Slashdot Mirror
Ubuntu Wants To Collect Data About Your System -- Starting With 18.04 LTS (fossbytes.com)
In an announcement on Ubuntu mailing list, Will Cooke, on behalf of the Ubuntu Desktop team, announced Canonical's plans to collect some data related to the users' system configuration and the packages installed on their machines. From a report: Before you read anything further, it's important to note that users will have the option to opt-out of this data collection. The company plans to add a checkbox to the installer, which would be checked by default. The option could be like: "Send diagnostics information to help improve Ubuntu." As per your convenience, you can opt-out during the installation. An option to do the same will also be made available in the Privacy panel of GNOME Settings. With this data collection, the team wishes to improve the daily experiences of the Ubuntu users. It's worth noting that the collected data will be sent over encrypted connections and no IP addresses will be tracked. To be precise, the collected data will include: flavour and version of Ubuntu, network connectivity or not, CPU family, RAM, disk(s) size, screen(s) resolution, GPU vendor and model, OEM manufacturer, location (based on the location selection made during install), no IP information, time taken for Installation, auto-login enabled or not, disk layout selected, third party software selected or not, download updates during install or not, livePatch enabled or not.
Looks like the Debian Popularity Contest mixed in with some hardware reports. Doesn't look that odd to me.
> Before you read anything further, it's important to note that users will have the option to opt-out of this data collection.
or maybe users should have the option to opt-in instead?
I'm god, but it's a bit of a drag really...
Anyone who really cares already left Ubuntu with the search fiasco.
"Fascinating! We haven't received a single report that indicated no network connectivity."
Both Windows and OS/X collect anonymized diagnostic data since forever.
They have better insight and they solve the software problems that have the highest impact.
Who would want a Linux distro to go blind and have their users to hit on issues again and again?
How long before systemd and telemetry make most linux distros just as bad as Microsoft Windows?
"The creatures outside looked from pig to man, and from man to pig, and from pig to man again; but already it was impossible to say which was which." —George Orwell, Animal Farm
And this is why we do not use ubuntu for anything.
Not available yet, but the project can already be supported: "A mobile OS in the public interest" https://eelo.io/ https://www.indiegogo.com/proj...
Pretty soon all of /etc will be stored in a binary database. Then you'll need a fancy GUI editor to make changes. Can't wait for this feature!
Only the State obtains its revenue by coercion. - Murray Rothbard
It seems that Ubuntu wants to collect more and more data on it's users - just like Windows 10.
... network connectivity or not, ...
So... if there's no network connectivity, is the data uploaded by "magic"?
It must have been something you assimilated. . . .
Read in the voice of Spock. Snorted coffee out my nose.
People picked Android (which has significant telemetry) over Windows mobile 7 and 8, and Symbian , neither of which had as much telemetry as Android.
Chromebooks took off a bit, until Microsoft reacted fast in the Desktop space to start collecting telemetry and using that for improving UX. The market did not ditch Microsoft in favour of non telemetry collecting systems (Windows vs Linux flavours, Office vs OpenOffice,etc)
Yes, thats probably cause the product that collects telemetry is better suited for the usecase than one that doesnt collect it. Any guesses why?
As we know what happens with Firefox and Chrome, advanced users turn off telemetry, the developers don't see advanced features being used (like fine grained cookie control and XUL extensions) and remove it.
The same will apply to FisherPrice Linux.
"to improve the daily experiences of the Ubuntu users" they will be collecting "flavour and version of Ubuntu, network connectivity or not, CPU family, RAM, disk(s) size, screen(s) resolution, GPU vendor and model, OEM manufacturer, location (based on the location selection made during install), no IP information, time taken for Installation, auto-login enabled or not, disk layout selected, third party software selected or not, download updates during install or not, livePatch enabled or not"?! How could that goal be accomplished with so poor means? I can only think of one type of actions: spamming, targetted advertisement or any other form of custom nagging. Without forgetting about the potential security implications of an eventual data breach! And you let it enabled by default (the disabled alternative would have looked much more user-concerned)! And within the Linux community, which is precisely well known for not being too understanding with this kind of things?! Why? Potentially losing so much to get almost nothing?! Workbook example of a bad decision.
