[Ubuntu-US-CA] RMS vs. Amazon search results feature

Peter Swain swine at pobox.com
Fri Dec 14 09:47:58 UTC 2012


This is a small corner of a very big issue, and there's nothing childish
about the argument.

I suspect the intent here, when the decision was made to omit the opt-in
setup, was to simplify the user setup experience. For most people, most of
the time, this relatively benign "spyware" is not an issue.
And amazon's targeted ads & results provide a penny-stream that helps feed
Canonical, and seems innocuous.

But it's stepping over a line from purity of purpose to commercial
data-mining, and deserves at least a first-time-use dialog. RMS reminds us
that we're dipping a toe in a very deep swamp here, and the best time to
discuss the issues is before we get even a little wet. Because it's a very
slippery slope into malicious code & eavesdropping, to espionage &
censorship, and past this point _none_ of the players is totally honest.
When Walls_have_Ears, remember Amnesty International's unsettling reminder
that Ears_have_Walls.
Google.com's DoNoEvil policy reminds us, by their need to state it, that
3rd-party search invites evil.
SSL reduces risks along the plumbing, but cannot offer any guarantees about
the endpoint.

Maybe it's a good policy for Ubuntu, and other like-minded distros &
products, to pop up a one-time dialog here, _before_ opting in to some
data-mining on the user's behalf.
The GPL Preamble has the right texture (but quite different subject matter)
- it's an opportunity to point out the difference (which 12.10 seems to
have erased) between commercial & truly free behavior.
Perhaps
  "Do you want to use external search engines, which may result in your
search being visible
   to other parties?
   Some software trades your privacy for external services, for example by
giving you search results,
   but other parties some indication of what _you_ are looking for, often
bringing paid advertising to you.
   Sometimes your privacy is critical, so we strive never to do this
without offering to warn you.
   .
   When such an exchange of privacy for service is taking place, do you
want to ...
   [ ] allow queries to be sent off-machine
   [ ] restrict searches to local machine only
   [ ] allow external queries, but only via an "anonymising" service
   [*] ask me each time
   "

Forgive me if I'm re-covering old ground here - I didn't notice the
opt-in/out dialog of the Ubuntu <= 12.04 dash, and security of search here
isn't a big issue for me.  But it's a breach of trust in what I naively
assumed: that the free (as in speech) nature of the software also implied
free (as in beer).
When my keystrokes are buying someone else a pint by being sold, some small
freedom is eroded.
But it's more than spilled beer when that backchannel can be exploited to
watch all my search keystrokes, by compromising a different machine,
downstream in a search service I didn't even know I was consulting

-paranoid pete



On Thu, Dec 13, 2012 at 10:23 PM, Grant Bowman <grantbow at ubuntu.com> wrote:

> On Thu, Dec 13, 2012 at 9:55 PM, Jono Bacon <jono at ubuntu.com> wrote:
> > On Thu, Dec 13, 2012 at 9:27 PM, Grant Bowman <grantbow at ubuntu.com>
> wrote:
> >> For discussion:
> >> http://www.jonobacon.org/2012/12/07/on-richard-stallman-and-ubuntu/
> >>
> >> I am trying to reserve judgement but the 12.10 install I tried seemed
> >> to sacrifice privacy a little too easily and I don't like the idea of
> >> money being made by default from Ubuntu for Canonical. At the same
> >> time I don't agree with all of what RMS said but some of what he says
> >> is true for me. http://www.fsf.org/blogs/rms/ubuntu-spyware-what-to-do
> >>
> >> What do you think?
> >
> >
> > "I don't like the idea of money being made by default from Ubuntu for
> > Canonical"
> >
> > What is the objection about Canonical making money in Ubuntu given the
> > millions of dollars invested into Ubuntu?
>
> I think trust is the primary issue.
>
> First, that was a partial quote of a sentence and I think not the most
> important aspect of this whole debate. Second, I didn't express that
> particular sentiment accurately. Perhaps it would be more clear with
> an appended "in this way." I am not alone in feeling this particular
> implementation crosses a line of trust. Perhaps as you say Canonical
> "didn’t get it 100% right". That's why I am trying to reserve
> judgement despite it being released in a non LTS version inserted at
> the last minute from what I heard. If Canonical had submitted a
> similar feature to Debian do you suspect it would have gotten accepted
> or is Canonical somehow abusing it's specially entrusted power? People
> trust this environment because it is level and open. This feature as
> implemented so far is neither.
>
> Other entities including but not limited to the EFF have expressed
> their concerns pretty well.
>
> https://www.eff.org/deeplinks/2012/10/privacy-ubuntu-1210-amazon-ads-and-data-leaks
>
> Where is the money coming from? Facebook, Twitter, BBC, Amazon and
> other third parties of Canonical's choosing, right? This is done by
> keylogging "send your keystrokes" from all the searches on a default
> install with no notice to end users, right? Making money from work one
> does is what Canonical has carefully done in the past. I believe
> Canonical is trying to find the balance and is doing a better job than
> anyone else I think in this regard.
>
> I hope this discussion can stay on topic and not get derailed by my
> misstating my position on that one point.
>
> Grant
>
> --
> Ubuntu-us-ca mailing list
> Ubuntu-us-ca at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-us-ca
>



-- 
-pete
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-us-ca/attachments/20121214/6ce2dd14/attachment.html>


More information about the Ubuntu-us-ca mailing list