Ubuntu

Don't include remote searches in the home lens

Reported by Thomas Kluyver on 2012-09-22
This bug affects 505 people
Affects Status Importance Assigned to Milestone
unity-lens-shopping
Undecided
Unassigned
unity-lens-shopping (Ubuntu)
Wishlist
Unassigned

Bug Description

Recent news (http://www.omgubuntu.co.uk/2012/09/online-shopping-features-arrive-in-ubuntu-12-10) indicates that the home lens will, by default, search Amazon for products to put in the 'More suggestions' section. This means that regular searches for local applications and files are transmitted to a remote server, which I believe breaks an expectation of privacy. It also seems somewhat tasteless for my operating system to be advertising things I might want to buy. Finally, the idea that Ubuntu is now ad-supported has brought considerable negative PR on tech news sites like Slashdot and Hacker News.

All of these problems could be easily avoided if the shopping lens were separate, rather than showing results in the home lens. The shopping results would still be very convenient when the user wanted to see them - they could opt in with a single click, as we currently can with the video lens, for example.

To anticipate one likely response: I understand that this feature can be removed by uninstalling the package. I believe it should be opt-in, not opt-out, and I also think the feature is useful, so I don't want to remove it completely from my system.

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in unity-lens-shopping (Ubuntu):
status: New → Confirmed
Jonathan Jesse (jjesse) wrote :

As I've stated numerous times on various discussions this needs to be an opt-in and not an opt-out by uninstalling a package. If it is an opt-in I might even opt-in for it on my machines that run Ubuntu

vexorian (vexorian) wrote :

It will make every advocate's livfe easier if we don't have to explain to everyone how shopping ads appearing on any desktop search does not actually mean "ubuntu is adware".

Connor Carney (cscarney) wrote :

The fact that the lens in question shows advertisements is not relevant to this problem. The same problem is true of *any* lens that performs online queries with the "active-global-search" property, even if the results are useful. It's a common use case to open local files and applications by summoning the dash and typing a file name. Doing an online search with those queries has the effect of leaking those file names to the service provider (and possibly also your ISP/IT department/hotspot operator/government).

Stephan Sokolow (ssokolow) wrote :

I don't know who marked this as a duplicate of bug 1054741 but it's not. The reverse may be true, but "sending local searches to a remote server should be opt-in" is definitely not a subordinate duplicate of "you forgot to update the privacy policy to mention it"

Aibara Iduas (aibaraiduas) wrote :

In addition to the privacy concerns stated above, I'd just like to add that this causes a *huge* hit to usability. There is already a lot of information presented in the dash home, and adding a stream of information that is probably totally irrelevant to a given search goes against the whole point of having the dash - namely to find stuff more easily.

Example: I keep a journal on my computer. It is a file named journal.odt. If I type in journal, I just want to see that journal (and maybe some relevant programs, like Gnome Activity Journal). I don't want to see icons for: "Hand - Deadroom Journal [2008] $7.77"; "Taylor Dupree - Journal [2011] $2.79"; "Bridge 61 - Journal [2006] $8.99"; "Jully - Journal Intime [2008] $9.99"; "Arabica - Journal [2010] $9.99"; "Dday One - Journal [2011] $2.79... and that's just one line.

That this turns every desktop search in to an advertisement threatens to make Ubuntu seem like adware itself, as vexorian mentions above, but even if one finds these options useful, the amount of clutter added to the dash home is a problem.

Making this a separate lens would solve both these issues to an extent, since if the user went specifically to the shopping lens there would at least be the assumption that the user wants to actually buy something. Integrating it with the home lens makes no sense since the vast, vast majority of times a user types something into the dash they don't want to buy something new, but rather want find something that is already on their computer.

This, coupled with the privacy concerns mentioned above (which are really, really serious), ultimately means that even a separate lens should be an *opt-in* feature - especially considering the vast majority of users will have no clue how to disable it.

EwS (ewsdk) wrote :

please....

Tory (tory-andrew-law) wrote :

The privacy concerns here are not just a matter of preference, but something which could open legal liability. Imagine a person who queries what they think is their local system and instead by accident discloses trade secrets, health information, etc. The disclosure of trade secrets would not just be a mere inconvenience, or something that leaves you feeling icky, but something that could cause serious financial damage.

Further, do not forget legislation like PIPEDA http://en.wikipedia.org/wiki/Personal_Information_Protection_and_Electronic_Documents_Act in Canada and other substantially similar legislation from around the world.

Etienne Perot (etienneperot) wrote :

Sorry, but I think you'd be infringing on Apple's patent by implementing this:

http://appft1.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=/netahtml/PTO/srchnum.html&r=1&f=G&l=50&s1=20090265214.PGNR.

We all know how lawsuit-trigger-happy Apple can be...

So let Apple be the first operating system to have ads. Nobody would want to be the first guy to do such a thing.

RaduStoica (radumstoica) wrote :

I do not like the fact that this lens is integrated in the home lens. If you use the home lens for local searches, as it is meant to be used, this in effect will send to third-parties information about what files and programs you are using, which is a significant breach of privacy. Apart from this, having a shopping lens, which can be used separately, would be a fine idea.

gitarr (gitarr) wrote :

Come on, there must be better ways to make money.

This is a direct attack on users privacy by sending, what the user thinks are local searches, to Amazon. If this really will be implemented, Ubuntu and Canonical will lose all the trust they had to work hard for to gain. Linux users in general are a technical and very privacy aware people, who cannot and will not stand for this.

I for one always used to go around and promote Ubuntu as a great OS for everyone, with this rather shady move you'll take very good arguments away from me and I will have to look elsewhere for a distribution where the user is king and not the advertising partners of Canonical.

Q v A (quintesv) wrote :

I prefer opt-in. Private searches may be compromised. I opt for removal of this item and have it placed on some sort of a visibile specific shopping dash.

Stephan Sokolow (ssokolow) wrote :

Despite being a Canadian, I have no familiarity with PIPEDA, but I remember seeing comments on a Firefox bug that suggests German privacy law may be even more strict.

payload (payload) wrote :

I suggest a opt-in with a privacy protection notice.

- to prevent accidental leakage of local information (file paths)
  - have a separate search bar for online searches
  - a local filter won't make it, cause an error in the file path (typing "secrez-filename" won't exactly match locally, but some fuzzy matching online would alarm some special person "oh, where is a 'secret-filename'!")

- to inform the user what data is shared with others
  - pop up a notice about what, who, why (the obvious needs to be told) etc.
  - if he wants it or not ("no" and "yes")
  - consequences in case of clicking "no"
  - a link to the third party (amazon) privacy agenda
  - required by german law (especially cause its commercial? would need to look that up)
  - a checkbox somewhere to revoke

- granularity and configurability is your judgement

Jesus, just put that stuff into a dedicated lens.

George Ryan (george-ryan) wrote :

You're going to send all of my application and file searches to Amazon? How can this not be a flagrant violation of my privacy? As much as I like Ubuntu, this feature is going to make me switch back to Debian and donate $10 a year to them.

Michael Scherer (misc-zarb) wrote :

For the record, the plugin work by sending requests to http://productsearch.ubuntu.com//v1/search?q=$request, who give back a json array with everything. So nothing is directly sent to amazon.

Thomas Kluyver (takluyver) wrote :

Let's give the developers a chance to respond before this descends into flaming. I know we feel strongly about it, but I think keeping the atmosphere civil improves the chances of getting it fixed. All the comments so far are quite civil, but there's a heated tone starting to develop.

This is already the bug with the most 'heat' (the flame symbol) for the unity-lens-shopping package, just 12 hours after it was opened. So I'm optimistic that the developers will take it seriously.

Stephan Sokolow (ssokolow) wrote :

@18:

Perhaps more impressive, it's already result number 316 of 99550 (and climbing) when sorting the bug list for the entire Ubuntu launchpad project by heat.

Edwin de Jong (g-e-dejong-9) wrote :

If this was a planned feature I will switch to another distribution right away and will strongly advice my coworkers to take similar actions since my trust in Canonical's decision process has disappeared. Any rational user will make similar conclusions.

Besides, Michael commented the plugin will send it unencrypted to Ubuntu. Regardless my trust in Ubuntu/Canonical, not using an SSL connection seems an amateur decision and seriously undermines my privacy even more.

What a poor, poor decision. Treating your user base in this way is atrocious.

zaphodbblx (zaphodbblx) wrote :

Please don't...even if you start charging a nominal fee to use the OS please don't go down this road

Mr. Blonde (mr.blonde) wrote :

Can we please have search-related porn offers displayed be default?

Thomas Kluyver (takluyver) wrote :

@mr.blonde: According to bug #1054282, you can.

vexorian (vexorian) wrote :

I think that there should be a "world" lens that integrates all network-based searches. Could be web searches, wikipedia searches, contacts, etc. The home tab should be about ... home. It should only integrate local stuff. (Beyond of making ubuntu get blamed of becoming adware*, it is a serious usability issue to mix local and network searches).

*After reading Mark's statements. Sorry, but this definitely turns ubuntu into adware. Users will be receiving unrequested shopping suggestions when possibly looking for stuff in their own systems and it does give Canonical a profit. The only name for this is that they are ads.

If the default was to turn them off so users wanting to see suggestions would be able to turn it on. Then they would be a useful service. But enabled without request they are ads. The best solution for now would be not making these results appear in home tab unless the user sets an option to make them.

Otherwise 12.10 is going to be very grim for ubuntu's reputation. It is a shame because unity was getting so much better now, but if it is estigmatized with ubuntu's adware attempts, it will really be the killing blow on its chances of adoption.

DK (dkretz) wrote :

Count me in for supporting a dedicated lens that is easy to toggle on and off.

Jonathan Chan (jchan-3) wrote :

Mark Shuttleworth's "logic" (you already trust us not to install a trojan via update, etc.) is disturbing, business-unfriendly, and akin to your government saying "here, you already trust us to not kill you randomly. We'll just expedite the trial process and get back to you with a verdict now- here it is, you're to be executed on the spot. May God have mercy on your soul."

