[liberationtech] Fwd: [greg at pryzby.org: Ubuntu, Dash, Shuttleworth and privacy]

[Rich Kulawiec]

On Mon, Feb 18, 2013 at 05:43:38PM -0800, Micah Lee wrote:
> The one thing that we want Canonical to do is make Dash's online search
> opt-in instead of opt-out, but they're staunchly refusing.

One of the things I've learned over the past [uncomfortably large number
of years] is that anything that is opt-out is wrong, stupid or abusive --
and those behind it *know it*, which is why they dishonestly attempt to
force it on users/consumers rather than asking their permission.

> This grand vision is impossible without sharing your search terms, and
> this is the future Ubuntu that they've invested in.

I concur with your analysis, and will add this:

There is a line apocryphally attributed to the playwright Chekhov,
along the lines of "if there is a gun on the mantle during the first act,
it must go off by the third".  The fact that Canonical has built
the underlying mechanism to support this means that it WILL be used --
whether as they intend it to be...or otherwise.  Thus one of the side
effects of this is that it considerably lowers the bar for attackers,
who no longer need to craft a data exfiltration mechanism, but merely
need to co-opt this one for their own purposes.

I suppose we could hope that Ubuntu will see the light and reverse
course, but "hope" is a very poor security strategy.  I think it's
far more likely that Ubuntu will soon include more spyware, more
baked-in insecurity, and more anti-privacy "features", all to pursue
this "grand vision".  We've seen this play before and it always ends
the same way.

---rsk