Personal Information...MY Information

[ccbmailroom]

My brother posed a question to me a few weeks back that got me thinking. I'll first off start with saying he is a die hard Microsoft Windows fan. He goes on and on touting the security of Windows concerning it's security that's built in as well as anit-virus software that helps keep your information yours.

Keeping on this train of thought, and ONLY keeping on this train of throught, his thought process is this: Microsoft is a corporation that sells Windows computers. LInux is community driven so it would be very conceivable that any Linux OS could potentially be created or changed to include software which would send information about you to someone else in the world. He is going to stick with Windows because it corporate backed. He doesn't "trust" software communities to develope software that he's going to put on his Windows OS.

My question is, outside of what I've heard about Unity sending information to some companies like Amazon and so forth, can Linux be trusted with our personal information being that it's community based and community driven? (Please don't bite off my head with this but I have a feeling I may not be the only one with this question).

*** For the record, I love the fact that Ubuntu's simplicity and power has made it my go-to OS since 2009 starting with Jaunty Jackalope. ***

[CRYy0OKmKpJgc]

The security of you OS depends on the security you enforce. Most malware is focused on Windows platforms, but that is also likely because Windows is the most widely used platform so it makes more sense to target it. If you install software from third parties that you don't know you can trust, any system can be compromised. As far as transmitting personal information, being community based development means there are several eyes on and hands in the pot. Odds are, someone would notice programming built to transmit personal information and address the situation. Yes, there are packages and entire OSs that were designed strictly to steal information, but that comes with knowing what you are installing. Use trusted sources and you won't have any problems.

[grahammechanical]

First of all, may I say, would you please make the font size smaller. It reads like you are shouting.

Second, have you read the Ubuntu privacy policy? It is there on the Details page of About this computer. It is also available through the Ubuntu web site. You might also want to look at System Settings>Security and Privacy.

Thirdly, do you know any of the differences between proprietary software and Open Source software?

With open source software anyone can get a copy of the application's source code and look though it or audit it to see what it does and what information it has access to. And that includes ordinary people like you and I. Can we do that with Microsoft's software or the applications that run on it?

Applications in the Ubuntu Software Centre are code audited to protect us from applications that do malicious things to our data. And that is possible because the applications are open source applications.

If your brother tells you that Windows is secure, then I would not trust his opinion on any subject. For the last two decades or more Microsoft Windows has had various security vulnerabilities exposed as users machines were infected by viruses, trojans and worms.

The vast majority of viruses target systems running Microsoft Windows,^[5][6][7] employing a variety of mechanisms to infect new hosts,^[8] and often using complex anti-detection/stealth strategies to evade antivirus software.

http://en.wikipedia.org/wiki/Computer_virus

http://en.wikipedia.org/wiki/Trojan_horse_(computing)

http://en.wikipedia.org/wiki/Computer_worm

Why does Windows come with a virus scanner? Because it is vulnerable to a virus attack. Is antivirus software good protection? Only if it already knows about the virus infecting your machine. Antivirus software cannot detect viruses that it does not know about. It is like a flu jab. It only works on viruses that the scientists know about. When the flu virus mutates into the next strain protection is more imaginary than actual.

We get better protection using Linux because there are too few Linux users to make targeting Linux machines profitable for the criminals. Also Linux/Ubuntu is designed to severely limit the possibilities of malicious code gaining the power to do damage.

If you are really worried about your information, then do not go on the Internet. Do not use social networking sites, Do not buy anything online. Do not use any mobile device. Do not use credit cards. As a test google your own name. You may be surprised to discover just how much information you have already given away. Google your brother's name as well. Give him a shock.

I recently watched BBC program called Click. In the program it was demonstrated how easy it was to collect information from people's mobile devices as to which web sites they had visited and they were able to do this as people walked by the cafe in London's Oxford street where the person doing the demonstration was sitting.

Regards.

[Impavidus]

Microsoft or any other commercial software developer is only in for the money. If they can save programmer's time by not tying down the loose ends, they will. If they can make money by selling whatever information they possess without generating too much bad publicity, they will. So who do you trust more, someone who is after the money (yours or someone else's, they don't care), or someone who likes creating good software?

[slickymaster]

Not a support thread.

Moved to the Ubuntu, Linux and OS Chat sub-forum

[chopra]

I was under the impression that Linux in general was safer because it was designed as a transparent, multi-user system, with permission blocks for unauthorized users. Assuming, of course, that persons with superuser access don't do stupid things.