Adam Honse (calcprogrammer1) wrote :

This is a deal breaker for me, I love Ubuntu but when it becomes too commercialized for its own good and starts spying on its users I can no longer run it with pride. I've switched my desktop over to Linux Mint which has no such privacy concerns. If you think this is a good move, think again, you're damaging the trust you've gained among users and opening up a privacy/legal can of worms that will just lead to bad PR and negative comments. The way this is implemented really shows that Canonical cares more about money than providing a clean desktop, if they wanted a clean desktop they would put this in its own section or get rid of it altogether/make it opt-in because I doubt most people would want it.

Bathroom Humor (bafroomhumor) wrote :

I've made this comment on the issue on an OMGubuntu article:
"Shopping should have it's own lens, making room for other shopping related scopes to integrate into it later (like newegg and whatnot).
And I personally think that the home lens should have access to every scope in the dash, but which ones it displays should be optional and easy to configure!"
This would avoid the cries of horror from those who believe canonical are giving amazon the ability to somehow monitor all of our searches. Somehow...

Andros83 (mail-ceandrea) wrote :

All of these problems could be easily avoided if the shopping lens were separate, rather than showing results in the home lens. The shopping results would still be very convenient when the user wanted to see them - they could opt in with a single click, as we currently can with the video lens, for example.

AndyVoutour (andyvoutour) wrote :

Agree with @29, this is a deal breaker. I think 12.04 is my last Ubuntu for.. at least six months apparently, until our (are we sure he's benevolent?) dictator rethinks this one through.

shaunesau (shaunesau) wrote :

Agree with @29 & @32 -- the privacy implications of this change are exceedingly obvious and should have been sufficient to prevent the "feature" being included by default in 12.10. If this was implemented as an opt-in feature, I can't imagine any strong opposition, but while *I* may know how to quickly remove it, my Ubuntu-using friends and family do not. Given that, I can't recommend that they upgrade to 12.10 and will be migrating to an alternate distro once 12.04 starts to feel long in the tooth.

nhasian (nhasian) wrote :

It doesn't have to be a deal-breaker. a simple "sudo apt-get install gnome-shell" will fix the problem.

Andrew (tuxlover684) wrote :

I whole-heartedly agree.

I now use #! and Debian before this fiasco, but now I am now recommending Mint or #! until this goes or it becomes opt-in. "Wait until 14.04" is not an acceptable solution for us.

OerHeks (oerheks) wrote :

This security flaw affects me too.

skipx (bartok) wrote :

Canonical getting a touch of Apple and Mickysoft.. You would be surprised to see hwo easey people will go en mass to other grown up distributions like Fedora or Suse. When I tell people about Unix/Linux and Ubuntu they seem to love the fact that it feels non-comercial the most . As soon as the comercial aspect drops in people will opt out of Ubuntu, not just of Lens..
I will encourage that move. I maintain 19 desktops at my work (system administrator) that will become Fedora machines.
Yeah!

iweb (bor-mbm) wrote :

This is in IMHO the worst idea Canonical ever had.

Jim (jimvernon) wrote :

This is not a bug. It is a complaint.

Changed in unity-lens-shopping (Ubuntu):
status: Confirmed → Invalid
Jonathan Chan (jchan-3) wrote :

NIce job trying to shut out dissent by marking this bug invalid, jimvernon. It was originally made on the Ubuntu forums, wherein a moderator suggested it be moved here.

Vistaus (djmusic121) on 2012-09-23
Changed in unity-lens-shopping (Ubuntu):
status: Invalid → Opinion
Thomas Kluyver (takluyver) wrote :

Jim, that approach is not going to placate people. It's a complaint that 173 people have signed up to in less than a day. Dismissing it as 'invalid' will just enrage people, and it comes across as arrogant and unresponsive. I suggest you at least use the 'Opinion' setting, but preferably try to engage with the issue and work out what can best be done.

Vistaus (djmusic121) wrote :

I've set it to opinion. It's neither a bug nor it's invalid, it's an opinion of a lot of users regarding the new lens.

Otus (jan-varho) wrote :

I don't think #1054741 should be a duplicate, since whether or not this is enabled by default, the privacy policy should cover it.

mikelococo (mikelococo) wrote :

The bug is a proposal for a specific technical change (to have shopping-lens not included in the home lens in 12.10). I suppose it's an opinion whether that change is an improvement over the current plan, but there are certainly many facts that support the proposal:

1) It's a contentious feature, evidenced by this bug.
2) It's proposed for a default-on state in a widely used component (home lens).
3) It has privacy implications when compared to the previous state of home lens in 12.04. Home lens in 12.04 doesn't send queries to remote servers, shopping-lens does.
4) Those privacy implications aren't addressed by the privacy policy: Bug #1054741
5) And the privacy implications aren't disclosed upon use of home lens: Bug #1054782
6) Also the feature itself results in a lousy user experience due to poor results (Bug #1053678) and inappropriate adult results that aren't tied to any age assertation (Bug #1054282)
7) Despite all of the above, the feature was introduced ***post-freeze*** with little community review: Bug 1053470
8) It appears that it was fast-tracked through freeze exception in spite of all the above issues because of executive support at Canonical: http://www.markshuttleworth.com/archives/1182, which creates the appearance that community input isn't valued and that the privacy objections aren't respected.

Danillo (danillo) wrote :

I know it's very easy to just "sudo apt-get purge unity-lens-shopping" - and we all should really appreciate that Canonical made it that easy to opt out of this new feature-, but I also believe it should be opt-in and have its own separate lens, both for avoiding adware accusations as for cluttering the home lens.

I think it should be made obligatory that all features like this one expose options in the Privacy Manager. Ubuntu was praised by the EFF for advancing its privacy management, so let's handle this move properly instead of rushing it and tainting its reputation.

(And hey, if you wanna be heard, just stop the ever-annoying "I'm moving to/recomending whatever distro" threats. Things like that add nothing to the arguments in question and make you look like spoiled adolescents. There are good points in this thread, please don't let them become lost amidst flame baits. When people say they rather install an almost completely different OS than to just remove a package there's no room left for discussing rationally.)

mikelococo (mikelococo) wrote :

5.5) Also, the opt-out process is undiscoverable and requires uninstalling the feature entirely. There's no way to use shopping lens at all without sending all your home lens queries to a remote server: Bug #1054746

Mr. Blonde (mr.blonde) on 2012-09-23
Changed in unity-lens-shopping (Ubuntu):
status: Opinion → Confirmed
Katana (katana--) wrote :

Question - does this mean that Mark Shuttleworth & co. will be abandoning their own privacy and providing any and all of their own local searches to the world via a streaming feed?

ggjj11 (ggjj11) wrote :

This feature has to be a opt-in-feature - otherwise i will switch to fedora and ubuntu 12.04 will be the last ubuntu on my machines.

I'm not going to be childish and say I'll switch distros (I've put too much time into this one), but I'm not happy. The default setup matters, whether you like it or not. The first thing new users are going to do is see the advertising and think that they've come to something that's free because it's commercialised, not subsidised.

I hope you know what you're doing, Mark.

vexorian (vexorian) wrote :

When it became evident that new Nautilus version would cause usability issues with Unity and there was no time to fix it before feature freeze, its features got postponed to 13.04. I recommend that in the case of this feature , it is postponed to 13.04 so that there is time to decide how it is going to work and how it would integrate in the default desktop.

Michael Scherer (misc-zarb) wrote :

@mikelococo , that's not the only related feature that was pushed after feature freeze :
https://bugs.launchpad.net/webapps-applications/+bug/1046840

I guess that they were just late in discussing with Amazon ( because putting adv^W affiliation directly in a OS is something that was never done before ), and that was bad planning.

 Pushing this 6 months in the future mean they will have 6 months less of data to make it useful. From what I gathered, Canonical plan to have better results ( see Mark comment on OMG ubuntu ) and wish to improve the whole system, and for that, they need to gather lots of data. Canonical know what requests are made, but also see what links have been clicked.

If you look at the json output on http://productsearch.ubuntu.com//v1/search?q=windows , you see there is a unique identifier for each request, searching "sex" and "sex andersen" do give the same first result, with a different id.

The id is the same if you do the same request, even from a different ip, so there is for now the minimal amount of tracking needed to improve the system, and that's not linked to a user profile.

So yes, pushing this in FFE was kinda needed.

( as a side note, that also explain why Mark invested into instank ( for ceph ), if they need to store a enormous amount of data, they maybe do not want to use a solution of their competitor like glusterfs )

Jim (jimvernon) on 2012-09-23
Changed in unity-lens-shopping (Ubuntu):
status: Confirmed → Invalid
Stephan Sokolow (ssokolow) wrote :

@Jim: Marking it invalid doesn't change the fact that, were it not marked invalid, it'd now be on the second page of results for all Ubuntu bugs sorted from most to least heat.

All that in only 22 hours generally implies that, if nothing else, you need to rethink your PR strategy for a feature.

I'd honestly like to know whether Canonical's legal department has been consulted regarding how this will interact with various countries' privacy laws.

Stephan Sokolow (ssokolow) wrote :

It occurs to me that this is turning out to be like when Google Chrome ditched "http://" in the address bar. They even opened a bug to "solicit feedback" but, when people came out of the woodwork to give good reasons for keeping it and kept asking them to give their own rationale for removing it on a desktop-sized screen, they just did their own thing and ignored it.

Finally, after a year without a clear answer, they decided the feedback bug was too distracting and shut down further comments on it. (Typical Google, really.)

That was when I switched back to Firefox. I'm just glad that Ubuntu is modular enough that I can continue to run Lubuntu and not be affected by this.

Dylan McCall (dylanmccall) wrote :

Jim, are you involved in developing or planning this feature? If you are not, please refrain from changing the status. Bug status is intended for developers to plan work. It is certainly helpful to help with bug triage — especially for projects with lots of bugs — but in this case I do not see what you are doing as particularly helpful.

Thomas Kluyver (takluyver) wrote :

@jimvernon: Please don't do that. I'm not going to get into bug-status wars with you, but marking it as invalid without any discussion or acknowledgement of the concerns comes across as aloof and arrogant. You're giving Ubuntu developers a bad name, and it's not even clear that you're involved with this feature.

Changed in unity-lens-shopping (Ubuntu):
status: Invalid → New
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in unity-lens-shopping (Ubuntu):
status: New → Confirmed
Thomas Mashos (tgm4883) wrote :

@ssokolow While I agree with others thoughts that things like this should be opt in, I disagree that the "heat" indicates that this is a bug (see all the "heat" that was generated from bugs after Unity was added to 11.04, or the close/minimize icons were moved to the left). Simply put, something can't be "by design" and also a "bug", and this is most certainly by design (although IMO bad design choice). I'd like to see is the ability to shut this down in the privacy options in the control center.

What I'd also like to see is stopping with the wild speculation and many "me too" type posts here. There really is no point to "Me too" posts, as you can already say the bug affects you and subscribe to it. Regurgitating what previous people have said offers no benefit to the conversation.

Stephan Sokolow (ssokolow) wrote :

@Thomas Mashos: I never claimed heat was an indicator of anything but interest. I was simply pointing out that, when not being hidden from the listing by "Status: Invalid" this went from brand new to the top 100 in under 24 hours, which means that, whether or not it's a bad design choice, the PR was thoroughly botched and that situation still hasn't been rectified.

Thomas Mashos (tgm4883) wrote :

@ssokolow You mean Canonical hasn't rectified something they don't believe is an issue, in something that has been public for less than 24 hours on a weekend? The nerve! Where do I get me torch and pitchfork?

My point is that sometimes certain decisions have to be made by someone in charge. Not everyone is going to like those changes. Just because you disagree with a choice (be it design, funtion, or other) doesn't necessarily make it a bug (which you did indicate it was, considering you were directly responding to something that marked it as invalid)

None of this is adding to the discussion though, so I suggest we drop it until something beneficial can be added.

Stephan Sokolow (ssokolow) wrote :

@Thomas Mashos: I mean that they mismanaged the announcement from the beginning. They should have taken some time to consider how different sections of their user base might react to their initial announcement and, obviously, they either didn't or did a poor job of it.

Also, Shuttleworth has already written a reply blog post but it didn't really answer the questions initially asked. To me, it just came across as feel-good fluff and one of the comments meant to be reassuring actually LOWERED my confidence in trusting them to manage my core apt repositories.

vexorian (vexorian) wrote :

Mark Acknowledges the feature is not working as intended and claims it is not a money-making scheme. Then is it really such a priority to fast track it and put it in 12.10 when it has such grave usability issues and concerns related to the privacy statements?

I really think that the feature can just be postponed to 13.04. Then there will be more time to implement it more like the way Mark wants it. If even he acknowledges it is not what is intended, then what is the reason to push it?

It is fine to push features past feature-freeze if they are really important things. But now I really doubt any user is going to have a significantly low quality experience if they miss this feature from the default in 12.10. And if they do, they can just install the package.

Katana (katana--) wrote :

@vexorian "We picked Amazon as a first place to start because most of our users are also regular users of Amazon, and it pays us to make your Amazon journey get off to a faster start."

Note the words "pays us". I have my doubts that it isn't a money-making scheme - those very words of his indicate that this is financially motivated.

Darko (chris-j-darko) wrote :

His comments that this is a reasonable default seem shallow, given that the home lens does not suggest other online content, such as youtube or recommended applications - one has to go to the specific lens for online results from those.
This very much needs to behave like the other lenses, and only show the results within the specific lens.
Until it is changed to that, it is something that will be removed from my computer upon installation.

askuhn (askuhn) wrote :

I'm just adding to the clutter here as this has been said many times, but simply separating this feature/sponsorship from the home lens satisfies all of my concerns as an Ubuntu user. I applaud Canonical for trying to monetize their product, but not if it compromises user privacy without their explicit consent. Please address this issue before 12.10. Thank you.

I ditched other OSs for Ubuntu because I didn't like the way my privacy was being treated in general. Windows and Apple left me feeling that I had no sense of control or security. At a promising 6 weeks on Ubuntu, I find this news disturbing to my core in a way that might be very different from others here: they know what's going on, they know what they're doing. I don't. So, when something like this pops-up, something that is a threat to my sense of security and privacy, I have no choice but to reconsider my options. For now, I can only run with the herd and do what I can, but please tell me this isn't a growing trend.

Is this right?
sudo apt-get remove unity-lens-shopping

Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package unity-lens-shopping

Ugh. Now my frustration is building...
"Better the devil you know."

Stephan Sokolow (ssokolow) wrote :

@blackwool: The installer isn't as polished, but you could always try Debian in VirtualBox to see if it meets your needs. They're what Ubuntu's based on and they have a long history of erring on the side of freedom and respect for the user, even if that means a more manual process for installing non-libre things like the nVidia binary drivers.

vexorian (vexorian) wrote :

blackwool: Are you using 12.10 beta? If you are not, you don't have to remove anything.

Gone fishing (humpmihk-msn) wrote :

No this isn't acceptable - I don't want all my local searches, HUD sent to a remote server Amazon or even Canonical. I don't want this even if its safe and properly encrypted - this is my desktop. One of the reasons I hate using Windows is Adware / Spyware - We get this and next it wont just be the Dash but adverts popping up everywhere and our data being shared to all and sundry.

No problem with a shopping lens - If I use it its my choice but on the home lens no way.

I like Ubuntu, Unity and generally the direction it is heading but this might cause me to change distro.

Changed in unity-lens-shopping (Ubuntu):
status: Confirmed → Invalid
Baggers (chris-bagley) wrote :

I will simply echo askuhn:
"I'm just adding to the clutter here as this has been said many times, but simply separating this feature/sponsorship from the home lens satisfies all of my concerns as an Ubuntu user. I applaud Canonical for trying to monetize their product, but not if it compromises user privacy without their explicit consent. Please address this issue before 12.10. Thank you."
I WANT the shopping lense, I just don't want it in the home section of Dash

jashsu (jashsu) wrote :

@danillo:

"And hey, if you wanna be heard, just stop the ever-annoying "I'm moving to/recomending whatever distro" threats. Things like that add nothing to the arguments in question and make you look like spoiled adolescents."

You're mistaken. These are not threats, they're notices. Some users who have completely lost trust in Canonical have decided to vote with their feet. These users want to make it plainly clear precisely why they left, so when someone at Canonical is looking at the 2012 Q4 numbers that particular chunk of attrition can't be mis-attributed as anything else.

Thomas Kluyver (takluyver) wrote :

Please can people only change the status of the bug if they are involved in the development of this lens, or have some kind of authority? I would also expect you to offer some explanation of any change. Thank-you.

Changed in unity-lens-shopping (Ubuntu):
status: Invalid → Confirmed

this should be an opt-in!
ask the user on first login if he/she wants this feature and activate/deactivate it according to user's choice.

and please use ssl-encryption for the data sent.

mikelococo (mikelococo) wrote :

@Michael Scherer (misc-zarb)

"Pushing this 6 months in the future mean they will have 6 months less of data to make it useful. From what I gathered, Canonical plan to have better results ( see Mark comment on OMG ubuntu ) and wish to improve the whole system, and for that, they need to gather lots of data. Canonical know what requests are made, but also see what links have been clicked."

It's not true that there is a binary choice between "no data/progress for 6 months" and "enable by default and tie into home lens in spite of privacy issues and community objections". Bug #1054785 proposes including the lens in the distro but not installing it by default. This bug only proposes separating it from the home lens and doesn't preclude installing it by default as a separate shopping lens. In both cases, interested folks could use the service, provide feedback on it, and Canonical could gather data to improve it.

"If you look at the json output on http://productsearch.ubuntu.com//v1/search?q=windows , you see there is a unique identifier for each request, searching "sex" and "sex andersen" do give the same first result, with a different id.

The id is the same if you do the same request, even from a different ip, so there is for now the minimal amount of tracking needed to improve the system, and that's not linked to a user profile."

You simply can't infer tracking capabilities without access to the backend code and the full schema of data exchanged between Canonical and Amazon. IP addresses are minimally present for every request, and provide one (admittedly imperfect) identifier for tracking individual user behavior. At least for web-browsers, fingerprinting based on UA and other properties is common and highly effective (https://panopticlick.eff.org and there are ad-companies that admit to keeping browser fingerprint db's). Browser fingerprinting may or may not apply here, but the principle that ancillary request data can enable individual tracking in non-obvious scenarios absolutely applies. This is why bugs Bug #1054741 Bug #1054782 are important. Unless Canonical is public/explicit about what they collect and how they use it, it's just not possible to rule out individual tracking from the outside.

"So yes, pushing this in FFE was kinda needed."

I disagree that pushing FFE was needed at all (excepting that Mark Shuttleworth was driving the change and has the privilege to push FFE without justification). But even granting that an FFE-push of some kind is warranted:
  - Shopping lens doesn't need to be installed by default to reach interested users and generate data.
  - And it absolutely positively doesn't need to tie into home lens, which as one of the most frequently used components in the distro and a treasure trove of private information amplifies every other problem with this situation by several orders of magnitude.

Allister (allister) wrote :

I'd like to ask how Mr. Shuttleworth got the impression that I trust Ubuntu with 'root' on my machine, or that I trust 'him' not to screw my machine up: http://www.theregister.co.uk/2012/09/24/ubuntu_amazon_suggestions/?

I use linux because I can control everything that's on it. I can examine the source of any software (or update) I install.

I do not want my user activity (search, etc.) shared with anyone - including Mr. Shuttleworth's company (and certainly not Amazon).

I think he should be reminded who owns the software he's distributing. It's not HIS, it belongs to the thousands of people who wrote it for the community. If Ubuntu want to contribute to it, that's great (why I use his distribution - at the moment!), but he does not own it, nor by using it do I resign all control to him. If I wanted to do that I'd buy an Apple!

