TR Forums

Now Ubuntu is guilty of including malware disguised as an innocent-looking feature known as Zeitgeist. It keeps track of way too many things, and is part of the Unity desktop. And apparantly is or will be part of Gnome 3 as well. It keeps track of usage patters, instant messages, and such. I moved away from Windows because it had become a piece of Malware on it's own, and now this! Anyone in doubt can google it. Removing zeitgeist cripples Unity, and I suppose would do the same to Gnome 3. I know there are other desktops out there, but shouldn't the Linux community have seen this and objected to it?

All I'm hearing here is "derp", and I suggest your doctor up your medication.

It's a central database for search and metadata. This doesn't go off to Ubuntu Central Command so they can sell your info to the highest bidder, sonny.

You're a new user, so I hope you're just trolling.

I guess I don't know enough about the feature to comment in depth, but it looks to me like it is a fancy way of storing and indexing a history of what you've done on the computer, to make it easier to find things related to a given task. Provided that this information is kept private, I don't see what the big deal is. As long as the data being gathered isn't made public without your consent, how is this malware?

Depending on how much system resources it consumes, you might have a case for calling it *bloatware*... but malware implies malicious intent, and I don't see how Zeitgeist could be considered malicious.

http://en.wikipedia.org/wiki/Zeitgeist_%28framework%29 Look at this and don't tell me that this could not be a security and privacy concern with use of application which DO submit data offsite, and is easily exploitable with a malicious Java script or applet combined with an application which also has security holes.

Your web browser already stores a history of the sites you visit and caches files you've accessed. Do you consider your web browser to be malware too?

But zeitgeist keeps track of pretty much everything you do in the Operating System, which should be a HUGE security concern for anyone who uses the GUI on a regular basis.

If someone has planted malware that is stealing private info from your computer, Zeitgeist is the least of your problems. Your web history, e-mails, and chat logs are probably *already* being stored regardless; all Zeitgeist does is index them.

Or to look at it another way: How is someone stealing a history of what files you've opened on your computer any worse than stealing the files themselves? You're *already* screwed -- your computer has been broken into!

The name alone concerns me as it means "the spirit of the times"; does that imply they are going to be collecting "anonymous" usage data in order to "provide a better user experience" based on how people use it? Initially, that's how such things are usually framed. "Oh, it's all anonymous and it's for your benefit." People become complacent with such an explanation but before you know it they start amending the program with each generation grabbing more and more data. At first there will be an option to turn it off but it will still come with it on since most people won't even know it's there. Then it will, little by little, become an integrated, mandatory component of the UI and soon you won't be able to turn it off. I think the OP has a legitimate concern.

None of the info I've been able to find says that any of the data collected leaves the machine. Until someone provides a credible link that indicates otherwise, I'm filing this under "paranoid hysteria".

AFAICT it is no more evil than your web browser keeping a history of the sites you've visited.

...and if you're going to complain about names, the title of this thread is horribly misleading.

No credible link is needed, and it is not paranoid hysteria. This is called connecting the dots. Detectives do it, FBI officials do it, just about everybody who has ever been a name in history has done it. Anybody who has ever founded a successful business, or has ever been in politics knows what I am talking about. What has made Ubuntu more successful than any other Linux distro? Was it the freely shipped cd's? That was part of the plan. Was it the ease of use? That sure made a huge difference. Is it because Mark Shuttleworth has been backing the whole thing? Your getting much warmer. I can go on, but this thread is going to be locked, or even deleted, because big business hates individual privacy. Put a frog in a pot of water, and slowly turn up the heat. He won't even realize it until it's too late.

strongbadburg wrote:

it is not paranoid hysteria
...
I can go on, but this thread is going to be locked, or even deleted, because big business hates individual privacy.

Heh.

Taking your argument to its (il)logical conclusion, we should never store any sensitive personal data in our computers, because someone might be able to steal it.

Edit: And since when is Canonical and/or GNOME lumped in with "big business"? Canonical has less than 500 employees, and has yet to turn a profit; the GNOME Foundation is a non-profit.

strongbadburg wrote:

No credible link is needed, and it is not paranoid hysteria. This is called connecting the dots. Detectives do it, FBI officials do it, just about everybody who has ever been a name in history has done it. Anybody who has ever founded a successful business, or has ever been in politics knows what I am talking about. What has made Ubuntu more successful than any other Linux distro? Was it the freely shipped cd's? That was part of the plan. Was it the ease of use? That sure made a huge difference. Is it because Mark Shuttleworth has been backing the whole thing? Your getting much warmer. I can go on, but this thread is going to be locked, or even deleted, because big business hates individual privacy. Put a frog in a pot of water, and slowly turn up the heat. He won't even realize it until it's too late.

Insanity++

strongbadburg wrote:

No credible link is needed, and it is not paranoid hysteria. This is called connecting the dots. Detectives do it, FBI officials do it, just about everybody who has ever been a name in history has done it. Anybody who has ever founded a successful business, or has ever been in politics knows what I am talking about. What has made Ubuntu more successful than any other Linux distro? Was it the freely shipped cd's? That was part of the plan. Was it the ease of use? That sure made a huge difference. Is it because Mark Shuttleworth has been backing the whole thing? Your getting much warmer. I can go on, but this thread is going to be locked, or even deleted, because big business hates individual privacy. Put a frog in a pot of water, and slowly turn up the heat. He won't even realize it until it's too late.

I suppose i'd just say "since it's open source, and neck bearded linux lovers are often paranoid, don't you think somebody would just LOOK at the source code?"

sweatshopking wrote:

I suppose i'd just say "since it's open source, and neck bearded linux lovers are often paranoid, don't you think somebody would just LOOK at the source code?"

I don't think he's claiming that Zeitgeist is *intentionally* stealing user data. AFAICT he just has a problem with the fact that something is gathering usage data and history -- even if that history is only stored/used locally -- because someone could in theory steal that history data once it has been gathered.

If "they" can steal the history data, they can probably steal anything else on the computer too, which is potentially much worse. Game over. This is why I find this whole thread silly.

There's *already* a history of most of your activities stored in your computer. Web history, e-mails, chat logs, web caches, cached thumbnails of photos you've viewed, etc... it just hasn't been correlated and indexed. How is someone potentially stealing an index of this data so much worse than potentially stealing the data itself?

Since when is concern over the implementation of information aggregators a negative? We should all be concerned when our data is being indexed and archived. The big differences between a browser history and this is the fact that the browser keeps tabs only on itself not the whole OS, the browser history can be turned off without affecting the browser's functionality and the browser isn't an integral part of the OS.

At first, no data will be shared, but little by little things can be changed and small additions added to the "functionality" of Zeitgeist, always framed in out best interest, of course. Government and industry violate our privacy wholesale when they can get away from it (iPhone GPS tracking) or in increments small enough to swallow without inciting revolt (Windows Genuine Advantage). Here the concern is that this is simple and innocuous but can become not so innocent over time. And now with the NSA getting its nose into operating systems and the Web, we should all be concerned where things like Zeitgeist might lead.

It also doesn't help that they named it after an Illuminati plan for world domination and control that parallels the UN's Agenda 21.

Turning off information tracking in a browser does limit it's functionality. How else are features supposed to work if you disable significant portions of code that make them possible? If you think the features are worth the potential consequences of their nature (as is the nature of Zeitgeist and related Unity features) then use the features. If you don't then disable the features, which may require the use of a different desktop environment. It's a trade off, the rest of us are just going to not get over dramatic about this. There's a big difference between questioning the ramifications of a feature and going off the deep end like the OP seems to have done.

My RAM secretly reads information off my computer to "make my computer run faster". Bull. How do I know that the RAM isn't going to start sending all its memory information to Corsair's HQ in the future? /sarcasm

You are welcome to remove zeitgeist and partially cripple your system. You could move to Windows or Mac too if you wanted, although they have software that does the same thing, and if there's a company you can't trust, it's Apple or Microsoft. So the only move that will satisfy your threshold for what's a privacy concern is to stop using computers entirely.

As everyone here is saying, the software just indexes information on your OS to improve your experience. It doesn't send it off anywhere else. And if you're worried it does or will, check the privacy policy, etc. Web browsers do the same thing, as does many other pieces of software. In fact, most websites are taking information from you too. Your IP will be known everywhere you go on the interwebz, and there are trickles of information we can get from that - including a relatively accurate latitude & longitude of your house.

Welcome to technology!
-Rhys

What's even crazier about this thread is we're talking about open source software...

Skrying wrote:

What's even crazier about this thread is we're talking about open source software...

So that means you volunteer to go through the Zeitgeist code line by line to see if it's doing anything shady, including all future versions? Wow! Thanks!

bdwilcox wrote:

So that means you volunteer to go through the Zeitgeist code line by line to see if it's doing anything shady, including all future versions? Wow! Thanks!

I'm not the paranoid one. But if you are paranoid then you're more than welcome to go see if it was justified.

bdwilcox wrote:

Since when is concern over the implementation of information aggregators a negative?

It is definitely a concern if the information will be used non-locally. AFAICT that is not the case here. If that comes to pass, *then* there will be cause for concern.

bdwilcox wrote:

We should all be concerned when our data is being indexed and archived. The big differences between a browser history and this is the fact that the browser keeps tabs only on itself not the whole OS, the browser history can be turned off without affecting the browser's functionality and the browser isn't an integral part of the OS.

