Prevent Ubuntu from leaking information to the internet upon loginWhy does the ubuntu-server package depend on update-notifier-common?Where does the System Information information come from on login?Why does my Ubuntu 12.04 install not pull this security update?Does java security flaw affects ubuntu also?Is the meta-release upgrade (do-release-upgrade) secure?Upgrade from 12.04lts to 14.04lts login loophow to generate welcome screenPrivacy with Ubuntu PhoneContinious ubuntu malfunctionRun Executable After loginUbuntu 16.04 LTS black screen after login since updating packages with Software Updater
What does this horizontal bar at the first measure mean?
Difference between -| and |- in TikZ
How much character growth crosses the line into breaking the character
Freedom of speech and where it applies
What major Native American tribes were around Santa Fe during the late 1850s?
Bob has never been a M before
Can someone explain how this makes sense electrically?
Flux received by a negative charge
Translation of Scottish 16th century church stained glass
Gibbs free energy in standard state vs. equilibrium
Customize circled numbers
How do I implement a file system driver driver in Linux?
Have I saved too much for retirement so far?
When quoting, must I also copy hyphens used to divide words that continue on the next line?
A Permanent Norse Presence in America
Are lightweight LN wallets vulnerable to transaction withholding?
Do the concepts of IP address and network interface not belong to the same layer?
Why do IPv6 unique local addresses have to have a /48 prefix?
Why has "pence" been used in this sentence, not "pences"?
What is this type of notehead called?
A social experiment. What is the worst that can happen?
Has Darkwing Duck ever met Scrooge McDuck?
Why did the HMS Bounty go back to a time when whales are already rare?
Wrapping Cryptocurrencies for interoperability sake
Prevent Ubuntu from leaking information to the internet upon login
Why does the ubuntu-server package depend on update-notifier-common?Where does the System Information information come from on login?Why does my Ubuntu 12.04 install not pull this security update?Does java security flaw affects ubuntu also?Is the meta-release upgrade (do-release-upgrade) secure?Upgrade from 12.04lts to 14.04lts login loophow to generate welcome screenPrivacy with Ubuntu PhoneContinious ubuntu malfunctionRun Executable After loginUbuntu 16.04 LTS black screen after login since updating packages with Software Updater
I am surprised to find so little information about what I would consider a serious breach of privacy and security.
It appears ubuntu-report
is sending very unique information about your system - like a fingerprint, if not stopped with shell commands. See here: https://www.howtogeek.com/349844/how-to-stop-ubuntu-from-collecting-data-about-your-pc/
update: answer below argues that permission is asked before actually sending this information.
But now, I also frown upon a fresh minimal Ubuntu image connecting to the internet upon login. When logging in to the console, a Message of the Day (MOTD) is displayed. Something like this:
ubuntu login: ubuntu
Password:
Last login: <date>
Welcome to Ubuntu 18.04.1 LTS (...)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of <date>
System load: 0.08 (..)
Usage of /: 4.9% (..)
Get cloud support with Ubuntu Advantage Cloud Guest:
http://www.ubuntu.com/business/services/cloud
0 packages can be updated.
0 updates are security updates.
Failed to connect to https://changelogs.ubuntu.com/meta-release-lts.
Check your Internet connection or proxy settings
Perhaps I am being paranoid, but I think it is unacceptable that a mere login would send anything to the internet. If you do a connection to 'changelogs.ubuntu.com' every time you login on the shell, that can lead to potential security and privacy concerns. Am I the only one who is surprised about this and finds this unacceptable?
My question is: how can I safely use Ubuntu without compromising security or privacy?
In particular, my concern is with sending anything to the internet without permission. I don't want things to automatically connect or check or update to the internet in any way, unless I give the command to do that, with sudo apt update
for example.
I tried playing with /etc/update-motd.d
scripts but I could not find the script that was the culprit. I am kind of annoyed that I wasted a good hour on this stuff and still don't trust my Ubuntu system with ethernet/internet until this issue is resolved properly.
login security privacy
add a comment |
I am surprised to find so little information about what I would consider a serious breach of privacy and security.