I think his comments in the piece linked to are more worrying than the bug (obviously such attitudes will not consider this a bug)

Thomas Mashos (tgm4883) wrote :

@allister - You installed Ubuntu. By definition of that, you trust Ubuntu/Mark enough to not screw up your machine. You do updates, which run as root, so by definition you trust him with root as well.

jessesmith (jessefrgsmith) wrote :

I agree with the original poster. A feature in the Dash which sends out search results for whatever the user types in the Home page is an information leak. The Amazon search feature should either be its own lens, which does not send out search results until it is activated, or the "shopping" package should be opt-in (not installed by default). Having the OS default to sending out searches for files and applications to a third party by default is a serious security concern.

Paulo J. S. Silva (pjssilva) wrote :

@Thomas Mashos - There is a major difference between trusting Ubuntu to install sane software in my machine and sending them every single search I do in my desktop (even for local content). Read

http://arstechnica.com/business/2012/09/ubuntu-bakes-amazon-search-results-into-os-to-raise-cash/?comments=1&post=23306234#comment-23306234

philinux (philcb) wrote :

If I want to search Amazon I'll use Firefox.

Kasimir Gabert (kasimir-g) wrote :

This is insane. I do not want anyone to know how many times I'm opening a terminal in the day.

With regards to the condenscending and silly claim "Erm, we have root.": Erm, if you abuse the trust I've given you to verify that binary packages are compiled from the source provided and start logging my keystrokes and actions, Erm, you won't have root for long.

MikeR (mike-rechtman) wrote :

do you know that there are countries to which Amazon will not ship? Why should I be subjected to involuntary ads whan they have no connection to my reality?
And just by the way -- I am sure that there are many users word-wide who are _not_ connected to Amazon 24X7.
This is just one more reason to flush Unity down the appropriate apeture!

Changed in unity-lens-shopping (Ubuntu):
status: Confirmed → Opinion

Ok, can we stop using launchpad for "bugs" that are really political disagreements? There are plenty of other forums to have this debate, and it is a valid one to have. But a "bug" shouldn't just be something you want to change, should it? This "functionality" was a high profile business decision made by canonical - complaining about on here along with configuration errors and seg faults doesn't make sense to me.

(mayor quimby voice) I say we can do better. I say we de-politicize bug reporting. WHO'S WITH ME?!?

Patriek Lesparre (patriekl) wrote :

It's not opinion or politics, it's a security flaw.

jessesmith (jessefrgsmith) wrote :

Patrick is right, this isn't about ads or politics, it's about a security flaw which appears to transmit personal data to a third party. That is a bug.

Changed in unity-lens-shopping (Ubuntu):
status: Opinion → Confirmed
Thomas Kluyver (takluyver) wrote :

From my perspective (I filed the bug): I accept that it's not strictly a 'bug', in that the code is doing what the authors intended it to. But complaining about it in other forums isn't going to get anywhere - I want to bring the issue to the attention of the people developing it, and have a mature conversation about how best we can resolve the concerns while keeping a useful feature.

I filed this before Mark Shuttleworth had publically commented on his blog - unfortunately, now that he has done, I'm not optimistic that there will be any resolution of this before 12.10. I'm not pleased with the way this feature was rushed in late in the day (because "This is a sabdfl driven project"), and I'm annoyed that Mark described our concerns as 'FUD'.

Adam (adam-siembida) on 2012-09-24
visibility: public → private
Haw Loeung (hloeung) on 2012-09-25
visibility: private → public
Danillo (danillo) wrote :

Jono Bacon talks about the privacy implications in this issue and asks for our questions: http://www.jonobacon.org/2012/09/25/more-information-about-online-dash-search-privacy/

Avik Topchyan (topchyan) wrote :

it's funny how desperately some try to swipe the flaw under the rug.
what a shame! your user base does your business a HUGE favour providing feedback FOR FREE.
why neglect it? following footsteps of Apple? good luck!

Stephan Sokolow (ssokolow) wrote :

Here's a cross-post of my comment on Jono Bacon's blog, for convenience and in case it fails moderation:

I have several questions that have yet to be answered:

One, why did the shopping lens get an "executive decision" rush pass on the feature freeze process with apparently no thought put into things like the use of HTTPS, the potential for adult content to be displayed in results, and the privacy and security implications of sending every query on the home dash out over the 'net?

Two, has any research has been done on how the shopping lens, as an opt-out component of the home lens, might violate privacy laws in countries like Canada and Germany? (From what I've read on the bug for the planned "Firefox Health Check" feature, German law is apparently pretty strict about this sort of thing.)

Three, what's so wrong about separating local and remote searching? I think having a unified, easy-to-access lens for shopping is a great idea... on the condition that searches like "my porn" and "Finan...", "torr" and "Inksc...", "TuxR...", and "disability supp..." can't leak into it. Cognitively, "all local" and "all remote" are separate, desirable, but distinct categories.

Four, does Mark Shuttleworth really believe that, when we trust Canoncal with root access to update our packages, we are also implicitly granting permission to spy on our home dash queries with only a "trust us. it's anonymous." to protect us?

Stephan Sokolow (ssokolow) wrote :

Oh, I forgot to mention. The reason I trust the "other apps you might want to install" portion of the home lens is that I trusted it to be too resource-intensive and pointless to send every query on every user's computer to a remote server when each of them had a perfectly good APT package cache.

jashsu (jashsu) wrote :

Stephan: All good points, but the question is now that Mark has said his piece on the matter, are we talking to a brick wall?

wvarner (winshipvarner) wrote :

When I am searching my computer for a program or document, I am not looking to buy anything (not that typing 'pidgin' or some other program name will turn up anything useful in Amazon). Separate the home lens from a shopping lens, and don't send my local queries across the network unless I explicitly allow it via a shopping lens. How about data mine from youc users with their consent??

Bathroom Humor (bafroomhumor) wrote :

If they'd just put it in its own lens and let us choose what scopes appear in the home lens, the issue would be fixed. Not only would it keep us from seeing suggestions and sending data in the main dash hub if we don't want to, but it would allow other people who DO want that to keep it there. I don't think this simple choice is really too much to ask for but if is too much to do before 12.10, I would at least hope they complete it next cycle. Because geez, it would honestly make everyone happy.
I agree it was taken out way of proportion in many situations, and it sounds really useful SOMETIMES. This little bit of compromise for the greater good wouldn’t hurt though.

Daniel Meschke (dmeschke) wrote :

I would be interested in Amazon's view on this... In their conditions of use (Amazon UK), in section 17 they say explicitly:
"...If you are under 18 you may use the Amazon Services only with the involvement of a parent or guardian.".
For me, sending a search query (even if doing this by a third party) and in return receiving results is in fact a usage of their service.
Since Ubuntu is intended to be used by all people, regardless of their age, it is unavoidable that users under the age of 18 will use their services. So, will they change their conditions of use? Or will Ubuntu become an "adult-only" OS?

Tommy Vestermark (tov) wrote :

I have trusted my "root" to Canonical since the Hoary days. However if this trust is (mis)used to funnel my local, private searches into the internet and display obtrusive ads on my desktop - I have had it!

I really hope this will be an opt-in feature before 12.10 is released...

Dac Chartrand (conner-bw) wrote :

Keeping in theme with the lense Metaphor, I propose:

* Macro Lense *
Put whatever you want in here, including Amazon searches and whatever else is appropriate to represent “everything.”

* Micro Lense *
Same as the current home in 12.04; Show as many internal data sources as possible but no 3rd party servers.

* Ability to change the Home Lense to any Lense *
The default out of the box is the Macro (Amazon) Lense, but the user can change this to any lense. Heck, maybe they even change it to the Video Lense on an old netbook they setup for their mom’s (future) makeshift Netflix device where ubuntu gets a royality.

Empower your real users, not your theoretical users.

Thank you for your consideration.

motters (fuzzgun) wrote :

Regrettably, for me this is potentially a deal-breaker, which is sad given that I've been an Ubuntu user and supporter for many years. I could of course trivially remove this feature, but what this indicates to me is the overall direction in which Canonical is taking things, and it's a direction which I'd find difficult to endorse either for personal or business uses. The privacy issue is something of significantly greater magnitude than previous heated debates about the position of close buttons or the location of the Unity launcher.

I have from time to time purchased books on Amazon, but it's both unnecessary and not useful for me to be performing an Amazon search every time I look for files or documents using the super key or dash button. I'm aware of the key shortcuts, but it's the idea that the default behavior is one which potentially compromises privacy and provides superfluous information which is my primary concern.

gunwald (gunwald) wrote :

If this feature not will be changed to an opt in feature, concerning privacy Canonical will become even worse than Microsoft, Apple and Google together. I would never ever use or recommend it again. It is absolutely unacceptable, that the string I am searching for on my computer is being send to any company by default. I rather pay for software than use a company's software that is giving it for free but spies on my.

Stephan Sokolow (ssokolow) wrote :

Apparently Amazon DOES get your IP address and enough data to statistically infer your query when a search is performed.

http://benjaminkerensa.com/2012/09/25/technical-diagram-of-how-unity-shopping-lens-likely-works

MercuryCC (mercurycc) wrote :

Could we at least very explicitly tell the user that Unity has this and other premium features that we don't know of? Also suggest users who don't want any premium service from Canonical to try out Xubuntu or Debian?

Thomas Kluyver (takluyver) wrote :

Just to update everyone subscribing to this bug: it appears work is being done on an option to disable remote results without having to remove packages. This could make it into 12.10. I'd rather they were disabled by default, but I'm pleased that the Ubuntu developers are making changes in response to our concerns, rather than just dismissing them.

More info here: http://www.omgubuntu.co.uk/2012/09/is-an-off-switch-for-the-shopping-lens-in-the-works

vexorian (vexorian) wrote :

It needs to be opt-in, or there needs to be a ToS screen that details what this service does and how to disable it.

