unity-dev team mailing list archive
-
unity-dev team
-
Mailing list archive
-
Message #00536
the privacy button that doesn't do what it says it does
I like the Amazon shopping lens. I think it is great.
There has been a bit of a fuss about it, and yet another article here
https://www.eff.org/deeplinks/2012/10/privacy-ubuntu-1210-amazon-ads-and-data-leaks
which advises people to remove unity-lens-shopping and also:
"If you want Dash to only search your local computer and not search the
Internet at all, you can open the Privacy app and switch "Include online
search results" from on to off, as pictured below."
now this, I have a problem with. That checkbox does not do what it says
it does, and it worries me what people are going to say when they find
out. The checkbox absolutely does not perform any sandboxing of lenses
preventing them from accessing the internet. It simply doesn't. What it
does is set a preference flag that lenses can look at, and decide what
they want to do about it. The lenses we ship by default look at the flag
and indeed graciously modify their behavior to not send the query to the
internet. This is 100% optional. Any third party lens (or scope) could
listen to the global search query and send it straight out to the
internet where some evil genius could then figure out a dastardly plan
using a data warehouse full of "termi" and "gedi" and "firef". In fact
when writing a lens there is nothing in the documentation as yet on how
one should honor this preference, you have to look at the source of an
existing lens to figure it out, by default lenses written won't have any
restriction on internet based searching.
Personally I don't see internet based searching as a real issue - but
the misleading privacy option is the problem.
I don't particularly want my global search text going off to Amazon or
other places, not because I care in any way about it, just I need that
eyeball space for stuff I actually want. If I want to buy stuff on
Amazon I want to click on the shopping lens in the lens bar and use 100%
of the dash for the shopping search results. Right now I can't do that
because the shopping lens sets visibility to false and hides from the
dash lens bar. This leads on to the thought that an evil genius could
write a lens/scope that is invisible, and presents no results, but
listens to the global search query change event and sends every
keystroke out to the internet, regardless of the privacy preference
setting. This is bad. I don't see any valid use-case for a lens to set
the visible property to false.
I think that the privacy option should be ripped out, and replaced with
a list of scopes that the user can whitelist for global searches. If a
scope is not on the whitelist then scope.active_global_search will
return nothing. The scope will *only* see search queries that are in
scope.active_search - i.e. searches in that specific lens. This way a
user can decide (with sensible defaults) which scopes are allowed to
present results to the dash home (perhaps not shopping), but the user
will still retain the ability to go specifically to the shopping lens
and do searches from there - which will mean fewer people will uninstall
the thing.
Alan.
--
I work at http://libertus.co.uk
Follow ups