It appears ubuntu-report
is sending very unique information about your system - like a fingerprint, if not stopped with shell commands. See here: https://www.howtogeek.com/349844/how-to-stop-ubuntu-from-collecting-data-about-your-pc/
update: answer below argues that permission is asked before actually sending this information.
But now, I also frown upon a fresh minimal Ubuntu image connecting to the internet upon login. When logging in to the console, a Message of the Day (MOTD) is displayed. Something like this:
ubuntu login: ubuntu
Password:
Last login: <date>
Welcome to Ubuntu 18.04.1 LTS (...)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of <date>
System load: 0.08 (..)
Usage of /: 4.9% (..)
Get cloud support with Ubuntu Advantage Cloud Guest:
http://www.ubuntu.com/business/services/cloud
0 packages can be updated.
0 updates are security updates.
Failed to connect to https://changelogs.ubuntu.com/meta-release-lts.
Check your Internet connection or proxy settings
Perhaps I am being paranoid, but I think it is unacceptable that a mere login would send anything to the internet. If you do a connection to 'changelogs.ubuntu.com' every time you login on the shell, that can lead to potential security and privacy concerns. Am I the only one who is surprised about this and finds this unacceptable?
My question is: how can I safely use Ubuntu without compromising security or privacy?
In particular, my concern is with sending anything to the internet without permission. I don't want things to automatically connect or check or update to the internet in any way, unless I give the command to do that, with sudo apt update
for example.
I tried playing with /etc/update-motd.d
scripts but I could not find the script that was the culprit. I am kind of annoyed that I wasted a good hour on this stuff and still don't trust my Ubuntu system with ethernet/internet until this issue is resolved properly.
login security privacy
2
A mere login does not send anything to anybody. The message of the day and the number of available updates are updated daily by automated services with no relationship with users logging or not logging in. You can easily disable those services.
– AlexP
Dec 17 '18 at 9:59
1
Your question seems to be related to Why does the ubuntu-server package depend on update-notifier-common?
– steeldriver
Dec 17 '18 at 12:46
add a comment |
I am surprised to find so little information about what I would consider a serious breach of privacy and security.
It appears ubuntu-report
is sending very unique information about your system - like a fingerprint, if not stopped with shell commands. See here: https://www.howtogeek.com/349844/how-to-stop-ubuntu-from-collecting-data-about-your-pc/
update: answer below argues that permission is asked before actually sending this information.
But now, I also frown upon a fresh minimal Ubuntu image connecting to the internet upon login. When logging in to the console, a Message of the Day (MOTD) is displayed. Something like this:
ubuntu login: ubuntu
Password:
Last login: <date>
Welcome to Ubuntu 18.04.1 LTS (...)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of <date>
System load: 0.08 (..)
Usage of /: 4.9% (..)
Get cloud support with Ubuntu Advantage Cloud Guest:
http://www.ubuntu.com/business/services/cloud
0 packages can be updated.
0 updates are security updates.
Failed to connect to https://changelogs.ubuntu.com/meta-release-lts.
Check your Internet connection or proxy settings
Perhaps I am being paranoid, but I think it is unacceptable that a mere login would send anything to the internet. If you do a connection to 'changelogs.ubuntu.com' every time you login on the shell, that can lead to potential security and privacy concerns. Am I the only one who is surprised about this and finds this unacceptable?
My question is: how can I safely use Ubuntu without compromising security or privacy?
In particular, my concern is with sending anything to the internet without permission. I don't want things to automatically connect or check or update to the internet in any way, unless I give the command to do that, with sudo apt update
for example.
I tried playing with /etc/update-motd.d
scripts but I could not find the script that was the culprit. I am kind of annoyed that I wasted a good hour on this stuff and still don't trust my Ubuntu system with ethernet/internet until this issue is resolved properly.
login security privacy
I am surprised to find so little information about what I would consider a serious breach of privacy and security.
