EFF & Privacy; hopefully Ubuntu will listen to users

Mon Nov 5 16:53:03 UTC 2012

On Mon, 2012-11-05 at 15:52 +0000, Bruno Girin wrote:
> It's a couple of weeks late for UDS-R but what about creating a
> blueprint for UDS-S? Get the discussion going, gather examples of
> privacy issues and what could be done to address them. Then at the next
> UDS, we can work out solutions that satisfy Canonical, privacy conscious
> users and the rest of us and that can be implemented in time for 14.04 LTS.
> 
> Disclaimer: I do *not* work for Canonical and only have limited
> experience of UDS as I only took part for the first time last week.

The development process for Ubuntu does not start or stop with UDS.
There are mailing lists (you know, like the one you're discussing this
on), IRC channels, bug reports, and on and on. Just because something
wasn't discussed at UDS, doesn't mean it can't be discussed outside of
UDS, or even resolved in the cycle that the UDS was for. There's no
need to wait another 6 months to have someone yet again forget to make
a blueprint to discuss it at UDS.

Also, Canonical and the rest of the community, are not separate.
Canonical is merely part of the Ubuntu community, and provides most of
the infrastructure, financing, and a significant portion of the
development which allows the Ubuntu community to work so well together.
Canonical cares a great deal about privacy, and twisting some of the
words that it, and Ubuntu's founder, posted about the recent worries of
privacy, to mean the opposite of that, doesn't help the situation much
at all.

What he said was "if you don't trust Canonical/Ubuntu already, and
you're running Ubuntu, then you're doing something wrong." When you
download an Ubuntu ISO, or view the web site, or wiki, or Launchpad, or
update an existing install, or install additional software from the
archive, your IP is logged via the HTTP server logs. When you install
Ubuntu, you're placing a certain level of trust that it won't eat your
machine. When you search on Google, your search terms and IP are logged;
not only on Google, but on any of the resulting links that you click
through to. You need to not only trust Google to do the right thing with
that data, but also any of the sites it refers you to.

Any reasonable person will understand that no software is perfect, and
that any software will need continuing improvements. Dealing with
concerns from the user base, whether they are about privacy or simple
bugs in the software, is no different. The best way to go about getting
any of the concerns fixed, is to document specific individual concerns,
and file them in bug reports. Simply crying wolf (or "OMG Privacy!" in
this case), doesn't specifically state anything helpful to either the
developers, or the users. It only serves to stir the pot. So let's
please try to keep the FUD around the issue, to a minimum.

There were large changes to address some specific user concerns around
the dash search, that went in *after* various freezes were in effect.