ubuntu-privacy team mailing list archive

Thread
Date

[Bug 1070598] [NEW] Opt-out for dash privacy violates Code of Conduct

To: ubuntu-privacy@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1070598@xxxxxxxxxxxxxxxxxx>
Date: Fri, 26 Oct 2012 12:42:28 -0000
Reply-to: Bug 1070598 <1070598@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

You have been subscribed to a public bug by Nicolas Müller (nicolas-mue):

It seems the humor of my last bug report was lost on some so here is a
serious report.

In 12.10, a semi-hidden legal notice tells us that by using the dash,
unless we have opted out, we agree to allow Ubuntu to collect our
keystrokes, and send them along with our IP address for storage by
Canonical and selected parties including Facebook, Twitter, BBC and
Amazon. The only cue to alert the user to this fact are the words "Legal
Notice" written in small text at the bottom-right corner of a window
frame. The agreement, according to Canonical, applies even if the user
has not read the notice.

I believe a great many people, especially those who have chosen to use
free software, would not wish to use software that violates their
privacy in this way. Those people can opt out, IF they notice the little
"Legal Notice" down the bottom AND click on it to find out what is about
to be done to their privacy, and what they must do to avoid it. Many
people would not notice the text, or would not click to read it even if
they did notice it. After all, they are using free software, and
supposedly, free software respects the freedoms of its users, so it
would be lax but not unreasonable for a user to believe they do need to
be on the alert, ever-vigilant and looking for ways in which free
software might violate our freedoms.

A software package that respected the freedoms of users would not
operate this "feature" on an opt-out basis, would not make the notice
overly obscure, and would not claim that simply using the dash without
even reading the notice constitutes agreement to by spied upon by third
parties.

A software package that respected its users, yet wanted to provide this
"feature", would work the following way. The first time dash is opened,
a large modal dialogue box would appear with a prominent warning
message. The user would be explicitly asked whether they consent for all
of their dash search terms to be sent along with their IP address to
Canonical, Facebook, Twitter, BBC and Amazon. They would have to answer
yes or no before they could use the software. The dialog would have an
optional checkbox to make this preference persistent.

Having an opt-out system which will trick many users into allowing their
privacy to be violated against their wishes does not respect the freedom
of choice or privacy of users. It is not compatible the Ubuntu Code of
Conduct, which states that "we expect members of the Ubuntu community to
be respectful when dealing with ... users of Ubuntu." It is not possible
for community members to support the implementation of the privacy
settings in this way. Distributing 12.10 and promoting its use is not
respectful of the users of this software, many of whom will be tricked
into allowing their privacy to be violated against their wishes.

** Affects: dash (Ubuntu)
Importance: Undecided
Status: Confirmed

--
Opt-out for dash privacy violates Code of Conduct
https://bugs.launchpad.net/bugs/1070598
You received this bug notification because you are a member of Ubuntu Privacy Team, which is subscribed to the bug report.