Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ubuntu's New Firefox Is Watching You

Posted by kdawson on from the don't-be-sneaky dept.

sukotto writes "Ubuntu recently released an unannounced and experimental 'multisearch' extension to Firefox alpha 3, apparently in an effort to improve the default behavior of new tabs and of search. In a response to one of the initial bug reports the maintainers mentioned that the extension's other purposes were 'collecting the usage data' and 'generating revenue.' Since this extension installs by itself and offers no warning about potential privacy violations, quite a few people (myself included) feel pretty unhappy. The only way to opt out is to disable the extension manually via Tools > Add-ons." Most posters to this Ubuntu forum thread are not happy about multisearch.

45 of 330 comments (clear)

  1. Not new by sopssa · · Score: 5, Insightful

    This is not actually far away from how Firefox generates its revenue too - from ad clicks in Google search and by direct sponsoring from Google.

    The two main ways to monetarize and support OSS projects is giving support and ads. In the later case you always lose some of your privacy. Developing Linux and its distro's need money aswell. You could choose a distro that is financed in other way (maybe by you), use commercial software that doesn't do this or be fine with generating some ad income to support the development. "Perfect" package is usually impossible to obtain because of financial limitations.

    Google is build completely around this model too and it seems to work good for them - even if people lose some of their privacy. Hell, slashdot is maintained by ad revenue too. Another distro that also does same kind of stuff is Linux Mint.

    Its nothing new, but it might surprise those who believe in pure, not-revenue-generating OSS. It's how the free for user projects are financed.

    1. Re:Not new by SBrach · · Score: 5, Insightful

      WTF. Way to give Mozilla a free pass because it's OSS. You know, I use both open source and closed source software but I guess I am the only one who judges both by the same standard. What an asshole I am huh.

    2. Re:Not new by elzurawka · · Score: 3, Insightful

      The difference is that we all know that Google is a giant Advertiser.
      Most people are under the impression that Ubuntu is a free OS, not an Ad Sponsored/Data mining revenue oriented OS.

      --
      -EL
    3. Re:Not new by readin · · Score: 4, Informative

      Google and Slashdot have the ads where you can see them. There is no pretense about it. And you know what when you log into a site or when a site has cookies, there will be some tracking. You control the tracking by deleting cookies or not logging in. There are limits to what Google and Slashdot can do because of the security built into the browser

      This is different. In this case Firefox is the browser that is supposed to protect your privacy and security. Your browser is supposed to do a job - and it isn't collecting data on you. If the program is going to execute on your CPU and collect data about you to send to someone else, it should be very clear about that intention. This sounds like Firefox has become a Trojan. I wonder if my anti-virus software will warn me about it.

      --
      I often don't like the choices people make, but I like the fact that people make choices. That's why I'm a conservative.
    4. Re:Not new by Score+Whore · · Score: 5, Insightful

      Lots of people like sex. Very few people like to be raped. The difference is in the consent. Same situation here.

    5. Re:Not new by turbidostato · · Score: 3, Informative

      "Debian has no problems violating its free software guidelines to include non-free firmware in its distribution"

      In which part of either main or contrib can you find non-free firmware now? Because having freely distributable non-free software on non-free is and always has been quite within Debian's guidelines, you know... (or are you just trolling?)

    6. Re:Not new by jim_v2000 · · Score: 4, Insightful

      God damn...is this reddit or something? YOUR BROWSER ISN'T COLLECTING ANYTHING. You do a Google search through the Ubuntu Google page, and then Canonical can see some aggregate usage data with Google's tools. The browser isn't doing anything other than what it normally does. Don't be a fucking drama queen.

      --
      Don't take life so seriously. No one makes it out alive.
  2. Big projects need funding by Anonymous Coward · · Score: 4, Insightful

    There's no point denying it: Big projects need funding. Funding creates dependencies. Since there is no way around the need for funding, it is of utmost importance that dependencies and privacy implications are disclosed. So Ubuntu: FAIL.

