Prevent Ubuntu from leaking information to the internet upon loginWhy does the ubuntu-server package depend...
About a little hole in Z'ha'dum
Open a doc from terminal, but not by its name
Why is Arduino resetting while driving motors?
Folder comparison
Could solar power be utilized and substitute coal in the 19th Century
Is it possible to have a strip of cold climate in the middle of a planet?
Visiting the UK as unmarried couple
How do you respond to a colleague from another team when they're wrongly expecting that you'll help them?
Should I stop contributing to retirement accounts?
What is the grammatical term for “‑ed” words like these?
We have a love-hate relationship
How do ground effect vehicles perform turns?
Is XSS in canonical link possible?
THT: What is a squared annular “ring”?
What is the difference between "Do you interest" and "...interested in" something?
Should I install hardwood flooring or cabinets first?
Proof of Lemma: Every nonzero integer can be written as a product of primes
How can Trident be so inexpensive? Will it orbit Triton or just do a (slow) flyby?
Did US corporations pay demonstrators in the German demonstrations against article 13?
Why did the HMS Bounty go back to a time when whales are already rare?
Bob has never been a M before
Can I use my Chinese passport to enter China after I acquired another citizenship?
Why do IPv6 unique local addresses have to have a /48 prefix?
Can I sign legal documents with a smiley face?
Prevent Ubuntu from leaking information to the internet upon login
Why does the ubuntu-server package depend on update-notifier-common?Where does the System Information information come from on login?Why does my Ubuntu 12.04 install not pull this security update?Does java security flaw affects ubuntu also?Is the meta-release upgrade (do-release-upgrade) secure?Upgrade from 12.04lts to 14.04lts login loophow to generate welcome screenPrivacy with Ubuntu PhoneContinious ubuntu malfunctionRun Executable After loginUbuntu 16.04 LTS black screen after login since updating packages with Software Updater
I am surprised to find so little information about what I would consider a serious breach of privacy and security.
It appears ubuntu-report is sending very unique information about your system - like a fingerprint, if not stopped with shell commands. See here: https://www.howtogeek.com/349844/how-to-stop-ubuntu-from-collecting-data-about-your-pc/
update: answer below argues that permission is asked before actually sending this information.
But now, I also frown upon a fresh minimal Ubuntu image connecting to the internet upon login. When logging in to the console, a Message of the Day (MOTD) is displayed. Something like this:
ubuntu login: ubuntu
Password:
Last login: <date>
Welcome to Ubuntu 18.04.1 LTS (...)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of <date>
System load: 0.08 (..)
Usage of /: 4.9% (..)
Get cloud support with Ubuntu Advantage Cloud Guest:
http://www.ubuntu.com/business/services/cloud
0 packages can be updated.
0 updates are security updates.
Failed to connect to https://changelogs.ubuntu.com/meta-release-lts.
Check your Internet connection or proxy settings
Perhaps I am being paranoid, but I think it is unacceptable that a mere login would send anything to the internet. If you do a connection to 'changelogs.ubuntu.com' every time you login on the shell, that can lead to potential security and privacy concerns. Am I the only one who is surprised about this and finds this unacceptable?
My question is: how can I safely use Ubuntu without compromising security or privacy?
In particular, my concern is with sending anything to the internet without permission. I don't want things to automatically connect or check or update to the internet in any way, unless I give the command to do that, with sudo apt update for example.
I tried playing with /etc/update-motd.d scripts but I could not find the script that was the culprit. I am kind of annoyed that I wasted a good hour on this stuff and still don't trust my Ubuntu system with ethernet/internet until this issue is resolved properly.
login security privacy
asked Dec 17 '18 at 7:23
SigridSigrid
62
add a comment |
I am surprised to find so little information about what I would consider a serious breach of privacy and security.
It appears ubuntu-report is sending very unique information about your system - like a fingerprint, if not stopped with shell commands. See here: https://www.howtogeek.com/349844/how-to-stop-ubuntu-from-collecting-data-about-your-pc/
update: answer below argues that permission is asked before actually sending this information.
But now, I also frown upon a fresh minimal Ubuntu image connecting to the internet upon login. When logging in to the console, a Message of the Day (MOTD) is displayed. Something like this:
ubuntu login: ubuntu
Password:
Last login: <date>
Welcome to Ubuntu 18.04.1 LTS (...)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of <date>
System load: 0.08 (..)
Usage of /: 4.9% (..)
Get cloud support with Ubuntu Advantage Cloud Guest:
http://www.ubuntu.com/business/services/cloud
0 packages can be updated.
0 updates are security updates.
Failed to connect to https://changelogs.ubuntu.com/meta-release-lts.
Check your Internet connection or proxy settings
Perhaps I am being paranoid, but I think it is unacceptable that a mere login would send anything to the internet. If you do a connection to 'changelogs.ubuntu.com' every time you login on the shell, that can lead to potential security and privacy concerns. Am I the only one who is surprised about this and finds this unacceptable?
My question is: how can I safely use Ubuntu without compromising security or privacy?
In particular, my concern is with sending anything to the internet without permission. I don't want things to automatically connect or check or update to the internet in any way, unless I give the command to do that, with sudo apt update for example.
I tried playing with /etc/update-motd.d scripts but I could not find the script that was the culprit. I am kind of annoyed that I wasted a good hour on this stuff and still don't trust my Ubuntu system with ethernet/internet until this issue is resolved properly.
login security privacy
asked Dec 17 '18 at 7:23
SigridSigrid
62
2
A mere login does not send anything to anybody. The message of the day and the number of available updates are updated daily by automated services with no relationship with users logging or not logging in. You can easily disable those services.
– AlexP
Dec 17 '18 at 9:59
1
Your question seems to be related to Why does the ubuntu-server package depend on update-notifier-common?
– steeldriver
Dec 17 '18 at 12:46
add a comment |
I am surprised to find so little information about what I would consider a serious breach of privacy and security.
It appears ubuntu-report is sending very unique information about your system - like a fingerprint, if not stopped with shell commands. See here: https://www.howtogeek.com/349844/how-to-stop-ubuntu-from-collecting-data-about-your-pc/
update: answer below argues that permission is asked before actually sending this information.
But now, I also frown upon a fresh minimal Ubuntu image connecting to the internet upon login. When logging in to the console, a Message of the Day (MOTD) is displayed. Something like this:
ubuntu login: ubuntu
Password:
Last login: <date>
Welcome to Ubuntu 18.04.1 LTS (...)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of <date>
System load: 0.08 (..)
Usage of /: 4.9% (..)
Get cloud support with Ubuntu Advantage Cloud Guest:
http://www.ubuntu.com/business/services/cloud
0 packages can be updated.
0 updates are security updates.
Failed to connect to https://changelogs.ubuntu.com/meta-release-lts.
Check your Internet connection or proxy settings
Perhaps I am being paranoid, but I think it is unacceptable that a mere login would send anything to the internet. If you do a connection to 'changelogs.ubuntu.com' every time you login on the shell, that can lead to potential security and privacy concerns. Am I the only one who is surprised about this and finds this unacceptable?
My question is: how can I safely use Ubuntu without compromising security or privacy?
In particular, my concern is with sending anything to the internet without permission. I don't want things to automatically connect or check or update to the internet in any way, unless I give the command to do that, with sudo apt update for example.
I tried playing with /etc/update-motd.d scripts but I could not find the script that was the culprit. I am kind of annoyed that I wasted a good hour on this stuff and still don't trust my Ubuntu system with ethernet/internet until this issue is resolved properly.
login security privacy
asked Dec 17 '18 at 7:23
SigridSigrid
62
I am surprised to find so little information about what I would consider a serious breach of privacy and security.
It appears ubuntu-report is sending very unique information about your system - like a fingerprint, if not stopped with shell commands. See here: https://www.howtogeek.com/349844/how-to-stop-ubuntu-from-collecting-data-about-your-pc/
update: answer below argues that permission is asked before actually sending this information.
But now, I also frown upon a fresh minimal Ubuntu image connecting to the internet upon login. When logging in to the console, a Message of the Day (MOTD) is displayed. Something like this:
ubuntu login: ubuntu
Password:
Last login: <date>
Welcome to Ubuntu 18.04.1 LTS (...)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of <date>
System load: 0.08 (..)
Usage of /: 4.9% (..)
Get cloud support with Ubuntu Advantage Cloud Guest:
http://www.ubuntu.com/business/services/cloud
0 packages can be updated.
0 updates are security updates.
Failed to connect to https://changelogs.ubuntu.com/meta-release-lts.
Check your Internet connection or proxy settings
Perhaps I am being paranoid, but I think it is unacceptable that a mere login would send anything to the internet. If you do a connection to 'changelogs.ubuntu.com' every time you login on the shell, that can lead to potential security and privacy concerns. Am I the only one who is surprised about this and finds this unacceptable?
My question is: how can I safely use Ubuntu without compromising security or privacy?
In particular, my concern is with sending anything to the internet without permission. I don't want things to automatically connect or check or update to the internet in any way, unless I give the command to do that, with sudo apt update for example.
I tried playing with /etc/update-motd.d scripts but I could not find the script that was the culprit. I am kind of annoyed that I wasted a good hour on this stuff and still don't trust my Ubuntu system with ethernet/internet until this issue is resolved properly.
login security privacy
login security privacy
asked Dec 17 '18 at 7:23
SigridSigrid
62
asked Dec 17 '18 at 7:23
SigridSigrid
62
edited Dec 17 '18 at 13:05
Sigrid
asked Dec 17 '18 at 7:23
SigridSigrid
62
asked Dec 17 '18 at 7:23
SigridSigrid
62
asked Dec 17 '18 at 7:23
SigridSigrid
62
62
2
A mere login does not send anything to anybody. The message of the day and the number of available updates are updated daily by automated services with no relationship with users logging or not logging in. You can easily disable those services.
– AlexP
Dec 17 '18 at 9:59
1
Your question seems to be related to Why does the ubuntu-server package depend on update-notifier-common?
– steeldriver
Dec 17 '18 at 12:46
add a comment |
2
A mere login does not send anything to anybody. The message of the day and the number of available updates are updated daily by automated services with no relationship with users logging or not logging in. You can easily disable those services.
– AlexP
Dec 17 '18 at 9:59
1
Your question seems to be related to Why does the ubuntu-server package depend on update-notifier-common?
– steeldriver
Dec 17 '18 at 12:46
2
2
A mere login does not send anything to anybody. The message of the day and the number of available updates are updated daily by automated services with no relationship with users logging or not logging in. You can easily disable those services.
– AlexP
Dec 17 '18 at 9:59
A mere login does not send anything to anybody. The message of the day and the number of available updates are updated daily by automated services with no relationship with users logging or not logging in. You can easily disable those services.
– AlexP
Dec 17 '18 at 9:59
1
1
Your question seems to be related to Why does the ubuntu-server package depend on update-notifier-common?
– steeldriver
Dec 17 '18 at 12:46
Your question seems to be related to Why does the ubuntu-server package depend on update-notifier-common?
– steeldriver
Dec 17 '18 at 12:46
add a comment |
2 Answers
2
active
oldest
votes
Ok this question contains contains some inaccurate information.
- The package Ubuntu Report does not get installed if users uncheck the option during installation.
- Even after giving permission during installation, it again asks for permission before sending any data and let users see the data to be sent and provide with permanent deny option.
- The data it collects is general hardware and OS configuration related data which helps the development of Ubuntu. It does not collect any sensitive data (like IP address or real location). See it's GitHub page for an example.
- The data is completely anonymized (can't be used to identify a single machine) and one time only. It does not send data on every login.
If you do a connection to 'changelogs.ubuntu.com' every time you login on the shell, that can lead to potential security and privacy concerns. Am I the only one who is surprised about this and finds this unacceptable?
I don't know about Ubuntu Server, but I'm pretty sure you can stop checking for updates at shell login. Don't know about the second question, it's just an update check!
I don't want things to automatically connect or check or update to the internet in any way
Not an option on 21st century PC ecosystem. If you want something like that, better use a default-deny firewall or something like that.
answered Dec 17 '18 at 8:41
HattinGokbori87HattinGokbori87
760215
Thanks for your answer! I updated the question to reflect your nuance regardingubuntu-report. Still, I think an opt-in would be better than opt-out. I have had apport send an application crash report simply because I was typing in an application when apport popped op, and my continued typing gave permission to send; not really privacy friendly. Nothing should be sent or even collected, unless there was express permission. That would please privacy-conscious users better.
– Sigrid
Dec 17 '18 at 13:21
Can you please point me to any resources blocking the automatic checking for updates upon login?
– Sigrid
Dec 17 '18 at 13:21
Regarding to your 21st century ecosystem comment; I would think that after Snowden, people would think about data security and privacy as something very important to safeguard against governments and companies from having too much power and knowledge about citizens. Therefore, I would have expected open-source operating systems like Ubuntu to be more friendly to privacy out-of-the-box, such that no 'phoning home' would occur with Ubuntu, unless the user expressly enabled something in the preferences (opt-in) or gave a command to do so.
– Sigrid
Dec 17 '18 at 13:26
2
@Sigrid - Sorry that Ubuntu does not meet your expectations. Merely uninstall theupdate-managerandunattended-upgradepackages, and you will have a never-phone-home system. WARNING: Those packages provide Ubuntu's automatic security upgrades - you will need to start doing those manually and regularly lest your system become vulnerable to published exploits.
– user535733
Dec 17 '18 at 13:55
add a comment |
Every ubuntu desktop installation I have done I noticed it sending data to IPs owned by Canonical by default. This traffic seems to be rather constant. I could swear during the installation I specifically tell it not to send any data back to canonical.
I am about to wipe the Ubuntu install (16.04->18.04) to track an issue not related to this one. for the sake of this thread I will document all the options I selected and then will look at the network traffic.
answered 9 mins ago
RaubvogelRaubvogel
14113
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1102491%2fprevent-ubuntu-from-leaking-information-to-the-internet-upon-login%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
Ok this question contains contains some inaccurate information.
- The package Ubuntu Report does not get installed if users uncheck the option during installation.
- Even after giving permission during installation, it again asks for permission before sending any data and let users see the data to be sent and provide with permanent deny option.
- The data it collects is general hardware and OS configuration related data which helps the development of Ubuntu. It does not collect any sensitive data (like IP address or real location). See it's GitHub page for an example.
- The data is completely anonymized (can't be used to identify a single machine) and one time only. It does not send data on every login.
If you do a connection to 'changelogs.ubuntu.com' every time you login on the shell, that can lead to potential security and privacy concerns. Am I the only one who is surprised about this and finds this unacceptable?
I don't know about Ubuntu Server, but I'm pretty sure you can stop checking for updates at shell login. Don't know about the second question, it's just an update check!
I don't want things to automatically connect or check or update to the internet in any way
Not an option on 21st century PC ecosystem. If you want something like that, better use a default-deny firewall or something like that.
answered Dec 17 '18 at 8:41
HattinGokbori87HattinGokbori87
760215
Thanks for your answer! I updated the question to reflect your nuance regardingubuntu-report. Still, I think an opt-in would be better than opt-out. I have had apport send an application crash report simply because I was typing in an application when apport popped op, and my continued typing gave permission to send; not really privacy friendly. Nothing should be sent or even collected, unless there was express permission. That would please privacy-conscious users better.
– Sigrid
Dec 17 '18 at 13:21
Can you please point me to any resources blocking the automatic checking for updates upon login?
– Sigrid
Dec 17 '18 at 13:21
Regarding to your 21st century ecosystem comment; I would think that after Snowden, people would think about data security and privacy as something very important to safeguard against governments and companies from having too much power and knowledge about citizens. Therefore, I would have expected open-source operating systems like Ubuntu to be more friendly to privacy out-of-the-box, such that no 'phoning home' would occur with Ubuntu, unless the user expressly enabled something in the preferences (opt-in) or gave a command to do so.
– Sigrid
Dec 17 '18 at 13:26
2
@Sigrid - Sorry that Ubuntu does not meet your expectations. Merely uninstall theupdate-managerandunattended-upgradepackages, and you will have a never-phone-home system. WARNING: Those packages provide Ubuntu's automatic security upgrades - you will need to start doing those manually and regularly lest your system become vulnerable to published exploits.
– user535733
Dec 17 '18 at 13:55
add a comment |
Ok this question contains contains some inaccurate information.
- The package Ubuntu Report does not get installed if users uncheck the option during installation.
- Even after giving permission during installation, it again asks for permission before sending any data and let users see the data to be sent and provide with permanent deny option.
- The data it collects is general hardware and OS configuration related data which helps the development of Ubuntu. It does not collect any sensitive data (like IP address or real location). See it's GitHub page for an example.
- The data is completely anonymized (can't be used to identify a single machine) and one time only. It does not send data on every login.
If you do a connection to 'changelogs.ubuntu.com' every time you login on the shell, that can lead to potential security and privacy concerns. Am I the only one who is surprised about this and finds this unacceptable?
I don't know about Ubuntu Server, but I'm pretty sure you can stop checking for updates at shell login. Don't know about the second question, it's just an update check!
I don't want things to automatically connect or check or update to the internet in any way
Not an option on 21st century PC ecosystem. If you want something like that, better use a default-deny firewall or something like that.
answered Dec 17 '18 at 8:41
HattinGokbori87HattinGokbori87
760215
Thanks for your answer! I updated the question to reflect your nuance regardingubuntu-report. Still, I think an opt-in would be better than opt-out. I have had apport send an application crash report simply because I was typing in an application when apport popped op, and my continued typing gave permission to send; not really privacy friendly. Nothing should be sent or even collected, unless there was express permission. That would please privacy-conscious users better.
– Sigrid
Dec 17 '18 at 13:21
Can you please point me to any resources blocking the automatic checking for updates upon login?
– Sigrid
Dec 17 '18 at 13:21
Regarding to your 21st century ecosystem comment; I would think that after Snowden, people would think about data security and privacy as something very important to safeguard against governments and companies from having too much power and knowledge about citizens. Therefore, I would have expected open-source operating systems like Ubuntu to be more friendly to privacy out-of-the-box, such that no 'phoning home' would occur with Ubuntu, unless the user expressly enabled something in the preferences (opt-in) or gave a command to do so.
– Sigrid
Dec 17 '18 at 13:26
2
@Sigrid - Sorry that Ubuntu does not meet your expectations. Merely uninstall theupdate-managerandunattended-upgradepackages, and you will have a never-phone-home system. WARNING: Those packages provide Ubuntu's automatic security upgrades - you will need to start doing those manually and regularly lest your system become vulnerable to published exploits.
– user535733
Dec 17 '18 at 13:55
add a comment |
Ok this question contains contains some inaccurate information.
- The package Ubuntu Report does not get installed if users uncheck the option during installation.
- Even after giving permission during installation, it again asks for permission before sending any data and let users see the data to be sent and provide with permanent deny option.
- The data it collects is general hardware and OS configuration related data which helps the development of Ubuntu. It does not collect any sensitive data (like IP address or real location). See it's GitHub page for an example.
- The data is completely anonymized (can't be used to identify a single machine) and one time only. It does not send data on every login.
If you do a connection to 'changelogs.ubuntu.com' every time you login on the shell, that can lead to potential security and privacy concerns. Am I the only one who is surprised about this and finds this unacceptable?
I don't know about Ubuntu Server, but I'm pretty sure you can stop checking for updates at shell login. Don't know about the second question, it's just an update check!
I don't want things to automatically connect or check or update to the internet in any way
Not an option on 21st century PC ecosystem. If you want something like that, better use a default-deny firewall or something like that.
answered Dec 17 '18 at 8:41
HattinGokbori87HattinGokbori87
760215
Ok this question contains contains some inaccurate information.
- The package Ubuntu Report does not get installed if users uncheck the option during installation.
- Even after giving permission during installation, it again asks for permission before sending any data and let users see the data to be sent and provide with permanent deny option.
- The data it collects is general hardware and OS configuration related data which helps the development of Ubuntu. It does not collect any sensitive data (like IP address or real location). See it's GitHub page for an example.
- The data is completely anonymized (can't be used to identify a single machine) and one time only. It does not send data on every login.
If you do a connection to 'changelogs.ubuntu.com' every time you login on the shell, that can lead to potential security and privacy concerns. Am I the only one who is surprised about this and finds this unacceptable?
I don't know about Ubuntu Server, but I'm pretty sure you can stop checking for updates at shell login. Don't know about the second question, it's just an update check!
