summaryrefslogtreecommitdiff
path: root/talermerchantdemos/blog/articles/en/ubuntu-spyware.html
diff options
context:
space:
mode:
Diffstat (limited to 'talermerchantdemos/blog/articles/en/ubuntu-spyware.html')
-rw-r--r--talermerchantdemos/blog/articles/en/ubuntu-spyware.html234
1 files changed, 234 insertions, 0 deletions
diff --git a/talermerchantdemos/blog/articles/en/ubuntu-spyware.html b/talermerchantdemos/blog/articles/en/ubuntu-spyware.html
new file mode 100644
index 0000000..2885bf3
--- /dev/null
+++ b/talermerchantdemos/blog/articles/en/ubuntu-spyware.html
@@ -0,0 +1,234 @@
+<!--#include virtual="/server/header.html" -->
+<!-- Parent-Version: 1.90 -->
+<title>Ubuntu Spyware: What to Do?
+ - GNU Project - Free Software Foundation</title>
+<!--#include virtual="/philosophy/po/ubuntu-spyware.translist" -->
+<!--#include virtual="/server/banner.html" -->
+<h2>Ubuntu Spyware: What to Do?</h2>
+
+<address class="byline">by
+<a href="http://www.stallman.org/">Richard Stallman</a></address>
+<hr class="thin" />
+
+<blockquote>
+<p>Since <a href="http://fossbytes.com/the-spyware-feature-in-ubuntu-will-be-disabled-in-ubuntu-16-04-xenial-xerus/">Ubuntu
+version 16.04</a>, the spyware search facility is now disabled by
+default. It appears that the campaign of pressure launched by this
+article has been partly successful. Nonetheless, offering the spyware
+search facility as an option is still a problem, as explained below.
+Ubuntu should make the network search a command users can execute from
+time to time, not a semipermanent option for users to enable (and
+probably forget).
+</p>
+
+<p>Even though the factual situation described in the rest of this
+page has partly changed, the page is still important. This example
+should teach our community not to do such things again, but in order
+for that to happen, we must continue to talk about it.</p>
+</blockquote>
+<div class="column-limit"></div>
+
+<p>One of the major advantages of free software is that the community
+ protects users from malicious software. Now
+ Ubuntu <a href="/gnu/linux-and-gnu.html"> GNU/Linux </a> has become
+ a counterexample. What should we do?</p>
+
+<p>Proprietary software is associated with malicious treatment of the user:
+ surveillance code, digital handcuffs (DRM or Digital Restrictions
+ Management) to restrict users, and back doors that can do nasty things
+ under remote control. Programs that do any of these things are
+ malware and should be treated as such. Widely used examples include
+ Windows, the <a
+ href="/philosophy/why-call-it-the-swindle.html">iThings</a>, and the
+ Amazon &ldquo;Kindle&rdquo; product for virtual book
+ burning, which do all three; Macintosh and the Playstation III which
+ impose DRM; most portable phones, which do spying and have back doors;
+ Adobe Flash Player, which does spying and enforces DRM; and plenty of
+ apps for iThings and Android, which are guilty of one or more of these
+ nasty practices.</p>
+
+<p><a href="/philosophy/free-software-even-more-important.html">
+ Free software gives users a chance to protect themselves from
+ malicious software behaviors</a>. Even better, usually the community
+ protects everyone, and most users don't have to move a muscle. Here's
+ how.</p>
+
+<p>Once in a while, users who know programming find that a free program
+ has malicious code. Generally the next thing they do is release a
+ corrected version of the program; with the four freedoms that define
+ free software (see <a href="/philosophy/free-sw.html">http://www.gnu.org/philosophy/free-sw.html</a>), they
+ are free to do this. This is called a &ldquo;fork&rdquo; of the program. Soon
+ the community switches to the corrected fork, and the malicious
+ version is rejected. The prospect of ignominious rejection is not
+ very tempting; thus, most of the time, even those who are not stopped
+ by their consciences and social pressure refrain from putting
+ malfeatures in free software.</p>
+
+<p>But not always. Ubuntu, a widely used and
+ influential <a href="/gnu/linux-and-gnu.html"> GNU/Linux </a>
+ distribution, has installed surveillance code. When the user
+ searches her own local files for a string using the Ubuntu desktop,
+ Ubuntu sends that string to one of Canonical's servers. (Canonical
+ is the company that develops Ubuntu.)</p>
+
+<p>This is just like the first surveillance practice I learned about in
+ Windows. My late friend Fravia told me that when he searched for a
+ string in the files of his Windows system, it sent a packet to some
+ server, which was detected by his firewall. Given that first example
+ I paid attention and learned about the propensity of &ldquo;reputable&rdquo;
+ proprietary software to be malware. Perhaps it is no coincidence that
+ Ubuntu sends the same information.</p>
+
+<p>Ubuntu uses the information about searches to show the user ads to buy
+ various things from Amazon.
