"As per the Azure T&Cs, Microsoft shares with Canonical, the publisher of Ubuntu, the contact details of developers launching Ubuntu instances on Azure. These contact details are held in Canonical’s CRM in accordance with privacy rules.
"On February 10th, a new Canonical Sales Representative contacted one of these developers via LinkedIn, with a poor choice of word. In light of this incident, Canonical will be reviewing its sales training and policies."
As someone who works in tech sales - the real bullshit here is that this is some right-out-of-college 22 y/o entry level sales person (SDR) who was likely told to to take this list and message everyone on linkedin 1x1.
The negative impact of this goes on his shoulders where the positive responses from this get passed off to someone else who is outside the blast radius.
Stuff like this is the norm when sales is viewed as an extension of marketing ("we need more leads") and not as a function that helps companies coordinate the evaluation and purchase of software ("we need to find out if this is the right fit for them") and the ones who pay the highest price are at the lowest levels when it's executives who are giving the orders.
Early in my career, I worked for a tiny company that exclusively built plug-ins for a specific SAAS platform. I noticed there was a public-facing page where one could search for any customer of this SAAS platform, so I built a scraper that would auto-search names, main URLs, and ticker symbols for every company on the S&P 500 into this search.
I demoed it with 5 companies to a member of the sales team, and he politely asked me to remove the script from the company laptop, and seemed to be annoyed at my script kiddie antics. He said it was nearly impossible to build a lead out of that kind of information, and that any shop that would try and use that kind of poisoned fruit would quickly tarnish their reputation.
Side note... the user on Twitter that originally reported this had his account locked by Twitter for posting the LinkedIn message from the Canonical sales guy.
I love how being contacted by a salesman that is acting accordingly to the terms of the contract he accepted is BAD! but publishing a private message without consent and without obfuscating name and surname is RIGHT!
I thought this was going to be a Clippy joke, but the truth was much more disturbing. Why is Microsoft sharing this level of information (from a corporate account) with third parties?
Well I think we all know why. They make money from it. The question that’s more relevant is how many of you are going to cancel your Azure accounts and move to a different host after seeing this and will it lose MS enough money to stop the practice. I’m taking bets that not enough will at 50:1 odds.
It definitely gave me Clippy vibes, and suddenly thrust me into a Black Mirror type of situation where a current day Clippy would literally forward all of your work (keystrokes, open programs, files) to sales and ad representatives so they can sell you more stuff. Every day I'm more and more paranoid of big companies now!
The MS response in TFA is illuminating: terms for publishing an image on the marketplace are that MS will make certain information available to facilitate user support. Sales and Marketing are explicitly forbidden uses of this information. Canonical violated their Terms, in what is probably a GDPR violation of some kind if the user is in the EU.
What's interesting is whatif any enforcement action comes of this. It's not like MSFT can restrict Ubuntu image use on Azure; Linux is literally the majority of their usage. Can they sue?
I installed Ubuntu onto a physical machine recently because I needed to use a Linux package for something real quick.
Upon trying to install the incredibly common package I was given some error about it not existing and some nonsense about using snaps. I don't care about learning how to use snaps, I just want to get something done. I quickly installed Debian instead and got back to doing the work I needed to do. It really soured my opinion of Ubuntu - a distro I first used back when they were still mailing out CDs.
This furthers my negative opinion of Canonical and solidifies my position that I'll never use Ubuntu again. Debian it is for me if I need Linux.
I feel like something similar happened with me middle of last year. I was studying for an Azure certification and deployed a few ubuntu servers. Around that time I received an email from someone named Aldo with 'Business Development' in their email signature.
We don't use anything from conanical at work and I've never signed up for anything from them that I recall. I remember at the time thinking it was weird to get this email when I had never before used an ubuntu server in azure. I certainly never expressed any interest in "running ubuntu in a secure manner on Azure" to anyone.
I received the email on June 6, 2020, and then several follow up emails when I didn't respond.
This was the message:
> With 85% of enterprises having either a mandate, preference or exploration of open source technology I've connected with many individuals, while working from home, who have reached out to discuss how we provide proactive security for Ubuntu deployments in the cloud. I understand you have similar interests around running Ubuntu in a secure manner on Azure.
> Ubuntu Pro, our carefully optimized image for production public cloud environments, provides all-inclusive patching for over 30,000 packages (for up to 10 years), FIPS 401-2 certification and Automated security profiles including CIS and DISA STIG.
> That is just a handful of ways we keep companies safe and I was hoping to show you more. How does your schedule look this week, or the next, for a quick chat?
I'm super confused as to why anybody thinks this is a problem. Generally, when one "buys" something from a "marketplace" the vendor gets to know who the buyer is. That the vendor asks the buyer if there's anything else they'd want to buy is par for the course.
