NEWS CATEGORIES:

NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>

Find us on Google+

TRENDING TODAY

Home > News > Linux

September 27th, 2012, 09:17 GMT · By Silviu Stahie

Ubuntu 12.10 Home Lens User Data Still Exposed, Despite Canonical Claims

Adjust text size:

As the Ubuntu 12.10 privacy blunder continues, more and more people find that integrating online searches into Unity Dash has a lot more ramifications than initially thought.

Etienne Perot, an Ubuntu fan with a little more experience than the average users has shown that Mark Shuttleworth statements about the privacy of the users are not entirely correct.

A few days ago, Mark Shuttleworth was doing some damage control saying that “We are not telling Amazon what you are searching for and your anonymity is preserved because we handle the query on your behalf.”

Etienne Perot noticed

that this statement was only partially correct. The queries are indeed sent first to a Canonical server and from there to Amazon. The return trip of that query is not the same. The thumbnails used to display the result in Dash are downloaded straight from Amazon, over the HTTP protocol.

Amazon provides an SSL service for the images they send, ssl-images-amazon.com, so it's unclear why Canonical wouldn't chose the latter.

In this manner, Amazon can get the user's IP address and correlate the answer they send back with an “anonymous” query made by a Canonical server. In theory, Amazon could then use targeted advertisements for that IP after sending an image of a certain product, not to mention that third-party snooping over HTTP queries is also a possibility.

The user who filed the bug on Launchpad also provided the necessary means to check for yourself, using Wireshark.

The Launchpad bug has been confirmed, but the importance has yet to be determined. In light of the major problems Canonical is now facing with this issue, the developers have taken some steps already.

In the final version of Ubuntu 12.10, all the queries will be encrypted and sent on HTTPS protocol in order to ensure the privacy of the users. New options to stop the network traffic of the lenses will also be implemented, although is not clear whether if it's going to be available in Ubuntu 12.10 or 13.04.

FILED UNDER:

	Share your thoughts on this story...
		2,079 hits Link to this article · Print article · Send to friend

MUST-READ RELATED ARTICLES:

Canonical Could Disable Network Access for Unity Lenses

Mozilla Snatches Canonical's Marketing Director John Bernard

Unity Shopping Lens Returns NSFW Images

Unity Dash Searches Will Be Encrypted in Ubuntu 12.10

Canonical: We Have Root, Trust Us

READER COMMENTS:

No user comments yet.

Be the first to express your opinion!

SUBMIT PROGRAM \| ADVERTISE \| GET HELP \| SEND US FEEDBACK \| RSS FEEDS \| UPDATE YOUR SOFTWARE \| ROMANIAN FORUM
© 2001 - 2013 Softpedia. All rights reserved. Softpedia® and the Softpedia® logo are registered trademarks of SoftNews NET SRL.	Copyright Information \| Privacy Policy \| Terms of Use