+ <a href="http://stallman.org/amazon.html">Amazon commits many
+ wrongs</a>; by promoting Amazon, Canonical contributes to them.
+ However, the ads are not the core of the problem. The main issue is
+ the spying. Canonical says it does not tell Amazon who searched for
+ what. However, it is just as bad for Canonical to collect your
+ personal information as it would have been for Amazon to collect it.
+ Ubuntu surveillance
+ is <a href="https://jagadees.wordpress.com/2014/08/27/ubuntu-dash-search-is-not-anonymous/">not
+ anonymous</a>.</p>
+
+<p>People will certainly make a modified version of Ubuntu without this
+ surveillance. In fact, several GNU/Linux distros are modified
+ versions of Ubuntu. When those update to the latest Ubuntu as a base,
+ I expect they will remove this. Canonical surely expects that too.</p>
+
+<p>Most free software developers would abandon such a plan given the
+ prospect of a mass switch to someone else's corrected version. But
+ Canonical has not abandoned the Ubuntu spyware. Perhaps Canonical
+ figures that the name &ldquo;Ubuntu&rdquo; has so much momentum and influence that
+ it can avoid the usual consequences and get away with surveillance.</p>
+
+<p>Canonical says this feature searches the Internet in other ways.
+ Depending on the details, that might or might not make the problem
+ bigger, but not smaller.</p>
+
+<p>Ubuntu allows users to switch the surveillance off. Clearly Canonical
+ thinks that many Ubuntu users will leave this setting in the default
+ state (on). And many may do so, because it doesn't occur to them to
+ try to do anything about it. Thus, the existence of that switch does
+ not make the surveillance feature ok.</p>
+
+<p>Even if it were disabled by default, the feature would still be
+ dangerous: &ldquo;opt in, once and for all&rdquo; for a risky practice, where the
+ risk varies depending on details, invites carelessness. To protect
+ users' privacy, systems should make prudence easy: when a local search
+ program has a network search feature, it should be up to the user to
+ choose network search explicitly <em>each time</em>. This is easy:
+ all it takes is to have separate buttons for network searches and
+ local searches, as earlier versions of Ubuntu did. A network search
+ feature should also inform the user clearly and concretely about who
+ will get what personal information of hers, if and when she uses the
+ feature.</p>
+
+<p>If a sufficient part of our community's opinion leaders view this
+ issue in personal terms only, if they switch the surveillance off for
+ themselves and continue to promote Ubuntu, Canonical might get away
+ with it. That would be a great loss to the free software community.</p>
+
+<p>We who present free software as a defense against malware do not say
+ it is a perfect defense. No perfect defense is known. We don't say
+ the community will deter malware <em>without fail</em>. Thus,
+ strictly speaking, the Ubuntu spyware example doesn't mean we have to
+ eat our words.</p>
+
+<p>But there's more at stake here than whether some of us have to eat
+ some words. What's at stake is whether our community can effectively
+ use the argument based on proprietary spyware. If we can only say,
+ &ldquo;free software won't spy on you, unless it's Ubuntu,&rdquo; that's much less
+ powerful than saying, &ldquo;free software won't spy on you.&rdquo;</p>
+
+<p>It behooves us to give Canonical whatever rebuff is needed to make it
+ stop this. Any excuse Canonical offers is inadequate; even if it used
+ all the money it gets from Amazon to develop free software, that can
+ hardly overcome what free software will lose if it ceases to offer an
