Recent blog posts

Ubuntu's Census Taker Getting Bad Rap

Canonical's census app will only count, not track

By Brian Proffitt  5 comments

August 11, 2010, 10:13 AM

I've got one thing to say about the ruckus over the canonical-census package recently found in the Ubuntu repositories:

Calm down.

Here's what's being discussed in the community: canonical-census is a software package designed to phone home and track how many computers are using Ubuntu at any given time. Upon hearing that (overly simplified and wrong) explanation, privacy advocates within the free and open source communities went ballistic, seeing canonical-census as an explicit violation of privacy.

It hasn't helped that Canonical is already bearing the brunt of some community animosity over recent reports indicating they might not be contributing enough code upstream to the GNOME Project, followed up by a stunningly obtuse rant (and, later, apology) against free software by a prominent member of the Ubuntu community.

When the news about canonical-census broke, I have to admit I slapped my forehead and thought, "what the heck is wrong with these guys? Do they like poking hornets' nests with sticks?"

After doing a little digging, though, I discovered that in this case, the hornets are seriously overreacting: canonical-census is not designed to track, it's designed to count. There's a big difference.

First off, the canonical-census package is not going to end up in every instance of Ubuntu 10.10 (Maverick Meerkat). Canonical put this application together for one of their (as yet unnamed) OEM customers. The OEM wanted this application to count user numbers, and it's the OEM which will be getting the data, not Canonical.

Okay, so it's not Canonical who's violating privacy, they're just aiding and abetting, right?

Not quite.

Here's what the canonical-census package is supposed to do: it pings the central server and reports the computer's product name (as noted on the system DMI), which version of Ubuntu is running, the distributor channel, and how many times canonical-census has sent this information to the central server. This method is used, according to Rick Spencer, Engineering Manager of the Ubuntu Desktop team, because it allows OEMs to count machines but not track them, because there's no unique identifier associated with the machine being counted.

Sure, you say, that's what Canonical wants you to think, be we really know what's going on.

Actually, we really do. See, there's this thing about most code that runs on Ubuntu, perhaps you have heard of it: it's called open source. At any time, any one of us can go here and download the source code for canonical-census and see what's what.

Fortunately, since I am not a developer, a developer has already done so, and wrote a thorough analysis of the canonical-census application's source code. Stephan Peijnik's verdict? The code does exactly what Canonical says it will do:

"After getting the canonical-census Debian source package... the source package shows, besides the Debian packaging information, two scripts:

  • "census (written in Python) and
  • "send-census (a GNU bash script)...

"send-census is installed in /etc/cron.daily, which means it will be executed once a day by the system's cron daemon. It's a mere 48 lines long, and its code is quite simple. So everyone with at least some shell scripting experience can easily check what it's doing. Now guess what, it sends exactly the information as reported on slashdot to Canonical. Nothing more and nothing less."

In fact, Peijnik adds, the information gathered by canonical-census is a lot less info than what Debian GNU/Linux's popcon package gathers. Presumably this is true of openSUSE's popcorn package, too.

Yet, privacy advocates aren't jumping on these packages, at least as much as I've heard. Go figure.

The concerns of privacy advocates are valid: anything that tracks you or your activity as a user should be viewed with suspicion, particularly if it's doing so in a less-than-open manner. But, in this case, I think the knee-jerk reaction is unwarranted. There is nothing in canonical-census that indicates it's going to track users or their machines. It's just a count.

I, for one, welcome such a count tool, and I hope this methodology succeeds. If it does, it would be great to start getting some real data about number of installs. (Canonical has said it's not sure yet if the OEM customer will share data.) Too often, we have to rely on download numbers, or surveys like this one that use web-site traffic data, which is better for showing trends than real numbers.

If canonical-census works as purported, perhaps it should be included in a general release of Ubuntu. If Canonical and the Ubuntu community put some messaging behind it, they could tout it as the first real Linux census. Since canonical-census is open, there's nothing to prevent there from being "fedora-census" or "opensuse-census" applications that could gather the same info.

