One of the major advantages of free software is that the community protects users from malicious software. Now Ubuntu GNU/Linux has become a counterexample. What should we do?
Once in a while, users who know programming find that a free program has malicious code. Generally the next thing they do is release a corrected version of the program; with the four freedoms that define free software (see http://www.gnu.org/philosophy/free-sw.html), they are free to do this. This is called a "fork" of the program. Soon the community switches to the corrected fork, and the malicious version is rejected. The prospect of ignominious rejection is not very tempting; thus, most of the time, even those who are not stopped by their consciences and social pressure refrain from putting malfeatures in free software.
But not always. Ubuntu, a widely used and influential GNU/Linux distribution, has installed surveillance code. When the user searches her own local files for a string using the Ubuntu desktop, Ubuntu sends that string to one of Canonical's servers. (Canonical is the company that develops Ubuntu.)
This is just like the first surveillance practice I learned about in Windows.
rest here