I agree with every single word Nick wrote.
The path Ubuntu is taking with regard to privacy and unauthorized
background connections to the internet makes me VERY uneasy. I do
understand this is a complex problem, which can not be tackled with only
one perspective in mind (e.g. Canonical wants to make money out of the OS
it created, which seems fair). This problem may not appeal to many, or the
majority may think this is not to be wasted time on. Well, issues like this
are the ones that motivate a fork (e.g. OpenOffice and LibreOffice) at one
time or another. Is it necessary to reach that point? I don't think so. It
would be a waste of code and resources.
So, what can we do? IMHO, speak up as a community and draw a clear line of
what is and what is not acceptable. Too difficult to specify? Then let's
create some guidelines (that may very well exist already) to which built-in
applications/packages shall comply.
Best regards,
Germán
PS: I'm not a relevant developer for Ubuntu at all. Nonetheless, I'm quite
an evangelist of it, and other open source software too (among them some
I've contributed to) thus I feel compelled to protect what I've defended
countless times in arguments with anti-OSS people.
Date: Tue, 30 Oct 2012 00:03:13 -0400
From: nick rundy nru...@hotmail.com
To: ubuntu-devel-discuss@lists.ubuntu.com
ubuntu-devel-discuss@lists.ubuntu.com
Subject: EFF Privacy; hopefully Ubuntu will listen to users?
Message-ID: bay002-w3239077a170718e5b5745dd5...@phx.gbl
Content-Type: text/plain; charset=windows-1256
The most important thing to me as a computer user is the
privacy security of the data I entrust my OS to handle and the
OS's communication to me about what internet connections my OS and the
Applications installed on it are making.
Ubuntu is not doing well
in this regard lately. In the dialog that comes up on a new 12.10
install asking me to contribute to Ubuntu, I saw no option indicating
Privacy Security of Ubuntu. Yet this is the most important thing
to me and the thing most likely to make me want to contribute.
I
have been speaking out about the privacy (data leaking) issues that
keep popping up in Ubuntu over the last few development cycles for a
while now.
I've received a lot of grief over it on the Ubuntu
forums elsewhere. But it is very important to me so I have
continued to speak out. I speak out not to put Ubuntu down or criticize
anyone in particular. I simply want to draw attention to an important
topic and hopefully get the issues addressed in the development cycle.
It's
encouraging to see that the EFF shares my concerns:
https://www.eff.org/deeplinks/2012/10/privacy-ubuntu-1210-amazon-ads-and-data-leaks
The
Amazon ads are just the latest example however. The problem was seen in
12.04 with the geoclue-ubuntu-geoip package. This package is/was a
major privacy issue with no solution. There is no way to uninstall this
package from 12.04 without loosing Time in the top-panel. And then there
is/was the unity-lens-video and unity-lens-music package issues. These
regularly connected to the internet in the early 12.04 days, even when
the Local Disk filter was selected. Thankfully I spotted this and
reported it and it was fixed. But the whole idea that the Dash connects
to the internet for everything is a concept that is VERY unappealing to
many users who value their privacy and security. Web Browsers are
designed and built with Security Privacy capabilities by design.
The Dash does not have these same Privacy Security features nor
does it have the UI to communicate security privacy to the user
like Web Browsers can. Why would I want to use the Dash for internet
connections when I can use a Web Browser and gain all the
security/privacy it offers? I want the Dash to SOLELY work locally and
have nothing to do with the internet (which is the province of my Web
Browser). It is encouraging to see Ubuntu start to work towards
addressing this with 13.04. But I have been speaking to this for over a
year now, and all I've got from it is criticism and frankly meanness
from many people.
Notwithstanding the Dash, the larger issue
still exists that there is no way to control internet connections in
general from an Application perspective. Users of Ubuntu cannot control
which Applications can and cannot connect to the internet. And users
have poor options for learning about active connections. There are tools
available, but these are real time apps with no logging capabilities.
Couple this with the fact that Ubuntu is now sending data off to Third
Parties as a course of doing business and this issue is now the most
serious issue facing Ubuntu as there are users that will totally stop
using the OS for privacy/security concerns.
Essentially, Ubuntu needs to do two things:
1)
make privacy/security a important consideration in all new features
while giving users the option of making the Dash a completely LOCAL