If the email came over an Azure customer support system, or even to the corporate email used to sign up for the Azure account, then sure - I would personally find this very obnoxious and it being buried in the license agreement is suspicious, but not really that unethical. Crucially, this arrangement means Canonical could engage in marketing without MSFT sharing much personal data about Azure users.
What's extremely unethical is contacting the person over LinkedIn. It's extremely aggressive and a huge violation of boundaries, and proves that Microsoft is sharing personal information (names of users) with Canonical.
If I buy something online from a store, I would expect a few spam emails. But it would be completely unacceptable if a sales representative showed up at my house (despite me only sharing my address for billing/shipping purposes). This is basically what happened to the Azure customer.
What? When I buy something at a brick and mortar store, I don't expect the product's manufacturer to get my personal information. I don't even expect the store to get my personal information if I pay in cash.
I don't want some "relationship" with a company just because I buy their product.
I take issue with it, but I haven’t seen any other comment clearly state what I see the issue to be.
The issue is the poster spun up the instance in the course of his job. Microsoft and canonical would be reasonable to share that job related info.
But instead it appears that either they shared his personal info which would be unethical, or canonical takes the de-identified job info and then matches it with personal info.
In most transactions between people acting as representatives of their business, it would be very creepy for one of the businesses to then get personal info on the representative of the other business like their social media accounts or home address, especially if they do it using secret/obfuscated manners rather than explicit asking.
> Essentially you're agreeing to a EULA of some sorts, that "offer", and the offer has terms which include a reporting back to publisher. Imagine Oracle using this to capture enterprises that are skirting their license empire.
Two or three ago I spun up a quick Windows VM in Azure for about 20 cents worth of testing.
Shortly afterwards I had a missed phone call and then a follow-up email from an Azure salesman inviting me to schedule time to discuss my interest in the platform. I declined and asked to be opted out of anything like that in future, and actually received a pretty unprofessional response to that.
So even if Ubuntu aren't allowed to do this kind of thing, MS certainly have themselves in the past.
Didn't appear to be on the advertising side of things (yet...), but I had a similar experience when renewing some free Azure credits (from Microsoft Dreamspark or whatever they're calling it now).
I kinda figured it was just verifying I was a human, but I've provisioned 10~ or so other VPSes and dedicated servers with a few different providers and never got a phonecall so it was unexpected.
The next 40 years will be filled with special coders adding hooks into everything looking for new monetization channels. Be prepared for this same WTF moment every 5 minutes.
This is incredibly common. I installed an analytics package on my personal heroku account for a side project and received an email on my enterprise email account from their sales department.
My personal heroku account uses my personal email address, eg. [email protected], but my enterprise account uses my full name, eg. [email protected].
There's a sneaky CRM tool floating around that is connecting the dots on people.
It's a real shame, Ubuntu used to be my go-to distro, but for me this is the last straw in the history of shady things Canonical has done.
One of the things I liked most about Ubuntu is that the installation process is incredibly easy and everything "just works". Does anyone know a good alternative?
I'd love to go all in on Alpine, but using it on the desktop doesn't exactly spark joy.
Desktop: I don't know a single person who went to Arch Linux and regretted it. There is a slight learning curve but nothing a HN reader couldn't deal with.
"Just works" type desktop: Don't use linux. Personally, Arch is my go-to desktop and IMO if you can't deal with that, just use macOS or something. There's lots of things that don't "just work" on Linux even today. Bluetooth audio for example has a lot of problems and those will be present cross-distro.
The distros have less and less meaning nowadays, they're just what software is shipped in repos and initially. Ubuntu does a lot of custom shit so you want to stay away from them. Debian is constantly out of date but if you don't mind that it's still a solid distro. Fedora has always been pretty good as well but imo is straight up worse than Arch for sort-of-the-same philosophy.
There's going to be a lot of personal preference involved, but I've moved to Pop! OS which is still Ubuntu/Debian based but very clean, easy to install and use, and we'll supported.
It is weird that this is your "last straw". Most likely you haven't used Ubuntu for a very long time and just want to influence others to switch away from Ubuntu.
Lol a similar thing happened to me recently. I spun up a Windows VM on Azure because I had $50 monthly Azure credit with my MSDN anyway which I've never used yet. Immediately I get an email from a sales contact asking me if I need help (and who kept repeating when I didn't reply).
It's indeed annoying. It's not as bad as this example because it's the same company I already deal with, which actually makes this legal in Europe. But as someone who is (admittedly) very anti-commercial it annoys me.
The strong ties between MS and Canonical are also one of the reasons I dropped Ubuntu from my private life.
