Slashdot Mirror
Ubuntu Founder Pledges No Back Doors In Linux (eweek.com)
Mark Shuttleworth, founder of Canonical and Ubuntu Foundation, gave an interview to eWeek this week ahead of Ubuntu Online Summit (UOS). In the wide-ranging interview, Shuttleworth teased some features that we could expect in Ubuntu 16.10, and also talked about security and privacy. From the report: One thing that Ubuntu Linux users will also continue to rely on is the strong principled stance that Shuttleworth has on encryption. With the rapid growth of the Linux Foundation's Let's Encrypt free Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate platform this year, Shuttleworth noted that it's a good idea to consider how that might work in an integrated way with Ubuntu. Overall, he said, the move to encryption as a universal expectation is really important. "We don't do encryption to hide things; we do encryption so we can choose what to share," Shuttleworth said. "That's a profound choice we should all be able to make." Shuttleworth emphasized that on the encryption debate, Canonical and Ubuntu are crystal clear. "We will never backdoor Ubuntu; we will never weaken encryption," he said.
Shuttleworth is like any other citizen: a visit from the polite but scary government people will make him see the light.
What he's saying is that he will not willingly or knowingly allow or permit anything to be included in the userland, tool chains, and libraries that make Ubuntu what it is. The kernel is still open source and "given enough eyeballs, all bugs are shallow" (ESR). Anyone can take a look at the kernel sources given the skill and time. I agree with Mark. While Canonical does contribute to the kernel, as do Red Hat and others, FLOSS needs to ensure it's own playground is clean.
"We don't do encryption to hide things; we do encryption so we can choose what to share"
As a greybeard, Fuck your cloud and the sharing economy it rolled in on. When i choose what to share, I make it explicitly publically available in a format that may, or may not be encrypted. when you recontext my privacy in terms of what im willing to "share" with people it debases the very real need for encryption to circumvent things like warrantless wiretaps, blanket government surveillance, and invasive advertising. stop treating me like a toddler for using cryptography.
"We will never backdoor Ubuntu; we will never weaken encryption"
maybe you will, maybe you wont, but again, the point of linux is that I dont need a 60 million dollar corporation to reassure me about privacy. if you do it --like you screwed developers with contributor agreements and the UI-- ill just switch to a different distro or ill fork yours.
Good people go to bed earlier.
Exactly...he didn't try to hide it, and it's easy enough to disable. Yes, I know these kinds of things should be opt-in, but the difference between Ubuntu and, for example, Windows, is your getting a polished OS at zero financial cost to you - and to add insult to injury, in after paying for Windows it's nearly impossible to stop all the spying on you (especially for an average to newer user)... And I say that as someone who actually likes Windows 10, too.
No, the problem with CEOs and Presidents making claims like "no back doors" is that he can't control every employee, and while an employee might suffer the repercussions of an indiscretion like leaving a back-door in a program, so does the CEO and the company.
Stupid sexy Flanders.
Ultimately, I can configure the Linux kernel to block all outgoing traffic except to a proxy server, and only the web browser would use that, so any other programs on the machine will not be able to phone home. Windows, who knows what is phoning home, and where. The only way I can ensure a Windows box isn't yapping to unknown people is to place it on its own subnet/VLAN and use a proxy server for applications like Firefox that have a separate credential/proxy storage.