Smolt Hardware Profile

Should you be worried about Ubuntu Desktop’s privacy settings?

Ubuntu 12.04 LTS (Long Term Support), aka Precise Pangolin, will be released towards the end of this month. Like most distribution releases, it will come with its share of new features, enhancements and bugfixes.

You will find one of those new features in System Settings, the hub for most graphical administrative tools in Ubuntu and GNOME 3 desktops in general. The tool or application is called Privacy. What it does is not new per se, but new in the manner it executes them.

Since Privacy is not available on current and earlier editions of Ubuntu, you need to be running a pre-release edition of Ubuntu 12.04 to see first hand what is being discussed in this article. If you have such a system, you will find Privacy in the System section of System Settings, that is, in the lower section.
Ubuntu 12.04 System Settings Privacy

This is Privacy’s main view. It has four tabs. What it does, is record application activities on your computer. And there is nothing new about that. On a KDE desktop, recording such information (meta data information), is enabled out of the box, just as it is also enabled in pre-release versions of Ubuntu 12.04. On the Recent Items tab, you can modify the duration that recorded information is kept. By default, it is “The past hour.” Recording information is a good thing, but like I wrote earlier, this is nothing new.
Ubuntu 12.04 System Settings History

On the Files tab, you are given the opportunity to deactivate recording for certain file types. But how useful is this? And what difference does it make, for example, if you deactivate the recording of activities for email-related files? From my perspective, it makes no difference. On this tab, you can also deactivate recording activities in specific folders. Again, what purpose does it serve?
Ubuntu 12.04 Application Privacy

On the Applications tab, you may deactivate logging or recording of activities for specific applications. Not to belabor this, but what is the point?
Ubuntu 12.04 Application Privacy

On the Diagnostics tab, you are informed that “Ubuntu can collect anonymous information that helps developers improve it.”
Ubuntu 12.04 Privacy Policy

And that, is the part that needs to be explained. Is the collected “anonymous information” limited to those related to crashed programs or does the system send all recorded activity from the other tabs to Canonical’s servers? Linux distributions use a program called Smolt to collect and send hardware information from Linux systems to a central server (Smolt server), but that information is gathered right after installation and is not sent without your consent.

The screen shot below shows what I am referring to. If you have installed any Linux system, you have probably seen it. By the way, this screen shot was taken from a test installation of Fedora 17 beta (not yet officially released). Information gathered by Smolt is totally anonymous, related solely to hardware, unlike Ubuntu’s Privacy, which seems to record all application activities on your computer. It is not clear to me how often recorded information is sent to Canonical’s servers. That is why this Privacy thing needs some clarification.
Smolt Hardware Profile

Also on the Diagnostics tab of Privacy, you are further informed that “all information collected is covered by our privacy policy.” But what exactly does that Privacy Policy say? It just so happens that the Privacy Policy is the same Privacy Policy that governs what information is collected and what Canonical does with that information when you visit their websites.

What type of information does Canonical collect when you visit their websites? The Privacy Policy states that:

Like most website operators, Canonical collects non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, referring site, and the date and time of each visitor’s request. Our purpose in collecting non-personally identifying information is to better understand how visitors use our websites and services.

When you register to use certain parts of our websites, such as wikis or message boards, we ask for personally identifying information such as your full name, email address, and a password.

Nowhere does it state whether the most important personally identifiable information – your IP address, is collected. But you can be sure that it is (collected). So, why does the Privacy Policy not even refer to it? But it does state that your “full name, email address, and a password,” which could be fake, is collected.

After collecting all “non-personally identifying information” about you, what does Canonical do with them? The Privacy Policy states that they could be used:

To comply with legal and regulatory requirements (including responding to subpoenas and to prevent crime). These special circumstances may require us to disclose personally identifiable information.

And that is the same policy that applies to any information that is collected from your desktop by Privacy. I hope that I am wrong, but your new Ubuntu system could be used to spy on you. I really have no problem with recording desktop activity to make the system more user-friendly, but when such recorded information could be sent to a remote host, then I start to worry.

Please share:

17 Responses

Leave a Reply to Franck Cancel reply

Your email address will not be published. Required fields are marked *