Reading what he is talking about, Stallman's description is absolutely correct. If I am doing a desktop search for local files, it is not be expectation that that search will be transmitted to servers without my consent, and that it does so makes it spyware even if we don't also take into consideration that it is being done to track my interests for monetary gain in the form of referral links. Good on him for calling attention to this functionality.
This is also a strange plug - if I'm looking for something in my computer, how much chance any of Amazon shopping would be relevant? If I'm looking for a notes from last week's budget planning meetings, what would they show me, shopping results for "budget notebooks"? And they expect me to be happy with it? I understand Canonical needs to make money, and with free product it requires some creative thinking, but this one makes little sense to me.
> This means that "a search for 'The Beatles' is likely to
> trigger the Music and Video scopes, showing results that
> will contain local and online sources—with the online
> sources querying your personal cloud as well as other
> free and commercial sources like YouTube, Last.fm,
> Amazon, etc.," Canonical's Cristian Parrino wrote.
When I read that, I thought about entomologists...
This has been aired on another thread a day or so ago. Testing the 'feature' in Ubuntu 12.10 suggests that work has been done on making the response faster, and on making sure your whole query gets passed on.
I'm not sure I want all this noise when using a desktop. We shall see what it looks like when 13.04 lands.
I guess the idea is that, once you realise it searches Amazon, you go there when you are looking to buy something. I don't know if that will work, but it's more plausible than seeing something you want to buy while looking for a file.
It also makes more sense for music - search for an artist, and you can see the tracks you already own, followed by tracks available to buy with a single click.
People have tried this idea before and it's never gone down well. There were those old Safari search plugins that injected Amazon affiliate links into the results, or otherwise replaced existing ones with their own. That caused outrage.
The other thing is, I don't want my experience on Amazon to be modified by the things I type into my OS's search box, which I would expect to be private. What if, in a fit of loneliness, I search for my porn directory, then get a bunch of related items appearing on my Amazon front page?
The current set up has your search queries going to a server Canonical runs, which does anonymised searching of Amazon. I appreciate that's not that much better, but it does mean it won't affect your Amazon suggestions.
if they intend it for music that would disappoint even further. there are countless artists releasing free music, a free operating system should prefer that.
I'm sure they'd consider integrating a scope for a free music service. But the music that most people will be searching for is not (legally) free. And it's quite possible to support free software along with non-free music.
> Use Super-A. You can tell Unity exactly what you want to search. And in future you’ll be able to do that from the home lens, too, more easily than the current Lens Bar at the bottom of the Dash.
It sounds like they're working to expand the search functionality with users' best interests in mind, not adding advertisements as everyone seems to think.
> it is being done to track my interests for monetary gain in the form of referral links
They're just search results, not ads. Read the blog post from Shuttleworth.
Thanks. The article states "If a user buys something from Amazon as a result, money is sent to Canonical in the form of affiliate payments." Is the article in error, or has the behavior changed in response to criticism, or do the amazon links have Canonical affiliate codes?
The last seems to be the correct answer - affiliate links are used. I see no evidence Stallman is incorrect and the Shuttleworth blog article does not say they don't use affiliate links.
> The Amazon affiliate referral happens if you've arrived at the Amazon property via a 'tagged' link. Both links clicked via the dash which go to Amazon sites, and the shortcut in the launcher will add the tag. The tag adds a cookie which lasts for 24 hours. If you buy anything during that period, Canonical will get some affiliate revenue.
I'm actually not sure after reading both again -- Shuttleworth seems to imply that they're not doing this for money, but he doesn't explicitly say it.
Either way, these search results are distinctly different from the ads in the launcher that people were talking about a couple weeks ago, but everyone seems to be mixing the two up.
Both can be easily disabled, though. And searching your own machine is still an option.
I find it very hard to believe that anyone, let alone the presumably technologically proficient people at Canonical, would actually think that sponsored search results are useful. When was the last time anyone clicked a sponsored Google result?
I am not a fan of the somewhat common rhetoric that "ads are the new user valued content". If HP or Toshiba installed a browser tool bar into IE that gave them everything you searched for, nobody would question calling it spyware. And if it redirected your searches to some sleazy google proxy type site, i dont think anyone would hesitate calling that advertisement.
These aren't ads though, and Canonical isn't collecting this data with the intention of serving you ads -- they're just diplaying relevant Amazon results along with normal web results when you do a web search through the dash. It's also very easily disabled, and you still have the option of doing local searches confined to your machine.
