Prevent Ubuntu from leaking information to the internet upon loginWhy does the ubuntu-server package depend...

About a little hole in Z'ha'dum

Open a doc from terminal, but not by its name

Why is Arduino resetting while driving motors?

Folder comparison

Could solar power be utilized and substitute coal in the 19th Century

Is it possible to have a strip of cold climate in the middle of a planet?

Visiting the UK as unmarried couple

How do you respond to a colleague from another team when they're wrongly expecting that you'll help them?

Should I stop contributing to retirement accounts?

What is the gram­mat­i­cal term for “‑ed” words like these?

We have a love-hate relationship

How do ground effect vehicles perform turns?

Is XSS in canonical link possible?

THT: What is a squared annular “ring”?

What is the difference between "Do you interest" and "...interested in" something?

Should I install hardwood flooring or cabinets first?

Proof of Lemma: Every nonzero integer can be written as a product of primes

How can Trident be so inexpensive? Will it orbit Triton or just do a (slow) flyby?

Did US corporations pay demonstrators in the German demonstrations against article 13?

Why did the HMS Bounty go back to a time when whales are already rare?

Bob has never been a M before

Can I use my Chinese passport to enter China after I acquired another citizenship?

Why do IPv6 unique local addresses have to have a /48 prefix?

Can I sign legal documents with a smiley face?



Prevent Ubuntu from leaking information to the internet upon login


Why does the ubuntu-server package depend on update-notifier-common?Where does the System Information information come from on login?Why does my Ubuntu 12.04 install not pull this security update?Does java security flaw affects ubuntu also?Is the meta-release upgrade (do-release-upgrade) secure?Upgrade from 12.04lts to 14.04lts login loophow to generate welcome screenPrivacy with Ubuntu PhoneContinious ubuntu malfunctionRun Executable After loginUbuntu 16.04 LTS black screen after login since updating packages with Software Updater













-2















I am surprised to find so little information about what I would consider a serious breach of privacy and security.



It appears ubuntu-report is sending very unique information about your system - like a fingerprint, if not stopped with shell commands. See here: https://www.howtogeek.com/349844/how-to-stop-ubuntu-from-collecting-data-about-your-pc/



update: answer below argues that permission is asked before actually sending this information.



But now, I also frown upon a fresh minimal Ubuntu image connecting to the internet upon login. When logging in to the console, a Message of the Day (MOTD) is displayed. Something like this:



ubuntu login: ubuntu

Password:

Last login: <date>

Welcome to Ubuntu 18.04.1 LTS (...)



 * Documentation: https://help.ubuntu.com

 * Management:    https://landscape.canonical.com

 * Support:       https://ubuntu.com/advantage



  System information as of <date>



  System load: 0.08  (..)

  Usage of /: 4.9%  (..)



  Get cloud support with Ubuntu Advantage Cloud Guest:

    http://www.ubuntu.com/business/services/cloud



0 packages can be updated.

0 updates are security updates.



Failed to connect to https://changelogs.ubuntu.com/meta-release-lts. 

Check your Internet connection or proxy settings


Perhaps I am being paranoid, but I think it is unacceptable that a mere login would send anything to the internet. If you do a connection to 'changelogs.ubuntu.com' every time you login on the shell, that can lead to potential security and privacy concerns. Am I the only one who is surprised about this and finds this unacceptable?



My question is: how can I safely use Ubuntu without compromising security or privacy?



In particular, my concern is with sending anything to the internet without permission. I don't want things to automatically connect or check or update to the internet in any way, unless I give the command to do that, with sudo apt update for example.



I tried playing with /etc/update-motd.d scripts but I could not find the script that was the culprit. I am kind of annoyed that I wasted a good hour on this stuff and still don't trust my Ubuntu system with ethernet/internet until this issue is resolved properly.






login security privacy







share|improve this question




















  • 2





    A mere login does not send anything to anybody. The message of the day and the number of available updates are updated daily by automated services with no relationship with users logging or not logging in. You can easily disable those services.

