In association with heise online

30 October 2012, 11:26

EFF calls Ubuntu Shopping Lens a "major privacy problem"

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

EFF logo

The EFF has criticised Canonical's implementation of the Shopping Lens in the latest version of Ubuntu as "a major privacy problem", and has published a list of changes it believes the company should implement to alleviate the issues raised. Canonical, which sponsors the popular Linux distribution, had included a new feature in its Unity desktop in Ubuntu 12.10 which automatically queries several online shopping resources when users search for applications in the Dash user interface.

The EFF complains that image data sent back from Amazon to the user's PC is not encrypted, that users have no control over the data stored on Canonical's servers and that the company is vague in its description of what the accumulated data is used for. While outgoing queries to Canonical and online shopping providers such as Amazon are sent over HTTPS, the returned product images are sent in clear text, which enables bad actors listening in on the user's network traffic to reconstruct what the user was searching for. Additionally, Canonical's privacy policy does not clearly state what the company and its partners are doing with the data it aggregates and instead refers users to the specific privacy policies of the third party companies.

While the EFF does praise Canonical for listening to customer feedback, the organisation says that the provided ability to only switch all online searches off at once is insufficient and that the Ubuntu developers should include separate options for each lens. The organisation also strongly suggests that the developers should disable all online searches by default and let users opt into these features.

In the absence of Canonical changing the behaviour of Unity in these regards, the EFF suggests that concerned users try installing an alternative desktop such as GNOME 3, KDE or Cinnamon.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit