EFF & Privacy; hopefully Ubuntu will listen to users

[German Larrain M.]

I agree with every single word Nick wrote.

The path Ubuntu is taking with regard to privacy and unauthorized
background connections to the internet makes me VERY uneasy. I do
understand this is a complex problem, which can not be tackled with only
one perspective in mind (e.g. Canonical wants to make money out of the OS
it created, which seems fair). This problem may not appeal to many, or the
majority may think this is not to be wasted time on. Well, issues like this
are the ones that motivate a fork (e.g. OpenOffice and LibreOffice) at one
time or another. Is it necessary to reach that point? I don't think so. It
would be a waste of code and resources.

So, what can we do? IMHO, speak up as a community and draw a clear line of
what is and what is not acceptable. Too difficult to specify? Then let's
create some guidelines (that may very well exist already) to which built-in
applications/packages shall comply.

Best regards,
Germán

PS: I'm not a relevant developer for Ubuntu at all. Nonetheless, I'm quite
an evangelist of it, and other open source software too (among them some
I've contributed to) thus I feel compelled to protect what I've defended
countless times in arguments with "anti-OSS people".



Date: Tue, 30 Oct 2012 00:03:13 -0400
> From: nick rundy <nrundy at hotmail.com>
> To: "ubuntu-devel-discuss at lists.ubuntu.com"
>         <ubuntu-devel-discuss at lists.ubuntu.com>
> Subject: EFF & Privacy; hopefully Ubuntu will listen to users?
> Message-ID: <BAY002-W3239077A170718E5B5745DD5620 at phx.gbl>
> Content-Type: text/plain; charset="windows-1256"
>
>
>
> The most important thing to me as a computer user is the
> privacy & security of the data I entrust my OS to handle and the
> OS's communication to me about what internet connections my OS and the
> Applications installed on it are making.
> Ubuntu is not doing well
>  in this regard lately. In the dialog that comes up on a new 12.10
> install asking me to contribute to Ubuntu, I saw no option indicating
> "Privacy & Security of Ubuntu." Yet this is the most important thing
>  to me and the thing most likely to make me want to contribute.
> I
>  have been speaking out about the privacy (data leaking) issues that
> keep popping up in Ubuntu over the last few development cycles for a
> while now.
> I've received a lot of grief over it on the Ubuntu
> forums & elsewhere. But it is very important to me so I have
> continued to speak out. I speak out not to put Ubuntu down or criticize
> anyone in particular. I simply want to draw attention to an important
> topic and hopefully get the issues addressed in the development cycle.
> It's
>  encouraging to see that the EFF shares my concerns:
>
> https://www.eff.org/deeplinks/2012/10/privacy-ubuntu-1210-amazon-ads-and-data-leaks
> The
>  Amazon ads are just the latest example however. The problem was seen in
>  12.04 with the geoclue-ubuntu-geoip package. This package is/was a
> major privacy issue with no solution. There is no way to uninstall this
> package from 12.04 without loosing Time in the top-panel. And then there
>  is/was the unity-lens-video and unity-lens-music package issues. These
> regularly connected to the internet in the early 12.04 days, even when
> the Local Disk filter was selected. Thankfully I spotted this and
> reported it and it was fixed. But the whole idea that the Dash connects
> to the internet for everything is a concept that is VERY unappealing to
> many users who value their privacy and security. Web Browsers are
> designed and built with Security & Privacy capabilities by design.
> The Dash does not have these same Privacy & Security features nor
> does it have the UI to communicate security & privacy to the user
> like Web Browsers can. Why would I want to use the Dash for internet
> connections when I can use a Web Browser and gain all the
> security/privacy it offers? I want the Dash to SOLELY work locally and
> have nothing to do with the internet (which is the province of my Web
> Browser). It is encouraging to see Ubuntu start to work towards
> addressing this with 13.04. But I have been speaking to this for over a
> year now, and all I've got from it is criticism and frankly meanness
> from many people.
> Notwithstanding the Dash, the larger issue
> still exists that there is no way to control internet connections in
> general from an Application perspective. Users of Ubuntu cannot control
> which Applications can and cannot connect to the internet. And users
> have poor options for learning about active connections. There are tools
>  available, but these are real time apps with no logging capabilities.
> Couple this with the fact that Ubuntu is now sending data off to Third
> Parties as a course of doing business and this issue is now the most
> serious issue facing Ubuntu as there are users that will totally stop
> using the OS for privacy/security concerns.
> Essentially, Ubuntu needs to do two things:
> 1)
>  make privacy/security a important consideration in all new features
> while giving users the option of making the Dash a completely LOCAL
> feature.
> 2) create an Application Firewall for Ubuntu so that
> users can effectively discover what applications are making connections
> to the internet.
> I really hope that resolving this issue is
> moved to the top of the Ubuntu Development list. And I hope that Ubuntu
> listens to the community as I (and others) have been speaking out on
> this issue for quite some time now and it only seems to be getting
> worse.
> Thanks for listening.


-- 
Germán Larraín M.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20121030/f0ac7751/attachment.html>