    – AlexP
    Dec 17 '18 at 9:59






  • 1





    Your question seems to be related to Why does the ubuntu-server package depend on update-notifier-common?

    – steeldriver
    Dec 17 '18 at 12:46
















-2















I am surprised to find so little information about what I would consider a serious breach of privacy and security.



It appears ubuntu-report is sending very unique information about your system - like a fingerprint, if not stopped with shell commands. See here: https://www.howtogeek.com/349844/how-to-stop-ubuntu-from-collecting-data-about-your-pc/



update: answer below argues that permission is asked before actually sending this information.



But now, I also frown upon a fresh minimal Ubuntu image connecting to the internet upon login. When logging in to the console, a Message of the Day (MOTD) is displayed. Something like this:



ubuntu login: ubuntu

Password:

Last login: <date>

Welcome to Ubuntu 18.04.1 LTS (...)



 * Documentation: https://help.ubuntu.com

 * Management:    https://landscape.canonical.com

 * Support:       https://ubuntu.com/advantage



  System information as of <date>



  System load: 0.08  (..)

  Usage of /: 4.9%  (..)



  Get cloud support with Ubuntu Advantage Cloud Guest:

    http://www.ubuntu.com/business/services/cloud



0 packages can be updated.

0 updates are security updates.



Failed to connect to https://changelogs.ubuntu.com/meta-release-lts. 

Check your Internet connection or proxy settings


Perhaps I am being paranoid, but I think it is unacceptable that a mere login would send anything to the internet. If you do a connection to 'changelogs.ubuntu.com' every time you login on the shell, that can lead to potential security and privacy concerns. Am I the only one who is surprised about this and finds this unacceptable?



My question is: how can I safely use Ubuntu without compromising security or privacy?



In particular, my concern is with sending anything to the internet without permission. I don't want things to automatically connect or check or update to the internet in any way, unless I give the command to do that, with sudo apt update for example.



I tried playing with /etc/update-motd.d scripts but I could not find the script that was the culprit. I am kind of annoyed that I wasted a good hour on this stuff and still don't trust my Ubuntu system with ethernet/internet until this issue is resolved properly.






login security privacy







share|improve this question




















  • 2





    A mere login does not send anything to anybody. The message of the day and the number of available updates are updated daily by automated services with no relationship with users logging or not logging in. You can easily disable those services.

    – AlexP
    Dec 17 '18 at 9:59






  • 1





    Your question seems to be related to Why does the ubuntu-server package depend on update-notifier-common?

    – steeldriver
    Dec 17 '18 at 12:46














-2












-2








-2


1






I am surprised to find so little information about what I would consider a serious breach of privacy and security.



It appears ubuntu-report is sending very unique information about your system - like a fingerprint, if not stopped with shell commands. See here: https://www.howtogeek.com/349844/how-to-stop-ubuntu-from-collecting-data-about-your-pc/



update: answer below argues that permission is asked before actually sending this information.



But now, I also frown upon a fresh minimal Ubuntu image connecting to the internet upon login. When logging in to the console, a Message of the Day (MOTD) is displayed. Something like this:



ubuntu login: ubuntu

Password:

Last login: <date>

Welcome to Ubuntu 18.04.1 LTS (...)



 * Documentation: https://help.ubuntu.com

 * Management:    https://landscape.canonical.com

 * Support:       https://ubuntu.com/advantage



  System information as of <date>



  System load: 0.08  (..)

  Usage of /: 4.9%  (..)



  Get cloud support with Ubuntu Advantage Cloud Guest:

    http://www.ubuntu.com/business/services/cloud



0 packages can be updated.

0 updates are security updates.



Failed to connect to https://changelogs.ubuntu.com/meta-release-lts. 