It appears ubuntu-report
is sending very unique information about your system - like a fingerprint, if not stopped with shell commands. See here: https://www.howtogeek.com/349844/how-to-stop-ubuntu-from-collecting-data-about-your-pc/
update: answer below argues that permission is asked before actually sending this information.
But now, I also frown upon a fresh minimal Ubuntu image connecting to the internet upon login. When logging in to the console, a Message of the Day (MOTD) is displayed. Something like this:
ubuntu login: ubuntu
Password:
Last login: <date>
Welcome to Ubuntu 18.04.1 LTS (...)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of <date>
System load: 0.08 (..)
Usage of /: 4.9% (..)
Get cloud support with Ubuntu Advantage Cloud Guest:
http://www.ubuntu.com/business/services/cloud
0 packages can be updated.
0 updates are security updates.
Failed to connect to https://changelogs.ubuntu.com/meta-release-lts.
Check your Internet connection or proxy settings
Perhaps I am being paranoid, but I think it is unacceptable that a mere login would send anything to the internet. If you do a connection to 'changelogs.ubuntu.com' every time you login on the shell, that can lead to potential security and privacy concerns. Am I the only one who is surprised about this and finds this unacceptable?
My question is: how can I safely use Ubuntu without compromising security or privacy?
In particular, my concern is with sending anything to the internet without permission. I don't want things to automatically connect or check or update to the internet in any way, unless I give the command to do that, with sudo apt update
for example.
I tried playing with /etc/update-motd.d
scripts but I could not find the script that was the culprit. I am kind of annoyed that I wasted a good hour on this stuff and still don't trust my Ubuntu system with ethernet/internet until this issue is resolved properly.
login security privacy
login security privacy
edited Dec 17 '18 at 13:05
Sigrid
asked Dec 17 '18 at 7:23
SigridSigrid
62
62
2
A mere login does not send anything to anybody. The message of the day and the number of available updates are updated daily by automated services with no relationship with users logging or not logging in. You can easily disable those services.
– AlexP
Dec 17 '18 at 9:59
1
Your question seems to be related to Why does the ubuntu-server package depend on update-notifier-common?
– steeldriver
Dec 17 '18 at 12:46
add a comment |
2
A mere login does not send anything to anybody. The message of the day and the number of available updates are updated daily by automated services with no relationship with users logging or not logging in. You can easily disable those services.
– AlexP
Dec 17 '18 at 9:59
1
Your question seems to be related to Why does the ubuntu-server package depend on update-notifier-common?
– steeldriver
Dec 17 '18 at 12:46
2
2
A mere login does not send anything to anybody. The message of the day and the number of available updates are updated daily by automated services with no relationship with users logging or not logging in. You can easily disable those services.
– AlexP
Dec 17 '18 at 9:59
A mere login does not send anything to anybody. The message of the day and the number of available updates are updated daily by automated services with no relationship with users logging or not logging in. You can easily disable those services.
– AlexP
Dec 17 '18 at 9:59
1
1
Your question seems to be related to Why does the ubuntu-server package depend on update-notifier-common?
– steeldriver
Dec 17 '18 at 12:46
Your question seems to be related to Why does the ubuntu-server package depend on update-notifier-common?
– steeldriver
Dec 17 '18 at 12:46
add a comment |
2 Answers
2
active
oldest
votes
Ok this question contains contains some inaccurate information.
- The package Ubuntu Report does not get installed if users uncheck the option during installation.
- Even after giving permission during installation, it again asks for permission before sending any data and let users see the data to be sent and provide with permanent deny option.
- The data it collects is general hardware and OS configuration related data which helps the development of Ubuntu. It does not collect any sensitive data (like IP address or real location). See it's GitHub page for an example.
- The data is completely anonymized (can't be used to identify a single machine) and one time only. It does not send data on every login.
If you do a connection to 'changelogs.ubuntu.com' every time you login on the shell, that can lead to potential security and privacy concerns. Am I the only one who is surprised about this and finds this unacceptable?
I don't know about Ubuntu Server, but I'm pretty sure you can stop checking for updates at shell login. Don't know about the second question, it's just an update check!
