Ubuntu Is Removing “Popularity Contest” Package From New Installs

Ubuntu will no longer be shipping the package known as “Popularity Contest” in the default configuration for new installs of Ubuntu but what does this really mean? Well, not that much actually. I wrote this article to clarify what this package is, what it does, and why the removal of it doesn’t matter.

The following is the description of PopCon provided by Ubuntu on the popcon.ubuntu.com webpage:

The popularity contest project is an attempt to map the usage of Ubuntu packages. This site publishes the statistics gathered from report send by users of the popularity-contest package. This package sends the list of packages installed and the access time of relevant files to the server weekly. Every day the server anonymizes the results and publishes this survey.

Source: popcon.ubuntu.com

Does this mean that Canonical has been tracking users of their operating system without their consent for years using this PopCon package? No, no it doesn’t.

Before we go into the details, let’s go ahead and list the important info for those who prefer the TL;DR style of content.

TL;DR aka “Too Long ; Didn’t Read”:

  1. Popularity Contest (PopCon) is a package that was created by Debian in 1998 and is still maintained by Debian (more info at popcon.debian.org)
  2. PopCon is Opt-In, and always has been, for both Debian & Ubuntu so in order to participate in the popularity contest project you have to manually enable it.
  3. PopCon has been installed by default in Ubuntu since 2006 but again, does not send data unless enabled by the user.
  4. Ubuntu discovered that PopCon is no longer working in Ubuntu so they decided to remove it instead fixing it.

Now let’s get to the details:

Canonical‘s Michael Hudson Doyle announced on the Ubuntu Community Hub that they will be removing this package from future installs and this resulted in some misinformation being published in the wider Linux Ecosphere.

“We are planning to remove the ‘popularity-contest’ package from the standard seed, meaning that new installs will not include it. This package is intended to report (anonymously) the most installed packages on Ubuntu systems to the Ubuntu developers. It turns out the package and backend have both been broken since 18.04 LTS without being much missed so we have decided to remove the package from the default install and discard the Ubuntu delta for the package.”

Source: Michael Hudson Doyle from Ubuntu Community Hub

PopCon is a package created and maintained by the Debian distribution, the upstream distribution for Ubuntu. PopCon was first released in Debian on October 24th, 1998 by Avery Pennarun and the latest release, at the time of writing, was on March 30th, 2020 by Bill Allombert. Debian created this package in order to learn more about how the distribution was being used by said users about 6 years before the creation of Ubuntu.

PopCon is a project that is Opt-In meaning that in order to send data from the user’s computer to the distro’s servers, the user must first agree to do so and manually enable the package to participate.

PopCon is not installed by default in Debian so the user must install it first before Opting In where as in Ubuntu it has been pre-installed since 2006 (beginning with Ubuntu 6.10). Ubuntu has had PopCon preinstalled for quite some time but it requires the user to choose to participate in the project before sending data.

“What does this mean to me as a current user of Ubuntu?”

So what does this mean for current users of Ubuntu? Not much at all. Canonical noticed that the popularity contest package no longer works in Ubuntu so they are removing it but even when it did work it required the user to activate it.

I’d even go as far as to say that you don’t need to bother with removing the package on current installs because the size of the installed package is just 129 kB and it’s not doing anything unless you activated it.

If you do decide to remove it, keep in mind that the process will also remove the ubuntu-standard package. This is a meta-package that tells Ubuntu which packages to pull in as part of the ‘standard’ install and it is typically advised to not remove this type of package.

What do you think?

There are other mechanisms for Ubuntu and other distributions use to learn about the usage of the distros which I would argue is a good thing when handled properly. The reason having data is a good thing is because otherwise they’d be making decisions blindly without context of what results those decisions have. The key to my opinion is the “handled properly” portion such as anonymized and collecting ethically with the users’ knowledge. I don’t think data collection is automatically a bad thing provided it’s handled properly, but what do you think?

What do you think of this news? Were you aware of the Popularity Contest project before this news? Do you care that it is currently installed even though it’s not doing anything? Let me know in the comments below.

Share this post

Twitter
LinkedIn
Reddit
Threads
Facebook
Email

Comments:

  1. Thanks for the article about PopCon. I was under the impression that the information that it gave back to Ubuntu/Debian was more limited than you’ve explained. I’m appalled at the amount of information that is sent and the possibility for abuse. In my opinion, if they’re going to collect all this information on a regular basis, then the owner of the computer should be reminded on a regular basis, and given the opportunity to see what is sent and turn it off.

    I no longer recall whether I opted-in to PopCon on all of my machines, but I know that my opinions about data collection have changed over the years. If someone were interested, they’d know a lot about when and where you use your computer, what applications you use, what libraries are installed, and if you use a vpn to mask your address.

