Ubuntu Wants To Collect Data About Your System -- Starting With 18.04 LTS (fossbytes.com) 207
In an announcement on Ubuntu mailing list, Will Cooke, on behalf of the Ubuntu Desktop team, announced Canonical's plans to collect some data related to the users' system configuration and the packages installed on their machines. From a report: Before you read anything further, it's important to note that users will have the option to opt-out of this data collection. The company plans to add a checkbox to the installer, which would be checked by default. The option could be like: "Send diagnostics information to help improve Ubuntu." As per your convenience, you can opt-out during the installation. An option to do the same will also be made available in the Privacy panel of GNOME Settings. With this data collection, the team wishes to improve the daily experiences of the Ubuntu users. It's worth noting that the collected data will be sent over encrypted connections and no IP addresses will be tracked. To be precise, the collected data will include: flavour and version of Ubuntu, network connectivity or not, CPU family, RAM, disk(s) size, screen(s) resolution, GPU vendor and model, OEM manufacturer, location (based on the location selection made during install), no IP information, time taken for Installation, auto-login enabled or not, disk layout selected, third party software selected or not, download updates during install or not, livePatch enabled or not.
Debian Popularity Contest (Score:5, Insightful)
Re: (Score:2)
The vrms program will analyze the set of currently-installed packages on a Debian-based system, and report all of the packages from the non-free and contrib trees which are currently installed.
Re: Debian Popularity Contest (Score:1)
"Network connectivity or not" looks odd to me. How will they receive the report if there is no network connectivity? Nobody is dedicated enough to print and mail it to them...
Re: Debian Popularity Contest (Score:5, Interesting)
I'd suppose they're tracking whether there's network connectivity during the installation process (to make decisions about building options that require it), which can be remembered and reported later on once connectivity has been established hours or days later. Also the type of connectivity (wired vs. wifi vs. cellular) could be relevant.
Re: Debian Popularity Contest (Score:2)
It won't be.
Opt in! (Score:5, Insightful)
> Before you read anything further, it's important to note that users will have the option to opt-out of this data collection.
or maybe users should have the option to opt-in instead?
Re: (Score:2)
Yep. wish i had mod points.
fwiw, typing this on kubuntu 17.04 because 17.10 borks vmware.
Hopefully 18.04 will be better, but this makes me consider a different distro when it's time to upgrade.
Most of the "best linux distro for vmware" articles talk about linux as the guest; any ideas on which linux desktop (prefer with kde) also makes a good vmware host?
Re: (Score:3)
openSUSE Leap 42.3 or openSUSE Tumbleweed
openSUSE Leap contains stable versions of software released on a periodic cycle.
openSUSE Tumbleweed is a rolling distribution that always contains the latest stable versions of software.
Both support KDE and GNOME but they default to KDE.
Re: (Score:2)
Last time I installed Tumbleweed (about 4 months ago?) in a VMware Workstation VM, the keyboard didn't even work....
Re:Opt in! (Score:4, Insightful)
Maybe they find 90% are using a certain size or larger so they can drop support for smaller partitions.
That's completely the dumbest reason ever for collecting telemetry.
Here's another reason, which I find arguably less dumb: It costs money to pay someone to perform quality control on all packages in the archive. Canonical needs your data to keep the Ubuntu maintainers from dropping a package from its archive on grounds that fewer than a dozen people use it.
I call bullshit. (Score:2)
> Canonical needs your data to keep the Ubuntu maintainers
> from dropping a package from its archive on grounds that
> fewer than a dozen people use it.
I call bullshit. Canonical has access to package download counts from its repository servers, and can probably arrange to have mirrors supply their download counts.
Canonical DL stats exclude non-Canonical mirrors (Score:2)
Canonical has access to package download counts from its repository servers
Mirrors not operated by Canonical do not report download counts to Canonical. Thus in situations that rely on such mirrors, such as internal use within an organization or use in a less-developed country with a poor connection to the Internet, the package mix excluding mirrors may not be representative of the package mix including them. Statistics from Canonical's servers may, for example, underrepresent a package most popular in large corporate or government installations with thousand machines behind an in
Re:Opt in! (Score:5, Insightful)
Collection practice is always going to be "on" by default so the person who doesn't know anything or is click happy is going to feed into it. I don't blame any corp for going that route, so long as they give me the option up front to opt out.
The only part I have an issue with is "auto-login enabled or not" because of security implications. That should always default to off.
Re: (Score:1)
How about no choice is selected and the user is required to pick one before continuing? There's always more than two choices.
