Moving on

Asked by hamvil

This is it, I'm moving back to fedora. I cannot accept that the distribution I'm using will install by default a package that will send information stored in MY pc.

Please confirm that this will be an opt-in even for OEM setups.

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu canonical-census Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Greg Beam (ki7mt) said :
#1

hamvil,

From my understanding, it's an OEM package only, and there's always the option of sudo apt-get remove canonical-census

I would not think an OEM partner would send out a machine without first having thoroughly inspected it's package content, if for no other reason than supporting the product they sell.

Additionally, the OEM partners, if they are worried about the way the package is being handled, could ask for a feature request to add user notification, or complete removal if they receive specific distributions for their products.

KE1HA

Revision history for this message
hamvil (roberto-riggio) said :
#2

An OEM could also ask for the data to be sent to them, or could extend the software to gather more info. This package is a Trojan to a number of s***y behavior that are already common on the windows-based machine. If this is where Ubuntu is going, well, wish you good luck, but I'm moving to somewhere elese.

Revision history for this message
Tim Casey (tjcasey) said :
#3

The information it gathers and sends;

- Number of days the Ubuntu installation has been active
- Ubuntu distributor channel name
- Product Name (OEM)
- Ubuntu release number

No personally identifiable details are sent.

The package can easily be removed and only applies to the OEM installed versions of Ubuntu.

Revision history for this message
hamvil (roberto-riggio) said :
#4

what about my IP address. basically I'm telling everybody with access to the data that a certain type of PC is reachable at a certain IP address.

Revision history for this message
actionparsnip (andrew-woodhead666) said :
#5

Why not just uninstall the package...

Revision history for this message
actionparsnip (andrew-woodhead666) said :
#6

It's not installed on my fairly vanilla setup:

andy@D420:~$ apt-cache policy canonical-census
canonical-census:
  Installed: (none)
  Candidate: 0.1
  Version table:
     0.1 0
        500 http://archive.canonical.com/ubuntu/ lucid/partner Packages

If you bought the system pre-configured with Ubuntu I would question the reseller. It isn't part of a default setup.

Posting "I'm not going to use Ubuntu" type nonesense doesn't make us want to help you any more or less, so just don't bother.

Revision history for this message
actionparsnip (andrew-woodhead666) said :
#7

Incidentally:

canonical-census is a package which installs a daily cron job for surveying how many original OEM installs are running in the world.

Note that this does not send any user specific data; it only transmits the operating system version (/var/lib/ubuntu_dist_channel), the machine product name, and a counter how many pings were sent.

Source:
http://linux.softpedia.com/get/System/System-Administration/canonical-census-59230.shtml

So in retort. WHO CARES. It's only sending the fact you are using Lucid (for example). Not a massive cause for concern is it?

Revision history for this message
hamvil (roberto-riggio) said :
#8

If a third party can know trough which IP a certain type of pc (e.g. a dell latitude) can be reached, well then I CARE. This information can be easily exploited for attacks targeted toward a certain software I know it is ran by that machine. Moreover using the IP address canonical could know (roughly) from where I'm accessing the internet or trough which provider.

Please, instead of labeling this as "not going to use ubuntu nonsense", tell me where I'm being wrong, That why I'm saying that it should be an opt-in even for OEM setups.

Revision history for this message
actionparsnip (andrew-woodhead666) said :
#9

The Ubuntu OS will be the same on each system. There aren't specific softwares for systems per-se. There are packages for some hardwares like Toshiba to make the hardware work but these do not run as services.

Why is location such a bad thing. The furthest they can narrow down (without a tonne of effort) is the country you are in which is quite trivial. Also if you are behind a router then attacks will be prevented as the router will drop the unwanted traffic.

Revision history for this message
Matthias Niess (mniess) said :
#10

As far as I can see this IS opt-in for OEM machines. If dell wants to track how many people keep Ubuntu on their machines, they can preinstall this package. It is not installed by default. That is opt-in.

Revision history for this message
hamvil (roberto-riggio) said :
#11

it should be opt-in for the end-user not for dell. my standpoint is that canonical should not empower vendor with such a right. Of course, as I said before if this is what the ubuntu community wants then, good luck, but the policy is not morally acceptable to me.

Revision history for this message
actionparsnip (andrew-woodhead666) said :
#12

But wy is it not acceptable? You never really qualify. The data transmitted is trivial. I'm not trying to tel you to keep it, it's more for personal interest. Just like the people who use proxies and encrypted drives etc.

Revision history for this message
hamvil (roberto-riggio) said :
#13

Dell could for example package a new plugin for firefox on certain type of laptop. such information together with the ip address of the laptop could lead to serious exploits. Moreover I just do no see why canonical should be entitled in knowing that in the morning I've logged from Italy and in the evening from USA. I have no idea where you are writing from but here in Europe, and in Italy in particular we take privacy very seriously. There are even ruling from the our supreme courts that consider tracking the position of a person a violation of constitutional rights (freedom of movement).

Revision history for this message
actionparsnip (andrew-woodhead666) said :
#14

Sure, but users installing the official ISO of Ubuntu themselves will not have Dells hypothetical package, or any other. The location of a PC is quite harmless, especially to such an ambiguous level as the country. I don't see why you are making a huge fuss. The package transmits minimal information and is very harmless.

I'm going to unsubscibe to this now. I believe this has be done to death and any addition posts will simply be repetitions.

Revision history for this message
GREG T. (ubuntuer) said :
#15

every os sends some kind of feed back so the makers know what needs fixed ,and what is best for the next upgrade.

Can you help with this problem?

Provide an answer of your own, or ask hamvil for more information if necessary.

To post a message you must log in.