Skip to main content

President of the Free Software Foundation unleashes Old Testament wrath on Ubuntu Linux “spyware”

Join us in Atlanta on April 10th and explore the landscape of security workforce. We will explore the vision, benefits, and use cases of AI for security teams. Request an invite here.


SONY DSCRichard Stallman, the grand old man of open source software and current president of the Free Software Foundation, is calling Canonical’s Ubuntu Linux “spyware” and calling on the open source community to uninstall the software, shun the company, and “give Canonical whatever rebuff is needed to make it stop.”

Ubuntu is one of the most popular versions of Linux. Stallman is talking about its new network search feature, which he believes spies on the users:

Ubuntu, a widely used and influential GNU/Linux distribution, has installed surveillance code. When the user searches her own local files for a string using the Ubuntu desktop, Ubuntu sends that string to one of Canonical’s servers. (Canonical is the company that develops Ubuntu.)

Canonical CEO Mark Shuttleworth talked about the feature on his personal blog, prophetically subtitled “here be dragons.” Essentially, searching your files on your computer is also, by default, an online search. That online search includes potentially relevant results from Amazon, and if you buy something, Canonical gets a cut. This is not advertising, according to Shuttleworth:

“We’re not putting ads in Ubuntu. We’re integrating online scope results into the home lens of the dash.”

VB Event

The AI Impact Tour – Atlanta

Continuing our tour, we’re headed to Atlanta for the AI Impact Tour stop on April 10th. This exclusive, invite-only event, in partnership with Microsoft, will feature discussions on how generative AI is transforming the security workforce. Space is limited, so request an invite today.
Request an invite

That extremely fine, perhaps microscopic distinction has escaped some of Canonical’s customers, who are wondering why, in the first place, a desktop search should be integrated with an online search, and why, in the second place, that online search wouldn’t be a Google search instead of a online retailer.

As JunCTionS says in a comment on Shuttleworth’s blog post:

Sorry if this is clear to everyone else, but you don’t seem to mention any typical websearch engine. I imagine there are even more Ubuntu users that use Google than those that use Amazon. Will it also search Google?

… it sounds to me that this would be more useful than an Amazon search engine.

For Stallman, however, the core issue is not advertising, although that’s certainly unwelcome. The core issue is the exchange of personal user information … even though Canonical does not send any personal information to Amazon, running the Amazon search query on its own servers based on information that it retains.

That has failed to mollify RMS, who wrote that “it is just as bad for Canonical to collect your personal information as it would have been for Amazon to collect it.”

Shuttleworth’s answer seems to be: just trust us. After all, we control your machine anyways — we have administrator privileges on your computer:

We are not telling Amazon what you are searching for. Your anonymity is preserved because we handle the query on your behalf.

Don’t trust us? Erm, we have root. You do trust us with your data already. You trust us not to screw up on your machine with every update. You trust Debian, and you trust a large swathe of the open source community. And most importantly, you trust us to address it when, being human, we err.

That is not very compelling or simpatico.

In a post on the Canonical blog today, the company addressed the issue again, at least to a degree. After running through the new capabilities — searches for the Beatles will bring up their music on Amazon, where it can be instantly purchased without opening a browser — Canonical says that privacy has been a primary concern while developing this service:

Privacy is extremely important to Canonical. The data we collect is not user-identifiable (we automatically anonymize user logs and that information is never available to the teams delivering services to end users), we make users aware of what data will be collected and which third party services will be queried through a notice right in the Dash, and we only collect data that allows us to deliver a great search experience to Ubuntu users.  We also recognize that there is always a minority of users who prefer complete data protection, often choosing to avoid services like Google, Facebook or Twitter for those reasons – and for those users, we have made it dead easy to switch the online search tools off with a simple toggle in settings.

Aside from the issue of how unusual it would be for someone to be searching their own computer for commercially-useful queries like “the beatles,” or “Lord of the Rings movie,” this is unlikely to satisfy privacy advocates.

And it most certainly will not satisfy RMS.

photo credit: Maurizio Scorianz via photopin cc, Hat tip: Ars Technica

VB Daily - get the latest in your inbox

Thanks for subscribing. Check out more VB newsletters here.

An error occured.