If you're that paranoid about the indexing feature, and disabling it fatally cripples the desktop (this also remains to be seen), don't run Unity or GNOME. KDE will still be supported on Ubuntu going forward; XFCE and LXDE are options as well.

bdwilcox wrote:

At first, no data will be shared, but little by little things can be changed and small additions added to the "functionality" of Zeitgeist, always framed in out best interest, of course. Government and industry violate our privacy wholesale when they can get away from it (iPhone GPS tracking) or in increments small enough to swallow without inciting revolt (Windows Genuine Advantage).

The difference here is that iPhone and Windows users had no choice in the matter. There are a number of other choices for desktop environments on Linux. Futhermore, GNOME is a community-driven Open Source project. If a new feature raises genuine privacy issues, and in the (IMO unlikely) event that the GNOME Foundation refuses to address said issues, the project will fork.

There are multiple examples of major projects forking throughout the history of Open Source. To give just one recent example, Oracle pissed off the OpenOffice developer community; so the developers took their ball and left (and now we have LibreOffice, which is essentially OpenOffice minus Sun/Oracle's management).

bdwilcox wrote:

Here the concern is that this is simple and innocuous but can become not so innocent over time. And now with the NSA getting its nose into operating systems and the Web, we should all be concerned where things like Zeitgeist might lead.

NSA getting involved in Windows does concern me a little bit. Yes, MS probably could've used some help getting the security right; but how do we know the NSA didn't leave any back doors? NSA has been involved in Linux development as well, but at least with Linux all of the source code is available to be examined so putting in a back door that will remain undetected for any length of time is much more difficult.

bdwilcox wrote:

It also doesn't help that they named it after an Illuminati plan for world domination and control that parallels the UN's Agenda 21.

OK, now we're going off into silly-land again...

bdwilcox wrote:

Skrying wrote:

What's even crazier about this thread is we're talking about open source software...

So that means you volunteer to go through the Zeitgeist code line by line to see if it's doing anything shady, including all future versions? Wow! Thanks!

*Someone* will do it. That's the point. People also look at their connection logs, to see what sites their computers connect to; anomalous traffic would be noticed.

If you're going to take things to this level of paranoia, then no part of your system can be trusted. How do you know your browser isn't secretly sending copies of your browsing history to DHS? Or that your e-mail client isn't BCCing the FBI copies of every e-mail you send and receive? Or maybe that Chinese motherboard has a keylogger hidden in the BIOS, and is skimming passwords and credit card numbers to send to the Russian Mafia.

Y'know what I think is a *far* bigger privacy threat than any desktop indexing feature could *ever* be? The move to "the cloud". People are storing their digital lives online... on someone else's server... "out there" somewhere, in a nameless data center that could be across the street, or on the other side of the world. Managed by a company that's probably making money off of your usage habits by selling targeted demographic data to advertisers. *That's* a privacy issue!

bdwilcox wrote:

Skrying wrote:

What's even crazier about this thread is we're talking about open source software...

So that means you volunteer to go through the Zeitgeist code line by line to see if it's doing anything shady, including all future versions? Wow! Thanks!

As JBI and others have stated the information alone stored between the browser and the amount of data that's transferred doing basic browsing would give most people pause. Then again so does your mobile phone. Windows transfers quite a bit and that does get back to MS. Hell if you do online transactions of any kind all of that is stored remotely and it's no where near secure as most people have found out (ala Sony).

Zeitgeist is very powerful and as a result tracks a lot of usage patterns. Then again anything like it would.

...aaaand people who ought to know better are arguing with conspiracy theorists.

Does any conspiracy theorist ever think the conspiracy is for the best?

Maybe I ought to start a group of conspiracy-positive theorists...

strongbadburg wrote:

http://en.wikipedia.org/wiki/Zeitgeist_%28framework%29 Look at this and don't tell me that this could not be a security and privacy concern with use of application which DO submit data offsite, and is easily exploitable with a malicious Java script or applet combined with an application which also has security holes.

Pro tip:
- My fiancee knows my social security number. That could be a security and privacy concern.

Granted, I trust her more than I'd trust a Malwareous Monotreme, but you'll have to be more persuasive if you want to get me running for the hills.

strongbadburg wrote:

Now Ubuntu is guilty of including malware disguised as an innocent-looking feature known as Zeitgeist. It keeps track of way too many things, and is part of the Unity desktop. And apparantly is or will be part of Gnome 3 as well. It keeps track of usage patters, instant messages, and such. I moved away from Windows because it had become a piece of Malware on it's own, and now this! Anyone in doubt can google it. Removing zeitgeist cripples Unity, and I suppose would do the same to Gnome 3. I know there are other desktops out there, but shouldn't the Linux community have seen this and objected to it?

Most people don't object to it because they realize it really isn't a problem. It's not doing anything harmful to your computer, and it's really not compromising your private information in any way. It's simply indexing information that is already there. Anyone who has access to your machine that allows them to see this indexed information already has access to your machine; the index is really the least of your worries at that point. "They" are going to be interested in accessing your personal information; knowing when and how you accessed your information really isn't that useful in comparison.

strongbadburg wrote:

Now Ubuntu is guilty of including malware disguised as an innocent-looking feature known as Zeitgeist. It keeps track of way too many things, and is part of the Unity desktop. And apparantly is or will be part of Gnome 3 as well. It keeps track of usage patters, instant messages, and such. I moved away from Windows because it had become a piece of Malware on it's own, and now this! Anyone in doubt can google it. Removing zeitgeist cripples Unity, and I suppose would do the same to Gnome 3. I know there are other desktops out there, but shouldn't the Linux community have seen this and objected to it?

Malware? Are you a penetration tester, hacker, or working in the computer security field? How can you make such claim?

...Talk about an exaggeration beyond mass proportions!

Has it in any way compromised your data, by sending it out to a third party without warning you?
Has it caused your system to mis-behave in any way, shape, or form?
Has it destroyed or modified any of your personal data?
Is it impossible or difficult to remove?

...And before you continue in your foolish, ignorant behaviour of FUD; I have done a network analysis (via Wireshark) on a 11.04 box to see if anything comes out. Nothing. It doesn't send any data out. It doesn't dial back home to Canonical servers, so your private collection of porn viewing habits is safe.

I've just ran through zeitgeist code. Its nothing but a bunch of Python scripts that call upon sqlite3, logging, dbus, etc for indexing purposes. I don't see any code involving malicious activities against the system.

Could it be used against you? Sure, but your system needs to be compromised first. Hell, I can use your hammer against you by getting it out of your toolbox and smash you with it. But I won't be able to if you keep your toolbox locked and away from my reach.

You're going to have to realise the more eye candy and funky features people demand in computing and other technological devices; the more its going to open up all sorts of things in terms of security.

If you don't like it; Uninstall it and use something else. That's the beauty of Linux. You at least have a choice. (Something you can't easily do with real malware or certain elements of Windows you don't agree with.)

You should worry more about Adobe Flash, Adobe Reader, Sun's Java Runtime Environment, etc. Those types of solutions allow one to see lots of interesting things about your system and make excellent malware vectors. (They're good for working around Windows's security mechanisms like DEP, ASLR, etc.)...You should also be worried about search engine, email, social networking, mobile phone, etc providers. They use your habits and data for third-party ads and marketing information. They even openly admit it in their privacy terms!

This is why I don't use Ubuntu. I stick with Debian and Xfce desktop environment...Its more work to set-up at the beginning, but at least I can control exactly what's being installed from the start by installing the core bits and then only adding what I need and use.

stmok wrote:

... This is why I don't use Ubuntu. I stick with Debian and Xfce desktop environment...Its more work to set-up at the beginning, but at least I can control exactly what's being installed from the start by installing the core bits and then only adding what I need and use.

FWIW you can do essentially the same thing with Ubuntu, by using their "alternate" or "server" install images. But that sort of nullifies one of the reasons for going with Ubuntu in the first place (ease of setup).

Where this gets interesting to me is that we are in the age of community being promoted as a desired state.

Used to be, back in the dimdarks, members of a small community knew just about everything about their neighbors. You can't hide much when living in close proximity with thin walls ... And the guy running the general store knew your purchase history and preferences and financial situation quite well, thank you. This was held as a 'good thing' because it meant safety, security, and convenience.

I just saw a story about how Italian and Californian researchers are creating peer networks for vehicles on the road. When one gets into a crash, the news propagates so others can avoid joining in on a pile up. Again, community knowledge for safety and convenience. And that doesn't get into modern cars that will adjust seats, pedals, mirrors and other things when the determine who is getting into the driver's seat.

Then you can look at what people are sharing online at social media sites.

The problem with all of this 'privacy paranoia' isn't who (or what) knows your secrets but rather what they do with it. That is why identity theft is being used to scare people into paying money for insurance and assurance and many laws have been passed.

The thing is, you are just one of many millions. Just what makes you so special that some "big evil corporation" is going to use information it can find out about you for some purpose that will harm you in some way?

Indeed, there are crooks and thieves and other such ilk. Always have been. That's why we have laws to go after them if they harm you. What's new?

Personally, I like it when the tools I use and the people in my closer circles know me and my preferences much as I know theirs. It greatly improves the interactions with them.