Ubuntu – What data are transmitted to Canonical for livepatch

canonicalcanonical-livepatchtelemetry

I just upgraded to 18.04 and wanted to try out livepatch. After reading the Livepatch Terms of Service web page (https://www.ubuntu.com/legal/terms-and-policies/livepatch-terms-of-service) I wondered a bit about these two paragraphs in the personal data section:

We may also collect certain non-personally-identifiable information,
which is located on your computer. The information collected may
include statistics relating to how often data is transferred, and
performance metrics in relation to software and configuration. You
agree this information may be retained and used by Canonical.

Canonical may disclose any or all personal data and content you have
sent, posted or published if required to comply with applicable law or
the order or requirement of a court, administrative agency or other
governmental body. All other use of your personal data is subject to
the Privacy Policy.

I understand that, in order to do the live patching, Canonical needs to know some things about my system, like the kernel version. Also, through my SSO account and the token they know my email address and name.

So far so good. But I wonder what else Canonical needs to know about my system. The above text is vague about this. "Statistics" and "performance metrics" do not sound like they are necessary for the live patch service per se. Also, if those data are really "non-personally-identifiable", why Canonical is asking one paragraph later to agree that they may disclose them to administrative agencies or governmental bodies on request?

What are the data transmitted to Canonical, once and regularly? How can I investigate what is transmitted? How can I be sure it will not change suddenly to transmit more than I want?

This is a technical question. I do not want to discuss Canonical's TOS or legal issues. I really want a technical way to find what is transmitted before I sign up.

Best Answer

Given that the livepatch client is proprietary, I don't have a complete answer.

That said, the client (/snap/canonical-livepatch/*/canonical-livepatchd) is written in Go. Debugging with Delve, here's some information to start with:

(dlv) bt
0  0x00000000006ad140 in main.(*client).check
   at /home/c/Canonical/go/livepatch/src/github.com/CanonicalLtd/livepatch-client/parts/canonical-livepatch/build/daemon/client.go:212
1  0x00000000006acfeb in main.(*client).Check
   at /home/c/Canonical/go/livepatch/src/github.com/CanonicalLtd/livepatch-client/parts/canonical-livepatch/build/daemon/client.go:200
2  0x00000000006b8415 in main.refresh
   at /home/c/Canonical/go/livepatch/src/github.com/CanonicalLtd/livepatch-client/parts/canonical-livepatch/build/daemon/refresh.go:60
3  0x00000000006bf957 in main.newDaemon.func1
   at /home/c/Canonical/go/livepatch/src/github.com/CanonicalLtd/livepatch-client/parts/canonical-livepatch/build/daemon/daemon.go:76
4  0x00000000006b86a3 in main.(*refreshLoop).loop
   at /home/c/Canonical/go/livepatch/src/github.com/CanonicalLtd/livepatch-client/parts/canonical-livepatch/build/daemon/refresh.go:120
5  0x00000000006c0bfd in main.(*service).Start.func1
   at /home/c/Canonical/go/livepatch/src/github.com/CanonicalLtd/livepatch-client/parts/canonical-livepatch/build/daemon/service.go:151
6  0x0000000000457b31 in runtime.goexit
   at /home/c/.gobrew/versions/1.10/src/runtime/asm_amd64.s:2361
(dlv) locals
rendered.cap = 0
rendered.len = 0
rendered.ptr = *uint8 nil
status = main.ClientStatus {ClientVersion: "8.0.1", MachineId: "bfcf169468f641528ac653c41ff1797d", MachineToken: "",...+7 more}
(dlv) print status
main.ClientStatus {
    ClientVersion: "8.0.1",
    MachineId: "bfcf169468f641528ac653c41ff1797d",
    MachineToken: "",
    Architecture: "x86_64",
    CpuModel: "Intel(R) Core(TM) i7-6920HQ CPU @ 2.90GHz",
    LastCheck: time.Time {
        wall: 0,
        ext: 0,
        loc: *time.Location nil,},
    BootTime: time.Time {
        wall: 0,
        ext: 63662149770,
        loc: *(*time.Location)(0x963f60),},
    ApplyTime: time.Time {
        wall: 0,
        ext: 0,
        loc: *time.Location nil,},
    Uptime: 3472,
    Kernels: []main.KernelStatus len: 1, cap: 1, [
        (*main.KernelStatus)(0xc4201883c0),
    ],}

The fields in the status variable are:

Client Version
Machine ID (the value from /etc/machine-id)
Machine Token (Ubuntu One token?)
CPU Model and (OS?) Architecture
Last check time
Boot time (time taken to boot?)
Apply Time (?? - possibly, when the last update was applied?)
Uptime
List of Kernels

Boot time and Uptime could be considered to be included in statistics and performance metrics.

Again, this is a starting point. Make of it what you will, and hopefully somebody else can provide more definite information.

How can I be sure it will not change suddenly to transmit more than I want?

You can't. The source code isn't available, and snaps are automatically refreshed, IIRC.

Related Solutions

Ubuntu – “kernel-upgrade-required” is not one of applied, apply-failed, unapplied, needs-check, nothing-to-apply, unknown, check-failed

I'm not sure what your question is, but there is a difference between the following two commands:

apt-get upgrade
apt-get dist-upgrade

Typically (or always?), upgrade will not install new kernels, whereas dist-upgrade will.

From the apt-get man page:

   upgrade
       upgrade is used to install the newest versions of all packages
       currently installed on the system from the sources enumerated in
       /etc/apt/sources.list. Packages currently installed with new
       versions available are retrieved and upgraded; under no
       circumstances are currently installed packages removed, or packages
       not already installed retrieved and installed. New versions of
       currently installed packages that cannot be upgraded without
       changing the install status of another package will be left at
       their current version. An update must be performed first so that
       apt-get knows that new versions of packages are available.

   dist-upgrade
       dist-upgrade in addition to performing the function of upgrade,
       also intelligently handles changing dependencies with new versions
       of packages; apt-get has a "smart" conflict resolution system, and
       it will attempt to upgrade the most important packages at the
       expense of less important ones if necessary. The dist-upgrade
       command may therefore remove some packages. The
       /etc/apt/sources.list file contains a list of locations from which
       to retrieve desired package files. See also apt_preferences(5) for
       a mechanism for overriding the general settings for individual
       packages.

Confusingly, apt upgrade is different from apt-get upgrade. I believe apt upgrade is the same as apt-get dist-upgrade.

Rick also says he is using the following command:

sudo apt-get upgrade linux-generic linux-headers-generic linux-image-generic

However, the following should suffice:

sudo apt-get upgrade linux-generic

The above will upgrade all packages, and will install any new packages required by the latest version of linux-generic. (And linux-generic depends on linux-headers-generic and linux-image-generic.)

Alternatively, if you only want to install the most recent linux-generic (and its dependencies), and not upgrade any other packages, consider:

sudo apt-get install linux-generic

Ubuntu – Canonical Livepatch internal error

In terminal i just fire this command and it worked, try this

sudo canonical-livepatch refresh

In Detail you can read here

Best Answer

Related Solutions

Ubuntu – “kernel-upgrade-required” is not one of applied, apply-failed, unapplied, needs-check, nothing-to-apply, unknown, check-failed

Ubuntu – Canonical Livepatch internal error

Related Question