Ubuntu Wants To Collect Data About Your System -- Starting With 18.04 LTS

In an announcement on Ubuntu mailing list, Will Cooke, on behalf of the Ubuntu Desktop team, announced Canonical's plans to collect some data related to the users' system configuration and the packages installed on their machines. From a report: Before you read anything further, it's important to note that users will have the option to opt-out of this data collection. The company plans to add a checkbox to the installer, which would be checked by default. The option could be like: "Send diagnostics information to help improve Ubuntu." As per your convenience, you can opt-out during the installation. An option to do the same will also be made available in the Privacy panel of GNOME Settings. With this data collection, the team wishes to improve the daily experiences of the Ubuntu users. It's worth noting that the collected data will be sent over encrypted connections and no IP addresses will be tracked. To be precise, the collected data will include: flavour and version of Ubuntu, network connectivity or not, CPU family, RAM, disk(s) size, screen(s) resolution, GPU vendor and model, OEM manufacturer, location (based on the location selection made during install), no IP information, time taken for Installation, auto-login enabled or not, disk layout selected, third party software selected or not, download updates during install or not, livePatch enabled or not.

Debian Popularity Contest

[mccalli]

Looks like the Debian Popularity Contest mixed in with some hardware reports. Doesn't look that odd to me.

Re: Debian Popularity Contest

[Gavagai80]

I'd suppose they're tracking whether there's network connectivity during the installation process (to make decisions about building options that require it), which can be remembered and reported later on once connectivity has been established hours or days later. Also the type of connectivity (wired vs. wifi vs. cellular) could be relevant.

Opt in!

[i_ate_god]

> Before you read anything further, it's important to note that users will have the option to opt-out of this data collection.

or maybe users should have the option to opt-in instead?

Re:Opt in!

[dkman]

Collection practice is always going to be "on" by default so the person who doesn't know anything or is click happy is going to feed into it. I don't blame any corp for going that route, so long as they give me the option up front to opt out.

The only part I have an issue with is "auto-login enabled or not" because of security implications. That should always default to off.

Re:Opt in!

[Vairon]

openSUSE Leap 42.3 or openSUSE Tumbleweed
openSUSE Leap contains stable versions of software released on a periodic cycle.
openSUSE Tumbleweed is a rolling distribution that always contains the latest stable versions of software.

Both support KDE and GNOME but they default to KDE.

Re:Opt in!

[Opportunist]

As long as it's prominently featured in the installation process and not hidden in some user config without a sensible user interface and given some cryptic name, it isn't that big a difference. Anyone who values his privacy will uncheck that box, and anyone who doesn't doesn't care either way anyway.

Re:Opt in!

[jwhyche]

No only should you have the option to opt in, I don't think my machine should be reporting anything to anyone outside of a bug check. You want to know something about my machine you ask me.

Drop a read me file in the root directory with a link to a site that I can submit the information that I choose to submit.

Re:Opt in!

[tepples]

Maybe they find 90% are using a certain size or larger so they can drop support for smaller partitions.

That's completely the dumbest reason ever for collecting telemetry.

Here's another reason, which I find arguably less dumb: It costs money to pay someone to perform quality control on all packages in the archive. Canonical needs your data to keep the Ubuntu maintainers from dropping a package from its archive on grounds that fewer than a dozen people use it.

Re:Opt in!

[TheRaven64]

I'd generally prefer opt-in for all of this kind of thing, but the problem is that if you need to opt in, then most users won't. You'll end up with vastly skewed data, which can be worse than no data at all. Ideally, you'd want at least an option of sending a 'I have installed Ubuntu but you can't have any other data about me' message and hope that most people would click that rather than the complete opt out, so that you get a rough idea of the number of people that didn't opted in.

No network connectivity

[slipped_bit]

"Fascinating! We haven't received a single report that indicated no network connectivity."

Re:It was about time

[mark-t]

Reasonable question, but it should be opt-in (with the default being no, if it the question that asks is skipped).

Unpopular decision to get virtually nothing?!

[CustomSolvers2]

"to improve the daily experiences of the Ubuntu users" they will be collecting "flavour and version of Ubuntu, network connectivity or not, CPU family, RAM, disk(s) size, screen(s) resolution, GPU vendor and model, OEM manufacturer, location (based on the location selection made during install), no IP information, time taken for Installation, auto-login enabled or not, disk layout selected, third party software selected or not, download updates during install or not, livePatch enabled or not"?! How could that goal be accomplished with so poor means? I can only think of one type of actions: spamming, targetted advertisement or any other form of custom nagging. Without forgetting about the potential security implications of an eventual data breach! And you let it enabled by default (the disabled alternative would have looked much more user-concerned)! And within the Linux community, which is precisely well known for not being too understanding with this kind of things?! Why? Potentially losing so much to get almost nothing?! Workbook example of a bad decision.

Note that I am currently using Ubuntu and, in principle, will install this new LTS version. Curiously, I have recently moved my main machine from Windows to Linux precisely to escape from Windows 10 invasive, controlling, imposing, etc. actions. I will not stop using Linux but, if Canonical starts going in certain direction, I would certainly stop using Ubuntu and all their products.

Re:Unpopular decision to get virtually nothing?!

[Actually,+I+do+RTFA]

There is some value in knowing that only 0.1% of your customers use some obscure hardware or software -- if your goal is to discontinue support for those items.

Re:Unpopular decision to get virtually nothing?!

[Doctor+Memory]

I can only think of one type of actions: spamming, targetted advertisement or any other form of custom nagging.

This speaks volumes about you, and very little about Canonical. I don't even use Ubuntu and my first thought was "Hey, I'll bet they could use this to prioritize patches and focus development". The first step of being responsive to your users is to know what they need, and one way to know what they need is to know what they have/use. No need to waste money on further development or support for a package that only 0.8% of your user base has installed. Likewise, if you're trying to prioritize bug fixing effort, fixing a package that 80% of your installed base uses should probably take precedence over fixing a package that only 50% use, don't you think?

Re:Unpopular decision to get virtually nothing?!

[CustomSolvers2]

Of course, the IP address isn't collected. Well, actively collected... it just comes along for the ride with the HTTPS origin packet.

As far as they are expressly saying that they will not do it, I personally trust them because otherwise it would be a huge, impossible-to-defend-against lie. You can have access to lots of information, but simply not store it. When automatically dealing with huge amounts of data, not storing something is pretty much identical to never having seen it in the first place.

finding another nail for the coffin huh?

[nimbius]

Before you read anything further, it's important to note that users will have the option to opt-out of this data collection.

Mark mark mark, this isnt how it works. Users should have options and they should opt into them. Its akin to going to an Applebees, sitting down, and being immediately presented with a plate of fried cheese sticks before I even order. Sure, I'll opt out of them because my weekend plans dont include crippling gas and constipation, but it would have been simpler for everyone if I were allowed to decide if i wanted the item or not. you see?
now, im not equating consentless data collection with a plate of dry salty and unhealthy cheese that enters the human body without an exit strategy and tastes like a hot fried mess. However, you can certainly see that if you continue to do things like enforce toxic contributor agreements, predatory marketing tie ins through the gnome search tool, and implied consent collection like this, then most users will find a new distro. I mean, do you seriously think privacy and security are going away in 2018 just because its Ubuntu?

Since the default is Opt-In..

[QuietLagoon]

... Canonical's plans appear quite obvious... first get the data collection infrastructure in place by collecting innocent data. Then slowly, automatically "opt-in" other data to be collected. Of course, there will be the ability to opt-out. But you'll have to verify that option after each OS update because Canonical's default seems to be opt-in. And since the default will be opt-in, the data collection will be easily overlooked. Canonical's plans towards its users look pretty obvious to me. Their selection of the default "opt-in" makes those plans even plainer.

Re:Since the default is Opt-In..

[hcs_$reboot]

We're used to that kind of behavior from many companies (looking at you, MS). But don't forget Ubuntu is open-source ; any invasive code might be (and would be) detected.

Your advice please...

[DrTJ]

I've been lazy and I've been using Ubuntu (or Kubuntu to be specific) since around 8.04 or so.
However, I also value privacy and I'm not fond of the data collecting business practices of major tech firms.

I value convenience (as I'm getting old) and I like the large apt package set, lots of stuff pre-packaged and ready to run by a a single command line.

I've have or had love affairs with C, Python, Zsh, Haskell, Mercurial, OpenFoam, Embedded, NetBSD (albeit 15 years ago), BeOS, and some other stuff...

I like KDE's features and configurability, but don't like the bloat. I've tried XFCE (&Co) on my lo-end machines, like the speed but they lack some features.

I don't really care if I run a BSD or Linux kernel and user space. I can download and build by source, but that should be restricted to the odd stuff. I expect to find most common stuff pre-compiled and pre-packaged. I value stability, but for some packages, I don't want them to be three years old. (Case in point: eclipse).

I've done enough X configuration for a couple of life times. Basic networking should also work out of the box.

Is it time for me to turn to Debian? Or Manjaro? Or... go hard core Arch? Am I too lazy for those?

Re:Your advice please...

[OrangeTide]

I value convenience (as I'm getting old) and I like the large apt package set, lots of stuff pre-packaged and ready to run by a a single command line.

Debian (apt), Fedora (yum), Arch/Manjaro (pacman) or Gentoo (emerge) can do this, likely others as well. I think Debian's apt repo is quite a bit larger than Ubuntu's.

The other options like MINT, Peppermint, Bodhi, CrunchBang, etc are going to have smaller package repos than Debian, if that matters to you. I could probably list all the Linux apps I need on a Post-It note and find them in the vast majority of distros. (vim, gcc/binutils/make, SDL2, Firefox, pidgin, VLC, audacity, MilkyTracker, GIMP, LibreOffice, Scribus)

I like KDE's features and configurability, but don't like the bloat. I've tried XFCE (&Co) on my lo-end machines, like the speed but they lack some features.

KDE and XFCE are available on Debian, Fedora, Arch, Gentoo, Devuan, Slackware, etc. I use WindowMaker + Thunar myself.

I don't really care if I run a BSD or Linux kernel and user space.

FreeBSD, DragonFlyBSD, etc. the BSDs can be a good choice if you can put a little work in and as long as you're not too dependent on running proprietary drivers. (I believe there are NVIDIA drivers for FreeBSD)

Is it time for me to turn to Debian? Or Manjaro? Or... go hard core Arch? Am I too lazy for those?

If you do run Debian, I recommend running from "unstable". You likely won't be happy with how old the software is in "stable".

Arch is intimidating to install for most people. But the instructions are thorough and walk you through every step. Arch is pretty mindless to install if you have a copy of the installation guide on a phone, tablet, another computer or print out. Arch's support for installing packages from source is the best I've seen, typing 'makepkg -i' and you're done. Makes getting the most up-to-date packages very easy, much of the work is already done for you by other users and posted on AUR.

Remeber when

[OrangeTide]

Operating systems would boot your computer and allow you to run applications?

Re:It was about time

[Opportunist]

It's reasonable to make "on" the default. First, anyone who installs Linux for the first time will not know what to choose and will probably rather go with the default than change something that might break something. And these are the people that, if I was the developer, I want to know the most about. Because first impressions and all that. If I notice that people install my system for the first time and I never hear from them again while there are others that continue using it, I want to know what caused the latter to stay and decide that the system is good. I want to know what modules they use and thus improve my default for those that do not know what modules will likely be interesting or useful to them.

Anyone who knows enough about Linux can easily identify that option and disable it if they so please, or they can even rewrite the installer for an automated installation without this being checked.

How About

[jmccue]

Well I never would allow this, you really have no idea what will be sent.

IIRC, one of the BSDs request the following:
1. run this command (forgot)
2. review the output
3. email the output to address ??? if you do not mind

And anyone who installed Slackware will notice 2 emails in root's mbox, one has instructions on how to add "Register with the Linux counter project". Why can't Ubuntu do something like that ? This way you avoid the 'tin foil hat' feelings.

User Data Collection Hurts Usability

[billyswong]

Power users tend to turn off this kind of telemetries. So what they end up collecting are always habit of less knowledgeable computer users. Features that advanced users need are often looked "rarely used / unnecessary" from such stats. The end result is a wrongly done dumb down of interface.

Now another company fails to realize that and going to mess up their design again.