The following post is about a beta software release, which may — and hopefully will — change.
You know what they say about assuming…
It was with these deeper questions in mind that I tracked down the source code and cracked it open.
private const string OFFERS_BASE_URI = "http://productsearch.ubuntu.com";
I believe kids these days call this “My Face When”:
(Dear Google: Thank you for knowing exactly what I mean when I search “oh no they didn’t owl!”)
If you missed it: that’s HTTP, not HTTPS, meaning there is no encryption, meaning there is no network privacy whatsoever; everything you type into your desktop search bar is, by default, blasted onto the Internet in plaintext. Gee, how could that ever go wrong? Who would ever use the default search bar to look for deeply personal or sensitive files stored on their own computer while on public Wi-Fi or at school or work? (Where was that story I was working on… “PrincessLeia_Meets_CaptainPicard.doc”… oops).
This is what we’d call a side channel or an information leak, because it’s disastrously easy to accidentally shunt personal data to the Internet in a context where the user is thinking “here on my private computer.” This is a user-hostile design because it demands that the user consciously decide whether to avoid the default search and either uninstall the Amazon plugin or make a separate local-only search on a case-by-case basis. This is assuming they even realize that this problem exists, and even then they may, as I did, assume that the Amazon integration is implemented in a privacy-respecting manner.
There’s a certain irony to this plaintext business in the fact that Canonical’s founder Mark Shuttleworth also founded respected HTTPS certificate issuer Thawte — not that he personally wrote this Amazon plugin, of course, but he did defend it on his personal blog, mostly focusing on the question of whether it’s adware. As an organization, Canonical should be enforcing strict HTTPS policies for any networked applications they are responsible for. This Amazon search plugin is still in beta, so there’s time to turn this around.
Amusingly, the plugin’s flood of attention means it is already racking up quite the bug count. For example, it does not currently do any NSFW prevention, and the results are returned in plaintext also. Have fun explaining that one to the ol’ boss-a-roni!