www/philosophy ubuntu-spyware.html

[Fabio J. Gonzalez]

CVSROOT:        /web/www
Module name:    www
Changes by:     Fabio J. Gonzalez <gonzalfj>    12/12/07 15:14:47

Added files:
        philosophy     : ubuntu-spyware.html 

Log message:
        #787224: Publish RMS Ubuntu article: done

CVSWeb URLs:
http://web.cvs.savannah.gnu.org/viewcvs/www/philosophy/ubuntu-spyware.html?cvsroot=www&rev=1.1

Patches:
Index: ubuntu-spyware.html
===================================================================
RCS file: ubuntu-spyware.html
diff -N ubuntu-spyware.html
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ ubuntu-spyware.html 7 Dec 2012 15:14:47 -0000       1.1
@@ -0,0 +1,196 @@
+<!--#include virtual="/server/header.html" -->
+<!-- Parent-Version: 1.69 -->
+<title>Ubuntu Spyware: What to Do? 
+  - GNU Project - Free Software Foundation</title>
+<!--#include virtual="/server/banner.html" -->
+<!--#include 
virtual="/philosophy/po/programs-must-not-limit-freedom.translist" -->
+<h2>Ubuntu Spyware: What to Do?</h2>
+
+<p>by <a href="http://www.stallman.org/";>Richard Stallman</a></p>
+
+<p>One of the major advantages of free software is that the community
+  protects users from malicious software.  Now Ubuntu GNU/Linux has
+  become a counterexample.  What should we do?</p>
+
+<p>Proprietary software is associated with malicious treatment of the user:
+  surveillance code, digital handcuffs (DRM or Digital Restrictions
+  Management) to restrict users, and back doors that can do nasty things
+  under remote control.  Programs that do any of these things are
+  malware and should be treated as such.  Widely used examples include
+  Windows, the iThings, and the Amazon "Kindle" product for virtual book
+  burning, which do all three; Macintosh and the Playstation III which
+  impose DRM; most portable phones, which do spying and have back doors;
+  Adobe Flash Player, which does spying and enforces DRM; and plenty of
+  apps for iThings and Android, which are guilty of one or more of these
+  nasty practices.</p>
+
+<p>Free software gives users a chance to protect themselves from
+  malicious software behaviors.  Even better, usually the community
+  protects everyone, and most users don't have to move a muscle.  Here's
+  how.</p>
+
+<p>Once in a while, users who know programming find that a free program
+  has malicious code.  Generally the next thing they do is release a
+  corrected version of the program; with the four freedoms that define
+  free software (see <a 
href="http://www.gnu.org/philosophy/free-sw.html";>http://www.gnu.org/philosophy/free-sw.html</a>),
 they
+  are free to do this.  This is called a "fork" of the program.  Soon
+  the community switches to the corrected fork, and the malicious
+  version is rejected.  The prospect of ignominious rejection is not
+  very tempting; thus, most of the time, even those who are not stopped
+  by their consciences and social pressure refrain from putting
+  malfeatures in free software.</p>
+
+<p>But not always.  Ubuntu, a widely used and influential GNU/Linux
+  distribution, has installed surveillance code.  When the user searches
+  her own local files for a string using the Ubuntu desktop, Ubuntu
+  sends that string to one of Canonical's servers.  (Canonical is the
+  company that develops Ubuntu.)</p>
+
+<p>This is just like the first surveillance practice I learned about in
+  Windows.  My late friend Fravia told me that when he searched for a
+  string in the files of his Windows system, it sent a packet to some
+  server, which was detected by his firewall.  Given that first example
+  I paid attention and learned about the propensity of "reputable"
+  proprietary software to be malware.  Perhaps it is no coincidence that
+  Ubuntu sends the same information.</p>
+
+<p>Ubuntu uses the information about searches to show the user ads to buy
+  various things from Amazon.  Amazon commits many wrongs (see
+  <a 
href="http://stallman.org/amazon.html";>http://stallman.org/amazon.html</a>); by 
promoting Amazon, Canonical
+  contributes to them.  However, the ads are not the core of the
+  problem.  The main issue is the spying.  Canonical says it does not
+  tell Amazon who searched for what.  However, it is just as bad for
+  Canonical to collect your personal information as it would have been
+  for Amazon to collect it.</p>
+
+<p>People will certainly make a modified version of Ubuntu without this
+  surveillance.  In fact, several GNU/Linux distros are modified
+  versions of Ubuntu.  When those update to the latest Ubuntu as a base,
+  I expect they will remove this.  Canonical surely expects that too.</p>
+
+<p>Most free software developers would abandon such a plan given the
+  prospect of a mass switch to someone else's corrected version.  But
+  Canonical has not abandoned the Ubuntu spyware.  Perhaps Canonical
+  figures that the name "Ubuntu" has so much momentum and influence that
+  it can avoid the usual consequences and get away with surveillance.</p>
+
+<p>Canonical says this feature searches the Internet in other ways.
+  Depending on the details, that might or might not make the problem
+  bigger, but not smaller.</p>
+
+<p>Ubuntu allows users to switch the surveillance off.  Clearly Canonical
+  thinks that many Ubuntu users will leave this setting in the default
+  state (on).  And many may do so, because it doesn't occur to them to
+  try to do anything about it.  Thus, the existence of that switch does
+  not make the surveillance feature ok.</p>
+
