Firewall

[Hungry Man]

Really? Unauthorized, unintended outbound connections? Even when their contents may contain personal data you were searching for on your local machine? Golly gee, take me back a decade ago when the Windows firewall controversy got started. (cough, cough)

I mean that there's nothing inherently dangerous about an outbound connection. Yes, you can send data using an outbound connection but that isn't *strictly* dangerous, programs do it all the time and it doesn't really get taken advantage of by attackers (unlike inbound connections, which are inherently dangerous and have to have steps taken to mitigate the dangers).

That is EXACTLY what Canonical is banking on.

It's what the trillion dollar advertising industry is built on - the same industry that allows us to view the internet for free.

Yes, ads are a pain. We're given the choice to opt out but plenty of people may find it incredibly useful. Moves like this grow products, it's Ubuntu's first step to being a viable operating system in terms of a proper business model.

It's Linux - you're never going to be locked into anything. You'll always have an opt out no matter how convoluted.

[offgridguy]

I'm not sure how many would opt into this. Most users are dumb and don't have a clue what they actually want.[/QUOTE]

HungryMan, even if this is an accurate statement, I don't think it is in good taste to post it,
doesn't it it say something about being polite in the forum conduct rules?

[NadirPoint]

I mean that there's nothing inherently dangerous about an outbound connection.

What this tells me you mean is you either do not understand the issue or simply refuse to address it from a security standpoint.

[Hungry Man]

HungryMan, even if this is an accurate statement, I don't think it is in good taste to post it,
doesn't it it say something about being polite in the forum conduct rules?

I'm not implying anyone on this board is stupid. I'm just trying to say that for the most part users are uninformed and uninterested in how their systems operate.

What this tells me you mean is you either do not understand the issue or simply refuse to address it from a security standpoint.

Explain it to me.

[cariboo]

cariboo907 how can I Join the U+1 Development Releases Testing Team?, which level of knowledge do I need to be part of the U+1 Development Releases Testing Team?, and do I have to take some exam?, thanks in advance.

We have team members of all skill levels, no test, and everyone is welcome. Go here, to join.

[cariboo]

How many users do you believe would check that box in the global privacy manager if it were an "opt-in" feature?

Unauthorized or unintended outbound connections, regardless of their origin or intent are by definition a "bad" thing in the network world. I hope Cannonical is not on the road to becoming a commercial spyware vendor.

None, and I would suggest that most new users won't see it as a problem, until one of their searches result in a picture of a naked person, and depending on what country they are from, I expect some will find it funny, and others will find it outrageous.

This is more a privacy issue than a security issue, most of those that don't want their details broadcast to the world, have already taken actions to stop that from happening, and those that come into the Ubuntu world and are worried about such things will do what any normal user would do, do a Google search, and find enough information available to easily disable the function.

[NadirPoint]

...and those that come into the Ubuntu world and are worried about such things will do what any normal user would do, do a Google search, and find enough information available to easily disable the function.

But they won't, because there are no such thing as a "normal" user. By not making it opt in or notifying the user in any way Canonical is taking advantage of the fact that a large number of them will either be oblivious or just not care.

This reeks to high heaven.

Funny, I can't seem to remember the last timew I saw an Ubuntu Privacy Policy notice. It would be interesting to see how they draft that now.

And the simple fact that they "would" do this makes it a security issue as well, by virtue of Shuttlworth's flippant remak about ostensibly having "root." There is no trust anymore, as far as I am concerned.

[Hungry Man]

If you don't have trust now you never should have. They do have root on your system, you get packages directly from them, and if you don't trust them now you never should have.

About the NWS stuff I think that was solved. (yep http://www.omgubuntu.co.uk/2012/10/u...es-nsfw-issues )

This is a privacy issue and it doesn't even have to be because:
1) Canonical acts as a proxy between you and Amazon. They can easily strip out information that could be used to personally identify you, they could do this locally as well.

2) There's an opt out.

Why not an opt in? Because most users, again, have no idea what they want. They'd never opt in and they'd never know whether they actually would find it useful or not.

It's a business model. When it comes to Linux you don't really get to charge for the OS you have to either charge for support or come up with a new model.

From a security standpoint nothing has changed. Outbound connections aren't scary - they don't point to a vulnerable service like an inbound connection and in terms of a local attack there's already ports to choose from. Canonical has always had 'root' on your system and you've always trusted them to package binaries for you.

[NadirPoint]

If you don't have trust now you never should have. They do have root on your system, you get packages directly from them, and if you don't trust them now you never should have.

Trust is a concept you also appear to not understand very well. It is not a black/white all or nothing proposition in many cases. It can be like for example between 2 spouses, but certainly not this one. There is complete trust, blind trust, limited trust, and various others. What trust do you put in Canonical?

Before, I trusted them to update packages with the implicit understanding that was what they did, within the framework of their development requirements, little more. I did not, (nor do I believe you will find anyone) trust them to install software that broadcast my searches across the Internet without my knowledge. Did you?

Good luck with that. Like I said, the limited trust that was there is now gone.

[Hungry Man]

Nah, I think I understand plenty. You're blowing this situation out of proportion.