Re: Does Ubuntu upload personal information by default and without permission now?

2011-10-12 Thread Jo-Erlend Schinstad 

Den 12. okt. 2011 19:52, skrev David Barth:
I don't know either. But I suspect that would take some previous space 
on the CD and then local install. Not to mention the need for very 
frequent updates. And an out-of-date database would be even worse, ie 
not returning any of the new music hits.


I feel the online mode is the only one really making sense.


Well, unlike software packages, released albums usually aren't updated, 
so only new albums would have to be downloaded. I don't think it would 
be useful to download all the song titles in the world just for the sake 
of privacy though. Most people wouldn't mind searching for music online, 
as long as they know they're doing it.


But I do think the online search should be opt-in instead of opt-out. 
It's better to err on the side of caution in cases where privacy is at 
all an issue.


Jo-Erlend Schinstad


--
ubuntu-desktop mailing list
ubuntu-desktop@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop

Re: Does Ubuntu upload personal information by default and without permission now?

2011-10-12 Thread John Rowland Lenton 
On Wed, 12 Oct 2011 13:36:29 -0400, Jeremy Bicha  wrote:
> 
> Alternatively, could the entire online store "library" be cached to
> user's computers? This should speed up search and there shouldn't be a
> privacy concern. It could be similar to what app-install-data does.
> But how much space would this data take?
> 

I'd love to, but it's updated weekly, and is several tens of gigabytes
in size.


> (Drifting offtopic, would it make sense for the Music Store to be part
> of Software Center?)
> 
> I suspect that some people complaining would also object to the Apps
> lens showing Apps Available for Download even though no information is
> being sent to the web there, just because of the extra clutter. And
> it's especially annoying to show those downloadable apps to users who
> don't have admin privileges.

what do you mean? apps available for download *are* shown.


pgpHmMNv41UxZ.pgp
Description: PGP signature
-- 
ubuntu-desktop mailing list
ubuntu-desktop@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop

Re: Does Ubuntu upload personal information by default and without permission now?

2011-10-12 Thread John Rowland Lenton 
On Wed, 12 Oct 2011 19:18:43 +0200, David Barth  
wrote:
> Le 11/10/2011 22:04, Matthew Paul Thomas a écrit :
> >
> > Apple had an equivalent privacy problem with the iTunes MiniStore five
> > years ago.

there's a significant difference, in that (at least according to that
article) iTunes sent information about everything you were listening to,
as opposed to explicit searches which is what we're doing.


pgpZstagbLPgF.pgp
Description: PGP signature
-- 
ubuntu-desktop mailing list
ubuntu-desktop@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop

Re: Does Ubuntu upload personal information by default and without permission now?

2011-10-12 Thread David Barth 

Le 12/10/2011 19:36, Jeremy Bicha a écrit :

On 12 October 2011 13:18, David Barth  wrote:

Which I think, under further guidance of the Design team, we could turn into
a mode whereby results are only retrieved if the user unfolds the section
containing suggestions.

At the moment, search queries are passed to all scopes in advance, to let
them retrieve results as fast as possible and provide feedback for the user
as he keeps typing. That is the case for both scopes working on local
content, as well as online ones.

We can look into differentiating them for O+1 (now Precise). However I'm
afraid that the only way to solve that particular privacy concern is to
remove the scope altogether for now:

apt-get remove --purge unity-scope-musicstores

as also mentioned by Jason in this thread.

Note however (and I think Mikkel mentioned it as well) that no queries are
made if you search from the Home dash lens. If you hit  and type your
query, it won't go hit the Ubuntu One servers. Unity only makes queries to
the Music store if you explicitly search into the Music lens itself.

Alternatively, could the entire online store "library" be cached to
user's computers? This should speed up search and there shouldn't be a
privacy concern. It could be similar to what app-install-data does.
But how much space would this data take?
I don't know either. But I suspect that would take some previous space 
on the CD and then local install. Not to mention the need for very 
frequent updates. And an out-of-date database would be even worse, ie 
not returning any of the new music hits.


I feel the online mode is the only one really making sense.

David

--
ubuntu-desktop mailing list
ubuntu-desktop@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop

Re: Does Ubuntu upload personal information by default and without permission now?

2011-10-12 Thread Jeremy Bicha 
On 12 October 2011 13:18, David Barth  wrote:
> Which I think, under further guidance of the Design team, we could turn into
> a mode whereby results are only retrieved if the user unfolds the section
> containing suggestions.
>
> At the moment, search queries are passed to all scopes in advance, to let
> them retrieve results as fast as possible and provide feedback for the user
> as he keeps typing. That is the case for both scopes working on local
> content, as well as online ones.
>
> We can look into differentiating them for O+1 (now Precise). However I'm
> afraid that the only way to solve that particular privacy concern is to
> remove the scope altogether for now:
>
> apt-get remove --purge unity-scope-musicstores
>
> as also mentioned by Jason in this thread.
>
> Note however (and I think Mikkel mentioned it as well) that no queries are
> made if you search from the Home dash lens. If you hit  and type your
> query, it won't go hit the Ubuntu One servers. Unity only makes queries to
> the Music store if you explicitly search into the Music lens itself.

Alternatively, could the entire online store "library" be cached to
user's computers? This should speed up search and there shouldn't be a
privacy concern. It could be similar to what app-install-data does.
But how much space would this data take?

(Drifting offtopic, would it make sense for the Music Store to be part
of Software Center?)

I suspect that some people complaining would also object to the Apps
lens showing Apps Available for Download even though no information is
being sent to the web there, just because of the extra clutter. And
it's especially annoying to show those downloadable apps to users who
don't have admin privileges.

Jeremy

-- 
ubuntu-desktop mailing list
ubuntu-desktop@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop

Re: Does Ubuntu upload personal information by default and without permission now?

2011-10-12 Thread David Barth 

Le 11/10/2011 22:04, Matthew Paul Thomas a écrit :

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Jo-Erlend Schinstad wrote on 11/10/11 12:43:

...

I had difficulties believing this to be true, so I tested it. I
searched for an artist of which I have no records, and sure
enough, the music lense told me I could purchase it. I then
disconnected from the network and searched again and this time, I
got no advertisement. A very simple test that anyone can perform,
and it indicated to me that the search was indeed being sent to
some online service. Does this apply to all my searches? What else
is being uploaded about me?

I was just about to sniff my network to see for myself when I came
to my senses... If people even get the impression that they are
being monitored by their own system, then Ubuntu has certainly
lost. Technologies like Zeitgeist are great, but they also mean
it's more important than ever that absolutely no information is
being transmitted without asking permission first and that user
always knows what is being sent. The feeling of loosing that
confidence was not a good one.

...


Apple had an equivalent privacy problem with the iTunes MiniStore five
years ago.

They fixed it by (a) making it opt-in, and (b) explaining it inside
iTunes itself.
Which I think, under further guidance of the Design team, we could turn 
into a mode whereby results are only retrieved if the user unfolds the 
section containing suggestions.


At the moment, search queries are passed to all scopes in advance, to 
let them retrieve results as fast as possible and provide feedback for 
the user as he keeps typing. That is the case for both scopes working on 
local content, as well as online ones.


We can look into differentiating them for O+1 (now Precise). However I'm 
afraid that the only way to solve that particular privacy concern is to 
remove the scope altogether for now:


apt-get remove --purge unity-scope-musicstores

as also mentioned by Jason in this thread.

Note however (and I think Mikkel mentioned it as well) that no queries 
are made if you search from the Home dash lens. If you hit  and 
type your query, it won't go hit the Ubuntu One servers. Unity only 
makes queries to the Music store if you explicitly search into the Music 
lens itself.


I hope this clarifies.

David

--
ubuntu-desktop mailing list
ubuntu-desktop@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop

Re: Does Ubuntu upload personal information by default and without permission now?

2011-10-12 Thread Jason Warner 
Hi Jo-Erlend ,

Thanks for taking the time to write up your thoughts and caring enough about
Ubuntu to share them with the list!

I have some general thoughts on this and then more specific music lens
thoughts.

Privacy is an important component of Ubuntu computing and we take that
seriously. As Ubuntu opens more networked services, privacy continues to be
a core value.

Specifically with the Music Lens, the data sent and the results returned are
innocuous in nature (there is no user specific information sent etc), though
I acknowledge that some people will simply not want this additional
functionality if they consider this a breach of their personal privacy. As
we strive to bring value to our users, we are also committed to ensuring
privacy continues to be a core value.

While we suspect most users will have no concern about the data sent and
returned, for those who do the current way to remove this is to simply
uninstall the music scope[1]. I recognize that this is neither optional nor
user friendly so I'll be looking at adding opt-out options for services like
this in the future generally and specifically for this one in a possible
SRU.

Bottom line, everyone needs to be concerned with privacy now and in the
future and it must be balanced with adding great services for the vast
majority of people. Again, thanks for bringing this up, it was great input.
It raised an area that we can improve and are going to do just that!