The fact that you have control over what permissions you run with, and the fact that, as superuser, you have the capacity to solve many problems directly (with help from message boards like this one ), is what I thought made linux secure.

BTW, people with superuser access doing stupid things, like changing the permissions on their home and root directories, isn't a flaw in the system, from my point of view. You can't have a transparent and idiot-proof system at the same time.

I'm rather inexperienced still, so if I'm incorrect, let me know.

As far as trusting the software developers not to put secret spy programs in their operating systems, the attitude of the linux community is an indication of how likely that is. The "controversy" over the Unity desktop/amazon.com issue is a perfect example of how linux users value their privacy. There isn't even any personal information shared with amazon anyway, and it's easy to deactivate, so I think people over-reacted, but it illustrates the point.

Chopra

[buzzingrobot]

Windows today is obviously more secure than it was years ago when Microsoft -- late to the Internet game -- migrated software intended for office LAN environments to the much, much more diverse internet.

Whether Windows is more or less secure than anything else is mostly the wrong question. We -- users -- are the biggest single security threat on any platform. Windows is the obvious choice for anyone looking to make money with malware, so more Windows users are tricked into introducing malware to their systems.


[qoute]...anit-virus software that helps keep your information yours.

Strictly speaking, a virus is only one form of attack. People need to look at what that commercial package called "anti-virus" is actually doing to understand the level of protection it offers. E.g., clicking on the URL of what you think is your bank's site in an email has nothing to do with a virus.

Microsoft is a corporation that sells Windows computers. LInux is community driven so it would be very conceivable that any Linux OS could potentially be created or changed to include software which would send information about you to someone else in the world. He is going to stick with Windows because it corporate backed. He doesn't "trust" software communities to develope software that he's going to put on his Windows OS.

I know people with the same opinion. But, the fact is that *anyone* who writes software can, potentially, embed harmful code into the product. The advantage of open source software like Linux is that the source is available for review by anyone who wants to look. Users can't do that with Microsoft products.

Unity sending information to some companies like Amazon and so forth, can Linux be trusted with our personal information being that it's community based and community driven?

The internet is a network. All data you generate when you use the net, and all data that is sent to your system, is relayed back and forth across the net in packets containing the unique IP number of the system you happen to be using. That's how it works. So, every server you access knows your current IP address. What the operators of that server do with that information, along with the data generated by things like cookies and such, is up to the operators.

Even if you use something like Tor, some server eventually needs to relay data to your actual IP.

Whether the software you use is from Microsoft or Apple or Google or from the Linux community does not alter how the net works. Unity, at present, contains a feature that, optionally, relays a user's search queries to Amazon's search engine and displays the results. This same function is used to allow a Unity user to leverage the same mechanism employed for internal searches for net searches. Whether that represents a privacy threat really depends on each user's definition of privacy.

Be aware that a great deal of information many of us might consider "private" is generated by the normal operation of the net. So, it's very often a matter of what a site operator decides to do with that information, not whether the operator does something nefarious to acquire it.

[sffvba[e0rt]

The source code is made available in linux so if anyone adds code that sends information some place it can be picked up by those in the know that check these kind of things. With proprietary code you can't see this as easily and you have to try and catch it in the act so to speak.

[PondPuppy]

Just as a side-note, operating systems can release certain data when they "phone home" to the vendor. For example, MS Windows (at least up through Win 7) sends crash reports to Microsoft when system or application problems occur. This is the default behavior, but it can be disabled. The reports typically share IP address, device details, application details, and Windows version and machine ID. If this information is intercepted, it could be used to build up a profile of your system. As I wrote, this can be disabled -- although an estimated 80% of Windows users leave it enabled.

Ubuntu has a similar crash reporting utility, called Apport. My understanding is that Apport's phone-home reporting is disabled by default on long-term stable releases.

Mac OSX also can submit crash reports to Apple, and like Ubuntu, this behavior is disabled by default. (At least I believe this is the case.)

Just mentioning this because it's one way that data can move from your system into other hands without involving a web browser or your Internet behavior.

[buzzingrobot]

Crash reports don't worry me one way or the other, and I'm sure their operation is buried in the terms of service notices we all read so diligently.

As I see it, the internet is a network, so, of course, the rest of the network can see me. It's intended to be apublic network, too. (Otherwise the web wouldn't work.) Privacy expectations need to be constrained accordingly: It's not point-to-point communication, it's publishing.