Richard Stallman: Canonical will be forced to hand over data to various governments

Privacy in the Digital Age
Who sees what you search for?

I have exchanged e-mails and been having chats with people about the new Amazon Product Results in the Ubuntu 12.10 Unity Dash. One of the people I reached out to was Richard Stallman of the Free Software Foundation a visionary who I have much respect for after all he pioneered much of the foundation and principles that guide the Free Software Community.

Stallman pointed out two things he thought were bad about the new feature landing in Ubuntu 12.10:

1. Users’ privacy.  If Canonical gets this data, it will be forced
to hand it over to various governments.

2.  Amazon.  People should not buy from Amazon (see, so it is bad to suggest buying from Amazon.


I guess from the start I was never really concerned about Canonical handling this data because I know they are good stewards of our community and I trust that they take our privacy seriously. I guess it never dawned on me that Canonical might start getting requests for search data as a result of this new feature and there is no doubt that various governments are now aware this feature exists after all its been in the news for weeks.

Hopefully those who are doubtful about this new feature or have fear about Government getting their search data through a warrant or even in the case of warrantless data seizure which is now allowed in some cases in the United States with little oversight will simply toggle it off under the Privacy Settings or remove the package entirely.

Remember folks sudo apt-get remove unity-lens-shopping or System Settings – Privacy and a click can remedy your concerns if you still have some!

Feel free to share your thoughts in the comments below and if your interested make a donation to the Free Software Foundation!

Join us now and share the software, you’ll be free, hackers, you’ll be freeeeee!





  1. Tyler Gale says

    Interesting article. Are things dire enough for Canonical needs to see additional forms of revenue? How does this affect people in countries where Amazon is not very relevant?

    • says

      I do not think its about the revenue sure it adds a little bit and the purpose of a company is to make money but I think Canonical and specifically the Unity Team are really trying to make a innovative desktop that brings as much information to users as possible.

      That being said I do not think Canonical always plans things out in as much detail as they should. If I were adding a feature I think one of the things I would always look at is “How will this impact our users” and I really think they jumped over that.

      Impact should always be discussed and they should look at areas of impact such as Privacy, Security, Degradation of Experience etc and also get feedback from the Community before making it a permanent feature.

  2. nathan1465 says

    two things.
    Isn’t the data collected anonymous.

    And, isn’t this where data retention, and more importantly fight against data retention laws comes into play. You cant get what we dont have.

    • says

      It depends do you consider Search Queries + IP Addresses and Time Stamps to be anonymous? An IP Address alone can result in your full name and address be obtained by the government so they then have your identity then they know what you were searching for.

      Google for instance anonymizes their logs after a certain period of time they knock off the last octet of every ip address so its unidentifiable.

    • says

      Canonical also has Ubuntu SSO information for a lot of users. Have a launchpad account? Have a U1 account.. Canonical has your personal info and most likely ip address logs. A government who wanted to pressure Canonical could get both the SSO logs and the query logs and match up ip addresses and timestamps without much effort.


  3. Winael Wynnsighel says

    I really don’t understand what the problem is with this feature. That I understand is unity will send the search term and IP to Amazon through Canonical server. What is the difference between that and searching directly on Amazon website ?
    And for the second question is just a start. More services will be add in the future and people will have to possibility to activate or not only the service they want.

    • says

      It may not be a problem for everyone like it does not bother me necessarily but for some they might not like the idea of their searches being passed on by default. I am sure there are people who do not read blogs or tech news sites much who might install Ubuntu and begin searching and then be disappointed when they find out that those results are there.

  4. Maths Göthe says

    Isn’t this problem all about the Dash? The concept that you have to search for apps and files on your computer, rather then finding them in a menu or file browser. Doesn’t every search I do add to the database on Canonical that helps to identify me and my preferences?

    And it’s really interesting that the Amzon lens was added after feature freeze. No discussions?

  5. DeadSuperHero says

    This doesn’t entirely make sense. While user privacy is (IMO) extremely important, unless the user is syncing everything with Ubuntu One services, then the user is the one handling their own personal data, not Canonical. Whether Canonical can tell whose data is doing what searches is another matter entirely, but I doubt that they’d even know who’s running Amazon searches from the Dash.

    • says

      1. This is not about Ubuntu One.
      2. This is about Search Data so if you start searching for “The letter I wrote my dad Paul about that situation” that search query would go to Canonical’s servers and it is unclear how long they would keep that and an IP address and time stamp.

