Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Ubuntu Linux

Ubuntu Wants To Collect Data About Your System -- Starting With 18.04 LTS (fossbytes.com) 207

In an announcement on Ubuntu mailing list, Will Cooke, on behalf of the Ubuntu Desktop team, announced Canonical's plans to collect some data related to the users' system configuration and the packages installed on their machines. From a report: Before you read anything further, it's important to note that users will have the option to opt-out of this data collection. The company plans to add a checkbox to the installer, which would be checked by default. The option could be like: "Send diagnostics information to help improve Ubuntu." As per your convenience, you can opt-out during the installation. An option to do the same will also be made available in the Privacy panel of GNOME Settings. With this data collection, the team wishes to improve the daily experiences of the Ubuntu users. It's worth noting that the collected data will be sent over encrypted connections and no IP addresses will be tracked. To be precise, the collected data will include: flavour and version of Ubuntu, network connectivity or not, CPU family, RAM, disk(s) size, screen(s) resolution, GPU vendor and model, OEM manufacturer, location (based on the location selection made during install), no IP information, time taken for Installation, auto-login enabled or not, disk layout selected, third party software selected or not, download updates during install or not, livePatch enabled or not.
This discussion has been archived. No new comments can be posted.

Ubuntu Wants To Collect Data About Your System -- Starting With 18.04 LTS

Comments Filter:
  • by mccalli ( 323026 ) on Thursday February 15, 2018 @09:14AM (#56128016) Homepage
    Looks like the Debian Popularity Contest [debian.org] mixed in with some hardware reports. Doesn't look that odd to me.
    • yup, that and a little known package called "vrms"

      The vrms program will analyze the set of currently-installed packages on a Debian-based system, and report all of the packages from the non-free and contrib trees which are currently installed.
    • by Anonymous Coward

      "Network connectivity or not" looks odd to me. How will they receive the report if there is no network connectivity? Nobody is dedicated enough to print and mail it to them...

      • by Gavagai80 ( 1275204 ) on Thursday February 15, 2018 @10:00AM (#56128266) Homepage

        I'd suppose they're tracking whether there's network connectivity during the installation process (to make decisions about building options that require it), which can be remembered and reported later on once connectivity has been established hours or days later. Also the type of connectivity (wired vs. wifi vs. cellular) could be relevant.

  • Opt in! (Score:5, Insightful)

    by i_ate_god ( 899684 ) on Thursday February 15, 2018 @09:14AM (#56128020)

    > Before you read anything further, it's important to note that users will have the option to opt-out of this data collection.

    or maybe users should have the option to opt-in instead?

    • Yep. wish i had mod points.
      fwiw, typing this on kubuntu 17.04 because 17.10 borks vmware.
      Hopefully 18.04 will be better, but this makes me consider a different distro when it's time to upgrade.

      Most of the "best linux distro for vmware" articles talk about linux as the guest; any ideas on which linux desktop (prefer with kde) also makes a good vmware host?

      • by Vairon ( 17314 )

        openSUSE Leap 42.3 or openSUSE Tumbleweed
        openSUSE Leap contains stable versions of software released on a periodic cycle.
        openSUSE Tumbleweed is a rolling distribution that always contains the latest stable versions of software.

        Both support KDE and GNOME but they default to KDE.

        • by iCEBaLM ( 34905 )

          Last time I installed Tumbleweed (about 4 months ago?) in a VMware Workstation VM, the keyboard didn't even work....

    • Re:Opt in! (Score:5, Insightful)

      by dkman ( 863999 ) on Thursday February 15, 2018 @09:35AM (#56128142)

      Collection practice is always going to be "on" by default so the person who doesn't know anything or is click happy is going to feed into it. I don't blame any corp for going that route, so long as they give me the option up front to opt out.

      The only part I have an issue with is "auto-login enabled or not" because of security implications. That should always default to off.

    • by Anonymous Coward

      How about no choice is selected and the user is required to pick one before continuing? There's always more than two choices.

    • Re:Opt in! (Score:4, Insightful)

      by Opportunist ( 166417 ) on Thursday February 15, 2018 @10:06AM (#56128294)

      As long as it's prominently featured in the installation process and not hidden in some user config without a sensible user interface and given some cryptic name, it isn't that big a difference. Anyone who values his privacy will uncheck that box, and anyone who doesn't doesn't care either way anyway.