Note that I am currently using Ubuntu and, in principle, will install this new LTS version. Curiously, I have recently moved my main machine from Windows to Linux precisely to escape from Windows 10 invasive, controlling, imposing, etc. actions. I will not stop using Linux but, if Canonical starts going in certain direction, I would certainly stop using Ubuntu and all their products.
Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.
Before you read anything further, it's important to note that users will have the option to opt-out of this data collection.
Mark mark mark, this isnt how it works. Users should have options and they should opt into them. Its akin to going to an Applebees, sitting down, and being immediately presented with a plate of fried cheese sticks before I even order. Sure, I'll opt out of them because my weekend plans dont include crippling gas and constipation, but it would have been simpler for everyone if I were allowed to decide if i wanted the item or not. you see?
now, im not equating consentless data collection with a plate of dry salty and unhealthy cheese that enters the human body without an exit strategy and tastes like a hot fried mess. However, you can certainly see that if you continue to do things like enforce toxic contributor agreements, predatory marketing tie ins through the gnome search tool, and implied consent collection like this, then most users will find a new distro. I mean, do you seriously think privacy and security are going away in 2018 just because its Ubuntu?
Good people go to bed earlier.
Don't use spyware and stick to distros that respect your privacy or else you'll be another victim of America's privacy violations.
... Canonical's plans appear quite obvious... first get the data collection infrastructure in place by collecting innocent data. Then slowly, automatically "opt-in" other data to be collected. Of course, there will be the ability to opt-out. But you'll have to verify that option after each OS update because Canonical's default seems to be opt-in. And since the default will be opt-in, the data collection will be easily overlooked. Canonical's plans towards its users look pretty obvious to me. Their selection of the default "opt-in" makes those plans even plainer.
It is not too hard to use your firewall to block the unbuntu tracking address(es) and all other snoops. Ask for help on browser and firewall sites. Reddit is a good source.
I've been lazy and I've been using Ubuntu (or Kubuntu to be specific) since around 8.04 or so.
However, I also value privacy and I'm not fond of the data collecting business practices of major tech firms.
I value convenience (as I'm getting old) and I like the large apt package set, lots of stuff pre-packaged and ready to run by a a single command line.
I've have or had love affairs with C, Python, Zsh, Haskell, Mercurial, OpenFoam, Embedded, NetBSD (albeit 15 years ago), BeOS, and some other stuff...
I like KDE's features and configurability, but don't like the bloat. I've tried XFCE (&Co) on my lo-end machines, like the speed but they lack some features.
I don't really care if I run a BSD or Linux kernel and user space. I can download and build by source, but that should be restricted to the odd stuff. I expect to find most common stuff pre-compiled and pre-packaged. I value stability, but for some packages, I don't want them to be three years old. (Case in point: eclipse).
I've done enough X configuration for a couple of life times. Basic networking should also work out of the box.
Is it time for me to turn to Debian? Or Manjaro? Or... go hard core Arch? Am I too lazy for those?
Wow how stupid is this This is the very thing that pushed me to start using Mint Linux and dump windows. This is exactly how windows started stealing users info. How do you opt out if you upgrade a system instead of installing new, how about value added updates just to collect data that makes your data more valuable to you? I hope the awesome dev group at Mint don't adopt this policy. I am very close to completely dumping windows and would hate to have to go back to Microsoft's crap.
Operating systems would boot your computer and allow you to run applications?
“Common sense is not so common.” — Voltaire
Doesn't say anything about anonymizing the data, but according to previous articles i've read just a few of those pieces of info could be used to de-anonymize and identify the user.
So it's normal and none of you are worried. Anybody remember the uproar over unity and amazon advertising search results?
Didn't Ubuntu already have something like this, but as an opt-in option?
I remember having to check some privacy or something in configuration to see if it wasn't spying on me.
Anyways, good place as any, regarding hardware compatibility and ease of use, what's a good distro to go for instead of Ubuntu? Preferrably some distro that won't be pulling some shit like this in at least the near future.
