Friday, March 15, 2013

Why I can no longer recommend Ubuntu to friends and family

I've been an avid Linux user for almost a decade now and I've tried just about all of the mainstream distributions. For the most part, I found them adequate but sometimes cumbersome to use and it took me a long time to find a distro that I could recommend to friends and family.  When I tried Ubuntu in 2008, I fell in love. It was everything I wanted in a Linux system and it was something I thought even my most technophobic friends and family could easily work with.

That's why when I first heard stirrings of 'spyware in Ubuntu' circulating around the net, I was immediately very suspicious that this might just be some ploy to harm an pretty successful distro. But my suspicions were proven wrong when I started digging into the source of the accusations and saw it was, for the most part, tied to the new shopping lens that Canonical had introduced in 11.10,

The shopping lens, which is on by default, will send information about you to selected Canonical 'partners' when you do certain types of searches in the Dash. It was originally rumored that the Dash "Privacy Policy" included sending keystrokes but the current one seems not to include that particular bit of nastiness.

What information does Ubuntu collect about you and share with their 'partners'? Well, according to the Privacy Policy they share only your IP address and the term you searched for. Sure, that doesn't sound like that big of a deal on the surface but what if you're searching for something controversial or even illegal? Canonical has made sure that they share enough information with their partners (and maybe they log it on their end too) to draw a digital trail right to your door.

Some people have defended this unacceptable behavior by Canonical by saying "but you can turn it off" or "then don't do anything illegal".  I'm not going to touch the 'don't do anything illegal' aspect of it because we'd have to go into a long discussion about legality, morality, and oppression, but let's talk about the ability to turn it off.

As an experienced Ubuntu user, I know my way around the system pretty well. For me, it's easy to go from place to place, disable services, install and remove software, and all the things that are required to administer a home Linux system. But what about Joe Noob? What about the guy who knows very little about computers and just wants to escape the clutches of Microsoft or Apple? Or the grandma who doesn't want to buy a new computer so she installs Ubuntu on her older machine to eek out a few more years of life from it?

Allowing users to opt-out (if they know about it and if they can figure out how to do it) is not an excuse for install automatic privacy violations into a system. The correct way to handle it would be to make it an opt-in system where users who wanted that particular feature could easily turn it on and those who didn't even know it existed were automatically protected.

Canonical dropped the ball on this one big time. I know it's an old issue at this point but I wanted to wait a bit before saying anything to see if they would remove it in a future release. Looks like it's here to stay and so I'm gone from Ubuntu. I cannot recommend a system that, by design, violates privacy.

Don't get me wrong, I still really like Ubuntu and I'm not abandoning everything about it. Instead, I'm abandoning everything to do with the Unity Desktop Environment (of which lens are a part). I'm opting to use XUbuntu (a system based on Ubuntu but without Unity) instead of mainline Ubuntu and, I have to say, I couldn't be happier. It's what I'm recommending to others as well and have already done more than 5 installations of the system to those wanting an alternative to Windows and Mac.

I hope that, one day, Canonical realizes the error of this decision. But looking at how they are pushing things forward these days, I wouldn't hold my breath.

No comments: