Privacy: Ubuntu users don't have the opportunity to opt-out from motd-news before all the private infos and telemetry are sent via User-Agent. So even if people change ENABLED=1 to ENABLED=0 in /etc/default/motd-news they only stop future leaks but the initial leak has already been done in background after the boot via systemd/motd-news service.
I repeat, this doesn't look GRPD-compliant at all. There is no prior consent ever asked for. The GDPR was adopted on 14 April 2016, and became enforceable beginning 25 May 2018. motd-news has been designed in 2017 and is enabled by default on all Ubuntu Server, Ubuntu Desktop, Ubuntu Flavors (such as Mate, Raspberry), Ubuntu derived such as Nvidia Jetson Nano without prior consent. Security: Run curl as root every 12h are you serious? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to base-files in Ubuntu. https://bugs.launchpad.net/bugs/1867424 Title: motd-news transmitting private hardware data without consent or knowledge in background Status in base-files package in Ubuntu: Confirmed Bug description: In package base-files there is a script /etc/update-motd.d/50-motd- news that harvests private hardware data from the machine and transmits it in the background every day. There is no notice, no consent, no nothing. This should be by default disabled until there is informed consent. This solution is simple: 1. Change ENABLED=1 to ENABLED=0 in the file /etc/default/motd-news and 2. Place a comment in the file disclosing the fact that the 50-motd-news script will harvest private hardware data and upload it to motd.ubuntu.com daily if the end-user enables it. Creating databases that maps ip address to specify hardware is a threat to both privacy and security. If an adversary knows the specific hardware and the ip address for that hardware their ability to successfully attack it is greatly increased. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/base-files/+bug/1867424/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