Re:Opt in! (Score:4, Insightful)
As long as it's prominently featured in the installation process and not hidden in some user config without a sensible user interface and given some cryptic name, it isn't that big a difference. Anyone who values his privacy will uncheck that box, and anyone who doesn't doesn't care either way anyway.
Re: (Score:2)
And once I know that the data is pseudonymized, I'll leave it checked.
Re: (Score:2, Interesting)
or maybe users should have the option to opt-in instead?
Yeah, but you know, the vast majority of users would never check that box, even if that could actually help us. If it really helps the Ubuntu folks (and us eventually), we need to know exactly what is sent, and if it's anonymous. Furthermore, Ubuntu is open source ; the devs would not dare to retrieve the kind of private data we don't want to make public.
Re: (Score:2, Insightful)
Nor does the vendor owe you updates (Score:2)
Users don't want to check the box? Tough shit. No one owes a vendor anything other than the list price of the product.
Nor does the vendor owe you in return any maintenance for a niche package on which you depend.
Re:Opt in! (Score:4, Interesting)
No only should you have the option to opt in, I don't think my machine should be reporting anything to anyone outside of a bug check. You want to know something about my machine you ask me.
Drop a read me file in the root directory with a link to a site that I can submit the information that I choose to submit.
Would you prefer reminder pop-ups? (Score:2)
You want to know something about my machine you ask me.
Then I assume you'd consider it appropriate for the operating system to ask you. It might take the form of a pop-up shown weekly to members of the wheel group upon logging in or unlocking:
Re: (Score:2)
I'm glad you think that. There is a checkbox you can uncheck during the install process that will make your machine behave exactly as you want.
Re:Opt in! (Score:5, Insightful)
Re: (Score:2)
I fundamentally fail to see the problem with this providing the option isn't in any way hidden and is part of a standard setup screen. People don't just gloss over the installation of their OS without seeing which options are checked.
People who care will Opt Out
People who don't care will participate.
I see no problem collecting data about people who don't care about it.
This is quite different from e.g. the Windows 10 installer which actively hides the options to opt-out of various data collection option.
Re: (Score:2)
The EU's GDPR seems to want opt in [civilsociety.co.uk]. OK that link is about receiving email, etc, but I suspect that the same would apply for data collection. This will also apply to Microsoft's telemetry.
Already cleaned the userbase (Score:1, Insightful)
Anyone who really cares already left Ubuntu with the search fiasco.
Re: (Score:2)
OK, so it's not just me!
find . -iname "*$whatever*" works, but a real windows XP type (blasphemy, I know; get over it) graphical search would be very convenient.
No network connectivity (Score:5, Funny)
"Fascinating! We haven't received a single report that indicated no network connectivity."
Switch to eelo? (Score:1)
Just wait (Score:2)
Pretty soon all of /etc will be stored in a binary database. Then you'll need a fancy GUI editor to make changes. Can't wait for this feature!
Re: (Score:2)
Re: (Score:2)
Nah, who would be that stupid to call it something that sounds like you sign up for something? Would you execute something that deals with "registry"? I would expect this to actually make contact with some place and sign me up for something I don't want.
Call it something sensible, will ya?
Re: (Score:2)
Yup. And that was a reply to this having been yet another "smart" move by MS.
Uploaded by "magic" (Score:1)
... network connectivity or not, ...
So... if there's no network connectivity, is the data uploaded by "magic"?
Comment removed (Score:5, Interesting)
Re: (Score:3)
There is some value in knowing that only 0.1% of your customers use some obscure hardware or software -- if your goal is to discontinue support for those items.
Re: (Score:2)
Re: (Score:2)
I would say this is a method of asking directly. It being opt-in would be much nicer of course, and if they showed you the packet they built and asked you to let them upload it even nicer. The issue you have with opt in via opinion polls is that you get a huge sampling error. Everyone calls in when their feature is being removed, no one cares when it's someone else's. So, ideally you gather the data as flatly as possible. And while opt-in (again, opt in is good!) biases your sample against the paranoid
Re: (Score:2)
Re: (Score:2)
There is some value in knowing that only 0.1% of your customers use some obscure hardware or software -- if your goal is to discontinue support for those items.
If your goal is to find excuse to discontinue support that is. There is zero guarantee that those that use obscure hardware / software will have opt-in'd or not opt-out'd your data collection scheme.
