Is Linux Mint breaking the law?

Chat about anything related to Linux Mint
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
Locked
User avatar
catweazel
Level 19
Level 19
Posts: 9763
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Is Linux Mint breaking the law?

Post by catweazel »

When you search the Web, within the results of your queries, advertisers pay search engines for clicks and impressions of ads and sponsored results. Some engines share that revenue with us and help keep Linux Mint free.
How do sponsors know that I'm using Linux Mint?
What information is collected?
How is the information used?
Do I have the option of preventing this information collection? If so, how do I prevent it?

There is a legal requirement in nearly all western, industrialised nations for information collection to be transparent, which means if Linux Mint is alerting sponsors to the fact that I'm using Mint and not being up front in telling me this then there is a high likelihood that laws in various countries are being broken. The fundamental question here is:

Is Linux Mint's transfer of information to sponsors transparent or not? And if not, what is going to be done about it?

Mint's web search engine web page (http://www.linuxmint.com/searchengines.php) only implies that information is being collected and used, and this is after the fact; that is, people find out about it only by trying to add a new search engine, and even then the collection and sharing of information is only implied, not stated, and the information they are given is totally inadequate to allow them to make informed decisions about their information. It is not sufficient to imply data collection and use, especially after the fact.

And finally, the reason for raising this issue:

Is there a risk to Linux Mint's revenue stream if Linux Mint is breaking the laws of various countries by not stating upfront anything about the information being collected? If so, what is the nature of that risk and how can it be avoided?

For those who don't understand the issue, this is not about "supporting Linux Mint" or "getting a liitle bit of revenue for Linux Mint." It's about privacy and knowing what information is collected, how its used, how its collection can be prevented, and people being made sufficiently aware so they can make informed decisions about their participating in the scheme or not.
"There is, ultimately, only one truth -- cogito, ergo sum -- everything else is an assumption." - Me, my swansong.
TheMTtakeover

Re: Is Linux Mint breaking the law?

Post by TheMTtakeover »

If you are that worried about informationg being collected about you, then I would advise that you stop using the internet also stop driving because they might catch you a camera somewhere.
User avatar
catweazel
Level 19
Level 19
Posts: 9763
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: Is Linux Mint breaking the law?

Post by catweazel »

TheMTtakeover wrote:If you are that worried about informationg being collected about you.
I didn't say I was, and the questions are valid. Nevertheless, thanks for trying.
"There is, ultimately, only one truth -- cogito, ergo sum -- everything else is an assumption." - Me, my swansong.
bimsebasse

Re: Is Linux Mint breaking the law?

Post by bimsebasse »

FBI record all your browsing history so it can be used against you should the need arise. If you break the law at some point, or become an enemy of the state, the feds will know that you a rainy night in 2011 spent 10 minutes looking at lolcats, an hour on IMDB looking up everything Bill Murray has been in and finally half an hour shopping self-help books on amazon, from that point there will be no turning back for you.
sanda

Re: Is Linux Mint breaking the law?

Post by sanda »

How do sponsors know that I'm using Linux Mint?
Regardless of the O/S your are using, and regardless the web browser...
By convention, with each http request, web browser sends a "http-user-agent" header
see: http://en.wikipedia.org/wiki/User_agent

Beyond the above, the "Mint search enhancer" browser plugin
(only when your browser requests search results, and only for selected search engine sites)
appends "&s=mint" (or somesuch "partner" identifier pair)

I'm fanatical about privacy, but after dissecting the plugin code (and the other pre-installed /skel and /opt Mint-isms)
I found nothing added by Mint which might serve as a "personally identifying" GUID.
In fact, to the contrary... the Mint-isms may have a slightly anonymizing effect.
I've always "figgered" that the web browser clientid and/or install date timestamp could be used
by mozilla.org (if firefox) or Google (if Chrome/Chromium/etc) as a unique fingerprint.
As I recall, the pre-installed firefox in Mint bore an install date timestamp reflecting the day of the distro release
(would be same, identical, across all all users of that particular distro).
-=-
If or when you perform an update (browser version, install/update addons from mozilla.org) I suspect that interaction generates/freshens a fingerprint ~~ but, if that's the case, that's an issue 'tween you and mozilla.org, not 'tween you and the Mint organization.

=====================

Upfront, the devs announced/explained "search enhancer" and partnership with search engine site(s) as a feature of the distro (the Mint distro I installed). I don't know where-all you (or the laws of a given country) would expect such an explanation/disclaimer to be redundantly repeated (? every time browser starts? every time linux session starts? every time "s=mint" gets appended to a search request url?)... but, no, I doubt their implementation "is breaking laws".
User avatar
catweazel
Level 19
Level 19
Posts: 9763
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: Is Linux Mint breaking the law?

Post by catweazel »

I don't know where-all you (or the laws of a given country) would expect such an explanation/disclaimer to be redundantly repeated (? every time browser starts?
Who said it should be repeated? Once, upfront is enough. That said, the rest of your response was interesting. Thank you.
"There is, ultimately, only one truth -- cogito, ergo sum -- everything else is an assumption." - Me, my swansong.
User avatar
xenopeek
Level 25
Level 25
Posts: 29459
Joined: Wed Jul 06, 2011 3:58 am

Re: Is Linux Mint breaking the law?

Post by xenopeek »

I'll add my 2 cents to the in depth answers already provided by sanda.
TehGhodTrole wrote:How do sponsors know that I'm using Linux Mint?
The URL that is used to go to the search engine (from the Firefox awesome bar or search box) contains a parameter to indicate to the search engine provider that any advertisement revenue from this search session is to be shared with the Linux Mint project. For example for DuckDuckGo the parameter "t=lm" is added to the default DuckDuckGo URL. For Yahoo! the parameters "hsimp=yhs-linuxmint&type=__alt__ddc_linuxmint_com" are being added to the default Yahoo! partners URL.

You can see this information when you are doing a search, as the URL containing these parameters is displayed in the address bar.
TehGhodTrole wrote:What information is collected?
How is the information used?
Do I have the option of preventing this information collection? If so, how do I prevent it?
Linux Mint does not collect any information on your searches. What information may be collected by the search engine providers, how it is used, and how you can prevent collection of that information, should be answered on their website. For example, for DuckDuckGo see https://duckduckgo.com/privacy.html. Or for Yahoo! see http://info.yahoo.com/privacy/.

If you don't want the search engine provider to know you are using Linux Mint you can easily replace the Linux Mint provided search engines. For example from Mozilla's Mycroft Project page: http://mycroft.mozdev.org/search-engines.html.

Note that any website can gather information from your browser that can be used to deduce what operating system you are using. You can see what information websites can gather on EFF's Panopticlick's page: https://panopticlick.eff.org/.
TehGhodTrole wrote:Is there a risk to Linux Mint's revenue stream if Linux Mint is breaking the laws of various countries by not stating upfront anything about the information being collected? If so, what is the nature of that risk and how can it be avoided?
Linux Mint is not collecting any information on your searches, and is sharing on its website which search engine providers are sharing advertisement revenue to the Linux Mint project. Compliance with international and local laws is handled by the search engine providers.

I hope this answers your questions and concerns.

To those concerned about how their privacy, or about filter bubbling, Linux Mint wholeheartedly recommends using DuckDuckGo.
Image
User avatar
catweazel
Level 19
Level 19
Posts: 9763
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: Is Linux Mint breaking the law?

Post by catweazel »

xenopeek wrote:I hope this answers your questions and concerns.
Yes, it does, very well indeed. Thank you.
"There is, ultimately, only one truth -- cogito, ergo sum -- everything else is an assumption." - Me, my swansong.
pickles99

Re: Is Linux Mint breaking the law?

Post by pickles99 »

On the Cinnamon desktop there is a 'Privacy' application where you can turn off Recording.

Why is this application there to record things? It can be toggled off and on as well as click which things can be recorded.

I am curious why this was included with Mint?
User avatar
xenopeek
Level 25
Level 25
Posts: 29459
Joined: Wed Jul 06, 2011 3:58 am

Re: Is Linux Mint breaking the law?

Post by xenopeek »

pickles99 wrote:On the Cinnamon desktop there is a 'Privacy' application where you can turn off Recording.

Why is this application there to record things? It can be toggled off and on as well as click which things can be recorded.

I am curious why this was included with Mint?
This is a Ubuntu application and is included with Linux Mint because it is based on Ubuntu. The privacy manager manages the Zeitgeist event logger. For more info, see: http://www.h-online.com/open/news/item/ ... 68182.html.

This is not related to OP's question, so please move further discussion about Zeitgeist or Ubuntu's privacy manager to a new topic.
Image
pickles99

Re: Is Linux Mint breaking the law?

Post by pickles99 »

sanda wrote:
How do sponsors know that I'm using Linux Mint?
I found nothing added by Mint which might serve as a "personally identifying" GUID.
What do you think about Linux starting to use UUID's for hard drives?

The software by default now takes your communications card permanent MAC address as well as the date/time to create a UUID for your hard drives when they are setup.

So to track people they have the permanent MAC Address card, and now Linux has the UUID's of the hard drives. There are many personnally assigned ID's for tracking purposes.

I don't agree with the way Linux has headed with assigning UUID's to hard drives. Zeitgeist is a whole nother bad can of worms, which Cinnamon fully integrated with a graphical interface you click on "Privacy".

Linux Mint needs to explain what they are doing with the saved Zeitgeist data. It is clearly going somewhere's otherwise that application would not be there. It serves no purpose for users.

Someone should really look to see if Zeitgeist is indeed illegal.

Somebody also found out Pidgin's password is saved in plain text in the home folder. I already removed it, others should look to see if that's is true.
User avatar
xenopeek
Level 25
Level 25
Posts: 29459
Joined: Wed Jul 06, 2011 3:58 am

Re: Is Linux Mint breaking the law?

Post by xenopeek »

Locking this topic, as OP's question has been answered to OP's satisfaction.

pickles99 ease up on the paranoia. UUIDs for ext2, ext3, and ext4 filesystems (the default for Linux Mint installations is ext4) are generated with UUID version 4, based solely on random numbers (https://en.wikipedia.org/wiki/UUID#Vers ... 8random.29). You can audit this in the source code: https://git.kernel.org/?p=fs/ext2/e2fsp ... 656536a4fd. The fall back of basing the UUID on the MAC address is there only for when your installation doesn't have the /dev/urandom file. Linux Mint has this file.

Regardless of that, your UUIDs or Zeitgeist data only serve a purpose on your computer and aren't transmitted to the Linux Mint project. UUIDs are used as a robust way to uniquely identify storage devices on your computer, as the device name notation used previously is dependent on to what port the storage device is connected and in which order the BIOS detected it during boot (so a device name may differ from one boot to another).

The Linux Mint developed software is open source, and as such available for auditing (https://github.com/linuxmint) should you remain concerned and think that there is malicious intent to be found with the work the Linux Mint developers and volunteers are doing.
Image
Locked

Return to “Chat about Linux Mint”