I don't want things to automatically connect or check or update to the internet in any way
Not an option on 21st century PC ecosystem. If you want something like that, better use a default-deny firewall or something like that.
answered Dec 17 '18 at 8:41
HattinGokbori87HattinGokbori87
760215
edited Dec 17 '18 at 17:54
answered Dec 17 '18 at 8:41
HattinGokbori87HattinGokbori87
760215
answered Dec 17 '18 at 8:41
HattinGokbori87HattinGokbori87
760215
answered Dec 17 '18 at 8:41
HattinGokbori87HattinGokbori87
760215
760215
Thanks for your answer! I updated the question to reflect your nuance regardingubuntu-report. Still, I think an opt-in would be better than opt-out. I have had apport send an application crash report simply because I was typing in an application when apport popped op, and my continued typing gave permission to send; not really privacy friendly. Nothing should be sent or even collected, unless there was express permission. That would please privacy-conscious users better.
– Sigrid
Dec 17 '18 at 13:21
Can you please point me to any resources blocking the automatic checking for updates upon login?
– Sigrid
Dec 17 '18 at 13:21
Regarding to your 21st century ecosystem comment; I would think that after Snowden, people would think about data security and privacy as something very important to safeguard against governments and companies from having too much power and knowledge about citizens. Therefore, I would have expected open-source operating systems like Ubuntu to be more friendly to privacy out-of-the-box, such that no 'phoning home' would occur with Ubuntu, unless the user expressly enabled something in the preferences (opt-in) or gave a command to do so.
– Sigrid
Dec 17 '18 at 13:26
2
@Sigrid - Sorry that Ubuntu does not meet your expectations. Merely uninstall theupdate-managerandunattended-upgradepackages, and you will have a never-phone-home system. WARNING: Those packages provide Ubuntu's automatic security upgrades - you will need to start doing those manually and regularly lest your system become vulnerable to published exploits.
– user535733
Dec 17 '18 at 13:55
add a comment |
Thanks for your answer! I updated the question to reflect your nuance regardingubuntu-report. Still, I think an opt-in would be better than opt-out. I have had apport send an application crash report simply because I was typing in an application when apport popped op, and my continued typing gave permission to send; not really privacy friendly. Nothing should be sent or even collected, unless there was express permission. That would please privacy-conscious users better.
– Sigrid
Dec 17 '18 at 13:21
Can you please point me to any resources blocking the automatic checking for updates upon login?
– Sigrid
Dec 17 '18 at 13:21
Regarding to your 21st century ecosystem comment; I would think that after Snowden, people would think about data security and privacy as something very important to safeguard against governments and companies from having too much power and knowledge about citizens. Therefore, I would have expected open-source operating systems like Ubuntu to be more friendly to privacy out-of-the-box, such that no 'phoning home' would occur with Ubuntu, unless the user expressly enabled something in the preferences (opt-in) or gave a command to do so.
– Sigrid
Dec 17 '18 at 13:26
2
@Sigrid - Sorry that Ubuntu does not meet your expectations. Merely uninstall theupdate-managerandunattended-upgradepackages, and you will have a never-phone-home system. WARNING: Those packages provide Ubuntu's automatic security upgrades - you will need to start doing those manually and regularly lest your system become vulnerable to published exploits.
– user535733
Dec 17 '18 at 13:55
Thanks for your answer! I updated the question to reflect your nuance regarding
ubuntu-report. Still, I think an opt-in would be better than opt-out. I have had apport send an application crash report simply because I was typing in an application when apport popped op, and my continued typing gave permission to send; not really privacy friendly. Nothing should be sent or even collected, unless there was express permission. That would please privacy-conscious users better.– Sigrid
Dec 17 '18 at 13:21
Thanks for your answer! I updated the question to reflect your nuance regarding
ubuntu-report. Still, I think an opt-in would be better than opt-out. I have had apport send an application crash report simply because I was typing in an application when apport popped op, and my continued typing gave permission to send; not really privacy friendly. Nothing should be sent or even collected, unless there was express permission. That would please privacy-conscious users better.– Sigrid
Dec 17 '18 at 13:21
Can you please point me to any resources blocking the automatic checking for updates upon login?
