/philosophy/ubuntu-spyware.html-diff

<!--#include virtual="/server/header.html" -->
<!-- Parent-Version: (削除) 1.96 (削除ここまで) (追記) 1.98 (追記ここまで) -->
<!-- This page is derived from /server/standards/boilerplate.html -->
<!--#set var="TAGS" value="essays cultural evils" -->
<!--#set var="DISABLE_TOP_ADDENDUM" value="yes" -->
<title>Ubuntu Spyware: What to Do? 
 - GNU Project - Free Software Foundation</title>
<!--#include virtual="/philosophy/po/ubuntu-spyware.translist" -->
<!--#include virtual="/server/banner.html" -->
<!--#include virtual="/philosophy/ph-breadcrumb.html" -->
<!--GNUN: OUT-OF-DATE NOTICE-->
<!--#include virtual="/server/top-addendum.html" -->
<div class="article reduced-width">
<h2>Ubuntu Spyware: What to Do?</h2>
<address class="byline">by
<a href="https://www.stallman.org/">Richard Stallman</a></address>
<div class="introduction">
<p>Since <a (削除) href="http://fossbytes.com/the-spyware-feature-in-ubuntu-will-be-disabled-in-ubuntu-16-04-xenial-xerus/">Ubuntu (削除ここまで)
(追記) href="https://web.archive.org/web/20230331223554/http://fossbytes.com/the-spyware-feature-in-ubuntu-will-be-disabled-in-ubuntu-16-04-xenial-xerus/">Ubuntu (追記ここまで)
version 16.04</a>, the spyware search facility is now disabled by
default. It appears that the campaign of pressure launched by this
article has been partly successful. Nonetheless, offering the spyware
search facility as an option is still a problem, as explained below.
Ubuntu should make the network search a command users can execute from
time to time, not a semipermanent option for users to enable (and
probably forget).
</p>
<p>Even though the factual situation described in the rest of this
page has partly changed, the page is still important. This example
should teach our community not to do such things again, but in order
for that to happen, we must continue to talk about it.</p>
</div>
<p>One of the major advantages of free software is that the community
 protects users from malicious software. Now
 Ubuntu <a (削除) href="/gnu/linux-and-gnu.html"> GNU/Linux </a> (削除ここまで) (追記) href="/gnu/linux-and-gnu.html">GNU/Linux</a> (追記ここまで) has become
 a counterexample. What should we do?</p>
<p>Proprietary software is associated with malicious treatment of the user:
 surveillance code, digital handcuffs (DRM or Digital Restrictions
 Management) to restrict users, and back doors that can do nasty things
 under remote control. Programs that do any of these things are
 malware and should be treated as such. Widely used examples include
 Windows, the <a
 href="/philosophy/why-call-it-the-swindle.html">iThings</a>, and the
 Amazon “Kindle” product for virtual book
 burning, which do all three; Macintosh and the Playstation III which
 impose DRM; most portable phones, which do spying and have back doors;
 Adobe Flash Player, which does spying and enforces DRM; and plenty of
 apps for iThings and Android, which are guilty of one or more of these
 nasty practices.</p>
<p><a href="/philosophy/free-software-even-more-important.html">
 Free software gives users a chance to protect themselves from
 malicious software behaviors</a>. Even better, usually the community
 protects everyone, and most users don't have to move a muscle. Here's
 how.</p>
<p>Once in a while, users who know programming find that a free program
 has malicious code. Generally the next thing they do is release a
 corrected version of the program; with the four freedoms that define
 (削除) free software (see (削除ここまで)
 <a (削除) href="/philosophy/free-sw.html">http://www.gnu.org/philosophy/free-sw.html</a>), (削除ここまで) (追記) href="/philosophy/free-sw.html">free software</a>, (追記ここまで) they
 are free to do this. This is called a “fork” of the program. Soon
 the community switches to the corrected fork, and the malicious
 version is rejected. The prospect of ignominious rejection is not
 very tempting; thus, most of the time, even those who are not stopped
 by their consciences and social pressure refrain from putting
 malfeatures in free software.</p>
<p>But not always. Ubuntu, a widely used and
 influential <a (削除) href="/gnu/linux-and-gnu.html"> GNU/Linux </a> (削除ここまで) (追記) href="/gnu/linux-and-gnu.html">GNU/Linux</a> (追記ここまで)
 distribution, has installed surveillance code. When the user
 searches her own local files for a string using the Ubuntu desktop,
 Ubuntu sends that string to one of Canonical's servers. (Canonical
 is the company that develops Ubuntu.)</p>
<p>This is just like the first surveillance practice I learned about in
 Windows. My late friend Fravia told me that when he searched for a
 string in the files of his Windows system, it sent a packet to some
 server, which was detected by his firewall. Given that first example
 I paid attention and learned about the propensity of “reputable”
 proprietary software to be malware. Perhaps it is no coincidence that
 Ubuntu sends the same information.</p>
<p>Ubuntu uses the information about searches to show the user ads to buy
 various things from Amazon. 
 <a href="https://stallman.org/amazon.html">Amazon commits many
