How Is Ubuntu Spying on You and What to do about it

Intro
I was lately surprised by my new ‘Ubuntu Server’ computer connecting back to a strange IP address: 91.189.92.11 on port 443! I immediately started investigating the case and did a whois lookup on the IP address to discover that the IP points to this domain productsearch.ubuntu.com – a page that will display a 403 Forbidden Error.

What is productsearch.ubuntu.com?
So apparently according to this website: If you’re an Ubuntu user and you’re using the default settings, each time you start typing in Dash (to open an application or search for a file on your computer), your search terms get sent to a variety of third parties, some of which advertise to you. Ubuntu should protect user privacy by default. Since it doesn’t, you can use the code to the left to disable the parts of Ubuntu which are invasive to your privacy.

You can also read more about Ubuntu 3rd parties: http://www.ubuntu.com/privacy-policy/third-parties

So what to do about this?
First I would like to mention this Softpedia GUI-like solution to this issue.
Alternatively you can DIY – You need to run this script, which is self explanatory:

I also added couple of iptables rules to block any access to that host and IP
iptables -I FORWARD -d 91.189.92.11 -j DROP
iptables -I OUTPUT -d 91.189.92.11 -j DROP
iptables -A OUTPUT -m string --string 'productsearch.ubuntu.com' --dport 443 -j DROP
iptables-save

You’re not done yet. A session to productsearch.ubuntu.com must have been taken place earlier and you need to ‘kill’ it.
You can do that using tcpkill, but I prefer this method:
first get all actively listening processes: ss -aunt, note the PID of the process, then kill it using process name: pkill unity-scope-hom or PID kill #PID#
now recheck if there is any active connections to that host ss -aunt

Your system should be clean now.

Leave a reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">