[Bug 1055952] Re: Direct data leaking to Amazon
https://fixubuntu.com/ has a script which turns off remote search, uninstalls unity-lens-shopping, disables remote scopes and blocks connections to Ubuntu's ad server. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055952 Title: Direct data leaking to Amazon To manage notifications about this bug go to: https://bugs.launchpad.net/unity-lens-shopping/+bug/1055952/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055952] Re: Direct data leaking to Amazon
I am immediately stopping my recommendations for using Ubuntu, and actively recommending against it based on this invasive and backhanded leaking of private information without an appropriate opt-in and explanation. Ubuntu, you failed, and now you pay the consequences. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055952 Title: Direct data leaking to Amazon To manage notifications about this bug go to: https://bugs.launchpad.net/unity-lens-shopping/+bug/1055952/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055952] Re: Direct data leaking to Amazon
Since this bug: - Is valid. - Is well described. - Is reported in the upstream project. - Is ready to be worked on by a developer. It's already triaged. ** Changed in: unity-lens-shopping (Ubuntu) Status: Confirmed => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055952 Title: Direct data leaking to Amazon To manage notifications about this bug go to: https://bugs.launchpad.net/unity-lens-shopping/+bug/1055952/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055952] Re: Direct data leaking to Amazon
I installed 13.04 and set the privacy setting accordingly to disable the Amazon traffic. Despite this, it bothers me to know that Canonical made such a foolish move like this. If this was disabled by default, I would actually consider turning it on because I've always wanted to help Canonical in any way possible to support Ubuntu. But at this point, no thanks. This simply enrages me into a clouded state of wondering why I'm still on Ubuntu. I'm beginning to think that it's time to distro shop around and get something that is a little more logically aligned. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055952 Title: Direct data leaking to Amazon To manage notifications about this bug go to: https://bugs.launchpad.net/unity-lens-shopping/+bug/1055952/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055952] Re: Direct data leaking to Amazon
12.04 has been my last one for this very reason. I'm now a happy ArchLinux user. To put it very clearly : I just left Ubuntu because I was so pissed off by this commercial move (as well as the software library that doesn't make any difference between "freeware" and "free sofware". Ubuntu seems not to have understood the reason why so many people left the Mandrake/Mandriva ship, well, let's the story reproduce until people understand : we want Free Software. We do not want Spyware nor adware. Thanks. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055952 Title: Direct data leaking to Amazon To manage notifications about this bug go to: https://bugs.launchpad.net/unity-lens-shopping/+bug/1055952/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055952] Re: Direct data leaking to Amazon
** Tags added: raring -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055952 Title: Direct data leaking to Amazon To manage notifications about this bug go to: https://bugs.launchpad.net/unity-lens-shopping/+bug/1055952/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055952] Re: Direct data leaking to Amazon
The bug is still present in Ubuntu 13.04 beta. I'm a long-term Ubuntu user, but LTS 12.04 will be my last one if this does not get fixed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055952 Title: Direct data leaking to Amazon To manage notifications about this bug go to: https://bugs.launchpad.net/unity-lens-shopping/+bug/1055952/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055952] Re: Direct data leaking to Amazon
Temporary solution is a remastering ISO image: http://www.helplinux.ru/wiki/en:kb:make-ubuntu-safe -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055952 Title: Direct data leaking to Amazon To manage notifications about this bug go to: https://bugs.launchpad.net/unity-lens-shopping/+bug/1055952/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055952] Re: Direct data leaking to Amazon
@keremhd: While I fully agree with your opinion about the privacy implications of the shopping lens towards Canonical and what data is being passed around to them, this is not what this bug is about. This bug is about the fact that Shuttleworth's statement, "We are not telling Amazon what you are searching for. Your anonymity is preserved" is simply not true in the current shopping lens implementation. What you describe ("data leaking to Canonical") is a conscious design decision made by Canonical. Shuttleworth acknowledges it as being the way it works ("we handle the query on your behalf", which is true). tl;dr: what you are referring to is Canonical's intentional data gathering; what this bug is referring to is Amazon's unintentional data gathering. These are two separate issues. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055952 Title: Direct data leaking to Amazon To manage notifications about this bug go to: https://bugs.launchpad.net/unity-lens-shopping/+bug/1055952/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055952] Re: Direct data leaking to Amazon
+ 100 ! Well said. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055952 Title: Direct data leaking to Amazon To manage notifications about this bug go to: https://bugs.launchpad.net/unity-lens-shopping/+bug/1055952/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055952] Re: Direct data leaking to Amazon
