A week ago asking this question of Microsoft or such would have got me labelled as paranoid, and asking this question about Ubuntu would have seemed plain stupid, bordering offensive.
Then we found out that there's been a "$250m-a-year US program works covertly with tech companies to insert weaknesses into products".
This is (evil) genius: if you insert secret weaknesses into software or services, e.g. SSL key generation, then your job of breaking in to steal data is made a lot easier. In deed, this is why those agencies can now apparently decrypt a fair bit of SSL traffic on the fly.
I felt smug, thinking open source saves the day: hard to introduce code that does something daft when everyone's looking (much much easier in closed source world). Although this can still happen, e.g. Debian's massive SSH key fail of 2008.
Back then, people at slashdot were asking who introduced the change that nobody noticed and which left the OS wide open.
It seems that with a $250m budget you've got various options to pay someone to try to sneak in vulnerabilities unnoticed, either out in the open or, as in the Debian case, more internal. This $250m has been used to bribe companies. So what of Canonical? I love Ubuntu and have always trusted it, but knowing they're (a) a company and (b) short of cash, made me think: actually they're in quite a good position to do such evil bidding. I mean sending all your local searches off to amazon seems nothing compared to what they could do, after all, as Shuttleworth says We have root!
The German Government recently spotted that they can't trust Windows 8 machines, will they move to Ubuntu? (they're rather partial to Debian anyway.)
I posed the question in a provocative manor, but I believe it's valid; I'm not seeking opinion, nor rants, but wanted to see if anyone could answer categorically No (and back that up with evidence).
