Announcement

Collapse
No announcement yet.

kubuntu privacy question

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    kubuntu privacy question

    does kubuntu store user data in their servers like Ubuntu and does it share it with other IT companies like amazon !!!

    #2
    No. That "feature" is in ubuntu's unity desktop...not installed or used in kubuntu.

    Comment


      #3
      No. Like kubicle said, that is only a feature of Ubuntu's Unity desktop.

      Comment


        #4
        David Edmundson's thoughts: http://planetkde.org/ -> http://www.sharpley.org.uk/blog/ubuntu-search


        Daily Ubuntu / Linux news and application reviews : http://www.webupd8.org/ -> http://www.webupd8.org/2013/10/8-thi...ng-ubuntu.html
        3. Privacy tweaks

        As you probably know, by default Dash shows all the recently accessed files as well as other files found on your filesystem. By selecting Security & Privacy from System Settings, you can choose what file types can show up in Dash, exclude various applications or folders/partitions from showing up in Dash and there's also an option to clear usage data.

        Furthermore, on the Search tab, you can disable online search results from being displayed in Dash. However, this option disables all the online search results so if for instance you only want to disable the shopping suggestions...
        Last edited by Rog132; Nov 11, 2013, 04:35 AM.
        A good place to start: Topic: Top 20 Kubuntu FAQs & Answers
        Searching FAQ's: Google Search 'FAQ from Kubuntuforums'

        Comment


          #5
          Originally posted by Rog132 View Post
          I wouldn't put too much weight on that, Mr. Edmundson doesn't seem to have a clear grasp on the technical implementation of the lenses, and misses the point of the EFF's stance (and the privacy concerns) on the subject completely.

          Comment


            #6
            Originally posted by kubicle View Post
            I wouldn't put too much weight on that, Mr. Edmundson doesn't seem to have a clear grasp on the technical implementation of the lenses, and misses the point of the EFF's stance (and the privacy concerns) on the subject completely.
            i was a bit confused when i read his blog post on planetkde ,i also think he's just missing why its an issue.
            Mark Your Solved Issues [SOLVED]
            (top of thread: thread tools)

            Comment


              #7
              I feel that one of my epic deconstructions is certainly in order here.

              The idea behind it seems to be to create a single unified search bar, abstracting sources from the user. You can search for a song, and not care if the results are local or remote. Pretty neat.
              Really? Have you conducted user group meetings or otherwise gathered a sufficiently large dataset of individuals who have asked that search sources be "abstracted"? I certainly would never want that. When I search for something, I am nearly always aware of the scope of the search, and wish to confine the search there. The existence of a song on my hard drive absolutely means I have no need to go searching elsewhere for that. It's disingenuous, indeed, to presume that I want to search the entire world every time I forget where something is. Or perhaps Ubuntu users are incredibly disorganized people, I really don't know.

              It's quite hard to combine results from the internet, without using the internet, so your search ends up online.
              Duh. So don't assume that online is the source for every answer to every search.

              Whilst this is encrypted, the results back are not.
              But wait...an eavesdropper who captures the traffic can grep through the result and reconstruct the search terms pretty easily, because these terms will be common in all the results. Surely this is not some new revelation to you?

              This is no worse than a search query with Google or Yahoo or any other search engine, and arguably considerably better as you are not later tracked round the web.
              Please explain to me the differences between (a) being tracked by Google and (b) being tracked by Canonical. If your answer includes points such as "we do not share this information with third parties," then please explain what possible benefit Amazon, for example, might derive from participating in the Lens program. Certainly you must realize that searching Amazon via the Lens reduces my exposure to much of what makes Amazon Amazon, including features such as recommendations, reviews, one-click shopping, etc. Arguably, a Lens searcher is much less valuable to Amazon than a direct user of their web site. So please, why would Amazon be interested in the Lens?

              In all the search lenses, Amazon is added by default, this gives Canonical money which is fed back into Ubuntu.
              Thank you for answering my question! So unless I know how to change a default setting, my searches for pr0n on my local machine go to my former employer as well! How reassuring that you have my best interests in mind. But a lot of searches are just noise from Amazon's perspective. For example, I might forget which folder I stored "RiOS-protocol-roadmap.odt" in. A search like that means nothing to Amazon, yet it wastes my bandwidth, wastes their bandwidth, wastes their processing time, and slows down my Lens. It also sounds "interesting" to any of my current employer's competitors.

              This is akin to how Mozilla Firefox set the default search provider to Google. Mozilla earn over $96 million per year for this.
              Mozilla sets their default to Google because Google provides 85% of Mozilla's funding. Even though you acknowledge this, it still weakens your argument. Is Amazon now providing 85% of operating funds to Canonical?

              KDE Has similar partnerships with enabling DuckDuckGo searches to be manually activated from krunner for a lot lot less.
              The key word here is "manually." A user must prefix a search with "ddg:" to expand the scope to an online service. The KDE implementation of online search is opt-in by design. Your attempt to rationalize Canonical's privacy-invading approach by linking it to KDE's privacy-respecting approach is disrespectful and potentially misleading.

              Canonical does not have your file contents, they don't even have a list of your files, nor do they track all key presses.
              Ah, OK, so my (b) from above is not happening. But yet an earlier statement of yours confirms that while Canonical won't have a list of my files, Amazon will slowly be able to compile a list of my files, or at least the ones I search for, over time. I can hear the datamining experts salivating at their TCP sockets already!

              At best, there is a record of a search term linked to an IP address, which may of may not be part of a file name. It's not a lot of private data, and it's not linked to you as a named individual.
              Are you trying to argue that storing metadata isn't a concern? Seriously?

              The claim by the EFF, is not about the possibility of Canonical 'spying' on you.
              It isn't? The EFF writes: "Technically, when you search for something in Dash, your computer makes a secure HTTPS connection to productsearch.ubuntu.com, sending along your search query and your IP address." We can discard the "HTTPS" shibboleth here because that's not what matters. What does matter is that my search terms, once they arrive at productsearch.ubuntu.com, have to be stored in clear text at least for the period of time required for Canonical to forward my search terms to the various Lens third parties. You are acting as a man in the middle, an eavesdropper, a spy.

              The claim is that a hacker sniffing your network traffic could infer from the from the images returned from Amazon what you are searching for. Personally I consider this a very weak claim, if someone is sniffing your network traffic your are more likely to give away personal information in other ways, such as any browsing.
              Do you ever, like, read news? Have you heard about this TLA called NSA, and what they like to do with data while performing a CYA? While it's probably unlikely that an attacker would target a specific individual's search results, what if someone parked on the backside of productsearch.ubuntu.com and eavesdropped on all the searches you send to the various third party services? At a minimum, each search request must include some kind of session identifier, so that you can properly marshal the responses when collecting the results for an certain person. Search queries plus session identifiers plus search results = data plus metadata. Your evaluation of EFF's concerns is wrong. Their argument is strong; yours isn't.

              It's up to us as the wider community to balance this with pragmatism and to keep things within proportion.
              The follow the KDE example, which you seem to like even though your description could be better. Oh, but wait, opt-in, while important for the community, isn't valuable to Canonical. At least Canonical is predictable.

              And this potential issue has since been addressed for 13.10, all data back is also encrypted, addressing the main point from the EFF.
              Ah, an admission that EFF's argument is strong. Although you guys have a tendency to react to weak arguments, too, so perhaps you have other motives than limiting eavesdropping. Michael explains: "Not sure when this was published, but as of Ubuntu 13.10 the result images are also going through Canonical's servers and back to the user over SSL, so the concern about 3rd parties or MiTM attacks has been addressed to a large extent." Is it still not obvious that Canonical is the MITM here? You may wonder why the backlash continues -- take a cold hard look at how Canonical's decisions routinely aggravate the community. Trust is easy to lose and difficult to regain.

              There is a traditional gap between web and local applications, people ignorant of what the dash search does, mistakenly take this for a simple file search.
              "Ignorance"? Come on -- the dash has fundamentally changed its prior behavior, and how does J. Random User know this? S/he must divert his/her eyes from the upper left corner where typing takes place to the bottom right corner, notice the new circle-bang, and task-switch away from the search and click the icon. For all the time Canonical claims to spend on UI design, please consider how much of an utterly abject failure this is.

              For a file search to use the web would clearly be wrong.
              I'm glad you agree! Shut if off by default, then.

              The majority of the complaints and criticisms I have read do not come from Ubuntu users who have seen the Ubuntu bar.
              Wait, what? How else would someone know to criticize unless they've actually seen -- and used -- the bar? Where did you learn to construct an argument?

              If we always try to pander to the notion of treating web and local data as two completely separate distinct entities desktop Linux will always be held behind the web applications that are able to employ much richer content.
              Conversely, Canonical appears to believe that intentionally blurring a very important distinction -- what many of us consider to be a security boundary -- will entice more people to switch to desktop Linux? That is, if you commit the same sins as your principal rivals, you believe your user base will grow as a result? Are you all really so daft as that?

              I don't want to have to be at a point where Firefox has to provide a prompt to explicitly state that it will use a network connection.
              This is ridiculous comparison, because Firefox does not perform local searches. Wow, you really need to go back to debating class.

              Spies (with the exception of James Bond) are also secretive. The Ubuntu dash makes no effort to hide exactly what it is doing.
              Now that's an impressive reach. Spies obviously interface with charges, middlemen, and targets. Middlemen themselves can often be spies. Dash, and productsearch.ubuntu.com, are middlemen, collecting data beyond my (the target) desired scope and sending it to various third parties (the charges).

