Ubuntu's New Firefox Is Watching You

sukotto writes "Ubuntu recently released an unannounced and experimental 'multisearch' extension to Firefox alpha 3, apparently in an effort to improve the default behavior of new tabs and of search. In a response to one of the initial bug reports the maintainers mentioned that the extension's other purposes were 'collecting the usage data' and 'generating revenue.' Since this extension installs by itself and offers no warning about potential privacy violations, quite a few people (myself included) feel pretty unhappy. The only way to opt out is to disable the extension manually via Tools > Add-ons." Most posters to this Ubuntu forum thread are not happy about multisearch.

Not new

[sopssa]

This is not actually far away from how Firefox generates its revenue too - from ad clicks in Google search and by direct sponsoring from Google.

The two main ways to monetarize and support OSS projects is giving support and ads. In the later case you always lose some of your privacy. Developing Linux and its distro's need money aswell. You could choose a distro that is financed in other way (maybe by you), use commercial software that doesn't do this or be fine with generating some ad income to support the development. "Perfect" package is usually impossible to obtain because of financial limitations.

Google is build completely around this model too and it seems to work good for them - even if people lose some of their privacy. Hell, slashdot is maintained by ad revenue too. Another distro that also does same kind of stuff is Linux Mint.

Its nothing new, but it might surprise those who believe in pure, not-revenue-generating OSS. It's how the free for user projects are financed.

Big projects need funding

[Anonymous Coward]

There's no point denying it: Big projects need funding. Funding creates dependencies. Since there is no way around the need for funding, it is of utmost importance that dependencies and privacy implications are disclosed. So Ubuntu: FAIL.

Re:Not new

[SBrach]

WTF. Way to give Mozilla a free pass because it's OSS. You know, I use both open source and closed source software but I guess I am the only one who judges both by the same standard. What an asshole I am huh.

Re:Not new

[elzurawka]

The difference is that we all know that Google is a giant Advertiser.
Most people are under the impression that Ubuntu is a free OS, not an Ad Sponsored/Data mining revenue oriented OS.

Outrage calibration

[jpmorgan]

Well, here's the outrage [slashdot.org] from when Microsoft slipped the .NET Framework Assistant into Firefox without asking. Adjust your outrage accordingly...

Free as in speech

[tepples]

Most people are under the impression that Ubuntu is a free OS, not an Ad Sponsored/Data mining revenue oriented OS.

Canonical is Free to distribute a computer program that watches how people use it as long as people who use the program know what's going on. But because Firefox/Iceweasel/whatever is free software, you are also Free to download the source code, rip out the data mining, and rebuild it, or to hire someone to do so for you.

Re:Not new

[Anonymous Coward]

The add-on doesn't bother me.

Installing it without any notification does.

I work for a company which has standardized on Ubuntu, but I'm pushing for them to switch to CentOS. This is just another bullet in my arsenal.

Re:Free as in speech

[Henry V .009]

All true statements, but pointless because you left out at least one freedom: people are also free to complain until Ubuntu does something about it to save their brand.

Browsers.

[saintlupus]

Epiphany is available in Ubuntu -- it also looks a hell of a lot nicer with GNOME than FF does. Give it a try.

--saint

Re:Outrage calibration

[SBrach]

Right, people were outraged Microsoft installed a .net plugin but it is ok for Ubuntu to datamine my Firefox activities because it is free and I need to pay for it somehow. That is basically what the OP was saying. Thats bullshit.

Re:Vanilla Firefox Build

[snl2587]

Maybe I'm misinterpreting the summary, but isn't the multisearch deal part of the Ubuntu add-on, not Firefox itself?

Re:Do not panic

[SilverHatHacker]

Perhaps I didn't word that quite right.

The multisearch add-on was only intended for the pre-release versions, as part of a research project. It is very unlikely that it will be included in the final Karmic release in the same form as its current incarnation.

There, fixed that for me.
My point was, anyway, that the Ubuntu devs didn't intend to make this Multisearch a part of Firefox as we know it. Some of the same concepts, maybe, but they will assuredly be more fleshed out, more intuitive, than in the Alphas. And next time, maybe they'll tell us first?

Re:Outrage calibration

[Shakrai]

Both are annoying but one is a lesser evil

The lesser of two evils is still evil.

Re:Free as in speech

[mattventura]

It's not just that they are doing that, but that they do so without warning. Of course they are free to put that in their software, and you have every right to disable it, but (from my understanding) they are doing this without telling the user. So how would you know to disable it if you didn't know it existed?

