The Ubuntu Amazon ‘Privacy’ Issue

There’s been a lot of talk about a recent feature to Ubuntu 12.10 – when you type into the Dash you receive back information from Amazon based on your input. There’s a massive outcry that this is a privacy violation or even a security issue, and the media’s been fueling it as much as they can. I’m going to try to explain what’s going on here and where the issues actually lie.

How It Works

The feature activates when you type messages into the Dash – a feature of Unity that takes in your text input and outputs relevant information. When you type into your Dash info is sent to Canonical and then Canonical sends the info to Amazon, the information is then sent back to Canonical form Amazon and finally lands on your system. What is sent is only what you type in, nothing more.

The idea here is that I can type in “Vacuum” and now I get books on vacuum cleaners or some such thing. The Dash is meant to be a ‘conduit’ of information, you type a word and it responds with everything related to that word. Amazon is just one more way to provide information to you.

The Problem?

Users seem to think this is a privacy issue. I think people hear “OMG Ubuntu has Amazon ads now! And it can see what you type!” – no. No, Amazon can not see what you type and they’re not ads. They can see the words you put into the Dash and Canonical acts as a proxy, so really, it’s Canonical that “sees” what you’ve typed into the Dash. 

So this isn’t some full system keylogger or some such thing, it’s Canonical (the company behind Ubuntu, that packages your system components for you) seeing what you type into the Dash.

So ask yourself – what do I type in the Dash? For me it’s simple – I would type “Pidgin”, “Chrome”, “Homework” and open those files/ programs via Dash. Not exactly personal information. 

Unless you’re typing in “porn” or your social security number perhaps you should question how sensitive the information in your Dash really is. Really, what is it that you enter that’s scary?

And then remember that Canonical doesn’t need some clever Dash keylogger to steal your information… they’ve “got root” as Mark Shuttleworth put it. If you don’t trust Canonical you shouldn’t be using their Operating System because they could easily patch up a kernel to spy on you or any other system component that they build on your behalf.

I’ve heard people claim “But what if someone accidentally puts a password in?” well, uh, yeah, that sucks! Canonical then sees your password… not that they need it since, again, they have root. And all of this information is sent to Canonical via secure encrypted connection.

Even beyond all of this users seem to have missed that it’s always been this way. Yes, your Dash has always communicated via internet – how do you think it gets ‘recommended apps’ from the software center? Or music? It’s done this for a long long time and nothing has changed.

And, of course, you can easily disable this by typing “Privacy” into the Dash and disabling the feature.

It comes down to a simple question – do you trust Canonical?