https://news.softpedia.com/news/canonical-under-fire-for-putting-ads-in-the-ubuntu-motd-530372.shtml
Article like "Canonical Under Fire for Putting Ads in the Ubuntu MOTD" miss the point that motd-news is not only displaying Advertising in the login prompt but it a Privacy Nightmare because it has an hidden Telemetry feature which is enabled by default Without Consent and leak IP Address, System critical informations (Kernel Version, Uptime, CPU Vendor, CPU Model, Idle Time, Uptime) every 12 hours via User-Agent from curl on all Ubuntu Desktop and Ubuntu Server including the current version of Ubuntu. On top of that, motd-news is also a security nightmare as it runs curl as root which can be exploited to gain root on any servers, laptops etc. I recommend that all Ubuntu users open a Terminal and execute the following sudo sed -i -r 's/(ENABLED)=.+/\1=0/' /etc/default/motd-news sudo apt-get -qq -y purge curl N.B. curl is not installed if you explicitly select Ubuntu Minimal during the installation of Ubuntu Desktop so motd-news cannot contact motd.ubuntu.com without curl even if ENABLED=1 by default GDPR : EU's General Data Protection Regulation since daily reporting of computer's infos are proceeded without the user's consent. Cf. GDPR application comments [https://gdpr.eu/eu-gdpr-personal-data/], in particular with respect to Recital 30 [https://gdpr.eu/recital-30 -online-identifiers-for-profiling-and-identification/] Internet protocol (IP) addresses; information that is related to an individual’s tools, applications, or devices, like their computer. Canonical Ltd. has handled my personal information without concent. By collecting twice a day the following informations: - The public IP address where Ubuntu system is used (part of the log of the HTTPS server) - Date / Time when collected (part of the log of the HTTPS server) - Harware info such as CPU Vendor and Model (via /proc/cpuinfo) - The distribution version (via /etc/lsb-release) - The operating system (via uname -o) - The Linux kernel release (via uname -r) - The computer architecture aka machine hardware name (via uname -m) - Cloud Hosting: cloud identifier such as aws, gce, azure, lxd (via cloud-id part of cloud-init) - Total number of seconds the system has been up (via /proc/uptime) - The sum of how much time each core has spent idle in seconds (via /proc/uptime) - Version of curl software (launched as root which is a bad IT practice and a security risk) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1867424 Title: motd-news transmitting private hardware data without consent or knowledge in background To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/base-files/+bug/1867424/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
