Re: EFF Privacy; hopefully Ubuntu will listen to users
On Tue, Nov 6, 2012 at 4:28 PM, C de-Avillez hgg...@ubuntu.com wrote: On 05/11/12 09:08, Jordon Bedwell wrote: This is from my perspective though and I have not really followed all too closely since I am the type of person to remove what I don't want and block stuff like Canonical's NTP and other tracking via our hardware firewalls instead of complaining about stuff that I myself can fix. I am curious on what is this block stuff like Canonical's NTP and other tracking Hi, wild guess: other tracking may be completely unrelated to canonical here. On Canonical's NTP it is indeed some kind of tracking, I remember seeing some estimates of the global number of ubuntu users based on statistics from canonical's NTP servers. To be perfectly clear: there is IMHO nothing wrong about this, I see more value in this kind of statistics than I have problems with canonical knowing my IP address and the time at which I turn my computer on. I just agree that it is indeed some form of tracking. On the more specific problem of amazon search integrated into unity, I think the feature is a pretty cool one and I suppose that canonical did honestly what it could to respect privacy here, but I share the EFF's concerns as well. IMHO, it would not be a bad move from canonical to make it opt-in (and to advertise it when it is disabled) or to add a button to include web results in this search on demand. Best. -- Aurélien Naldi -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: EFF Privacy; hopefully Ubuntu will listen to users
On Mon, Nov 05, 2012 at 03:28:44PM +, J Fernyhough wrote: I'm currently looking into how Ubuntu meets the provisions of the Data Protection Act 1998, and more crucially what would need to be done to meet the requirements, so that I have some base of evidence and legal reasoning to put forward (for example, at no point in the download or installation process is it identified which information is being gathered, how it will be stored, by whom, how it will be used, or who to contact). Not during installation, but I believe I've seen a Legal notice link displayed somewhere in the Unity UI which has that information. (Apologies for vagueness; I don't work on this stuff myself.) (As an aside, it appears that being only enthusiastic about Ubuntu and all decisions, or at least getting in line, is a requisite for employment there.) I can only speak for myself and I don't do very much hiring nowadays since I quit management, but this is certainly not true of the hiring decisions I've made. One of my routine interview questions is along the lines of asking what we are doing wrong and how we could improve it, and I give considerable weight to non-trivial answers; I've never been interested in hiring yes-men, and I would probably mark somebody *down* for being too uncritically enthusiastic (if we're so perfect, what are you going to do for us then ...). Of course, the how we could improve it bit is important; employees need to achieve goals which often implies being pragmatic about how they approach problems, and they don't necessarily have the luxury of going in all guns blazing all the time. -- Colin Watson [cjwat...@ubuntu.com] -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: EFF Privacy; hopefully Ubuntu will listen to users
On 5 November 2012 15:35, Martin Albisetti be...@ubuntu.com wrote: On Mon, Nov 5, 2012 at 12:28 PM, J Fernyhough j.fernyho...@gmail.com wrote: (As an aside, it appears that being only enthusiastic about Ubuntu and all decisions, or at least getting in line, is a requisite for employment there.) It is not. On 7 November 2012 15:23, Colin Watson cjwat...@ubuntu.com wrote: I can only speak for myself and I don't do very much hiring nowadays since I quit management, but this is certainly not true of the hiring decisions I've made. This is good to hear; from what I've read previously there's been little criticality from more established contributors - it could well be that I'm not subscribed to the correct lists (or reading the wrong things!). J -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: EFF Privacy; hopefully Ubuntu will listen to users
On 7 November 2012 15:23, Colin Watson cjwat...@ubuntu.com wrote: On Mon, Nov 05, 2012 at 03:28:44PM +, J Fernyhough wrote: I'm currently looking into how Ubuntu meets the provisions of the Data Protection Act 1998, and more crucially what would need to be done to meet the requirements, so that I have some base of evidence and legal reasoning to put forward (for example, at no point in the download or installation process is it identified which information is being gathered, how it will be stored, by whom, how it will be used, or who to contact). Not during installation, but I believe I've seen a Legal notice link displayed somewhere in the Unity UI which has that information. (Apologies for vagueness; I don't work on this stuff myself.) Yes indeed - but the notice itself isn't fully compliant. For example, who do I contact to find out what information is being stored about me? The linked privacy policy also makes no mention of lens searches. (Again, just examples, I'll be formulating something over the weekend (probably).) J -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: EFF Privacy; hopefully Ubuntu will listen to users
