[nycbug-talk] Scary Ubuntu privacy junk

Pete Wright pete at nomadlogic.org
Thu Nov 1 13:04:34 EDT 2012 

On 10/31/12 10:10 PM, George Rosamond wrote:
> On 11/01/12 00:42, David Lawson wrote:
>> On Nov 1, 2012, at 12:16 AM, George Rosamond
>> <george at ceetonetechnology.com>  wrote:
>>
>>> This isn't a linux discussion list, but think this is relevant:
>>>
>>> is.gd/sgZsW7
>>>
>>> It goes to an ArsTechnica link.
>>>
>>> But basically, the new Ubuntu has a default feature with Dash
>>> searches that sends them to Amazon, and (unencrypted) ads come
>>> back.
>> The Quantal release version of the Amazon lens encrypts the queries,
>> though the beta version did not.  It also anonymizes the queries
>> prior to Amazon seeing them, which has always been the case to the
>> best of my knowledge.  Mark has addressed both of those points on his
>> blog.
> Oh, he certainly does address it.
>
> markshuttleworth.com/archives/1182
>
> I especially like replies to "Why are you telling Amazon what I am
> searching for?"
>
> ..."Ern, we have root."
>
> Great way to inspire people to use OSS, aint it?  "I have root on your
> box so screw you."
>
> "Preserving anonymity" by trusting that project is laughable, at best.
> Anonymity is not preserved by trust or policy, it's preserved *by
> design*.  Look at Tor, GPG, etc.
>
> And it takes little statistical hacking to deanonymize data like that.
> Give an Amazon your IP and queries, and it's not anonymous.  Remember
> the "anonymized" AOL data a few years back?

this whole debacle was pretty interesting to me - esp the initial 
reaction/disregard for privacy from shuttleworth.

regarding anonymizing data that is actively being mined - it really is a 
loaded term.  In Germany for example, you can't store IP addresses and 
associate them with cookies(1) if the user requests so.  Yet once an 
adnetwork has dropped a cookie on your system the IP is almost a moot 
point, they can deduce your geolocation and mine your browsing habbits 
w/o a full IP address.  Once a UUID/cookie is installed on your system 
that is all that matters frankly.  And believe me - there is active work 
happening to correlate these UID's b/w multiple devices.

gathering/mining and analyzing all of this data is *very* expensive and 
it would not be happening if there was monetary value in it.  the fact 
that a company backed by OSS developers is leveraging their user base 
(and good will) for financial gain is pretty appalling IMHO.  not that 
they shouldn't seek novel ways to monetize their product, but the way 
they are going about it is so one sided in favor of amazon is what i 
really have problems with.

-pete

(1)http://www.huntonprivacyblog.com/2011/09/articles/use-of-google-analytics-now-lawful-in-germany-subject-to-certain-guidelines/

-- 
Pete Wright
pete at nomadlogic.org
www.nomadlogic.org

More information about the talk mailing list