Privacy features in Touch (cyanogenmod)?

Matthew Paul Thomas mpt at canonical.com
Sat Jun 22 14:12:05 UTC 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Matt B. wrote on 18/06/13 14:26:
> ...
> 
> Can the upcoming Ubuntu-Touch incorporate some of the 
> cynaogenmod-like Privacy features into Ubuntu Touch? 
> http://arstechnica.com/gadgets/2013/06/how-cyanogenmods-founder-is-giving-android-users-their-privacy-back/
> 
In the next couple of weeks I will design the UI for apps to request
privileges on Ubuntu Touch.

When installing an app, Android shows you a list of privileges the app
will require -- accessing your contacts, accessing your current
location, and so on. If you decline, the app doesn't install.

This is poor design. Of all the time you spend with an app, the moment
you're about to install it is the moment when you know the least about
it. So it's the moment when you're least able to make informed
decisions about granting those privileges. And if an app developer can
assume that consent will be uninformed, they're more likely to abuse
that consent.

Cyanogenmod is working around that, by letting you reduce an app's
privileges after installation. But that requires you to notice, and
care, and remember, and know how to change it -- four difficult things.

On Ubuntu, an app will request a privilege during runtime. For
example, a game might have a "find my friends who already play this
game" function, that accesses your contacts. The game would work just
fine if you don't use this function. But if you do use it, Ubuntu
would then -- and only then -- ask you if you want to grant the app
access to your contacts.

An app could still ask for a privilege immediately when you launch it.
But you'd be much less likely to allow it, in that case, than in
response to an obviously related command. And if a privilege wasn't
obviously essential to an app, but the app installed *and then*
refused to work without that privilege, it would be ridiculed and
downrated.

With our current plan for online accounts, the privacy will go even
further: an app won't even know *whether* you have a particular kind
of account unless you grant access to that app.

> I'd also like to see the ability of Ubuntu Desktop to be able to 
> control what apps can and cannot connect to the internet etc.

If anyone would like to implement this, I designed firewall settings a
couple of years ago. <https://wiki.ubuntu.com/Networking#firewall>

> Unfortunately all Ubuntu seems to be working on is features that 
> create privacy concerns (like the scopes sending search requests to
> Canonical servers).
> 
> ...

Ubuntu is an operating system, not a person. Neither you nor I get to
decide priorities for Canonical engineers. But anyone is welcome to
implement privacy features and propose them for inclusion in Ubuntu.

I have designed fine-grained settings for the home screen search on
the phone, including whether it accesses the Internet at all.
<https://wiki.ubuntu.com/SecurityAndPrivacySettings#phone-search> I
would be delighted to see equivalent settings implemented for the PC too.

- -- 
mpt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iEYEARECAAYFAlHFsLUACgkQ6PUxNfU6ecqmwgCfaCSf2OKEtfnJjr/Q80Gsst1O
QJ8Ani01xQK/MwbJtR6dymjJGqOlszAt
=XIbh
-----END PGP SIGNATURE-----

More information about the Ubuntu-devel-discuss mailing list