-shopping 6.8.0-0ubuntu1 Uname: Linux 3.5.6-030506-generic x86_64 NonfreeKernelModules: wl ApportVersion: 2.6.1-0ubuntu6 Architecture: amd64 Date: Tue Oct 30 06:35:38 2012 InstallationDate: Installed on 2012-02-12 (260 days ago) InstallationMedia: Ubuntu 11.10 Oneiric Ocelot - Release amd64 (20111012) MarkForUpload: True SourcePackage: unity-lens-shopping UpgradeStatus: Upgraded to quantal on 2012-09-28 (31 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libunity/+bug/1073114/+subscriptions -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1073114 Title: Shopping Lens Does Not Respect User Privacy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libunity/+bug/1073114/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1073114] Re: Shopping Lens Does Not Respect User Privacy
While I agree that things must remain civil, your comment implies a dialogue that just doesn't seem to be happening to get the issue fixed. So far the EFF has proposed a series of fixes that i think are reasonable compromises to fix this bug but we have yet to hear a real response plan from those maintaining the package.. and for that matter..why hasn't notice for these issues made it out to ubuntu security notices as otherhttp://packetstormsecurity.com/files/113307/USN-1465-1.txt sslhttp://packetstormsecurity.com/files/113306/USN-1465-2.txt / privacyhttp://www.ubuntu.com/usn/usn-1619-1/ bugs have on 12.10 so that users can take appropriate steps to mitigate? -mike On Jan 8, 2013, at 4:39 PM, Benjamin Kerensa bkere...@ubuntu.commailto:bkere...@ubuntu.com wrote: @papukaija: Please be mindful of the Ubuntu Code of Conduct. Bugs do not exist to argue but instead to resolve a issue with software. -- You received this bug notification because you are subscribed to a duplicate bug report (1074780). https://bugs.launchpad.net/bugs/1073114 Title: Shopping Lens Does Not Respect User Privacy Status in “libunity” package in Ubuntu: Confirmed Status in “unity-lens-shopping” package in Ubuntu: Confirmed Status in “libunity” source package in Quantal: Confirmed Status in “unity-lens-shopping” source package in Quantal: Confirmed Status in “libunity” source package in Raring: Confirmed Status in “unity-lens-shopping” source package in Raring: Confirmed Bug description: See this from the Electronic Frontier Foundation (EFF), a well respected international non-profit digital rights advocacy and legal organization (as described on Wikipedia): https://www.eff.org/deeplinks/2012/10/privacy-ubuntu-1210-amazon-ads- and-data-leaks Obviously, despite some improvements that have came late in the 12.10 development cycle, there are still serious privacy concerns with the unity shopping lens. To be more precise, here are the main problems to be fixed according to EFF: - Disable Include online search results by default. - Explain in detail what Canonical does with search queries and IP addresses, how long it stores them, and in what circumstances it gives them to third parties. - Make the Search Results tab of the Privacy settings let users toggle on and off specific online search results, as some users might want Amazon products in their search results, but never anything from Facebook. Here is another related bug: #1055952 Direct data leaking to Amazon: https://bugs.launchpad.net/ubuntu/+source/unity-lens- shopping/+bug/1055952 ProblemType: Bug DistroRelease: Ubuntu 12.10 Package: unity-lens-shopping 6.8.0-0ubuntu1 Uname: Linux 3.5.6-030506-generic x86_64 NonfreeKernelModules: wl ApportVersion: 2.6.1-0ubuntu6 Architecture: amd64 Date: Tue Oct 30 06:35:38 2012 InstallationDate: Installed on 2012-02-12 (260 days ago) InstallationMedia: Ubuntu 11.10 Oneiric Ocelot - Release amd64 (20111012) MarkForUpload: True SourcePackage: unity-lens-shopping UpgradeStatus: Upgraded to quantal on 2012-09-28 (31 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libunity/+bug/1073114/+subscriptions -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1073114 Title: Shopping Lens Does Not Respect User Privacy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libunity/+bug/1073114/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1074780] Re: lens searches can be unmasked by local network sniffing