Ok so when I'm searching for something on my computer I'm presented something other than the files I'm searching for right?
From Wikipedia:
"Advertising is a form of communication for marketing and used to encourage or persuade an audience (viewers, readers or listeners; sometimes a specific group) to continue or take some new action. Most commonly, the desired result is to drive consumer behavior with respect to a commercial offering, although political and ideological advertising is also common."
Sounds to me it's exactly the definition of advertising.
I agree with the sentiment, but the word "spyware" has always suggested subterfuge to me. It should be obvious to anyone running Ubuntu that if they're seeing Amazon links, then something's being transmitted to Amazon.
I don't agree with it, and I think it's the wrong move and certainly shouldn't be done without prior user consent, but let's not get hyperbolic.
By the first time they see the Amazon links, it is already too late, information they might have expected to be local and personal has already been transmitted to the Internet to be see by who-knows-who.
I don't agree with Stallman on everything, but I do feel increasingly uneasy with nearly all aspects of modern computing when it comes to privacy and so I support him in calling this sort of thing out.
But the same thing could be said for things like gmail. A person might assume that the mail messages they send are private but Google "reads" them and shows relevant ads next to your mail.
I'm not quite so presumptuous, especially knowing how many times Ubuntu has been mentioned in the past 5 years or so as a great option for peoples' parents and other less-technical people.
Part of the issue is that many users do not understand the concept of "local files". For example my mother when looking for papers for her class will do a search through the universities page find a paper. Because the online PDF viewer sucks I showed her how to download the file and open it in Adobe. Now when she needs the paper again dose she just goto downloads and open it up? No she goes through the whole search process again. Even if the window with the document is just minimized she will end up going though the whole search process to download another copy. I showed her how to search for documents on her computer which helped but she was confused why documents from the "internet" showed up sometimes. Now the more shocking thing she is apparently one of the goto computer people at the elementary school where she teaches.
Really this shouldn't be a shock to us anymore we have to realize that most people are very, very non-technical and easily confused. These features are designed for them, so they don't have to figure out which search box to use. Especially when you realize we are likely to be storing more stuff in the cloud because it's more available and reliable (how many redundant offsite-backups do you have of your data?), these features make sense. There are issues about how they are communicated so people aren't surprised but I feel these are reasonable attempts to improve a product.
Google Desktop (while it was still alive) was also spying on users in the same manner as you described above. I am not clear why there was no uproar about that?
Even if the search is remote the user must first be consented if his data is being sent anywhere else for any reason, like how IE doesn't send search terms for suggestons by default until the user clicks "Turn on suggestions (send keystrokes to bing)"
God, it pains me to click the "upvote" button on a comment that begins "Richard Stallman is absolutely correct", but the second sentence was so correct that I had to. ;-)
RMS is usually correct. Annoying, offensive, unpragmatic, undiplomatic and confrontational, but in the end he's usually right in his basic analyses of the problem. Often well before anyone else even recognizes there is a problem.
No. He's completely off his nut about blobs, cloud computing and a host of other topics. Very few people use a distribution that he doesn't have issues with.
I agree that it should be off by default, but I don't think it's accurate to call it spyware. It's fairly obvious that it's doing a local+remote search, and there are simple ways to turn off or avoid the remote part. It's not tricking the user, it's just not the feature I want in that place.
For those who want to avoid this crap, there's a simple solution: come to Xubuntu. You can avoid spyware and at the same time get a simple, straightforward desktop UI without any modern "tablet" or "phone" UI flourishes: http://i.imgur.com/6fF0C.png
But the point is the fact that Canonical made the decision to enable this by default breaks my trust in them. What are they going to do next? How am I going to monitor to make sure I know what I need to remove/disable/opt-out of next? If I choose an Ubuntu variant how do I monitor them to check that they aren't adding any of the parent undesirable features.
That is why when I decide to change from 12.04 it will almost certainly be to another distro. Maybe I need to give the parent distro a try (Debian).
When money overtakes morale it becomes Ubuntu. Since long Ubuntu has been trying to avoid the Linux identity. Its a good call from Stallman bringing out Ubuntu's real motive is/will be few years down the line.
Switched to Arch Linux since 2008 (that's when Ubuntu was spelt around the globe) and I'm happy about the decision.
> Can you recommend me a setup for using Arch as a desktop? Eg: which UI should I install?
xmonad is probably the best option.
> Do things like sound, video, usb, etc work fine?