I'm - admitedly slowly - moving away from Windows because of crap opt-out stuff, and anti-privacy changes in updates, which innevitably turns into hidden crap, so Ubuntu has just become another no-go for me.
But I'm often installing Linux in machines with weird hardware configurations, so maximum compatibility is needed, and I need the basic package to already be there to simplify installs... the usual browser plus image editor plus media viewing and whatnot...
Should I go Fedora?
Thanks in advance!
It sounds like a deal breaker for me. To me, the appeal of Linux is that it doesn't collect a ton of information and phone home. If Ubuntu is doing it too, then why wouldn't I just use Microsoft instead. I hope this doesn't become a model for other distributions.
How will they know that I don't have network connectivity?
I'm pretty sure that this kind of information will need to be opt-in, not opt-out.
To be precise, the collected data will include: ... network connectivity or not
I'm mostly impressed (or concerned) that they've found a way for machines without network connectivity to phone home.
as I see it: (and I speak as an Ubuntu user doing RNN research)
For a great many years, *nix seems to slavishly copy Windows (and to a lesser extend, MacOS) features and looks, all while screaming "look at me! I'm different!"
I'm trying to dump Windows for good, but being a clone of Windows, especially in functions like this (cough, telemetry) does not engender good will from me.
Here's a thought for Ubuntu and all the other distros out there prepping their photocopiers, stop adding "features" and go back to fixing the glaring issues your OS has. Get the basics right, then worry about the gloss. Oh, and stop aping Microsoft, you claim you're different, prove it.
So rise up, all ye lost ones, as one, we'll claw the clouds.
Give the company a few more months until it secretly changes its privacy policy and starts selling this data to advertisers.... just you wait
I don't mind as long as it is anonymous and encrypted. They need to do it to compete with MS. While Windows 10 is Big Brother in a Binary, It does work good, and it is nice to use. If Canonical is going to compete they are going to have to do new and different things, hopefully they can do them ethically.
This may (or may not) be well intentioned but too many people have now poisoned the well.
No, your children are not the special ones. Nor are your pets.
This is really nothing to get excited about. And it's not a 'slippery slope' or anything - they got their fingers burnt with the Amazon thing and very rapidly backed off on that one - they actually listened!
The people saying 'oh well might as well use win10 then' are retards. That's about on the level of saying that Johnny at school who once said something nasty to me is exactly the same as Jimmy who beats the living shit out of me every day.
And some moron *always* has to bring systemd into it. That's getting very old now.
As some others have stated: *it has to be opt-in*. Everything else is cheeky, and you know that. Yeah, I know the usual excuses. No excuses.
It's my intellectual property and any attempt to take it by force will be considered a military attack and be subject to a measured response.
And for reasons like that, I don't use Ubuntu.
Every outfit on the planet integrating malware into their systems say the same thing. X, Y and Z is needed to improve our products. Nobody EVER says the reason is to make the bean counters happy, gain unfair advantage or to sell out users to the highest bidder.
If they are so passionate about feedback in order to improve their product where is the feedback button in Ubuntu? Why can't it *ASK* for feedback or provide UI elements for users encouraging them to complete a survey?
I'm not that much of a Linux desktop user. Have an old version of 16.04 running in a VM and I never once remember seeing an option in the software to send any kind of feedback. No prompts, no nothing. Now I am actively looking in the software. I do a search in settings for feedback or survey ... 0 results. I do the same search in help 0 results.. the desktop search... 0 results. If there is a way to send feedback I don't see it. I actively looked and I can't find it.
If they really care why is there no way to ask end users? Why does there appear to not be software to facilitate any kind of feedback? If it is so important why does it appear to not exist?
Devuan GNU Linux 1.0 overview : software freedom, your way
https://www.youtube.com/watch?v=Nt2_hz3beqw
Well I never would allow this, you really have no idea what will be sent.
IIRC, one of the BSDs request the following:
1. run this command (forgot)
2. review the output
3. email the output to address ??? if you do not mind
And anyone who installed Slackware will notice 2 emails in root's mbox, one has instructions on how to add "Register with the Linux counter project". Why can't Ubuntu do something like that ? This way you avoid the 'tin foil hat' feelings.