 wrongs</a>; by promoting Amazon, Canonical contributes to them.
 However, the ads are not the core of the problem. The main issue is
 the spying. Canonical says it does not tell Amazon who searched for
 what. However, it is just as bad for Canonical to collect your
 personal information as it would have been for Amazon to collect it.
 Ubuntu surveillance
 is <a href="https://jagadees.wordpress.com/2014/08/27/ubuntu-dash-search-is-not-anonymous/">not
 anonymous</a>.</p>
<p>People will certainly make a modified version of Ubuntu without this
 surveillance. In fact, several GNU/Linux distros are modified
 versions of Ubuntu. When those update to the latest Ubuntu as a base,
 I expect they will remove this. Canonical surely expects that too.</p>
<p>Most free software developers would abandon such a plan given the
 prospect of a mass switch to someone else's corrected version. But
 Canonical has not abandoned the Ubuntu spyware. Perhaps Canonical
 figures that the name “Ubuntu” has so much momentum and influence that
 it can avoid the usual consequences and get away with surveillance.</p>
<p>Canonical says this feature searches the Internet in other ways.
 Depending on the details, that might or might not make the problem
 bigger, but not smaller.</p>
<p>Ubuntu allows users to switch the surveillance off. Clearly Canonical
 thinks that many Ubuntu users will leave this setting in the default
 state (on). And many may do so, because it doesn't occur to them to
 try to do anything about it. Thus, the existence of that switch does
 not make the surveillance feature ok.</p>
<p>Even if it were disabled by default, the feature would still be
 dangerous: “opt in, once and for all” for a risky practice, where the
 risk varies depending on details, invites carelessness. To protect
 users' privacy, systems should make prudence easy: when a local search
 program has a network search feature, it should be up to the user to
 choose network search explicitly <em>each time</em>. This is easy:
 all it takes is to have separate buttons for network searches and
 local searches, as earlier versions of Ubuntu did. A network search
 feature should also inform the user clearly and concretely about who
 will get what personal information of hers, if and when she uses the
 feature.</p>
<p>If a sufficient part of our community's opinion leaders view this
 issue in personal terms only, if they switch the surveillance off for
 themselves and continue to promote Ubuntu, Canonical might get away
 with it. That would be a great loss to the free software community.</p>
<p>We who present free software as a defense against malware do not say
 it is a perfect defense. No perfect defense is known. We don't say
 the community will deter malware <em>without fail</em>. Thus,
 strictly speaking, the Ubuntu spyware example doesn't mean we have to
 eat our words.</p>
<p>But there's more at stake here than whether some of us have to eat
 some words. What's at stake is whether our community can effectively
 use the argument based on proprietary spyware. If we can only say,
 “free software won't spy on you, unless it's Ubuntu,” that's much less
 powerful than saying, “free software won't spy on you.”</p>
<p>It behooves us to give Canonical whatever rebuff is needed to make it
 stop this. Any excuse Canonical offers is inadequate; even if it used
 all the money it gets from Amazon to develop free software, that can
 hardly overcome what free software will lose if it ceases to offer an
 effective way to avoid abuse of the users.</p>
<p>If you ever recommend or redistribute GNU/Linux, please remove Ubuntu
 from the distros you recommend or redistribute. If its practice of
 installing and recommending nonfree software didn't convince you to
 stop, let this convince you. In your install fests, in your Software
 Freedom Day events, in your FLISOL events, don't install or recommend
 Ubuntu. Instead, tell people that Ubuntu is shunned for spying.</p>
<p>While you're at it, you can also tell them that Ubuntu contains
 nonfree programs and suggests other nonfree programs. (See
 (削除) <a href="/distros/common-distros.html">
 http://www.gnu.org/distros/common-distros.html</a>.) (削除ここまで) (追記) “<a
 href="/distros/common-distros.html#Ubuntu">Explaining Why We Don't
 Endorse Other Systems</a>” for details.) (追記ここまで) That will counteract
 the other form of negative influence that Ubuntu exerts in the free
 software community: legitimizing nonfree software.</p>
<div class="important">
<p>
The presence of nonfree software in Ubuntu is a separate ethical
issue. For Ubuntu to be ethical, that too must be fixed.
</p>
</div>
</div>
</div><!-- for id="content", starts in the include above -->
<!--#include virtual="/server/footer.html" -->
<div id="footer" role="contentinfo">
<div class="unprintable">
<p>Please send general FSF & GNU inquiries to
<a href="mailto:gnu@gnu.org"><gnu@gnu.org></a>.
There are also <a href="/contact/">other ways to contact</a>
the FSF. Broken links and other corrections or suggestions can be sent
to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>.</p>
 