+<p>Even if it were disabled by default, the feature would still be
+  dangerous: "opt in, once and for all" for a risky practice, where the
+  risk varies depending on details, invites carelessness.  To protect
+  users' privacy, systems should make prudence easy: when a local search
+  program has a network search feature, it should be up to the user to
+  choose network search explicitly <em>each time</em>.  This is easy:
+  all it takes is to have separate buttons for network searches and
+  local searches, as earlier versions of Ubuntu did.  A network search
+  feature should also inform the user clearly and concretely about who
+  will get what personal information of hers, if and when she uses the
+  feature.</p>
+
+<p>If a sufficient part of our community's opinion leaders view this
+  issue in personal terms only, if they switch the surveillance off for
+  themselves and continue to promote Ubuntu, Canonical might get away
+  with it.  That would be a great loss to the free software community.</p>
+
+<p>We who present free software as a defense against malware do not say
+  it is a perfect defense.  No perfect defense is known.  We don't say
+  the community will deter malware <em>without fail</em>.  Thus,
+  strictly speaking, the Ubuntu spyware example doesn't mean we have to
+  eat our words.</p>
+
+<p>But there's more at stake here than whether some of us have to eat
+  some words.  What's at stake is whether our community can effectively
+  use the argument based on proprietary spyware.  If we can only say,
+  "free software won't spy on you, unless it's Ubuntu," that's much less
+  powerful than saying, "free software won't spy on you."</p>
+
+<p>It behooves us to give Canonical whatever rebuff is needed to make it
+  stop this.  Any excuse Canonical offers is inadequate; even if it used
+  all the money it gets from Amazon to develop free software, that can
+  hardly overcome what free software will lose if it ceases to offer an
+  effective way to avoid abuse of the users.</p>
+
+<p>If you ever recommend or redistribute GNU/Linux, please remove Ubuntu
+  from the distros you recommend or redistribute.  If its practice of
+  installing and recommending nonfree software didn't convince you to
+  stop, let this convince you.  In your install fests, in your Software
+  Freedom Day events, in your FLISOL events, don't install or recommend
+  Ubuntu.  Instead, tell people that Ubuntu is shunned for spying.</p>
+
+<p>While you're at it, you can also tell them that Ubuntu contains
+  nonfree programs and suggests other nonfree programs.  (See
+  <a href="http://www.gnu.org/distros/common-distros.html";>
+    http://www.gnu.org/distros/common-distros.html</a>.)  That will counteract
+  the other form of negative influence that Ubuntu exerts in the free
+  software community: legitimizing nonfree software.</p>
+
+<!-- If needed, change the copyright block at the bottom. In general,
+     pages on the GNU web server should be under CC BY-ND 3.0 US.
+     Please do NOT change or remove this without talking
+     with the webmasters or licensing team first.
+     Please make sure the copyright date is consistent with the document.
+     For web pages, it is ok to list just the latest year the document
+     was modified, or published.
+     
+     If you wish to list earlier years, that is ok too.
+     Either "2001, 2002, 2003" or "2001-2003" are ok for specifying
+     years, as long as each year in the range is in fact a copyrightable
+     year, i.e., a year in which the document was published (including
+     being publicly visible on the web or in a revision control system).
+     
+     There is more detail about copyright years in the GNU Maintainers
+     Information document, www.gnu.org/prep/maintain. -->
+
+
+</div><!-- for id="content", starts in the include above -->
+<!--#include virtual="/server/footer.html" -->
+<div id="footer">
+
+  <p>Please send general FSF &amp; GNU inquiries to
+    <a href="mailto:address@hidden";>&lt;address@hidden&gt;</a>.
+    There are also <a href="/contact/">other ways to contact</a>
+    the FSF.  Broken links and other corrections or suggestions can be sent
+    to <a href="mailto:address@hidden";>&lt;address@hidden&gt;</a>.</p>
+
+  <p><!-- TRANSLATORS: Ignore the original text in this paragraph,
+          replace it with the translation of these two:
+
+          We work hard and do our best to provide accurate, good quality
+          translations.  However, we are not exempt from imperfection.
+          Please send your comments and general suggestions in this regard
+          to <a href="mailto:address@hidden";>
+          &lt;address@hidden&gt;</a>.</p>
+
+          <p>For information on coordinating and submitting translations of
+            our web pages, see <a
+                                 
href="/server/standards/README.translations.html">Translations
+              README</a>. -->
+    Please see the <a
+                     
href="/server/standards/README.translations.html">Translations
+      README</a> for information on coordinating and submitting translations
+    of this article.</p>
+
+  <p>Copyright &copy; 2012 Richard Stallman</p>
+
+  <p>This page is licensed under a <a rel="license"
+                                     
href="http://creativecommons.org/licenses/by-nd/3.0/us/";>Creative
+      Commons Attribution-NoDerivs 3.0 United States License</a>.</p>
+
+  <p>Updated:
+    <!-- timestamp start -->
+    $Date: 2012/12/07 15:14:47 $
+    <!-- timestamp end -->
+  </p>
+</div>
+</div>
+</body>
+</html>