The Canonical quote is the most illuminating :-
"As per the Azure T&Cs, Microsoft shares with Canonical, the publisher of Ubuntu, the contact details of developers launching Ubuntu instances on Azure. These contact details are held in Canonical’s CRM in accordance with privacy rules.
"On February 10th, a new Canonical Sales Representative contacted one of these developers via LinkedIn, with a poor choice of word. In light of this incident, Canonical will be reviewing its sales training and policies."
This is the last part of the Microsoft statement:
"Our terms with our publishers allow them to provide customers with implementation and technical support for their products but restricts them from using contact details for marketing purposes"
Canonical then tells us that this person was a Sales Representative, and it is clear from the content that this is a message aimed towards selling. Canonical has broken Microsoft's terms. That said, I can't see where that legal restriction is (e.g. can't see anything like that in https://azure.microsoft.com/en-us/support/legal/marketplace-...).
The part I find the most enlightening (ie: disturbing) is that Canonical's only regret is that the sales rep used "a poor choice of word" and they will train their salespeople better.
I assume the "poor choice of word" was when the salesman said, "I saw that you spun up an Ubuntu instance". Was Canonical's biggest regret that the salesmen INFORMED the user that they are monitoring installs and linking them to contact information?
Canonical never said "oh the salesperson wasn't supposed to market to you with this information", instead they basically said, the salesman wasn't supposed to TELL YOU that we are monitoring what you install and linking it to personal contact details.
Exactly. The old "I'm sorry I got caught" and not "I'm sorry I did it."
The word "better" does not imply a commitment towards customers and/or investors.
*The word "do" should not be seen as referring to the taking of any specific course of action which may or may not yield tangible change.
*The word "can" does not signify a concrete ability and is not forward-looking.
*The word "We" should not be interpreted as Canonical Ltd. nor any of its subsidiaries or affiliated entities.
>It Depends on what the meaning of the word is is
There's a big difference between "is" and "was". Which is what he should have said. There were no semantic games in that particular statement, in stark contrast to some of the other things he said.
I don't really understand why everyone is up in arms here. In this case, Microsoft is basically a reseller. They told Canonical that they sold one of their product to a customer and Canonical reached out on LinkedIn, a professional social network. It all seems fair game to me. This is not some creepy internet tracking using dubious way to segment people. This is basic direct marketing in a B2B context.
It's all pretty tame.
It is actually completely unacceptable on what is advertised as a secure platform to engage in targeted marketing AT ALL. If any information about what my company is doing on your platform is shared to other companies, then you are not secure by any definition of the word that I'm aware of. It is not for you to judge what information is valuable or damaging for us.
Security and data sharing have nothing in common. It is perfectly acceptable to share customers list when you are resellers if you clearly state you will do so in the contract. It doesn't become true because you write it in all cap and say it is not for me to judge. If you so value your company information, maybe you should start reading what you sign.
Once again, we are not talking about an unreadable EULA for personal software. Azure is a platform geared towards professional. Nothing creepy is happening here. That's Canonical reaching out and giving a potential customer a point of contact if they ever need support. This has nothing to do with broad data collection and spying and is perfectly reasonable. I don't understand why some commenters here find the idea of talking with an actual human being so traumatic.
> If you so value your company information, maybe you should start reading what you sign.
Is exactly what people are up in arms about. Even reading the EULA, you may not expect Microsoft to permit data sharing in this way. And if this is entirely unacceptable for you, then it's time to leave Microsoft.
Or you can make noise about it online like this, and cause Microsoft to realise this sharing will lose them customers. I doubt the data is worth the churn, and Microsoft will likely change the policy rather than lose the customers.
Well maybe it is ok from that perspective. However my personal reaction as a customer to such sales approach would simple be something in line of GFY to that salesperson.
Canonical never said "oh the salesperson shouldn't have had this information".
There's only one way they could have used it.
The sales rep was probably expected to reach out claiming some other reason, making it look like the standard LinkedIn spam, but in reality much more targeted.
“The first rule of the the surveillance economy is don’t talk about the surveillance.”
Of course they have the raw data, but it's possible the people who sent that tweet just have access to a database that contains only anonymized data.
"Customer privacy and trust is our top priority at Microsoft. We do not sell any information to third-party companies and only share customer information with Azure Marketplace publishers when customers deploy their product, as outlined in our Terms and Conditions. Our terms with our publishers allow them to provide customers with implementation and technical support for their products but restricts them from using contact details for marketing purposes."