Le 07/11/2012 17:16, J Fernyhough a écrit : On 7 November 2012 15:23, Colin Watson cjwat...@ubuntu.com wrote: On Mon, Nov 05, 2012 at 03:28:44PM +, J Fernyhough wrote: I'm currently looking into how Ubuntu meets the provisions of the Data Protection Act 1998, and more crucially what would need to be done to meet the requirements, so that I have some base of evidence and legal reasoning to put forward (for example, at no point in the download or installation process is it identified which information is being gathered, how it will be stored, by whom, how it will be used, or who to contact). Not during installation, but I believe I've seen a Legal notice link displayed somewhere in the Unity UI which has that information. (Apologies for vagueness; I don't work on this stuff myself.) Yes indeed - but the notice itself isn't fully compliant. For example, who do I contact to find out what information is being stored about me? The linked privacy policy also makes no mention of lens searches. (Again, just examples, I'll be formulating something over the weekend (probably).) Until you click on the link in the dash, you will see a Legal Notice hyperlink going to a local version of a webpage having itself more details on the Canonical general privacy policy. Once you click on it, the link is modified to an icon which still link to the same file. If you see some missing explanation on the legale notice, please get in touch with the community team on IRC who can link you with the legale team who wrote this message to get it more comprehensible and complete, but still legally valid ;) Thanks, Didier -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: EFF Privacy; hopefully Ubuntu will listen to users
On 05/11/12 09:08, Jordon Bedwell wrote: This is from my perspective though and I have not really followed all too closely since I am the type of person to remove what I don't want and block stuff like Canonical's NTP and other tracking via our hardware firewalls instead of complaining about stuff that I myself can fix. I am curious on what is this block stuff like Canonical's NTP and other tracking You state, or imply, that NTP -- which I take to mean the network time protocol --, specifically Canonical's NTP, has been added with the ability to track its users. You then keep on stating this is the same with other tracking, without any details. Can you please provide some pointers (or, even better, facts) to allow us to verify a -- so far -- baseless assertion? Cheers, ..C.. signature.asc Description: OpenPGP digital signature -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: EFF Privacy; hopefully Ubuntu will listen to users
On Tue, Oct 30, 2012 at 09:45:59AM -0300, German Larrain M. wrote: Well, issues like this are the ones that motivate a fork (e.g. OpenOffice and LibreOffice) at one time or another. Is it necessary to reach that point? I don't think so. It would be a waste of code and resources. Forks happen when people disagree. Is there really any disagreement here? Have any privacy-related patches actually been rejected, or is it just that nobody has written them? We've just had the Ubuntu Developer Summit during which the next release was planned, and everyone was welcome (both in person and online). I must have missed the session on privacy, or did nobody propose one? (posting with my personal hat on, and not my Canonical one; I get paid to work on Server/Cloud, not Desktop/Client) -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: EFF Privacy; hopefully Ubuntu will listen to users
On Mon, Nov 5, 2012 at 8:55 AM, Robie Basak robie.ba...@canonical.com wrote: Forks happen when people disagree. Is there really any disagreement here? Have any privacy-related patches actually been rejected, or is it just that nobody has written them? Patches being rejected are a bit narrow, when the Canonical lead implies (at least to me and a few others) he does not care about privacy in the default install and has not answered the many numerous complaints with nothing more than We are not violating the law and even going as far as ignoring the NTP issue... he speaks louder than rejecting patches on a tracker. This is from my perspective though and I have not really followed all too closely since I am the type of person to remove what I don't want and block stuff like Canonical's NTP and other tracking via our hardware firewalls instead of complaining about stuff that I myself can fix. But to me and a few others it's come to the point where it's becoming a side job and eventually a lot of users will just take out. We've just had the Ubuntu