I don't want things to automatically connect or check or update to the internet in any way
Not an option on 21st century PC ecosystem. If you want something like that, better use a default-deny firewall or something like that.
Thanks for your answer! I updated the question to reflect your nuance regardingubuntu-report
. Still, I think an opt-in would be better than opt-out. I have had apport send an application crash report simply because I was typing in an application when apport popped op, and my continued typing gave permission to send; not really privacy friendly. Nothing should be sent or even collected, unless there was express permission. That would please privacy-conscious users better.
– Sigrid
Dec 17 '18 at 13:21
Can you please point me to any resources blocking the automatic checking for updates upon login?
– Sigrid
Dec 17 '18 at 13:21
Regarding to your 21st century ecosystem comment; I would think that after Snowden, people would think about data security and privacy as something very important to safeguard against governments and companies from having too much power and knowledge about citizens. Therefore, I would have expected open-source operating systems like Ubuntu to be more friendly to privacy out-of-the-box, such that no 'phoning home' would occur with Ubuntu, unless the user expressly enabled something in the preferences (opt-in) or gave a command to do so.
– Sigrid
Dec 17 '18 at 13:26
2
@Sigrid - Sorry that Ubuntu does not meet your expectations. Merely uninstall theupdate-manager
andunattended-upgrade
packages, and you will have a never-phone-home system. WARNING: Those packages provide Ubuntu's automatic security upgrades - you will need to start doing those manually and regularly lest your system become vulnerable to published exploits.
– user535733
Dec 17 '18 at 13:55
add a comment |
Every ubuntu desktop installation I have done I noticed it sending data to IPs owned by Canonical by default. This traffic seems to be rather constant. I could swear during the installation I specifically tell it not to send any data back to canonical.
I am about to wipe the Ubuntu install (16.04->18.04) to track an issue not related to this one. for the sake of this thread I will document all the options I selected and then will look at the network traffic.
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "89"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1102491%2fprevent-ubuntu-from-leaking-information-to-the-internet-upon-login%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
Ok this question contains contains some inaccurate information.
- The package Ubuntu Report does not get installed if users uncheck the option during installation.
- Even after giving permission during installation, it again asks for permission before sending any data and let users see the data to be sent and provide with permanent deny option.
- The data it collects is general hardware and OS configuration related data which helps the development of Ubuntu. It does not collect any sensitive data (like IP address or real location). See it's GitHub page for an example.
- The data is completely anonymized (can't be used to identify a single machine) and one time only. It does not send data on every login.
If you do a connection to 'changelogs.ubuntu.com' every time you login on the shell, that can lead to potential security and privacy concerns. Am I the only one who is surprised about this and finds this unacceptable?
I don't know about Ubuntu Server, but I'm pretty sure you can stop checking for updates at shell login. Don't know about the second question, it's just an update check!
I don't want things to automatically connect or check or update to the internet in any way
Not an option on 21st century PC ecosystem. If you want something like that, better use a default-deny firewall or something like that.
Thanks for your answer! I updated the question to reflect your nuance regardingubuntu-report
. Still, I think an opt-in would be better than opt-out. I have had apport send an application crash report simply because I was typing in an application when apport popped op, and my continued typing gave permission to send; not really privacy friendly. Nothing should be sent or even collected, unless there was express permission. That would please privacy-conscious users better.
– Sigrid
Dec 17 '18 at 13:21
Can you please point me to any resources blocking the automatic checking for updates upon login?
– Sigrid
Dec 17 '18 at 13:21
Regarding to your 21st century ecosystem comment; I would think that after Snowden, people would think about data security and privacy as something very important to safeguard against governments and companies from having too much power and knowledge about citizens. Therefore, I would have expected open-source operating systems like Ubuntu to be more friendly to privacy out-of-the-box, such that no 'phoning home' would occur with Ubuntu, unless the user expressly enabled something in the preferences (opt-in) or gave a command to do so.
– Sigrid
Dec 17 '18 at 13:26
2
@Sigrid - Sorry that Ubuntu does not meet your expectations. Merely uninstall theupdate-manager
andunattended-upgrade
packages, and you will have a never-phone-home system. WARNING: Those packages provide Ubuntu's automatic security upgrades - you will need to start doing those manually and regularly lest your system become vulnerable to published exploits.