Re:Not new

[Paaskonijn]

Here's what the Linux Mint's lead developer had to say when they did the same thing:

The highest single source of revenue for Linux Mint isn't the donations, it isn't ads on the website, it is the default start page in Firefox. This simple search plugin is estimated to generated from 2 to 40 times more money than the start page itself.

(source [linuxmint.com])

I know I won't be disabling this extension. It's a no-effort, free-as-in-beer way of supporting my favourite OS.

Re:Free as in speech

[Abreu]

Canonical is Free to distribute a computer program that watches how people use it as long as people who use the program know what's going on. But because Firefox/Iceweasel/whatever is free software, you are also Free to download the source code, rip out the data mining, and rebuild it, or to hire someone to do so for you.

Emphasis mine.

The problem here is that Canonical did not ask for permission.

For the record, I would be perfectly willing to use a reasonably private datamining program to support Ubuntu, as long as everyone is clearly informed on what it can do and what it can't.

Re:Outrage calibration

[Darkness404]

But you have to realize that the reason why people use Ubuntu is because it is pre-configured and you don't have to do much to get it how you wanted. Ubuntu wasn't much "better" than Debian, other than the fact it had regular releases and was pre-configured. If Ubuntu stops being pre-configured how most people like it, it will stop being used. This is a suicidal move for Ubuntu which has been losing mindshare after the 8.10 and 9.04 releases which dumbed-down the distro to a new low (the annoying update window which pops up as a window, removing the useful CTRL+ALT+Backspace shortcut, the notification boxes that can't be quickly closed, etc). Ubuntu needs all the good press they can get, I don't understand why they would risk it.

Re:Not new

[Score Whore]

Lots of people like sex. Very few people like to be raped. The difference is in the consent. Same situation here.

And so it begins...

[spectro]

Ok, I guess is time to start looking at alternatives. Not saying I will switch but I better keep options open.

Any user-friendly, easy to install linux distribution like Ubuntu around? (Fedora need not to apply, btw)

Preferably one without that pulseaudio crap installed by default...

Re:Not new

[idlemachine]

I know I won't be disabling this extension. It's a no-effort, free-as-in-beer way of supporting my favourite OS.

You don't think Canonical should have asked for your permission first?

Re:Free as in speech

[tepples]

Why is it that when MS releases something, everyone darkly talks about hidden backdoors, but when an open source vendor releases someone, people complain that the vendor wasn't completely forthcoming in the release notes?

Because not everybody has the skill and time to decipher megabytes of source code, especially potentially obfuscated source code. Nor does everybody have the money to hire someone to do so. Also because free software is the relative newcomer and it has to be better in order to displace its entrenched proprietary counterparts.

Re:Outrage calibration

[Anonymous Coward]

There is nothing the least bit evil about the .NET extension, autistic man-children just threw a bitchfit because the word "Microsoft" makes them confused and angry.

Notice the lack of anger about the intrusive Apple QuickTime plugin, which fucks over Firefox's MIME handling and is practically impossible to remove.

Re:Outrage calibration

[thetoadwarrior]

The only things I have an issue with are those I can't remove.

That included the .net extension (not an issue now), that still includes IE and, while Bonjour is removable, it's not as easy as it should be so that's something else I hate.

It's not my fault that the only two things that are/were impossible to remove were from MS. It just proves that their more morally corrupt than other companies. Apple isn't much better but they are better.

Re:Outrage calibration

[gd2shoe]

I have a problem anytime someone loads software on my machine without my permission. I decide what is an acceptable security/privacy risk - no one else. For example, if I give MS permission to update their broken OS, I'm not giving them permission to add security vulnerabilities to my browser. I don't know about this Ubuntu issue, but people are trying to make it sound similar, and I have sympathy (at least for the moment).

Re:Free as in speech

[xenocide2]

Personally, I think it's a bit creepy for Canonical to capture revenues from whatever is installed in Firefox. There's significant participation from outside Canonical -- what prevents an Ubuntu Developer not affiliated with Canonical from taking the relatively simple steps to sell other changes to the highest bidder? Imagine if a Liferea maintainer started accepting payments to include feeds by default. What stops another developer from removing them and placing their own paid feeds?

Its hard to come up with examples because very few open source programs are prepared for adware; it's mostly web related stuff.

Re:Outrage calibration

[sumdumass]

I think one of the main differences is that MS did it when installing something completely unrelated. Why would you think that Firefox would be altered for a dot net installation? However, for a Firefox installation you would expect Firefox to be altered.

However, there should be outrage over the actions or behavior of the plugin. I just don't think it is the same thing.

Re:Outrage calibration

[gad_zuki!]