It's not about Tor, or my IP address / who I am getting sent to remote servers. It is about "what" is being sent. It sends my search term to the world outside my personal computer without my given consent (and without informing me that it assumes my consent), That search terms might contain information on "who I am" combined with "what I want to keep to my own". I don't type generic terms like "doc files" or "music" in my dash, I type in names of my personal files, which by itself is enough to contain sensitive information I don't want anyone in Canonical (or men-in-the- middle on my network) to see. This bug is not only related with "direct data leaking to amazon", it is also "direct data leaking to canonical". -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055952 Title: Direct data leaking to Amazon To manage notifications about this bug go to: https://bugs.launchpad.net/unity-lens-shopping/+bug/1055952/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055952] Re: Direct data leaking to Amazon
David: Because of Tor's design its latency is far too high to use in a Dash context. Dash results are supposed to be near-instantaneous. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055952 Title: Direct data leaking to Amazon To manage notifications about this bug go to: https://bugs.launchpad.net/unity-lens-shopping/+bug/1055952/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055952] Re: Direct data leaking to Amazon
Every IT site in the world: "Ubuntu with Spyware?" Please release a fix. The Ubuntu brand is getting tarnished. No matter if it is indeed a security problem or not - that can be discussed if needed- but this *will* stick to Ubuntu forever if it isn't fixed quickly. Opt-in is the Linux way. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055952 Title: Direct data leaking to Amazon To manage notifications about this bug go to: https://bugs.launchpad.net/unity-lens-shopping/+bug/1055952/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055952] Re: Direct data leaking to Amazon
Richard's comments must be taken very seriously, and this issue *must* be adressed in the single only possible way : "Shopping lens" and every related unwanted online search packages must be removed from Ubuntu, by an urgent, security, bugfix. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055952 Title: Direct data leaking to Amazon To manage notifications about this bug go to: https://bugs.launchpad.net/unity-lens-shopping/+bug/1055952/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055952] Re: Direct data leaking to Amazon
Richard Stallman has commented on this: http://www.fsf.org/blogs/rms /ubuntu-spyware-what-to-do -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055952 Title: Direct data leaking to Amazon To manage notifications about this bug go to: https://bugs.launchpad.net/unity-lens-shopping/+bug/1055952/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055952] Re: Direct data leaking to Amazon
Would it be possible to use Tor (or some other anonymising protocol) to send and receive each request? (Whether the request is to Canonical, Amazon or some other vendor.) This way individual requests may be identifiable (IP address for sale of item X occurred shortly after anonymous query for X), but sequential requests would not be identifiable (cannot identify that anonymous query X and anonymous query Y were in fact from the same IP address, unless they happen to both result in sales). I believe this would also address some of the concerns raised in https://bugs.launchpad.net/ubuntu/+source/unity-lens- shopping/+bug/1073114 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055952 Title: Direct data leaking to Amazon To manage notifications about this bug go to: https://bugs.launchpad.net/unity-lens-shopping/+bug/1055952/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055952] Re: Direct data leaking to Amazon
** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055952 Title: Direct data leaking to Amazon To manage notifications about this bug go to: https://bugs.launchpad.net/unity-lens-shopping/+bug/1055952/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055952] Re: Direct data leaking to Amazon
** Changed in: unity-lens-shopping Milestone: None => 6.12.0 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055952 Title: Direct data leaking to Amazon To manage notifications about this bug go to: https://bugs.launchpad.net/unity-lens-shopping/+bug/1055952/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055952] Re: Direct data leaking to Amazon
** Tags removed: rls-q-incoming -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055952 Title: Direct data leaking to Amazon To manage notifications about this bug go to: https://bugs.launchpad.net/unity-lens-shopping/+bug/1055952/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055952] Re: Direct data leaking to Amazon
While I do understand the reasoning behind this 'feature' and I do think it would be good for Ubuntu, Linux and Open Source as a whole if more funding comes its way, the issues associated with the shopping lens are worrying me. Combine that with some unavoidable bugs in the new code and user disappointment is guaranteed. Sorry for being sceptical and probably sarcastic, but I think that most users will find their quick and final solution in "sudo apt-get remove --purge unity-lens-shopping". I did it within minutes after upgrading to 12.10 beta2 last weekend. cheers Tom -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055952 Title: Direct data leaking to Amazon To manage notifications about this bug go to: https://bugs.launchpad.net/unity-lens-shopping/+bug/1055952/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055952] Re: Direct data leaking to Amazon
** Changed in: unity-lens-shopping (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055952 Title: Direct data leaking to Amazon To manage notifications about this bug go to: https://bugs.launchpad.net/unity-lens-shopping/+bug/1055952/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055952] Re: Direct data leaking to Amazon
** Changed in: unity-lens-shopping Status: New => Confirmed ** Changed in: unity-lens-shopping Importance: Undecided => High ** Changed in: unity-lens-shopping Assignee: (unassigned) => John Lenton (chipaca) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055952 Title: Direct data leaking to Amazon To manage notifications about this bug go to: https://bugs.launchpad.net/unity-lens-shopping/+bug/1055952/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055952] Re: Direct data leaking to Amazon
** Also affects: unity-lens-shopping Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055952 Title: Direct data leaking to Amazon To manage notifications about this bug go to: https://bugs.launchpad.net/unity-lens-shopping/+bug/1055952/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055952] Re: Direct data leaking to Amazon
Some suggestions (from https://perot.me/ubuntu-privacy-blunder-over- amazon-ads-continues) on how to fix the thumbnail downloading issue: (One of the following) - On the productsearch.ubuntu.com site, download the thumbnails directly and embed them into the JSON result sent to the client, using the data URI scheme (https://en.wikipedia.org/wiki/Data_URI_scheme), so that the entire result set can be sent back to the client in one shot (as opposed to the way it currently is where thumbnails take a while to load) - Replace the URLs with ones pointing to productsearch.ubuntu.com and which, on request, proxy the request normally. - Have the client side do manual HTTP proxying (using productsearch.ubuntu.com or another Canonical server as HTTP proxy) for all requests that would otherwise be sent to a non-Canonical server - Use an SPDY server and use server push/server hint to make things faster (http://www.chromium.org/spdy/link-headers-and-server-hint) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055952 Title: Direct data leaking to Amazon To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unity-lens-shopping/+bug/1055952/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055952] Re: Direct data leaking to Amazon
** Tags added: rls-q-incoming -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055952 Title: Direct data leaking to Amazon To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unity-lens-shopping/+bug/1055952/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055952] Re: Direct data leaking to Amazon
Related bug 1055649 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055952 Title: Direct data leaking to Amazon To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unity-lens-shopping/+bug/1055952/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055952] Re: Direct data leaking to Amazon
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: unity-lens-shopping (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055952 Title: Direct data leaking to Amazon To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unity-lens-shopping/+bug/1055952/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055952] Re: Direct data leaking to Amazon
** Description changed: Despite claims from Mark Shuttleworth that data is not sent to Amazon (http://www.markshuttleworth.com/archives/1182), a quick look at Wireshark reveals that all images resulting from search results are downloaded directly from Amazon (see attached picture). Worse still, the request are over plain HTTP, even though Amazon offers an SSL service for images (ssl-images-amazon.com). So while it's technically true that the search terms are not sent to Amazon, the search results are, and that's just as bad. From this, Amazon and any third-party on the line (ISP etc.) gets the user's IP, date, time, and can deduce the search terms through correlation with recent searches or by looking at the name of the products in the result set. - Additionally, the requests contains a failr unique user-agent: gvfs/1.13.9, which seems to be tied to Gnome. I would imagine that there's not a lot of requests with that user-agent that would hit amazon.com without originating from the Unity Dash. So now Amazon gets to know that I use the Unity Dash to search it. - The query also shows an Accept-Language header; I haven't experimented with other language packs, but it should be relatively obvious that leaking the user's language is not necessary, since those are just static images and the products' title language has already been downloaded from productsearch.ubuntu.com + Additionally, the requests contains a fairly unique user-agent: gvfs/1.13.9, which seems to be tied to Gnome. I would imagine that there's not a lot of requests that would hit amazon.com with that user agent without originating from the Unity Dash. So now Amazon gets to know that I use the Unity Dash to search it, and how often. + The query also shows an Accept-Language header; I haven't experimented with other language packs, but it should be relatively obvious that leaking the user's language is not necessary, since those are just static images and the products' names have already been downloaded from productsearch.ubuntu.com. How to reproduce: - Open Wireshark, start capture - Press the Windows/Meta key - Type anything - Check Wireshark output -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055952 Title: Direct data leaking to Amazon To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unity-lens-shopping/+bug/1055952/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055952] Re: Direct data leaking to Amazon
** Attachment added: "HTTP request to ecx.images-amazon.com" https://bugs.launchpad.net/bugs/1055952/+attachment/3340283/+files/dataleak.png -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055952 Title: Direct data leaking to Amazon To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unity-lens-shopping/+bug/1055952/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs