Forgot your password?
typodupeerror
Ubuntu Privacy Linux Your Rights Online

The Dash Is Now Anonymized In Ubuntu 13.10 183

Posted by timothy
from the all-depends-who's-doing-the-mining dept.
Last year, Canonical drew heat for the troublesome privacy implications that people like Richard Stallman saw in its in-built search-and-shopping facilities. An anonymous reader now writes "Long story short — Canonical now makes the user's data anonymous."
This discussion has been archived. No new comments can be posted.

The Dash Is Now Anonymized In Ubuntu 13.10

Comments Filter:
  • It works! (Score:5, Funny)

    by Anonymous Coward on Sunday September 22, 2013 @11:41AM (#44917921)

    Posted from new Ubuntu.

  • by Anonymous Coward

    So anonymity != privacy? Would someone care to elaborate what's going on?

    • Re:I don't get it (Score:5, Insightful)

      by hedwards (940851) on Sunday September 22, 2013 @11:54AM (#44917987)

      The difference is that anonymity means they can still collect all your information, just not your identity. So, you're just one breech away from having all of your information spilled to them. What's more, when it comes to online services and such, the name isn't usually that important, they don't really know that my name is Sir Dragon King of the 4th order of New Castle.

      Just because one is anonymous, does not mean that one has privacy, when I go out in public, I'm anonymous, but people can see everything that I do.

      • by Anonymous Coward on Sunday September 22, 2013 @12:24PM (#44918135)

        I used to run 40+ Ubuntu clients. Unfortunately, Cannonical has added so many new features: Zeitgeist, Mono, Amazon monitoring, Unity, UEFI, MIR, etc. that most of the community left. Their Distrowatch ratings have been plummeting since the glory days of 10.4.

        Although the desktop flavor of the month is Mint (an Ubuntu fork) right now, a lot of the crapware is removed, and much of the progress is going back to Debian. I am grateful for the investment by the Benevolent Dictator for Life (Mark Shuttleworth), and the progress that Linux has made because of Cannonical's work. That being said, there is an adage in the Linux user space:

        "How do you become a millionaire selling open source software? Start out as a billionaire."

        The profit model is broken for Cannonical. It is sad to see it wither.

        • by Anonymous Coward

          How do you exactly know ? Maybe he sold us to the intel service of Buttfuckistan, Israel and NSA.

          Maybe he is now worth 5 billions instead of 1 billion.

        • by gmuslera (3436)

          The profit model is still adapting to the new realities. They are playing as a redhat competitor (support, server versions), in the smartphone/tablet arena (Android? Sailfish? Samsung? Those cover different areas), a market for commercial linux programs, and other services (music, cloud storage, the company is not US based so could distance itself from the NSA monitored crowd, at least not aware that GCHQ is forcing companies to put backdoors... yet) . Redhat took years to be profitable,

          Several areas chang

        • Unfortunately mint has some similar tricks, for example they automatically set Open DNS as a DNS provider which means any mistyped addresses or queries intended fit the browser to handle are instead sent to advertising pages.

          I'd also argue that removing the search providers Mozilla ships in exchange for one that pays mint (as opposed to the people who actually pay the browser developers) is also ethically questionable.

        • To be honest, I still have Ubuntu on one computer but on the whole I've moved back to Debian stable. I did try Mint, but found it sufficiently broken in minor ways to be just irritating. Yes, Debian is broken too, in as much as installing codecs and playing media is a complete pain, but it's broken in ways which don't greatly influence things I actually want to do. For my everyday use - writing software, browsing the web, reading email - Debian stable is rock solid and unannoying.

          Yes, just occasionally I cu

      • But what do they define as "identity"?
        Can they collect your address, or at least guess at it? What about your first or last name, your credit card, your SSN, your IP address. At what point do they have to stop, because one inch more is your "identity".

        I imagine their stopping point is long after it would be easy to compute your identity from the information they have already gathered.

