This was my first response as well (it's not the data sharing that's the problem, it's that you noticed).
Thinking about it though, a lot of it is a question of surprise and unknowns. I would find this message to be a lot better - "We see that you've taken advantage of the Ubuntu image that Canonical provide in the Azure Marketplace. I am available to you for (etc.)".
> * I would find this message to be a lot better - "We see that you've taken advantage of the Ubuntu image*
No. That's not better at all.
The mere fact that Canonical has specific information to reach me when I am not a direct customer of Canonical is a complete violation of my privacy.
Ubuntu is a free product. Canonical should not be able to find out if I (specifically me or my organization) allocates or runs 1 or 10000 instances of Ubuntu.
> Ubuntu is a free product. Canonical should not be able to find out if I (specifically me or my organization) allocates or runs 1 or 10000 instances of Ubuntu
I agree with the message behind this and obviously Canonical and Microsoft are both being extremely gross.
But Ubuntu as a binary image (or source code) is a very different product than a VM with Ubuntu pre-installed and pre-configured, which is what you paid for (and is why you got ensnared by their horrible anti-user license).
> But Ubuntu as a binary image (or source code) is a very different product than a VM with Ubuntu pre-installed.
How? Why? If it's different in any meaningful way from just clicking "next" on the installer then it's no longer Ubuntu, and certainly not Canonical Ubuntu, that's pre-installed. It's become, at best, Microsoft-Ubuntu-Because-Microsoft-Added-Telemetry-For-Azure. Or it's Canoncical-Ubuntu-Configured-By-Microsoft-With-Azure-CLI-Preinstalled.
You don't get to decide what is and isn't "Ubuntu", Canonical does. Did you likewise declare that Ubuntu isn't Ubuntu anymore when Canonical dropped Unity? or when they added snap? Or when they added or later removed the Amazon search plugin?
When I'm paying for an official Azure version of Ubuntu on Azure, I darn well expect there will be a closer support relationship than the free desktop version.
> When I'm paying for an official Azure version of Ubuntu on Azure, I darn well expect there will be a closer support relationship than the free desktop version.
Okay, but maybe other people don't want that if it entails their information being shared with a company they haven't initiated a business relationship with?
But the servers are running Canonical software. Just because it's GPL'd doesn't mean that Canonical doesn't own it or that you have no relationship with them by using it. You are paying them a license fee to get the azure image, after all.
To say that you have no business relationship with Canonical while paying Canonical to use Canonical software with official Canonical technical support is absurd to the highest degree.
Just FYI, this is bad manners. I deleted the comment because I didn't want to continue the conversation and I especially didn't want to engage with you - specifically, your comments here and elsewhere indicate that you are frequently toxic and hostile.
You deciding to resurrect the comment because you happened to see it before I deleted it is really not OK. It's the exact kind of toxic hostile, creepy interaction I was trying to avoid from you by deleting the comment!
> your comments here and elsewhere indicate that you are frequently toxic and hostile
I thought your comment was interesting and merited a reply for others to see and discuss. But I see you disagree so I've removed the content of my reply.
Feel free to flag any comments you find particularly toxic or hostile. You can do that by clicking on the timestamp of the comment and clicking the `flag` link.
Or even better, let me know (like you have done so here). I can't improve myself if I don't know there's a problem.
Erasing history and demanding others follow your lead is bad manners.
Posting something and deleting it after it has been seen is basically gaslighting. Imagine the kinds of harassment people could get away with if they said rude things to coworkers on chat, then edited the messages to appear benign after the coworker responded to their hostility.
That is why people quote the text of comments to which they want to reply.
To be clear are we to suppose one has a right to say something and then insist others never bring up anything because one has at that point deleted?
Furthermore is strenuous disagreement now toxic and hostile?
Wouldn't it be more trivial to say I do not wish to engage and leave it at that? Ironically calling someone toxic hostile and creepy is... pretty toxic.
> are we to suppose one has a right to say something and then insist others never bring up anything because one has at that point deleted?
I think someone has the right to change their mind about something they've said. That's why I edited my comment to remove it.
> Furthermore is strenuous disagreement now toxic and hostile?
I don't think so. But I know that I sometimes get passionate about my opinions. I welcome someone's input to keep me friendly.
> Wouldn't it be more trivial to say I do not wish to engage and leave it at that? Ironically calling someone toxic hostile and creepy is... pretty toxic.
I would like to think better than that. I think it was good of @ojnabieoot to let me know that they thought I'd wronged them.
