SoylentNews is people
SoylentNews
The Register spotted Ubuntu behaving badly again with respect to users' privacy. In their article "Ubuntu wants to slurp PCs' vital statistics – even location – with new desktop installs: Data harvest notice will be checked by default", they note that in addition to installing popcon and apport by default, Canonical seeks much deeper data mining (without using the word "telemetry"):
[...] "We want to be able to focus our engineering efforts on the things that matter most to our users, and in order to do that we need to get some more data about sort of setups our users have and which software they are running on it," explained Will Cooke, the director of Ubuntu Desktop at Canonical.
[...] Data Canonical seeks "would include" the following: Ubuntu Flavour, Ubuntu Version, Network connectivity or not, CPU family, RAM, Disk(s) size, Screen(s) resolution, GPU vendor and model, OEM Manufacturer, Location (based on the location selection made by the user at install). No IP information would be gathered, Installation duration (time taken), Auto login enabled or not, Disk layout selected, Third party software selected or not, Download updates during install or not, [and] LivePatch enabled or not.
The system plans to leverage the power of the default setting by making the choice opt-out, not opt-in as popcon has been in the past: Cooke explained to the ubuntu-devel audience that "Any user can simply opt out by unchecking the box, which triggers one simple POST stating, 'diagnostics=false'. There will be a corresponding checkbox in the Privacy panel of GNOME Settings to toggle the state of this."
El Reg also noted Ubuntu's plan to address user privacy concerns:
"The Ubuntu privacy policy would be updated to reflect this change."
This seems less egregious than Ubuntu's past invasions of privacy, but much more invasive and Windows 10-like.
(Score: 2) by Thexalon on Tuesday February 20 2018, @09:20PM
And you're assuming I'm referring to either Red Hat-based stuff, or Ubuntu-based stuff. Some examples of distros that leave that kind of thing out:
- Linux From Scratch. Which, since everything is directly compiled and installed by the user, means it's damned near impossible to include something other than what the user wants.
- Slackware. Which doesn't include Flash, NVidia, and other binary blobs by default.
- ArchLinux. Which also doesn't include Flash by default, but provides you a couple of different packages you can use if you want it. It also provides a bunch of FOSS alternatives that might solve the users' problem.
If you're super-concerned about your personal privacy and the risk of your computer giving away information about your activity, then you'll need to:
1. Review all the code on any software that will be run on your computer to look for backdoors, spyware, and other bad behavior.
2. Build your compiler, making sure to take steps that prevent Ken Thompson's classic compiler-based attack [cmu.edu].
3. Compile all the software you're going to use yourself, following code review.
4. Just to be sure, monitor all network traffic crossing the firewall between your computer and the public Internet.
5. If you're really really serious, you need to add an air-gap, and have a separate unsecure machine to first read through everything that will be going onto your transferable media, and of course be looking at your transferable media with low-level tools to ensure that there's nothing transferring via a hidden channel on your media.
That's the kind of thing the TLAs do when they're trying to maintain the security of their systems. It's a lot of work, and even they screw it up sometimes.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.