My interpretation is:
Every time you buy or use something from the Marketplace, MS will give your contact details to the Marketplace publisher. That publisher is then restricted in what they can do with the information. They may not use it for Marketing, they may use it to provide technical support.
And if the answer to that last question is no, what can Canonical do with the data that's actually valuable to them? If I were given access to a database of sales leads that I was explicitly disallowed from contacting, I would actively avoid even accessing the data to avoid any accusation or perception that I violated those terms, just in case I independently got in touch with those same leads through a different channel.
Interesting that this is not so.
Microsoft being lily-white (/s) would ensure they had GDPR-like positive consent from customers that they could pass on those customers info to specific third parties...
The idea that companies keep some sort of information wall between their support and marketing departments is pretty ridiculous. MS have to be fully aware of this, surely.
So, the story is Canonical taking part in the same crap as the more overtly crap companies, and just this one agent not being clever enough to keep their leads under wraps.
GDPR obliges companies to provide information on all this parties PII has been passed to. Given cookie lists (or UBlock blocked files) are hundreds of companies long I'm surprised we're not getting reports of who is buying up all this info.
The data on who was doing what would be useful for providing implementation and technical support to people who has already contracted with Canonical for those services, both for providing the service and, depending on price structure, possibly for billing.
So then why should everyone else who doesn't have any contact with Canonical have their data forwarded to them too? This should be opt-in rather then opt-out, let alone always happening with no way to opt out
It's probably part of the contract between MS and Canonical.
I don't understand - what's the difference between marketing and sales? Sales is trying to sell you something? But that's also marketing?
Pretty ironic considering the meaning of the word "ubuntu".
- Azure is the second largest cloud provider worldwide
- Ubuntu is probably the most common Linux distro installed in the cloud
- We never heard about another episode like this before
Now if Canonical was allowing / encouraging this kind of behavior from their sales rep, I think we should have seen it happen in the wild before (like, a thousand times?) already; since it only happened once, I'm inclined to believe them. Also see 
Now let me think: I'm not OK with Canonical accessing my contact information because I spin up a VM, but I'm also not OK with Microsoft sharing my contact information with Canonical. What's wrong with "let me call them if and when I need?" But I'm European so maybe a little too privacy focused.
 BTW: let's say 99% Ubuntu VMs are spun to host some boring Wordpress site, nuvelle cuisine blog or leather shoe shop. What's the chance of an Ubuntu sales representative to ever make a sale this way? I guess it must be pretty slim, so he'd have to contact hundreds of potential customers to turn a few sales - something that would quickly get reported if it was a corporate business habit. This reinforces my first impression.
You know what they say, the definition of "gaffe" is when someone tells the truth.
Thinking about it though, a lot of it is a question of surprise and unknowns. I would find this message to be a lot better - "We see that you've taken advantage of the Ubuntu image that Canonical provide in the Azure Marketplace. I am available to you for (etc.)".
No. That's not better at all.
The mere fact that Canonical has specific information to reach me when I am not a direct customer of Canonical is a complete violation of my privacy.
Ubuntu is a free product. Canonical should not be able to find out if I (specifically me or my organization) allocates or runs 1 or 10000 instances of Ubuntu.
I agree with the message behind this and obviously Canonical and Microsoft are both being extremely gross.
But Ubuntu as a binary image (or source code) is a very different product than a VM with Ubuntu pre-installed and pre-configured, which is what you paid for (and is why you got ensnared by their horrible anti-user license).
How? Why? If it's different in any meaningful way from just clicking "next" on the installer then it's no longer Ubuntu, and certainly not Canonical Ubuntu, that's pre-installed. It's become, at best, Microsoft-Ubuntu-Because-Microsoft-Added-Telemetry-For-Azure. Or it's Canoncical-Ubuntu-Configured-By-Microsoft-With-Azure-CLI-Preinstalled.
It's not "Ubuntu" any more.
When I'm paying for an official Azure version of Ubuntu on Azure, I darn well expect there will be a closer support relationship than the free desktop version.
Okay, but maybe other people don't want that if it entails their information being shared with a company they haven't initiated a business relationship with?
> haven't initiated a business relationship
To say that you have no business relationship with Canonical while paying Canonical to use Canonical software with official Canonical technical support is absurd to the highest degree.
You deciding to resurrect the comment because you happened to see it before I deleted it is really not OK. It's the exact kind of toxic hostile, creepy interaction I was trying to avoid from you by deleting the comment!
I thought your comment was interesting and merited a reply for others to see and discuss. But I see you disagree so I've removed the content of my reply.
Feel free to flag any comments you find particularly toxic or hostile. You can do that by clicking on the timestamp of the comment and clicking the `flag` link.
Or even better, let me know (like you have done so here). I can't improve myself if I don't know there's a problem.
Posting something and deleting it after it has been seen is basically gaslighting. Imagine the kinds of harassment people could get away with if they said rude things to coworkers on chat, then edited the messages to appear benign after the coworker responded to their hostility.
That is why people quote the text of comments to which they want to reply.
Furthermore is strenuous disagreement now toxic and hostile?
Wouldn't it be more trivial to say I do not wish to engage and leave it at that? Ironically calling someone toxic hostile and creepy is... pretty toxic.
I think someone has the right to change their mind about something they've said. That's why I edited my comment to remove it.
> Furthermore is strenuous disagreement now toxic and hostile?
I don't think so. But I know that I sometimes get passionate about my opinions. I welcome someone's input to keep me friendly.
> Wouldn't it be more trivial to say I do not wish to engage and leave it at that? Ironically calling someone toxic hostile and creepy is... pretty toxic.
I would like to think better than that. I think it was good of @ojnabieoot to let me know that they thought I'd wronged them.
Some people can feel very anxious or awkward to conversation for very good reasons. They can state opinions and then choose to retract their opinions for any reason -- even if the opinion is held but they choose to remove themselves from the conversation. I think that's a good thing to discuss but this isn't the venue to.
Ditto the Ubuntu images on Docker Hub.
This is a big misstep for Microsoft, from my point of view. I think it's less a reflection on Canonical, because once they have the information, it's ultimately going to be used. Microsoft just should not have agreed to the arrangement at all.
To quote the old native american (?) fable: You knew what I was when you picked me up.
I don't think that most of the people have a problem with that. The problem is being sucked-in to something without ever agreeing into.
In the era of privacy sensitivity (which I think is healthy), being watched in a place and prodded from a different channel is disturbing.
I don't mind people trying to reach me with the hope of sales based on information I've provided to them, but this is too far.
Also it removes two veils from both companies at once:
1. It seems Microsoft still has sneaky tactics, but they're more invisible.
2. Canonical is somewhat more aggressive and greedy than it seems, and Ubuntu desktop is just a freemium product, or another capturing device for further vendor lock-in.
So MS sharing "their" customer details with the image provider seems more generous than evil. Provided there's a "Do not share" config option somewhere.
If I download packages and Ubuntu, and assemble my own image, or use one assembled by another org, probably not.
I think the disconnect is that for me, image packaging and updating is work, and that work has an author, and the author is deserving of certain rights others are not.
If Azure is auto-pulling Ubuntu images, building containers, and publishing themselves, then that's a different story.
Ubuntu is gratis, so Canonical can't have coerced Microsoft into doing so; it is quite probable that one approached the other to make a deal, and that Canonical is paying a certain fee for this information.
We're talking about a curated, supported, official image here, right?
If folks want to use a "MyUbuntuImage" they or someone else packaged and uploaded, more power to them.
But by pulling a Canonical image, you have a relationship with Canonical. Expecting that relationship not to exist "because open source" seems to be misunderstanding who does what work.
As to whether this should be opt-in, done, etc. is another matter entirely. But the fact that it exists at all doesn't feel particular shocking.
It's not like we're talking about everyone who pulls a RedHat image's info being sent to Canonical!
I don't expect an OS based on an OS based on an OS based on a half-finished OS based on free software principles to have shady data-dealing attached, yet hidden from the people whose data is being dealt.
Privacy protection is not an obligation, but transparency and openness is. Yes, you're not contractually required to not make a separate computer system that's proprietary and closed and disempowering, but that's so pedantic as to be malicious.
I mean, it's kind of ridiculous to think that you could do anything in a cloud environment system and not have your actions tracked. Hell, with automated load balancing and load-based billing, that's literally what you're signing up for.
In this case, the license is the GPL, none of which has anything to say about privacy. Maybe this is a failure of the Free Software Foundation's to not include privacy protection in the GPL. Though even if they were to create a GPLv4, the Linux Kernel is still only licensed under v2, so distro implementors have no obligation to use a more restrictive license.