*** This bug is a duplicate of bug 1073114 *** https://bugs.launchpad.net/bugs/1073114 This bug has been mislabeled as a dupe of 1074780 which calls out privacy settings. My bug is an implementation bug in which the lens fails to protect searches in the way it /attempts/ to by utilizing ssl for the request. One bug is about you not respecting my privacy. The other is how you failed at implementing a feature. -mike On Nov 14, 2012, at 6:15 PM, Benjamin Kerensa bkere...@ubuntu.com wrote: *** This bug is a duplicate of bug 1073114 *** https://bugs.launchpad.net/bugs/1073114 ** This bug has been marked a duplicate of bug 1073114 Shopping Lens Does Not Respect User Privacy -- You received this bug notification because you are subscribed to the bug report. https://bugs.launchpad.net/bugs/1074780 Title: lens searches can be unmasked by local network sniffing Status in “unity-lens-shopping” package in Ubuntu: Confirmed Bug description: first i want to say that the default nature of the amazon spam plugin really is a violation of the community trust, and I highly advocate the EFF's position on this plugin.. the user should have the choice *before* their information is reported to some entity on the internet.. issue: while its true that the lens encrypts search queries to the productsearch.ubuntu.com server, the subsequent fetch of the image links within the search results and the algorithmicly generated nature of the results on the server allow a local network user to sniff the network for HTTP get requests to the ubuntu server to unmask either the exact search term, or a closely related terms of an ubuntu user. how this works in the real world: an eve precaches the search results using a word list and parses the json results and notes which and how many image results were provided for a particular word of interest.. eve then sniffs the network looking for bursts of image requests, the attacker then compares the block of image requests to the results that were cached earlier and and scores the results. the search term (or closely related search term) is then revealed an attacker can also choose to build the dictionary after the initial packet sniffing so long as the server cached contents havnt shifted significantly .. though it is likely the results would still me similar enough to score the results for a best fit. an example: eve has a database filled by requesting a list of interesting search terms, below is the query for diapers: phar@thing:~/ubuntu curl https://productsearch.ubuntu.com/v1/search?q=diapers 2 /dev/null | grep ecx.images-amazon.com | grep SL160 http://ecx.images-amazon.com/images/I/41w92ZKCHBL._SL160_.jpg; http://ecx.images-amazon.com/images/I/51xRI9n2puL._SL160_.jpg; http://ecx.images-amazon.com/images/I/516o3TWAOBL._SL160_.jpg;, http://ecx.images-amazon.com/images/I/5197vs3wtvL._SL160_.jpg;, http://ecx.images-amazon.com/images/I/51UEzvC7X9L._SL160_.jpg;, http://ecx.images-amazon.com/images/I/51ZFlIGw0DL._SL160_.jpg;, http://ecx.images-amazon.com/images/I/51b3JCCi6RL._SL160_.jpg;, http://ecx.images-amazon.com/images/I/51p7qujvx2L._SL160_.jpg; http://ecx.images-amazon.com/images/I/51tV-ZBj2aL._SL160_.jpg; http://ecx.images-amazon.com/images/I/41T4yIgZzNL._SL160_.jpg;, http://ecx.images-amazon.com/images/I/41gmpjcLEuL._SL160_.jpg;, http://ecx.images-amazon.com/images/I/41lX0WGGOrL._SL160_.jpg;, http://ecx.images-amazon.com/images/I/41qoOh5-jqL._SL160_.jpg;, http://ecx.images-amazon.com/images/I/5167DrJVUEL._SL160_.jpg;, http://ecx.images-amazon.com/images/I/51iitgcf%2BvL._SL160_.jpg; http://ecx.images-amazon.com/images/I/51LCvCjDnOL._SL160_.jpg; http://ecx.images-amazon.com/images/I/51M7z0dUXDL._SL160_.jpg; http://ecx.images-amazon.com/images/I/41QtRL2VlXL._SL160_.jpg;, http://ecx.images-amazon.com/images/I/51gD2PgaJ9L._SL160_.jpg; http://ecx.images-amazon.com/images/I/51MS7z8oHhL._SL160_.jpg; http://ecx.images-amazon.com/images/I/51eO4S5QRiL._SL160_.jpg; now, eve sniffs the network looking for a closly related burst of image queries: phar@thing:~/ubuntu sudo ngrep GET -S 50 -d eth1 -q -t interface: eth1 (192.168.1.0/255.255.255.0) match: GET T 2012/11/03 16:52:57.664091 192.168.1.7:53387 - 54.240.188.195:80 [AP] GET /images/I/410xVwYbA9L._SL160_.jpg HTTP/1.1..Ho T 2012/11/03 16:52:57.668615 192.168.1.7:46213 - 54.240.188.34:80 [AP] GET /images/I/21Ke7hDgllL._SL160_.jpg HTTP/1.1..Ho
[Bug 1074780] [NEW] lens searches can be unmasked by local network sniffing
