Canonical Privacy Policy for Zeitgeist is Insufficient

Sometime ago I opened Bug #965596 and further I sent a e-mail to Canonical’s Legal Team informing them of my concerns regarding the lack of clarity as to how Canonical collects and handles data that is obtained from Ubuntu End-Users. I never heard anything back from Canonical and further the bug has yet to be responded to by anyone who handles the site.


The problem is pretty simple and that is the that Privacy Panel in Ubuntu (pictured below) directs users to this Privacy Policy indicating that it covers how information is collected and used but in reality the privacy policy does not disclose how data is collected or used at all when it comes to collecting information from “Zeitgeist” through the Activity Log Manager.

I’m sure that Canonical takes great efforts to ensure data is handled responsibly but at the same time they should be transparent about how that data is used and collected especially if they direct users to a special privacy policy which they claim covers such data.

Edit: Since some are still not gathering the purpose of this post I will re-iterate that I am not concerned about mishandling of data by Canonical or Zeigeist spying on users or anything of that nature in fact thats all tin foil hat talk. My concern is only the lack of any actual coverage of how “any” data collected is used and handled since it is not at all described in the privacy policy linked from the Privacy Panel. Matthew Paul Thomas has clarified in that the reason for the lacking policy seems to be a delay from lawyers.




      • dholbach says

        I think what happened here is that this dialogue bundles both the preferences for:
        – zeitgeist, ie: “don’t let zeitgeist log that I browsed porn and embarrass me when friends use my computer”
        – apport, ie: “something crashed, maybe Séb can fix it if he has the relevant info”
        This might be a confusing, but is nothing to worry about.

        • says

          No worries at all on that my only concern was the privacy policy is an utter failure since it talks about data collected from websites such as cookies and makes no mention of the privacy panel etc.

          • dholbach says

            I’m sure the policy was kept fairly generic because it is likely linked to and used in other settings as well. This does not solve your problem, but might be a reason why.

    • dholbach says

      I don’t necessarily see what zeitgeist and apport have to do with each other. Maybe this could be clearer in the UI, but let’s not get hysterical. :-)

  1. Stephan Adig says

    well, running quantal, it’s actually turned off for me (could be that i turned it off after installing precise, or it’s actually turned off in a stable release)

  2. says

    I’m 99% sure (and this is all but confirmed by a proper reading of the screenshot) that the only data which may be transmitted to Canonical is information on program crashes that could be useful to developers in fixing the problem (debugging symbols, backtraces, etc.). I’ve *never* heard of Zeitgeist doing anything like transmitting collected user data remotely (I wouldn’t say I’m an expert on Zeitgeist, but I have done a fair amount of reading about it). Furthermore, as is plainly shown in the screenshot, the option to send crash reports is *disabled* by default.

    You really should approach this topic more delicately, given the huge concern for privacy that many users (rightfully) have. I could see a post like this turning off potential users from checking out Ubuntu (and/or Linux in general).

    • says

      I clearly stated in the post that “I’m sure Canonal takes great efforts to handle data responsibly” the post is intended to clarify a privacy policy linked in the privacy panel which does not address this. The issue is not concern of privacy but instead clearly outlining a privacy policy for diagnostics data.

  3. says

    Hey guys,
    I am one of the core Zeitgeist developers and one of the Privacy Panel developers.
    @bkerensa:disqus : Thanks a lot for this mail and I will look into improving the Privacy Panel more.
    Zeitgeist does NOT send anything over the internet. NOTHING…. What you are seeing is U1 pushing stuff around but has nothing to do with Zeitgeist, so no history is being pushed or anything… NOTHING

        • says

          I am not actually complaining about Zeitgeist nor U1… If my blog post were read my complaint is actually in the sorry excuse of a privacy policy. Mpt had already posted and said that there is a new privacy policy he reviewed but Canonical’s lawyers are dragging their feet on uploading it.

          • dholbach says

            “sorry excuse”? I don’t get why you are so angry. It was acknowledged that it can be improved and there are people working on it. I’m sure that it’s not just a matter of “uploading it”. They will likely have to make sure that the text works in many different jurisdictions, etc.

            This blog post and its comments will have confused a lot of people, because in the beginning it was about Zeitgeist, then about apport/whoopsie, then about netstat, then about Ubuntu One.

            • says

              I am not angry… “Sorry excuse for a privacy policy” is a figure of speech it implies the Privacy Policy is greatly lacking. And yes it is very confusing and in reality were talking about which is the “Activity Log Manager for Zeitgeist” this is the package that has the diagnostics panel and desktop file for the Privacy Panel? So if Zeitgeist is not collecting the data then what application is? What does the sending because the panel clearly implies opt-in of sending errors and that is a part of the “Activity Log Manager for Zeitgeist” (

              And I mean as mpt of the Canonical Design Team said “The “Recent Items”, “Files”, and “Applications” tabs of the Privacy panel are poorly designed in general, and in particular they do not make clear how the data is used.”

              Yet Seif of the Zeitgeist Team says “Zeitgeist does NOT send anything over the internet. NOTHING”

              Well the Active Log Manager implies a totally different story.

              • dobey says

                Granted the name of the binary “activity-log-manager” is perhaps slightly confusing in this respect, it does not “imply a totally different story” at all. If you read the code, it clearly shows that it is all about whoopsie errors reporting, and has nothing to do with zeitgeist. Also, as I understand it, that code is a general “privacy settings” UI, and not specific to ZG at all, though ZG is one of the things that it provides UI to configure. Even in your screenshot, there is absolutely nothing to lead that this privacy policy, nor any data uploaded, have any relation whatsoever to Zeitgeist.

  4. Randall says

    Clearer privacy statements help, but only if people read them.

    Technically though, isn’t the source available for Zeitgeist? Should be fairly simple to examine it for those that understand programming.

  5. says

    I was not concerned about the regularity of any data sent when opting-in my concern was more on the total lack of coverage of how data is used and collected in the privacy policy linked from the privacy panel as the privacy policy currently there is just a very basic privacy policy for websites and does not cover “software”.

  6. says

    Well then why would these settings be in the package “Activity Log Manager for Zeitgeist”? Why not in apport? or whatever application is actually doing to collecting/reporting/sending?