UT is calling "Home"

  • In the year 2015 I bought two e4.5 but the disillusion came soon when I noticed that I had to register at ubuntu store even to install a simple email app! After an update the screen of one e4.5 didn't work any more and I switched to CM/LOS.

    A few weeks ago I noticed that Canonical terminated UT 2017. So now I am testing again UT and must notice now, that as soon as I boot a device it is still calling home to Canonical! My pihole shows connections to ntp.ubuntu.com and start.ubuntu.com.

    I can understand, that a device without SIM is connecting to a NTP Server, but debian for example connects to pool.ntp.org. So there is absolutely no need to show Canoncial when I connect my device to the internet!

    The connection to start.ubuntu.com is possibly a connectivity check? Although here there is absolutely no need to contact Canonical! Maybe the connection to pool.ntp.org could work as a connectivity check? But I don't understand, why it is needed at all.

    For now I will block these pages in my pihole ...

  • @herr-b
    Do you think canonical is devil?

  • Its a matter of privacy by design and informational self-determination. I want to decide who gets which data from me. I don't want to check every background connection, weather the website or company behind is "devil" or not.

    In fact as I wrote above it was a big disillusion for me, when I noticed that Canonical made the same "mistake" as google or apple with its UT store. I also uninstalled Ubuntu from my PC's.

  • @herr-b Canonical are what they are, a commercial company, with open source values.
    Now without them, we would not have uTouch and should stick to androïd or ios.

    So, yes, they are not perfect, but thank to them, and sure, thanks to ubports since 2017, we have a full fonctionnal GNU/L smartphone OS since 5 years now.

    Anyway, to go back to the point of this topic, if you installed ubports uTouch version, yous should not worry about caconical knowing you connect to internet as, i think, ubports don't send private data to them.

    But yes, ubports could cut all wire between uTouch ubports version and canonical whatever servers.

  • This post is deleted!

  • After a quick search changing url should be very easy: https://github.com/search?q=org%3Aubports+"start.ubuntu.com"&type=Code and https://github.com/search?q=org%3Aubports+"ntp.ubuntu.com"&type=Code

    I agree with @Keneda canonical can't be compared to google or apple
    But I agree with @herr-b no need to continue to call these url if something else more appropriate exist.

    @herr-b Can you open an issue with better alternative in https://github.com/ubports/ubuntu-touch/issues ? The community will really appreciate your iniciative because we are all here to make ut better 😉

  • I dont see the difference between using ntp from ntp. org or canonical.com. Why do you trust ntp.org more? They could be as evil as Canonical.

    The connectivity check is needed because how on earth you know that you are connected with "the internet" otherwise?
    We could do connectivity check against other URLs, but it needs to be a bigger player that has a redundant, multi-server solution thats best hosted in multiple geographies.
    If we would rely on "my-small-private-server.org" and that server goes down, all devices think there is no internet? No thats not good.
    So, fact is, a bigger company is also being not trusted for their handling with data, I get this. But in this case its a simple HTTP GET request to check if its 200 OK. Cmon, there is no data inside.

    BR Florian

  • You can try yourself, open your browser on http://start.ubuntu.com/connectivity-check.htm and you will see its a very simple page.

  • Also keep in mind that this OS is called Ubuntu Touch for a reason, we make no secret out of the fact that we like Ubuntu and we have a good standing with Canonical. If you dont agree with that nobody forces you to use it.

  • NTP: Behind https://en.wikipedia.org/wiki/NTP_pool there doesn't seem to be a company behind? If a company is behind you never know, what they do with the data. Maybe today they do nothing with it, only waste energy and disk space collecting it? And what is technically possible tomorrow? So there is no need to generate this data at all.

    Captive Portal Check: On my Android devices I deactivated it and I didn't find out what is missing? So I still do not know why it is needed. I have read something that it is necessary for some recognition of wlan-hotspots (page in german: https://www.kuketz-blog.de/empfehlungsecke/#captive-portal). If I could deactivate it on UT, I would do it. Maybe it could be integrated in the system settings to activate or deactivate it? In that case standard should be "off".

    OT: So I understand, that if I use LibreOffice, I have to be a friend of SUN or Oracle because StarOffice was originally written by them? Yes I appreciate that Canonical developed UT but I appreciate also the use of free software.

  • @herr-b said in UT is calling "Home":

    Yes I appreciate that Canonical developed UT but I appreciate also the use of free software.

    Then I suppose you can appreciate that you can also open issue reports on GitHub/GitLab against the relevant components, and even make merge requests to change things. UBports is a small foundation with only a few core developers, attempting to maintain a very large product. We can't fix every tiny thing that every person wants to be overly pedantic about, all the time. It requires people in the community to also contribute changes if they want things changed, sometimes.