Users don't want to check the box? Tough shit. No one owes a vendor anything other than the list price of the product.
Nor does the vendor owe you in return any maintenance for a niche package on which you depend.
They can learn a lot from other companies' experiences with this.
You have to be completely transparent about what you are collecting including giving the customer tools to view the telemetry data, samples of what it looks like, and explanations of every field including binary blobs. Couple that with a strong privacy policy and require the user to explicitly accept the privacy settings during the install wizard. Never make advertising or sales recommendations based on telemetry. Most importantly, be able to show how you are using telemetry to make the product better.
People will still assume you are using the telemetry for evil, but this gives you a decent leg to stand on in the argument.
You want to know something about my machine you ask me.
Then I assume you'd consider it appropriate for the operating system to ask you. It might take the form of a pop-up shown weekly to members of the wheel group upon logging in or unlocking:
No, assholes .. I'll check it if I want to share, not be expected to opt out if I don't.
The big companies cram this stuff down our throat, for the love of god accept that privacy should be the default, not the exception.
Next you'll be doing ads and other shit.
Sometimes it seems like Canonical has missed the point.
Power users tend to turn off this kind of telemetries. So what they end up collecting are always habit of less knowledgeable computer users. Features that advanced users need are often looked "rarely used / unnecessary" from such stats. The end result is a wrongly done dumb down of interface.
Now another company fails to realize that and going to mess up their design again.
they don't have enough non-technical users to get away with this nonsense. Are they just pushing this out so they can back off and try again later (sorta like Microsoft did with all the nasty stuff they announced with the XBox One launch and Trump did by announcing he was turning food stamps into a blue apron style delivery program)? They do know we can all just jump ship to Mint, right?
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Time to automate my VM installs with 512MB RAM, low-end virtual GPU and leave them installing over and over and over for a few weeks. That should get a few thousand data points for people that want Ubuntu (any flavor) to work well inside a VM with minimal RAM.
I know it is possible, because TinyCore works great on 256MB of RAM and a 250MB virtual disk.
I just tested the latest Ubuntu this week since so many people said it worked great now... It does not, still the same unstable crap as always. Fails installs of software, screws up network connections and Bluetooth, messed up the encryption on one drive and left it unencrypted... The list goes on. (Gnome is getting better though, getting close to being usable now.)
I'm gonna continue running Gentoo for now. Its one of the few distros where you can decided NOT to include experiential code in your system. Its a pain to install but you can fix problems that other distros forces you to live with.
We'll always have Puppy Linux [i'd wish].
...or I'm opting OUT of Ubuntu and all Ubuntu-based distros. This means either switching to something like Debian or Arch, because I shouldn't have to ASK an OPEN SOURCE SOFTWARE package NOT to spy on me. How can I even trust that it's not going to do so anyway, then they'll pretend it was an "error" (oops, so sorry, it's not supposed to do that).
So buh-bye Ubuntu, and everything based on you.
"Power users" can generally take a hike. The two categories of user are programmers, and normal users. Calling oneself a "power user" is just a symptom of unfounded self-importance.
Those who advocate genocide deserve every protection afforded by law, and none afforded by common human decency.
Anyone who uses the stock Ubuntu AMIs on AWS EC2 knows that there is no "installation" -- you get a bootable and usable OS instantly.
So, will this feature be enabled by default in those AMIs? If so, how can one opt out of it as early on as possible so that nothing gets transmit to Canonical *ever*?
This distantly reminds me of the Canonical's choice to stick content of their choosing into your MOTD. I got wind of this because our Ubuntu-based systems in AWS suddenly had lines talking about irrelevant TV shows in our MOTDs. A ticket was filed to investigate this, by which point many people were seeing said lines. Further research turned up this master/root ticket of the implementation, which contains (read the comments/replies slowly) evidence of failed engineering design choices: blindly assuming Internet access was available to the system on boot (and blocking the boot process as a result), which is not the case for systems behind firewalls with strict outbound ACLs (i.e. expect a very long timeout to that TCP SYN to destination port 443) or on 100% private networks (no Internet access at all). The type of data included in client headers (during HTTP/HTTPS GET) also came into question.
The effort was done entirely by what appeared to be a single Canonical employee: Dustin Kirkland.
This is exactly why you don't implement stuff like this. To assume the system is connected to a network that has Internet access is faulty. If you implement a timer or queue-based system, again you are making assumptions about the availability of the network (and reachability), DNS setups, and so on -- it's literally a waste of resources in every way (CPU time, any logging, temporary files, general disk I/O, forking of processes, etc.). Furthermore, in some cases, it may actually violate company policies -- disclosure of some information to remote parties about the local system (most administrators wouldn't know about this in advance, and possibly wouldn't even know how to disable it).
KISS principle applies: you don't have to worry about opt-in vs. opt-out if crap like this is never implemented in the first place; there's no problem to solve if you don't create the problem.
In general, Canonical needs to stop trying stuff like this. For whatever reason they repeatedly have shown they do not think about the full ramifications of their actions. They seem to believe the entire Ubuntu userbase is running their OS on residential desktops, not servers on 100% segregated networks. I don't care if the opt-out is in GNOME only, everyone should be questioning "where" and "how" this is implemented on the system, given their track record.
Cannonical gifts the Linux_OS to me ... I gift well-defined/none-intrusive usrland data to Cannonical. Of-course one year I **did** explicitly pay $70 to Cannonical, but gifting --- a Redman idea far ahead of its time.
Just give me an option to opt out ONCE. After each major update I would like to be assured this setting will not "revert" without my express permission.
I always turn off telemetry but I don't have a particular problem with it, provided it is truly non-descript and anonymized. What I'd really like to see implemented is telemetry data being sent over Tor by default. This would both improve entropy on Tor and protect users who choose to share telemetry. I don't even believe most people should use Tor unless they have a serious reason for it (like political dissidents), but using Tor to move telemetry data would go a long way in securing telemetry and would also help political dissidents who actually need Tor.
Large organizations that collect telemetry, like Canonical and Mozilla, should be able to both do this and contribute industrial Tor nodes to offset the strain on the network.
Bring back focus groups. I know it requires more energy and cost to get users opinions about something, but this open free grab of auto opt-in user data misses the point of engagement with the user over data metrics of binary.
> Canonical needs your data to keep the Ubuntu maintainers
> from dropping a package from its archive on grounds that
> fewer than a dozen people use it.
I call bullshit. Canonical has access to package download counts from its repository servers, and can probably arrange to have mirrors supply their download counts.
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
But honestly I don't see a problem with collecting the data they're asking for here. It's the same stuff collected by Steam. It doesn't hurt me to pass that info on to them.
Twinstiq, game news
Everywhere you turn, everyone wants your data. I support open source software, but I have to say that a piece of software just having the ability to spy on you sucks because you never know if it's REALLY turned off. I'm sure ubuntu is trustworthy, but every device I have feels uncomfortable.
Please offer 2 ISOs, one with the spying capability and one that is free of it so some of us can rest assure that it's really off.
If I wanted my data collected, I could of stayed with Windows. They also allow you to opt-out, but re-enable it when they send you updates. After I install the OS, you do don't get to control my computer. Time to switch to another distribution I can trust.
Canonical has access to package download counts from its repository servers
Mirrors not operated by Canonical do not report download counts to Canonical. Thus in situations that rely on such mirrors, such as internal use within an organization or use in a less-developed country with a poor connection to the Internet, the package mix excluding mirrors may not be representative of the package mix including them. Statistics from Canonical's servers may, for example, underrepresent a package most popular in large corporate or government installations with thousand machines behind an internal mirror. Or they may underrepresent translations of applications into the languages spoken in sub-Saharan Africa, as Ubuntu users in Internet-poor countries neighboring Mark Shuttleworth's homeland use an ISP's mirror or pass around copies of updated packages on optical discs, flash drives, or whatever other sneakernet medium becomes popular.
"Before you read anything further, it's important to note that users will have the option to opt-out of this data collection. The company plans to add a checkbox to the installer, which would be checked by default."
Wrong. The user should be opted-out as the default and must manually and knowingly opt-in.
WTFs wrong with Canonical?
The info they gather is all that is needed to id you uniquely in the world. Just know that.