Etienne Perot (etienneperot) wrote :

> Apparently Amazon DOES get your IP address and enough data to statistically infer your query when a search is performed.
> http://benjaminkerensa.com/2012/09/25/technical-diagram-of-how-unity-shopping-lens-likely-works

I've written about this here: https://perot.me/ubuntu-privacy-blunder-over-amazon-ads-continues

And filed a bug report about this here: https://bugs.launchpad.net/ubuntu/+source/unity-lens-shopping/+bug/1055952

It is a clear contradiction with the stated goal of proxying the request through Canonical's server. Mark Shuttleworth states that it's to "preserve the user's anonymity", yet without proxying the thumbnail requests, the anonymity is thrown out the window (Canonical's stats about what users are searching, however, are not).

Domagoj Bet (jack6543) on 2012-09-26
Changed in unity-lens-shopping (Ubuntu):
assignee: nobody → Domagoj Bet (jack6543)
Thomas Kluyver (takluyver) wrote :

@jack6543: Assigning yourself to a bug means that you're in a position to fix it, which it doesn't look like you are. If you want to subscribe to it, the link is in the bar on the right.

Changed in unity-lens-shopping (Ubuntu):
assignee: Domagoj Bet (jack6543) → nobody

When I noticed this feature in Quantal my first reaction was: have they gone crazy? I do hope they will decide to make this feature an opt-in, not an opt-out.

hexafraction (rarkenin) wrote :

I concur with the need for a TOS screen.

Hugo Venhorst (yougo) wrote :

off by default + notification of features and available settings + switch in privacy settings dialog + separate lens, and we're friends again.

maybe a dialog box during install with an explanation and an initial setting:

----------------------------------------------------
We have a shopping lens. it searches for things to buy online. do you want it?
[yes] [no]

...Thank you for installing. do you want the lens set to active now?
[yes] [no]

this can be changed in the System Settings dialog under Privacy
[ok]
------------------------------------------------------

the box would pop up during installation or configuration of the package, during fresh install, upgrade and separate install.

Changed in unity-lens-shopping (Ubuntu):
assignee: nobody → Otaku-8 (otaku-8)
assignee: Otaku-8 (otaku-8) → nobody
Russian redneck (otaku-8) wrote :

Why Amazon search is placed into "Home" lens ??? As for me there only can be two separate lenses - "Home" and "Amazon and something else online"

papukaija (papukaija) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. This particular bug has already been reported and is a duplicate of bug 1054746, so it is being marked as such. Please look at the other bug report to see if there is any missing information that you can provide, or to see if there is a workaround for the bug. Additionally, any further discussion regarding the bug should occur in the other report. Feel free to continue to report any other bugs you may find.

Thomas Kluyver (takluyver) wrote :

I don't believe that this is a duplicate - this bug is that the lens is enabled (and in the home lens) by default, so it is not fixed by adding an option to disable it. However, it's clear that this is not going to change at present, so I shan't get into bug status wars.

I'm not impressed by the whole episode - I think the change makes Ubuntu a worse product in order to increase Canonical's revenue. But I'm pleased that core developers responded to our concerns by at least providing a clear option to disable the 'feature'.

redwing (redwing-lavabit) wrote :

This is really not a duplicate.

First of all the dash is the most basic function to interact with my OS. Therefore I expect only search results related to my files and applications residing on my local hard drives. I consider online search results in this context as a bug that threatens my privacy. If the default setting stays this way, I cannot recommend Ubuntu to others, especially Linux beginners with a good conscience.

Dac Chartrand (conner-bw) wrote :

This is certainly not a duplicate of bug #1054746. I just tested that change in Ubutnu 12.10 beta and it's an all or nothing solution.

Flick this new switch to OFF, the Video Lense and Music Lense results become local only, no longer searching YouTube or the Music Store like it does now in 12.04,.

This is not what we're asking for in this bug report Ie. "Don't include remote searches in the home lens" We have no problem with remote searches in other lenses, which have been around for 6 months and we were fine with it.

Regards,

Luke (lukekuhn) wrote :

This is beyond serious. I use Ubuntu in a high security, fully encrytped environment. I prefer to limit Internet access to programs I intend to use online, which in my case is browsers, wget, tor, and apt only. Remote searches should be limited to running from the browser in my opinion.

Since I do not use the Ubuntu-Desktop package this has not been installed into any of the operating systems or system images I use and distribute, but removing the shopping lens is now one more thing to remember if I set up a machine for someone directly from an installer. Stripping out all the things I do not recommend and getting the things I do recommend already takes hours, which is why I prefer to distribute from OS images taken from one of my machines as each alpha reaches release.

I've used Ubuntu for years, this is not yet enough to make me put my alpha-following sytems and images through a crossgrade to Debian Unstable, but it IS enough to force me to blacklist Ubuntu 12.10 live disks or installs directly from them as a recommendation to anyone else. This means having to treat Ubuntu as though it were Windows, meaning I every aspect of security has to be gone over before a new install can ever be used safely. What's next-"sudo chromium-browser" as the default browser? I really would like to be able to trust a default install, not just my own private fork with all the geo, google, and prefetch crap disabled in Firefox, the shopping lens pulled out, etc etc etc.

Fredrik Wendt (fredrik-wendt) wrote :

In Sweden, it's illegal to present targeted advertisement if the intended receiver of that information is under 18 years of age. My son uses his computer unattended and I have to say I'm really disappointed that it's Canonical I'll have to report to authorities for lurking in adverts to my kids.

gunwald (gunwald) wrote :

If this useless feature will not became an opt-in feature Canonical will violate the European »Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data«. I hope for legal consequences.

Darxus (darxus) wrote :

This is a screenshot of what you get when you type something with no local hits. I was trying to get to a package manager in a fresh install of Quantal beta 2 yesterday, typed "packages", and got this. A screen full of 24 ads.

I did not click "more suggestion". You get fewer ads if you actually have matching installed local content, in this case, for example gdebi or synaptic. But those don't come installed with Quantal beta 2.

Luke (lukekuhn) wrote :

That is one UGLY screenshot. I hope people upgrading to 12.10 and keeping the "ubuntu-desktop" package don't get stuck with the shopping lens. Unity needs to lose weight anyway. and on top of all else two of the last three comments raised legal issues. According to those posts, Ubuntu would become illegal to distribute in Europe, which as a practical matter would mean European mirrors would have to shut down and no computer maker in Europe would be able to install Ubuntu by default.

That would really suck, and be worse than the shopping lens itself, which is easily removed.

As an experienced user, I always blacklist anything called "shopping" from all my machines and from my personal private fork of Ubuntu. The real problem would be for a new user who has yet to learn to use the terminal to remove the shopping lens. Another problem would be public access computers running Ubuntu from a live disk, sometimes done for security reasons at activist media centers in macnines with hard drives removed for security reasons. Amazon logs would then substitute for the missing hard drives if the FBI, et al wanted to know what was going on at those computers, unless the shopping lens was re-removed at every boot from the live disk.

If Canonical won't exile the shopping lens to installable from repo, maybe a "remove ads from operating system" script executable by mouse click on the default desktop or even in the first run HUD so users unfamiliar with the terminal can take it out as soon as they install? Would sure save live-disk sysadmins in activst media centers a lot of time.

Mario Vukelic (mario-vukelic) wrote :

Could people please stop misusing this bug report as their personal blog, and at the very least try to be up to date before making comments?

Several of the concerns expressed in the past few comments have been addressed in Cristian Parrino's blog post. Cristian is Canonical's Vice President Online Services. http://blog.canonical.com/2012/10/12/searching-in-the-dash-in-ubuntu-12-10-an-update/. Regarding comment #116 by Darxus see the paragraph titled "On improving search quality". Luke in #117, legality is also addressed in the blog post. And what are you talking about "a new user who has yet to learn to use the terminal to remove the shopping lens"? There is a switch in Privacy settings now.

The blog has a comment function to leave your thoughts.

Stephan Sokolow (ssokolow) wrote :

Mario, that doesn't address a lot of the concerns.

If the commenters on the Mozilla bug I previously mentioned are to be believed, you're on legally shaky ground in Germany just sending the Home lens searches over the web as opt-in rather than opt-out, regardless of how you encrypt them and whether or not you link to a privacy policy.

The blog post makes no mention of that, nor does it make any mention of how you plan to avoid running afoul of other local laws such as the ones requiring opt-in parental permission to gather data from minors in various countries.

Also, you still provided no explanation for why such a half-baked feature was fast-tracked past the feature freeze by executive fiat. Isn't this sort of mess exactly what feature freezing is supposed to prevent? What was so urgent about this feature that you were willing to jeopardize all your carefully cultivated user goodwill in a minor PR fiasco like this?

Finally, central to this very bug report, why are you guys so adamant that we have to choose between having our Amazon search in the home lens or not at all? What's wrong with a generic shopping lens or even a remote/web lens?

With a little more transparency and more focus on providing a single news destination for this feature, you might not have had to write your post asking people to stay on topic.

Stephan Sokolow (ssokolow) wrote :

Ugh. Correction: "as opt-out rather than opt-in"

I really need to stop checking my e-mail just before I go to bed.

John Wang (johnwang) wrote :

Responding to Mario's comments in #118:

"And what are you talking about 'a new user who has yet to learn to use the terminal to remove the shopping lens'? There is a switch in Privacy settings now."

The new privacy settings switch as currently implemented is a poor workaround because it's all-or-nothing. It disables all Internet searches across the entire Dash, whereas removing the shopping lens package (currently) disables only the unwanted Internet search -- the one that from the standpoint of privacy is more accurately characterized as "the Amazon Home lens keylogger".

Luke (lukekuhn) wrote :

Responding to Mario Vukelic in # 118: "And what are you talking about 'a new user who has yet to learn to use the terminal to remove the shopping lens'? There is a switch in Privacy settings now."

Example: When I first set my sister's laptop up with Ubuntu, it took her quite a while to learn to administer the machine from terminal OR from GUI without having to call me up on the phone for tech support, or worse, make arrangements to bring the machine over for tech support.

Worst-case example: Person A gives an Ubuntu CD to person B after hearing one too many phone calls for tech support on Windoze. Person B installs from that live disk, only to get a dash full of ads. Person B is furious with person A, who was not present to remove the shopping lens at install time.