To do a proper survey, one should follow a procedure like this:
Re: (Score:2)
Check download stats from your repo servers. And ask mirrors to give you their stats. Now you know how many downloads of specific packages happen. No need to spy on users.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I could actually see some value in this for the customer. Knowing what your user base uses in hardware helps focusing your resources on the problems they may have. Personally, I'd hope that most of their users have nVidia cards so they could FINALLY justify throwing some manpower behind fixing that annoying "blank screen during install" problem (yes, I know the workaround, but how many people who never installed Ubuntu know it?).
I think it's also a pretty good tool to find out what people who don't know a l
Re: (Score:2)
Re: (Score:2)
So what we have is them threatening me with producing something that I'd actually want and a diffuse threat of "something bad could happen". Did I sum that up correctly?
The main difference between this and the shenanigans MS is pulling with Win10 is that in this case, you can fully audit what Canonical is getting about you. You can even change it if you so please by changing the underlying code. With Win10, you're facing a black box that sends data containing whatever information to its master.
I do hope you
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
The beauty is that you needn't trust them at all. You can audit them. Or wait 'til someone else does it, because you may rest assured that someone gets paranoid enough to do just that. If Is was MS, I'd do it, just to deflect some of the bad press Win10 gets for spying on its users.
Re: (Score:2)
Re: (Score:2)
That's pretty much what I said in another post. Trust, but verify. They're upfront and (as far as I can tell for now) honest with what they want to collect and for what reason. We can immediately find out what they collect by taking a look at the data that is being sent, this being OSS it's trivial to do.
I am willing to trust them that the data collected will be used in the way they claim. Of course I will register an email-address exactly for this operation and use an IP-Address that I dedicate to this mac
Re: (Score:2)
Of course, the IP address isn't collected. Well, actively collected... it just comes along for the ride with the HTTPS origin packet.
I understand how this info can be used to help with making Ubuntu better, but with all this in a database, as the parent stated, this makes a big juicy target for a data breach, as it can provide internal IPs and topology of some potentially restricted environments.
Ideally, this should have been opt-in. For a lot of machines, I don't mind this stuff collected. However, ther
Re: (Score:3)
Re: (Score:3)
I can only think of one type of actions: spamming, targetted advertisement or any other form of custom nagging.
This speaks volumes about you, and very little about Canonical. I don't even use Ubuntu and my first thought was "Hey, I'll bet they could use this to prioritize patches and focus development". The first step of being responsive to your users is to know what they need, and one way to know what they need is to know what they have/use. No need to waste money on further development or support for a package that only 0.8% of your user base has installed. Likewise, if you're trying to prioritize bug fixing effor
Re: (Score:2)
Re: (Score:2)
It would take much to look at the Ubuntu forums and see which threads generate the most replies, chances are, it's a problem that Canonical needs to solve, or hell, look through the *countless* threads on why *nix sucks, and see about fixing some of those.
Like, for example....here!
https://itvision.altervista.or... [altervista.org]
no "opt out" needed
Re: (Score:2)
This is literally what Steam collects.
http://store.steampowered.com/... [steampowered.com]
I'm sure nobody here bitching runs Steam, right? Because that'd make you a complete hypocrite and we know nobody here is a massive raging hypocrite.
If Canonical wasn't run by complete morons, they would have called it a "Hardware Survey".
Re: (Score:2)
Re: (Score:2)
Security implications of random system configs with no user identifiable information, not even IPs? I'm quaking in my boots.
The fact you remotely compare this to Windows just shows you have completely lost grip on reality.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Comment removed (Score:4, Insightful)
Re: (Score:2)
You're not going to talk Shuttleworth out of such things. Telemetry and pseudo-anonymous information is the great peek under your skirt that marketers die for.
If you must (and you should), you can already null-route the 127+ Windows straws into your system's brain, as well as Apple's 11 major MacOS routes.
It's only a matter of time until the whimpering processes cry you a river, not having touched the mothership. So many industries have become barnacles and parasites on your data, that killing such informat
Re: (Score:2)
Great, now I'm hungry...
Re: (Score:2)
What coffin?
While you're at it remember that overloading users with choices is precisely how Linux got its unfriendly reputation in the first place. Someone making choices for users is precisely why Ubuntu is so usable to newbies in the first place.
Re: finding another nail for the coffin huh? (Score:2)
"consentless data collection"
I believe the preferred term is "data rape".
Since the default is Opt-In.. (Score:5, Insightful)
Re: (Score:3)
Re: (Score:2)
... Canonical's plans appear quite obvious... first get the data collection infrastructure in place by collecting innocent data. Then slowly, automatically "opt-in" other data to be collected. Of course, there will be the ability to opt-out. But you'll have to verify that option after each OS update because Canonical's default seems to be opt-in. And since the default will be opt-in, the data collection will be easily overlooked. Canonical's plans towards its users look pretty obvious to me.
