Hacker News new | comments | ask | show | jobs | submit login

I (still) don't think online searches are a privacy violation.

1) It's a search box. Stuff not typed in the search box never leaves the machine (unless you count things that do by design, such as web browsers and email, obviously).

2) It's plainly obvious the first time you use it that results are coming back from the Internet. No real user is going to be misled into believing that searches are local. This makes it no more a privacy violation than the default Google search box in Firefox.

2b) There is a prominent notice saying so. If you don't think it's prominent enough, see point 2.

3) It's a search box that didn't exist previously. Canonical invented it. I think it's reasonable for Canonical to create a "search the universe" mechanism on the desktop. Fair enough if you don't like it, or don't want to use it. It's trivial to turn it off (there's even a global Privacy Settings dialog) or to use other searches. But that doesn't suddenly make it a privacy violation; nor the results of your search "ads".

Edit: I should have expected the downvotes. I notice, though, that the downvoters are unable to actually respond to my argument.




I'll respond, though I'm sure the reason nobody's responded is they're as tired of this conversation as I am.

1) Yet. When boiling frogs it's best to turn the heat up slowly. Canonical isn't providing a service for free here, they make money mining your searches and sending them to 3rd parties like Amazon. Compare this with its parent distribution's Social Contract. [0] Especially the phrase "We will be guided by the needs of our users and the free software community. We will place their interests first in our priorities." Note the lack of a profit motive as compared to Canonical's continuous search for monetization schemes.

2) Real users may not realize they have a choice, or that sending searches to 3rd parties is NOT normal in the GNU/Linux world. Ubuntu has intentionally made itself a "My First Linux" distro so many of its users are new to the idea of software freedom and are in need of guidance.

2b) EULA's are no excuse. Did you know that using Adobe Flash prevents you from working on GNU Gnash? It was in the EULA you agreed to. [1] Everything's confusing during your first *nix experience, the average person probably has a mental list of a dozen things that don't make sense, that's a questionable time to get people to sign off on privacy compromises.

3) Blurring the lines between local and global is interesting. Blurring the lines between Open Source and spyware is not. [2]

[0] - http://www.debian.org/social_contract [1] - http://www.gnashdev.org/?q=node/25#eula [2] - http://www.fsf.org/blogs/rms/ubuntu-spyware-what-to-do


I said that there is no privacy violation. None of your arguments demonstrate otherwise.

> 1) [profit motive]

The Mozilla Foundation's main source of income is making money through Google searches. If you accept Mozilla in the GNU/Linux world, then you accept this motive on your own terms.

> 2) Real users may not realize they have a choice, or that sending searches to 3rd parties is NOT normal in the GNU/Linux world.

This is a philosophical argument about foisting your own beliefs onto new Ubuntu users. Ubuntu has always been the pragmatic distribution. It gained popularity by making non-free codecs and proprietary drivers easily available. This pragmatism has not changed.

And this still doesn't have anything to do with a claimed privacy violation.

> 2b) EULA's are no excuse.

Which is why I had my point 2: that it is plainly obvious that the search is a global search, and that the query was sent out to the Internet. You don't need to read any notice to see this.

> [spyware]

You have not shown that there is any spyware present. That would require some kind of privacy violation.


There is a big difference between typing "calendar" in Firefox's search box and typing it in the local desktop's search bar. You seem to imply that they're equivalent.

If Apple felt the need to monetize me every time I typed "Terminal" into Spotlight I'd switch platforms fast.


I don't like that the default is to search online as well as locally. But calling it spyware is hyperbole - the interface makes it quite obvious that it's doing a combined online+local search. I'd rather stick to more factual criticisms.


Since we're keeping it factual I accused them of blurring the lines between open source and spyware. I linked to Richard Stallman directly calling it spyware on the Free Software Foundation website.

I think collecting, mining and sharing information about your user-base for money is deeply troubling. We may not have a good word to describe this type of activity but spyware at least gets us in the right neighborhood.


2b) which part of the Adobe Flash EULA prevents you from working on GNU Gnash?


From what I can tell (and I really don't know) it's rooted in Section 4.5:

4.5 No Modification or Reverse Engineering. You shall not modify, adapt, translate or create derivative works based upon the Software. You shall not reverse engineer, decompile, disassemble, or otherwise attempt to discover the source code of the Software.

Exactly why they're afraid this would be binding I don't know, IP law is beyond me.

