Free software father declared Ubuntu Linux to contain spyware

Richard M. Stallman, founder of the Free Software Foundation, has proclaimed that Ubuntu Linux includes spyware. Ubuntu supporters disagree with this take.

Richard M. Stallman, aka RMS, creator of the Gnu General Public License (GPL) and the Free Software Foundation has announced that as far as he's concerned, Ubuntu contains spyware and that Linux supporters should shun Ubuntu for spying.

Specifically, RMS hates that Ubuntu 12.10 incorporated Amazon search into its default search function. So, if you searched for say "Hobbit." you'd get results from both your PC and Amazon. When it was introduced, Mark Shuttleworth, founder of Ubuntu, defended this change by saying Ubuntu wasn't going to incorporate ads into the operating system, which Microsoft has done with Windows 8, and that no personalized data would be sent to Amazon.

Later, Ubuntu make Amazon search an optional feature, while leaving it on by default. That's not good enough for RMS.

This is just like the first surveillance practice I learned about in Windows. My late friend Fravia told me that when he searched for a string in the files of his Windows system, it sent a packet to some server, which was detected by his firewall. Given that first example I paid attention and learned about the propensity of "reputable" proprietary software to be malware. Perhaps it is no coincidence that Ubuntu sends the same information.

Ubuntu uses the information about searches to show the user ads to buy various things from Amazon. Amazon commits many wrongs (see http://stallman.org/amazon.html); by promoting Amazon, Canonical [Ubuntu's parent company] contributes to them. However, the ads are not the core of the problem. The main issue is the spying. Canonical says it does not tell Amazon who searched for what. However, it is just as bad for Canonical to collect your personal information as it would have been for Amazon to collect it.

True, "Ubuntu allows users to switch the surveillance off. Clearly Canonical thinks that many Ubuntu users will leave this setting in the default state (on)." But, "Even if it were disabled by default, the feature would still be dangerous: 'opt in, once and for all' for a risky practice, where the risk varies depending on details, invites carelessness. To protect users' privacy, systems should make prudence easy: when a local search program has a network search feature, it should be up to the user to choose network search explicitly each time."

Therefore, RMS concludes,

It behooves us to give Canonical whatever rebuff is needed to make it stop this. Any excuse Canonical offers is inadequate; even if it used all the money it gets from Amazon to develop free software, that can hardly overcome what free software will lose if it ceases to offer an effective way to avoid abuse of the users.

If you ever recommend or redistribute GNU/Linux, please remove Ubuntu from the distros you recommend or redistribute. If its practice of installing and recommending non-free software didn't convince you to stop, let this convince you. In your install fests, in your Software Freedom Day events, in your FLISOL [Festival Latinoamericano de Instalación de Software] events, don't install or recommend Ubuntu. Instead, tell people that Ubuntu is shunned for spying.

Jono Bacon, Canonical's community manager begs to differ. While not speaking officially for Canonical, Bacon flatly stated, "This is FUD."

It's FUD, because Bacon wrote RMS is not presenting, "an accurate set of facts." Bacon explained, "The goal of the dash [Ubuntu's core search interface] in Ubuntu has always been to provide a central place in which you can search and find things that are interesting and relevant to you; it is designed to be at the center of your computing experience. Now, this is a big goal, and we are only part-way along the way to achieving it."

Part of that goal is how to handle privacy. Bacon continued: "Naturally, privacy is critically important to us in doing this work. In the eight year history of Ubuntu and Canonical we have always put privacy forward as a high priority across the many, many different websites, services, and software that forms the Ubuntu platform and community," but "The challenge of course is that privacy is a deeply personal thing and the way in which you define your privacy expectations will likely radically differ from each of your friends, and vice-versa."

Does Canonical always get it right. No. Bacon admitted that, "When we implemented the Amazon search results feature we didn’t get it 100% right with the first cut in the development release of Ubuntu, but that is how we build Ubuntu; we add software to our development branch and iterate on it in response to feedback and bugs. We did exactly this with these functional and privacy concerns…responding and implementing many of the requirements our community felt were important. We will continue to make these improvements in the future in much the same way."

Bacon's real problem with RMS is that he sees RMS throwing out the good of Ubuntu with the "bad" of a still evolving privacy policies and practices. He sees RMS' views on software projects as being a binary where you either stick with his set of privacy and freedom ethics be shunned. Bacon doesn't see the world in RMS' black and white.