Developer Summit during which the next release was planned, and everyone was welcome (both in person and online). I must have missed the session on privacy, or did nobody propose one? I don't think there was one, I think this is a case of the few speaking and protecting the many and the few not having the same power as the many because some people won't do anything until the many step up and embarrass the top brass. What I am saying is, at this point I am to believe that Canonical and Ubuntu do not care one bit about this privacy cock up and they don't care that the few notice and are trying to help the many. They are probably gonna hold off until the many step up and embarrass Canonical. I think what Canonical and Ubuntu are doing is alienating old Linux users who are used to telling their computers what to do, not having their computer tell them what they are going to do and then them having to step up and almost be like no, fu** that noise, you will do what I want, not what you want. (and again, this is from my perspective, do feel free to correct me with pure fact if this is not the case) -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: EFF Privacy; hopefully Ubuntu will listen to users
On 5 November 2012 15:08, Jordon Bedwell jor...@envygeeks.com wrote: -- snip -- I think what Canonical and Ubuntu are doing is alienating old Linux users who are used to telling their computers what to do, not having their computer tell them what they are going to do and then them having to step up and almost be like no, fu** that noise, you will do what I want, not what you want. (and again, this is from my perspective, do feel free to correct me with pure fact if this is not the case) From those conversations I've had on IRC and G+ it appears that criticism isn't welcome within Canonical. The viewpoint is that any change they make (minor or major, window button location or built-in affiliate advertising) is greeted with an outcry from the outside. While this means that the signal:noise ratio is very low there are valid issues being ignored precisely because people try to point them out. In one instance I was told that my concerns weren't being ignored, it's just that we've heard it so many times already. I'm currently looking into how Ubuntu meets the provisions of the Data Protection Act 1998, and more crucially what would need to be done to meet the requirements, so that I have some base of evidence and legal reasoning to put forward (for example, at no point in the download or installation process is it identified which information is being gathered, how it will be stored, by whom, how it will be used, or who to contact). While trying to act as a critical friend works in other areas I've had little success swaying opinion within Canonical-paid Ubuntu circles. (As an aside, it appears that being only enthusiastic about Ubuntu and all decisions, or at least getting in line, is a requisite for employment there.) J -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: EFF Privacy; hopefully Ubuntu will listen to users
On Mon, Nov 5, 2012 at 12:28 PM, J Fernyhough j.fernyho...@gmail.com wrote: (As an aside, it appears that being only enthusiastic about Ubuntu and all decisions, or at least getting in line, is a requisite for employment there.) It is not. -- Martin -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: EFF Privacy; hopefully Ubuntu will listen to users
On 05/11/12 15:08, Jordon Bedwell wrote: We've just had the Ubuntu Developer Summit during which the next release was planned, and everyone was welcome (both in person and online). I must have missed the session on privacy, or did nobody propose one? I don't think there was one, I think this is a case of the few speaking and protecting the many and the few not having the same power as the many because some people won't do anything until the many step up and embarrass the top brass. What I am saying is, at this point I am to believe that Canonical and Ubuntu do not care one bit about this privacy cock up and they don't care that the few notice and are trying to help the many. They are probably gonna hold off until the many step up and embarrass Canonical. Or is it the case that nobody bothered to file a blueprint? Bear in mind that *anybody* in the community can create blueprints for UDS, not just Canonical. The last time I looked at the list of blueprints that had been filed for UDS-R, I can't remember seeing one on privacy. It would have made an interesting subject for the community track and would have officially documented the issues, what can be done about them and how they will be addressed. Someone much smarter than I am said in a recent blog post something along the lines of the best way to ensure a process doesn't ignore your needs is to engage with it. So the best way to get something done in Ubuntu is to engage with the development process, which means to engage with UDS where the development schedule for the next 6 months is worked out, which in turn means writing a blueprint for consideration at the next UDS. It's a couple of weeks late for UDS-R but what about creating a blueprint for UDS-S? Get the discussion going, gather examples of privacy issues and what could be done to address them. Then at the next UDS, we can work out solutions that satisfy Canonical, privacy conscious users and the rest of us and that can be implemented in time for 14.04 LTS. Disclaimer: I do *not* work for Canonical and only have limited experience of UDS as I only took part for the first time last week. Cheers, Bruno -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: EFF Privacy; hopefully Ubuntu will listen to users