As for why I have not seen the switch in privacy settings, that is because I never installed and never will install any kind of shopping lens. In addtion, I always remove Zeitgeist from my systems and block the recently-used.xbel file to prevent any attacker from copying recently used data. In addition this protects the privacy of anyone I give an unencrypted version of my private fork by default.

John Chadwick (johnwchadwick) wrote :

Please fix this. Ubuntu is becoming more important than ever. Now is a really bad time to make a mistake this big and pretend it's not just a mistake. I don't care if Amazon integration is included, but if it's obtrusive, something is very, very wrong.

Opt-in or not at all.

Stephan Sokolow (ssokolow) wrote :

I get the impression Shuttleworth might have seen our response to this ill-designed feature as the last straw:

http://www.extremetech.com/computing/138200-key-parts-of-ubuntu-13-04-will-be-developed-in-secret-to-escape-the-critics-ire

Thomas Kluyver (takluyver) wrote :

That's somewhat disingenuous. Parts of Ubuntu are already developed in secret - integrated webapps or the HUD weren't announced until there was already a functioning prototype. This shopping lens was kept pretty quiet until it was ready to land. As Shuttleworth points out, criticism happens whenever you reveal it.

Shuttleworth's blog post says that they're going to invite trusted members of the community to work on some of those features before they're announced. I see that as an improvement - it will no longer be just Canonical employees working on these 'skunk works' features.

Stephan Sokolow (ssokolow) wrote :

It's possible I misinterpreted things.

I have no problem with experimental prototypes being kept secret when there's no guarantee that they'll ever make it into a release and more options for community collaboration are always good.

My only problem with it is that I got the impression Shuttleworth wants to err more on the side of "secret until it's already guaranteed to be in the next release". THAT is what I have a problem with.

Timo Witte (spacefish) wrote :

Thats it i am installing Mint now by default. If i want Bloatware i can also install shitty windows from an OEM disk with "may i help you to buy new printer ink notifications". Thanks for ruining ubuntu!
I undestand that they want to get more money for developing Unity Lenses like Ubuntu TV and so on. I don´t support this!

Dac Chartrand (conner-bw) wrote :

I upgraded 12.10, donated some money to Ubuntu, and ran `sudo apt-get remove unity-lens-shopping`

I’m not against a monetization strategy with Amazon as a partner. I’m not even against remote searches. I am, however, totally against remote searches in the home lens.

I am open to compromise. The home lens could be configurable to turn certain things off and other things on. Prefixing queries with the protocol "buy:" could override my settings since my intent to buy would be clear. There are several ways to solve this and make (most of) the people subscribed to this issue happy.

Until that day I will keep removing this feature using `sudo apt-get remove unity-lens-shopping` and keep telling everyone else to do the same. The day Dash Home is configurable, I will re-install and encourage others to do so as well.

I know this is not a blog and that these types of soliloquies aren't welcome in "bug reports" but let's be honest, this is clearly a debate between Canonical HQ and opposing viewpoints. For this issue to be closed in good faith a compromise must be found.

Thank you for your consideration.

Luke (lukekuhn) wrote :

In 12.10 as released, the home lens IS configurable, I've tested this myself on a live flash drive. It works, Amazon searches appear with remote search on and do not appear with it turned off. The issue as of now is rather that the default setting is to return commercial/network results, and the user has to see this and look for a way to turn it off.

Does anyone have any data as to what percentage of Ubuntu users ever open their privacy settings? If it is at or near 100% this complaint from me is withdrawn. On the other hand, we've also got users (I know one) who install and find they can't connect to their wi-fi because they are using the machine password instead of the wifi password. How long will it take these folks to find and open their privacy settings? At least they are not on Windoze helping build botnets....

The issue with default settings being "least privacy" is not unique to Unity but is shared with Zeitgiest logging, cddb , Firefox, and especially Chromium. All of these should come with default settings for maximum privacy when a live disk/ image boots up, and clear instructions to new users to check these settings and set them to their liking.

John Wang (johnwang) wrote :

Quoting #129:
> All of these should come with default settings for maximum privacy when a live disk/
> image boots up, and clear instructions to new users to check these settings and
> set them to their liking.

This is an important point.

Ubuntu needs to adopt a global "Privacy by Default" policy, not only for live media but for new installations of Ubuntu and installation of new packages. In accordance with this policy, every feature -- at least within reason and practicality -- that has a demonstrable privacy impact on the user, needs to: 1) have user-configurable levels of privacy; 2) by default be set to the most private setting; and 3) conspicuously inform the user of the feature's privacy implications. The policy should establish the principle that consent for less-than-private settings must be obtained from the user, and obtained only through deliberate post-installation opt-in actions by the user.

Such a policy would make a strong statement and greatly affirm user trust in Ubuntu on matters of privacy, as well as positively distinguish Ubuntu from the privacy policies of other prominent operating systems (and other GNU/Linux distributions). Without it, actions such as the inclusion of the Amazon shopping lens in the Home lens scope demonstrate no more trustworthiness on the part of Ubuntu than similar opt-out privacy-violating features slipped into Facebook has done for Facebook in recent years.

The existence and global enforcement of such a privacy policy is the only condition under which I would approve of the Amazon search lens' inclusion in the Home lens' scope.

Constance C (russell2pi) wrote :

This feature causes all community members to violate the code of conduct. Bug report:

https://bugs.launchpad.net/ubuntu/+source/dash/+bug/1070598

I have deleted all my Ubuntu installations and replaced them with Debian.

This is a massive shift - never before have I seen an open source project with volunteer contributors go down the route of misleading users for the financial gain of the project founder.

Anyone who cares about open/free software principles should abandon this project unless the system is altered to respect user consent and privacy.

That means - opt in, explicit consent, and if it's not already, open source for the server-side part of this feature, with the option to use third party servers one might be more inclined to trust.

Edwin de Jong (g-e-dejong-9) wrote :

It seems Ubuntu forgot the meaning of Ubuntu (from: https://en.wikipedia.org/wiki/Ubuntu_(philosophy)

- "Ubuntu ... is an African ethic or humanist philosophy focusing on people's allegiances and relations with each other."
- "I am what I am because of who we all are."
- "Ubuntu does not mean that people should not enrich themselves. The question therefore is: Are you going to do so in order to enable the community around you to be able to improve?"

Now, dear administration of Ubuntu: how many allegiances do you break with your user base by this move? How does your decision reflect that of what we all are? Do you enable the community around you to improve by taking their privacy?

This past month, I have lost faith in Ubuntu's ability to reflect its users need. Unfortunately, I will move to another distribution, such as Mint or Debian. Previously, I have moved to other distro's out of curiosity. This is the first time I move because I have lost trust.

Darxus (darxus) wrote :

'What EFF Wants From Ubuntu ... Disable "Include online search results" by default. ....'
- https://www.eff.org/deeplinks/2012/10/privacy-ubuntu-1210-amazon-ads-and-data-leaks

Strange Fox (kero-05h) wrote :

This is extremely serious. I haven't been able to recommend Ubuntu 12.10 to new users because of the privacy implications of this feature.

My ideal solution:

1. Prompt the user when installing whether or not they would like to install amazon's search feature.

2. Prompt whether or not they would like the feature to be installed as a dedicated shopping lens.

Myoukochou (myoukochou) wrote :

Agreed, this should be opt-in. Remove this lens from the default install - it does not belong there. Not even a PROMPT belongs there - Ubuntu is free software, not adware, not spyware.

If we wanted our base OS to advertise to us, we'd use Windows 8.

 I strongly believe that this should be opt-in. There should not even be such package installed before consulting the user.

If it's impossible to fix this, we should probably fork the whole project and think of a good name. But it would require a sizeable maintainer team. So there's a problem.

rdesfo (rdesfo) wrote :

I prefer opt-in. Private searches may be compromised. I opt for removal of this item and have it placed on some sort of a visibile specific shopping dash.

h3 (h3) wrote :

Using an opt-out strategy on a feature like this is insidious and an insult to Ubuntu users intelligence.

It's the kind of bullsh*t I'd expect from Microsoft, not Canonical.

I posted up an idea on Ubuntu Brainstorm about this, which I figure would be a better vector for such things:

http://brainstorm.ubuntu.com/idea/30415/

Unfortunately, the moderation staff doesn't agree, and marked it as "already implemented".

Crap, I posted prematurely.

Anyway, based on the screenshot attached to my previous post, the Brainstorm idea is clearly *not* implemented. So I suppose this remains the most viable location, since it appears that criticism of Canonical's precious Unity is unwelcome there.

Regardless, until this is resolved, I will *not* be recommending Ubuntu to anyone. Perhaps a derivative like Lubuntu or Mint, but not anything with Unity.

So apparently there is this popular fork of Ubuntu, called Mint at linuxmint.com which is quite popular and has a growing developer base. Oh, and they also do not spy on people. I switched over and will be contributing through their project now.

Still I think it is appropriate to thank Ubuntu and Canonical for the great distrib they had created and the huge piles of money and work they together with the community put it to make it work and move opensource forward!

I must also echo the trend of comments here; please make this opt-in... and even better, provide the choice and details in a dialog upon installation.

This would be nice and transparent, giving the user the choice from the start and therefore probably also more likely to trust Canonical than maybe realising later on that this feature exists and not understanding what it fully does.

Or at least put this in a separate lens, rather than global dash.

The current trend is very concerning to me and many others. Look at Linux Mint and the support and donations, sponsorships etc they have and how they make revenue without resorting to this kind of thing. Different kettle of fish I know with the size of Canonical as a company, but you get my point. Mint does not try to track your local searches, which I think is the worst part of this.

I agree with last comment, both are possible : please shopping lens
installed and active by default, with Amazon and future new partners,
but opt-in (disabled by default) for the results in the Dash home, with
possibility to choice exactly our parameters : which lenses results do
we want added in the Dash home when doing a local search ?