Thanks,
Jason

[1] - apt-get remove --purge unity-scope-musicstores



On Tue, Oct 11, 2011 at 12:43 PM, Jo-Erlend Schinstad <
joerlend.schins...@gmail.com> wrote:

> I was a little bit surprised to read that the Music Lense will actually
> send your searches to an online database by default and without asking any
> permission beforehand. In earlier versions of Ubuntu, things like popcon
> have not been activated by default and you've always been confident that
> there are no open ports and no data being transmitted unless you've asked
> for it.
>
> I had difficulties believing this to be true, so I tested it. I searched
> for an artist of which I have no records, and sure enough, the music lense
> told me I could purchase it. I then disconnected from the network and
> searched again and this time, I got no advertisement. A very simple test
> that anyone can perform, and it indicated to me that the search was indeed
> being sent to some online service. Does this apply to all my searches? What
> else is being uploaded about me?
>
> I was just about to sniff my network to see for myself when I came to my
> senses... If people even get the impression that they are being monitored by
> their own system, then Ubuntu has certainly lost. Technologies like
> Zeitgeist are great, but they also mean it's more important than ever that
> absolutely no information is being transmitted without asking permission
> first and that user always knows what is being sent. The feeling of loosing
> that confidence was not a good one.
>
> I think the advertisements in the lenses, whether it's for software or
> music, needs to be deactivated. Not only does it validate the notion that
> Ubuntu is "free for a reason, just like GMail", but it might also cause
> users to loose confidence in their own privacy.
>
> It just isn't worth it.
>
> Jo-Erlend Schinstad
>
> --
> ubuntu-desktop mailing list
> ubuntu-desktop@lists.ubuntu.**com 
> https://lists.ubuntu.com/**mailman/listinfo/ubuntu-**desktop
>
-- 
ubuntu-desktop mailing list
ubuntu-desktop@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop

Re: An idea how to handle scopes and lenses properly.

2011-10-12 Thread Didier Roche 

Le 11/10/2011 20:52, Jo-Erlend Schinstad a écrit :
After I raised some concerns about the music lense, I got some 
feedback that made me think. Didier Roche asked me how we can make it 
better.


I had the TV on in the background the other day and there was a 
documentary on. The narrator kept referring to "the damn wall". I 
thought it was rather peculiar language for a Discovery documentary, 
so I had to investigate. It turned out that it was about the 
"Dambusters" who blew up a nazi dam during the second world war. If 
you get a single crack in the dam wall, then that wall is coming down. 
The same can be said about trust. If the emotional trust is broken, 
then a relationship might be lost even if there's still some rational 
trust. A user might be calmed by the fact that only searches for music 
is sent online, but I'm a little bit worried that some might not be 
able to shake the question: "yes, but how do I know?". The feeling 
that the crack might expand just doesn't make you want to invest in 
it. I wrote to Didier that a bottle is either water-proof or leaking. 
That's not entirely true, of course. A bottle is supposed to leak, but 
only when and how you want it to.


So how do we make the lenses and scopes work the way we want it to, 
without making it complicated and without introducing any privacy 
concerns? For the music lense in isolation, this would be very easy. A 
checkbox "search online" or "use u1ms" would suffice. But we want lots 
of lenses and scopes, don't we? So what happens when I get a Google 
Docs scope? Should it be told about all my file searches? In some 
cases, maybe that'd be fine. In others, it would be completely 
unacceptable.


What if we learn from JACK? They manage many inputs and many outputs. 
Sounds perfect for lenses and scopes. That is, we'd have our lenses on 
the left and our scopes to the right. Then we could just connect our 
lenses to the scopes we wanted to use and disconnect them just as 
easily. The default scope would always be personal data and nothing 
else, but it would be easy to add others. You'd want to use the u1ms 
scope, of course, but wouldn't it be nice if you could also have a 
music scope for your local radio channel so that you could choose to 
purchase the last song they played? And wouldn't it be nice if a sales 
manager could connect to the recent customers scope of the salesmen in 
her team so she could easily find a customer if anyone had a question? 
Obviously, when you installed a new scope, it would be able to add 
itself -- with your permission.


I'm sure there are thousands of use cases, but that also means we must 
have a flexible way of managing them. Until we do, I propose that the 
online searches for the music lense be deactivated for Oneiric and use 
the time to come up with a proper way to deal with this issue and to 
make it both more flexible and user friendly. Searching u1ms through 
the music lense, is not a killer feature (though it is nice), but does 
have a potential to fuel some FUD and I don't think it's worth it. 
Better to really _launch_ it in April.




Hey again Jo-Erlend,

Yeah, managing scope and having sensible defaults in something we should 
discuss on, especially with book lens that the community has done and 
I'm sure there are plenty of them. I still think that "showing cover 
album" (and so, downloading the corresponding cover to what you are 
listening to) that we had for quite some releases in banshee is "worse" 
than sending a simple search you made in the music lens (search through 
the global home dash doesn't get data from it). No identification 
personal data are sent in both case anyway.


As a followup to the personal reply you made to me and that I answered, 
I'm pretty sure that it's quite late for Oneiric (but I'll still poke 
around) and those things should be discuss lenghty, with some  design 
guys and keyholders. I think dealing that at UDS will be the right place 
to gather all relevant people. Would you lead this session, even 
remotely? We can make sure it's on track and discussed without any taboo 
to have a way to enable/disable all those online features.


Cheers,
Didier

--
ubuntu-desktop mailing list
ubuntu-desktop@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop