On my point of view, it's NOT enough to implement a legal notice https://ubuntu.com/legal/motd with technical errors and it is not possible to verify that Canonical does not store the IP address of Ubuntu users in Apache log (the default) and/or database without an external auditor (PwC, EY, KPMG, etc.).
Nothing has been done regarding the consent of the user. I except one of the following two options to be implemented by Canonical. (A) Ask for consent during the installation of the operating system Ubuntu and before sharing my personal information via the motd-news software used for Telemetry, Tracking, Advertising purpose instead of providing meaningful "security messages or other news" on a daily basis. (B) Or disable it by default via ENABLED=0 in the file /etc/default/motd- news and move motd-news software outside "base-files" package and make it user removable. If Canonical doesn't takes data protection seriously by implementing technical measures such as stop calling motd-news during installation and after automatically without consent and implement an easy way to opt out for people without technical knowledge in linux shell then ICO will need to evaluate the choice of Canonical of enforcing Telemetry hidden in motd-news's User-Agent without asking user consent and not respecting "No, don't send system info" choice of the user during the installation wizard, sending beacons with IP address, system info twice a day, every day from all Ubuntu Desktop and Ubuntu Server installations worldwide. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to base-files in Ubuntu. https://bugs.launchpad.net/bugs/1867424 Title: motd-news transmitting private hardware data without consent or knowledge in background Status in base-files package in Ubuntu: Won't Fix Bug description: In package base-files there is a script /etc/update-motd.d/50-motd- news that harvests private hardware data from the machine and transmits it in the background every day. There is no notice, no consent, no nothing. This should be by default disabled until there is informed consent. This solution is simple: 1. Change ENABLED=1 to ENABLED=0 in the file /etc/default/motd-news and 2. Place a comment in the file disclosing the fact that the 50-motd-news script will harvest private hardware data and upload it to motd.ubuntu.com daily if the end-user enables it. Creating databases that maps ip address to specify hardware is a threat to both privacy and security. If an adversary knows the specific hardware and the ip address for that hardware their ability to successfully attack it is greatly increased. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/base-files/+bug/1867424/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
