EFF Warns of Major Ubuntu Privacy Issue

The Electronic Frontier Foundation is warning that a new feature in Canonical’s Ubuntu 12.10 operating system presents a serious challenge to user privacy.

“The issues that the EFF is raising are related to a feature called Dash in the Ubuntu Unity desktop that is designed to be a central search mechanism for documents, files and other information both on the local machine and online,” writes Threatpost’s Dennis Fisher. “When a user searches for a given term, the query is sent to a Ubuntu server, and the query also includes your IP address. The search results, depending upon the query, may include products from Amazon related to the search term. This is one of the main things that has drawn the ire of EFF staffers.”

“The EFF complains that image data sent back from Amazon to the user’s PC is not encrypted, that users have no control over the data stored on Canonical’s servers and that the company is vague in its description of what the accumulated data is used for,” The H Open reports. “While outgoing queries to Canonical and online shopping providers such as Amazon are sent over HTTPS, the returned product images are sent in clear text, which enables bad actors listening in on the user’s network traffic to reconstruct what the user was searching for.”

“Even worse, according to Ubuntu’s third-party privacy policy page, Facebook, Vimeo, and a variety of other services may also get to see the IP address and search terms of users who keep their default settings,” writes Ars Technica’s Dan Goodin. “Canonical, the company that develops Ubuntu, doesn’t say what these services do with the data. Instead, the page refers users to the privacy policy of each service.”

“The outcry prompted a spirited response from Canonical CEO Mark Shuttleworth, who wrote in a blog post that the Amazon integration was just the first step in an expansion designed to make the Dash search engine ‘smarter,'” writes Sophos’ Paul Roberts. “The Amazon results are just search results — not ads, Shuttleworth argued. And users can choose not to search Amazon if they want, while future releases will make it easier to opt-out of searching across third party services, he said. ‘What we have in 12.10 isn’t the full experience, so those who leap to judgement are at maximum risk of having to eat their words later. Chill out,’ he wrote.”

Jeff Goldman
Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Related articles