Check your Internet connection or proxy settings


Perhaps I am being paranoid, but I think it is unacceptable that a mere login would send anything to the internet. If you do a connection to 'changelogs.ubuntu.com' every time you login on the shell, that can lead to potential security and privacy concerns. Am I the only one who is surprised about this and finds this unacceptable?



My question is: how can I safely use Ubuntu without compromising security or privacy?



In particular, my concern is with sending anything to the internet without permission. I don't want things to automatically connect or check or update to the internet in any way, unless I give the command to do that, with sudo apt update for example.



I tried playing with /etc/update-motd.d scripts but I could not find the script that was the culprit. I am kind of annoyed that I wasted a good hour on this stuff and still don't trust my Ubuntu system with ethernet/internet until this issue is resolved properly.






login security privacy







share|improve this question
















I am surprised to find so little information about what I would consider a serious breach of privacy and security.



It appears ubuntu-report is sending very unique information about your system - like a fingerprint, if not stopped with shell commands. See here: https://www.howtogeek.com/349844/how-to-stop-ubuntu-from-collecting-data-about-your-pc/



update: answer below argues that permission is asked before actually sending this information.



But now, I also frown upon a fresh minimal Ubuntu image connecting to the internet upon login. When logging in to the console, a Message of the Day (MOTD) is displayed. Something like this:



ubuntu login: ubuntu

Password:

Last login: <date>

Welcome to Ubuntu 18.04.1 LTS (...)



 * Documentation: https://help.ubuntu.com

 * Management:    https://landscape.canonical.com

 * Support:       https://ubuntu.com/advantage



  System information as of <date>



  System load: 0.08  (..)

  Usage of /: 4.9%  (..)



  Get cloud support with Ubuntu Advantage Cloud Guest:

    http://www.ubuntu.com/business/services/cloud



0 packages can be updated.

0 updates are security updates.



Failed to connect to https://changelogs.ubuntu.com/meta-release-lts. 

Check your Internet connection or proxy settings


Perhaps I am being paranoid, but I think it is unacceptable that a mere login would send anything to the internet. If you do a connection to 'changelogs.ubuntu.com' every time you login on the shell, that can lead to potential security and privacy concerns. Am I the only one who is surprised about this and finds this unacceptable?



My question is: how can I safely use Ubuntu without compromising security or privacy?



In particular, my concern is with sending anything to the internet without permission. I don't want things to automatically connect or check or update to the internet in any way, unless I give the command to do that, with sudo apt update for example.



I tried playing with /etc/update-motd.d scripts but I could not find the script that was the culprit. I am kind of annoyed that I wasted a good hour on this stuff and still don't trust my Ubuntu system with ethernet/internet until this issue is resolved properly.






login security privacy




login security privacy






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Dec 17 '18 at 13:05







Sigrid

















asked Dec 17 '18 at 7:23









SigridSigrid

62




62








  • 2





    A mere login does not send anything to anybody. The message of the day and the number of available updates are updated daily by automated services with no relationship with users logging or not logging in. You can easily disable those services.

    – AlexP
    Dec 17 '18 at 9:59






  • 1





    Your question seems to be related to Why does the ubuntu-server package depend on update-notifier-common?

    – steeldriver
    Dec 17 '18 at 12:46














  • 2





    A mere login does not send anything to anybody. The message of the day and the number of available updates are updated daily by automated services with no relationship with users logging or not logging in. You can easily disable those services.

    – AlexP
    Dec 17 '18 at 9:59






  • 1





    Your question seems to be related to Why does the ubuntu-server package depend on update-notifier-common?

    – steeldriver
    Dec 17 '18 at 12:46








2




2





A mere login does not send anything to anybody. The message of the day and the number of available updates are updated daily by automated services with no relationship with users logging or not logging in. You can easily disable those services.

– AlexP
Dec 17 '18 at 9:59





A mere login does not send anything to anybody. The message of the day and the number of available updates are updated daily by automated services with no relationship with users logging or not logging in. You can easily disable those services.