AKA, "the cat is already out of the bag".
In the OP's case, they additionally are are customer of Microsoft's, who explicitly stated they share this kind of information with their vendors.
Debian Free software guideline does not allow discriminate against using debian for evil.
Citation needed. RMS, the FSF and many other orgs made public statements around privacy many times.
Now, I can't exhaustively prove a negative, but I think I can easily demonstrate that the FSF has never meaningfully expressed an opinion on privacy. Go to https://www.gnu.org/philosophy/philosophy.html, open every single page it links to in the body of the text, and search for the word "privacy". It does not show up in the body text of any of those documents. It shows up once in a footnote that mentions a change that Samsung made had that "caused privacy concerns".
The closest they get to even mentioning the concept of privacy is when they talk about the right to modify software and use those modifications "privately", which clearly does not mean anything about user privacy.
If privacy were so big of a concern for the FSF, you'd think they'd talk about it in their official documentation on their philosophy, or put something about it in the ONE tool they have to have power over anyone: the GPL.
The anti-patent-trolling, anti-tivoization and copyleft provisions are there to protect developers and users.
Additional clauses around privacy and security would be very nice.
Unfortunately, corporate-sponsored FUD made a lot of people wary of the GPL - which is ironic, given its protective features.
There is a certain level of reasoning where one might say that, if the software were truly libre, you could "just" fork it and rip out the parts you don't like. But because you clearly can't "just" do that, then the software must not be free.
Yes. The software is not Libre.
But it's not clear to me that this is the case because the system is hosted on Azure or the distro is Ubuntu. Your rights within a marketplace go only so far as you can throw your alternatives. Software, especially operating systems, are just too complex to expect the concept of Free Software to be sufficient to protect user privacy.
Another interesting question: aren't you a direct customer of Canonical here? When you buy stuff off of any marketplace or though a reseller, it seems to me you are a customer for multiple companies. Examples: buying an iPhone from AT&T, buying a laptop from Amazon, buying a Subaru through a dealer.
When you get it a certain way through Azure you both enter a contractual agreement with each other, and that does make you a customer.
I don't think the (non-)apology even gave that much, just that the training/policies will be "reviewed", which is even weaker:
>>In light of this incident, Canonical will be reviewing its sales training and policies.
Canonical is the one who violates trust here. Because they are using this information for marketing purposes, which they are not allowed to do under the information sharing agreement that they have with Microsoft.
So yes, we could argue whether Microsoft should be providing the installation information in the first place. It should at the very least be opt-out (on by default with the ability to not share), and preferably it should actually be opt-in (off by default, check a box to allow). So there is a violation of trust going on here, but this isn't any different than every other major tech company is guilty of right now (not that it makes it right).
But Canonical is the one that took the information and used it in a way that was never agreed to by either the person sharing the information (Microsoft) or by the user via the ToS (the ToS says that it is strictly for tech support, not for marketing). Canonical is the one that really overreached here.
An unstated assumption of using any "free" product is that it's not actually free. Canonical screwed up, to be sure, but I do think many of us just expect getting harassed by salespeople to be the cost of using a "free" product.
Microsoft, on the other hand, charges me by the hour for using Azure. They've taken their pound of flesh, so my business expectation is that I'm going to be left the hell alone for anything other than billing matters. Them sharing the data in the first place, for something I've paid money for, FEELS like the bigger violation to me.
For a linux distro, my expectations are that it's "free" but support will cost you money. My expectation is not that it's "free" and the OS will spy on you and report back to HQ so sales can make more sales.
If I don't give personal information on installation my expectation is the product is not harvesting or forwarding that information (For example, I expect that with Facebook, I don't expect that with GIMP).
Both are certainly wrong IMO. MS for giving personal info to a 3rd party and Canonical for bundling spyware with their OS. Both are super icky.
And you're selling the information in order to get tech support from Canonical, otherwise you can get it without selling your info (but won't really receive tech support).
As an aside, "pound of flesh" doesn't mean "payment", it means "something that is one's legal right but is an unreasonable demand (esp in the phrase to have one's pound of flesh)", both in Shakespeare and in current usage.
Unless you feel Microsoft's price is unreasonable and you have no other option, "pound of flesh" isn't the right expression.
Something like "they've taken their cut" is more accurate.