USB works by default. I'm not sure why people even ask this anymore.
You will have to configure sound (easy, usually works by default) and video (not too bad these days) yourself.
Keep in mind that the Arch Installation Framework (an ncurses-based installer) has been deprecated, as of earlier this year. That means you will have to follow the Installation Guide[0] to manually set up the system from a live command line, Gentoo-style.
Relatedly, the default Ubuntu install of Firefox (including in the *ubuntus, like Xubuntu) ensure that everything you type into the location bar (even if you know exact URLs and don't plan to search!) is sent to Google, Wikipedia, and various other websites. The only way to turn it off, afaict, is to uninstall the Ubuntu extensions from Firefox---which is not at all obvious.
Just personal experience. When I installed Xubuntu 12.10 (not an upgrade---it was on a machine previously running MacOS only), every time I started to type a URL into Firefox's location bar, the popdown list would include not only history and bookmarks, but results that you'd get from searching google and wikipedia for the sequence of letters typed so far. It updated after every keypress. In the Firefox preferences, the only relevant config option (that I found) was to suggest either/both/none of history and bookmarks, but turning that to "none" meant you only got the search results. Turning off the Ubuntu extensions also turned off the extra search results, so I'm hoping that it also stopped sending my info and didn't just start doing it silently.
Debian is a great distribution. In fact, my first Linux was a Debian and I'm still running it on the server. On the desktop I'm using Fedora though - for no obvious reasons. It's just the one I stopped with when I was trying out distros.
I think the phrasing of this title is poor. It seems to imply that Stallman's statement is ridiculous, yet most people (and the definition of spyware) seem to agree that this feature is is in fact spyware.
Stallman is right about this in my opinion. I think if the feature isn't either opt-in, or removed, in 13.04 then Ubuntu is going to lose a great deal of credibility, especially amongst its long time supporters. With 12.10 they can claim that it's something experimental rushed in at the last moment which needs refinement.
Both Mark Shuttleworth's and Jono Bacon's blog responses to this issue have been below the standard that I would have expected. Shuttleworth made a silly comment about Canonical having root on Ubuntu machines already and Jono described the Stallman's comments as "childish".
I understand Canonicals intentions: with everything going "cloud" and "online" it makes total sense to offer just one search box instead of two. It's easy, it's convenient.
However it sends your input to a third party or maybe parties in the future. You no longer control your data. Is it even encrypted? Who can see what you are searching? Your family, your provider, everybody on your wifi?
It's not about ads in the first place, it's about data protection, trust and user interfaces.
However this isn't Ubunut, this is just Canonical Unity. I'd just install gnome-shell/kde/xfce/... and be done with it.
Hmm... this gives me an idea for a browser plugin: For anything you buy on Amazon, it automatically adds an affiliate link for your favorite charity or organization in, giving them a tiny touch of revenue.
Perhaps the UK Inland Revenue could use this and affiliate links to get some money out of Amazon as they're not getting much out of them through actual taxes.
[Jupiter Broadcasting](http://www.jupiterbroadcasting.com/) already does this, their affiliate plugin automatically appends their referral on any of about a dozen sites they can, and that is their main source of revenue for their podcasts.
Because the NSA wants it on. And what makes you think the switch works?
Where do you think these features come from? Windows has it and probably put it in for the NSA, Google has it and works with the NSA as equal partners. When I first read and saw these enhanced search subsystems in Windows and Linux that built search databases by scanning the system's file contents and saw how much cpu they used I immediately said to myself "Somebody's searching for something and it isn't me!"
Furthermore I've always believed that Ubuntu was an NSA front from its very inception.
The fact that Ubuntu is open source wouldn't change anything if those things were true. Just because you can look at the source does not mean you're looking at the source of the code you're running, because you almost certainly did not compile the whole Ubuntu distribution from the source, rather than that, 99+% users just downloaded the precompiled iso and installed from the official binaries, where a backdoor could slip by and you'd be none the wiser even if you did the insane task of reading all of the code you're running (which is not possible for a single human being) and then there's also the fact that you can slip a backdoor that even a great programmer wouldn't necessarily notice at a glance while looking at the sources, so there is that.
The crux of the matter is, you can't trust your computer.
Even if you did trust nearly every single human being involved in the process, it just takes a compiler writer to break the chain of trust.
http://cm.bell-labs.com/who/ken/trust.html
Open source means you can have a look at what it actually does. So yes, after all it means that it will most probably do what it claims to do, because everyone (at least people who can code) could check and it takes just one person to have a look at it.