– user535733
Dec 17 '18 at 13:55
add a comment |
Ok this question contains contains some inaccurate information.
- The package Ubuntu Report does not get installed if users uncheck the option during installation.
- Even after giving permission during installation, it again asks for permission before sending any data and let users see the data to be sent and provide with permanent deny option.
- The data it collects is general hardware and OS configuration related data which helps the development of Ubuntu. It does not collect any sensitive data (like IP address or real location). See it's GitHub page for an example.
- The data is completely anonymized (can't be used to identify a single machine) and one time only. It does not send data on every login.
If you do a connection to 'changelogs.ubuntu.com' every time you login on the shell, that can lead to potential security and privacy concerns. Am I the only one who is surprised about this and finds this unacceptable?
I don't know about Ubuntu Server, but I'm pretty sure you can stop checking for updates at shell login. Don't know about the second question, it's just an update check!
I don't want things to automatically connect or check or update to the internet in any way
Not an option on 21st century PC ecosystem. If you want something like that, better use a default-deny firewall or something like that.
Thanks for your answer! I updated the question to reflect your nuance regardingubuntu-report
. Still, I think an opt-in would be better than opt-out. I have had apport send an application crash report simply because I was typing in an application when apport popped op, and my continued typing gave permission to send; not really privacy friendly. Nothing should be sent or even collected, unless there was express permission. That would please privacy-conscious users better.
– Sigrid
Dec 17 '18 at 13:21
Can you please point me to any resources blocking the automatic checking for updates upon login?
– Sigrid
Dec 17 '18 at 13:21
Regarding to your 21st century ecosystem comment; I would think that after Snowden, people would think about data security and privacy as something very important to safeguard against governments and companies from having too much power and knowledge about citizens. Therefore, I would have expected open-source operating systems like Ubuntu to be more friendly to privacy out-of-the-box, such that no 'phoning home' would occur with Ubuntu, unless the user expressly enabled something in the preferences (opt-in) or gave a command to do so.
– Sigrid
Dec 17 '18 at 13:26
2
@Sigrid - Sorry that Ubuntu does not meet your expectations. Merely uninstall theupdate-manager
andunattended-upgrade
packages, and you will have a never-phone-home system. WARNING: Those packages provide Ubuntu's automatic security upgrades - you will need to start doing those manually and regularly lest your system become vulnerable to published exploits.
– user535733
Dec 17 '18 at 13:55
add a comment |
Ok this question contains contains some inaccurate information.
- The package Ubuntu Report does not get installed if users uncheck the option during installation.
- Even after giving permission during installation, it again asks for permission before sending any data and let users see the data to be sent and provide with permanent deny option.
- The data it collects is general hardware and OS configuration related data which helps the development of Ubuntu. It does not collect any sensitive data (like IP address or real location). See it's GitHub page for an example.
- The data is completely anonymized (can't be used to identify a single machine) and one time only. It does not send data on every login.
If you do a connection to 'changelogs.ubuntu.com' every time you login on the shell, that can lead to potential security and privacy concerns. Am I the only one who is surprised about this and finds this unacceptable?
I don't know about Ubuntu Server, but I'm pretty sure you can stop checking for updates at shell login. Don't know about the second question, it's just an update check!
I don't want things to automatically connect or check or update to the internet in any way
Not an option on 21st century PC ecosystem. If you want something like that, better use a default-deny firewall or something like that.
Ok this question contains contains some inaccurate information.
- The package Ubuntu Report does not get installed if users uncheck the option during installation.
- Even after giving permission during installation, it again asks for permission before sending any data and let users see the data to be sent and provide with permanent deny option.
- The data it collects is general hardware and OS configuration related data which helps the development of Ubuntu. It does not collect any sensitive data (like IP address or real location). See it's GitHub page for an example.
- The data is completely anonymized (can't be used to identify a single machine) and one time only. It does not send data on every login.
