← Back to team overview

unity-design team mailing list archive

EFF & Privacy; hopefully Ubuntu will listen to users


The most important thing to me as a computer user is the privacy & security of the data I entrust my OS to handle and the OS's communication to me about what internet connections my OS and the Applications installed on it are making.

Ubuntu is not doing well in this regard lately. In the dialog that comes up on a new 12.10 install asking me to contribute to Ubuntu, I saw no option indicating "Privacy & Security of Ubuntu." Yet this is the most important thing to me and the thing most likely to make me want to contribute.

I have been speaking out about the privacy (data leaking) issues that keep popping up in Ubuntu over the last few development cycles for a while now. 

I've received a lot of grief over it on the Ubuntu forums & elsewhere. But it is very important to me so I have continued to speak out. I speak out not to put Ubuntu down or criticize anyone in particular. I simply want to draw attention to an important topic and hopefully get the issues addressed in the development cycle.

It's encouraging to see that the EFF shares my concerns: https://www.eff.org/deeplinks/2012/10/privacy-ubuntu-1210-amazon-ads-and-data-leaks

The Amazon ads are just the latest example however. The problem was seen in 12.04 with the geoclue-ubuntu-geoip package. This package is/was a major privacy issue with no solution. There is no way to uninstall this package from 12.04 without loosing Time in the top-panel. And then there is/was the unity-lens-video and unity-lens-music package issues. These regularly connected to the internet in the early 12.04 days, even when the Local Disk filter was selected. Thankfully I spotted this and reported it and it was fixed. But the whole idea that the Dash connects to the internet for everything is a concept that is VERY unappealing to many users who value their privacy and security. Web Browsers are designed and built with Security & Privacy capabilities by design. The Dash does not have these same Privacy & Security features nor does it have the UI to communicate security & privacy to the user like Web Browsers can. Why would I want to use the Dash for internet connections when I can use a Web Browser and gain all the security/privacy it offers? I want the Dash to SOLELY work locally and have nothing to do with the internet (which is the province of my Web Browser). It is encouraging to see Ubuntu start to work towards addressing this with 13.04. But I have been speaking to this for over a year now, and all I've got from it is criticism and frankly meanness from many people.

Notwithstanding the Dash, the larger issue still exists that there is no way to control internet connections in general from an Application perspective. Users of Ubuntu cannot control which Applications can and cannot connect to the internet. And users have poor options for learning about active connections. There are tools available, but these are real time apps with no logging capabilities. Couple this with the fact that Ubuntu is now sending data off to Third 
Parties as a course of doing business and this issue is now the most 
serious issue facing Ubuntu as there are users that will totally stop 
using the OS for privacy/security concerns.

Essentially, Ubuntu needs to do two things:
1) make privacy/security a important consideration in all new features while giving users the option of making the Dash a completely LOCAL feature.

2) create an Application Firewall for Ubuntu so that users can effectively discover what applications are making connections to the internet. 

I really hope that resolving this issue is moved to the top of the Ubuntu Development list. And I hope that Ubuntu listens to the community as I (and others) have been speaking out on this issue for quite some time now and it only seems to be getting worse.

Thanks for listening.

Follow ups