Spyware in Ubuntu!

Although Richard Stallman’s tone is often too confrontational and absolute, this time it’s rather shocking news: According to him, in some versions of Ubuntu, any file searches you do are sent to Canonical, and from there to Amazon, to customize ads (like Google does with email). The details are few, such as which search interface we’re talking about, which versions of Ubuntu are affected, and how to actually turn this off (I looked in what I thought were likely places in the System Settings app of Ubuntu 12.04.1 LTS without any luck), but if this has actually reached mainline releases it’s bye, bye Ubuntu! Sending user information to somewhere which doesn’t provide a service which that user has requested is wrong, and sending it to a third party is just despicable.

I’m a long-time Ubuntu user and software developer, and I’d never heard of this – If I thought about the Ubuntu Software Center ads at all, it was as a nuisance which I could easily get around by using the web to find software I need.

I’m hoping to see more clear information about this soon, but the only other link in the Phoronix article is down at the moment.

Canonical’s Jono Bacon has a response (Google cache) which skips the actual issue completely: We should continue to cooperate with the Free Software Foundation, we’re doing great work with free software, and so on. But as you can see from the response there’s no mention of the possibility of asking the user if they want to opt in to this. At the absolute very least, users should not be helping third parties to serve more efficient ads unless they have knowingly agreed to it. This kind of software should not even be installed by default, in case it is “accidentally” activated. But since everybody knows that nobody reads EULAs, and Canonical obviously wants the money, I sincerely doubt this is going to get fixed.

Review: Liars and Outliers by Bruce Schneier

tl;dr An enormously important book about understanding and optimizing security in the 21st century.

On the Internet, nobody knows you’re a dog. I don’t know Bruce Schneier, and he certainly doesn’t know me. Even so, when he announced a heavily discounted signed edition of Liars and Outliers he was effectively testing the main hypothesis of the book: That in any society it is reasonable to uphold a non-zero level of trust even in complete strangers:

  • Schneier trusted 100 (or at least many enough to make a net gain) random strangers to reciprocate the offer by writing and publishing a review of the book.
  • 100 random people trusted him to sign copies of the book and send it to the correct addresses upon receipt of the money.
  • All 101 of us trusted essentially the rest of the human race not to interfere in the transaction, even when interference could mean easy money with virtually no chance of retribution.

Schneier goes on to explain, with his famous lucidity and reference to much contemporary research, why this trust is essential to all human interchange, how trustworthiness is highly dependent on the situation and not just the person, how a society with 100% conformity is not just a terrible goal but literally impossible, the human and artificial pressures to cooperate or not, how more severe punishments are often ineffective or even counter-effective, and how social and technological evolution is too fast for democracy to stabilize the overall level of trust.

[At this point I wanted to double-check the scribbled-down criticisms below, but the book is 3,000 km away with a nephew. Please take the following with a grain of salt. And now that I’ve lowered your expectations, let’s continue!]

In some very few places I found the wording misleading. For example, the iTunes store doesn’t allow you to buy music, merely to license it for your personal use. As far as I understand from what very little I’ve read of this, when iTunes shuts down, there are many jurisdictions where you would not be allowed to download songs which are audibly indistinguishable from what you had paid for.

The graphs are generally informative, but sometimes confusing. For example (pages 72-73):

  • Traits/Tendencies and natural defenses are both in the social pressures box, while the text says neither is a social pressure.
  • There’s an incentives line and a separate box.
  • Why are some of the lines double? If they’re strong, a thick line would be clearer.

One note is terrifying: On average, 7% of terrorists’ policy objectives are achieved? What method could conceivably be considered more effective than 7% for a (usually) tiny group of what is often foreigners? Compare it to normal bureaucratic channels, where usually only billionaire citizens or corporations have the slightest chance to change policy within a reasonable time.

Conclusion: I wish this had been compulsory reading at high school. With entertaining anecdotes, scary implications of human nature, and scientifically grounded careful optimism it’s the most dangerous book everyone should read.

Social contract – Fulfilled!