Marius B. Kotsbak (mariusko) wrote :

Richard Stallman has commented on this: http://www.fsf.org/blogs/rms/ubuntu-spyware-what-to-do

I to agree that this is a blatent disregard to user privacy and basically goes against what Richard Stallman and others wanted for the Free Open Source Software Movement ages ago. GNU at it's heart. I feel it should be an "opt in" versus and "opt out" by default. Please fix this issue, until then I have moved over to Linux Mint which doesn't invade my privacy by default.

strav (strav) wrote :

Ubuntu is a big gal now. 2 am, Johannesburg's streets are steaming hot. With her new gloss on, still frail on high heels, shopping bag in hands, Ubuntu walks slowly in circles around the side walk. Not before long, one of these old 70's mercedes stops by with a long squeaking sound. The driver asks with a tone of confusion: "hey babe, kinda lost here, you think you could help me out?" Ubuntu: "Ahhhh man, sure! wanna have a good time?"

http://blog.canonical.com/2012/12/07/searching-in-the-dash-in-ubuntu-13-04/

The driver: "Gal, gal! if you plan to do anything with that mouth, better take Mint before!"

Changed in unity-lens-shopping (Ubuntu):
status: Confirmed → Triaged
importance: Undecided → Critical
Jeremy Bicha (jbicha) wrote :

Chauncellor, please don't mark bugs as Critical unless they meet the criteria at https://wiki.ubuntu.com/Bugs/Importance

I'm setting this to Wishlist since it would be somewhat a new feature for the shopping lens to not put results in the home lens.

This probably is actually a WONTFIX item since the Unity design is for the home lens to search across all the lenses, and it's possible for users to opt out of the shopping results if they don't want them.

Changed in unity-lens-shopping (Ubuntu):
importance: Critical → Wishlist

Jeremy: the fact that the Shopping Lens is opt-out instead of opt-in is precisely why this bug exists. Is there some reason why shopping results (or, better yet, web searches in general) couldn't be relegated to their own separate lens icon in the Dash? Are users honestly using the Dash's Home Lens to search for Amazon products? I find it more likely/plausible that users would be using the Home Lens' search box for finding local things.

This can't be "wishlist": This was working correctly in 12.04 so it's clearly a REGRESSION.

Jeremy Bicha (jbicha) wrote :

Northrup, I'm not responsible for the Unity design nor am I really taking sides.

It's important to understand the Unity design if you want to influence those that do make the decisions. The design as I understand is that you should be able to open the Dash by either clicking the first button in the top left or pressing the Super key and find whatever you'd want to find. It should tell you the weather, it should give you movie results (whether downloaded to your computer, available for purchase, or even showing in movie theatres), apps (whether installed or not installed), etc.

Fundamentally, that requires it to be a global search or universal search which requires sending data across the Internet. Because that design would generally be useful to average people and it is still somewhat unique (although Google Now or Siri are similar in some ways), it *will* be turned on by default. Since there is a fairly easy way to opt out in System Settings>Privacy, it doesn't seem like there is any actual action for Canonical or community developers to take on this bug.

John Wang (johnwang) wrote :

Jeremy: I remind you that the original report and many comments here aren't pushing exclusively for total removal of online results from the Home lens, rather they're also suggesting a compromise position between that and the current status quo: make this feature opt-in. I haven't seen a statement anywhere from Canonical regarding the opt-in proposal. Please don't mark this bug WONTFIX without discussing that alternative.

That is quite true. Most people also want flash, but it's an optional check-box during installation process. Why not add another one.

Jeremy Bicha (jbicha) wrote :

John, sorry the bug title is about showing remote results in the Dash home, not about whether it should be opt-out or opt-in or whether there should be an installer question asking what users want.

Kirils, the shopping lens didn't exist until 12.10 so technically it's impossible for this to be a regression since the shopping lens has always worked this way.

Jeremy: The difference between the Dash and, say, Google Now is that one typically does not use Google Now to launch applications or find local files (I don't know if that's even possible). Siri typically doesn't do as much of those things either; it can launch apps, but since iOS doesn't (without jailbreaking) reveal the contents of its filesystem, searching for local files is out of the question there. Not to mention that both Android and iOS have an app list to go to as the primary launch method *instead* of Now/Siri/etc., whereas the Dash (or rather, a lens of it) *is* the "app drawer" so to speak.

Thus, the use cases for both Google Now and Siri are quite different from that of the Dash; instead, the Dash's use seems to be more in line with a Start Menu, being it the primary method of launching applications that aren't already in the sidebar. Because it's used as a Start Menu rather than a Siri, users expect to see results on *their* machine, not on the web.

I understand the idea that Unity is going for. What I'm saying is that it can be done in a way that doesn't intrude on user privacy and introduce a gaping hole in Ubuntu's security. That's why the Shopping "Lens" (it isn't even its own lens, so calling it the "Shopping Lens" is misleading...) has been drawing so much criticism, and why that needs to be fixed if Canonical cares about user privacy and safety.

And yes, you can opt-out. But why should we have to opt out? If users want Amazon integration, why can't they opt in?

John Wang (johnwang) wrote :

Jeremy: You well know that oftentimes a bug title doesn't sum up the entirety of the report itself. And in this case, the report proposes an alternative solution to the one stated in the title:

"To anticipate one likely response: I understand that this feature can be removed by uninstalling the package. I believe it should be opt-in, not opt-out, and I also think the feature is useful, so I don't want to remove it completely from my system."

It is disingenuous to ignore that point for not being mentioned in the bug title. But if you insist on that line of reasoning, the bug title can always be edited to reflect the opt-in compromise.

Guys, I would continue to set this so hard onto critical importance over and over again until I'm banned from ever using LP again if it achieved anything. I'm sorry that there's nothing we can do to stop this madness.

Jeremy Bicha (jbicha) wrote :

John, separate issues need separate bugs. With 157 comments, this bug report is already well past long enough to be useful. A bug requesting the shopping feature be opt-in should be only about that issue and not about whether remote searches show in the home lens.

unimatrix9 (jochemscheelings) wrote :

its not a wishlist, its critical.

the report is here for a lot of reasons. When you look at nautilus, you again see the home folder, it shows what it should show, a local, personal folder, in the dash from all points of view it should do the same thing, show local results only. Its that simple. Its very critical to ubuntu, that it does not loose its Credibility to the world.

There would be no report if people dont care , we do care.

Xavier Guillot (valeryan-24) wrote :

Problem for the moment with the opt-out is that it's global : if we turn off in the Privacy options, it turns off the Dash home ALL internet searches, not only shopping ones...

Perhaps I want to see by default in home the Gwibber lens results but not Amazon ones, and if I have something to buy, I activate it or go to shopping lens.

So at least we need in Raring a very more complete configurable option in the Privacy, to be able to select lens by lens :

- which one(s) we want to keep installed on the system, on or off

- from which one(s) we want to see results in Dash home, too

Both can be activated and "On" by default, as it is Unity purpose and wish, but we should get the possibility to configure them precisely.

Today it's not satisfying : I do not want to "apt-get remove shopping-lens" as I buy sometimes in Amazon (and perhaps with the future commercial partners) and would be happy to support Ubuntu by this way.

I do not want shopping results shown in Home, but I want Gwibber ones, so I can not turn off "online search" option...

So perhaps we need to open a new bug, but this option would be the minimum that Canonical should provide users.

Marius B. Kotsbak (mariusko) wrote :

It's clear that we need a separate local home lens (that searches all local sources) and one global one that searches both local and remote sources. This is because it might be that you want to do both at different times and don't want to turn off and on the privacy option each time.

Maybe make it configurable as in Android which sources to search in the global search. And maybe even let people make their own set of meta-scopes that searches in a set of sources.

Thomas Kluyver (takluyver) wrote :

To reiterate my perspective as the person who filed this bug: there's a mass of critical commentary elsewhere on the web, and I wanted to ensure that this translated into a polite, factual discussion in a location where Ubuntu developers can't skip over it.

The reasons I think this default is a bad thing are that it breaches an expectation of privacy, it's tasteless (commercial content when I'm not asking for it), and it's continuing to bring Ubuntu massive negative PR. Sadly, despite the criticism - from hundreds of users, from the EFF, from Richard Stallman - it seems like the decision is made and won't be changed. The whole episode leaves a sour taste in my mouth.

unimatrix9 (jochemscheelings) wrote :

so its a dead end right now, because one person has moved it to wishlist , the bug should be submitted in an other form.
somethins like , `nautilus shows the home icon as local , dash should do the same .. , show local search results only from design point of view`?

unimatrix9 (jochemscheelings) wrote :

any movement in the right direction ?

papukaija (papukaija) wrote :

No, canonical needs more money.

unimatrix9 (jochemscheelings) wrote :

this is not an duplicate of : https://bugs.launchpad.net/ubuntu/+source/unity-lens-shopping/+bug/1065720
it might look so in first review, but its not, could some one please remove that link ?

Don't include remote searches in the home lens , is still the topic, shopping lens should not by default be in the
home icon, home suggests a private local place. Move the shopping lens away from the home and the issue is gone.

unimatrix9 (jochemscheelings) wrote :

some news on the issue on omg ubuntu , http://www.omgubuntu.co.uk/2013/02/ubuntu-dash-to-add-private-incognito-mode-add-legal-notice-to-installer , makes it more difficult, i think , why the rather simple step of removing shopping searches from the home lens is not choosen still unclear. But more control seems to be on the way.

unimatrix9 (jochemscheelings) wrote :

Mark Shuttleworth (sabdfl) wrote on 2013-02-17: #6

Here's how we are going to handle this:

 * We will make a very bold, clear way for you to turn on and off
network queries across ALL scopes for any given session in the dash.
Think about this like the 'anonymous' mode in your browser. Toggle it,
right there in the Dash, and you are totally certain you are not sending
network traffic. We will aim to enforce this at the kernel level, hence
the CC to Jamie S who leads our security team.

 * We will have the ability to configure the Home screen, including
choice of scopes, and the behaviour of individual scopes.

 * Legal notices will all be in one place, in the 'About Ubuntu' part of
the UX, and visible in the install experience too.