              To call it spyware is a blatant lie, to call it a privacy invasion I think is a massive exaggeration of a rather minor concern that misunderstands the goals of the dash.
              To continue to defend a mechanism that has been repeatedly and correctly criticized reflects a readjustment of priorities, discounting the values of the community that made Ubuntu successful. Loyalty from us is the primary reason why Ubuntu holds the position it now has. You are rapidly losing that. The replacements, supplicants you dearly hope to appeal to, do not embody the same kind of loyalty that made you successful. Think about that, please.

              Comment


                #8
                Steve, as usual your analysis is easy to read and digest.
                Mr. Edmundson's is simply disingenuous in his reasoning, we might need to scan his source.

                Comment


                  #9
                  Ooh, a forum thread about me.

                  There's lots of "you"'s in that and I think there's been some misunderstanding.

                  I'm a KDE developer (hence my post being on PlanetKDE). I'm not a Ubuntu user, and I'm definitely not a Ubuntu developer (save for a few patches in LightDM).

                  I had to run Ubuntu whilst investigating a KDE bug which I thought might be system-wide, given all the news I was curious to check out the dash to see what it was like for myself. I honestly don't think that someone could get confused by a bar titled "search online and local sources" and there's an entire tab next to it for choosing which source you want to search. Having installed some lenses it all made sense. TBH It's not too far from some of the goals of KDE's (failed) Project Silk.

                  I wrote that post because there is a lot of misinformation being spread; people claiming it uploaded all your personal details whenever it did a search. Even you say "Amazon will slowly be able to compile a list of my files". No they can't! It goes through productsearch.ubuntu.com to anonymise it.

                  For people saying I don't know what I'm talking about, I would urge you to read the EFF website properly. The EFF are awesome and they definitely know what they are talking about. What they say here (and note that the one security issue they mention here is addressed) https://www.eff.org/deeplinks/2012/1...and-data-leaks. What I aimed to convey, is this is a world apart from the whipped up social media frenzy which makes out that Ubuntu's search bar is scarier than Darth Vader taped to the back of a shark.

                  Comment


                    #10
                    Thanks for your input, always good to hear different points of view.

                    So does this productsearch.ubuntu.com have a transparent policy on how they collect and anonymise a user's data?
                    Because I still see options for them to compile individual profiles and under what legal system does the DB fall?

                    Because I don't use this service I never investigated much about it so I could be a few inches off the target.

                    Comment


                      #11
                      If " It goes through productsearch.ubuntu.com to anonymise it.", then "Ubuntu's search bar is scarier than Darth Vader taped to the back of a shark." Perhaps not your intent, but the effect is there as is the meaning.

                      The simple fact that someone's data is being intercepted and collected, and compiled and stored without explicit permission of that someone - is just wrong. To do so and justify it by saying "well you didn't tell me to stop" - is just wrong. The fact that the default behavior of so many organizations, including governmental, is to do that - is just wrong.

                      And if the answer is - with ego set to extreme prejudice - "well just sue me", then it is just wrong AND idiotic.

                      If you want my data, then ask - every time. Don't assume that my silence is acquiesance. Big companies and government organizations take the position of "ask for forgiveness rather than permission" to a bullying extreme and it's becoming more disgusting with each passing incident. It's no longer cute.
                      The next brick house on the left
                      Intel i7 11th Gen | 16GB | 1TB | KDE Plasma 5.24.7 | Kubuntu 22.04.4 | 6.5.0-18-generic

                      Comment


                        #12
                        Originally posted by d_ed View Post
                        No they can't! It goes through productsearch.ubuntu.com to anonymise it.
                        The queries go through productsearch.ubuntu.com, but the image requests don't. It's trivial to match the queries with ips.

                        Queries don't go through productsearch for anonymisation, they go through so Canonical can get the referral income.

                        Even if the data actually was anonymous for 3rd parties, it's just as bad (in the privacy sense) for Canonical itself to collect that database without explicit user consent.

                        Also, if you read your own link, the privacy concerns are not addressed (see "What EFF Wants From Ubuntu")

                        makes out that Ubuntu's search bar is scarier than Darth Vader taped to the back of a shark.
                        It's not, but it certainly is the most privacy invasive feature I've ever seen in the open source software world (mainly because it's enabled by default).
                        Last edited by kubicle; Nov 28, 2013, 10:06 PM.

                        Comment


                          #13
                          Lol I tup the thread about me comment! lol

                          I seem to 'member being told by an admin in another forum that I should stop using the term "Microsith"; that it wasn't "sophisticated" and a "relic of a bygone era" and was "counterproductive". lol

                          i left. lol

                          woodsmoke
                          sigpic
                          Love Thy Neighbor Baby!

                          Comment

                          Working...
                          X