How to disable the built-in “spyware” in Ubuntu 14.04

Since Edward Snowden hit the news, mass surveillance is a hot topic. No wonder that people are complaining about the privacy problems in Canonicals latest Ubuntu Linux versions. Ubuntu has a search bar in which you type every program you start or document you open. Everything you type in this bar is sent to Amazon (among others). It allows there companies to see when you use your computer and what you use it for. Some people call the privacy endangering component “spyware” or “malicious software”.  Let’s look at the definition of spyware:

Spyware is software that aids in gathering information about a person or organization without their knowledge and that may send such information to another entity without the consumer’s consent, or that asserts control over a computer without the consumer’s knowledge. – Wikipedia

This feature is enabled by default. The only way the user is informed is by some legal notice that is buried many menus/clicks deep. I think most users will never see it. This is why I believe it fully qualifies as spyware. In my opinion it would have been okay if an opt-in was presented during the installation, but this is not (yet) the case. Richard Stallman is also very outspoken on the subject:

One of the major advantages of free software is that the community protects users from malicious software. Now Ubuntu GNU/Linux has become a counterexample. What should we do? – Richard Stallman

When Richard Stallman is asking “What should we do?” he does not mean: “How do we disable it?”. Since the answer to that question is easy, let me start with that one.

This is how to disable the Ubuntu “spyware”

If you happen to be running Ubuntu 14.04 and you value your privacy, then do this:

ubuntu_spyware

Switching off “online search results” solves your privacy problem, but not the real problem. The real problem is that Canonical is trying to sell their users privacy to make a quick buck.

What should we do about this behavior by Canonical?

I feel that switching from Ubuntu 14.04 to an Ubuntu 14.04 based distribution will send a clear signal to Canonical. I would suggest Xubuntu 14.04 or Linux Mint 17 as good alternatives to Ubuntu 14.04. Or if you are completely fed up with Canonical, then you may want to switch to Debian or even Trisquel Linux. No other Linux distribution (than Ubuntu) has this privacy problem. I believe that once the popularity of Ubuntu drops, Canonical will have to reconsider selling their users (private) data.

Share

Blocking Google and Facebook tracking using Ad Block Plus and Ghostery

abp_ghostery_iconsI was suprised to find out that both Google and Facebook were still tracking me after I installed “Ad Block Plus” with the “EasyPrivacy” subscription.

Facebook “like” widget not blocked on CNN.com

I was on CNN.com and I saw this little Facebook thingy:

follow_us

I expected that to be blocked by “Ad Block Plus” because I subscribe to the “EasyPrivacy” list. I started Firebug to see that the iframe was there and that is was loaded from the Facebook website:

cnn_follow_html

In the “blockable items” I verified that this widget was not blocked:

blockable_items2

This was unexpected to me, so I began to dig a little deeper in the workings of “Ad Block Plus”.

Google AdSense not blocked on nu.nl

On the Dutch news website (nu.nl) I saw that Google was whitelisted (shown green). I quickly found the filter source by hovering the rule, it said “Allow non-intrusive advertising”:

blockable_items

I was not aware of me allowing any tracking, especially not from Google. The main reason I have this plugin installed is to keep Google away. So, as you can understand I was not happy. How come “Ad Block Plus” had suddenly (from July 2013 according to dottech.org) decided some advertisers were better than others? Also why did “EasyPrivacy” not protect me against Facebook?

After some searching I found that this filter (that was enabled during the 2.0 update of the plugin) could be triggered with an obscure checkbox:

firefox_non_intrusive

This “acceptable ads feature” (as they call it themselves) is enabled by default as you can read in the “acceptable-ads” FAQ. Also, they are admitting that they are being paid:

…we are being paid by some larger properties that serve non-intrusive advertisements… – source

So what do you think? Has “Ad Block Plus” been paid by Google to unblock them? And why does the “EasyPrivacy” subscription not cover Facebook? Have they also been paid for that? (edit: The “Fanboy” subscriptions do block Facebook)

Ghostery to the rescue

I therefore decided to install Ghostery. This is another tool that promises to block tracking efforts. However, you must make sure that you configure it correctly:

  1. Options – General – Sharing options – Disable GhostRank
  2. Options – General – Blocking Options – Trackers – Select all
  3. Options – General – Blocking Options – Cookies – Select all
  4. Options – Advanced – Display Options – Select none
  5. Options – Advanced – Performance Options – Select all

Ghostery does not make a secret of their business model:

…it’s is made by an advertising company called Evidon … it is a Web tracking blocker that actually helps the ad industry – source

And remember, whenever you are not paying for a service, you are the product. So you better understand the business model behind these services. The business models of the “Ad Block Plus” and “Ghostery” plugins are (now) clear to me. This does NOT mean I endorse the use of these plugins. There are many arguments to use and also many to not use these plugins. Please  keep a critical mind and decide for yourself!

Share

2 Click Social Media Buttons

There is a strict cookie law in the European Union stating (source: www.ico.gov.uk):

Information to be provided

Cookies or similar devices must not be used unless the subscriber or user of the relevant terminal equipment:

(a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and

(b) has given his or her consent.

And also stating:

Exemptions from the right to refuse a cookie

The Regulations specify that service providers should not have to provide the information and obtain consent where that device is to be used:

(a) for the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network; or

(b) where such storage or access is strictly necessary to provide an information society service requested by the subscriber or user.

Not everybody knows that social media buttons (provided by social media networks) set cookies and track user behavior. We are talking about the standard Facebook-Like button (or Twitter/Google+/LinkedIn/etc) buttons you see under almost every post on a blog. Clicking these buttons register that the reader liked the post. This may be beneficial for the writer of the article, because this way the article is spread faster. Unfortunately the buttons also transmit information to the social media networks when the reader did not click them. This is not communicated to the reader, but also not necessary to provide the requested service and thus in violation of the cookie law.

A solution is described in the (German) heise.de article 2 clicks for more data protection. It makes you click twice: once to enable the button and the second click is the actual “like” or “recommend”. This is a very user-friendly solution that we have enabled on our website (as you can see below).

For more information you may want to read the (hard to understand) cookie directive (source: eur-lex.europa.eu):

(66) Third parties may wish to store information on the equipment of a user, or gain access to information already stored, for a number of purposes, ranging from the legitimate (such as certain types of cookies) to those involving unwarranted intrusion into the private sphere (such as spyware or viruses). It is therefore of paramount importance that users be provided with clear and comprehensive information when engaging in any activity which could result in such storage or gaining of access. The methods of providing information and offering the right to refuse should be as user-friendly as possible. Exceptions to the obligation to provide information and offer the right to refuse should be limited to those situations where the technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user. Where it is technically possible and effective, in accordance with the relevant provisions of Directive 95/46/EC, the user’s consent to processing may be expressed by using the appropriate settings of a browser or other application. The enforcement of these requirements should be made more effective by way of enhanced powers granted to the relevant national authorities.

Share