    • Re: (Score:2, Interesting)

      or maybe users should have the option to opt-in instead?

      Yeah, but you know, the vast majority of users would never check that box, even if that could actually help us. If it really helps the Ubuntu folks (and us eventually), we need to know exactly what is sent, and if it's anonymous. Furthermore, Ubuntu is open source ; the devs would not dare to retrieve the kind of private data we don't want to make public.

    • Re:Opt in! (Score:4, Interesting)

      by jwhyche ( 6192 ) on Thursday February 15, 2018 @11:30AM (#56128868) Homepage

      No only should you have the option to opt in, I don't think my machine should be reporting anything to anyone outside of a bug check. You want to know something about my machine you ask me.

      Drop a read me file in the root directory with a link to a site that I can submit the information that I choose to submit.

      • You want to know something about my machine you ask me.

        Then I assume you'd consider it appropriate for the operating system to ask you. It might take the form of a pop-up shown weekly to members of the wheel group upon logging in or unlocking:

        Your feedback is important

        Ubuntu Popularity Contest collects statistics about which software packages users have installed in order to decide which software to continue to offer. Sending the list of software you use helps ensure that the packages you use receive attention from Canonical. This information does not personal

      • I'm glad you think that. There is a checkbox you can uncheck during the install process that will make your machine behave exactly as you want.

    • Re:Opt in! (Score:5, Insightful)

      by TheRaven64 ( 641858 ) on Thursday February 15, 2018 @12:18PM (#56129176) Journal
      I'd generally prefer opt-in for all of this kind of thing, but the problem is that if you need to opt in, then most users won't. You'll end up with vastly skewed data, which can be worse than no data at all. Ideally, you'd want at least an option of sending a 'I have installed Ubuntu but you can't have any other data about me' message and hope that most people would click that rather than the complete opt out, so that you get a rough idea of the number of people that didn't opted in.
    • I fundamentally fail to see the problem with this providing the option isn't in any way hidden and is part of a standard setup screen. People don't just gloss over the installation of their OS without seeing which options are checked.

      People who care will Opt Out
      People who don't care will participate.

      I see no problem collecting data about people who don't care about it.

      This is quite different from e.g. the Windows 10 installer which actively hides the options to opt-out of various data collection option.

    • The EU's GDPR seems to want opt in [civilsociety.co.uk]. OK that link is about receiving email, etc, but I suspect that the same would apply for data collection. This will also apply to Microsoft's telemetry.

  • by Anonymous Coward

    Anyone who really cares already left Ubuntu with the search fiasco.

    • OK, so it's not just me!

      find . -iname "*$whatever*" works, but a real windows XP type (blasphemy, I know; get over it) graphical search would be very convenient.

  • by slipped_bit ( 2842229 ) on Thursday February 15, 2018 @09:19AM (#56128040) Homepage

    "Fascinating! We haven't received a single report that indicated no network connectivity."

  • Not available yet, but the project can already be supported: "A mobile OS in the public interest" https://eelo.io/ [eelo.io] https://www.indiegogo.com/proj... [indiegogo.com]
  • Pretty soon all of /etc will be stored in a binary database. Then you'll need a fancy GUI editor to make changes. Can't wait for this feature!

    • i already hate systemd, it is a god damned octopus with tentacles going places no init system belongs, i just bought a new PC that is too new for the released distros, i finally got debian testing running on it, but i expect some update to bork the system since development is not frozen yet, same with the slackware current tree, it ran good for a while but it is still under heavy development and an update borked it, but while it was running it ran great, i look forward to slackware-15 just to get away from
  • ... network connectivity or not, ...

    So... if there's no network connectivity, is the data uploaded by "magic"?

  • Comment removed (Score:5, Interesting)

    by account_deleted ( 4530225 ) on Thursday February 15, 2018 @09:41AM (#56128162)
    Comment removed based on user account deletion
    • There is some value in knowing that only 0.1% of your customers use some obscure hardware or software -- if your goal is to discontinue support for those items.

      • Comment removed based on user account deletion
        • I would say this is a method of asking directly. It being opt-in would be much nicer of course, and if they showed you the packet they built and asked you to let them upload it even nicer. The issue you have with opt in via opinion polls is that you get a huge sampling error. Everyone calls in when their feature is being removed, no one cares when it's someone else's. So, ideally you gather the data as flatly as possible. And while opt-in (again, opt in is good!) biases your sample against the paranoid

      • There is some value in knowing that only 0.1% of your customers use some obscure hardware or software -- if your goal is to discontinue support for those items.