      Even Google considers search query data to be sensitive and explains how long they keep this data and there is definitely a high volume of government requests for such data. IP Addresses can be associated with where you live and who you are if they have a time stamp and your logging in from home.

      • DeadSuperHero says

        1. I know, I was using it as a point to illustrate service ownership, which plays into the whole question of who would get to give that data to authorities, as far as legal accountability is concerned.
        2. My point was that the Search queries are technically Amazon’s concerns more than Canonical’s, as far as responsibilities go. Canonical provides Ubuntu One as a service product, whereas the Amazon integration is really a retrieval of search queries through the lens.

        Really, as long as users can easily opt out of the analytics tracking, I don’t really see much issue with having Amazon’s results integrated into the Dash’s search system.

  6. says

    Related question which I do not think has been asked or answered in existing communication.

    Is Canonical holding on the the search queries and ip address or are they throwing them away after the query transaction with Amazon is complete?

    The question speaks to stewardship of the data.

    If Canonical is building a long lived databased of search queries, then that implies that Canonical has long term plans for that data that go beyond bringing information into the desktop. Holding on to query data means either Canonical is planning to start building an advertising revenue stream directly with advertisers and is going to use that query database stats to help set advertising price points for “popular” terms.

    or it means Canonical is planning on making a business out of datamining that information. Its not to far of a leap to image Canonical matching up Ubuntu SSO login ip addresses with these query logs in very useful ways.

    In fact.. thinking about it.. all of this integration with Amazon actually feels like a prelude to personalized search engine results and adverts making use of Ubuntu SSO. It would be an Ubuntu platform search service that directly competed with what Google’s search service provides (once you login to a google account.) Canonical breaking into the search provider space and taking control of the advertising revenue stream for Unity. It feels right as a long term business plan and the business motivation as to why this needs to be on by default.

    So is Canonical building and keeping a long lived Dash query keylogging database?


    • says

      All that I have been told is that “We do not keep the data indefinitely which is pretty vague. I am sure they are not building a database of search queries but instead just keep logs for a period of time for diagnostic and development purposes to ensure the feature is working properly and so they can fine tune it as they aim to add more vendors and results from other sources.

      But as you and I both know logs are often requested by the government.

    • says

      Canonical holds on to the search terms and click-through data, but not IP addresses. We do this so we can build a smarter search service. We don’t charge anybody anything to get their product listed, so there isn’t any “price point” to be set.

      Honestly, we’re not evil people.

      • says

        You don’t have to be evil to be wrong. Good intentioned people do bad things all the time. There’s a well worn saying about that in fact.

        And again, different forum, but again… you’ve misspoken. Canonical does hold on to ipaddress for some amount of time. An amount of time you have admitted over at omgubuntu you don’t know the details of.

        Stop doing that. Stop overreaching with statements that are going to bite you after the facts come out. Canonical does hold on to ipaddress for some amount of time. Some unspecified amount of time. Get that amount of time published and on the record.

        And I have respond held up in the moderator que here because I referecenced an external link so once Ben actually lets that one through, it will be more obvious that I’m not frelling claiming you guys are evil. I’m bloddy sick of that implication. If I wanted to say you were evil.. I’d just say it. What Canonical is, is myopic and understaffed and poorly managed… but not evil..not not that at all.


      • says

        I think your wrong this is a direct quote from Jono Bacon’s blog post:”In terms of logging, the raw httpd logs are only visible to a small group of people whose job requires that they have access and who are trained in respecting people’s privacy”

        Notably raw HTTPD logs means unaltered and in their original form which would show originating IP Address, Time/Date and what the request was (the full query) below is an example: – bobby [10/Oct/2012:13:55:36 -0700] “GET v1/search?q=bug+document HTTP/1.0″ 200 2326

      • shayneo says

        I don’t think anyone is saying that, and I certainly dont think thats Mr Stallmans thrust. The concern is really that decisions will be made *FOR* canonical, not BY canonical that will be unpleasant for everyone concerned.

  7. LakesGeek says

    So do you think that Canonical can still be trusted in general? Or is the Amazon search just a slippery slope towards them becoming the next Facebook or Apple (in terms of privacy risks, greed, underhanded tactics etc). For now we can turn this feature off, but what if the next version removes that ability and adds more advertising? I’m worried that they’ll just get worse and worse and ruin the spirit of GNU/Linux.