I want a screensaver that turns this feature on, generates tons of fake queries then turns the feature back off so i don't accidentally send them anything real. :)
I love it, although ethically I think this kind of thing is only reasonable if they hide the feature or make it hard to disable. Having it opt-out makes it borderline in my opinion but I can't argue with someone who thinks opt-out is enough to put it over the line.
For example, I like the various different google fuzzers that generate fake searches to hide your real ones in the noise.
yeah (and i get your underlying point), but a "screwbuntu" protest screensaver would be a more fun and pro-active way to show disapproval of opt-out tracking, imo.
Stallman addresses this in his original post. He says that he wishes Canonical would take the fact that people have apparently done this as proof that it's an unwanted feature and remove it themselves; he adds that it's not enough to add a "disable feature" option when you suspect people will be too apathetic or too ignorant to turn it off.
I wonder if this situation won't be a bit of a litmus test for Stallman and the FSF. If Canonical says "no, we aren't changing this" does the FSF counter by forking Ubuntu and removing that feature? That response is at the root of Stallman's four freedoms. Or do they simply tell people to avoid Ubuntu?
Why didn't gNewSense just fork Debian? All they'd need to do would be disable the 'non-free' repo and block the offending firmware blobs. Instead they have to fork a fork of Debian and have more work on their plate stripping things out.
I was especially appalled when Mark Shuttleworth's response was something to the effect of, "Look - you should trust us absolutely - we practically have root access to your machines". That's not a good attitude. I originally switched away from Ubuntu because I didn't like the stuff I saw getting pushed to my machine in updates.
That actually isn't what he said at all. He did not say "you should trust us". He said "you do trust us". There is a considerable difference. Here is the full question and answer.
Q: Why are you telling Amazon what I am searching for?
A: We are not telling Amazon what you are searching for. Your anonymity is preserved because we handle the query on your behalf. Don’t trust us? Erm, we have root. You do trust us with your data already. You trust us not to screw up on your machine with every update. You trust Debian, and you trust a large swathe of the open source community. And most importantly, you trust us to address it when, being human, we err.
I think that comment did more harm than good. The problem appears to be that Ubuntu users trusted them to not do things like the shopping lens, and the statement that "you implicitly trust us anyway, so it's okay for us to get your data in this way" seems to be ignoring what their users are complaining about.
Now that many users are rethinking if it is appropriate to allow Canonical to have root on their boxes, that comment may provoke a reaction for some; "you may have root, sir, but I have physical access."
That response doesn't answer the question but it does contain a lot of diversionary handwaving.
Short version, yes we do tell Amazon, we just claim to preserve your anonymity. Given the deceit implicit in this obfuscation, there is not reason to believe anything Shuttleworth has to say on this subject.
Fair point on the quote, but I still stand by my point. Just because I do download updates from you does not mean you can make a fundamental change in where my data goes without my explicit permission. That's how you lose the trust I have given you.
I saw quite a large quantity of stuff being downloaded that was doing nothing but adding Ubuntu branding to other packages like Firefox, etc. Nothing like the Amazon scandal in terms of how close it is to being 'malicious' - but I still didn't like the attitude / trend it indicated.
I hate it, but they absolutely have the right. That's like saying "too bad Google thinks they have a right to my emails". They're up front about it, and you're perfectly free to a.) campaign to change their decision or b.) not use their product.
If I send my email to Google's servers, or register an account for people to send email intended for me to Google's servers, then I'm OK with Google having my email. If I type something on my own machine, I do not think it's right for anyone else to think they can just take it.
Maybe its not about forgetting those concerns, but it has become so common for (online) companies to disregard privacy issues that its getting increasingly more difficult to escape it, to the point that it is pointless to complain about it. And when few people complain it becomes "normal" / the status quo.
Maybe it's not the most perfect comparison, but it's still the user choosing to use the service/software.
Maybe adverts on a website is more apt. A company is putting time and money into a product, and attempting to monetise it with advertising. As a user, you can chose "this level of advertising is fine by me" or "this is too much I don't want it", and then either stop using their product, or prevent the adverts from happening. And sure, I go to websites with popups and pop-unders and etc. etc. which make me think "what the hell are these assholes playing at", but I'd never question whether they have the right to do it on their own website, only whether I want to visit that website again in the future.