        If your goal is to find excuse to discontinue support that is. There is zero guarantee that those that use obscure hardware / software will have opt-in'd or not opt-out'd your data collection scheme.

        To do a proper survey, one should follow a procedure like this:

        1. - List hardware / software that is planning to end support in the next or second next version
        2. - Introduce a software package that scan and check whether one's computer will face issue if such end support plan is implemented as is
        3. - Give warning t
      • Check download stats from your repo servers. And ask mirrors to give you their stats. Now you know how many downloads of specific packages happen. No need to spy on users.

    • by Luthair ( 847766 )
      Its not like you couldn't have seen this coming, Canonical pioneered sending your search results to Amazon.
    • I could actually see some value in this for the customer. Knowing what your user base uses in hardware helps focusing your resources on the problems they may have. Personally, I'd hope that most of their users have nVidia cards so they could FINALLY justify throwing some manpower behind fixing that annoying "blank screen during install" problem (yes, I know the workaround, but how many people who never installed Ubuntu know it?).

      I think it's also a pretty good tool to find out what people who don't know a l

      • Comment removed based on user account deletion
        • So what we have is them threatening me with producing something that I'd actually want and a diffuse threat of "something bad could happen". Did I sum that up correctly?

          The main difference between this and the shenanigans MS is pulling with Win10 is that in this case, you can fully audit what Canonical is getting about you. You can even change it if you so please by changing the underlying code. With Win10, you're facing a black box that sends data containing whatever information to its master.

          I do hope you

          • Comment removed based on user account deletion
    • Of course, the IP address isn't collected. Well, actively collected... it just comes along for the ride with the HTTPS origin packet.

      I understand how this info can be used to help with making Ubuntu better, but with all this in a database, as the parent stated, this makes a big juicy target for a data breach, as it can provide internal IPs and topology of some potentially restricted environments.

      Ideally, this should have been opt-in. For a lot of machines, I don't mind this stuff collected. However, ther

    • I can only think of one type of actions: spamming, targetted advertisement or any other form of custom nagging.

      This speaks volumes about you, and very little about Canonical. I don't even use Ubuntu and my first thought was "Hey, I'll bet they could use this to prioritize patches and focus development". The first step of being responsive to your users is to know what they need, and one way to know what they need is to know what they have/use. No need to waste money on further development or support for a package that only 0.8% of your user base has installed. Likewise, if you're trying to prioritize bug fixing effor

    • This is literally what Steam collects.

      http://store.steampowered.com/... [steampowered.com]

      I'm sure nobody here bitching runs Steam, right? Because that'd make you a complete hypocrite and we know nobody here is a massive raging hypocrite.

      If Canonical wasn't run by complete morons, they would have called it a "Hardware Survey".

    • Security implications of random system configs with no user identifiable information, not even IPs? I'm quaking in my boots.

      The fact you remotely compare this to Windows just shows you have completely lost grip on reality.

  • Comment removed (Score:4, Insightful)

    by account_deleted ( 4530225 ) on Thursday February 15, 2018 @09:41AM (#56128166)
    Comment removed based on user account deletion
    • You're not going to talk Shuttleworth out of such things. Telemetry and pseudo-anonymous information is the great peek under your skirt that marketers die for.

      If you must (and you should), you can already null-route the 127+ Windows straws into your system's brain, as well as Apple's 11 major MacOS routes.

      It's only a matter of time until the whimpering processes cry you a river, not having touched the mothership. So many industries have become barnacles and parasites on your data, that killing such informat

    • Great, now I'm hungry...

    • What coffin?

      While you're at it remember that overloading users with choices is precisely how Linux got its unfriendly reputation in the first place. Someone making choices for users is precisely why Ubuntu is so usable to newbies in the first place.

    • "consentless data collection"

      I believe the preferred term is "data rape".

  • by QuietLagoon ( 813062 ) on Thursday February 15, 2018 @09:44AM (#56128184)
    ... Canonical's plans appear quite obvious... first get the data collection infrastructure in place by collecting innocent data. Then slowly, automatically "opt-in" other data to be collected. Of course, there will be the ability to opt-out. But you'll have to verify that option after each OS update because Canonical's default seems to be opt-in. And since the default will be opt-in, the data collection will be easily overlooked. Canonical's plans towards its users look pretty obvious to me. Their selection of the default "opt-in" makes those plans even plainer.
    • We're used to that kind of behavior from many companies (looking at you, MS). But don't forget Ubuntu is open-source ; any invasive code might be (and would be) detected.
    • by jetkust ( 596906 )

      ... Canonical's plans appear quite obvious... first get the data collection infrastructure in place by collecting innocent data. Then slowly, automatically "opt-in" other data to be collected. Of course, there will be the ability to opt-out. But you'll have to verify that option after each OS update because Canonical's default seems to be opt-in. And since the default will be opt-in, the data collection will be easily overlooked. Canonical's plans towards its users look pretty obvious to me.

      If it's obvious, what is it? What are they trying to do?

      Could they not just be collecting data in order to get a better idea on where to focus their development? The data is being made public and plus it's open source. It's anonymous but who knows maybe they are secretly keeping track of the ip addresses. But if so, why?

      • ...If it's obvious, what is it? What are they trying to do? ...

        Perhaps it would help if you had read my message.

        • ...If it's obvious, what is it? What are they trying to do? ...

          Perhaps it would help if you had read my message.

          No - all you've said is that they plan to nefariously collect system specs. And then unnamed more things. And then what? You've outlined the "collect underpants" section of the evil plan, without actually naming the rest of the 'obvious' scheme.

      • Yeah, these seems 100% like a hardware survey and Canonical are idiots for not calling it that, and Slashdotters are idiots for not realizing that Canonical collecting the same data that Steam does, doesn't not magically turn Canonical into the NSA.

        Hell, most of those statistics are logged every time you visit someone's website. And surely nobody sets their starting page to Google or Bing/Yahoo, right? RIGHT?!?! Because then they'd have our desktop depth too! (OMG 1984!)

    • Unlike Microsoft, Canonical has no actual market protection.

      The second Ubuntu fucks over its users, they'll simply switch distros. Remember Linux Mint? It was Ubuntu without Canonical and it made them so made they disabled their repos for Mint users out of spite.

  • by DrTJ ( 4014489 ) on Thursday February 15, 2018 @09:56AM (#56128228)

    I've been lazy and I've been using Ubuntu (or Kubuntu to be specific) since around 8.04 or so.
    However, I also value privacy and I'm not fond of the data collecting business practices of major tech firms.

    I value convenience (as I'm getting old) and I like the large apt package set, lots of stuff pre-packaged and ready to run by a a single command line.

    I've have or had love affairs with C, Python, Zsh, Haskell, Mercurial, OpenFoam, Embedded, NetBSD (albeit 15 years ago), BeOS, and some other stuff...

    I like KDE's features and configurability, but don't like the bloat. I've tried XFCE (&Co) on my lo-end machines, like the speed but they lack some features.

    I don't really care if I run a BSD or Linux kernel and user space. I can download and build by source, but that should be restricted to the odd stuff. I expect to find most common stuff pre-compiled and pre-packaged. I value stability, but for some packages, I don't want them to be three years old. (Case in point: eclipse).

    I've done enough X configuration for a couple of life times. Basic networking should also work out of the box.

    Is it time for me to turn to Debian? Or Manjaro? Or... go hard core Arch? Am I too lazy for those?

    • by AHuxley ( 892839 )
      Yes BSD and Haiku https://www.haiku-os.org/ [haiku-os.org] are looking great.
    • I value convenience (as I'm getting old) and I like the large apt package set, lots of stuff pre-packaged and ready to run by a a single command line.

      Debian (apt), Fedora (yum), Arch/Manjaro (pacman) or Gentoo (emerge) can do this, likely others as well. I think Debian's apt repo is quite a bit larger than Ubuntu's.

      The other options like MINT, Peppermint, Bodhi, CrunchBang, etc are going to have smaller package repos than Debian, if that matters to you. I could probably list all the Linux apps I need on a Post-It note and find them in the vast majority of distros. (vim, gcc/binutils/make, SDL2, Firefox, pidgin, VLC, audacity, MilkyTracker, GIMP, LibreOff

    • Why not use Devuan?

      Devuan GNU Linux 1.0 overview : software freedom, your wayy
      https://www.youtube.com/watch?v=Nt2_hz3beqw

    • But honestly I don't see a problem with collecting the data they're asking for here. It's the same stuff collected by Steam. It doesn't hurt me to pass that info on to them.

