Your first point is interesting, but I'm no so sure about the second one:
Given certain search strings it should be possible for amazon to detect that this [person] engages in piracy.
Amazon does not see the search as coming from an individual. Rather, the Ubuntu servers act as an intermediary. All Amazon can see is "some unidentifiable Ubuntu user is searching for this". That's hardly something they could report to any authorities.
>All Amazon can see is "some unidentifiable Ubuntu user is searching for this". That's hardly something they could report to any authorities.
It's surprisingly easy to take anonymous search data and figure out who it is. You might remember the mess that happened when AOL released anonymized search data (hint:peoples identities were compromised). http://en.wikipedia.org/wiki/AOL_search_data_leak
Consider the simple example of files that are named after the person doing the search.
Anonymization of queries is really really hard and I see no system academic or otherwise that would protect users from being identified.
For instance if someone were to accidentally click on a link to an amazon product and they had an amazon account it would immediately link the person and the query. Someone downloads a movie, searches for it to find it and then accidentally mistakes the amazon link for the pirated movie.