OK, but I think you might be missing the point. I guess I appreciate that they are making this issue apparent instead of trying to sneak it in without my knowledge. My point in writing is to let them know that I will not be using their product. We are (as you put it) campaigning to try to change Canonical's mind (and also to prevent any confusion by other people who might make this decision in the future).
Ubuntu is open source AFAIK. Unity is open source and most of the default packages are open source too. Just a few drivers and network-stuff aren't open source IIRC.
I see both sides of this issue. But I also see the end user's point of view. As an Android user, I like that I can press the search button and essentially search all of my apps & the web at once. Personally, I see this as an okay feature.
On a side note, are Amazon results shown only if one is using the Amazon application for Ubuntu? I use Amazon frequently, but not the Ubuntu application and I've never seens Amazon results. (On Ubuntu 12.10)
Isn't spyware you don't have to use and can uninstall just software with a feature you do not desire? I'm completely against the feature, but I don't see why something must be done about it? Feel free to add whatever features to your software you like, so long as nothing requires me to use it. There are plenty of linux distros, desktop environments, etc.
It's a shame that the ridiculous amount of hyperbole involved in anything that Stallman seems to say these days is probably reducing his stature among the tech community and the history books. IMO his opinions would be more constructive if he tones it down every now and then.
It's not a local search. If you want a local search, do a local search. If you type a search into a global search box that is supposed to search the Internet, expect it to search the Internet!
It doesn't search the Internet. If it searched local files and Google (and maybe Amazon) it would make some sense, but (by default at least) it only searches local files and physical Amazon products, an absolutely bizarre grouping.
People are not used to a search area that looks up local AND internet resources. Furthermore, AFAIK, thre is no obvious "local only" search box to act as an alternative to this global one.
It's a combination of user expectations of a local search resource and the lack of obvious warnings about this new, and odd, feature.
> People are not used to a search area that looks up local AND internet resources.
This is the crux of the matter. I would argue that they are used to this. Ordinary users aren't aware where they are conducting a search at all. They just expect the computer to figure out and do what they mean. The distinction between the Internet and local storage is already being lost on them (examples: Dropbox, Google Drive). The fact that so many users put URLs in a Google search box is a perfect example of this phenomenon.
The set of users who do understand the difference are capable of directing their computer more specifically. The default does not matter for them.
Ubuntu is supposed to be usable by everyone. This is (I assume) why the default is the way round that it is.
> the lack of obvious warnings
Have you looked? There is a warning on the same screen as the box, complete with a link to a privacy policy. Or are you saying that this isn't enough?
It has been this way as long as I've been cognizant of his views; he has always been something of a radical. It just used to be that there was one predominant party at which to take aim (Microsoft). Now there are dozens of targets that have sprung up, which legitimately deserve some of the criticisms he levels against them: the walled gardens of cell phone ecosystems, rampant DRM, and opaque social media sites for which your data is their primary source of revenue. As more of our lives continually revolve around digital media, there are more opportunities for abuse. Stallman has been rigidly consistent in his basic message over the years, and he has never been particularly constructive.
Yes, I should have said, not constructive in his criticisms, but you are right, he has done a ton of stuff outside of his public speaking that has been huge and actually belies my statement to a large extent.
That's an argument to moderation. Something he's explicitly stated should not be done (pertaining to software patents, sorry, can't find the reference). Although extremely hyperbolic, you can imagine a choice between killing 10 innocent people or 0. The middle ground is to only kill 5, but it doesn't make it correct.
Stallman hyperbolic nowadays? I hate to be snarky, but... when hasn't he been hyperbolic? He's never been known for moderation and his skills at alliance building across the political spectrum.
Of course, that's not to say he isn't right. Far from it.
How different are the two (if you've used the Ubuntu version as well, that is)?
I've got my family running Linux Mint, and they find it suits their purposes (as any well-designed mainstream Linux distro these days should!). I've been wondering if it's worth switching them over to the Debian-based version the next time I upgrade it, though.
(Linux Mint encourages the "Windows-style" upgrade - ie, back up your data, then install over, and restore, so it wouldn't be that much more work than upgrading to the latest version of the Ubuntu branch).
Consider this: How many searches did you do before you became aware that this was introduced in one of the 384 software upgrades you installed in the past 4 months?
there is a large moral difference between opt in and opt out. With opt in, the consent is explicit, with opt out, the consent is assumed to be implicit, but user ignorance often means they have no idea that its happening at all, thus cannot be said to have consented.
