Public bug reported: /etc/update-motd.d/50-motd-news periodically makes a connection to motd.ubuntu.com and sends an User-Agent containing: “curl/$curl_ver $lsb $platform $cpu $uptime cloud_id/$cloud_id” (together with the IP address, obviously).
While it can be argued that the checking for important messages (for things like “Heartbleed“ etc.) is necessary, the expressive User-Agent clearly is not. It is illegal (and potentially costly) to store any personally identifiable data that is not absolutely necessary without informed consent. This problematic behaviour is known since at least 2017: <https://bugs.launchpad.net/ubuntu/+source/base-files/+bug/1701068>. Note that the fact that it can be disabled does not help. If you want to collect this kind of data, you need informed consent. Why not just let curl use the default User-Agent? Please explain why you use this User-Agent, if you store it, if you store the IP address and for how long. And if you store anything, stop. ** Affects: base-files (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1857975 Title: /etc/update-motd.d/50-motd-news is in violation of the GDPR To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/base-files/+bug/1857975/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