If you do a connection to 'changelogs.ubuntu.com' every time you login on the shell, that can lead to potential security and privacy concerns. Am I the only one who is surprised about this and finds this unacceptable?
I don't know about Ubuntu Server, but I'm pretty sure you can stop checking for updates at shell login. Don't know about the second question, it's just an update check!
I don't want things to automatically connect or check or update to the internet in any way
Not an option on 21st century PC ecosystem. If you want something like that, better use a default-deny firewall or something like that.
edited Dec 17 '18 at 17:54
answered Dec 17 '18 at 8:41
HattinGokbori87HattinGokbori87
760215
760215
Thanks for your answer! I updated the question to reflect your nuance regardingubuntu-report
. Still, I think an opt-in would be better than opt-out. I have had apport send an application crash report simply because I was typing in an application when apport popped op, and my continued typing gave permission to send; not really privacy friendly. Nothing should be sent or even collected, unless there was express permission. That would please privacy-conscious users better.
– Sigrid
Dec 17 '18 at 13:21
Can you please point me to any resources blocking the automatic checking for updates upon login?
– Sigrid
Dec 17 '18 at 13:21
Regarding to your 21st century ecosystem comment; I would think that after Snowden, people would think about data security and privacy as something very important to safeguard against governments and companies from having too much power and knowledge about citizens. Therefore, I would have expected open-source operating systems like Ubuntu to be more friendly to privacy out-of-the-box, such that no 'phoning home' would occur with Ubuntu, unless the user expressly enabled something in the preferences (opt-in) or gave a command to do so.
– Sigrid
Dec 17 '18 at 13:26
2
@Sigrid - Sorry that Ubuntu does not meet your expectations. Merely uninstall theupdate-manager
andunattended-upgrade
packages, and you will have a never-phone-home system. WARNING: Those packages provide Ubuntu's automatic security upgrades - you will need to start doing those manually and regularly lest your system become vulnerable to published exploits.
– user535733
Dec 17 '18 at 13:55
add a comment |
Thanks for your answer! I updated the question to reflect your nuance regardingubuntu-report
. Still, I think an opt-in would be better than opt-out. I have had apport send an application crash report simply because I was typing in an application when apport popped op, and my continued typing gave permission to send; not really privacy friendly. Nothing should be sent or even collected, unless there was express permission. That would please privacy-conscious users better.
– Sigrid
Dec 17 '18 at 13:21
Can you please point me to any resources blocking the automatic checking for updates upon login?
– Sigrid
Dec 17 '18 at 13:21
Regarding to your 21st century ecosystem comment; I would think that after Snowden, people would think about data security and privacy as something very important to safeguard against governments and companies from having too much power and knowledge about citizens. Therefore, I would have expected open-source operating systems like Ubuntu to be more friendly to privacy out-of-the-box, such that no 'phoning home' would occur with Ubuntu, unless the user expressly enabled something in the preferences (opt-in) or gave a command to do so.
– Sigrid
Dec 17 '18 at 13:26
2
@Sigrid - Sorry that Ubuntu does not meet your expectations. Merely uninstall theupdate-manager
andunattended-upgrade
packages, and you will have a never-phone-home system. WARNING: Those packages provide Ubuntu's automatic security upgrades - you will need to start doing those manually and regularly lest your system become vulnerable to published exploits.
– user535733
Dec 17 '18 at 13:55
Thanks for your answer! I updated the question to reflect your nuance regarding
ubuntu-report
. Still, I think an opt-in would be better than opt-out. I have had apport send an application crash report simply because I was typing in an application when apport popped op, and my continued typing gave permission to send; not really privacy friendly. Nothing should be sent or even collected, unless there was express permission. That would please privacy-conscious users better.– Sigrid
Dec 17 '18 at 13:21
Thanks for your answer! I updated the question to reflect your nuance regarding
ubuntu-report
. Still, I think an opt-in would be better than opt-out. I have had apport send an application crash report simply because I was typing in an application when apport popped op, and my continued typing gave permission to send; not really privacy friendly. Nothing should be sent or even collected, unless there was express permission. That would please privacy-conscious users better.– Sigrid
Dec 17 '18 at 13:21
Can you please point me to any resources blocking the automatic checking for updates upon login?