    A possible way to improve the article would be to include information about how to know if you opted-in, and how to opt-out again. Personally, I’m going to remove the package on my ubuntu based machines even though it also removes ubuntu-standard. I’m also going to remove ubuntu-report as discussed in this article:

    How to stop ubuntu from collecting data about your PC

  2. The point of the article is that by default PopCon sends absolutely nothing and I saw some articles acting like this is a removal of tracking people but they weren’t being tracked anyway without voluntary inclusion.

    I think these articles about removing this “data collection” aimed at scaring people is very much misguided and is mostly “for clicks”.

    Ubuntu 18.04 collects data about your PC’s hardware and software, which packages you have installed, and application crash reports, sending them all to Ubuntu’s servers. You can opt out of this data collection—but you have to do it in three separate places.

    This linked article is quite flawed:

    1. the command it tells you to run to stop ubuntu-report is exactly the same thing that ubuntu-report does automatically if you just say no in the installer. . . .aka this is a pointless thing to tell people to do. It accomplishes nothing.
    2. removing popularity-contest is unnecessary because it doesn’t do anything by default
    3. apport is only sending crash reports which is a good thing if people expect them to fix anything.
  3. You are pointing out that no information is sent back if we just went with the default during installation. I think these articles are still useful because some people don’t remember what they chose during installation. Personally, I don’t remember if I enabled either of these programs during installation. As yet, I haven’t found a method of determining if they are active or not. . . . Okay, I only spent about 15 minutes searching with DuckDuckGo, so the answer is probably out there somewhere. By uninstalling the programs, I’m more confident that information isn’t going out without my knowledge.

    Personally, I didn’t disable the crash reports, but there are good reasons to do so. No matter what operating system you use, crash reports can contain passwords and privileged information. If I was working with Top Secret information, or doing something seriously illegal, I’d look into disabling crash reports.

  4. The reason I say this article is not useful is because it is telling you things that are incorrect.

    1. ubuntu-report is the only thing you are asked about during install. If you say No then you have already have done the same thing they are telling you to run. There is absolutely zero value in running that command again. This is a pointless thing to tell people to do.
    2. Users are not asked anything related to PopCon during install and never have been. If you did not manually activate it in your Software Sources Settings then it was never activated and there is no reason to bother with removing it. This is a pointless thing to tell people to do.
    3. apport is for crash reports only and it has existed in Ubuntu for years, it wasnt until 20.04 that they turned it on automatically because they realized people just didnt care to send them. Prior it always popped up with messages like “crash detected” and then a thing to send reports but most people didnt send reports. If you look at the report the data is anonymized and only relevant to what the crash is about. It doesn’t send irrelevant data just stuff related to whatever crashed. This being removed is a pointless thing to tell people to do and arguably a negative thing to tell people.

    So to recap:

    1. if you said no then you already answered that and the command is pointless.
    2. you were not asked about PopCon because they have never asked about PopCon so you didnt enable it because it didnt ask you. Therefore it is guaranteed disabled as that is the default setting.
    3. there are not any good reasons to disable the crash reports because the crash reports apport sends DO NOT contain any passwords or privileged information. This is worrying about Canonical being a different company but they arent those companies.
  5. Are you responding to this thread solely based on your understanding of Canonical Ubuntu distributions? I’ve used many OS versions on my machines. I can say for certain that the question about PopCon was asked during some of the installations, and sometimes I chose to enable it. I don’t recall if I was installing an ubuntu-based installation at the time. In my cursory search on the internet, I did not find a way to determine if I had enabled ubuntu-report or PopCon during installation. I suppose that I could have wiped my machines and performed a clean install - choosing not to allow ubuntu-report and PopCon. For me it was easier to uninstall the applications.

    I do not share your level of trust in the people and organizations who might control the programs that collect data on our machines - or the people who might intercept that data. I do not believe that you can state for certain that a crash report for a communications program like Remmina or Thunderbird will not contain privileged information.

    From what I’ve read in the security news, ‘anonymized data’ is usually not all that anonymous. I’ve reached the point in my life where I don’t like the idea of some business or government compiling data about me. I’m resigned to the fact that there’s no reasonable way for me to prevent it completely, but that doesn’t mean that I need to make it easy for them. I’m sure you’re familiar with the security principle of Least Privilege. Applying that principle to my computing choices means that I feel safer if I only install the programs that I actually use, and remove any bloat that I can. In my experience, this gives me the advantage of leaner, faster computing, with less disk utilization, lower memory requirements, and less time and bandwidth spent patching programs that I don’t need.

    I suspect that I can’t convince you to be more concerned about safeguarding your privacy, and I’m okay with that.

Join the discussion at forum.tuxdigital.com

4 more replies

Participants

Avatar for vinylninja Avatar for MichaelTunnell Avatar for OldFart