Oddbean new post about | logout
 Ubuntu Bitcoin Hack, yet CEO is still clueless

A scammer got a fake version of Exodus wallet in Canonical’s Ubuntu Snap Store.  This fake scam wallet drained 9 Bitcoins (worth nearly half a million USD) from a user.  [1] The scammer was able to fake Exodus wallet’s logo and images without anyone from the company or Canonical noticing. [2]

Quoting Mark Shuttleworth, CEO of Canonical, "cryptocurrency is largely a cesspit of ignoble intentions even if the mathematics are interesting",….. Additionally, Shuttleworth also opened an additional forum post to discuss requiring "more comprehensive proof of publisher identity for every publisher" for Snaps. [3]

Mr. Shuttleworth,
Your comments about cryptocurrency being a “cesspit” represent a gross misunderstanding of the purpose of Linux.  It’s ludicrous to honor open source operating systems for privacy and freedom, but dismiss open source money.

A Linux distribution is a package manager, where your goal is to vet software.  Instead of doing a good job at this, Canonical seeks to undermine the authority of all other Linux distributions.  You want to pretend Snaps are all about cross-platform distribution, when really it’s just Canonical attempting to act as a gatekeeper.  This is done by forcing unpopular technology that is slow to start on graphical environments.  The fact that Canonical continues to double down on “Slow GUI” Snaps, shows they only care about enterprise servers without GUIs, and therefore a complete disregard for the home end-user.

Finally, your comments regarding forcing KYC to publish software on Ubuntu’s Snap Store are uneducated.  Please go read the Wikileaks book, because you will not even make it past chapter 1 without learning the US government enslaves foreigners with debt through the World Bank, and murders and genocides millions through their foreign policy.  Some choose to resist this through violence.  Others write code that empowers us to resist the empire’s surveillance, so that we may be free.  This is the only real purpose in Ubuntu.  And by forcing KYC, you choke off meaningful development from anonymous devs who can’t comply with bullshit regulation.

So Mr. Shuttleworth, how can you stop scams?

1) Closed source crypto apps should get a manual overview.   These are the highest risk.
2) Instead of asking for KYC, ask for a PGP sign from the same key used on the developer’s other releases.  (for example Exodus Debian packages)

Now I’m done talking to Shuttleworth and I turn to you.
The reason these issues are not addressed is pessimism.  Only because people believe it doesn’t matter, and their actions are meaningless do they do nothing.  Well, I got some news for you, but a different vendor emailed us a few days ago, and they are doing the work to remove some Big Tech from their site, thanks to you helping these articles trend.

And so if you share this, you say to Ubuntu and all those forcing KYC to slowly creep into all aspects of our lives, that we will not stand by and let our freedoms be taken.  That inside you is optimism and hope.  And if Shuttleworth will not listen, someday Ubuntu will share the same fate as Ubuntu Phones.

Sources: https://simplifiedprivacy.com/ubuntu-crypto-snap-scam/