On Nov 5, 2012 7:53 AM, Bruno Girin brunogi...@gmail.com wrote: On 05/11/12 15:08, Jordon Bedwell wrote: We've just had the Ubuntu Developer Summit during which the next release was planned, and everyone was welcome (both in person and online). I must have missed the session on privacy, or did nobody propose one? I don't think there was one, I think this is a case of the few speaking and protecting the many and the few not having the same power as the many because some people won't do anything until the many step up and embarrass the top brass. What I am saying is, at this point I am to believe that Canonical and Ubuntu do not care one bit about this privacy cock up and they don't care that the few notice and are trying to help the many. They are probably gonna hold off until the many step up and embarrass Canonical. Or is it the case that nobody bothered to file a blueprint? Bear in mind that *anybody* in the community can create blueprints for UDS, not just Canonical. Anyone can create one but Canonical does approve them. The last time I looked at the list of blueprints that had been filed for UDS-R, I can't remember seeing one on privacy. It would have made an interesting subject for the community track and would have officially documented the issues, what can be done about them and how they will be addressed. There was some privacy discussion at the Unity Shopping Lens session. Someone much smarter than I am said in a recent blog post something along the lines of the best way to ensure a process doesn't ignore your needs is to engage with it. So the best way to get something done in Ubuntu is to engage with the development process, which means to engage with UDS where the development schedule for the next 6 months is worked out, which in turn means writing a blueprint for consideration at the next UDS. It's a couple of weeks late for UDS-R but what about creating a blueprint for UDS-S? Get the discussion going, gather examples of privacy issues and what could be done to address them. Then at the next UDS, we can work out solutions that satisfy Canonical, privacy conscious users and the rest of us and that can be implemented in time for 14.04 LTS. Disclaimer: I do *not* work for Canonical and only have limited experience of UDS as I only took part for the first time last week. Cheers, Bruno -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: EFF Privacy; hopefully Ubuntu will listen to users
On Mon, 2012-11-05 at 15:52 +, Bruno Girin wrote: It's a couple of weeks late for UDS-R but what about creating a blueprint for UDS-S? Get the discussion going, gather examples of privacy issues and what could be done to address them. Then at the next UDS, we can work out solutions that satisfy Canonical, privacy conscious users and the rest of us and that can be implemented in time for 14.04 LTS. Disclaimer: I do *not* work for Canonical and only have limited experience of UDS as I only took part for the first time last week. The development process for Ubuntu does not start or stop with UDS. There are mailing lists (you know, like the one you're discussing this on), IRC channels, bug reports, and on and on. Just because something wasn't discussed at UDS, doesn't mean it can't be discussed outside of UDS, or even resolved in the cycle that the UDS was for. There's no need to wait another 6 months to have someone yet again forget to make a blueprint to discuss it at UDS. Also, Canonical and the rest of the community, are not separate. Canonical is merely part of the Ubuntu community, and provides most of the infrastructure, financing, and a significant portion of the development which allows the Ubuntu community to work so well together. Canonical cares a great deal about privacy, and twisting some of the words that it, and Ubuntu's founder, posted about the recent worries of privacy, to mean the opposite of that, doesn't help the situation much at all. What he said was if you don't trust Canonical/Ubuntu already, and you're running Ubuntu, then you're doing something wrong. When you download an Ubuntu ISO, or view the web site, or wiki, or Launchpad, or update an existing install, or install additional software from the archive, your IP is logged via the HTTP server logs. When you install Ubuntu, you're placing a certain level of trust that it won't eat your machine. When you search on Google, your search terms and IP are logged; not only on Google, but on any of the resulting links that you click through to. You need to not only trust Google to do the right thing with that data, but also any of the sites it refers you to. Any reasonable person will understand that no software is perfect, and that any software will need continuing improvements. Dealing with concerns from the user base, whether they are about privacy or simple bugs in the software, is no different. The best way to go about getting any of the concerns fixed, is to document specific individual concerns, and file them in bug reports. Simply crying wolf (or OMG Privacy! in this case), doesn't specifically state anything helpful to either the developers, or the users. It only serves to stir the pot. So let's please try to keep the FUD around the issue, to a minimum. There were large changes to address some specific user concerns around the dash search, that went in *after* various freezes were in effect. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: EFF Privacy; hopefully Ubuntu will listen to users
On Monday, November 05, 2012 11:53:03 AM Rodney Dawes wrote: ... There were large changes to address some specific user concerns around the dash search, that went in after various freezes were in effect. ... That's also true of the shopping bits of dash search itself, so without time travel, having it be any way is impossible. Perhaps if Canonical had decided to work within the existing Ubuntu release process, this could have been landed earlier with a lot less heat/light since there would have been lots of time to consider the best approaches for various issues. Scott K -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: EFF Privacy; hopefully Ubuntu will listen to users
On 5 November 2012 11:53, Rodney Dawes rodney.da...@canonical.com wrote: There were large changes to address some specific user concerns around the dash search, that went in *after* various freezes were in effect. One example is http://pad.lv/1065652 which while obviously a user interface change, happened after Final Freeze without the typical paperwork; presumably because it was *that* critical to mitigate the privacy concerns. Jeremy -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: EFF Privacy; hopefully Ubuntu will listen to users
On Mon, Nov 5, 2012 at 11:14 AM, Jeremy Bicha jer...@bicha.net wrote: One example is http://pad.lv/1065652 which while obviously a user interface change, happened after Final Freeze without the typical paperwork; presumably because it was *that* critical to mitigate the privacy concerns. I think you are starting intermingle and confuse the difference between addressing privacy concerns and avoiding a lawsuit by adding in legal notices, the latter has nothing to do with the former and the latter only addresses the concerns of Canonical and Ubuntu. Even if you try to argue it addresses anything, it's not. Realize the truth. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: EFF Privacy; hopefully Ubuntu will listen to users
Le 05/11/2012 18:14, Jeremy Bicha a écrit : On 5 November 2012 11:53, Rodney Dawes rodney.da...@canonical.com wrote: There were large changes to address some specific user concerns around the dash search, that went in *after* various freezes were in effect. One example is http://pad.lv/1065652 which while obviously a user interface change, happened after Final Freeze without the typical paperwork; presumably because it was *that* critical to mitigate the privacy concerns. Indeed, it happens the day of the Release Candidate, we got some IRC discussion around it and a member of the release team reviewed the upload + some extra testing from the QA team. Nobody of the documentation team was around and it was as you say, critical to get in for the RC (less than 24h deadline are always fun :)). I took great care that we don't introduce in the dash some untranslated strings (stealing the strings from ubuntu-online-account gnome-control-center panel). It wasn't an option to not include it after checking with the legal team, even if that was meaning some screenshots and documentation slightly outdated (without breaking the main documentation understanding though). Cheers, Didier -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: EFF Privacy; hopefully Ubuntu will listen to users