- http://labs.adobe.com/technologies/eula/flashplayer10.html


>Canonical isn't providing a service for free here

Canonical is providing the operating system for free.


It's a search box that many people will use exclusively to search for _local_ content.

Why should Amazon know what programs and files I'm using?


> It's a search box that many people will use exclusively to search for _local_ content.

That still doesn't make it a privacy violation, since you know where your searches are going (as does any other user, since it's obvious based on the results).

> Why should Amazon know what programs and files I'm using?

It makes the normal user's life more convenient since he doesn't need to figure out which box to type something in. You think that's ridiculous? Users are well known for typing web addresses into any box available. They cannot tell the difference. Having a single box for everything makes for a better experience,.

Amazon doesn't know what programs and files you're using, since Canonical anonymizes it. If you don't like it, or you don't trust Canonical, and you still want to use the "search everything" search box, then adjust the settings to do what you want.


I don't think its a privacy violation, and Canonical has been open about their actions, but I think it's a crummy setup.

On my mac, both spotlight and alfred (the 3rd-party application launcher I use) are capable of searching both my computer and the web, and neither send my file searches to the internet.


crummy setup... oh come on, on your mac spotlight is a bloody binary program and you have no way to check the sources. And you critizice the default configuration of an open source program?


Don't need to see the source, just need to watch the network traffic. The source wouldn't be any additional help anyway, unless you compile it yourself again with a known good compiler on a known good system fresh from read only media.


>Users are well known for typing web addresses into any box available.

OTOH, such users might not be aware that their Amazon searches are collected and data-mined.


> It's a search box that many people will use exclusively to search for _local_ content.

You're using the wrong search box if you want to search exclusively for local content. Try hitting Super-A, Super-F or clicking on the applications or files tabs to search locally.


1) It's a search box. Stuff not typed in the search box never leaves the machine (unless you count things that do by design, such as web browsers and email, obviously).

The Unity Dash search box is placed where every user would normally expect a local-only search to happen. There is no reason whatsoever for me to expect the Unity Dash search to return results from the Internet, just like I wouldn't expect the search box in Windows 7 Start Menu to do so.

This kind of behavior that plays with users' expectations is common in UI dark patterns.

2) It's plainly obvious the first time you use it that results are coming back from the Internet. No real user is going to be misled into believing that searches are local. This makes it no more a privacy violation than the default Google search box in Firefox.

Your example with Firefox is misleading, because Firefox is a browser, which automatically creates different expectation of privacy: it is quite normal for a search box in a Web browser to search the Web.

Also, note that you're essentially saying that there is no privacy violation past the first time it happens. This is more or less the equivalent of saying that once you've fallen for an advance fee fraud the first time, it's not a scam anymore.

2b) There is a prominent notice saying so. If you don't think it's prominent enough, see point 2.

I disagree that it's prominent enough. So do many other users and you know it, otherwise you wouldn't have bothered to write that second sentence.

3) It's a search box that didn't exist previously. Canonical invented it. I think it's reasonable for Canonical to create a "search the universe" mechanism on the desktop. Fair enough if you don't like it, or don't want to use it. It's trivial to turn it off (there's even a global Privacy Settings dialog) or to use other searches. But that doesn't suddenly make it a privacy violation; nor the results of your search "ads".

None of the dark patterns or privacy violations seen elsewhere existed before they were invented. The fact that they didn't exist before has nothing to do with the intentions behind them or the effects they have. It might be new, you might like it and it might be trivial to turn off, but none of that makes it any less of a privacy violation.

In short, you're using misleading and circular arguments: there's no privacy violation because Canonical changed the behavior of the search box and you should learn to expect it. No wonder you state that the downvoters are "unable" to respond.


>There is no reason whatsoever for me to expect the Unity Dash search to return results from the Internet, just like I wouldn't expect the search box in Windows 7 Start Menu to do so.

This is the default behavior in W8.1, however.


> This is the default behavior in W8.1, however.

The OS that we all love ^_^ .

Seriously though: from my perspective search results from the internet aren't the problem. Advertisements are.

Linux Mint with it's forced custom search in combination with Ubuntu Unity have the potential to turn the populatiion of 'casual' Linux converts back into Windows users. The question of how a free OS can be free is answered: they show you advertisements, and they put your personal data at risk.