Another thing that really annoys me about this is that MS removed the "block sender" option in their "New and redesigned!!" version of Outlook for Mac. In many ways the UI of the new version is much better but I strongly relied on that version. They kept the "mark as spam" but it doesn't guarantee that sender is forever blocked.
Wow- and I thought it was weird and inappropriate when I got a linkedin message from a MongoDB rep basically saying "Hey! I'm the account manager for your company so let me know if you need help with anything Mongo related!" (subtext being, how can I convince you to use (more) mongo services on your project)
I have always wanted to switch away from Ubuntu to Debian but have been wary of losing the convenience of "it just works" (perhaps irrationally so since Ubuntu is based on Debian). That's why I switched to Pop! OS because of their even better seamless integration for switching between Nvidia and intel graphics. Will I lose these conveniences on Debian? Has anyone done such a switch and can share their experience?
[+] [-] raesene9|5 years ago|reply
The Canonical quote is the most illuminating :-
"As per the Azure T&Cs, Microsoft shares with Canonical, the publisher of Ubuntu, the contact details of developers launching Ubuntu instances on Azure. These contact details are held in Canonical’s CRM in accordance with privacy rules.
"On February 10th, a new Canonical Sales Representative contacted one of these developers via LinkedIn, with a poor choice of word. In light of this incident, Canonical will be reviewing its sales training and policies."
[+] [-] BlueTie|5 years ago|reply
The negative impact of this goes on his shoulders where the positive responses from this get passed off to someone else who is outside the blast radius.
Stuff like this is the norm when sales is viewed as an extension of marketing ("we need more leads") and not as a function that helps companies coordinate the evaluation and purchase of software ("we need to find out if this is the right fit for them") and the ones who pay the highest price are at the lowest levels when it's executives who are giving the orders.
[+] [-] schnevets|5 years ago|reply
I demoed it with 5 companies to a member of the sales team, and he politely asked me to remove the script from the company laptop, and seemed to be annoyed at my script kiddie antics. He said it was nearly impossible to build a lead out of that kind of information, and that any shop that would try and use that kind of poisoned fruit would quickly tarnish their reputation.
[+] [-] fireball_blaze|5 years ago|reply
https://twitter.com/LucaBongiorni/status/1359885001844744195
[+] [-] throwaway077445|5 years ago|reply
Some devs have complete disconnect from reality.
(ofc he screams #censorship)
[+] [-] MattSayar|5 years ago|reply
[+] [-] autoditype|5 years ago|reply
[+] [-] IgorPartola|5 years ago|reply
[+] [-] phreack|5 years ago|reply
[+] [-] agilob|5 years ago|reply
Because why not, it's allowed by T&C
[+] [-] ohthehugemanate|5 years ago|reply
What's interesting is whatif any enforcement action comes of this. It's not like MSFT can restrict Ubuntu image use on Azure; Linux is literally the majority of their usage. Can they sue?
[+] [-] IfOnlyYouKnew|5 years ago|reply
[+] [-] somehnguy|5 years ago|reply
Upon trying to install the incredibly common package I was given some error about it not existing and some nonsense about using snaps. I don't care about learning how to use snaps, I just want to get something done. I quickly installed Debian instead and got back to doing the work I needed to do. It really soured my opinion of Ubuntu - a distro I first used back when they were still mailing out CDs.
This furthers my negative opinion of Canonical and solidifies my position that I'll never use Ubuntu again. Debian it is for me if I need Linux.
[+] [-] larntz|5 years ago|reply
We don't use anything from conanical at work and I've never signed up for anything from them that I recall. I remember at the time thinking it was weird to get this email when I had never before used an ubuntu server in azure. I certainly never expressed any interest in "running ubuntu in a secure manner on Azure" to anyone.
I received the email on June 6, 2020, and then several follow up emails when I didn't respond.
This was the message:
> With 85% of enterprises having either a mandate, preference or exploration of open source technology I've connected with many individuals, while working from home, who have reached out to discuss how we provide proactive security for Ubuntu deployments in the cloud. I understand you have similar interests around running Ubuntu in a secure manner on Azure.
> Ubuntu Pro, our carefully optimized image for production public cloud environments, provides all-inclusive patching for over 30,000 packages (for up to 10 years), FIPS 401-2 certification and Automated security profiles including CIS and DISA STIG.
> That is just a handful of ways we keep companies safe and I was hoping to show you more. How does your schedule look this week, or the next, for a quick chat?
[+] [-] matsemann|5 years ago|reply
Edit: a comment here links to an article with more details. MS shares with Canonical. Bad on both parts I'd say, at least weird usage of the data.