Too late to edit, though.
Neither one is an innocent party.
Companies now leak alot of metadata about what they are doing. If a teeny company like Canonical is mining stuff like this, consider what Microsoft knows about how you use their products, and I'm sure your EA negotiation as a big company is at some level driven by what they know.
That (enterprise support) is a very important side business. Whether they got cash from other OSes or just set it up the same to fight an eventual Anti-Trust Case is anyone's guess.
edit: The data doesn't just magically show up in Canonical's CRM. They spent time and effort establish an integration with Microsoft and then building processes on top of that data.
In the business world, having data marked "customer support only" is pretty common. There are quite a few laws acknowledging the difference. Importantly, the data is supposed to be kept separate and it sounds like Canonical screwed up here.
It’s like if you tell a friend that there's a key to your back door under the mat but to keep it a secret and instead of keeping the secret they tell a mutual friend about it and that mutual friend robs you since they know where the key is.
You shouldn’t trust the friend that told the your mutual friend where the key was and you shouldn’t trust the mutual friend who robbed you.
The friend who told your mutual friend may have done so for what they thought were useful reasons, like letting the mutual friend know so they could fix something for you while you’re out, but they still violated your trust non matter what their intent was.
I wonder what have the consequences been for that guy.
I haven't trusted Canonical since I noticed their pattern of creating competing alternatives to new Linux standards instead of helping them (Mir & Wayland, Snap & Flatpack, Unity & Gnome 3). It'd be one thing if they were bringing better ideas and long-term support to their alternatives, but they just seem to be half-baked copies. I appreciate all they've done for the Linux ecosystem, but I'll stick with my Debian.
Snap came BEFORE flatpak. Flatpak was the "new competing standard" in that situation.
And Gnome shell, quite frankly, sucked. IMO it still sucks, but back then it sucked WAY worse.
At the end of the day the scorecard reads:
- Mir: failed
- Unity: failed
- Snap: mostly failing
Meanwhile RedHat takes over stuff that doesn't work, makes it work a bit better, and pushes it on the whole ecosystem as "the" solution. And they win, and win, and win.
As much as I hate Snap and remove it from my Kubuntu systems, I don't see where it is failing. I frankly see a lot more non-linux-focused vendors support to snap than flatpak. Could you expand on that point?
It’s not a question of which one will succeed between snap and flatpak, it’s whether the ecosystem really needs either one of those.
unity failed because they abadoned it, but it was way better than wayland+gnome.
the problem was that it was based on gnome2 and had mir under its belt, so it would've been really really hard to somehow upgrade it
Unity didn't fail: ongoing development on it was cancelled because there was no way to successfully monetize it. It was, and remains, one of the most successful desktops out there.
If your definition of community is "people who develop desktop environments for open source software" then you're already limiting the size of your community to a few dozen or so individuals, and we had a few dozen contributors to Unity so I'm not convinced of the strength of this argument.
If your definition of community is "people who don't use Unity" then of course "everybody knows" that's trivially true. Some people also know it's a tautology.
What exactly is it that you think Wayland couldn't do and why was it necessary to invent an incompatible application interface to achieve that?
> Snap came BEFORE flatpak. Flatpak was the "new competing standard" in that situation.
And AppImage came before snap.
From the mir technical architect (found on askubuntu): https://samohtv.wordpress.com/2013/03/04/mir-an-outpost-envi...
> And AppImage came before snap.
Exactly right! And if the ONLY goal was compatibility, we all should be using appimage over snap. But snap was and is trying to promise more in terms of end-user security and transactional updates from the vendor. So there is a legitimate reason to make something new.
In general, I personally prefer the way Debian works (Debian the Project - not the Distro). It has a board of elected developers governing the project. I would prefer that over somewhat opaque functioning inside a company (Canonical).
To cite as an example, here's how they decided on the question of init systems .
I even tried to install Debian while I'm still not really used to Linux, but the graphics card immediately crapped itself on boot, so it will have to wait...
Nvidia was the least terrible solution about 10 years ago (I have PTSD from installing binary blobs and editing Xorg.conf to make it work.) While others have improved tremendously and you don't have to do anything to get full 2D and 3D acceleration (just boot the system), the Nvidia experience™ hasn't changed much since then.
I'm starting to learn too much about apt to try and prevent things from reinstalling themselves.
