The most important thing to me as a computer user is the privacy & security of 
the data I entrust my OS to handle and the OS's communication to me about what 
internet connections my OS and the Applications installed on it are making.

Ubuntu is not doing well in this regard lately. In the dialog that comes up on 
a new 12.10 install asking me to contribute to Ubuntu, I saw no option 
indicating "Privacy & Security of Ubuntu." Yet this is the most important thing 
to me and the thing most likely to make me want to contribute.

I have been speaking out about the privacy (data leaking) issues that keep 
popping up in Ubuntu over the last few development cycles for a while now. 

I've received a lot of grief over it on the Ubuntu forums & elsewhere. But it 
is very important to me so I have continued to speak out. I speak out not to 
put Ubuntu down or criticize anyone in particular. I simply want to draw 
attention to an important topic and hopefully get the issues addressed in the 
development cycle.

It's encouraging to see that the EFF shares my concerns: 
https://www.eff.org/deeplinks/2012/10/privacy-ubuntu-1210-amazon-ads-and-data-leaks

The Amazon ads are just the latest example however. The problem was seen in 
12.04 with the geoclue-ubuntu-geoip package. This package is/was a major 
privacy issue with no solution. There is no way to uninstall this package from 
12.04 without loosing Time in the top-panel. And then there is/was the 
unity-lens-video and unity-lens-music package issues. These regularly connected 
to the internet in the early 12.04 days, even when the Local Disk filter was 
selected. Thankfully I spotted this and reported it and it was fixed. But the 
whole idea that the Dash connects to the internet for everything is a concept 
that is VERY unappealing to many users who value their privacy and security. 
Web Browsers are designed and built with Security & Privacy capabilities by 
design. The Dash does not have these same Privacy & Security features nor does 
it have the UI to communicate security & privacy to the user like Web Browsers 
can. Why would I want to use the Dash for internet connections when I can use a 
Web Browser and gain all the security/privacy it offers? I want the Dash to 
SOLELY work locally and have nothing to do with the internet (which is the 
province of my Web Browser). It is encouraging to see Ubuntu start to work 
towards addressing this with 13.04. But I have been speaking to this for over a 
year now, and all I've got from it is criticism and frankly meanness from many 
people.

Notwithstanding the Dash, the larger issue still exists that there is no way to 
control internet connections in general from an Application perspective. Users 
of Ubuntu cannot control which Applications can and cannot connect to the 
internet. And users have poor options for learning about active connections. 
There are tools available, but these are real time apps with no logging 
capabilities. Couple this with the fact that Ubuntu is now sending data off to 
Third 
Parties as a course of doing business and this issue is now the most 
serious issue facing Ubuntu as there are users that will totally stop 
using the OS for privacy/security concerns.

Essentially, Ubuntu needs to do two things:
1) make privacy/security a important consideration in all new features while 
giving users the option of making the Dash a completely LOCAL feature.

2) create an Application Firewall for Ubuntu so that users can effectively 
discover what applications are making connections to the internet. 

I really hope that resolving this issue is moved to the top of the Ubuntu 
Development list. And I hope that Ubuntu listens to the community as I (and 
others) have been speaking out on this issue for quite some time now and it 
only seems to be getting worse.

Thanks for listening.
                                          
-- 
Mailing list: https://launchpad.net/~unity-design
Post to     : unity-design@lists.launchpad.net
Unsubscribe : https://launchpad.net/~unity-design
More help   : https://help.launchpad.net/ListHelp

Reply via email to