– Sigrid
Dec 17 '18 at 13:21
Can you please point me to any resources blocking the automatic checking for updates upon login?
– Sigrid
Dec 17 '18 at 13:21
Regarding to your 21st century ecosystem comment; I would think that after Snowden, people would think about data security and privacy as something very important to safeguard against governments and companies from having too much power and knowledge about citizens. Therefore, I would have expected open-source operating systems like Ubuntu to be more friendly to privacy out-of-the-box, such that no 'phoning home' would occur with Ubuntu, unless the user expressly enabled something in the preferences (opt-in) or gave a command to do so.
– Sigrid
Dec 17 '18 at 13:26
Regarding to your 21st century ecosystem comment; I would think that after Snowden, people would think about data security and privacy as something very important to safeguard against governments and companies from having too much power and knowledge about citizens. Therefore, I would have expected open-source operating systems like Ubuntu to be more friendly to privacy out-of-the-box, such that no 'phoning home' would occur with Ubuntu, unless the user expressly enabled something in the preferences (opt-in) or gave a command to do so.
– Sigrid
Dec 17 '18 at 13:26
2
2
@Sigrid - Sorry that Ubuntu does not meet your expectations. Merely uninstall the
update-manager and unattended-upgrade packages, and you will have a never-phone-home system. WARNING: Those packages provide Ubuntu's automatic security upgrades - you will need to start doing those manually and regularly lest your system become vulnerable to published exploits.– user535733
Dec 17 '18 at 13:55
@Sigrid - Sorry that Ubuntu does not meet your expectations. Merely uninstall the
update-manager and unattended-upgrade packages, and you will have a never-phone-home system. WARNING: Those packages provide Ubuntu's automatic security upgrades - you will need to start doing those manually and regularly lest your system become vulnerable to published exploits.– user535733
Dec 17 '18 at 13:55
add a comment |
Every ubuntu desktop installation I have done I noticed it sending data to IPs owned by Canonical by default. This traffic seems to be rather constant. I could swear during the installation I specifically tell it not to send any data back to canonical.
I am about to wipe the Ubuntu install (16.04->18.04) to track an issue not related to this one. for the sake of this thread I will document all the options I selected and then will look at the network traffic.
answered 9 mins ago
RaubvogelRaubvogel
14113
add a comment |
Every ubuntu desktop installation I have done I noticed it sending data to IPs owned by Canonical by default. This traffic seems to be rather constant. I could swear during the installation I specifically tell it not to send any data back to canonical.
I am about to wipe the Ubuntu install (16.04->18.04) to track an issue not related to this one. for the sake of this thread I will document all the options I selected and then will look at the network traffic.
answered 9 mins ago
RaubvogelRaubvogel
14113
add a comment |
Every ubuntu desktop installation I have done I noticed it sending data to IPs owned by Canonical by default. This traffic seems to be rather constant. I could swear during the installation I specifically tell it not to send any data back to canonical.
I am about to wipe the Ubuntu install (16.04->18.04) to track an issue not related to this one. for the sake of this thread I will document all the options I selected and then will look at the network traffic.
answered 9 mins ago
RaubvogelRaubvogel
14113
Every ubuntu desktop installation I have done I noticed it sending data to IPs owned by Canonical by default. This traffic seems to be rather constant. I could swear during the installation I specifically tell it not to send any data back to canonical.
I am about to wipe the Ubuntu install (16.04->18.04) to track an issue not related to this one. for the sake of this thread I will document all the options I selected and then will look at the network traffic.
answered 9 mins ago
RaubvogelRaubvogel
14113
answered 9 mins ago
RaubvogelRaubvogel
14113
answered 9 mins ago
RaubvogelRaubvogel
14113
answered 9 mins ago
RaubvogelRaubvogel
14113
14113
add a comment |
add a comment |
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1102491%2fprevent-ubuntu-from-leaking-information-to-the-internet-upon-login%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
2
A mere login does not send anything to anybody. The message of the day and the number of available updates are updated daily by automated services with no relationship with users logging or not logging in. You can easily disable those services.
– AlexP
Dec 17 '18 at 9:59
1
Your question seems to be related to Why does the ubuntu-server package depend on update-notifier-common?
– steeldriver
Dec 17 '18 at 12:46