Ubuntu Is Removing "Popularity Contest" Package From New Installs

Originally published at: Ubuntu Is Removing "Popularity Contest" Package From New Installs - Front Page Linux

Thanks for the article about PopCon. I was under the impression that the information that it gave back to Ubuntu/Debian was more limited than you’ve explained. I’m appalled at the amount of information that is sent and the possibility for abuse. In my opinion, if they’re going to collect all this information on a regular basis, then the owner of the computer should be reminded on a regular basis, and given the opportunity to see what is sent and turn it off.

I no longer recall whether I opted-in to PopCon on all of my machines, but I know that my opinions about data collection have changed over the years. If someone were interested, they’d know a lot about when and where you use your computer, what applications you use, what libraries are installed, and if you use a vpn to mask your address.

A possible way to improve the article would be to include information about how to know if you opted-in, and how to opt-out again. Personally, I’m going to remove the package on my ubuntu based machines even though it also removes ubuntu-standard. I’m also going to remove ubuntu-report as discussed in this article:

How to stop ubuntu from collecting data about your PC

The point of the article is that by default PopCon sends absolutely nothing and I saw some articles acting like this is a removal of tracking people but they weren’t being tracked anyway without voluntary inclusion.

I think these articles about removing this “data collection” aimed at scaring people is very much misguided and is mostly “for clicks”.

Ubuntu 18.04 collects data about your PC’s hardware and software, which packages you have installed, and application crash reports, sending them all to Ubuntu’s servers. You can opt out of this data collection—but you have to do it in three separate places.

This linked article is quite flawed:

1. the command it tells you to run to stop ubuntu-report is exactly the same thing that ubuntu-report does automatically if you just say no in the installer. . . .aka this is a pointless thing to tell people to do. It accomplishes nothing.
2. removing popularity-contest is unnecessary because it doesn’t do anything by default
3. apport is only sending crash reports which is a good thing if people expect them to fix anything.

You are pointing out that no information is sent back if we just went with the default during installation. I think these articles are still useful because some people don’t remember what they chose during installation. Personally, I don’t remember if I enabled either of these programs during installation. As yet, I haven’t found a method of determining if they are active or not. . . . Okay, I only spent about 15 minutes searching with DuckDuckGo, so the answer is probably out there somewhere. By uninstalling the programs, I’m more confident that information isn’t going out without my knowledge.

Personally, I didn’t disable the crash reports, but there are good reasons to do so. No matter what operating system you use, crash reports can contain passwords and privileged information. If I was working with Top Secret information, or doing something seriously illegal, I’d look into disabling crash reports.

The reason I say this article is not useful is because it is telling you things that are incorrect.

1. ubuntu-report is the only thing you are asked about during install. If you say No then you have already have done the same thing they are telling you to run. There is absolutely zero value in running that command again. This is a pointless thing to tell people to do.
2. Users are not asked anything related to PopCon during install and never have been. If you did not manually activate it in your Software Sources Settings then it was never activated and there is no reason to bother with removing it. This is a pointless thing to tell people to do.
3. apport is for crash reports only and it has existed in Ubuntu for years, it wasnt until 20.04 that they turned it on automatically because they realized people just didnt care to send them. Prior it always popped up with messages like “crash detected” and then a thing to send reports but most people didnt send reports. If you look at the report the data is anonymized and only relevant to what the crash is about. It doesn’t send irrelevant data just stuff related to whatever crashed. This being removed is a pointless thing to tell people to do and arguably a negative thing to tell people.

So to recap:

1. if you said no then you already answered that and the command is pointless.
2. you were not asked about PopCon because they have never asked about PopCon so you didnt enable it because it didnt ask you. Therefore it is guaranteed disabled as that is the default setting.
3. there are not any good reasons to disable the crash reports because the crash reports apport sends DO NOT contain any passwords or privileged information. This is worrying about Canonical being a different company but they arent those companies.

Are you responding to this thread solely based on your understanding of Canonical Ubuntu distributions? I’ve used many OS versions on my machines. I can say for certain that the question about PopCon was asked during some of the installations, and sometimes I chose to enable it. I don’t recall if I was installing an ubuntu-based installation at the time. In my cursory search on the internet, I did not find a way to determine if I had enabled ubuntu-report or PopCon during installation. I suppose that I could have wiped my machines and performed a clean install - choosing not to allow ubuntu-report and PopCon. For me it was easier to uninstall the applications.

I do not share your level of trust in the people and organizations who might control the programs that collect data on our machines - or the people who might intercept that data. I do not believe that you can state for certain that a crash report for a communications program like Remmina or Thunderbird will not contain privileged information.

From what I’ve read in the security news, ‘anonymized data’ is usually not all that anonymous. I’ve reached the point in my life where I don’t like the idea of some business or government compiling data about me. I’m resigned to the fact that there’s no reasonable way for me to prevent it completely, but that doesn’t mean that I need to make it easy for them. I’m sure you’re familiar with the security principle of Least Privilege. Applying that principle to my computing choices means that I feel safer if I only install the programs that I actually use, and remove any bloat that I can. In my experience, this gives me the advantage of leaner, faster computing, with less disk utilization, lower memory requirements, and less time and bandwidth spent patching programs that I don’t need.

I suspect that I can’t convince you to be more concerned about safeguarding your privacy, and I’m okay with that.

The article I wrote is about Ubuntu’s usage of it so yes, that’s the only OS that matters to the topic.

ubuntu-report is a one-time sending of data. There is no case of enabling it because its not a repeated process unless you manually trigger it again.

PopCon is never asked during installation in Ubuntu. I don’t know if other OS’s but I do know that neither Ubuntu or Debian ever ask to enable it during installation of the OS. This is what I said in the article and in this thread. You do not need to remember if you enabled it from installation when neither of them present it to be enabled during install. PopCon is disabled completely in Ubuntu without manually activating after install inside of the Software Sources settings, this is the only place it can be enabled not via install.

I said it can be argued that this is a bad thing to disable not that I blindly trust anyone but even if this part was problematic it doesn’t change anything regarding the first 2 things being completely benign.

I’m not trying to be argumentative, but I know for a fact that Debian Jesse did ask users to participate in PopCon. It didn’t default to being enabled, but I enabled it with some of my installations because I wanted my systems to be counted. Since then, my opinions about data collection have changed.

I don’t consider the data collection to be benign. If my machine is sending out information, then some company (and maybe some listening agencies) can determine a lot about me. In addition to whatever data is intentionally being collected, they’re also getting information about my location, the hours when my machine is on, how many machines I have, and the Internet and VPN addresses that I’m using.

Actually Debian asks you on installation if you want it to be enabled and if you were not to read it and hit continue it would default to disabled, at least from the netinstall or default installation not mentioning how it works with the live ISOs that now use Calamares that I have no experience with.

Personally I have nothing against it but it does not generate reliable data because the majority of people do not participate in the contest as far as I know.

Well if Debian does then thats interesting but not relevant to Ubuntu because they dont ask at all.