Some people can feel very anxious or awkward to conversation for very good reasons. They can state opinions and then choose to retract their opinions for any reason -- even if the opinion is held but they choose to remove themselves from the conversation. I think that's a good thing to discuss but this isn't the venue to.
If you go to Ubuntu's web site, they will offer several distinct ISOs, each optimized for different usecases; and yet I'm not charged all of my personal information there either.
Right. If I can run Ubuntu on Docker without Canonical knowing, I should be able to run Ubuntu on Azure without Canonical knowing.
This is a big misstep for Microsoft, from my point of view. I think it's less a reflection on Canonical, because once they have the information, it's ultimately going to be used. Microsoft just should not have agreed to the arrangement at all.
> Both Microsoft and Canonical are for-profit enterprises.
I don't think that most of the people have a problem with that. The problem is being sucked-in to something without ever agreeing into.
In the era of privacy sensitivity (which I think is healthy), being watched in a place and prodded from a different channel is disturbing.
I don't mind people trying to reach me with the hope of sales based on information I've provided to them, but this is too far.
Also it removes two veils from both companies at once:
1. It seems Microsoft still has sneaky tactics, but they're more invisible.
2. Canonical is somewhat more aggressive and greedy than it seems, and Ubuntu desktop is just a freemium product, or another capturing device for further vendor lock-in.
The alternative is that Azure owns complete access to the customer. Which seems... well, an easy skip to App Store-esque rent seeking.
So MS sharing "their" customer details with the image provider seems more generous than evil. Provided there's a "Do not share" config option somewhere.
If I'm doing business with Azure, I would absolutely expect them to keep my data and behavior private. It's part of the reason why I would be paying them (instead of expecting something for free) in the first place.
So if I write a piece of software that eventually makes it to Debian and Ubuntu, am I entitled to your name, address, phone number, email, and a data feed showing every time you start or stop your Ubuntu instances on Azure? After all, I am a third party software provider at that point. And look, Azure doesn’t even have to tell you they are sending me all that stuff. It’s in the TOS you didn’t read!
If I choose to run an image maintained by IgorPartola, sure!
If I download packages and Ubuntu, and assemble my own image, or use one assembled by another org, probably not.
I think the disconnect is that for me, image packaging and updating is work, and that work has an author, and the author is deserving of certain rights others are not.
If Azure is auto-pulling Ubuntu images, building containers, and publishing themselves, then that's a different story.
The issue is more so *why* Microsoft is sharing this information with Canonical. — what does it obtain from it?
Ubuntu is gratis, so Canonical can't have coerced Microsoft into doing so; it is quite probable that one approached the other to make a deal, and that Canonical is paying a certain fee for this information.
The code is gratis. Although, partnership deals tend to go beyond simply sharing code, and into the realm of dedicating time and resources to working with each other.
I think this is why this doesn't shock (shock!) me.
We're talking about a curated, supported, official image here, right?
If folks want to use a "MyUbuntuImage" they or someone else packaged and uploaded, more power to them.
But by pulling a Canonical image, you have a relationship with Canonical. Expecting that relationship not to exist "because open source" seems to be misunderstanding who does what work.
As to whether this should be opt-in, done, etc. is another matter entirely. But the fact that it exists at all doesn't feel particular shocking.
It's not like we're talking about everyone who pulls a RedHat image's info being sent to Canonical!
The code is more than just gratis; it's libre. This is Ubuntu, based on Debian GNU/Linux. (Yeah, okay, some of the code is merely gratis, but most of it is libre.)
I don't expect an OS based on an OS based on an OS based on a half-finished OS based on free software principles to have shady data-dealing attached, yet hidden from the people whose data is being dealt.
Free software is about user empowerment, and the ability for users to be hackers if they want to (or employ people to make changes on their behalf). “Sike, we've been stalking you and you can't do anything about it” is antithetical to this ideal.
Privacy protection is not an obligation, but transparency and openness is. Yes, you're not contractually required to not make a separate computer system that's proprietary and closed and disempowering, but that's so pedantic as to be malicious.
So you didn't read the ToS, I take it? I did. I do whenever it's something important to the company's infrastructure. Canonical is the one at fault here for not adhering to Microsoft's guidelines. But Microsoft put the warning on the package.
I mean, it's kind of ridiculous to think that you could do anything in a cloud environment system and not have your actions tracked. Hell, with automated load balancing and load-based billing, that's literally what you're signing up for.
I wouldn't be surprised to learn Azure was paid (either money or developer time) and this is happening for other products. I would think twice before using Azure if I was concerned about my usage being shared.
