15
9
Jono Bacon's profile photoMatthew Hudson's profile photoAchim Behrens's profile photoOlivier FEBWIN's profile photo
18 comments
 
This needs wider publicisation: it's the major reason that wrong people refer to the Dash scopes as "spyware" when they are not, as I understand it. Am I also right in thinking that this applies to all previous versions of Ubuntu as well (assuming they're using the smart scopes server at all), or is it saucy only?
 
somebody somewhere is getting the data or else it wouldn't work at all. 
 
+Nathan Heafner the data is - and this is the point - anonymised, so you get good results for your searches but nobody can tell your searches from someone else's. 
 
The System has to know what your searching for to give you results. Then, the system has to know where to send those search results back to the user. The search results may be anonymised when sending them to third parties but someone somewhere or Some system can put two and two together to get the results back to the user and that data is subpoenable or subject to our growing concerns of our own governments shooting on its citizens. I highly doubt that canonical is using techniques like onion routing for search results. 
 
Personally identifying data (your IP address) is not made available to the code on Canonical's servers doing the searching, nor is it passed to third parties as you mention. It is presumably subject to subpoena, just as web searches are from your ISP, and if you are concerned about that (and prefer to use something like Tor to search for music or things to purchase or clipart), simply turn off Dash online searching: Dash > Privacy and Security > Search > Include online search results to off.
 
+Stuart Langridge problem is , that if you read the "legal notice" in the Dash, it does sound quite a bit like "spyware". They need to keep adding anonymization features like this and also update and improve the wording. I mean at this point this is probably safer than using your browser to get online results, but people think is worse. An incognito mode that doesn't keep track of your history and other stuff would be nice too. That's how browsers showed they cared. But yeah anyone really OCD about privacy, should stay offline and away from most human contact.
 
+Stuart Langridge The ways in which I am tracked is unimportant, browser Panopticlick shows just that. An IP address isn't needed to positively identify a user. The query handled by Canonical's servers has to have a way to match the search with the user to deliver the results. This puts Canonical in a position where the government can legally require or compel them to hand over my data, and identify me as a user, and gag the entire process. Rather or not the scopes know my IP address is irrelevant, and probably your assumption that Google cant obtain my IP address from an Ubuntu Dash search is incorrect, legally. For example, Google is asked to provide PII on a users search, who happened to make that search from the Ubuntu Dash feature. I'm certain that there is a way that this information could be obtained and passed along to the respected parties. Read the privacy policy, this is clearly laid out in laymens terms. http://www.ubuntu.com/privacy-policy
 
I quote, "What do we do with the information we collect: To market our products or services to you, To contact you if your actions violate your agreement with us (if any), To comply with legal and regulatory requirements (including responding to court orders, subpoenas and to prevent crime). These special circumstances may require us to disclose personal information." .... do you still wish to defend your stance on "anonymous search" ?
 
I do; that's pretty clear that joining together the data in that way is limited to special circumstances. That it is possible in special circumstances does not mean that it's done in other circumstances. If your argument is "I don't like the online Dash search because I am worried that the information collected is potentially subject to legal subpoena and I do not want to leave that sort of trace", then I agree with your stance; if you feel like that, I imagine you are also using Tor to search for things online in a browser to prevent your ISP collecting similar information, and I think that's a perfectly reasonable response if you are worried about that situation. However, most of the previous complaints about the Dash were not from people who take these detailed steps (using Tor or similar) to search. That you're prepared to take steps at that level speaks well of your attention to detail; most people don't.
 
Why not just fork to remove this spyware behavior?
 
+Xiaojun Ma The point is : data providers (Google, Soundcloud, whatever) used in the Dash don't know about you anymore, they receive all Ubuntu user queries from a single server, and send back results to it.
 
+Stuart Langridge "[...] simply turn off Dash online searching: Dash > Privacy and Security > Search > Include online search results to off.".
No!!! That should be turned off by default!!! What Ubuntu has become??? Privacy of the people should be among the utmost priorities!!! That's basicly the main reason why I have abandoned Ubuntu now!!! What's the point of using an open source OS who deliberately leaks data about the user??? I would just switch back to Windows, then. Which is really good since version 8, btw.
Add a comment...