+ effective way to avoid abuse of the users.</p>
+
+<p>If you ever recommend or redistribute GNU/Linux, please remove Ubuntu
+ from the distros you recommend or redistribute. If its practice of
+ installing and recommending nonfree software didn't convince you to
+ stop, let this convince you. In your install fests, in your Software
+ Freedom Day events, in your FLISOL events, don't install or recommend
+ Ubuntu. Instead, tell people that Ubuntu is shunned for spying.</p>
+
+<p>While you're at it, you can also tell them that Ubuntu contains
+ nonfree programs and suggests other nonfree programs. (See
+ <a href="/distros/common-distros.html">
+ http://www.gnu.org/distros/common-distros.html</a>.) That will counteract
+ the other form of negative influence that Ubuntu exerts in the free
+ software community: legitimizing nonfree software.</p>
+
+<blockquote class="important">
+<p>
+The presence of nonfree software in Ubuntu is a separate ethical
+issue. For Ubuntu to be ethical, that too must be fixed.
+</p>
+</blockquote>
+
+</div><!-- for id="content", starts in the include above -->
+<!--#include virtual="/server/footer.html" -->
+<div id="footer">
+<div class="unprintable">
+
+<p>Please send general FSF &amp; GNU inquiries to
+<a href="mailto:gnu@gnu.org">&lt;gnu@gnu.org&gt;</a>.
+There are also <a href="/contact/">other ways to contact</a>
+the FSF. Broken links and other corrections or suggestions can be sent
+to <a href="mailto:webmasters@gnu.org">&lt;webmasters@gnu.org&gt;</a>.</p>
+
+<p><!-- TRANSLATORS: Ignore the original text in this paragraph,
+ replace it with the translation of these two:
+
+ We work hard and do our best to provide accurate, good quality
+ translations. However, we are not exempt from imperfection.
+ Please send your comments and general suggestions in this regard
+ to <a href="mailto:web-translators@gnu.org">
+ &lt;web-translators@gnu.org&gt;</a>.</p>
+
+ <p>For information on coordinating and submitting translations of
+ our web pages, see <a
+ href="/server/standards/README.translations.html">Translations
+ README</a>. -->
+Please see the <a
+href="/server/standards/README.translations.html">Translations
+README</a> for information on coordinating and submitting translations
+of this article.</p>
+</div>
+
+<!-- Regarding copyright, in general, standalone pages (as opposed to
+ files generated as part of manuals) on the GNU web server should
+ be under CC BY-ND 4.0. Please do NOT change or remove this
+ without talking with the webmasters or licensing team first.
+ Please make sure the copyright date is consistent with the
+ document. For web pages, it is ok to list just the latest year the
+ document was modified, or published.
+
+ If you wish to list earlier years, that is ok too.
+ Either "2001, 2002, 2003" or "2001-2003" are ok for specifying
+ years, as long as each year in the range is in fact a copyrightable
+ year, i.e., a year in which the document was published (including
+ being publicly visible on the web or in a revision control system).
+
+ There is more detail about copyright years in the GNU Maintainers
+ Information document, www.gnu.org/prep/maintain. -->
+
+<p>Copyright &copy; 2012, 2016, 2017, 2018, 2019, 2020 Richard Stallman</p>
+
+<p>This page is licensed under a <a rel="license"
+href="http://creativecommons.org/licenses/by-nd/4.0/">Creative
+Commons Attribution-NoDerivatives 4.0 International License</a>.</p>
+
+<!--#include virtual="/server/bottom-notes.html" -->
+
+<p class="unprintable">Updated:
+<!-- timestamp start -->
+$Date: 2020/10/06 08:25:53 $
+<!-- timestamp end -->
+</p>
+</div>
+</div><!-- for class="inner", starts in the banner include -->
+</body>
+</html>