On Mon, 2012-11-05 at 12:11 -0500, Scott Kitterman wrote: On Monday, November 05, 2012 11:53:03 AM Rodney Dawes wrote: ... There were large changes to address some specific user concerns around the dash search, that went in after various freezes were in effect. ... That's also true of the shopping bits of dash search itself, so without time travel, having it be any way is impossible. Perhaps if Canonical had decided to work within the existing Ubuntu release process, this could have been landed earlier with a lot less heat/light since there would have been lots of time to consider the best approaches for various issues. I don't know all the specifics of how they went in, or the exact course of process they took, but I do know they landed after freezes, and part of 'within the existing Ubuntu release process' includes 'sabdfl override' which the feature itself may or may not have fallen under. Either way, some of the changes landed extremely late (even after the feature itself), to help address some of the user concerns. That was the only point I'm making. I don't disagree that it would be better if some of the teams would align better with the release process. It certainly would be. However, there are also also some issues with doing that as relates to the Canonical 'skunkworks' projects which Mark also blogged about recently. I don't know if it's been done before or not, but perhaps the Release Team, and Tech Board, should take up any concerns related to some of the Canonical projects' involvement in that process, with the appropriate members of Canonical staff, including Mark (who is on TB anyway). Again, another discussion that would have been great to have at UDS with everyone in the same room, but which seems to perpetually get complaints, and perhaps not discussed at appropriate times. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: EFF Privacy; hopefully Ubuntu will listen to users
On 11/05/2012 11:32 AM, Benjamin Kerensa wrote: On Nov 5, 2012 7:53 AM, Bruno Girin brunogi...@gmail.com Or is it the case that nobody bothered to file a blueprint? Bear in mind that *anybody* in the community can create blueprints for UDS, not just Canonical. Anyone can create one but Canonical does approve them. Did someone file one and it not get approved? If not, this isn't an excuse. cJ -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: EFF Privacy; hopefully Ubuntu will listen to users
On 5 November 2012 13:19, Rodney Dawes rodney.da...@canonical.com wrote: I don't know if it's been done before or not, but perhaps the Release Team, and Tech Board, should take up any concerns related to some of the Canonical projects' involvement in that process, with the appropriate members of Canonical staff, including Mark (who is on TB anyway). Again, another discussion that would have been great to have at UDS with everyone in the same room, but which seems to perpetually get complaints, and perhaps not discussed at appropriate times. We did have that discussion Thursday morning. https://blueprints.launchpad.net/ubuntu/+spec/desktop-r-ps-uife-ffe-sru Jeremy -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: EFF Privacy; hopefully Ubuntu will listen to users
On Monday, November 05, 2012 12:14:51 PM Jeremy Bicha wrote: On 5 November 2012 11:53, Rodney Dawes rodney.da...@canonical.com wrote: There were large changes to address some specific user concerns around the dash search, that went in *after* various freezes were in effect. One example is http://pad.lv/1065652 which while obviously a user interface change, happened after Final Freeze without the typical paperwork; presumably because it was *that* critical to mitigate the privacy concerns. The release team was aware of that one. It was approved on IRC, IIRC, after review of screen shots of the intended change. It was without the normal coordination (UIF exceptions are mostly about making sure that the change has been coordinated with -docs/translations), but it was also not done without the release team knowing. This is exactly the kind of thing that could have been landed a lot more smoothly if the entire shopping lens change hadn't been landed so late in the release. Scott K -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: EFF Privacy; hopefully Ubuntu will listen to users
On Monday, November 05, 2012 08:32:35 AM Benjamin Kerensa wrote: Or is it the case that nobody bothered to file a blueprint? Bear in mind that anybody in the community can create blueprints for UDS, not just Canonical. Anyone can create one but Canonical does approve them. There are a variety of people that can approve specs for different reasons related to the work they do on Ubuntu. Not all of them work for Canonical. Scott K -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: EFF Privacy; hopefully Ubuntu will listen to users
On Monday, November 05, 2012 01:19:51 PM Rodney Dawes wrote: On Mon, 2012-11-05 at 12:11 -0500, Scott Kitterman wrote: On Monday, November 05, 2012 11:53:03 AM Rodney Dawes wrote: ... There were large changes to address some specific user concerns around the dash search, that went in after various freezes were in effect. ... That's also true of the shopping bits of dash search itself, so without time travel, having it be any way is impossible. Perhaps if Canonical had decided to work within the existing Ubuntu release process, this could have been landed earlier with a lot less heat/light since there would have been lots of time to consider the best approaches for various issues. I don't know all the specifics of how they went in, or the exact course of process they took, but I do know they landed after freezes, and part of 'within the existing Ubuntu release process' includes 'sabdfl override' which the feature itself may or may not have fallen under. Either way, some of the changes landed extremely late (even after the feature itself), to help address some of the user concerns. That was the only point I'm making. I don't disagree that it would be better if some of the teams would align better with the release process. It certainly would be. However, there are also also some issues with doing that as relates to the Canonical 'skunkworks' projects which Mark also blogged about recently. I don't know if it's been done before or not, but perhaps the Release Team, and Tech Board, should take up any concerns related to some of the Canonical projects' involvement in that process, with the appropriate members of Canonical staff, including Mark (who is on TB anyway). Again, another discussion that would have been great to have at UDS with everyone in the same room, but which seems to perpetually get complaints, and perhaps not discussed at appropriate times. It was extensively discussed at UDS-R and I believe things will go better in the next cycle. I realize that Mark's SABDFL veto is part of existing Ubuntu processes. I don't have any disagreement with his authority to do so. I do think it is mistaken for development teams (generally, but not inevitable) from inside Canonical that plan on getting in that way. Scott K -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: EFF Privacy; hopefully Ubuntu will listen to users
On Mon, 2012-11-05 at 13:58 -0500, Scott Kitterman wrote: I don't know if it's been done before or not, but perhaps the Release Team, and Tech Board, should take up any concerns related to some of the Canonical projects' involvement in that process, with the appropriate members of Canonical staff, including Mark (who is on TB anyway). Again, another discussion that would have been great to have at UDS with everyone in the same room, but which seems to perpetually get complaints, and perhaps not discussed at appropriate times. It was extensively discussed at UDS-R and I believe things will go better in the next cycle. I realize that Mark's SABDFL veto is part of existing Ubuntu processes. I don't have any disagreement with his authority to do so. I do think it is mistaken for development teams (generally, but not inevitable) from inside Canonical that plan on getting in that way. Great. I know for Ubuntu One at least, we try to align with the schedule and meet the freeze deadlines and requirements as best as possible, though sometimes we do have to slip. However, I also push for my team at least to not have to do freeze exceptions unless it's absolutely required, and try to be as strict about what we can or can't put in our stable branches (and the accompanying releases) at that point, as the SRU and release teams would be, since I'm the one doing the packaging for all our projects. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: EFF Privacy; hopefully Ubuntu will listen to users
On Monday, November 05, 2012 02:27:06 PM Rodney Dawes wrote: On Mon, 2012-11-05 at 13:58 -0500, Scott Kitterman wrote: I don't know if it's been done before or not, but perhaps the Release Team, and Tech Board, should take up any concerns related to some of the Canonical projects' involvement in that process, with the appropriate members of Canonical staff, including Mark (who is on TB anyway). Again, another discussion that would have been great to have at UDS with everyone in the same room, but which seems to perpetually get complaints, and perhaps not discussed at appropriate times. It was extensively discussed at UDS-R and I believe things will go better in the next cycle. I realize that Mark's SABDFL veto is part of existing Ubuntu processes. I don't have any disagreement with his authority to do so. I do think it is mistaken for development teams (generally, but not inevitable) from inside Canonical that plan on getting in that way. Great. I know for Ubuntu One at least, we try to align with the schedule and meet the freeze deadlines and requirements as best as possible, though sometimes we do have to slip. However, I also push for my team at least to not have to do freeze exceptions unless it's absolutely required, and try to be as strict about what we can or can't put in our stable branches (and the accompanying releases) at that point, as the SRU and release teams would be, since I'm the one doing the packaging for all our projects. In case you missed the sessions, the short version of the discussion is that we've moved feature freeze to the right to give more development time (IIRC 3 weeks), but the release team will be substantially more strict about what it gives an exception to this next cycle. Scott K -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: EFF Privacy; hopefully Ubuntu will listen to users