To your search box point, the search box is to move Ubuntu to the mobile and to the online market just like Android, Apple and even FxOS have a search box directly to either Google search or app search (FxOS does app search of course).

The point is they try to move away from "browser search" to "Oh I need something quickly and I just need to press ctrl/command-F search this". If they do have a button to disable the feature (and assuming they do this properly) there is no violation of privacy. Of course I am sure I would be much happier to opt-out during installation process. That's a topic you have to raise to ubuntu dev. With enough people say fu they will introduce this opt-out.


The Unity Dash search box is placed where every user would normally expect a local-only search to happen. There is no reason whatsoever for me to expect the Unity Dash search to return results from the Internet, just like I wouldn't expect the search box in Windows 7 Start Menu to do so. This kind of behavior that plays with users' expectations is common in UI dark patterns.

I think you are wrong about this.

The distinction between local & remote search isn't something that is apparent to many users. Additionally, it isn't at all clear that there should be a distinction.

Your example with Firefox is misleading, because Firefox is a browser, which automatically creates different expectation of privacy: it is quite normal for a search box in a Web browser to search the Web.

Many users don't understand the distinction between "applications" and "data" at all, let alone the difference between applications. They just want to find something!


> 1) It's a search box. Stuff not typed in the search box never leaves the machine (unless you count things that do by design, such as web browsers and email, obviously).

Imagine the scenario where you >search< in a >box< (term) with `grep -inr "pattern" /random/path` and you get results like:

  ./random/path/file pattern
  ./random/path/file2 pattern
  hxxp://www.amazon.com/product-with-pattern-name
Nice, right? You performed a search. Why not go public? Hell, why not go over plain text?

Take it even further. Visit amazon or c@n0nical's site and be welcomed with your hostname. Great, eh? And while you're at it, send all patterns to NSA as well, because, ummm, it's a "search box".

Do you still think that this is not a privacy violation?

C@n0nical has become a pimp.

Seems that many people erased POSIX and privacy from their dictionary.


> 1) It's a search box. Stuff not typed in the search box never leaves the machine

Is this even an argument? If the box isn't used (crippling the user interface) there is nothing to discuss. You may also argue that if the pc is powered off there aren't privacy problems.

> 2) It's plainly obvious the first time you use it that results are coming back from the Internet.

So discovering that you lost your privacy after the fact is the correct way to be informed?

> 2b) There is a prominent notice saying so. If you don't think it's prominent enough, see point 2.

I think it's not prominent enough, see the answer to the point 2

> 3) It's a search box that didn't exist previously. Canonical invented it. I think it's reasonable for Canonical to create a "search the universe" mechanism on the desktop. Fair enough if you don't like it, or don't want to use it. It's trivial to turn it off (there's even a global Privacy Settings dialog) or to use other searches

Let's break it down

> It's a search box that didn't exist previously. Canonical invented it.

How can this give rights over the users' privacy is beyond me

> I think it's reasonable for Canonical to create a "search the universe" mechanism on the desktop.

Sure, as long the users know beforehand that they are "searching the universe"

> It's trivial to turn it off

Would you like a bath that by default stream what you do over internet? But ehi, "it's trivial to turn it off", so what's the problem? It should be _obviously_ an opt-in

> Edit: I should have expected the downvotes. I notice, though, that the downvoters are unable to actually respond to my argument.

The downvoters are able to respond. Are you unable to read?


Do you have a problem with Google search? Google search as the default page in Mozilla Firefox? The omnibox in Chrome? Search is just a bit more deeply integrated with Ubuntu. The vast majority of users will find it more convenient than they will find it to be an "invasion of privacy". The ones concerned about it will turn it off or boycott Ubuntu.


I have a problem with the omnibox in Chrome, the others are fine. In fact I expect to send my searches to another service when I use Google search and the default page in Mozilla Firefox. I wouldn't expect that every single thing I type in the url bar is sent to Google (omnibox case) and non technical people don't expect it either.

The expectation of privacy is the problem here. I don't find omnibox or the unity bar bad per se, I find it a privacy issue if the users don't clearly understand what is going to happen with what they write.


Does it ask users explicitly before sending desktop search results out from the computer? If not it is privacy invading, it should be opt in. A prominent notice or being obvious it is happening isn't enough especially if there aren't equally prominent options to turn it off.

Clear positive opt in - Good

Opt out (even if fairly easy) - clear privacy violation (bad)

The snide comment in your edit earned you a downvote from me.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: