1) It's a search box. Stuff not typed in the search box never leaves the machine (unless you count things that do by design, such as web browsers and email, obviously).
2) It's plainly obvious the first time you use it that results are coming back from the Internet. No real user is going to be misled into believing that searches are local. This makes it no more a privacy violation than the default Google search box in Firefox.
2b) There is a prominent notice saying so. If you don't think it's prominent enough, see point 2.
3) It's a search box that didn't exist previously. Canonical invented it. I think it's reasonable for Canonical to create a "search the universe" mechanism on the desktop. Fair enough if you don't like it, or don't want to use it. It's trivial to turn it off (there's even a global Privacy Settings dialog) or to use other searches. But that doesn't suddenly make it a privacy violation; nor the results of your search "ads".
Edit: I should have expected the downvotes. I notice, though, that the downvoters are unable to actually respond to my argument.
1) Yet. When boiling frogs it's best to turn the heat up slowly. Canonical isn't providing a service for free here, they make money mining your searches and sending them to 3rd parties like Amazon. Compare this with its parent distribution's Social Contract.  Especially the phrase "We will be guided by the needs of our users and the free software community. We will place their interests first in our priorities." Note the lack of a profit motive as compared to Canonical's continuous search for monetization schemes.
2) Real users may not realize they have a choice, or that sending searches to 3rd parties is NOT normal in the GNU/Linux world. Ubuntu has intentionally made itself a "My First Linux" distro so many of its users are new to the idea of software freedom and are in need of guidance.
2b) EULA's are no excuse. Did you know that using Adobe Flash prevents you from working on GNU Gnash? It was in the EULA you agreed to.  Everything's confusing during your first *nix experience, the average person probably has a mental list of a dozen things that don't make sense, that's a questionable time to get people to sign off on privacy compromises.
3) Blurring the lines between local and global is interesting. Blurring the lines between Open Source and spyware is not. 
 - http://www.debian.org/social_contract
 - http://www.gnashdev.org/?q=node/25#eula
 - http://www.fsf.org/blogs/rms/ubuntu-spyware-what-to-do
> 1) [profit motive]
The Mozilla Foundation's main source of income is making money through Google searches. If you accept Mozilla in the GNU/Linux world, then you accept this motive on your own terms.
> 2) Real users may not realize they have a choice, or that sending searches to 3rd parties is NOT normal in the GNU/Linux world.
This is a philosophical argument about foisting your own beliefs onto new Ubuntu users. Ubuntu has always been the pragmatic distribution. It gained popularity by making non-free codecs and proprietary drivers easily available. This pragmatism has not changed.
And this still doesn't have anything to do with a claimed privacy violation.
> 2b) EULA's are no excuse.
Which is why I had my point 2: that it is plainly obvious that the search is a global search, and that the query was sent out to the Internet. You don't need to read any notice to see this.
You have not shown that there is any spyware present. That would require some kind of privacy violation.
If Apple felt the need to monetize me every time I typed "Terminal" into Spotlight I'd switch platforms fast.
I think collecting, mining and sharing information about your user-base for money is deeply troubling. We may not have a good word to describe this type of activity but spyware at least gets us in the right neighborhood.
4.5 No Modification or Reverse Engineering. You shall not modify, adapt, translate or create derivative works based upon the Software. You shall not reverse engineer, decompile, disassemble, or otherwise attempt to discover the source code of the Software.
Exactly why they're afraid this would be binding I don't know, IP law is beyond me.
Canonical is providing the operating system for free.
Why should Amazon know what programs and files I'm using?
That still doesn't make it a privacy violation, since you know where your searches are going (as does any other user, since it's obvious based on the results).
> Why should Amazon know what programs and files I'm using?
It makes the normal user's life more convenient since he doesn't need to figure out which box to type something in. You think that's ridiculous? Users are well known for typing web addresses into any box available. They cannot tell the difference. Having a single box for everything makes for a better experience,.
Amazon doesn't know what programs and files you're using, since Canonical anonymizes it. If you don't like it, or you don't trust Canonical, and you still want to use the "search everything" search box, then adjust the settings to do what you want.
On my mac, both spotlight and alfred (the 3rd-party application launcher I use) are capable of searching both my computer and the web, and neither send my file searches to the internet.
OTOH, such users might not be aware that their Amazon searches are collected and data-mined.
You're using the wrong search box if you want to search exclusively for local content. Try hitting Super-A, Super-F or clicking on the applications or files tabs to search locally.
The Unity Dash search box is placed where every user would normally expect a local-only search to happen. There is no reason whatsoever for me to expect the Unity Dash search to return results from the Internet, just like I wouldn't expect the search box in Windows 7 Start Menu to do so.
This kind of behavior that plays with users' expectations is common in UI dark patterns.
Your example with Firefox is misleading, because Firefox is a browser, which automatically creates different expectation of privacy: it is quite normal for a search box in a Web browser to search the Web.
Also, note that you're essentially saying that there is no privacy violation past the first time it happens. This is more or less the equivalent of saying that once you've fallen for an advance fee fraud the first time, it's not a scam anymore.
I disagree that it's prominent enough. So do many other users and you know it, otherwise you wouldn't have bothered to write that second sentence.
None of the dark patterns or privacy violations seen elsewhere existed before they were invented. The fact that they didn't exist before has nothing to do with the intentions behind them or the effects they have. It might be new, you might like it and it might be trivial to turn off, but none of that makes it any less of a privacy violation.
In short, you're using misleading and circular arguments: there's no privacy violation because Canonical changed the behavior of the search box and you should learn to expect it. No wonder you state that the downvoters are "unable" to respond.
This is the default behavior in W8.1, however.
The OS that we all love ^_^ .
Seriously though: from my perspective search results from the internet aren't the problem. Advertisements are.
Linux Mint with it's forced custom search in combination with Ubuntu Unity have the potential to turn the populatiion of 'casual' Linux converts back into Windows users. The question of how a free OS can be free is answered: they show you advertisements, and they put your personal data at risk.
The point is they try to move away from "browser search" to "Oh I need something quickly and I just need to press ctrl/command-F search this". If they do have a button to disable the feature (and assuming they do this properly) there is no violation of privacy. Of course I am sure I would be much happier to opt-out during installation process. That's a topic you have to raise to ubuntu dev. With enough people say fu they will introduce this opt-out.
I think you are wrong about this.
The distinction between local & remote search isn't something that is apparent to many users. Additionally, it isn't at all clear that there should be a distinction.
Many users don't understand the distinction between "applications" and "data" at all, let alone the difference between applications. They just want to find something!
Imagine the scenario where you >search< in a >box< (term) with `grep -inr "pattern" /random/path` and you get results like:
Take it even further. Visit amazon or c@n0nical's site and be welcomed with your hostname. Great, eh? And while you're at it, send all patterns to NSA as well, because, ummm, it's a "search box".
Do you still think that this is not a privacy violation?
C@n0nical has become a pimp.
Seems that many people erased POSIX and privacy from their dictionary.
Is this even an argument? If the box isn't used (crippling the user interface) there is nothing to discuss. You may also argue that if the pc is powered off there aren't privacy problems.
> 2) It's plainly obvious the first time you use it that results are coming back from the Internet.
So discovering that you lost your privacy after the fact is the correct way to be informed?
> 2b) There is a prominent notice saying so. If you don't think it's prominent enough, see point 2.
I think it's not prominent enough, see the answer to the point 2
> 3) It's a search box that didn't exist previously. Canonical invented it. I think it's reasonable for Canonical to create a "search the universe" mechanism on the desktop. Fair enough if you don't like it, or don't want to use it. It's trivial to turn it off (there's even a global Privacy Settings dialog) or to use other searches
Let's break it down
> It's a search box that didn't exist previously. Canonical invented it.
How can this give rights over the users' privacy is beyond me
> I think it's reasonable for Canonical to create a "search the universe" mechanism on the desktop.
Sure, as long the users know beforehand that they are "searching the universe"
> It's trivial to turn it off
Would you like a bath that by default stream what you do over internet? But ehi, "it's trivial to turn it off", so what's the problem? It should be _obviously_ an opt-in
> Edit: I should have expected the downvotes. I notice, though, that the downvoters are unable to actually respond to my argument.
The downvoters are able to respond. Are you unable to read?
The expectation of privacy is the problem here. I don't find omnibox or the unity bar bad per se, I find it a privacy issue if the users don't clearly understand what is going to happen with what they write.
Clear positive opt in - Good
Opt out (even if fairly easy) - clear privacy violation (bad)
The snide comment in your edit earned you a downvote from me.