Everyone has different views on privacy and freedom. Bacon explains:

I believe that freedom is far more than simply freedom of source code or a specific policy around privacy. When I got involved in the Free Software community 14 years ago my passion from then onwards was not driven by creating awesome Free Software code, it was more about creating awesome Free Software experiences that open up technology, education, creativity and collaboration to everyone. Free Software code is simply one mechanic in how we deliver these experiences; it is not the be all and end all of what we do.

A completely free set of source code that implements a system that is difficult to use, lacks the features that users want, is not competitive with proprietary competitors, and/or does not offer a desirable and delightful experience is not going to bring Free Software to the wider world. It may bring Free Software to a passionate collection of enthusiasts (as we saw back in the early days of Linux), but in my mind true freedom is software that is not just available to all but usable by all, even those who are not enthusiasts.

Bacon cited the example of Apple. Deep under Mac OS X and iOS' surface lies a free software BSD Unix operating system.: Darwin. Only operating systems experts know that "difficult to use" Unix lies behind the "easy to use" Apple products.

Bacon believes that there's no reason why Ubuntu, or some other true, open-source operating system, can't be "even more beautiful, elegant and delightful than Apple, but is infused with the Free Software values that empower that technology, education, creativity and collaboration in everyone."

Unfortunately, Bacon continued, "as far as Richard is concerned, if Ubuntu doesn’t meet his specific requirements around privacy or Free Software, irrespective that it has brought Free Software to millions of users and thousands of organizations, and despite the fact that you might not share his viewpoint, you should shun it. This just seems a bit childish to me."

Bacon concluded by holding out an olive branch to RMS, "Let’s turn the tables around. Do I agree with everything the Free Software Foundation does? Not at all, but I do think their general body of work is fantastic, worthwhile, and provides an important and valuable service, and I would never want to suggest you should boycott them if you disagree with one part of what they do. Quite the opposite, I would encourage you to see their website, donate, and consider joining them as they provide a valuable piece of the wider Free Software ecosystem, in much the same way Ubuntu provides another piece. Let’s work together, not against each other."

Editor's Desk

All humor aside, spying is becoming all too common not just with computer technology but even any of means home entertainment. It's a shame to think that even pulling the ethernet cords won't guarantee you a private life. Now about turning on each other; hasn't the best example been the all too loyal users of Windows and their ever beloved 8?

The truth is...Linux does not stink at security.

All OSes have vulnerabilities all of them. Unix, OSX, Android, OS/2, Windows, QNX. The second you assume you can't be hacked because of some technology and become lax about security, you become vulnerable. For years it was a mantra about Apple that they were secure. The first challenge was some guy made a bet that he could place an unprotected Apple Server and that no-one could hack it and he put money on it. It was down in less than 30 minutes. Then a few years later Pwn2Own came around as part of CanSec and Charlie Miller won 3 years running hacking Apple computers. He was interviewed and said he hacked apples because they were easiest to hack. This was a huge wake up call to Apple. Microsoft had already had its wakeup call regarding security and it took a while before they were able to tighten it up. Linux networks and websites and android phones have all been successfully attacked.
The point is, you can't be passive about security. Either as an OEM or as a user.

RMS's self-gratification

RMS uses only cash. He does not trust ATMs or Credit Cards. He has probably never bought anything online. I give him credit he walks the talk. But he is hardly someone who would be affected or should care if Amazon or Canonical collects private data.

Not many others would choose his path. Most users have bought things online and do have credit cards. They might want to use Dash to access Amazon and other shopping sites. So what we have here is a disconnect between Mr. Stallman and those who live in the real world. He perhaps has not considered that others might want to live a life differently from him.

The second issue is that this story broke in September and was over a month later. It has been dead for more than a month. Canonical has responded to some concerns and the shopping lens is easily removed. So, what is his point in bringing it up now? Could it be to get his name in the news and fill up his speaking engagements for which he gets paid? He has a self interest in raising these concerns.

The third issue is that he has branded the distribution as spyware (originally he called it malware) when it is only part of the distribution that can be uninstalled. So he is deliberately overstating this to sensationalise things. To what purpose? He gains by making the headlines. He would otherwise be relegated to obscurity.

I respect RMS as difficult as that may sound. Every time he opens his mouth like this it reduces my opinion of him. He has a knack for sticking his foot in his mouth. I am beginning to think that it should stay there.

Join the Discussion ....