Ubuntu Linux's Amazon integration gets a thumbs-down from the EFF
There's been a considerable bit of feather-ruffling caused lately by Canonical, the company behind Ubuntu Linux.
Most recently, of course, was Canonical founder Mark Shuttleworth's controversial announcement about the development strategy for the upcoming Ubuntu 13.04 “Raring Ringtail."
Not long before that, it was the news that starting with Ubuntu 12.10 “Quantal Quetzal,” the popular Linux distribution would integrate Amazon shopping results into searches performed through the Unity dash.
Plenty of customer “feedback” greeted both developments, but the Amazon partnership was recently brought back into the limelight by a statement of disapproval from none other than the Electronic Frontier Foundation (EFF).
'It's no longer their problem'
“It's a major privacy problem if you can't find things on your own computer without broadcasting what you're looking for to the world,” wrote EFF Web developer Micah Lee in a blog post on Monday. “There are many reasons why you wouldn't want any of these search queries to leave your computer.”
It's also not just Amazon that gets to see your data, Lee charges, but rather a number of third parties.
“Ubuntu's Third Party Privacy Policies page lists all of the third parties that they may send your search term and IP address to, and states: 'For information on how our selected third parties may use your information, please see their privacy policies',” he explains. “In other words, once they give your data away, it's no longer their problem.”
'Amazon has the ability to correlate'
Acknowledging Canonical's response to concerns so far, Lee writes, “these changes are great, but it doesn't change the fact that users' search queries automatically get sent to third party companies without giving users a chance to opt-in.”
For example, even when Amazon product images are loaded over HTTPS instead of HTTP, “the fact that they are loaded directly from Amazon's servers instead of from Canonical's means that Amazon has the ability to correlate search queries with IP addresses,” he explained.
One possible solution would be for Canonical to proxy all third-party images and other content for Ubuntu users, Lee suggested.
'Consider displaying a dialog'
In any case, the EFF wants a few things from Ubuntu regarding this situation, Lee said.
First, "include online search results" should be disabled by default, he said.
“Users should be able to install Ubuntu and immediately start using it without having to worry about leaking search queries or sending potentially private information to third party companies,” Lee explained. “Since many users might find this feature useful, consider displaying a dialog the first time a user logs in that asks if they would like to opt-in.”
Canonical should also provide a detailed explanation of what it does with search queries and IP addresses--including how long it stores them and when it gives them to third parties--as well as making it possible for users to toggle on and off specific online search results via the Search Results tab in Privacy settings, he added.
'Make sure Ubuntu remains an exception'
Already in the works at the EFF is a sequel to Lee's Monday post praising new Ubuntu privacy features “that we really like,” Lee concluded.
Meanwhile, Windows and Mac users are already accustomed to having their data sent to third parties without their express consent, he noted; “let's make sure Ubuntu, like the GNU/Linux operating system at its heart, remains an exception to this.”