– AlexP
Dec 17 '18 at 9:59




1




1





Your question seems to be related to Why does the ubuntu-server package depend on update-notifier-common?

– steeldriver
Dec 17 '18 at 12:46





Your question seems to be related to Why does the ubuntu-server package depend on update-notifier-common?

– steeldriver
Dec 17 '18 at 12:46










2 Answers
2






active

oldest

votes


















6














Ok this question contains contains some inaccurate information.




  • The package Ubuntu Report does not get installed if users uncheck the option during installation.

  • Even after giving permission during installation, it again asks for permission before sending any data and let users see the data to be sent and provide with permanent deny option.

  • The data it collects is general hardware and OS configuration related data which helps the development of Ubuntu. It does not collect any sensitive data (like IP address or real location). See it's GitHub page for an example.

  • The data is completely anonymized (can't be used to identify a single machine) and one time only. It does not send data on every login.



If you do a connection to 'changelogs.ubuntu.com' every time you login on the shell, that can lead to potential security and privacy concerns. Am I the only one who is surprised about this and finds this unacceptable?




I don't know about Ubuntu Server, but I'm pretty sure you can stop checking for updates at shell login. Don't know about the second question, it's just an update check!




I don't want things to automatically connect or check or update to the internet in any way




Not an option on 21st century PC ecosystem. If you want something like that, better use a default-deny firewall or something like that.






share|improve this answer


























  • Thanks for your answer! I updated the question to reflect your nuance regarding ubuntu-report. Still, I think an opt-in would be better than opt-out. I have had apport send an application crash report simply because I was typing in an application when apport popped op, and my continued typing gave permission to send; not really privacy friendly. Nothing should be sent or even collected, unless there was express permission. That would please privacy-conscious users better.

    – Sigrid
    Dec 17 '18 at 13:21











  • Can you please point me to any resources blocking the automatic checking for updates upon login?

    – Sigrid
    Dec 17 '18 at 13:21











  • Regarding to your 21st century ecosystem comment; I would think that after Snowden, people would think about data security and privacy as something very important to safeguard against governments and companies from having too much power and knowledge about citizens. Therefore, I would have expected open-source operating systems like Ubuntu to be more friendly to privacy out-of-the-box, such that no 'phoning home' would occur with Ubuntu, unless the user expressly enabled something in the preferences (opt-in) or gave a command to do so.

    – Sigrid
    Dec 17 '18 at 13:26






  • 2





    @Sigrid - Sorry that Ubuntu does not meet your expectations. Merely uninstall the update-manager and unattended-upgrade packages, and you will have a never-phone-home system. WARNING: Those packages provide Ubuntu's automatic security upgrades - you will need to start doing those manually and regularly lest your system become vulnerable to published exploits.

    – user535733
    Dec 17 '18 at 13:55





















0














Every ubuntu desktop installation I have done I noticed it sending data to IPs owned by Canonical by default. This traffic seems to be rather constant. I could swear during the installation I specifically tell it not to send any data back to canonical.



I am about to wipe the Ubuntu install (16.04->18.04) to track an issue not related to this one. for the sake of this thread I will document all the options I selected and then will look at the network traffic.





share























    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "89"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1102491%2fprevent-ubuntu-from-leaking-information-to-the-internet-upon-login%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    6














    Ok this question contains contains some inaccurate information.




    • The package Ubuntu Report does not get installed if users uncheck the option during installation.

    • Even after giving permission during installation, it again asks for permission before sending any data and let users see the data to be sent and provide with permanent deny option.

    • The data it collects is general hardware and OS configuration related data which helps the development of Ubuntu. It does not collect any sensitive data (like IP address or real location). See it's GitHub page for an example.

    • The data is completely anonymized (can't be used to identify a single machine) and one time only. It does not send data on every login.