  3. Outrage calibration by jpmorgan · · Score: 5, Insightful

    Well, here's the outrage from when Microsoft slipped the .NET Framework Assistant into Firefox without asking. Adjust your outrage accordingly...

    1. Re:Outrage calibration by Philip+K+Dickhead · · Score: 5, Informative

      ICEWEASEL!
      # apt-get update
      Get:1 http://your.favorite.mirror/ sid Release.gpg [378B]
      Get:2 http://your.favorite.mirror/ sid Release [79.6kB]
      Get:3 http://your.favorite.mirror/ sid/main Packages [4514kB]
      Get:4 http://your.favorite.mirror/ sid/main Sources [1280kB]
      Fetched 5874kB in 11s (523kB/s)
      Reading package lists... Done

      # apt-get install iceweasel
      Reading package lists... Done
      Building dependency tree... Done
      Suggested packages:
          iceweasel-gnome-support latex-xft-fonts xprint mozplugger
      The following NEW packages will be installed:
          iceweasel
      0 upgraded, 1 newly installed, 0 to remove and 3 not upgraded.
      Need to get 8933kB of archives.
      After unpacking 27.2MB of additional disk space will be used.
      Get:1 http://your.favorite.mirror/ sid/main iceweasel 2.0+dfsg-1 [8933kB]
      Fetched 8933kB in 9s (975kB/s)
      Selecting previously deselected package iceweasel.
      (Reading database ... 68428 files and directories currently installed.)
      Unpacking iceweasel (from .../iceweasel_2.0+dfsg-1_powerpc.deb) ...
      Setting up iceweasel (2.0+dfsg-1) ...
      Please restart any running Iceweasels, or you will experience problems.

      # _

      http://en.wikipedia.org/wiki/GNU_IceCat

      --
      "Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell
    2. Re:Outrage calibration by SBrach · · Score: 4, Insightful

      Right, people were outraged Microsoft installed a .net plugin but it is ok for Ubuntu to datamine my Firefox activities because it is free and I need to pay for it somehow. That is basically what the OP was saying. Thats bullshit.

    3. Re:Outrage calibration by FlyingBishop · · Score: 5, Informative

      1) This is the default browser, and Ubuntu shipped it with modifications for years. That they would change the nature of those modifications in an update is hardly surprising.
      2) The summary says the only way to disable it is by using the add-ons dialog, as if that were some onerous distinction. .NET was unremovable through the add-ons dialog, which was the primary reason people were pissed. Ubuntu's really done nothing to break the user trust here. You don't like it, remove it, it will take all of 10 seconds, and be completely gone.

      Also, it's clear this won't make it into the release candidate. That is the value of an open source OS with a public bug tracker, in which the most minor problems (and the most vitriolic responses) are archived and freely available on the internet.

    4. Re:Outrage calibration by Shakrai · · Score: 5, Insightful

      Both are annoying but one is a lesser evil

      The lesser of two evils is still evil.

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    5. Re:Outrage calibration by gparent · · Score: 5, Informative

      The .NET one has been updated to uninstall fine.

    6. Re:Outrage calibration by gparent · · Score: 3, Informative

      No, not at all. A few days after it all happened, MS came out with a fix that allowed the addon to be easily uninstalled.

    7. Re:Outrage calibration by Darkness404 · · Score: 3, Insightful

      But you have to realize that the reason why people use Ubuntu is because it is pre-configured and you don't have to do much to get it how you wanted. Ubuntu wasn't much "better" than Debian, other than the fact it had regular releases and was pre-configured. If Ubuntu stops being pre-configured how most people like it, it will stop being used. This is a suicidal move for Ubuntu which has been losing mindshare after the 8.10 and 9.04 releases which dumbed-down the distro to a new low (the annoying update window which pops up as a window, removing the useful CTRL+ALT+Backspace shortcut, the notification boxes that can't be quickly closed, etc). Ubuntu needs all the good press they can get, I don't understand why they would risk it.