        • by gl4ss (559668)

          well nsa sure as fuck can match you to it.

          for some reason shuttleworth just likes pretending that he isn't after the data stats on what is popular and what is not.

          I mean, if they just wanted to help people, they could easily just have an extra search result sitting there that was a link to "Search this term on the internet".

          but yeah, then they wouldn't be getting on stats.

          And this whole debacle makes me second guess the reasoning why they made the UI in such a fashion that you're likely to need to use the q

      • by nurb432 (527695)

        when I go out in public, I'm anonymous

        You keep on believing that. And be sure to smile to the automated facial recognition system attached to that camera on the ( every ) street corner. ( and building, ATM, cash counter, police car, 2/3 of the people around you posting pictures on facebook..... )

        • by hedwards (940851)

          I don't let people take my picture. And I used to work security, so I know how to dodge cameras without having to act suspiciously. Hint, it's not that hard.

          What's more, none of those cameras are hooked into anything. In most cases the tapes are deleted within a month as it's just too expensive to have somebody sitting there recording every time that somebody comes into frame. What's more, the cameras are low resolution and designed to be on 24/7, not for high fidelity HDTV.

          Yes, it's something to be concern

          • by nurb432 (527695)

            That's funny, i also have worked in that field and ours was hooked up.

            I also know that all the ones on the street corner are active and being record. Not long ago we used it to identify ( using drivers record images ) of some moron that was shooting people on the sidewalk during a rather large event one evening. ( wasn't even daylight )

            But if you want to think you know something and can 'dodge cameras', feel free.

      • by Alsee (515537)

        The difference is that anonymity means they can still collect all your information, just not your identity.

        There's no change in what Canonical collects. It's still the exact same spyware as before. Canonical merely says now that they'll try not to hand out your IP address to other people when they hand out your local searches.

        -

      • by exomondo (1725132)
        But it's free software and it's open source! That's the whole point, you can see what it's doing, verify that it's working as expected and if you don't like it, change it!
    • Re:I don't get it (Score:5, Interesting)

      by Virtucon (127420) on Sunday September 22, 2013 @12:22PM (#44918121)

      Anonymity != Privacy because we're in the age of big data [post-gazette.com] where large data sets can be cross-correlated to profile an individual. From stores that track your cell phone [foxbusiness.com] while you're shopping to big chain stores figuring out you're pregnant [nytimes.com], big data techniques are invading your privacy in more and more ways. If you think that anonymous data collection is safe, it's still data collection and despite people's best efforts, we are of course creatures of habit and your repetitive habits allow people to build fingerprints about you. If you have enough data points, even anonymous data points, you can build a profile of an individual, their habits, their likes, their dislikes and where they go on the Internet. If you can take that profile and match it against an individual using other correlating data you've been identified. This has been proven for example in the 2007 Netflix prize competition where anonymous movie reviewers were tracked down. [utexas.edu] There's lots of examples on this and over the past few years, techniques have become much better at picking individuals out of anonymous data sets. [wired.com]
        More chilling is a study released this year [mit.edu] showed that using in analyzing anonymous cell phone tracking data, 95% of 1.5 million individuals could be identified.

      What this means that as long as companies are able to collect data about you, whether tagged or anonymous, you're still being tracked somewhere and that is no guarantee that your privacy is protected. What has to happen to provide privacy is to stop all of the tracking and I don't see companies nor governments giving up that mechanism anytime soon.

      • by Shavano (2541114)

        How to minimize your tracking footprint:

        • Do not do any of the following:
        • Use a cell phone
        • Use a credit card
        • Pay by check
        • Connect to the internet through any device you own
        • Have any online account of any kind (includes Slashdot)
        • Have any children
        • Hire anyone
          • And if you're extremely cautious don't do these either
          • Own a home
          • Rent a home (under your own name)
          • Have a job
          • Cash a check
          • Get married
          • Get divorced

        What I'm illustrating here is in modern society people want to have it both ways. They want to be constantly connected

  • “No more privacy”? I think this headline is missing a word.
  • by Joining Yet Again (2992179) on Sunday September 22, 2013 @11:45AM (#44917949)

    typing a word in the Dash, pushes the word against (along with the locally-installed scopes) the Canonical servers, the Canonical servers decide the best results, the results are then anonymized and finally landed in the Dash.

    The fuck? If you can't see any privacy implications here, you're a dilettante.

    And anonymisation of results - what? If I search for "loli president bomb" then that's what's going to get me in trouble, not the results I receive.

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      The fuck? If you can't see any privacy implications here, you're a dilettante.

      This statement might carry a bit more weight if your standard garden-variety Slashdot reader didn't see privacy implications in bowls of alphabet soup.

    • by Gothmolly (148874) on Sunday September 22, 2013 @12:19PM (#44918105)

      Loli President Bomb is my new band name.

    • by kermidge (2221646)

      I think that I'll hold off on a verdict until I read something written by someone who understands the steps involved and has the English to describe them.

      Whatever the case I would expect that sending a search out from one's machine can be turned off, just as can be done now. If one is truly exercised or doesn't trust his favorite network monitoring tool, that bit of scope can be blocked or removed.

    • Re: (Score:2, Insightful)

      If I search for "loli president bomb" then that's what's going to get me in trouble, not the results I receive.

      As if the user-agent string wouldn't land you on the watchlist. That wasn't a joke [prisonplanet.com] by the way. And as far as the results you receive, you probably shouldn't trust those either [techdirt.com]. But let's set aside your awesome new indy band name Loli: President Bomb and focus on the real issue here: The gullibility of free software consumers. They are exactly as gullible as Windows and Macintosh users, it would seem: They're trusting an abstract organization that is continuing to collect personally-identifiable information,

      • by mvdwege (243851)

        No, you'll get mod-bombed for being a trolling twat.

        Here you are, after plenty of disparaging comments, after almost two years of unrelenting Ubuntu criticism, suggesting that the Linux world still idolizes Ubuntu (the assumption it ever did is a further troll mark)

        Mart

    • by xatr0z (633279)
      Context: This only happens if you type in a word in the textbox "SEARCH YOUR COMPUTER AND ONLINE SOURCES". So yes, then it is going to search online sources. If you don't want this at all then you can disable it, or just remove amazon etc.
      I think that this possibility to configure your own online and local sources is an huge improvement compared to what people otherwise would do (search google if you want a recipe, something on wikipedia, name of an artist or do an calculation).
      • As long as it's disabled by default, brings no revenue to the developer (so there's no conflict of interest), and can only be enabled by explicit installation of client software and acknowledgement of an enumeration of clearly worded warnings, it might be ok.

    • by Arker (91948)
      Yeah, this is nonsense, they're still pushing local searches out across the internet without so much as a by-your-leave. No one with a clue will be mollified by it. But I guess no one with a clue would be caught dead using Ubuntu either, so maybe they dont care.
  • by Gothmolly (148874) on Sunday September 22, 2013 @11:49AM (#44917965)

    Care to rephrase that, smitty?

  • Piss Poor Submission (Score:5, Interesting)

    by Anonymous Coward on Sunday September 22, 2013 @11:59AM (#44918019)

    There may, or may not, be a story here. But, the submission is from someone who seems to not have mastered the English language, in which it is written, and therefore it makes little or no sense at all. The submisison is completely worthless.

    Whether or not Ubuntu has restored any semblance of privacy to the desktop search remains an exercise for the reader. But, I can't be bothered. Ubuntu has broken my trust and I won't be arsed enough to see if they have chosen to change, a little bit, for now. There are still several Linux distributions that still lack the phone home and spyware trojans that Ubuntu has chosen to use.

  • by Anonymous Coward

    Its good to know their system now protects the origin of request via Tor, and protects you from identifying your self based on the search content by searching and encrypted copy of their data with your encrypted query using Homomorphic encryption. Its too bad that its still vulnerable though, due to traffic pattern analysis, and measurement of result volumes. Its would just wreck the user experience if they employed proper packet ageing like I2P is planning.

    Who thought it was a good idea to pipe all your lo

  • This is good news on it's own without adding the troll Richard Stallman to summary, but clicks=money I suppose.

  • by KNicolson (147698) on Sunday September 22, 2013 @12:46PM (#44918247) Homepage
    It's a bit of a non-story in my opinion, as I think most people worry about Ubuntu and their direct partners slurping all their search info, whereas this "news" is that they now insert an anonymiser into image URLs [google.com] so that random web site Z doesn't pick up your IP address when your computer tries to render an image.
  • I'm not familiar with this "Dash" thing. Can't it just be taken out when you install the new Ubuntu?

    If it's something that you have to install when you install Ubuntu, then Canonical has made a big mistake.

    • Yeah.

      That's part of the reason I stopped using Ubuntu. Now every install has me spending more time removing bullshit than it took me to do the install itself. resolvconf (especially on servers? WTF), dash, social networking shit, some kind of file indexer that wants net access for some reason...

    • by iggymanz (596061) on Sunday September 22, 2013 @01:51PM (#44918519)

      Yes, use Linux Mint, it's Ubuntu without the suck

      • by PopeRatzo (965947)

        Thank you. Linux Mint it is. I use a Linux box as part of my digital audio workstation, for offloading processing chores, file-serving, streaming and rendering. I haven't had to do anything to the current one in about three years, and I think it's due for an upgrade.

        I certainly don't need any social networking or shopping stuff on it.

    • by Urkki (668283)

      I'm not familiar with this "Dash" thing. Can't it just be taken out when you install the new Ubuntu?

      Easiest is to install Kubuntu, Xubuntu or Lubuntu instead of the "main" distro.

  • Eh... (Score:3, Interesting)

    by Lumpy (12016) on Sunday September 22, 2013 @02:27PM (#44918715) Homepage

    Smart users rip it out ASAP. Smarter users dont use ubuntu and use Mint or another version where they actually care about the user.

    • by msobkow (48369)

      You mean all the people who use a desktop other than Unity.

      Which, from what I've seen, is 99% of the population.

      • by 0123456 (636235)

        You mean all the people who use a desktop other than Unity.
        Which, from what I've seen, is 99% of the population.

        Problem is, they dropped Gnome 2, and XFCE is a pretty clunky replacement.

        • by Lumpy (12016)

          I suggest you investigate Cinnamon... It's Gnome 2 but from skilled developers that are not chasing ooooh Shiny.

        • by rbprbp (2731083)

          Problem is, they dropped Gnome 2, and XFCE is a pretty clunky replacement.

          This is what you use MATE for. It's pretty much GNOME 2.

    • I use Ubuntu, but I don't use Unity. After customizing both distros are practically the same thing after all.

      • by X0563511 (793323)

        In which case why don't you start with the one closer to what you want?

        I'd rather install Mint and rip out the, well, three things or so I don't want, then try to do the same thing with Ubuntu and find out that "ubuntu-desktop" DEPENDS on $RANDOM_BULLSHIT_I_DONT_WANT and has no reason for being an absolute dependency instead of a suggestion or recommendation.

        That I have to use equivs or remove the metapackage and stay on top of updates manually is... dumb. Incredibly, ridiculously dumb.

  • so the problem was that you type stuff in the dash, that goes to various results providers (scopes) including one that sent it to products.ubuntu.com, which in turn queried the Amazon API for your search term (and the youtube API and some other places) (the new smart scopes thing is a server-side variable bias that it applies to the sources of results). So, products.ubuntu.com gives you some results, in these were some image thumbnail URLs, pointing directly at Amazons image CDN. This means Amazon would see

  • AFAIR, dash sends the requests to canonical, and canonical relays them to amazon. Maybe not from day one on, but a long time before this "news". Sending them (when no explicit online search is requested) is a bad thing anyway, but this kind of "anonymity" were already provided.

Life. Don't talk to me about life. - Marvin the Paranoid Anroid

Working...