Some of them nice projects in their own right, but it's hard the shake the feeling of NIH syndrome.
>A look at the terms for the Azure Marketplace throws up this sentence: "If you purchase or use a Marketplace Offering, we may share with the Publisher of such Offering your contact information and details about the transaction and your usage."
So the publisher of something on their Marketplace gets some information.
This doesn't seem 'that' weird (well the linked in contact does) as it seems semi related to ... say apps and app stores and etc.
Edit: I'm not justifying the policy, but I am noting that on a marketplace with third parties, this seems pretty standard / something you should always consider when you install something from a third party.
> I belive you spun up the VM based on an image from the Azure Marketplace, specifically one from Ubuntu. That is not a microsoft image, you accepted an offer from Ubuntu and now they contact you to follow up.
That's my understanding of the situation. Hopefully someone can clarify
> Where exactly it is visible any ToS?! As soon as I clicked on "add new VM", the first option suggested was Ubuntu 18.04. I didn't dig into the Azure Marketplace. I just picked the first option available since I quickly need a linux-based test VM.
I mean, I'm not as familiar with the AWS marketplace, but I use the GCP marketplace, and when I choose an offering from that marketplace it's very clear I'm just buying a prepackaged solution from another vendor, and I'd expect that other vendor gets my info. IMO this is very different from choosing the OS for your VM from a dropdown.
If I'm buying a SaaS or DBaaS from a vendor over a marketplace, or launching a metrics collector where phoning those metrics home is a core value prop, I'd be fine to be told that sharing information with the end operator, not just the marketplace, is necessary to fulfill the transaction. And there should be contracts in place to ensure my data's not used for unrelated purposes. If the operator breaches those contracts, the operator is liable.
But in what possible way is "using a pre-packaged Linux distribution" a transaction where sharing information with the packager is "necessary?"
I have no doubt that Microsoft's lawyers have covered their posteriors here. But the spirit of these regulations would be that users don't have the expectation that they're opting into Canonical getting their info just because they use a bog-standard Ubuntu distro. Users didn't knowingly consent to this.
(EDIT: not a lawyer, not legal advice)
In my most recent case I received such a packet 6 days after the date they said they activated the service. I called the same day and told the agent I wanted to cancel my trial subscription, citing specifically that I did not want the service and refused the terms of the agreement. The retention script (which is the same no matter which agent you talk with) is, "well you can keep the trial going and it will just expire", and repeat it several times. You have to be persistent and use the language "cancel my subscription", or you will get nowhere.
To be clear, I do not think any of my efforts will get my contact info out of their databases. Auto purchases are recorded publicly (at least in my state).
My comment above was about the extent to which Sirius, as a company, puts up hurdles to protect their nuisance practices, including shrouding them with legal claims that they will defend at the highest levels of jurisprudence. They lost their case in 2014 and updated the language in their agreement, presumably to address the weakness of their previous agreement, since it still claims to bind the customer without any action on their part.
In any case, I do not want to derail this thread any further.
Since most appliance manufacturers require you registering your product with them for warranty service, yes, please take care of that for me (many appliance stores do). Now _should_ Maytag require that registration? If it makes for a quicker and smoother warranty service process then I'm okay with it - better than needing to dig up a receipt in three years, only to find that the thermal printing has faded.
Manufacturers legally have to honor their warranty regardless of you giving them your information. They don’t exactly say you won’t be covered by warranty if you don’t “register”, because they legally can’t.
The idea that a AWS or Aszure market place with third parties involved is different than say my example, an App store with third parties seems like a good way to think about it.
I'm not justifying the policy, but I am noting the context isn't that different and how we should think about it.
For warranty purposes of course
> You buy soap from Walmart. They send your name and address to Johnson & Johnson.
In case they need to recall the soap
> You buy a sandwich at your local deli. They send your name and address to Boar’s Head. Cool?
So you can get some cool Boar's Head swag!
Just kidding of course. We need much better data privacy protection.
I can’t even imagine what that might be. But technical support for my sandwich making needs would be fun. Kind of how Butterball (I think it’s them) has a help line on Thanksgiving for cooking turkeys. They made the news a few years ago by hiring men to work the phones because they learned that men cook more frequently now but feel uncomfortable asking women for advice. I had a good chuckle at that.