  • I opened this thread to see, if I should open an issue report on GitHub/GitLab, because I don't want to open issues, that are not handled. Looking through the answers above, I notice that this point attracts mainly negative feedback.

  • @herr-b It is not the issue you are adressing that has attracted the negative reactions, but the tone of your original post (which seems to have dissapeared? edit: this seems to be an issue with the webapp I am using) It came across as extremely condescending.

    If however you would be willing to open an issue, or better yet, submit a PR, keeping @Flohack's comments in mind. I think the issue would be given the consideration it deserves.

  • I know, objective discussion in written words is difficult, specially English is not my mother tongue. What I also notice is, that I have a different sense concerning privacy issues. In my opinion UT has to consider privacy issues, because there a many people searching for an alternative to the big companies. As soon as they can use UT on their main phone, number of UT users will increase. Unfortunately I am not a software developer, so I cant contribute with code. I really dont want to waste the time of software developers from improving UT/apps.

  • @herr-b We very much do consider privacy issues, however privacy is not simply a binary thing. It is a sliding scale, and simply because one person may consider one thing a privacy issue, does not mean it is for everyone. And such things as you are complaining about here are not so clear cut to be privacy issues either.

    There is no personal info being sent to the NTP server, nor to the connectivity check that the push notifications client performs.

  • @herr-b Well ultimately everything that runs on electric power and silicon will require money. I see the problem in the internet today that everybody wants everything for free and it must be also perfect, always available etc. It´s no wonder that companies try to sell metadata while fulfilling the wish of the users.

    Ask yourself, how much money would you spend if every and all services you use everyday would be charged? The NTP server? 1 cent/query. Weather forecast? 5cents. Google search? 15cents-20cents per query. And if you have typed in the wrong word, you will have to pay again. But this will mean the end of the internet as we know it, unfortunately. People wont use it if they see those prices.

    You can see how the newspapers struggle: They now offer ePaper magazines, but nobody wants to buy them. They put ads on their frontpages, people complain and use ad blockers. But cmon, someones has to actually work hard to get this out to the people.

    Soon we wont have any normal newspapers anymore. Just crap sites on the internet. Information freedom does not mean free as in beer. So what are we going to do about this?

    Nothing is for free in life, thats clear, but some people seem to think that this is possible, that all others will happily work for them, at no charge, at any time.

    So to say, you dont trust companies, what they will do with your data, can only apply to the fact that you are greedy and don´t want to pay them enough money for their service. For a company there is no reason to sell your data anymore if they get enough income from you. Since it requires a lot of provisions and tools to harvest data, store it, and then sell it. It´s easier to charge you directly 🙂

  • There is no personal info being sent to the NTP server, nor to the connectivity check that the push notifications client performs.

    @dobey according to the European Court of Justice the IP address is personal data.

    @Flohack I think financing UT or newspapers is a different topic, so in this case OT ... this thread is dealing about https://en.wikipedia.org/wiki/Privacy_by_design and https://en.wikipedia.org/wiki/Informational_self-determination and I think the expectations on UT regarding these topics are present.

  • Well said Flohack. It is unfortunate we have evolved into a society which expects everything to be free of cost and instantly available. Nothing in life is free.

  • Now I understand, maybe you are confusing free of charge with free like freedom? If you want to discuss about money, possibly this thread would fit better? https://forums.ubports.com/topic/4650/online-donation-platforms.

    So please stick to NTP connections and Connectivity Check.

    I add a new question: Is it possible to deactivate the Connectivity Check manually?

  • @herr-b No its not possible so far. Its used by mainly the push client to see from time to time if it needs to re-register on the push server. Doing this just so will increase the load there, as it will send many unnecessary request for keep-alive when still all is fine. Also, having a minimal call like this will make it possible for Apps to know if they must show the user "Not connected to the Internet" messages in the future (this part is not yet implemented, Morph Browser will be a candidate for this).

    Why is this important? Many public and hotel WiFi Networks inject a "Terms of Service" page where you must agree to their conditions. Paid WiFi wants you to subscribe etc. In other words, just being connected to a WiFi does not mean we are connected to the internet. They do this by redirecting any http request to the WiFi router. Sometimes they even hijack https with a forged certificate. Well thats questionable ofc.

    To prevent a bad user experience its common sense these days to do a connectivity check and tell the user early: "Hey you are in a network and DNS might even return IP addresses but because they are not reachable I can´t do x for you". Otherwise you can never know is the server down, not reachable, or the local WiFi just not working etc.

    Also a problem with "connectivity checks" is that every App can implement them if they wish. So, even if we block the one from the push client you have no guarantee that you do not leak those requests. God knows what people will put in their apps. You can only try to trace this with a packet sniffer like Wireshark. UBports can and will not review all the Aps in the Openstore for such leaks.

Log in to reply