Public bug reported: first i want to say that the default nature of the amazon spam plugin really is a violation of the community trust, and I highly advocate the EFF's position on this plugin.. the user should have the choice *before* their information is reported to some entity on the internet.. issue: while its true that the lens encrypts search queries to the productsearch.ubuntu.com server, the subsequent fetch of the image links within the search results and the algorithmicly generated nature of the results on the server allow a local network user to sniff the network for HTTP get requests to the ubuntu server to unmask either the exact search term, or a closely related terms of an ubuntu user. how this works in the real world: an eve precaches the search results using a word list and parses the json results and notes which and how many image results were provided for a particular word of interest.. eve then sniffs the network looking for bursts of image requests, the attacker then compares the block of image requests to the results that were cached earlier and and scores the results. the search term (or closely related search term) is then revealed an attacker can also choose to build the dictionary after the initial packet sniffing so long as the server cached contents havnt shifted significantly .. though it is likely the results would still me similar enough to score the results for a best fit. an example: eve has a database filled by requesting a list of interesting search terms, below is the query for diapers: phar@thing:~/ubuntu curl https://productsearch.ubuntu.com/v1/search?q=diapers 2 /dev/null | grep ecx.images-amazon.com | grep SL160 http://ecx.images-amazon.com/images/I/41w92ZKCHBL._SL160_.jpg; http://ecx.images-amazon.com/images/I/51xRI9n2puL._SL160_.jpg; http://ecx.images-amazon.com/images/I/516o3TWAOBL._SL160_.jpg;, http://ecx.images-amazon.com/images/I/5197vs3wtvL._SL160_.jpg;, http://ecx.images-amazon.com/images/I/51UEzvC7X9L._SL160_.jpg;, http://ecx.images-amazon.com/images/I/51ZFlIGw0DL._SL160_.jpg;, http://ecx.images-amazon.com/images/I/51b3JCCi6RL._SL160_.jpg;, http://ecx.images-amazon.com/images/I/51p7qujvx2L._SL160_.jpg; http://ecx.images-amazon.com/images/I/51tV-ZBj2aL._SL160_.jpg; http://ecx.images-amazon.com/images/I/41T4yIgZzNL._SL160_.jpg;, http://ecx.images-amazon.com/images/I/41gmpjcLEuL._SL160_.jpg;, http://ecx.images-amazon.com/images/I/41lX0WGGOrL._SL160_.jpg;, http://ecx.images-amazon.com/images/I/41qoOh5-jqL._SL160_.jpg;, http://ecx.images-amazon.com/images/I/5167DrJVUEL._SL160_.jpg;, http://ecx.images-amazon.com/images/I/51iitgcf%2BvL._SL160_.jpg; http://ecx.images-amazon.com/images/I/51LCvCjDnOL._SL160_.jpg; http://ecx.images-amazon.com/images/I/51M7z0dUXDL._SL160_.jpg; http://ecx.images-amazon.com/images/I/41QtRL2VlXL._SL160_.jpg;, http://ecx.images-amazon.com/images/I/51gD2PgaJ9L._SL160_.jpg; http://ecx.images-amazon.com/images/I/51MS7z8oHhL._SL160_.jpg; http://ecx.images-amazon.com/images/I/51eO4S5QRiL._SL160_.jpg; now, eve sniffs the network looking for a closly related burst of image queries: phar@thing:~/ubuntu sudo ngrep GET -S 50 -d eth1 -q -t interface: eth1 (192.168.1.0/255.255.255.0) match: GET T 2012/11/03 16:52:57.664091 192.168.1.7:53387 - 54.240.188.195:80 [AP] GET /images/I/410xVwYbA9L._SL160_.jpg HTTP/1.1..Ho T 2012/11/03 16:52:57.668615 192.168.1.7:46213 - 54.240.188.34:80 [AP] GET /images/I/21Ke7hDgllL._SL160_.jpg HTTP/1.1..Ho T 2012/11/03 16:52:57.669380 192.168.1.7:46985 - 54.240.188.248:80 [AP] GET /images/I/51lACGaNvpL._SL160_.jpg HTTP/1.1..Ho T 2012/11/03 16:52:57.693032 192.168.1.7:46922 - 205.128.91.126:80 [AP] GET /images/I/31Agova21UL._SL160_.jpg HTTP/1.1..Ho T 2012/11/03 16:53:18.938638 192.168.1.7:57036 - 54.240.188.68:80 [AP] GET /images/I/41w92ZKCHBL._SL160_.jpg HTTP/1.1..Ho T 2012/11/03 16:53:19.043135 192.168.1.7:44472 - 98.142.98.180:80 [AP] GET /static/img/sleeveart/00/012/360/0001236002_17 T 2012/11/03 16:53:19.047354 192.168.1.7:44474 -
