Ubuntu One Privacy in the EU

I was just about to look into using Ubuntu One. But I chose not to, because I would have had to install tons of Gnome dependencies and use the Gnome client. It's not integrated to KDE yet. Then I read about their privacy policy, because recently we see a lot of bad privacy policies I would say. And I'm not too happy about what I read.

"Canonical may disclose any or all personal data and contents you have sent, posted or published if required to comply with applicable law or the order or requirement of a court, administrative agency or other governmental body." (https://one.ubuntu.com/terms/)

So if the local village chief somewhere in East Timor wants ("requires") to see your private documents, he is welcome to. Or do we use eiusdem generis rule? Well, I would still say any administrative agency is not very narrow. I think we can at the very least expect not only secret services or police, but any part of the US federal and local government to have access to any of your saved data at any time they require it and without any court orders. The link also lists as administrative agencies: the labor relations board or the Farm Credit Administration, the Maritime Administration, Environmental Protection Agency, Food and Drug Administration, Immigration and Naturalization Service or FCC and IRS. So quite a lot of people with potential access to all of your private information.

We don’t share your personal information with anyone except to provide you with services, comply with the law, or protect our rights. (https://one.ubuntu.com/privacy/)

Canonical's rights could be a lot of things I think. Maybe it could include the right to get payed by you? If you didn't pay in time, it looks to me that by the contract terms they might share your personal information with "anyone" to protect their right to be payed.

The quotes are from the UK version of Ubuntu One, but probably apply similar everywhere. I think they actually really tried to make it privacy friendly. But at the same time, they really wanted to make sure they couldn't possible get in trouble through protecting your privacy.

DISCLAIMER: I am not a lawyer - this is not legal advise. This is just a discussion view and a try to inform the general public about something that may or may not be interpreted by professionals as here stated. You are invited to share your views in the comments.

8 comments:

  1. Unfortunately I don't know other sync services with more paranoid privacy policy. Furthemore everybody now uses and sync with GMail :(

    As real paranoid I use local Funambol server.

    ReplyDelete
  2. Stay tuned. I'm planing to release my own solution with fully encrypted transfers to your own storage soon on this blog.

    ReplyDelete
  3. D, solution to transfer what?
    There is already open source Funambol service with a lot of clients for different platforms.
    It can do HTTPs.

    ReplyDelete
  4. Well a solution to synchronize directories between Linux, OS X and Windows over an encrypted ssh connection. The combination is the key ;)

    ReplyDelete
  5. and it's non-cloud. The data stays with you.

    ReplyDelete
  6. but funambol is really interesting it seems...

    ReplyDelete
  7. ok it doesn't support directories at all though, does it? just emails and contacts?

    ReplyDelete
  8. For sync files between Win/Linux/Mac you can use Dropbox+TrueCrypt or another encryption software. And in this case cloud nature of Dropbox is not so important.

    Funambol is for personal data sync like calendar, notes and contacts.

    ReplyDelete

I appreciate comments. And I do read them.