A mounted boar's head to mount on the wall that makes grunting sounds when it's sammich time. But being HN, it'll also have cameras for eyes (3d) and microphones in the ears so that it knows when it is time to re-order more product. Maybe it'll link with Alexa/Siri/GHome with an articulated mouth so that it makes it look like it is Alexa. If you place it where it can see the contents of your fridge and/or pantry, it will be able to automatically order food for you.
The lack of imagination these days... /s
I mean, you do anything for long enough, you get good at it. Especially if you're soliciting feedback from even more people who are doing it.
I think somewhere out there there's a story of a Brita customer support rep tracking down a filtration engineer to get a technical answer to how long one could filter and drink urine for.
If you bought one, your information was shared with the entity ("Radiotjänst") in charge of collecting the mandatory TV fee (funding public service radio and TV programming).
The fee is now collected as tax instead, so that's no longer the case.
Again, think of the grocery store example: you go in, there is a Boar's Head counter where they sell sandwiches. You grab a sandwich and head to the checkout line. You pay the grocery store worker who is wearing a grocery store shirt and get a grocery store receipt that says you just bought a $5 sandwich and used your grocery store loyalty card. Do you expect that Boar's Head will get the details of your loyalty card, which sandwich you bought, what else you bought, etc. even if the back of the receipt says in fine print that the grocery store may share that information with someone?
If Boar's Head had their own clerk and their own cash register you'd be doing business with them. But then it would be clear cut, right? The fact that the grocery store is processing the payments and presenting it as essentially they are reselling Boar's Head products would imply that Boar's Head is not involved in your individual transaction.
If this is a service you are buying from Boar's Head but they simply use the grocery store's cash registers, accounting, inventory, etc. then I would argue it's on the grocery store and Boar's Head to make it crystal clear who you are doing business with, or else you run into situations like this. And if a situation like the one that started this whole debacle happens, their response should be "We are sorry. We never made it crystal clear why we get this information. You see, we are partners with the grocery store and when you buy our delicious sandwiches from your local Piggly Wiggly you are actually doing business with us. We know it's in the grocery store's TOS, but we think it should be clear that you are actually our customer as well when you transact business with them for our goods. This is to provide benefits X, Y, and Z. If you don't want to do business with both Piggly Wiggly and us, here are some alternatives to get our delicious sandwiches elsewhere and some recipes to make your own. In addition, this incident happened because our sales staff was not properly trained on how we should use our customer data. We are going to review our privacy policies and publish an update in six weeks or sooner with what we will be doing going forward. If you have any concerns, please contact me directly. XOXO CEO of Boar's Head."
It's OK for the grocery store to see my data for because I explicitly consented for them to do that when I gave them my name and address when I filled out the loyalty form. Same way that I need to give some info to Azure to create an account, right? They aren't an anonymous service. But it's an active opt-in situation. You give them your info. They don't just take it.
There was much concern, but this isn't THAT different than any other marketplace. Gotta treat it that way.
If we accept that the Ubuntu image is a marketing device then this screen is using dark patterns.
We should praise Apple for not giving our identifying info to app developers.
But where they specifically went wrong? Well one of them was absolutely the way the "point of contact" reached out. If my professional email was shared with you as part of a professional agreement, adding it to a mailing list to sell me on the paid version of what I used for free makes sense. Sending some of those specific details to my personal account, which by the way you aren't sure is actually me, is way over the line. The salesperson personally screwed up big time there for sure.
The other thing is the granularity of the data, and that's also over the line. I read that agreement and think sure - they'll know our company has used their company. But specific actions taken by specific developers? There are users that avoid certain providers like the plague because in some way they're competitive, and even if they trust them not to directly compromise security measures, interfere and steal data - they still don't want a competitive company having insight into their costs, development, traffic, etc. This kills the trust you may have in Microsoft from that standpoint.
In Canonical's statement they never regretted using the information to contact the user. The part they regretted was TELLING the user that they are monitoring the installs and linking those installs to personal contact details.
Canonical promised to improve training to avoid those "poor choice of words", NOT to stop the practice. Basically they will train their staff to make it feel more serendipitous when they just so happen to reach out about selling an enterprise license moments after you install the VM on Azure. Canonical doesn't regret this sales practice and plans to keep using it. That's the scary part in this story.
I mean, is it even possible to buy an Oracle license without Oracle knowing who you are?
A few months ago I spent like a week or two playing with Azure Sentinel -- I'm a contractor for a company that develops some security solutions, and I was trying to see if and how the feature I was working on could be integrated with a SIEM. Sentinel, of course, was one of 'em.