    If you do a connection to 'changelogs.ubuntu.com' every time you login on the shell, that can lead to potential security and privacy concerns. Am I the only one who is surprised about this and finds this unacceptable?




    I don't know about Ubuntu Server, but I'm pretty sure you can stop checking for updates at shell login. Don't know about the second question, it's just an update check!




    I don't want things to automatically connect or check or update to the internet in any way




    Not an option on 21st century PC ecosystem. If you want something like that, better use a default-deny firewall or something like that.






    share|improve this answer


























    • Thanks for your answer! I updated the question to reflect your nuance regarding ubuntu-report. Still, I think an opt-in would be better than opt-out. I have had apport send an application crash report simply because I was typing in an application when apport popped op, and my continued typing gave permission to send; not really privacy friendly. Nothing should be sent or even collected, unless there was express permission. That would please privacy-conscious users better.

      – Sigrid
      Dec 17 '18 at 13:21











    • Can you please point me to any resources blocking the automatic checking for updates upon login?

      – Sigrid
      Dec 17 '18 at 13:21











    • Regarding to your 21st century ecosystem comment; I would think that after Snowden, people would think about data security and privacy as something very important to safeguard against governments and companies from having too much power and knowledge about citizens. Therefore, I would have expected open-source operating systems like Ubuntu to be more friendly to privacy out-of-the-box, such that no 'phoning home' would occur with Ubuntu, unless the user expressly enabled something in the preferences (opt-in) or gave a command to do so.

      – Sigrid
      Dec 17 '18 at 13:26






    • 2





      @Sigrid - Sorry that Ubuntu does not meet your expectations. Merely uninstall the update-manager and unattended-upgrade packages, and you will have a never-phone-home system. WARNING: Those packages provide Ubuntu's automatic security upgrades - you will need to start doing those manually and regularly lest your system become vulnerable to published exploits.

      – user535733
      Dec 17 '18 at 13:55


















    6














    Ok this question contains contains some inaccurate information.




    • The package Ubuntu Report does not get installed if users uncheck the option during installation.

    • Even after giving permission during installation, it again asks for permission before sending any data and let users see the data to be sent and provide with permanent deny option.

    • The data it collects is general hardware and OS configuration related data which helps the development of Ubuntu. It does not collect any sensitive data (like IP address or real location). See it's GitHub page for an example.

    • The data is completely anonymized (can't be used to identify a single machine) and one time only. It does not send data on every login.



    If you do a connection to 'changelogs.ubuntu.com' every time you login on the shell, that can lead to potential security and privacy concerns. Am I the only one who is surprised about this and finds this unacceptable?




    I don't know about Ubuntu Server, but I'm pretty sure you can stop checking for updates at shell login. Don't know about the second question, it's just an update check!




    I don't want things to automatically connect or check or update to the internet in any way




    Not an option on 21st century PC ecosystem. If you want something like that, better use a default-deny firewall or something like that.






    share|improve this answer


























    • Thanks for your answer! I updated the question to reflect your nuance regarding ubuntu-report. Still, I think an opt-in would be better than opt-out. I have had apport send an application crash report simply because I was typing in an application when apport popped op, and my continued typing gave permission to send; not really privacy friendly. Nothing should be sent or even collected, unless there was express permission. That would please privacy-conscious users better.

      – Sigrid
      Dec 17 '18 at 13:21











    • Can you please point me to any resources blocking the automatic checking for updates upon login?

      – Sigrid
      Dec 17 '18 at 13:21











    • Regarding to your 21st century ecosystem comment; I would think that after Snowden, people would think about data security and privacy as something very important to safeguard against governments and companies from having too much power and knowledge about citizens. Therefore, I would have expected open-source operating systems like Ubuntu to be more friendly to privacy out-of-the-box, such that no 'phoning home' would occur with Ubuntu, unless the user expressly enabled something in the preferences (opt-in) or gave a command to do so.

