Distributions

Ubuntu, non-advertisements, and spyware

Canonical's plan to raise revenue by advertising products sold by Amazon to Ubuntu users has been the source of persistent grumbles across the net for a few months. The volume of that grumbling increased considerably on December 7, though, when Richard Stallman criticized the company for this practice. In turn, Richard has been criticized as "childish" or as one trying to force his own morals on others. In truth, this situation brings forward a number of questions on how to pay for free software development and how users can "pay" for a free-of-charge service.

The service in question is tied to the Ubuntu "Dash" application that, in a default installation, is the user's window into the system as a whole. Both applications and local files can be found by way of a dash search. In the 12.10 release, the dash can be hooked into online service accounts, meaning that a search can find documents in network folders, web-hosted photographs, and more. There are potential privacy issues associated with such searches, of course, but these searches should only happen if the user has provided his or her login information to the Ubuntu system. It is an opt-in situation.

The Amazon searches are another story, though. By default, searches that would otherwise be local are reported back to an Ubuntu server, which then employs the user's search terms to locate products on Amazon that the user might just want to buy. The results are sent back to the user's system, which then proceeds to load the associated product images directly from Amazon and do its best to inspire a bit of retail activity — with Canonical getting a cut of the proceeds, naturally. See the image to the right for an example; the results can be surprisingly diverse.

Back in September, Canonical founder Mark Shuttleworth defended this behavior, claiming that the retail offers from Amazon "are not ads, they are results to your search." The idea that these results are not advertisements is justified by saying that there is no payment for their placement; the fact that Canonical only gets paid when a purchase is made apparently changes the situation somehow. But the real concern is not the obnoxiousness of being not-advertised at; it is the privacy implications. Mark addressed that worry this way:

One can certainly argue that Mark has a point; if one does not trust Canonical, installing an operating system provided by Canonical would appear to be counterindicated. But he has also glossed over a couple of important issues:

• The loading of images directly from Amazon will have the effect of associating searches with specific IP addresses. There is a reasonable chance that the user might connect directly to Amazon's web site at some point, enabling Amazon to associate searches and customers. Canonical may be reserving the search strings, but there is still a fair amount of information being leaked.

• Canonical's "terms of service" allow it to send search terms to "selected third parties." Likely as not, those searches are also being archived — the terms allow both Canonical and the "selected third parties" to store the information. That gives Canonical (and others) a database of what their users are trying to find on their own computers. Even if Canonical flat-out refuses to exploit that database, and even if Canonical has somehow managed to put together a truly secure infrastructure for the management of that data, and even if all the "selected third parties" are somehow equally as virtuous, the simple fact is that such databases constitute attractive nuisances for governments. If that data exists, it will be subpoenaed and otherwise rifled through by the authorities.

Given those little problems, it seems possible that those who are concerned about the behavior of the Ubuntu Dash are not just in the thrall of unreasonable paranoia. Maybe, just maybe, there is a reason for more sober minds to be at least minimally concerned about what their operating system is telling others about them.

Richard Stallman's broadside was arguably neither sober nor minimally concerned; he called Ubuntu's code "spyware," described it as a violation of the user's privacy, and called for a boycott of Ubuntu in general. To do any less, he said, would be to legitimize this sort of "abuse" of Ubuntu's users and damage the good name of free software in general. And, besides, Ubuntu recommends non-free software and Richard, naturally, doesn't like that either.

It is not uncommon for people to disagree with Richard's missives; that was certainly the case this time around. Ubuntu community manager Jono Bacon fired back, describing Richard's views as "childish" and "FUD" (he has since apologized for the "childish" part). Phillip Van Hoof described Canonical's approach as simply "another ethic" and also tossed out the "childish" epithet. Richard's posting, it seems, was seen as a sort of tantrum.

One can agree with Richard or not (your editor often does not), but dismissing his concerns over the treatment of users' private data seems uncalled for. We as a community need to (continue to) have a discussion about a couple of related issues: how can we pay for free software development at all levels of the stack, and how do we guarantee our users' rights as the pendulum continues to swing toward centralized, highly-connected computing?

Whether or not one likes Canonical's specific approach, one has to give the company credit for trying to improve Linux and make it more attractive to a wide range of users. Ubuntu has raised the bar for usability for all distributions and, arguably, has brought Linux into settings where it was not used before. In the process, a lot of money has been spent and a lot of free software developers have been employed. That money needs to come from somewhere; even Mark's personal fortune will not sustain it forever. So Canonical needs to gain revenue from somewhere.

In these web-centric days, revenue seems to come from two sources: from the users directly, or from advertisements. Canonical has been trying both approaches in various ways. If the Amazon non-advertisements approach yields real revenue for Canonical, it would be hard not to conclude that some users, at least, are happy to be informed about how Amazon might have what they appear to be looking for. If nobody likes the feature, it will presumably go away. So, arguably, the real question is whether this behavior should be enabled by default (though Richard dislikes it even as an opt-in service). It is, it could be said, an easy way for users to help fund the creation of their distribution.

The counterpoint, obviously, is that Canonical's business model challenges are not anybody else's problem and that trying to resolve those challenges through the sale of users' private information is not appropriate. Perhaps that is true, but one can also certainly suggest that those wanting to have access to Ubuntu free of charge and who do not want to be a part of this kind of scheme could come up with a better idea for how the company should fund its operations.

In general, the proliferation of centralized network services presents a long list of privacy and freedom concerns. It often seems that many of the companies involved are fighting to control how we interact with the rest of the digital world. Systems that are built to be an intermediary between a user and networked services arguably fall into that category as well. One could easily point at recent Ubuntu distributions — nicely equipped to collect login credentials and intermediate between the user and multiple services — as an example of this type of system. But one could say the same about, say, an Android handset. As is so often the case, convenience encourages people to give up information that, otherwise, they would prefer to keep to themselves. The success of many privacy-compromising services demonstrates that clearly.

Members of the free software community like to think that, among other things, they are building systems that are designed to safeguard the interests of their users rather than those of some third party. Most of the time, that turns out to be true. Sometimes we find surprises — software that phones home with user information or otherwise fails to properly respect its users; such software tends to get fixed quickly, often by distributors before users ever encounter it. But software freedom is no guarantee of absence of user-hostile behavior; we still need to pay attention to what is going on. That is doubly true for software from any distributor (since distributors are in a position of special trust) or from company-controlled projects.

Whether the behavior of the Ubuntu Dash is user-hostile seems to be at least partly in the eyes of the beholder. Certainly it would have been more respectful to ask the user whether this behavior was desired before communicating back to the mothership. In this case, at least, the behavior is not hidden and is easily disabled at multiple levels (see this EFF posting from October for more details on how this service works and how to turn it off). The next example of questionable behavior may be more subtle and harder to detect; free software does not free us from the need to be vigilant.

Comments (46 posted)

Brief items

Distribution quote of the week

-- Steve Langasek

Comments (none posted)

Slax 7.0 released

Version 7.0 of the Slax distribution has been released. "Slax 7.0 is the major update of Slax Linux live operating system. It includes newest Linux Kernel, KDE4 desktop, GCC compiler and lots of other stuff and that all in just a ~210MB download. Furthermore it's available in more than 50 localizations, so you can get a Slax that speaks your language."

Comments (none posted)

Kubuntu and Edubuntu 13.04 Alpha 1 Released

This alpha features Raring Ringtail (13.04) images for Edubuntu and Kubuntu. "At the end of the 12.10 development cycle, the Ubuntu flavour decided that it would reduce the number of milestone images going forward and the focus would concentrate on daily quality and fortnightly testing rounds known as cadence testing. Based on that change, The Ubuntu product itself will not have an Alpha-1 release. Its first milestone release will be the FinalBetaRelease on the 28th of March 2013. Other Ubuntu flavours have the option to release using the usual milestone schedule."

Full Story (comments: none)

Distribution News

Debian GNU/Linux

bits from the DPL: November 2012

The latest bits from the Debian Project Leader cover the debian-cloud initiative, Debian Squeeze images for Amazon EC2, DebConf13 organization, Kevin Carrillo's newcomer survey, the "dpl-helpers" initiative, and several other topics.

Full Story (comments: none)

Fedora

Election Results for FAmSCo, FESCo, and Fedora Board seats

Fedora elections are over. Jaroslav Reznik and Michael Scherer have been elected to the Fedora Board. Toshio Kuratomi, Miloslav Trmac, Marcela Mašláňová and Stephen Gallagher have been elected to FESCo (Fedora Engineering Steering Committee). Alejandro Perez, Buddhika Chandradeepa Kurera and Truong Anh Tuan have been elected to FAmSCo (Fedora Ambassadors Steering Committee).

Full Story (comments: none)

Newsletters and articles of interest

Distribution newsletters

• Debian Project News (December 10)
• DistroWatch Weekly, Issue 486 (December 10)
• Maemo Weekly News (December 10)
• Ubuntu Weekly Newsletter, Issue 295 (December 9)

Comments (none posted)

Stallman: Ubuntu Spyware: What to Do?

Richard Stallman has come out against Ubuntu's Amazon partnership on the Free Software Foundation's site. "But there's more at stake here than whether some of us have to eat some words. What's at stake is whether our community can effectively use the argument based on proprietary spyware. If we can only say, 'free software won't spy on you, unless it's Ubuntu,' that's much less powerful than saying, 'free software won't spy on you.' It behooves us to give Canonical whatever rebuff is needed to make it stop this. Any excuse Canonical offers is inadequate; even if it used all the money it gets from Amazon to develop free software, that can hardly overcome what free software will lose if it ceases to offer an effective way to avoid abuse of the users."

Comments (77 posted)

Schulz: OpenMandriva takes off

Charles H. Schulz marks the official launch of the OpenMandriva Association. "It is not everyday you see an example of a community who gains its independence with the blessing and dedication of its former steward. But I probably would not be writing these lines if I hadn’t witnessed what it takes to fulfill this kind of commitment. The OpenMandriva project, foundation, community, association is taking off. The best is yet to come. But just like with every FOSS project out there, and especially Linux distributions, the community will have to strive to prove it can bring its longstanding promise: to deliver an innovative, user-friendly Linux distribution developed by an inclusive and friendly community."

Comments (1 posted)

Six Linux Distros Born in 2012 (Linux.com)

Katherine Noyes takes a quick look at six projects that were started this year. "More than 30 new distros joined our sphere in rapid succession thanks just to the “31 Flavors of Fun” experiment in August, but there were also several notable arrivals that come to light over the course of the year with the potential to make a lasting mark."

Comments (none posted)

A new LFS Blog

Linux From Scratch has a new blog. "The purpose of the blog is to expand upon LFS/BLFS by providing examples of configuration and use that go beyond the books. New articles will appear periodically to give practical examples of how to use applications in an LFS environment."

Full Story (comments: none)

Page editor: Rebecca Sobol
Next page: Development>>