It is. For example I've warned others about the eula shipped with Dell systems with Linux (Ubuntu) on them for similar reasons... and encourage people to do their own installion of images (containerized or otherwise).
It's not "free as in lying around on the ground", it's free as in "freedom". You have to agree to Canonical's "Terms of Service" to use Ubuntu, so you are a licensed customer of Canonical's.
In this case, the license is the GPL, none of which has anything to say about privacy. Maybe this is a failure of the Free Software Foundation's to not include privacy protection in the GPL. Though even if they were to create a GPLv4, the Linux Kernel is still only licensed under v2, so distro implementors have no obligation to use a more restrictive license.
AKA, "the cat is already out of the bag".
In the OP's case, they additionally are are customer of Microsoft's, who explicitly stated they share this kind of information with their vendors.
Oh, I definitely agree, I'm just trying to point out that a lot of people here are making assumptions about what "Free Software" means that literally nobody in the FOSS or Open Source movements have ever said were goals.
I think you're the one who needs to provide a citation, because I've read a lot of the literature on the FSF's website and not once does privacy come up.
Now, I can't exhaustively prove a negative, but I think I can easily demonstrate that the FSF has never meaningfully expressed an opinion on privacy. Go to https://www.gnu.org/philosophy/philosophy.html, open every single page it links to in the body of the text, and search for the word "privacy". It does not show up in the body text of any of those documents. It shows up once in a footnote that mentions a change that Samsung made had that "caused privacy concerns".
The closest they get to even mentioning the concept of privacy is when they talk about the right to modify software and use those modifications "privately", which clearly does not mean anything about user privacy.
If privacy were so big of a concern for the FSF, you'd think they'd talk about it in their official documentation on their philosophy, or put something about it in the ONE tool they have to have power over anyone: the GPL.
I think you misunderstand. Debian doesn't have restrictions on how end users use their software. They do however make an effort to ensure the software they distribute is high-quality and doesn't do bad things to the user.
People are coming into this thread, talking about "this should not happen cuz free software." And Free Software protections are just completely orthogonal to privacy protections.
There is a certain level of reasoning where one might say that, if the software were truly libre, you could "just" fork it and rip out the parts you don't like. But because you clearly can't "just" do that, then the software must not be free.
Yes. The software is not Libre.
But it's not clear to me that this is the case because the system is hosted on Azure or the distro is Ubuntu. Your rights within a marketplace go only so far as you can throw your alternatives. Software, especially operating systems, are just too complex to expect the concept of Free Software to be sufficient to protect user privacy.
The idea is that, if free software principles were widely followed, this kind of spying could never be built in the first place. It'd be like a rice cooker that refuses to cook a full portion if you're putting on weight, or a washing machine that won't turn on during peak energy hours; a bizarre, unprecedented imposition on the principle that you should be able to do what you want with your stuff.
It is a violation of your privacy that you may have already agreed to - presumably MS mentions this in their ToS/privacy policy that this information will be shared. They just conveniently forget to remind you that when you deploy a VM...
Another interesting question: aren't you a direct customer of Canonical here? When you buy stuff off of any marketplace or though a reseller, it seems to me you are a customer for multiple companies. Examples: buying an iPhone from AT&T, buying a laptop from Amazon, buying a Subaru through a dealer.
I think there's a difference here; you can get Ubuntu got free outside of Azure without being a customer of Canonical, but you can't get an iPhone from Apple for free from them just by going through a different channel
I think I'm missing something... Ubuntu is developed by Canonical, right? Just because you do not pay for it when you get it outside of Azure does not mean you are not their customer?
Doesn't customer imply a paying relationship? If I put some code online and let people use my software I'd say that makes them at most my users, not consumers.
When you get it a certain way through Azure you both enter a contractual agreement with each other, and that does make you a customer.
I think requiring payment is a bit too strict requirement to define a customer. Your users still agree to your license, so there is a relationship established, you may just not get any benefit from it (monetary or otherwise). Even in your license you likely have to be explicit that "software is provided as-is" and you aren't responsible for it misbehaving - otherwise your customers/users could try to sue you. Just because you don't pay for Ubuntu doesn't mean Canonical does not get anything out of you deploying it. Do they gather any kind of data about users' behavior?
Thinking about it though, a lot of it is a question of surprise and unknowns. I would find this message to be a lot better - "We see that you've taken advantage of the Ubuntu image that Canonical provide in the Azure Marketplace. I am available to you for (etc.)".