A new search feature that debuted in the beta of Ubuntu 12.10 has many users concerned for their privacy, despite a blog post from Canonical founder Mark Shuttleworth intended to assuage such fears.
The feature in question displays search results from Amazon alongside results from the user's computer in the main search lens. Users have questioned its utility and raised the possibility that Amazon could track those search results. Shuttleworth wrote on Saturday that "we are not telling Amazon what you are searching for," and that Canonical's own servers are the ones that will handle the search traffic.
However, two analyses using Wireshark - an in-depth network monitoring program - have revealed that the search lens in question does, in fact, communicate with an Amazon server when queries are typed in, undermining the Canonical founder's claim.
The author of one of the articles, McGill University computer science student Etienne Perot, says that Shuttleworth's statement "Don't trust us? Erm, we have root" prompted him to delve more deeply into the search feature.
"This is a dangerous argument to make; it's technically true (through Ubuntu's update mechanism), but it's not something you -- as the man with arguably the most influence on the project -- would want to use as an argument in a discussion about a controversial matter affecting your own user base," Perot said via email.
His analysis found that, while Amazon doesn't appear to be directly collecting search information, the fact that the Ubuntu feature apparently loads thumbnail images from an Amazon server means that logging request information could reveal quite a lot about a searcher.
Open-source evangelist Benjamin Kerensa reached a similar conclusion from his own experiment with Wireshark, finding that his computer connected directly to Amazon's servers when he used the new search feature.
Beyond the issue of privacy, users on Ubuntu's bug reporting system have slammed the Amazon integration as invasive, with many saying they don't want to be shown product offers by default. Others questioned why the feature is active by default, with no obvious way to deactivate it.
Sign up for CIO Asia eNewsletters.