      – Sigrid
      Dec 17 '18 at 13:26






    • 2





      @Sigrid - Sorry that Ubuntu does not meet your expectations. Merely uninstall the update-manager and unattended-upgrade packages, and you will have a never-phone-home system. WARNING: Those packages provide Ubuntu's automatic security upgrades - you will need to start doing those manually and regularly lest your system become vulnerable to published exploits.

      – user535733
      Dec 17 '18 at 13:55
















    6












    6








    6







    Ok this question contains contains some inaccurate information.




    • The package Ubuntu Report does not get installed if users uncheck the option during installation.

    • Even after giving permission during installation, it again asks for permission before sending any data and let users see the data to be sent and provide with permanent deny option.

    • The data it collects is general hardware and OS configuration related data which helps the development of Ubuntu. It does not collect any sensitive data (like IP address or real location). See it's GitHub page for an example.

    • The data is completely anonymized (can't be used to identify a single machine) and one time only. It does not send data on every login.



    If you do a connection to 'changelogs.ubuntu.com' every time you login on the shell, that can lead to potential security and privacy concerns. Am I the only one who is surprised about this and finds this unacceptable?




    I don't know about Ubuntu Server, but I'm pretty sure you can stop checking for updates at shell login. Don't know about the second question, it's just an update check!




    I don't want things to automatically connect or check or update to the internet in any way




    Not an option on 21st century PC ecosystem. If you want something like that, better use a default-deny firewall or something like that.






    share|improve this answer















    Ok this question contains contains some inaccurate information.




    • The package Ubuntu Report does not get installed if users uncheck the option during installation.

    • Even after giving permission during installation, it again asks for permission before sending any data and let users see the data to be sent and provide with permanent deny option.

    • The data it collects is general hardware and OS configuration related data which helps the development of Ubuntu. It does not collect any sensitive data (like IP address or real location). See it's GitHub page for an example.

    • The data is completely anonymized (can't be used to identify a single machine) and one time only. It does not send data on every login.



    If you do a connection to 'changelogs.ubuntu.com' every time you login on the shell, that can lead to potential security and privacy concerns. Am I the only one who is surprised about this and finds this unacceptable?




    I don't know about Ubuntu Server, but I'm pretty sure you can stop checking for updates at shell login. Don't know about the second question, it's just an update check!




    I don't want things to automatically connect or check or update to the internet in any way




    Not an option on 21st century PC ecosystem. If you want something like that, better use a default-deny firewall or something like that.







    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited Dec 17 '18 at 17:54

























    answered Dec 17 '18 at 8:41









    HattinGokbori87HattinGokbori87

    760215




    760215













    • Thanks for your answer! I updated the question to reflect your nuance regarding ubuntu-report. Still, I think an opt-in would be better than opt-out. I have had apport send an application crash report simply because I was typing in an application when apport popped op, and my continued typing gave permission to send; not really privacy friendly. Nothing should be sent or even collected, unless there was express permission. That would please privacy-conscious users better.

      – Sigrid
      Dec 17 '18 at 13:21











    • Can you please point me to any resources blocking the automatic checking for updates upon login?

      – Sigrid
      Dec 17 '18 at 13:21











    • Regarding to your 21st century ecosystem comment; I would think that after Snowden, people would think about data security and privacy as something very important to safeguard against governments and companies from having too much power and knowledge about citizens. Therefore, I would have expected open-source operating systems like Ubuntu to be more friendly to privacy out-of-the-box, such that no 'phoning home' would occur with Ubuntu, unless the user expressly enabled something in the preferences (opt-in) or gave a command to do so.

      – Sigrid
      Dec 17 '18 at 13:26






    • 2





      @Sigrid - Sorry that Ubuntu does not meet your expectations. Merely uninstall the update-manager and unattended-upgrade packages, and you will have a never-phone-home system. WARNING: Those packages provide Ubuntu's automatic security upgrades - you will need to start doing those manually and regularly lest your system become vulnerable to published exploits.

