This is a small corner of a very big issue, and there's nothing childish about the argument.
I suspect the intent here, when the decision was made to omit the opt-in setup, was to simplify the user setup experience. For most people, most of the time, this relatively benign "spyware" is not an issue. And amazon's targeted ads & results provide a penny-stream that helps feed Canonical, and seems innocuous. But it's stepping over a line from purity of purpose to commercial data-mining, and deserves at least a first-time-use dialog. RMS reminds us that we're dipping a toe in a very deep swamp here, and the best time to discuss the issues is before we get even a little wet. Because it's a very slippery slope into malicious code & eavesdropping, to espionage & censorship, and past this point _none_ of the players is totally honest. When Walls_have_Ears, remember Amnesty International's unsettling reminder that Ears_have_Walls. Google.com's DoNoEvil policy reminds us, by their need to state it, that 3rd-party search invites evil. SSL reduces risks along the plumbing, but cannot offer any guarantees about the endpoint. Maybe it's a good policy for Ubuntu, and other like-minded distros & products, to pop up a one-time dialog here, _before_ opting in to some data-mining on the user's behalf. The GPL Preamble has the right texture (but quite different subject matter) - it's an opportunity to point out the difference (which 12.10 seems to have erased) between commercial & truly free behavior. Perhaps "Do you want to use external search engines, which may result in your search being visible to other parties? Some software trades your privacy for external services, for example by giving you search results, but other parties some indication of what _you_ are looking for, often bringing paid advertising to you. Sometimes your privacy is critical, so we strive never to do this without offering to warn you. . When such an exchange of privacy for service is taking place, do you want to ... [ ] allow queries to be sent off-machine [ ] restrict searches to local machine only [ ] allow external queries, but only via an "anonymising" service [*] ask me each time " Forgive me if I'm re-covering old ground here - I didn't notice the opt-in/out dialog of the Ubuntu <= 12.04 dash, and security of search here isn't a big issue for me. But it's a breach of trust in what I naively assumed: that the free (as in speech) nature of the software also implied free (as in beer). When my keystrokes are buying someone else a pint by being sold, some small freedom is eroded. But it's more than spilled beer when that backchannel can be exploited to watch all my search keystrokes, by compromising a different machine, downstream in a search service I didn't even know I was consulting -paranoid pete On Thu, Dec 13, 2012 at 10:23 PM, Grant Bowman <[email protected]> wrote: > On Thu, Dec 13, 2012 at 9:55 PM, Jono Bacon <[email protected]> wrote: > > On Thu, Dec 13, 2012 at 9:27 PM, Grant Bowman <[email protected]> > wrote: > >> For discussion: > >> http://www.jonobacon.org/2012/12/07/on-richard-stallman-and-ubuntu/ > >> > >> I am trying to reserve judgement but the 12.10 install I tried seemed > >> to sacrifice privacy a little too easily and I don't like the idea of > >> money being made by default from Ubuntu for Canonical. At the same > >> time I don't agree with all of what RMS said but some of what he says > >> is true for me. http://www.fsf.org/blogs/rms/ubuntu-spyware-what-to-do > >> > >> What do you think? > > > > > > "I don't like the idea of money being made by default from Ubuntu for > > Canonical" > > > > What is the objection about Canonical making money in Ubuntu given the > > millions of dollars invested into Ubuntu? > > I think trust is the primary issue. > > First, that was a partial quote of a sentence and I think not the most > important aspect of this whole debate. Second, I didn't express that > particular sentiment accurately. Perhaps it would be more clear with > an appended "in this way." I am not alone in feeling this particular > implementation crosses a line of trust. Perhaps as you say Canonical > "didn’t get it 100% right". That's why I am trying to reserve > judgement despite it being released in a non LTS version inserted at > the last minute from what I heard. If Canonical had submitted a > similar feature to Debian do you suspect it would have gotten accepted > or is Canonical somehow abusing it's specially entrusted power? People > trust this environment because it is level and open. This feature as > implemented so far is neither. > > Other entities including but not limited to the EFF have expressed > their concerns pretty well. > > https://www.eff.org/deeplinks/2012/10/privacy-ubuntu-1210-amazon-ads-and-data-leaks > > Where is the money coming from? Facebook, Twitter, BBC, Amazon and > other third parties of Canonical's choosing, right? This is done by > keylogging "send your keystrokes" from all the searches on a default > install with no notice to end users, right? Making money from work one > does is what Canonical has carefully done in the past. I believe > Canonical is trying to find the balance and is doing a better job than > anyone else I think in this regard. > > I hope this discussion can stay on topic and not get derailed by my > misstating my position on that one point. > > Grant > > -- > Ubuntu-us-ca mailing list > [email protected] > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/ubuntu-us-ca > -- -pete
-- Ubuntu-us-ca mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-us-ca