Part of the problem, if not the larger problem, is the ability to install extensions in FF without being able to remove them. Thats a FF feature. Why is it even there? The MS devs saw it and chose it because they probably didnt want end users screwing up .net too easily. If you want the power to do an easy GUI-based uninstall you need to tell the Firefox people to do so. That will stop further abuse of this feature.

Re:Outrage calibration

[gad_zuki!]

>What about Bittorrent's "stealth" firefox add-on?

Or the quicktime add-on that screws over the MIME settings?

I really wish slashdot was a more even keeled place. Its anti-MS all the time, which takes away time from other offenders, many of which are much more serious.

The Real Issue

[Apreche]

I don't think anyone begrudges Ubuntu taking advantage of a perfectly acceptable revenue model. That's not the problem here.

The problem is that Ubuntu is shipping a modified version of Firefox instead of the default Firefox shipped by Mozilla. Sure, both Ubuntu and Debian ship patched versions of just about every package they include in the repository. But the overwhelming majority of those patches don't noticeably effect the user experience.

Firefox, on the other hand, is pretty much the #1 most important part of the user experience in Ubuntu. It's the application most people are going to use more than anything else. In fact, after Ubuntu is installed, the user will probably spend more time interacting with Firefox than with all the rest of Ubuntu combined. It's not inaccurate to say it's a Firefox machine, as opposed to an Ubuntu or Linux machine.

Since Firefox is the most important part of the user experience, the users don't want Firefox changed in any way. They want the default Firefox as shipped by Mozilla. They don't want the named changed to Shiretoko or IceWeasel. They don't want the icons changed. They don't want weird extensions that change behaviour. They also don't want updates to come from Ubuntu repositories, as they do for every other package. They want the newest version of Firefox from Mozilla at the exact moment that Mozilla ships it.

I understand the reasoning behind Ubuntu and Debians policies, but I think it is obvious that Firefox trumps Ubuntu. They should make a special exception for it. Just ship the raw Firefox as released by Mozilla. Don't modify it in any way whatsoever. The world is just getting more browser centric. The operating system is just the code that talks between the browser and the hardware. You can do anything you want to the OS, but don't touch the browser or you'll lose all the users you worked so hard to gain.

Re:Not new

[Knuckles]

The add-on doesn't bother me.

Installing it without any notification does.

I work for a company which has standardized on Ubuntu, but I'm pushing for them to switch to CentOS. This is just another bullet in my arsenal.

So you were planning to install Alpha 3 in your company?

Whoa, now. Hold on a second!!

[Runaway1956]

The FIRST thing I did was to look at my Firefox to see if I had this search function. Nada. I opened up Synaptic to see if it were available. Nope.

So, I checked out the links offered in the article.

WHOOO-HOOO!!

We are talking about an ALPHA thingamabob. Alpha. Test stuff. Meaning that, the people who have the addon VOLUNTEERED to install and TEST the thing.

TFA is a little bit of grandstanding by a drama llama. This addon is going to be tested, the community will determine if it's useful, and whether it should be modified. Unless you CHOOSE to VOLUNTEER to use this thing, you won't even see it for some time come. At which point in time, you will have a CHOICE as to whether to install it.

FUD me!! I spent 5 minutes of my remaining life looking at a total non-issue.

Re:Outrage calibration

[jim_v2000]

That's stupid. Do you stop and check which files and registry entries that every program that YOU install/update places on your system? Oh, you don't? And you install them anyway? Oh, well then you ARE giving them permission to install all that stuff.

Re:Not new

[jim_v2000]

God damn...is this reddit or something? YOUR BROWSER ISN'T COLLECTING ANYTHING. You do a Google search through the Ubuntu Google page, and then Canonical can see some aggregate usage data with Google's tools. The browser isn't doing anything other than what it normally does. Don't be a fucking drama queen.

Re:Outrage calibration

[Anonymous Coward]

The picture is a little fuzzier when you consider Windows 7, which comes with .NET 3.5, and yes the plugin does magically appear. And of course some games will install it too.

Long as it's uninstallable if I don't want it, that's just fine, it's MS treating FF as a first-class peer of IE as far as I'm concerned. Definitely not worth the hysteria.

some choice words on software installer EQs

[epine]

The level of skill it implies, the time and the money, is out of reach of any ordinary user.

This would be an extraordinarily hard sentiment to formally define. How far back in history does one need to go to say the same about literacy? How far would one need to travel in the present world? Long before your definition reaches bedrock, it all becomes relative to a social construct.

Two of the great innovations of our number system (positional representation, and the digit zero) were incredible aids to making numeracy less "out of reach" for ever larger segments of the population.

