Privacy in Ubuntu 12.10: Amazon Ads and Data Leaks
See part 2 of Privacy in Ubuntu 12.10: Full Disk Encryption.
Earlier this month the eagerly awaited free software operating system Ubuntu 12.10 was released, and it includes a slew of new features (YouTube link), some of which have infuriated users because of privacy concerns.
Over the last couple of years Canonical Ltd, the company that develops Ubuntu, has been pushing the Ubuntu desktop in new directions with the desktop environment called Unity. A key feature of Unity is Dash, a single place to search for apps, documents, music, and other data on your computer. Starting with the latest release of Ubuntu, Dash is also starting to search the Internet for you. While some people find this convenient, others find it a violation of their privacy. Luckily, Ubuntu makes it easy to turn this off. Scroll down to "How to Disable Amazon Ads and Data Leaks" to learn how.
The first thing you'll notice about the new Dash is that when you search for something, you not only see local files but also Amazon-affiliated advertisements for products. There has been a massive outcry of complaints from the Ubuntu community about this, as well as a bug reports, both serious ("Don't include remote searches in the home lens", "Direct data leaking to Amazon") and tongue in cheek ("grep -R doesn't automatically search amazon", "Spyware coverage incomplete - limited to Dash"). Mark Shuttleworth, the founder of Ubuntu, defended the decision to include Amazon ads in Dash:
We are not telling Amazon what you are searching for. Your anonymity is preserved because we handle the query on your behalf. Don’t trust us? Erm, we have root. You do trust us with your data already. You trust us not to screw up on your machine with every update. You trust Debian, and you trust a large swathe of the open source community. And most importantly, you trust us to address it when, being human, we err.
Technically, when you search for something in Dash, your computer makes a secure HTTPS connection to productsearch.ubuntu.com, sending along your search query and your IP address. If it returns Amazon products to display, your computer then insecurely loads the product images from Amazon's server over HTTP. This means that a passive eavesdropper, such as someone sharing a wireless network with you, will be able to get a good idea of what you're searching for on your own computer based on Amazon product images.
It's a major privacy problem if you can't find things on your own computer without broadcasting what you're looking for to the world. You could be searching for the latest version of your résumé at work because you're considering leaving your job; you could be searching for a domestic abuse hotline PDF you downloaded, or legal documents about filing for divorce; maybe you're looking for documents with file names that will gave away trade secrets or activism plans; or you could be searching for a file in your own local porn collection. There are many reasons why you wouldn't want any of these search queries to leave your computer.
It's Not Just Amazon
The new version of Dash that comes with Ubuntu 12.10 introduces more than just Amazon ads. It includes a new legal notice that you can see by clicking the "i" in the corner of Dash that states that by using Dash, you automatically agree to send your search term and IP address to a number of third parties.
Unless you have opted out, we will also send your keystrokes as a search term to productsearch.ubuntu.com and selected third parties so that we may complement your search results with online search results from such third parties including: Facebook, Twitter, BBC and Amazon. Canonical and these selected third parties will collect your search terms and use them to provide you with search results while using Ubuntu.
Ubuntu's Third Party Privacy Policies page lists all of the third parties that they may send your search term and IP address to, and states: "For information on how our selected third parties may use your information, please see their privacy policies." In other words, once they give your data away, it's no longer their problem.
Canonical is not clear about which third parties it sends data to and when, but it appears that many of these third parties only get searched in certain circumstances. Ubuntu's new Online Accounts feature lets you authorize Ubuntu to use your accounts from Facebook, Twitter, Google, Flickr and other services for Ubuntu apps. Dash will likely search these services for photos, documents, and other content only after you've authorized Ubuntu to use them.
Canonical has been listening to feedback from Ubuntu users and they are working on improvements to Dash, such as loading Amazon images over HTTPS to prevent eavesdroppers from learning what users search for, and NSFW filters so that pornography doesn't appear in Dash. These changes are great, but it doesn't change the fact that users' search queries automatically get sent to third party companies without giving users a chance to opt-in.
Even loading Amazon product images over HTTPS instead of HTTP, the fact that they are loaded directly from Amazon's servers instead of from Canonical's means that Amazon has the ability to correlate search queries with IP addresses. One way to fix this would be if Canonical proxied all third party images and other content for Ubuntu users.
How to Disable Amazon Ads and Data Leaks
You can uninstall Dash's Amazon integration by removing the package called unity-lens-shopping from your computer. If you are currently using Ubuntu 12.10, you can click here to open unity-lens-shopping in Ubuntu Software Center, and then click the "Remove" button on the right. You can also uninstall it by opening the Terminal app and typing:
sudo apt-get remove unity-lens-shopping
If you want Dash to only search your local computer and not search the Internet at all, you can open the Privacy app and switch "Include online search results" from on to off, as pictured below.
Finally, if you don't like the direction that Unity is going but you still like the Ubuntu operating system, you can switch to a different desktop environment altogether such as GNOME 3, KDE, or Cinnamon.
You can get GNOME 3 by installing the package called gnome-shell. You can get KDE by installing the package called kde-full. And you can get Cinnamon by adding the Cinnamon PPA to your repositories and then installing the package called cinnamon. Once you have installed a new desktop environment, you can choose which one you want to use from your login screen. Click the Ubuntu logo next to your username to change your desktop environment.
What EFF Wants From Ubuntu
Ubuntu is the third most popular desktop operating system, and it's the most popular free software one. Many of EFF's employees run Ubuntu on their own computers. Here is what we would like to see from future versions of Ubuntu.
- Disable "Include online search results" by default. Users should be able to install Ubuntu and immediately start using it without having to worry about leaking search queries or sending potentially private information to third party companies. Since many users might find this feature useful, consider displaying a dialog the first time a user logs in that asks if they would like to opt-in.
- Explain in detail what you do with search queries and IP addresses, how long you store them, and in what circumstances you give them to third parties.
- Make the Search Results tab of the Privacy settings let users toggle on and off specific online search results. Some users might want Amazon products in their search results, but never anything from Facebook.
- We love that Ubuntu is bold enough to break new ground and compete directly with the large proprietary operating systems, but please make sure that you respect your users' privacy and security while you're doing it. Windows and Mac users are used to having their data sent to third parties without their express consent by software companies that are trying to maximize profits for their shareholders. Let's make sure Ubuntu, like the GNU/Linux operating system at its heart, remains an exception to this.
Stay tuned for part two of Privacy in Ubuntu 12.10, where we will talk about new Ubuntu privacy features that we really like.