– Sigrid
Dec 17 '18 at 13:21
Can you please point me to any resources blocking the automatic checking for updates upon login?
– Sigrid
Dec 17 '18 at 13:21
Regarding to your 21st century ecosystem comment; I would think that after Snowden, people would think about data security and privacy as something very important to safeguard against governments and companies from having too much power and knowledge about citizens. Therefore, I would have expected open-source operating systems like Ubuntu to be more friendly to privacy out-of-the-box, such that no 'phoning home' would occur with Ubuntu, unless the user expressly enabled something in the preferences (opt-in) or gave a command to do so.
– Sigrid
Dec 17 '18 at 13:26
Regarding to your 21st century ecosystem comment; I would think that after Snowden, people would think about data security and privacy as something very important to safeguard against governments and companies from having too much power and knowledge about citizens. Therefore, I would have expected open-source operating systems like Ubuntu to be more friendly to privacy out-of-the-box, such that no 'phoning home' would occur with Ubuntu, unless the user expressly enabled something in the preferences (opt-in) or gave a command to do so.
– Sigrid
Dec 17 '18 at 13:26
2
2
@Sigrid - Sorry that Ubuntu does not meet your expectations. Merely uninstall the
update-manager
and unattended-upgrade
packages, and you will have a never-phone-home system. WARNING: Those packages provide Ubuntu's automatic security upgrades - you will need to start doing those manually and regularly lest your system become vulnerable to published exploits.– user535733
Dec 17 '18 at 13:55
@Sigrid - Sorry that Ubuntu does not meet your expectations. Merely uninstall the
update-manager
and unattended-upgrade
packages, and you will have a never-phone-home system. WARNING: Those packages provide Ubuntu's automatic security upgrades - you will need to start doing those manually and regularly lest your system become vulnerable to published exploits.– user535733
Dec 17 '18 at 13:55
add a comment |
Every ubuntu desktop installation I have done I noticed it sending data to IPs owned by Canonical by default. This traffic seems to be rather constant. I could swear during the installation I specifically tell it not to send any data back to canonical.
I am about to wipe the Ubuntu install (16.04->18.04) to track an issue not related to this one. for the sake of this thread I will document all the options I selected and then will look at the network traffic.
add a comment |
Every ubuntu desktop installation I have done I noticed it sending data to IPs owned by Canonical by default. This traffic seems to be rather constant. I could swear during the installation I specifically tell it not to send any data back to canonical.
I am about to wipe the Ubuntu install (16.04->18.04) to track an issue not related to this one. for the sake of this thread I will document all the options I selected and then will look at the network traffic.
add a comment |
Every ubuntu desktop installation I have done I noticed it sending data to IPs owned by Canonical by default. This traffic seems to be rather constant. I could swear during the installation I specifically tell it not to send any data back to canonical.
I am about to wipe the Ubuntu install (16.04->18.04) to track an issue not related to this one. for the sake of this thread I will document all the options I selected and then will look at the network traffic.
Every ubuntu desktop installation I have done I noticed it sending data to IPs owned by Canonical by default. This traffic seems to be rather constant. I could swear during the installation I specifically tell it not to send any data back to canonical.
I am about to wipe the Ubuntu install (16.04->18.04) to track an issue not related to this one. for the sake of this thread I will document all the options I selected and then will look at the network traffic.
answered 12 mins ago
RaubvogelRaubvogel
14113
14113
add a comment |
add a comment |
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1102491%2fprevent-ubuntu-from-leaking-information-to-the-internet-upon-login%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
2
A mere login does not send anything to anybody. The message of the day and the number of available updates are updated daily by automated services with no relationship with users logging or not logging in. You can easily disable those services.
– AlexP
Dec 17 '18 at 9:59
1
Your question seems to be related to Why does the ubuntu-server package depend on update-notifier-common?
– steeldriver
Dec 17 '18 at 12:46