I agree with every single word Nick wrote. The path Ubuntu is taking with regard to privacy and unauthorized background connections to the internet makes me VERY uneasy. I do understand this is a complex problem, which can not be tackled with only one perspective in mind (e.g. Canonical wants to make money out of the OS it created, which seems fair). This problem may not appeal to many, or the majority may think this is not to be wasted time on. Well, issues like this are the ones that motivate a fork (e.g. OpenOffice and LibreOffice) at one time or another. Is it necessary to reach that point? I don't think so. It would be a waste of code and resources. So, what can we do? IMHO, speak up as a community and draw a clear line of what is and what is not acceptable. Too difficult to specify? Then let's create some guidelines (that may very well exist already) to which built-in applications/packages shall comply. Best regards, Germán PS: I'm not a relevant developer for Ubuntu at all. Nonetheless, I'm quite an evangelist of it, and other open source software too (among them some I've contributed to) thus I feel compelled to protect what I've defended countless times in arguments with anti-OSS people. Date: Tue, 30 Oct 2012 00:03:13 -0400 From: nick rundy nru...@hotmail.com To: ubuntu-devel-discuss@lists.ubuntu.com ubuntu-devel-discuss@lists.ubuntu.com Subject: EFF Privacy; hopefully Ubuntu will listen to users? Message-ID: bay002-w3239077a170718e5b5745dd5...@phx.gbl Content-Type: text/plain; charset=windows-1256 The most important thing to me as a computer user is the privacy security of the data I entrust my OS to handle and the OS's communication to me about what internet connections my OS and the Applications installed on it are making. Ubuntu is not doing well in this regard lately. In the dialog that comes up on a new 12.10 install asking me to contribute to Ubuntu, I saw no option indicating Privacy Security of Ubuntu. Yet this is the most important thing to me and the thing most likely to make me want to contribute. I have been speaking out about the privacy (data leaking) issues that keep popping up in Ubuntu over the last few development cycles for a while now. I've received a lot of grief over it on the Ubuntu forums elsewhere. But it is very important to me so I have continued to speak out. I speak out not to put Ubuntu down or criticize anyone in particular. I simply want to draw attention to an important topic and hopefully get the issues addressed in the development cycle. It's encouraging to see that the EFF shares my concerns: https://www.eff.org/deeplinks/2012/10/privacy-ubuntu-1210-amazon-ads-and-data-leaks The Amazon ads are just the latest example however. The problem was seen in 12.04 with the geoclue-ubuntu-geoip package. This package is/was a major privacy issue with no solution. There is no way to uninstall this package from 12.04 without loosing Time in the top-panel. And then there is/was the unity-lens-video and unity-lens-music package issues. These regularly connected to the internet in the early 12.04 days, even when the Local Disk filter was selected. Thankfully I spotted this and reported it and it was fixed. But the whole idea that the Dash connects to the internet for everything is a concept that is VERY unappealing to many users who value their privacy and security. Web Browsers are designed and built with Security Privacy capabilities by design. The Dash does not have these same Privacy Security features nor does it have the UI to communicate security privacy to the user like Web Browsers can. Why would I want to use the Dash for internet connections when I can use a Web Browser and gain all the security/privacy it offers? I want the Dash to SOLELY work locally and have nothing to do with the internet (which is the province of my Web Browser). It is encouraging to see Ubuntu start to work towards addressing this with 13.04. But I have been speaking to this for over a year now, and all I've got from it is criticism and frankly meanness from many people. Notwithstanding the Dash, the larger issue still exists that there is no way to control internet connections in general from an Application perspective. Users of Ubuntu cannot control which Applications can and cannot connect to the internet. And users have poor options for learning about active connections. There are tools available, but these are real time apps with no logging capabilities. Couple this with the fact that Ubuntu is now sending data off to Third Parties as a course of doing business and this issue is now the most serious issue facing Ubuntu as there are users that will totally stop using the OS for privacy/security concerns. Essentially, Ubuntu needs to do two things: 1) make privacy/security a important consideration in all new features while giving users the option of making the Dash a completely LOCAL feature