      --
      Taxation is legalized theft, no more, no less.
    8. Re:Outrage calibration by calc · · Score: 5, Informative

      "Ubuntu needs all the good press they can get, I don't understand why they would risk it."

      That's pretty funny considering Ubuntu is still in the lead on DistroWatch on all timespans except the last week. For the last week an Ubuntu derivative Linux Mint is number 1 with Ubuntu at number 2.

    9. Re:Outrage calibration by Anonymous Coward · · Score: 3, Insightful

      There is nothing the least bit evil about the .NET extension, autistic man-children just threw a bitchfit because the word "Microsoft" makes them confused and angry.

      Notice the lack of anger about the intrusive Apple QuickTime plugin, which fucks over Firefox's MIME handling and is practically impossible to remove.

    10. Re:Outrage calibration by michaelhood · · Score: 3, Funny

      Yes, we will. If Ubuntu changes the shade of their logo it'll make the front page of Slashdot.

    11. Re:Outrage calibration by Brian+Gordon · · Score: 5, Informative

      It's not data mining. If anyone actually read TFA, the extension just makes the default "new tab" page the standard Ubuntu-themed google search. And, like always, if you use their search service they will log your search. It's the same as before, except instead of only seeing the ubuntu search on your home page, you see it on every new tab.

    12. Re:Outrage calibration by gd2shoe · · Score: 4, Insightful

      I have a problem anytime someone loads software on my machine without my permission. I decide what is an acceptable security/privacy risk - no one else. For example, if I give MS permission to update their broken OS, I'm not giving them permission to add security vulnerabilities to my browser. I don't know about this Ubuntu issue, but people are trying to make it sound similar, and I have sympathy (at least for the moment).

      --
      I won't join Slashcott. OTOH, If Beta goes live, I just won't be back until it's fixed. Sorry Dice.
    13. Re:Outrage calibration by gunnk · · Score: 5, Informative

      The information over at Ubuntu says it's only in Koala during the development phase for testing parts of the Ubuntu custom search UI.

      There does not seem to be any intention of deploying data mining extensions in any release. It would be nice if there was a little more warning in the dev version, but this doesn't seem malicious. Just a tool to help the developers optimize the custom search UI -- which in turn would generate additional revenue for Ubuntu because more people will choose to use it if it is very well done.

      --
      Life is short: void the warranty.
    14. Re:Outrage calibration by gad_zuki! · · Score: 3, Insightful

      Part of the problem, if not the larger problem, is the ability to install extensions in FF without being able to remove them. Thats a FF feature. Why is it even there? The MS devs saw it and chose it because they probably didnt want end users screwing up .net too easily. If you want the power to do an easy GUI-based uninstall you need to tell the Firefox people to do so. That will stop further abuse of this feature.

    15. Re:Outrage calibration by gad_zuki! · · Score: 3, Insightful

      >What about Bittorrent's "stealth" firefox add-on?

      Or the quicktime add-on that screws over the MIME settings?

      I really wish slashdot was a more even keeled place. Its anti-MS all the time, which takes away time from other offenders, many of which are much more serious.

    16. Re:Outrage calibration by jim_v2000 · · Score: 3, Insightful

      That's stupid. Do you stop and check which files and registry entries that every program that YOU install/update places on your system? Oh, you don't? And you install them anyway? Oh, well then you ARE giving them permission to install all that stuff.

      --
      Don't take life so seriously. No one makes it out alive.
    17. Re:Outrage calibration by Miseph · · Score: 3, Insightful

      Lack? that thing pisses me off. I honestly couldn't care any less about the .Net plugin, I'm a teensy bit miffed that installed without so much as asking, but at least it didn't FUBAR my media settings and force all .mpg and .avi files to attempt to play in-browser through their shitty plugin that doesn't even work and throws a thousand error messages every time, rather than do what I actually want (open and play in VLC). Maybe I'd be pissed about Microsoft's stealth plugin if I had some other awesome way of running .Net web-apps, but I honestly can't think of any that I have even seen, let alone actually use or would care how they open.

      Oh yeah, I call bullshit on Ubuntu. They shouldn't have stealthed that in, and because they didn't I will uninstall it ASAP (once I reboot into Ubuntu, that is). If they had announced it, even put a little window on the screen asking if it would be ok to install it, pretty pretty please with sugar on top, we promise it won't hurt and it will help us generate some revenue so that we can keep working on the project... I honestly would have said yes. I wouldn't really mind if they collect some data and make money off of it so long as it doesn't noticeably degrade performance and so long as they told me about it first, but that doesn't mean I take kindly to anyone presuming it's ok for them to do so without my knowledge and permission.

      --
      Try not to take me more seriously than I take myself.
  4. Free as in speech by tepples · · Score: 4, Insightful

    Most people are under the impression that Ubuntu is a free OS, not an Ad Sponsored/Data mining revenue oriented OS.

    Canonical is Free to distribute a computer program that watches how people use it as long as people who use the program know what's going on. But because Firefox/Iceweasel/whatever is free software, you are also Free to download the source code, rip out the data mining, and rebuild it, or to hire someone to do so for you.

    1. Re:Free as in speech by Henry+V+.009 · · Score: 5, Insightful

      All true statements, but pointless because you left out at least one freedom: people are also free to complain until Ubuntu does something about it to save their brand.

    2. Re:Free as in speech by mattventura · · Score: 3, Insightful

      It's not just that they are doing that, but that they do so without warning. Of course they are free to put that in their software, and you have every right to disable it, but (from my understanding) they are doing this without telling the user. So how would you know to disable it if you didn't know it existed?

    3. Re:Free as in speech by Abreu · · Score: 5, Insightful

      Canonical is Free to distribute a computer program that watches how people use it as long as people who use the program know what's going on. But because Firefox/Iceweasel/whatever is free software, you are also Free to download the source code, rip out the data mining, and rebuild it, or to hire someone to do so for you.

      Emphasis mine.

      The problem here is that Canonical did not ask for permission.

      For the record, I would be perfectly willing to use a reasonably private datamining program to support Ubuntu, as long as everyone is clearly informed on what it can do and what it can't.

      --
      No sig for the moment.
    4. Re:Free as in speech by tepples · · Score: 4, Insightful

      Why is it that when MS releases something, everyone darkly talks about hidden backdoors, but when an open source vendor releases someone, people complain that the vendor wasn't completely forthcoming in the release notes?

      Because not everybody has the skill and time to decipher megabytes of source code, especially potentially obfuscated source code. Nor does everybody have the money to hire someone to do so. Also because free software is the relative newcomer and it has to be better in order to displace its entrenched proprietary counterparts.

  5. And that's not all... by MillionthMonkey · · Score: 5, Funny

    I hear the Ubuntu extension also has a feature for euthanasia of old people.

    1. Re:And that's not all... by Darkness404 · · Score: 5, Funny

      Hey! Thats one feature that would make it easier for all tech support people! Can it be remotely activated?

      --
      Taxation is legalized theft, no more, no less.
  6. Do not panic by SilverHatHacker · · Score: 5, Informative

    I've been following this for some time. The multisearch add-on was only intended for the pre-release versions, as part of a research project. It will NOT be included in the final Karmic release.
    That is what alpha releases are for, after all: testing. Admittedly, the devs could have bothered to mention that they were planning this, but it's better that they did it here than in the final release.

    --
    Funny may not give karma, but +5 Informative never made anyone snort coffee out their nose.
    1. Re:Do not panic by SilverHatHacker · · Score: 4, Insightful
      Perhaps I didn't word that quite right.

      The multisearch add-on was only intended for the pre-release versions, as part of a research project. It is very unlikely that it will be included in the final Karmic release in the same form as its current incarnation.

      There, fixed that for me.
      My point was, anyway, that the Ubuntu devs didn't intend to make this Multisearch a part of Firefox as we know it. Some of the same concepts, maybe, but they will assuredly be more fleshed out, more intuitive, than in the Alphas. And next time, maybe they'll tell us first?

      --
      Funny may not give karma, but +5 Informative never made anyone snort coffee out their nose.
  7. Linux Mint had this already... by analog_line · · Score: 3, Interesting

    I installed Linux Mint about a month ago looking for a new Linux distribution to put on a cheap laptop I had just gotten. All the search pages, no matter where I searched, were coming up branded "Linux Mint". Didn't take too long for me to get annoyed at this, especially when I found out there was no way whatsoever to remove the addon from Firefox. I ended up downloading the mozilla.com distributed package and overwriting the symlinks by hand. Mint is based on Ubuntu, but my 9.04 installs don't have this in there. I guess this is one "innovation" that made it back up the food chain. Personally embarassing for me, since I had just finished recommending Linux Mint to several friends, aquaintances, and customers.

  8. Vanilla Firefox Build by melikamp · · Score: 5, Informative

    0. Once prerequisites are installed on Ubuntu,

    1. Download the source:

    ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/3.5.2/source/firefox-3.5.2-source.tar.bz2

    2. Unpack source:

    tar xvfj firefox-3.5.2-source.tar.bz2

    3. Create .mozconfig in the top-level directory:

    . $topsrcdir/browser/config/mozconfig
    mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/objdir-ff-release
    mk_add_options MOZ_MAKE_FLAGS="-j4"
    ac_add_options --enable-optimize
    export CFLAGS="-gstabs+"
    export CXXFLAGS="-gstabs+"

    4. make -f client.mk

    5. Enjoy objdir-ff-release/dist/bin/firefox

    1. Re:Vanilla Firefox Build by clang_jangle · · Score: 4, Informative

      Nice, but the proper way is to roll your own deb from the source.

      --
      Caveat Utilitor
  9. Re:some people... by Andr+T. · · Score: 5, Informative

    Collecting user data without asking for agreement is wrong, whatever you say.

    --

    Any life is made up of a single moment, the moment in which a man finds out, once and for all, who he is.

  10. Re:Browsers. by Darkness404 · · Score: 4, Interesting

    I actually use that often in Firefox, if I want to save my tabs (usually I don't) I simply killalll firefox-bin.

    --
    Taxation is legalized theft, no more, no less.
  11. it has been added in a alpha cycle by dominux · · Score: 5, Informative

    it was introduced in Karmic which is an alpha distribution. It wasn't introduced without announcement to the main production users of Jaunty. It may have been introduced without announcement to the Karmic alpha, because introducing it to the alpha *is* the announcement. It was done to see if it was better, results from alpha testing may reveal it is not better, or may reveal it is better. The results of the experiment will help decide whether it should stay, or go.

  12. Re:And so it begins... by FudRucker · · Score: 3, Interesting

    stick with the grand-daddies of Linux, Debian is your best bet since you are already familiar with ubuntu, if you feel adventurous maybe give Slackware a spin.

    --
    Politics is Treachery, Religion is Brainwashing
  13. The Real Issue by Apreche · · Score: 4, Insightful

    I don't think anyone begrudges Ubuntu taking advantage of a perfectly acceptable revenue model. That's not the problem here.

    The problem is that Ubuntu is shipping a modified version of Firefox instead of the default Firefox shipped by Mozilla. Sure, both Ubuntu and Debian ship patched versions of just about every package they include in the repository. But the overwhelming majority of those patches don't noticeably effect the user experience.

    Firefox, on the other hand, is pretty much the #1 most important part of the user experience in Ubuntu. It's the application most people are going to use more than anything else. In fact, after Ubuntu is installed, the user will probably spend more time interacting with Firefox than with all the rest of Ubuntu combined. It's not inaccurate to say it's a Firefox machine, as opposed to an Ubuntu or Linux machine.

    Since Firefox is the most important part of the user experience, the users don't want Firefox changed in any way. They want the default Firefox as shipped by Mozilla. They don't want the named changed to Shiretoko or IceWeasel. They don't want the icons changed. They don't want weird extensions that change behaviour. They also don't want updates to come from Ubuntu repositories, as they do for every other package. They want the newest version of Firefox from Mozilla at the exact moment that Mozilla ships it.

    I understand the reasoning behind Ubuntu and Debians policies, but I think it is obvious that Firefox trumps Ubuntu. They should make a special exception for it. Just ship the raw Firefox as released by Mozilla. Don't modify it in any way whatsoever. The world is just getting more browser centric. The operating system is just the code that talks between the browser and the hardware. You can do anything you want to the OS, but don't touch the browser or you'll lose all the users you worked so hard to gain.

    --
    The GeekNights podcast is going strong. Listen!
    1. Re:The Real Issue by Tubal-Cain · · Score: 3, Interesting

      The problem is that Ubuntu is shipping a modified version of Firefox instead of the default Firefox shipped by Mozilla.

      No it's not. Patches and plugins are fine if they make a positive impact or at least do not make a negative impact and are easily removed. Negative features such as this are not very tolerable regardless of how easy it is to remove.

      They don't want the named changed to Shiretoko or IceWeasel.

      Shiretoko is Mozilla's own codename for Firefox 3.5. You don't get accuse Slashdot (and every other Linux-topic webpage on the Internet) of changing Ubuntu 9.04's name to "Jaunty", do you?

      Some do prefer the name change. When I use Ubuntu I install abrowser, which strips out Mozilla's branding. It's much better for the distributions to make changes to vanilla Firefox and change the name (because Mozilla insists) over not making any changes.

      They don't want the icons changed.

      It's a one-time adjustment. "Click that one, Grandma. The one that says '$FOOBAR Web Browser'." They needed to do it when switching from IE anyways. If they could do it once they can do it again.

      They don't want weird extensions that change behaviour.

      Define 'weird'. ABP changes behavior, but I seriously doubt anybody (ad providers excluded) would complain if it were installed. I never found Ubuntu's modifications very offensive in how they changed it (They put "Ubuntu Package Search" as an engine in the search bar? How dare they!).

      They also don't want updates to come from Ubuntu repositories, as they do for every other package. They want the newest version of Firefox from Mozilla at the exact moment that Mozilla ships it.

      Since when do you speak for the general population? It seems that that is exactly the inverse of what they want. They don't want to deal with half a dozen individual self-updating programs. They want the programs to leave them alone. Seriously, have you ever done tech support for someone that had the latest patches of anything other than maybe commercial games? Anybody that understands enough to download Firefox from Mozilla is capable of coping with a distribution's unique name for a Firefox build.

      I understand the reasoning behind Ubuntu and Debian's policies, but I think it is obvious that Firefox trumps Ubuntu.

      I know Debian's policies and how they apply to Firefox, but what do you think Ubuntu's are? AFAIK, Ubuntu has no policy governing this.

      You earlier referred to Firefox being called "Shiretoko". To my knowledge, no distribution calls it that for their default Firefox. I do know, however, that is what Ubuntu is calling 3.5 at the moment. But not out of pressure from ideals. Rather, they call it that because sudo apt-get install firefox will install 3.0.x. They call it Shiretoko because, as I noted earlier, that's what Mozilla calls it; and because the name "Firefox" is already being used by 3.0. That will change when they get around to making 3.5 the default.

      They should make a special exception for it.

      Unacceptable. An exception means that either Debian doesn't make security patches without getting approval from Mozilla. This puts Debian's security entirely in Mozilla's hands. Their current version, Lenny (and Squeeze, and Sid) is using the 3.0.x branch. It will remain there for the next two years. Meanwhile, Mozilla has moved on to the 3.5.x branch and intends to move on to 3.6.x this fall and 3.7.x in the spring. They aren't going to be putting much support into 3.0.x two years down the road.

  14. Comment removed by account_deleted · · Score: 3, Informative

    Comment removed based on user account deletion