Stories
Slash Boxes
Comments

SoylentNews is people

posted by mrpg on Tuesday February 20 2018, @12:38PM   Printer-friendly
from the fool-me-once... dept.

The Register spotted Ubuntu behaving badly again with respect to users' privacy. In their article "Ubuntu wants to slurp PCs' vital statistics – even location – with new desktop installs: Data harvest notice will be checked by default", they note that in addition to installing popcon and apport by default, Canonical seeks much deeper data mining (without using the word "telemetry"):

[...] "We want to be able to focus our engineering efforts on the things that matter most to our users, and in order to do that we need to get some more data about sort of setups our users have and which software they are running on it," explained Will Cooke, the director of Ubuntu Desktop at Canonical.

[...] Data Canonical seeks "would include" the following: Ubuntu Flavour, Ubuntu Version, Network connectivity or not, CPU family, RAM, Disk(s) size, Screen(s) resolution, GPU vendor and model, OEM Manufacturer, Location (based on the location selection made by the user at install). No IP information would be gathered, Installation duration (time taken), Auto login enabled or not, Disk layout selected, Third party software selected or not, Download updates during install or not, [and] LivePatch enabled or not.

The system plans to leverage the power of the default setting by making the choice opt-out, not opt-in as popcon has been in the past: Cooke explained to the ubuntu-devel audience that "Any user can simply opt out by unchecking the box, which triggers one simple POST stating, 'diagnostics=false'. There will be a corresponding checkbox in the Privacy panel of GNOME Settings to toggle the state of this."

El Reg also noted Ubuntu's plan to address user privacy concerns:

"The Ubuntu privacy policy would be updated to reflect this change."

This seems less egregious than Ubuntu's past invasions of privacy, but much more invasive and Windows 10-like.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Tuesday February 20 2018, @02:28PM

    by Anonymous Coward on Tuesday February 20 2018, @02:28PM (#640641)

    Most of what they're asking to collect looks benign to me. Even location, isn't that only accurate to the closest timezone? But still, I'd prefer if it's simply not sent, regardless of encryption.

    If encrypted, then how can we trust it's sending what it says it's sending? Maybe this argument applies more to the MS-style closed-source slurping, since in theory, one can read the source code of what Ubuntu is trying to do - hopefully this is available. But even so, how many people will actually do this?

    If not encrypted, then as pointed out others in the position to intercept that data can also consume it.

    I expect it's probably easier to send poisoned data as well if it's not encrypted, or if the source code of the telemetry programs are available. Is the stuff digitally signed when transmitted, in a trustworthy manner to the collector, so the collector knows it's not fake?

    The only paranioc solution is to not allow such data to be sent regardless of method. I suppose data poisoning is also an option for those upset enough and so inclined.