sungate.co.uk

Ramblings about stuff

Leaving Ubuntu: the last straw?

A recent post by Richard Stallman raises an issue that I, and others, raised some time ago regarding the behaviour of the Ubuntu ‘dash’ feature in Ubuntu 12.10 and later. I’m posting here after reading Stallman’s post and also Ubuntu Community Manager Jono Bacon’s responses here and here.

(I know Jono from his Lugradio days, but I hope he won’t take this post personally.)

The issue surrounds a feature introduced to the Ubuntu ‘dash’ in Ubuntu 12.10 (released in October). The feature has become known as the “shopping lens” and has generated a great deal of controversy. It works as follows:

  1. A user types a search string into the dash;
  2. This search string is used to search local files/documents/music/video etc.
  3. This search string is used to return search results from Amazon

The dash always did step 2 above, but the recent introduction is that of step 3. I’ve tested this behaviour on a fresh install of Ubuntu 12.10 (codenamed ‘Quantal Quetzal’). After starting the newly-installed system, opening the dash and typing ‘terminal’ (because I want to launch the command-line terminal), I am returned various search results:

  • A link to the Gnome Terminal application: this is actually what I want;
  • About 5 or 6 hits on Amazon for various releases of the movie ‘The Terminal’ starring Tom Hanks.

This has happened because my dash search terms have been sent over the network to Canonical’s servers (Canonical distributes Ubuntu) and onwards to Amazon. This is a major privacy issue. Search terms entered into the dash, since its inception, have always (and only) been directed to local resources: local applications, local documents, local media. Sending local search terms across the Internet is not acceptable, especially since it’s done without consent.

Imagine if the search term was something less innocuous. Perhaps it relates to a sensitive medical matter (you’re searching for your own document named with the condition) and suddenly you’re seeing online results for that query.

And, and this is the clincher, if you click through to any of those search results and end up buying something (e.g. ‘The Terminal’ on DVD), then Canonical get a cut of that sale from Amazon. That is, this is a money-making scheme. Blog posts such as this one by Cristian Parrino present the online search using buzzwords and talk of “improving the experience” without any mention of the monetisation that Canonical are introducing.

This is exactly the issue Richard Stallman raises and he’s right on the money: this is an invasion of privacy.

Don’t get me wrong: I’m not against anyone making money, but it should be made clear that’s what’s happening.

Jono and others have attempted to defuse this situation and various changes have been made to how the dash implements these searches, but I believe they are insufficient for the following reasons:

  • “The feature can be disabled.” Yes, it can. But only if you know about it and know how to switch it off;
  • “The feature can be uninstalled.” Yes, it can, but again only if you know that it exists and know how to uninstall the appropriate package;
  • “There’s a privacy policy link displayed at the bottom of the dash when searching.” Yes, there is: this was added in response to early feedback about the online search. While welcome, this is insufficient: it’s not very prominent and there’s nothing which forces the user to see it. In fact, I believe this was only introduced because there was a concern that the online searching might be illegal under EU law in the form it took prior to the policy being made available;
  • “Everyone has their own idea about privacy, some people don’t care so much about this.”. That may well be true, but that’s not the point: many users will simply be unaware that this is even a privacy issue in the first place! Ubuntu is designed to be used by non-technical users and those users are unlikely to be aware of how their search terms will be used;
  • “[References to how people freely share their data in other online applications such as Google search and Facebook]” Not relevant. With such applications, it’s very clear that content/posts will be shared with others. One should not expect, however, a search for a local document to leak out online!

Canonical’s response has been a case of not taking the issue seriously enough, in my opinion. I guess we’ve reached the point where Canonical are, by their own admission, starting to ‘monetize’ desktop Ubuntu for general users. I respect Jono’s opinions in such discussions, but remember that (despite commenting on his blog that “does not neccessarily represent the views of my employer”), he is a Canonical employee.

Looking at the online-search feature objectively, it’s an excellent idea and well-implemented technically: however, the feature should be explicitly opt-in the first time someone tries to use it. That is, unless someone has unequivocally stated that they want to use the feature, it should not send anything across the network.

I’m sufficiently unhappy about this to probably switch away from Ubuntu at my next hardware change, although I’m on Ubuntu 12.04 LTS until then and it (thankfully) lacks the online-search feature.

Overall I’m disappointed that Ubuntu/Canonical have done this; disappointing that Ubuntu/Canonical don’t consider it a serious privacy problem and that they won’t consider it as an opt-in feature. Were that to be done, all my complaints with it evaporate.

Update 8 January 2013: found this article discussing some of the same issues, amongst other matters.

4 Responses to Leaving Ubuntu: the last straw?

  1. On 12 December 2012 at 09:30 mrben said:

    I’ve been vaguely following the saga online, and I’d be inclined to agree that this needs to be an opt-in option, with a “always do this” tickbox (unticked by default) on it. However, I’m not convinced that Stallman’s labelling of it as ‘spyware’ is warranted either, and he does have a bit of a track record of FUD. (Almost as much as Jono has a track record of being a corporate shillloyal employee…. ;) )

  2. On 12 December 2012 at 10:25 davee said:

    Yes, Stallman is known for “going off on one”, but he’s normally exaggerating a legitimate issue rather than making something out of nothing in my opinion. The line of reasoning is sound: you search for an application or a document and those search terms (complete or partial, depending on your typing speed!) leave your PC without your consent. In a context which would appear to be ‘local’ rather than ‘online’.

    I’d be interested to see how this evolves between now and the next LTS, since there’s an argument that the intermediate releases are only for enthusiasts or developers; I’d always give non-technical users a LTS release, for example, and the most recent LTS is ‘safe’ in regard to the dash.

  3. On 17 December 2012 at 09:41 Steve George said:

    Hi,

    a) The privacy policy was always planned and had nothing to do with blogger concerns about EU law. I know because my team was working on it.

    b) It’s not fair to say that Jono is representing Canonical when he clearly said he was not. You’re removing his ability to comment as an individual if you cite everything he says as Canonicals official position. The only official comment that we’ve made is on the Canonical blog.

    Thanks,

    Steve

  4. On 17 December 2012 at 11:58 davee said:

    Thanks for the comments, Steve: interesting note about the privacy policy, that’s good to hear. Of course, it doesn’t change my opinion that this feature should be overly opt-in :-)

    I wasn’t citing Jono’s remarks as Official Canonical Position, I was simply pointing out that his ability to be truly independent is made more difficult because of the post he holds. Perhaps I was being unfair, but it’s always hard to eliminate a conflict of interest.

    Cheers!