← Back to team overview

ubuntu-privacy team mailing list archive

  1. ubuntu-privacy team
  2. Mailing list archive
  3. Message #00123

[Bug 1055952] Re: Direct data leaking to Amazon

  Thread PreviousDate PreviousThread Next 
12.04 has been my last one for this very reason.

I'm now a happy ArchLinux user.

To put it very clearly : I just left Ubuntu because I was so pissed off
by this commercial move (as well as the software library that doesn't
make any difference between "freeware" and "free sofware".

Ubuntu seems not to have understood the reason why so many people left
the Mandrake/Mandriva ship, well, let's the story reproduce until people
understand : we want Free Software. We do not want Spyware nor adware.
Thanks.

-- 
You received this bug notification because you are a member of Ubuntu
Privacy Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1055952

Title:
  Direct data leaking to Amazon

Status in Unity Shopping Lens:
  Confirmed
Status in “unity-lens-shopping” package in Ubuntu:
  Confirmed

Bug description:
  Despite claims from Mark Shuttleworth that data is not sent to Amazon
  (http://www.markshuttleworth.com/archives/1182), a quick look at
  Wireshark reveals that all images resulting from search results are
  downloaded directly from Amazon (see attached picture).

  Worse still, the request are over plain HTTP, even though Amazon
  offers an SSL service for images (ssl-images-amazon.com).

  So while it's technically true that the search terms are not sent to
  Amazon, the search results are, and that's just as bad. From this,
  Amazon and any third-party on the line (ISP etc.) gets the user's IP,
  date, time, and can deduce the search terms through correlation with
  recent searches or by looking at the name of the products in the
  result set.

  Additionally, the requests contains a fairly unique user-agent: gvfs/1.13.9, which seems to be tied to Gnome. I would imagine that there's not a lot of requests that would hit amazon.com with that user agent without originating from the Unity Dash. So now Amazon gets to know that I use the Unity Dash to search it, and how often.
  The query also shows an Accept-Language header; I haven't experimented with other language packs, but it should be relatively obvious that leaking the user's language is not necessary, since those are just static images and the products' names have already been downloaded from productsearch.ubuntu.com.

  How to reproduce:
  - Open Wireshark, start capture
  - Press the Windows/Meta key
  - Type anything
  - Check Wireshark output

To manage notifications about this bug go to:
https://bugs.launchpad.net/unity-lens-shopping/+bug/1055952/+subscriptions
  Thread PreviousDate PreviousThread Next