Mark

JaSauders (jasauders) wrote :
Download full text (3.8 KiB)

I'm quite surprised this issue has not been taken care of by now. When it first surfaced I almost ignored it because I thought for sure enough noise will be made to reverse this decision. I fully understand the business side of it, but it really is far from logical when you look at it from the end user point of view. To date, approximately 0 people I know personally have considered the Amazon integration to be a good thing. Oddly enough, most find it weird, intrusive, or scary to have on the system by default. I've installed Ubuntu on countless machines for people, and everyone has contacted me wondering how the computer is magically showing them relevant shopping searches. To most people, it's scary. It's not helpful, it's downright scary. If this would be an option that the user would need to enable, it'd be a totally different story because then the user knows it's there and the user knows what to expect as a result. In a world where malware is a common practice it stands to good reason that even your most computer illiterate grandma out there would be nervous about how a computer knows so much about what you just typed in. Once you take a step back and look at this situation without any degree of bias or with some sort of business related underlying agenda, you'll see that, guaranteed.

By default, I disable the privacy and shopping integration as a first step when I install Ubuntu. I find that I'm downright angry each time I do it, because I know, deep down, it's not right. It's. Just. Not. Right. Having this enabled by default is just foolish and I am beyond disgusted with the fact that it's here by default.

But wait... there's a catch... I've been an Ubuntu user since 2006, and I have tried countless other distributions but each time I come back to Ubuntu. I love what Canonical is doing and I love how Ubuntu is shaping up to be such a fantastic and easy to use (yet crazy powerful) distribution. In the event that this option was disabled by default, I would actually go out of my way to enable it. Yeah - not joking here. I work in IT, so I'm continually having to purchase various parts for systems. Amazon is, ironically, my first (and usually my only) stop to finding what I need. In the event that this was disabled by default I would put forth the effort to support Canonical and Ubuntu by ensuring that each purchase I made I would do so via the Unity dash. But considering that it's enabled by default, I find myself so incredibly disgusted that I find it's difficult to even use Ubuntu any more. I can't help but to wonder "what's next" on the agenda if things like this are going to be baked into the operating system from the get-go. Fortunately, there are other distributions that don't have "features" like this enabled, which are becoming all too attractive with each passing day...

I know I'm just one person, so clearly I understand that what I just said will hardly be persuasive. Instead, I'll let the masses do the talking. As a frequent user of the UbuntuForums, AskUbuntu, and the Ubuntu IRC channels, I have yet to find a single end user who has said "This was a good idea." That's not an exaggeration - that's a straight up fact based ...

Read more...

Thomas Kluyver (takluyver) wrote :

To record a few of those 'things to do after installing Ubuntu' articles. Disabling the Amazon results is:

Number 8 in http://www.omgubuntu.co.uk/2013/04/10-things-to-do-after-installing-ubuntu-13-04
Number 2 in http://www.webupd8.org/2013/04/7-things-to-do-after-installing-ubuntu.html
Number 6 in http://www.noobslab.com/2013/04/tweaksthings-to-do-after-install-of.html
Number 1 in http://www.refreshit.info/2013/03/10-things-to-do-after-installing-ubuntu.html

The first 2 of those also specifically mention how to remove the shopping lens, if you want to keep using other online lenses. That suggests to me that, at least for some users, it's the Amazon results specifically that are an annoyance, not

It's a slight exaggeration that it features in every list; while the majority seem to have it, there are some that don't, like this: http://www.unixmen.com/042013-top-things-to-do-after-installing-ubuntu-13-04-raring-ringtail/

I think it's pretty clear by now that this default isn't what users want, and Ubuntu continues to get bad press from it.

unimatrix9 (jochemscheelings) wrote :

Could some one create an package that would replace the default home lens with an home lens that does local search only by default ?

Would that be an idea ?

Would rather have seen the other options afcause..

Daniel Jose (danieldsj) wrote :

I filed a bug that presents an alternative to the current shopping lens: Allow users to add Amazon accounts to "Online Accounts", then present results based on the presence of the account.

I believe this is an over-all better framework because it's opt-in and can scale to other online retailers (ebay, steam, newegg thinkgeek, etc.). Here's the bug: https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1072765

Colin Law (colin-law) wrote :

Recent posters please read comment #167. The plan is there to sort it, it just has not yet been implemented yet.

Darxus (darxus) wrote :

Colin: Comment #167 says nothing about it defaulting to off.

vexorian (vexorian) wrote :

Given recent revelations , I think the discussion regarding the ethics leaving some scopes in the default and even their inclusion in the repositories repositories should be revisited.

If you want me to be more explicit:

- We know that youtube is part of PRISM.
- We don't know if Amazon joined PRISM or not. The only big US company we know refused to "cooperate by making NSA access easier" is twitter. Amazon is still a US-located company and thus is bound to the law and court orders that allow this , and so is twitter.

I think this should be a concern to non-US citizens using Ubuntu. In the case of Amazon, searches are made from Canonical's servers. But that may not be enough of a protection. NSA could target specific communications between Canonical and US servers. If they knew a special individual is a ubuntu user they could listen to the home searches of all users in order to attempt to datamine them. I think that the scope of PRISM and the extremes that we now know NSA is capable of should make Canonical reconsider these decisions as they now have risks much higher than Amazon learning what sort of porn you like.

I agree completely with vexorian with this issue. In light of PRISM, I now have even greater aversion to recommending Ubuntu to a new Linux user.

luke (lukefromdc) wrote :

I've alwys suspected the sort of thing the Snowden documents on PRISM, etc prove. That's why I removed Unity when this issue came up. It was replaced in my backup DE list with a Cairo-dock/Compiz session. For my main DE I use Cinnamon, but Unity with all scopes removed MIGHT be safe. Trouble is, for the sort of folks I distribute computers to I cannot take a chance and cannot distribute an OS known to put local activity of ANY type on a network.

I consider all online scopes to be a threat, as combining local with online searches could enable the NSA over time to figure out the content of your filesystem. Also, if ever the NSA finds and exploits a vulnerability in a scope, that would be an obvious target for exploitation, as the dock already talks to the network, and already lists files. Therefore, it is in the same category as installing a webserver in a machine that will never be used as a webserver: unused exploitable software that talks to the network. This does not require any malicious intent by Canonical, only malicious intent by the NSA or any other attacker.

Therefore, I now do not distribute Ubuntu's main distro. 12.04 and earlier are safe but getting old fast-and if someone updates 12.04 to a new version and does so with Ubuntu-Desktop installed I don't know if they get the scopes. As of now, if not distributing my own private fork, I give out either Mint or UbuntuStudio, the former with Cinnamon or MATE, the latter with XFCE.

D S (d-s) wrote :

I am immediately stopping my recommendations for using Ubuntu, and actively recommending against it based on this invasive and backhanded leaking of private information without an appropriate opt-in and explanation. Ubuntu, you failed, and now you pay the consequences.

Duststorm (duststorm-design) wrote :

Ubuntu has won an anti-privacy award for their dubious practices:
http://www.omgubuntu.co.uk/2013/10/ubuntu-wins-big-brother-austria-privacy-award

Are you really not going to rethink your position?

Sad to see how a project like Ubuntu gives a bad reputation to FOSS software.
It's a slap in the face for everyone who has promoted Ubuntu to large audiences for years.

I don't think this is quite an invasion of privacy, but this is still just "clunky" feeling. Why not have a dedicated lens for shopping? I would love to have a lens with a generic bag which shows me products from Amazon, eBay, Newegg, Tiger Direct, Walmart, etc. That would be useful. Furthermore, it would fit the whole feel to Unity (Smart scopes, search anywhere, etc.) while still allowing for profit to Canonical without causing any major issues amongst users.

My question: Why not?

Nikola M (nikolam) wrote :

I am not using Ubuntu anymore because of this. It started with UbuntuOne and reporting my IP
and now it went to Ubuntu not serving to the user and customer, but to the interests of external companies, and that is not is a spirit of the word Ubuntu.
So I stopped recommending Ubuntu to anyone, after Unity and Canonical decisions to put searches out by default, without users wanting it.
I think Xubuntu does not have any of this personal info leaking features.

Removing unity-scope-home causes lots of problems. Instead run the following command in the Terminal to disable the spyware:

gsettings set com.canonical.Unity.Lenses disabled-scopes "['more_suggestions- amazon.scope', 'more_suggestions-u1ms.scope', 'more_suggestions-populartracks.scope', 'music-musicstore.scope', 'more_suggestions-ebay.scope', 'more_suggestions-ubuntushop.scope', 'more_suggestions-skimlinks.scope']"

JaSauders (jasauders) wrote :

So let me get this straight...

100% of the time when I type into the dash, my system is searching for online resources relevant to what I typed. That said, 99% of the time I type into the dash, I am doing so to retrieve a local file or application. So roughly translated, 99% of the time Unity is bringing me irrelevant search results that ultimately slow down my computer in an obviously noticeable fashion when typing in search terms.

Who on earth thought this was a good decision? I can see the value in an online resource like this, but being opt-out is ridiculous. It being in the home lens is even more ridiculous. Why would you split up lenses for music, videos, files, applications, but NOT online resources? I just can't fathom this.

Given the fact I often have to order parts for different things at work through Amazon, I would love to support Canonical by going through the lens facet, but not at the expense of my privacy. I repeat, not at the expense of my privacy.

Canonical, you have done so much good for the Linux community. You deserve to be commended 100x over again for your work. You've taken some insane chances along the way. Unity has evolved into a beautiful, clean, and professional desktop environment. It was met with criticism but it has blossomed into something that's really quite nice. Mir has yet to be seen so I can't really comment there quite yet. Then you have this shopping lens being an opt-out feature. I honestly don't understand how someone sat at the meeting table and thought "this is a good idea." This is distribution suicide. You're losing a magnitude of users over this stupid nonsense little thing. Is this really worth all of the negative publicity Ubuntu/Canonical is *still* receiving (and forever will) over this? I mean, really? Is it?

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers