[nycbug-talk] Scary Ubuntu privacy junk
George Rosamond
george at ceetonetechnology.com
Thu Nov 1 13:52:24 EDT 2012
On 11/01/12 13:04, Pete Wright wrote:
> On 10/31/12 10:10 PM, George Rosamond wrote:
>> On 11/01/12 00:42, David Lawson wrote:
>>> On Nov 1, 2012, at 12:16 AM, George Rosamond
>>> <george at ceetonetechnology.com> wrote:
>>>
>>>> This isn't a linux discussion list, but think this is relevant:
>>>>
>>>> is.gd/sgZsW7
>>>>
>>>> It goes to an ArsTechnica link.
>>>>
>>>> But basically, the new Ubuntu has a default feature with Dash
>>>> searches that sends them to Amazon, and (unencrypted) ads come
>>>> back.
>>> The Quantal release version of the Amazon lens encrypts the queries,
>>> though the beta version did not. It also anonymizes the queries
>>> prior to Amazon seeing them, which has always been the case to the
>>> best of my knowledge. Mark has addressed both of those points on his
>>> blog.
>> Oh, he certainly does address it.
>>
>> markshuttleworth.com/archives/1182
>>
>> I especially like replies to "Why are you telling Amazon what I am
>> searching for?"
>>
>> ..."Ern, we have root."
>>
>> Great way to inspire people to use OSS, aint it? "I have root on your
>> box so screw you."
>>
>> "Preserving anonymity" by trusting that project is laughable, at best.
>> Anonymity is not preserved by trust or policy, it's preserved *by
>> design*. Look at Tor, GPG, etc.
>>
>> And it takes little statistical hacking to deanonymize data like that.
>> Give an Amazon your IP and queries, and it's not anonymous. Remember
>> the "anonymized" AOL data a few years back?
>
> this whole debacle was pretty interesting to me - esp the initial
> reaction/disregard for privacy from shuttleworth.
>
> regarding anonymizing data that is actively being mined - it really is a
> loaded term. In Germany for example, you can't store IP addresses and
More on the AOL issue, if anyone doesn't remember:
http://techcrunch.com/2006/08/06/aol-proudly-releases-massive-amounts-of-user-search-data/
Hey, there's even a wikipedia page about it.
https://en.wikipedia.org/wiki/AOL_search_data_leak
> associate them with cookies(1) if the user requests so. Yet once an
> adnetwork has dropped a cookie on your system the IP is almost a moot
aka zombie cookie, flash LSO, supercookie, whatever, right?
> point, they can deduce your geolocation and mine your browsing habbits
> w/o a full IP address. Once a UUID/cookie is installed on your system
> that is all that matters frankly. And believe me - there is active work
> happening to correlate these UID's b/w multiple devices.
Definitely. Give an inch and a mile can be grabbed.
Add that to ISPs tagging packets with user zip code, and you have a
wealth of information.
>
> gathering/mining and analyzing all of this data is *very* expensive and
> it would not be happening if there was monetary value in it. the fact
Is it really *that* expensive? Of course Amazon is doing it for a
reason, and it's worthwhile, but aggregating data and storing on itself
isn't. Having the mechanism to analyze is higher cost, but with any
group's search data, I'm sure it's worth it.
> that a company backed by OSS developers is leveraging their user base
> (and good will) for financial gain is pretty appalling IMHO. not that
> they shouldn't seek novel ways to monetize their product, but the way
> they are going about it is so one sided in favor of amazon is what i
> really have problems with.
>
Yeah, this is why I am speaking so, er, sharply, about the issue.
I don't think Ubuntun has funding issues like other projects, first of all.
But to act like it's in the user base's interest is a joke. Then make
it a f'g package, and not default.
But I just can't get rid of this "I have root on your box" attitude. Woah.
Arrogance + a complete misunderstanding of OSS
g
> -pete
>
> (1)http://www.huntonprivacyblog.com/2011/09/articles/use-of-google-analytics-now-lawful-in-germany-subject-to-certain-guidelines/
>
>
More information about the talk
mailing list