      – user535733
      Dec 17 '18 at 13:55





















    • Thanks for your answer! I updated the question to reflect your nuance regarding ubuntu-report. Still, I think an opt-in would be better than opt-out. I have had apport send an application crash report simply because I was typing in an application when apport popped op, and my continued typing gave permission to send; not really privacy friendly. Nothing should be sent or even collected, unless there was express permission. That would please privacy-conscious users better.

      – Sigrid
      Dec 17 '18 at 13:21











    • Can you please point me to any resources blocking the automatic checking for updates upon login?

      – Sigrid
      Dec 17 '18 at 13:21











    • Regarding to your 21st century ecosystem comment; I would think that after Snowden, people would think about data security and privacy as something very important to safeguard against governments and companies from having too much power and knowledge about citizens. Therefore, I would have expected open-source operating systems like Ubuntu to be more friendly to privacy out-of-the-box, such that no 'phoning home' would occur with Ubuntu, unless the user expressly enabled something in the preferences (opt-in) or gave a command to do so.

      – Sigrid
      Dec 17 '18 at 13:26






    • 2





      @Sigrid - Sorry that Ubuntu does not meet your expectations. Merely uninstall the update-manager and unattended-upgrade packages, and you will have a never-phone-home system. WARNING: Those packages provide Ubuntu's automatic security upgrades - you will need to start doing those manually and regularly lest your system become vulnerable to published exploits.

      – user535733
      Dec 17 '18 at 13:55



















    Thanks for your answer! I updated the question to reflect your nuance regarding ubuntu-report. Still, I think an opt-in would be better than opt-out. I have had apport send an application crash report simply because I was typing in an application when apport popped op, and my continued typing gave permission to send; not really privacy friendly. Nothing should be sent or even collected, unless there was express permission. That would please privacy-conscious users better.

    – Sigrid
    Dec 17 '18 at 13:21





    Thanks for your answer! I updated the question to reflect your nuance regarding ubuntu-report. Still, I think an opt-in would be better than opt-out. I have had apport send an application crash report simply because I was typing in an application when apport popped op, and my continued typing gave permission to send; not really privacy friendly. Nothing should be sent or even collected, unless there was express permission. That would please privacy-conscious users better.

    – Sigrid
    Dec 17 '18 at 13:21













    Can you please point me to any resources blocking the automatic checking for updates upon login?

    – Sigrid
    Dec 17 '18 at 13:21





    Can you please point me to any resources blocking the automatic checking for updates upon login?

    – Sigrid
    Dec 17 '18 at 13:21













    Regarding to your 21st century ecosystem comment; I would think that after Snowden, people would think about data security and privacy as something very important to safeguard against governments and companies from having too much power and knowledge about citizens. Therefore, I would have expected open-source operating systems like Ubuntu to be more friendly to privacy out-of-the-box, such that no 'phoning home' would occur with Ubuntu, unless the user expressly enabled something in the preferences (opt-in) or gave a command to do so.

    – Sigrid
    Dec 17 '18 at 13:26





    Regarding to your 21st century ecosystem comment; I would think that after Snowden, people would think about data security and privacy as something very important to safeguard against governments and companies from having too much power and knowledge about citizens. Therefore, I would have expected open-source operating systems like Ubuntu to be more friendly to privacy out-of-the-box, such that no 'phoning home' would occur with Ubuntu, unless the user expressly enabled something in the preferences (opt-in) or gave a command to do so.

    – Sigrid
    Dec 17 '18 at 13:26




    2




    2





    @Sigrid - Sorry that Ubuntu does not meet your expectations. Merely uninstall the update-manager and unattended-upgrade packages, and you will have a never-phone-home system. WARNING: Those packages provide Ubuntu's automatic security upgrades - you will need to start doing those manually and regularly lest your system become vulnerable to published exploits.