So I do my thing, then a few weeks pass, then out of the blue, one afternoon, my phone rings...
...and there's a Microsoft representative at the other end, asking me what I thought about Sentinel, if I encountered any difficulties with it, what my plans are and so on. She seemed to be working off a full report of my usage, too, as the questions were pretty specific.
Thing is, my total usage of Microsoft Azure Sentinel was on the order of, what, 16-20 hours? spread across several months. I don't think I've issued 50 request in total, and I would've issued less than 5 if Log Analytics didn't take like forever to show my data on the free tier (not that I'm complaining, the price is unbeatable :P). I was on the free tier the whole time, it seemed like such a gimmick that I didn't even bother going through the company I was doing all this for.
Either the Azure team is desperate for customers or they have more salespeople than Oracle has lawyers if they ended up calling a small fish like me.
1. Agent had enough details at hand to confirm that the LinkedIn profile was indeed that of the customer.
2. Access to LinkedIn profile itself (e.g. profile URL).
If 2. how did MS make that association? AFAIK there's no mechanism for the user to connect LinkedIn profile to Azure or vice versa.
P.S. I know MS owns LinkedIn.
What was the poor choice of word?
I get that the whole concept is poor. But what word or words?
(did something that you didn't expect me to see)
That's also why I use Sublime Text instead of VS Code and run a private Gitlab instance instead of developing on Github (barring open-source work, which I do in the open anyway), as I'm pretty sure MSFT will find an excuse to mine my telemetry data for their own benefit eventually.
It's actually legal to send unsolicited spam to business emails sadly.
I don't agree with any of it, it's a violation of trust and burying it in small print doesn't change that. But having people reach out on their personal networks takes the cake.
The negative impact of this goes on his shoulders where the positive responses from this get passed off to someone else who is outside the blast radius.
Stuff like this is the norm when sales is viewed as an extension of marketing ("we need more leads") and not as a function that helps companies coordinate the evaluation and purchase of software ("we need to find out if this is the right fit for them") and the ones who pay the highest price are at the lowest levels when it's executives who are giving the orders.
Well, in this case, people are mad at Azure/MS and Canonical for betraying developer trust, not the individual salesperson. He's just a pawn in the game. It's not like this guy went rogue; this is his job.
The system is setup in a creepy way to enable this type of upselling, which makes people uncomfortable. Whether or not Azure or Canonical change policies, we shall see.
It's still his linkedin profile plastered all over twitter right now though more than Azure's EULA/T&C's.
And indeed the Azure T&C's are definitely referenced a in the Twitter discussion with the OP. Such as:
My reading of this statement is that they are scapegoating the guy.
I really hope he comes out of this unscathed.
The actual quote acknowledges that the company's training and policies are at fault. I'd also expect a scapegoat to be publicly fired or disciplined, did they say that elsewhere?
This was their official statement regarding this matter. They provided this to The Register to defend their actions when this story got written up: https://www.theregister.com/2021/02/11/microsoft_azure_ubunt...
Edit: Yes so just to be clear, according to their official statement they are scapegoating the salesman. They call him a "new Canonical Sales Rep" to imply he isn't experienced and made a mistake. The only responsibility that Canonical took is that they will "review its sales training".
Canonical said that they need to review their policies. To me, this implies that what he did was not against policy.
This is pretty disgusting that someone didn't think to cover his name or image while complaining about what is essentially privacy and having a central beef with two companies. That said, while it's disgusting to me, it can easily be shrugged off as "thoughtless" by others because privacy is not a mainstream concept.
The employee was referred to as a salesperson. Any difference from marketing is pedantic.
As I said no court would ever agree that “I’m your point of contact” is marketing.
I log on there and it's all spam-ish content. And really all I want to know is what people I worked with are doing now / how they're doing....
It's a sickening mess of PR giddiness but unfortunately it's needed to get a job nowadays.
I hate it so much though, never post anything and I only accept people I actually know.
We don't know that
It could also have been that this person, just in the company and wanting to make a sale has used leads he wasn't supposed to act on.
I can definitely see an inexperienced person doing that kind of mistake. Not blaming the guy, he was just trying to do his job and meet his targets.
But I've seen a lot of "stupid" things done by new people at a company with various degrees of "making the customer or other departments annoyed" (in sales and in technical positions)