[+] [-] joezydeco|5 years ago|reply
[+] [-] jnwatson|5 years ago|reply
[+] [-] ojnabieoot|5 years ago|reply
What's extremely unethical is contacting the person over LinkedIn. It's extremely aggressive and a huge violation of boundaries, and proves that Microsoft is sharing personal information (names of users) with Canonical.
If I buy something online from a store, I would expect a few spam emails. But it would be completely unacceptable if a sales representative showed up at my house (despite me only sharing my address for billing/shipping purposes). This is basically what happened to the Azure customer.
[+] [-] ryandrake|5 years ago|reply
I don't want some "relationship" with a company just because I buy their product.
[+] [-] mint2|5 years ago|reply
The issue is the poster spun up the instance in the course of his job. Microsoft and canonical would be reasonable to share that job related info.
But instead it appears that either they shared his personal info which would be unethical, or canonical takes the de-identified job info and then matches it with personal info.
In most transactions between people acting as representatives of their business, it would be very creepy for one of the businesses to then get personal info on the representative of the other business like their social media accounts or home address, especially if they do it using secret/obfuscated manners rather than explicit asking.
[+] [-] burkaman|5 years ago|reply
[+] [-] IshKebab|5 years ago|reply
[+] [-] layoutIfNeeded|5 years ago|reply
Ummm... no?
[+] [-] McDyver|5 years ago|reply
This goes to show that, when dealing with big corporations, even when you're paying, you're still the product.
[+] [-] sudenmorsian|5 years ago|reply
https://twitter.com/dezren39/status/1359726235929223168?s=20
[+] [-] notreallyauser|5 years ago|reply
Shortly afterwards I had a missed phone call and then a follow-up email from an Azure salesman inviting me to schedule time to discuss my interest in the platform. I declined and asked to be opted out of anything like that in future, and actually received a pretty unprofessional response to that.
So even if Ubuntu aren't allowed to do this kind of thing, MS certainly have themselves in the past.
[+] [-] iotku|5 years ago|reply
I kinda figured it was just verifying I was a human, but I've provisioned 10~ or so other VPSes and dedicated servers with a few different providers and never got a phonecall so it was unexpected.
[+] [-] coding123|5 years ago|reply
The next 40 years will be filled with special coders adding hooks into everything looking for new monetization channels. Be prepared for this same WTF moment every 5 minutes.
[+] [-] tailspin2019|5 years ago|reply
I noticed you posted a comment on Hacker News.
Be sure to reach out if there’s anything I can help with?
[+] [-] _1qd4|5 years ago|reply
My personal heroku account uses my personal email address, eg. [email protected], but my enterprise account uses my full name, eg. [email protected].
There's a sneaky CRM tool floating around that is connecting the dots on people.
[+] [-] Koshkin|5 years ago|reply
[+] [-] njkleiner|5 years ago|reply
One of the things I liked most about Ubuntu is that the installation process is incredibly easy and everything "just works". Does anyone know a good alternative?
I'd love to go all in on Alpine, but using it on the desktop doesn't exactly spark joy.
[+] [-] scrollaway|5 years ago|reply
"Just works" type desktop: Don't use linux. Personally, Arch is my go-to desktop and IMO if you can't deal with that, just use macOS or something. There's lots of things that don't "just work" on Linux even today. Bluetooth audio for example has a lot of problems and those will be present cross-distro.
The distros have less and less meaning nowadays, they're just what software is shipped in repos and initially. Ubuntu does a lot of custom shit so you want to stay away from them. Debian is constantly out of date but if you don't mind that it's still a solid distro. Fedora has always been pretty good as well but imo is straight up worse than Arch for sort-of-the-same philosophy.
[+] [-] jeofken|5 years ago|reply
[+] [-] JaggedJax|5 years ago|reply
[+] [-] simosx|5 years ago|reply
[+] [-] GekkePrutser|5 years ago|reply
Though I switched to FreeBSD myself for my desktop.
[+] [-] kache_|5 years ago|reply
[+] [-] _abox|5 years ago|reply
It's indeed annoying. It's not as bad as this example because it's the same company I already deal with, which actually makes this legal in Europe. But as someone who is (admittedly) very anti-commercial it annoys me.
The strong ties between MS and Canonical are also one of the reasons I dropped Ubuntu from my private life.
Another thing that really annoys me about this is that MS removed the "block sender" option in their "New and redesigned!!" version of Outlook for Mac. In many ways the UI of the new version is much better but I strongly relied on that version. They kept the "mark as spam" but it doesn't guarantee that sender is forever blocked.
[+] [-] waylandsmithers|5 years ago|reply
[+] [-] galacticaactual|5 years ago|reply
[+] [-] noisy_boy|5 years ago|reply