    – user535733
    Dec 17 '18 at 13:55







    @Sigrid - Sorry that Ubuntu does not meet your expectations. Merely uninstall the update-manager and unattended-upgrade packages, and you will have a never-phone-home system. WARNING: Those packages provide Ubuntu's automatic security upgrades - you will need to start doing those manually and regularly lest your system become vulnerable to published exploits.

    – user535733
    Dec 17 '18 at 13:55















    0














    Every ubuntu desktop installation I have done I noticed it sending data to IPs owned by Canonical by default. This traffic seems to be rather constant. I could swear during the installation I specifically tell it not to send any data back to canonical.



    I am about to wipe the Ubuntu install (16.04->18.04) to track an issue not related to this one. for the sake of this thread I will document all the options I selected and then will look at the network traffic.





    share




























      0














      Every ubuntu desktop installation I have done I noticed it sending data to IPs owned by Canonical by default. This traffic seems to be rather constant. I could swear during the installation I specifically tell it not to send any data back to canonical.



      I am about to wipe the Ubuntu install (16.04->18.04) to track an issue not related to this one. for the sake of this thread I will document all the options I selected and then will look at the network traffic.





      share


























        0












        0








        0







        Every ubuntu desktop installation I have done I noticed it sending data to IPs owned by Canonical by default. This traffic seems to be rather constant. I could swear during the installation I specifically tell it not to send any data back to canonical.



        I am about to wipe the Ubuntu install (16.04->18.04) to track an issue not related to this one. for the sake of this thread I will document all the options I selected and then will look at the network traffic.





        share













        Every ubuntu desktop installation I have done I noticed it sending data to IPs owned by Canonical by default. This traffic seems to be rather constant. I could swear during the installation I specifically tell it not to send any data back to canonical.



        I am about to wipe the Ubuntu install (16.04->18.04) to track an issue not related to this one. for the sake of this thread I will document all the options I selected and then will look at the network traffic.






        share











        share


        share










        answered 9 mins ago









        RaubvogelRaubvogel

        14113




        14113






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Ask Ubuntu!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1102491%2fprevent-ubuntu-from-leaking-information-to-the-internet-upon-login%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Why do type traits not work with types in namespace scope?What are POD types in C++?Why can templates only be...

            Image
            What does it mean to express a gate in Dirac notation? A Strange Latex Symbol How can Republicans who favour free markets, consistently express anger when they don't like the outcome of that choice? What happened to Captain America in Endgame? How to solve constants out of the internal energy equation? How can I place the product on a social media post better? Will tsunami waves travel forever if there was no land? Unexpected email from Yorkshire Bank What is the relationship between spectral sequences and obstruction theory? How can I practically buy stocks? Will a top journal at least re
            Read more

            Will tsunami waves travel forever if there was no land?Why do tsunami waves begin with the water flowing away...

            Image
            How much cash can I safely carry into the USA and avoid civil forfeiture? Is there really no use for MD5 anymore? Is contacting this expert in the field something acceptable or would it be discourteous? How to pronounce 'C++' in Spanish How to creep the reader out with what seems like a normal person? Critique of timeline aesthetic Sci fi novel series with instant travel between planets through gates. A river runs through the gates How did Captain America manage to do this? Are Boeing 737-800’s grounded? Error message with tabularx How to make a pipeline wait for end-of-file or stop af
            Read more

            Simple Scan not detecting my scanner (Brother DCP-7055W)Brother MFC-L2700DW printer can print, can't...

            Image
            Can someone publish a story that happened to you? Will tsunami waves travel forever if there was no land? What is the strongest case that can be made in favour of the UK regaining some control over fishing policy after Brexit? Controversial area of mathematics Packing rectangles: Does rotation ever help? Is there a way to get a compiler for the original B programming language? Using a Lyapunov function to classify stability and sketching a phase portrait Do I have an "anti-research" personality? Reducing vertical space in stackrel What does KSP mean? Pulling the rope with one hand is
            Read more