If it's obvious, what is it? What are they trying to do?
Could they not just be collecting data in order to get a better idea on where to focus their development? The data is being made public and plus it's open source. It's anonymous but who knows maybe they are secretly keeping track of the ip addresses. But if so, why?
Re: (Score:2)
...If it's obvious, what is it? What are they trying to do? ...
Perhaps it would help if you had read my message.
Re: (Score:2)
...If it's obvious, what is it? What are they trying to do? ...
Perhaps it would help if you had read my message.
No - all you've said is that they plan to nefariously collect system specs. And then unnamed more things. And then what? You've outlined the "collect underpants" section of the evil plan, without actually naming the rest of the 'obvious' scheme.
Re: (Score:2)
Yeah, these seems 100% like a hardware survey and Canonical are idiots for not calling it that, and Slashdotters are idiots for not realizing that Canonical collecting the same data that Steam does, doesn't not magically turn Canonical into the NSA.
Hell, most of those statistics are logged every time you visit someone's website. And surely nobody sets their starting page to Google or Bing/Yahoo, right? RIGHT?!?! Because then they'd have our desktop depth too! (OMG 1984!)
Re: (Score:2)
Unlike Microsoft, Canonical has no actual market protection.
The second Ubuntu fucks over its users, they'll simply switch distros. Remember Linux Mint? It was Ubuntu without Canonical and it made them so made they disabled their repos for Mint users out of spite.
Your advice please... (Score:4, Interesting)
I've been lazy and I've been using Ubuntu (or Kubuntu to be specific) since around 8.04 or so.
However, I also value privacy and I'm not fond of the data collecting business practices of major tech firms.
I value convenience (as I'm getting old) and I like the large apt package set, lots of stuff pre-packaged and ready to run by a a single command line.
I've have or had love affairs with C, Python, Zsh, Haskell, Mercurial, OpenFoam, Embedded, NetBSD (albeit 15 years ago), BeOS, and some other stuff...
I like KDE's features and configurability, but don't like the bloat. I've tried XFCE (&Co) on my lo-end machines, like the speed but they lack some features.
I don't really care if I run a BSD or Linux kernel and user space. I can download and build by source, but that should be restricted to the odd stuff. I expect to find most common stuff pre-compiled and pre-packaged. I value stability, but for some packages, I don't want them to be three years old. (Case in point: eclipse).
I've done enough X configuration for a couple of life times. Basic networking should also work out of the box.
Is it time for me to turn to Debian? Or Manjaro? Or... go hard core Arch? Am I too lazy for those?
Re: (Score:2)
Re: (Score:3)
I value convenience (as I'm getting old) and I like the large apt package set, lots of stuff pre-packaged and ready to run by a a single command line.
Debian (apt), Fedora (yum), Arch/Manjaro (pacman) or Gentoo (emerge) can do this, likely others as well. I think Debian's apt repo is quite a bit larger than Ubuntu's.
The other options like MINT, Peppermint, Bodhi, CrunchBang, etc are going to have smaller package repos than Debian, if that matters to you. I could probably list all the Linux apps I need on a Post-It note and find them in the vast majority of distros. (vim, gcc/binutils/make, SDL2, Firefox, pidgin, VLC, audacity, MilkyTracker, GIMP, LibreOff
Re: (Score:2)
Why not use Devuan?
Devuan GNU Linux 1.0 overview : software freedom, your wayy
https://www.youtube.com/watch?v=Nt2_hz3beqw
Mint (Score:2)
But honestly I don't see a problem with collecting the data they're asking for here. It's the same stuff collected by Steam. It doesn't hurt me to pass that info on to them.
Remeber when (Score:3)
Operating systems would boot your computer and allow you to run applications?
Questions... (Score:2)
Didn't Ubuntu already have something like this, but as an opt-in option?
I remember having to check some privacy or something in configuration to see if it wasn't spying on me.
Anyways, good place as any, regarding hardware compatibility and ease of use, what's a good distro to go for instead of Ubuntu? Preferrably some distro that won't be pulling some shit like this in at least the near future.
I'm - admitedly slowly - moving away from Windows because of crap opt-out stuff, and anti-privacy changes in update
The problem with *nix (Score:2)
as I see it: (and I speak as an Ubuntu user doing RNN research)
For a great many years, *nix seems to slavishly copy Windows (and to a lesser extend, MacOS) features and looks, all while screaming "look at me! I'm different!"
