Well, it is disappointing that you choose to close this as “won’t fix”.
As pointed out in the initial bug report, this “feature” is implemented without notice or consent. In other words, and to rephrase, this was done transparently in an hidden way. Which is, to say the least, not corresponding to standard usage and best practices, let alone the security aspect by running it as root. This is definitely not very reassuring for users who are left with the suspicion, confirmed by the manager of the Ubuntu Server team, that Ubuntu is comfortable implementing (and might implement in the future) this kind of “features” and data collection without further notice or consent from the users. As professional users we have already our share of burden to protect our assets from all kinds of threats, being obliged to add to that list the base OS leaves us with no other choice but to reconsider Ubuntu as a (un)trusted provider. Sad. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to base-files in Ubuntu. https://bugs.launchpad.net/bugs/1867424 Title: motd-news transmitting private hardware data without consent or knowledge in background Status in base-files package in Ubuntu: Won't Fix Bug description: In package base-files there is a script /etc/update-motd.d/50-motd- news that harvests private hardware data from the machine and transmits it in the background every day. There is no notice, no consent, no nothing. This should be by default disabled until there is informed consent. This solution is simple: 1. Change ENABLED=1 to ENABLED=0 in the file /etc/default/motd-news and 2. Place a comment in the file disclosing the fact that the 50-motd-news script will harvest private hardware data and upload it to motd.ubuntu.com daily if the end-user enables it. Creating databases that maps ip address to specify hardware is a threat to both privacy and security. If an adversary knows the specific hardware and the ip address for that hardware their ability to successfully attack it is greatly increased. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/base-files/+bug/1867424/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