  • by OrangeTide ( 124937 ) on Thursday February 15, 2018 @10:05AM (#56128280) Homepage Journal

    Operating systems would boot your computer and allow you to run applications?

  • Didn't Ubuntu already have something like this, but as an opt-in option?
    I remember having to check some privacy or something in configuration to see if it wasn't spying on me.

    Anyways, good place as any, regarding hardware compatibility and ease of use, what's a good distro to go for instead of Ubuntu? Preferrably some distro that won't be pulling some shit like this in at least the near future.

    I'm - admitedly slowly - moving away from Windows because of crap opt-out stuff, and anti-privacy changes in update

  • as I see it: (and I speak as an Ubuntu user doing RNN research)

    For a great many years, *nix seems to slavishly copy Windows (and to a lesser extend, MacOS) features and looks, all while screaming "look at me! I'm different!"

    I'm trying to dump Windows for good, but being a clone of Windows, especially in functions like this (cough, telemetry) does not engender good will from me.

    Here's a thought for Ubuntu and all the other distros out there prepping their photocopiers, stop adding "features" and go back to f

  • This may (or may not) be well intentioned but too many people have now poisoned the well.

  • Every outfit on the planet integrating malware into their systems say the same thing. X, Y and Z is needed to improve our products. Nobody EVER says the reason is to make the bean counters happy, gain unfair advantage or to sell out users to the highest bidder.

    If they are so passionate about feedback in order to improve their product where is the feedback button in Ubuntu? Why can't it *ASK* for feedback or provide UI elements for users encouraging them to complete a survey?

    I'm not that much of a Linux d

    • > If they really care why is there no way to ask end users? Why does there appear to not be software to facilitate any kind of feedback? If it is so important why does it appear to not exis

      As Fleetwood Mac said: "don't ask me what I think of you, I might not give the answer that you want me to."

  • Devuan GNU Linux 1.0 overview : software freedom, your way
    https://www.youtube.com/watch?v=Nt2_hz3beqw

  • by jmccue ( 834797 ) on Thursday February 15, 2018 @11:54AM (#56129002) Homepage

    Well I never would allow this, you really have no idea what will be sent.

    IIRC, one of the BSDs request the following:
    1. run this command (forgot)
    2. review the output
    3. email the output to address ??? if you do not mind

    And anyone who installed Slackware will notice 2 emails in root's mbox, one has instructions on how to add "Register with the Linux counter project". Why can't Ubuntu do something like that ? This way you avoid the 'tin foil hat' feelings.

  • They can learn a lot from other companies' experiences with this.

    You have to be completely transparent about what you are collecting including giving the customer tools to view the telemetry data, samples of what it looks like, and explanations of every field including binary blobs. Couple that with a strong privacy policy and require the user to explicitly accept the privacy settings during the install wizard. Never make advertising or sales recommendations based on telemetry. Most importantly, be able

  • by billyswong ( 1858858 ) on Thursday February 15, 2018 @12:39PM (#56129362)

    Power users tend to turn off this kind of telemetries. So what they end up collecting are always habit of less knowledgeable computer users. Features that advanced users need are often looked "rarely used / unnecessary" from such stats. The end result is a wrongly done dumb down of interface.

    Now another company fails to realize that and going to mess up their design again.

    • By "mess up" you mean drop features that a small number of "power users" use (whatever that means) in favor of features that a large number of "normal" users use? Seems like something way more useful. If these "power users" really want certain features, they should make it know that they use them... by not opting out of their opportunity to do so. Otherwise, given what most people pay for Ubuntu, I'd say they seem to be making fairly good decisions here.
      • You see this happens logically when so many computer-knowledgeable people (may be self-proclaimed but still...) rant and claim they will always spend extra effort to opt-out telemetries.
        • Well if they aren't willing to directly pay money for the features and they're not willing to provide telemetry data, seems reasonable that no company would pay any attention to their wishes!
          • "Power users" can generally take a hike. The two categories of user are programmers, and normal users. Calling oneself a "power user" is just a symptom of unfounded self-importance.

  • they don't have enough non-technical users to get away with this nonsense. Are they just pushing this out so they can back off and try again later (sorta like Microsoft did with all the nasty stuff they announced with the XBox One launch and Trump did by announcing he was turning food stamps into a blue apron style delivery program)? They do know we can all just jump ship to Mint, right?

Genius is ten percent inspiration and fifty percent capital gains.

Working...