I'm trying to dump Windows for good, but being a clone of Windows, especially in functions like this (cough, telemetry) does not engender good will from me.
Here's a thought for Ubuntu and all the other distros out there prepping their photocopiers, stop adding "features" and go back to f
Sorry Ubuntu; boat has sailed. (Score:2)
This may (or may not) be well intentioned but too many people have now poisoned the well.
Always to "improve product" (Score:2)
Every outfit on the planet integrating malware into their systems say the same thing. X, Y and Z is needed to improve our products. Nobody EVER says the reason is to make the bean counters happy, gain unfair advantage or to sell out users to the highest bidder.
If they are so passionate about feedback in order to improve their product where is the feedback button in Ubuntu? Why can't it *ASK* for feedback or provide UI elements for users encouraging them to complete a survey?
I'm not that much of a Linux d
Re: (Score:2)
> If they really care why is there no way to ask end users? Why does there appear to not be software to facilitate any kind of feedback? If it is so important why does it appear to not exis
As Fleetwood Mac said: "don't ask me what I think of you, I might not give the answer that you want me to."
Use Devuan (Score:2)
Devuan GNU Linux 1.0 overview : software freedom, your way
https://www.youtube.com/watch?v=Nt2_hz3beqw
How About (Score:3)
Well I never would allow this, you really have no idea what will be sent.
IIRC, one of the BSDs request the following:
1. run this command (forgot)
2. review the output
3. email the output to address ??? if you do not mind
And anyone who installed Slackware will notice 2 emails in root's mbox, one has instructions on how to add "Register with the Linux counter project". Why can't Ubuntu do something like that ? This way you avoid the 'tin foil hat' feelings.
Suggestion (Score:2)
They can learn a lot from other companies' experiences with this.
You have to be completely transparent about what you are collecting including giving the customer tools to view the telemetry data, samples of what it looks like, and explanations of every field including binary blobs. Couple that with a strong privacy policy and require the user to explicitly accept the privacy settings during the install wizard. Never make advertising or sales recommendations based on telemetry. Most importantly, be able
User Data Collection Hurts Usability (Score:5, Interesting)
Power users tend to turn off this kind of telemetries. So what they end up collecting are always habit of less knowledgeable computer users. Features that advanced users need are often looked "rarely used / unnecessary" from such stats. The end result is a wrongly done dumb down of interface.
Now another company fails to realize that and going to mess up their design again.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
"power users" (Score:2)
"Power users" can generally take a hike. The two categories of user are programmers, and normal users. Calling oneself a "power user" is just a symptom of unfounded self-importance.
They have to know this isn't going to fly (Score:2)
Re: (Score:3)
Re: (Score:3)
It's reasonable to make "on" the default. First, anyone who installs Linux for the first time will not know what to choose and will probably rather go with the default than change something that might break something. And these are the people that, if I was the developer, I want to know the most about. Because first impressions and all that. If I notice that people install my system for the first time and I never hear from them again while there are others that continue using it, I want to know what caused
Re: (Score:2)
What they want to do (allegedly, and until the audit I'll give them the benefit of doubt) is to determine what modules the users actually install and what hardware they use. If that's all they collect, the explanation that they wish to focus their resources on developing tools and packages that most of their users benefit from seems legit.
Yes, I am willing to actually give a company that much credit. If, and only if, it is upfront with its plans instead of resorting to clandestine patches to sneak in spying
Re: (Score:2)
They have better insight and they solve the software problems that have the highest impact.
Or you know, they could actually give a damn about the thousands of bug reports already in their bug tracker?
How do you prioritise those bug reports? I'd find knowing that 10,000 people have a system configuration that's likely to trigger bug 41231, but only 14 people have a configuration that's likely to trigger bug 724535 helpful. But maybe you've got a better way of triaging bugs (no, number of people who report the bug is not useful, because the number of people that report any bugs is a small and highly biased sample).
Re: (Score:2)
The difference between GNU/Linux and Windows is that unlike on Windows, the administrator of a GNU/Linux PC has the right to uncheck the telemetry without having to purchase an expensive site license of an "Enterprise" edition. The hard part is communicating to users who opt out that they have no room to complain when Canonical drops their favorite package from the next version of Ubuntu, citing lack of install base.
Re: (Score:2)
The correct way to collect telemetry data would be the following:
1st question: "Hi, we would like to gather some information blah blah ... with your permission"
Then as a follow-up to the 2nd answer option: A sufficient detailed list of what is collected (possibly in a tree view/hierarchy) where you can opt in and out ala carte, e.g.