<p><!-- TRANSLATORS: Ignore the original text in this paragraph,
 replace it with the translation of these two:
 We work hard and do our best to provide accurate, good quality
 translations. However, we are not exempt from imperfection.
 Please send your comments and general suggestions in this regard
 to <a href="mailto:web-translators@gnu.org">
 <web-translators@gnu.org></a>.</p>
 <p>For information on coordinating and contributing translations of
 our web pages, see <a
 href="/server/standards/README.translations.html">Translations
 README</a>. -->
Please see the <a
href="/server/standards/README.translations.html">Translations
README</a> for information on coordinating and contributing translations
of this article.</p>
</div>
<!-- Regarding copyright, in general, standalone pages (as opposed to
 files generated as part of manuals) on the GNU web server should
 be under CC BY-ND 4.0. Please do NOT change or remove this
 without talking with the webmasters or licensing team first.
 Please make sure the copyright date is consistent with the
 document. For web pages, it is ok to list just the latest year the
 document was modified, or published.
 
 If you wish to list earlier years, that is ok too.
 Either "2001, 2002, 2003" or "2001-2003" are ok for specifying
 years, as long as each year in the range is in fact a copyrightable
 year, i.e., a year in which the document was published (including
 being publicly visible on the web or in a revision control system).
 
 There is more detail about copyright years in the GNU Maintainers
 Information document, www.gnu.org/prep/maintain. -->
<p>Copyright © 2012, 2014, 2016, (削除) 2021 (削除ここまで) (追記) 2023, 2024 (追記ここまで) Richard Stallman</p>
<p>This page is licensed under a <a rel="license"
href="http://creativecommons.org/licenses/by-nd/4.0/">Creative
Commons Attribution-NoDerivatives 4.0 International License</a>.</p>
<!--#include virtual="/server/bottom-notes.html" -->
<p class="unprintable">Updated:
<!-- timestamp start -->
$Date: 2024年01月01日 05:42:45 $
<!-- timestamp end -->
</p>
</div>
</div><!-- for class="inner", starts in the banner include -->
</body>
</html>

AltStyle によって変換されたページ (->オリジナル) /