[Bug 1867424] Re: motd-news transmitting private hardware data without consent or knowledge in background

Richard Harding 1867424 at bugs.launchpad.net
Thu Jun 11 17:33:02 UTC 2020 

Thank you for taking the time to report this issue. As you note, this is
a long-standing feature of Ubuntu that Canonical leverages to help
understand our user base and improve and prioritize work that makes
Ubuntu better for all. I can assure you that all information is GDPR
compliant and that we implement all policies as far as accessing any
such data. For example, as the manager of the Ubuntu Server team, I’ve
never seen the IP address of any Ubuntu user and am unable to map the
installs out there.

As you note, this feature was done transparently, with clear
documentation, and is trivial to disable if anyone is uncomfortable. I
am marking this bug as “Won’t Fix” as it’s a design decision, and while
there are some that do not agree with it and I respect those feelings,
it’s also not something we’re currently planning on changing. This
allows us to make Ubuntu better for everyone and make sure that we’re
doing the best that we can. Thanks.


** Changed in: base-files (Ubuntu)
       Status: Confirmed => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to base-files in Ubuntu.
https://bugs.launchpad.net/bugs/1867424

Title:
  motd-news transmitting private hardware data without consent or
  knowledge in background

Status in base-files package in Ubuntu:
  Won't Fix

Bug description:
  In package base-files there is a script /etc/update-motd.d/50-motd-
  news that harvests private hardware data from the machine and
  transmits it in the background every day.  There is no notice, no
  consent, no nothing.  This should be by default disabled until there
  is informed consent.

  This solution is simple:

  1. Change ENABLED=1 to ENABLED=0 in the file /etc/default/motd-news and 
  2. Place a comment in the file disclosing the fact that the 50-motd-news script will harvest private hardware data and upload it to motd.ubuntu.com daily if the end-user enables it.

  Creating databases that maps ip address to specify hardware is a
  threat to both privacy and security.  If an adversary knows the
  specific hardware and the ip address for that hardware their ability
  to successfully attack it is greatly increased.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/base-files/+bug/1867424/+subscriptions

More information about the foundations-bugs mailing list