Ubuntu Spyware: What to Do?
by Richard Stallman
One of the major advantages of free software is that the community
protects users from malicious software. Now
Ubuntu GNU/Linux has become
a counterexample. What should we do?
Proprietary software is associated with malicious treatment of the user:
surveillance code, digital handcuffs (DRM or Digital Restrictions
Management) to restrict users, and back doors that can do nasty things
under remote control. Programs that do any of these things are
malware and should be treated as such. Widely used examples include
Windows, the iThings, and the Amazon “Kindle” product for virtual book
burning, which do all three; Macintosh and the Playstation III which
impose DRM; most portable phones, which do spying and have back doors;
Adobe Flash Player, which does spying and enforces DRM; and plenty of
apps for iThings and Android, which are guilty of one or more of these
Free software gives users a chance to protect themselves from
malicious software behaviors. Even better, usually the community
protects everyone, and most users don't have to move a muscle. Here's
Once in a while, users who know programming find that a free program
has malicious code. Generally the next thing they do is release a
corrected version of the program; with the four freedoms that define
free software (see http://www.gnu.org/philosophy/free-sw.html), they
are free to do this. This is called a “fork” of the program. Soon
the community switches to the corrected fork, and the malicious
version is rejected. The prospect of ignominious rejection is not
very tempting; thus, most of the time, even those who are not stopped
by their consciences and social pressure refrain from putting
malfeatures in free software.
But not always. Ubuntu, a widely used and
distribution, has installed surveillance code. When the user
searches her own local files for a string using the Ubuntu desktop,
Ubuntu sends that string to one of Canonical's servers. (Canonical
is the company that develops Ubuntu.)
This is just like the first surveillance practice I learned about in
Windows. My late friend Fravia told me that when he searched for a
string in the files of his Windows system, it sent a packet to some
server, which was detected by his firewall. Given that first example
I paid attention and learned about the propensity of “reputable”
proprietary software to be malware. Perhaps it is no coincidence that
Ubuntu sends the same information.
Ubuntu uses the information about searches to show the user ads to buy
various things from Amazon.
Amazon commits many
wrongs; by promoting Amazon, Canonical contributes to them.
However, the ads are not the core of the problem. The main issue is
the spying. Canonical says it does not tell Amazon who searched for
what. However, it is just as bad for Canonical to collect your
personal information as it would have been for Amazon to collect it.
People will certainly make a modified version of Ubuntu without this
surveillance. In fact, several GNU/Linux distros are modified
versions of Ubuntu. When those update to the latest Ubuntu as a base,
I expect they will remove this. Canonical surely expects that too.
Most free software developers would abandon such a plan given the
prospect of a mass switch to someone else's corrected version. But
Canonical has not abandoned the Ubuntu spyware. Perhaps Canonical
figures that the name “Ubuntu” has so much momentum and influence that
it can avoid the usual consequences and get away with surveillance.
Canonical says this feature searches the Internet in other ways.
Depending on the details, that might or might not make the problem
bigger, but not smaller.
Ubuntu allows users to switch the surveillance off. Clearly Canonical
thinks that many Ubuntu users will leave this setting in the default
state (on). And many may do so, because it doesn't occur to them to
try to do anything about it. Thus, the existence of that switch does
not make the surveillance feature ok.
Even if it were disabled by default, the feature would still be
dangerous: “opt in, once and for all” for a risky practice, where the
risk varies depending on details, invites carelessness. To protect
users' privacy, systems should make prudence easy: when a local search
program has a network search feature, it should be up to the user to
choose network search explicitly each time. This is easy:
all it takes is to have separate buttons for network searches and
local searches, as earlier versions of Ubuntu did. A network search
feature should also inform the user clearly and concretely about who
will get what personal information of hers, if and when she uses the
If a sufficient part of our community's opinion leaders view this
issue in personal terms only, if they switch the surveillance off for
themselves and continue to promote Ubuntu, Canonical might get away
with it. That would be a great loss to the free software community.
We who present free software as a defense against malware do not say
it is a perfect defense. No perfect defense is known. We don't say
the community will deter malware without fail. Thus,
strictly speaking, the Ubuntu spyware example doesn't mean we have to
eat our words.
But there's more at stake here than whether some of us have to eat
some words. What's at stake is whether our community can effectively
use the argument based on proprietary spyware. If we can only say,
“free software won't spy on you, unless it's Ubuntu,” that's much less
powerful than saying, “free software won't spy on you.”
It behooves us to give Canonical whatever rebuff is needed to make it
stop this. Any excuse Canonical offers is inadequate; even if it used
all the money it gets from Amazon to develop free software, that can
hardly overcome what free software will lose if it ceases to offer an
effective way to avoid abuse of the users.
If you ever recommend or redistribute GNU/Linux, please remove Ubuntu
from the distros you recommend or redistribute. If its practice of
installing and recommending nonfree software didn't convince you to
stop, let this convince you. In your install fests, in your Software
Freedom Day events, in your FLISOL events, don't install or recommend
Ubuntu. Instead, tell people that Ubuntu is shunned for spying.
While you're at it, you can also tell them that Ubuntu contains
nonfree programs and suggests other nonfree programs. (See
http://www.gnu.org/distros/common-distros.html.) That will counteract
the other form of negative influence that Ubuntu exerts in the free
software community: legitimizing nonfree software.
As of March 2014 we have heard talk of a plan to change Ubuntu to
remove this surveillance malfeature. I hope Ubuntu does make that
change and soon, since that will vindicate free software's reputation.
However, reportedly Ubuntu 14.04 in April 2014 still has the problem.
The presence of nonfree software in Ubuntu is a separate ethical
issue. For Ubuntu to be ethical, that too must be fixed.