Spy on Ubuntu users

This work is a translation from English.

Ubuntu spyware. What should I do?

of Richard Stallman

As of Ubuntu 16.04, the spyware search function has been disabled by default. It appears that the campaign has been partially successful with the pressures launched by this article. However, offering the spyware search function as an option is still a problem, as explained below. Ubuntu should add a command to the network search that users can execute now and then, not a semi-permanent option to be activated (and probably forgotten) for users.

Even if the situation described has changed in part in the further text, this is still important. not to repeat such things again, but for that to happen we need to keep talking about them.

One of the main advantages of free software is that the community protects users from malware. Now Ubuntu GNU / Linux has become a counterexample. What should we do?

Proprietary software is linked to malicious treatment of the user: surveillance code, digital handcuffs (DRM or digital rights derogation) to restrict users, and backdoors that can be remotely controlled to do nasty things. Programs that do any of these things are malware and should be treated as such. Widely used examples are Windows, the iDinger and, for virtual book burning, the Amazon product “Kindle”, which does all three; Macintosh and Playstation 3 imposing DRM; most cell phones that spy on and have back doors; Adobe Flash Player spying on and enforcing DRM; and a plethora of apps for the iDinger and Android guilty of one or more of these evil practices.

Free software gives users the opportunity to protect themselves from harmful software behavior. Better still, the community usually protects everyone, and most users don't even have to blink an eyelid. And this is how it works.

Occasionally, users who can program find that a free program contains malicious source code. In general, the next thing you do is release a corrected version of the program; with the four freedoms - which define Free Software - you are free to do so (see What is Free Software?). This is called Spin-off[*] of the program. The community will promptly switch to the corrected split and the malicious version will be rejected. The prospect of inglorious rejection is not very tempting. That is why even those who are not stopped by their conscience and social pressure usually refrain from introducing harmful functions into free software.

But not always. Ubuntu, a widely used and influential GNU / Linux distribution, has source code built in for monitoring. When users search their own local files for a string using the Ubuntu desktop, Ubuntu sends that string to one of the Canonical servers (Canonical is the company that develops Ubuntu).

This is just like the first surveillance practice I learned about in Windows. My late friend Fravia told me that when he looked for a string of characters in the files on his Windows system, it would send a packet to some server that was recognized by its firewall.
Given the first example, I paid attention and learned about the propensity of “respectable” proprietary software to be malware. It may not be a coincidence that Ubuntu is sending the same information.

Ubuntu uses this search information to show the user advertisements to buy various things on Amazon. Amazon does a lot of wrong; Canonical contributes to this by sponsoring Amazon. However, advertising is not at the heart of the problem. The main problem is spying. Canonical says they don't tell Amazon who's looking for what. However, Canonical's collection of your personal information is just as bad as it would be for Amazon. Ubuntu's surveillance is not anonymous.

One will certainly create a modified version of Ubuntu without this monitoring. In fact, many GNU / Linux distributions are modified versions of Ubuntu. If these update to the latest Ubuntu as a base, they will likely remove this. Canonical is expecting it too.

Most free software developers would abandon such a plan in view of the prospect of mass switching to someone else's corrected version. But Canonical hasn't given up on Ubuntu spyware. Perhaps Canonical will assume that the name Ubuntu Has enough momentum and influence to avoid the usual consequences and get away with surveillance.

Canonical says this feature searches the internet in a different way. Depending on the information that may or may not make the problem bigger, but not smaller.

Ubuntu allows users to turn off monitoring. Obviously, Canonical means that many Ubuntu users will leave this in the default setting ('on'). And many will probably leave it that way because it does not occur to them to try to do anything about it. Therefore, the existence of this switch does not make the monitoring function properly.

Even if it were turned off by default, the feature would still be dangerous: advocating a risky practice decide once and for allwhere the risk varies depending on the information, invites carelessness. To protect user privacy, systems should make prudence simple: if a local search program has the ability to search the Internet, it should be the responsibility of the user to search the Internet every time to be explicitly selected. It is easy. All it takes is two separate buttons for online and local search, just like previous versions of Ubuntu did. An online search function should also inform the user clearly and specifically about who will get what personal information - when and when this function is used.

If a sufficient segment of our community's opinion leaders only look at this matter personally - if they turn off surveillance for themselves and continue promoting Ubuntu - Canonical could get away with it. That would be a huge loss to the free software community.

We, who represent Free Software as a defense against malware, are not saying it is a perfect defense. There is no known perfect defense. We are not saying that the community can “infallibly” deter malware. So the Ubuntu spyware example doesn't really mean we have to take our words back.

But there is more at stake here than if some of us have something to take back. What is at stake is whether our community can effectively use the proprietary spyware-based argument. If we can only say, "Free software won't spy on you unless it's Ubuntu," then that is far less convincing than "Free software won't spy on you."

It is up to us to give Canonical a harsh rebuff - whatever it takes - to end this. Any kind of justification on the part of Canonical is insufficient; even if they used all of the money they received from Amazon to develop free software, if they stop providing an effective way to prevent user abuse, it can hardly make up for what free software will lose.

Should you ever recommend or redistribute GNU / Linux, please remove Ubuntu from the distributions that you recommend or redistribute. If their practice of installing and recommending non-free software doesn't convince you to stop, let yourself be convinced here: install or recommend them at installation parties, at Software Freedom Day events, at FLISoL events [**] Ubuntu doesn't. Tell people that Ubuntu is being shunned for being spied on.

While you're at it, you can also say that Ubuntu contains non-free software and recommends other non-free software (see Why other systems are not advocated). This will counteract the other form of negative impact Ubuntu has on the free software community: legitimizing non-free software.

The presence of non-free software in Ubuntu is an issue in itself. In order for Ubuntu to be ethical, that needs to be fixed too.

Comments from the translators:

  1. [*]  Spin-off will often too Fork (English for 'fork').
  2. [**] The festival Latinoamericano de Instalación de Software Libre (FLISoL) is an annual event on the fourth Saturday of April in several cities in Latin America about the free operating system GNU and free software.