I realize that such an expansion would have its detractors, but why is the notion of a head count such an anathema? For years, community members and vendors have lamented there's no good way of determining how many Linux installs there are. If this is indeed a workable, anonymous way of getting such a count, then Linux advocates should be applauding tools like canonical-census, not trying to kill them off.

Follow Brian on Google+

Brian Proffitt is a veteran Linux and open source journalist/analyst with experience in a variety of technologies, including cloud, virtualization, and consumer devices.

5 comments

    Anonymous 1 year ago
    I'm all for it. I downloaded it for Jaunty. We need this if Ubuntu is going to succeed. How else will they ever get an accurate count. The key word here is accurate.
    Flag comment  |  Permalink Reply
    Anonymous 1 year ago
    All phoning home by any software is spying. When will you software idiots realize that you are helping the bad guys get into out computers when you open up the security shield to get the info you want.Linux will never be as successful as Windows or Mac because windows and macs have standards where as linux has a very loose confideration with each distro rolling its own. Come on people get serious about your OS. Same think is happening to Linux that happened to Unix, too many fingers in the pie makes for a bad tasting pie.
    Flag comment  |  Permalink Reply
    Anonymous 1 year ago in reply to Anonymous
    You talk about serious OS like winblows and mac ?On you winblows you have 20+ programs who spy you , what you run , is legal or not , with DRM protection and spywares by Ms you are the victim and good boys for ms .All INTERNET Run On Linux Servers and the this site run under http://uptime.netcraft.com/up/graph?site=www.itworld.com Linux Apache/2.2.3 (CentOS) and is not successful .When you see successful about winblows and mac , just dominate the market share ? You need to pay lot of $ for software you are ? Winblows + Mac have standards : when you see this standards on DRM , on spywares , on Trojans not form crackers but from ms and apple ?GNU/Linux have many choice's winblows and mac not , GNU/Linux is more stable , more secure and not cost many $ full programs and OS together .And on you winblows not going to get you info the bad guys with spywares , virus ,Trojans and more staff like that ?If you never use GNU/Linux you can't talk about them , you are offtopic about this theme !
    Flag comment  |  Permalink Reply
    Anonymous 1 year ago
    A general census would be great, though i would change it to be a one time event that included a full handshake so that we were assured the installation was counted. One time and Linux-wide makes sense. Daily doesn't make sense to me.
    Flag comment  |  Permalink Reply
    Anonymous 1 year ago
    I have to agree with this. Basically the "counter-revolutionary" anti-Ubuntu bunch just don't want to see Linux finally becoming the success it should have been a loooong time ago. See, it screws up thier whole conspiracy theory thang. If Linix is not a success, they could point to Redmond for evil cruelty to penguins - rather than blame themselves. Chaps, get your hands off your joysticks, replace the greasy thick lenses for some shades and get out of the garage ...
    Flag comment  |  Permalink Reply

      Add a comment

      Post a comment using one of these accounts
      Or join now
      At least 6 characters

      Note: Comment will appear soon after you have activated your account.
      Obscene/spam comments will be removed and accounts suspended.
      The information you submit is subject to our Privacy Policy and Terms of Service.

      ITworld LIVE

      Open SourceWhite Papers & Webcasts

      White Paper

      Consolidating SAP Applications to Linux on Power by IDC

      IDC studied a group of enterprises that had deployed SAP applications on IBM Power Systems servers running Linux server operating environments and had been working with those systems for several years. Learn about the results...

      White Paper

      An Interactive eGuide: Open Source

      By now, enterprises are well aware of the benefits of open-source software, which boasts a clean design, reliability, and maintainability, as well as support for standards and community values. But perhaps the biggest benefit is quality; since open-source software users have access to source code, bug fixes and enhancements come from multiple sources, often resulting in superior software.

      See more White Papers | Webcasts

      Answers - Powered by ITworld

      ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

      Join Now

      New questions

      Friday fun: What's your guilty pleasure?
      1 answer
      Which is better for password security, length or complexity?
      1 answer
      What are the chances that the cloud will kill off the PC?
      1 answer
      How to print from a mobile device
      2 answers
      How to get started developing Android applications
      2 answers
      View more questions

      Ask a question

      Join Now or Sign In to ask a question.
      Ask a Question