The upward swing of the innovation cycle is making the dog walk in the first place, however badly. If the technology becomes pervasive, this is followed by the outward swing, making the technology ordinary. This point was also neglected by the post who suggested that open source needs to be better than closed source to overcome the adoption hurdle. But that only applies in the boost phase of the innovation cycle, not to ball point pens.

The desktop OS is halfway through the commoditization cycle already. For a broad audience, the browser already matters more. Decisions are increasingly driven not by what is best, but by what is most hassle free. Cost is not driving the bus. There are some pieces of software offered with no monetary cost I won't install because the software doesn't do enough for me to justify reading the license agreement, and the organization hasn't maintained a reputation where I'm willing to install the software on trust. (Ubuntu seems to be actively scouting the boundary with this latest move.)

Speaking of licenses, IANAL => literacy ain't worth much. The governing rules of society are out of reach to those governed. So that's what "out of reach" gets you as a debating tactic: absolutely nothing. Out of reach is not merely taken for granted, it's a governing principle.

The hassle factor is asserting control over the behaviour of our installed software has less to do with the learning the C language and more to do with byproducts of the software engineering life cycle. We're at the point in the innovation cycle where invention of the digit zero would be incredibly welcome.

The problem is that our software has an emotional IQ which in the animal kingdom would be dead square in the quadrant "too dumb to live".

A mother bear gets a bit testy about the space between herself and her bear cubs. I get a mite testy about a software installer shuffling around a system configuration that was carefully tweaked. To cite the most extreme example, I once lost nearly a month in a software development process because some stupid Microsoft JET accessory (don't ask) swapped a defective DLL in place of a DLL I had carefully chosen to be compatible with some other quirky POS (thanks, Microsoft).

In the animal kingdom, you take one look at momma bear, then you consider your survival odds if she gets testy about your next foot step. This the emotional IQ our software needs to develop. This is difficult at the present moment, because my software is blind: it doesn't know who the fuck I am. It doesn't know I have "bad mother fucker" tattooed on my wallet. (Note to the Sun Java installer: the next time you install the Yahoo toolbar because I forget to click off the Yahoo button--after clicking it off 13 out of 15 times already--I'm going to rip out your giblets and engage in a pagan ritual.)

This blindness is a byproduct of an inferior technology: our software engineering and release life cycle. As software engineers, we haven't yet figured out how to function effectively in a world where _every_ end user software install takes into account a personality profile of the software victim.

Testiness factors

1. maybe it's cool
2. what the heck is a DLL and why should I care? ...
5. don't mess with it if I don't understand it ...
10. mother bear
11. Godzilla

Having lived through

Re:Outrage calibration

[Miseph]

Lack? that thing pisses me off. I honestly couldn't care any less about the .Net plugin, I'm a teensy bit miffed that installed without so much as asking, but at least it didn't FUBAR my media settings and force all .mpg and .avi files to attempt to play in-browser through their shitty plugin that doesn't even work and throws a thousand error messages every time, rather than do what I actually want (open and play in VLC). Maybe I'd be pissed about Microsoft's stealth plugin if I had some other awesome way of running .Net web-apps, but I honestly can't think of any that I have even seen, let alone actually use or would care how they open.

Oh yeah, I call bullshit on Ubuntu. They shouldn't have stealthed that in, and because they didn't I will uninstall it ASAP (once I reboot into Ubuntu, that is). If they had announced it, even put a little window on the screen asking if it would be ok to install it, pretty pretty please with sugar on top, we promise it won't hurt and it will help us generate some revenue so that we can keep working on the project... I honestly would have said yes. I wouldn't really mind if they collect some data and make money off of it so long as it doesn't noticeably degrade performance and so long as they told me about it first, but that doesn't mean I take kindly to anyone presuming it's ok for them to do so without my knowledge and permission.

Re:Outrage calibration

[gd2shoe]

You're being absurd. You might as well ask me if I do a full hand trace of each byte of compiled machine code. (including the OS)

How would I reasonably check such a thing? Do you expect me to run my primary OS on a virtual machine and compare images before and after updates? That's insane. (and that's only the most reasonable approach to your suggestion)

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Outrage calibration

[Knuckles]

Upstream = X.org. Ubuntu 9.04 (Jaunty) has 7.4 [ubuntu.com], while Debian Lenny has 7.3 [debian.org].

I know MS had it, and it would have been a usability nightmare then, except it did not stick out among the many others and it was the 80ies/early 90ies and computing was not mainstream yet.

Re:Outrage calibration

[jim_v2000]

You're analogy is poor. .NET is not installing a different program, it's installing a component of itself into a browser to ensure compatibility/functionality. By the way, Skype does this, NOD32 does this, and other apps do it. You're just flipping shit because this happens to be Microsoft.