A scammer got a fake version of Exodus wallet in Canonical’s Ubuntu snap store. This fake scam wallet drained nearly half a million USD worth in cryptocurrency from a user. [1] The scammer was able to fake Exodus wallet’s logo without anyone from the company or Canonical noticing. [2] It sucks for that guy who lost so much. But the even sadder part is that Ubuntu just doesn’t get it. Quoting Mark Shuttleworth, CEO of Canonical,
“cryptocurrency is largely a cesspit of ignoble intentions even if the mathematics are interesting”,….. Additionally, Shuttleworth also opened an additional forum post to discuss requiring “more comprehensive proof of publisher identity for every publisher” for Snaps. [3]
Mr. Shuttleworth,
Your comments about cryptocurrency being a “cesspit” represent a gross misunderstanding of the purpose of Linux. The primary reason to use open source tools to begin with is to empower the end-user over the institutions that administer it, who may not put the user’s freedom as a priority. Therefore, it’s ludicrous to honor open source operating systems for privacy, but dismiss open source money.
A Linux distribution is a package manager, where your goal is to vet software. Instead of doing a good job at this, Canonical seeks to undermine the authority of all other Linux distributions. You want to pretend Snaps are all about cross-platform distribution, when really it’s just Canonical attempting to act as a gatekeeper. This is done by forcing unpopular technology that is slow to start on graphical environments. The fact that Canonical continues to double down on “Slow GUI” Snaps, shows they only care about enterprise servers without GUIs, and therefore a complete disregard for the home end-user.
Further, you don’t even understand crypto. Exodus wallet isn’t open source. So Exodus is dangerous to begin with and the benefits of even using Linux and crypto are lost when users trust a black box wallet.
Finally, your comments regarding forcing KYC to publish software on Ubuntu’s Snap Store are uneducated. Please go read the Wikileaks book, because you will not even make it past chapter 1 without learning the US government enslaves foreigners with debt through the World Bank, and murders and genocides millions through their foreign policy. Some choose to resist this through violence. Others write code that empowers us to resist the empire’s surveillance, so that we may be free. This is the only real purpose in Ubuntu. And by forcing KYC, you choke off meaningful development from anonymous devs who can’t comply with bullshit regulation. Especially, in the EU with their new liability laws regarding FOSS.
Banks can confiscate your funds at any moment, and so this is why some use Ubuntu. Because cryptocurrency on Linux is the only thing you can ever really own. So Mr. Shuttleworth, how can you stop scams?
1) Closed source crypto apps should get a manual overview. These are the highest risk.
2) Instead of asking for KYC, ask for a PGP sign from the same key used on the developer’s other releases. (for example Exodus Debian packages)
Now I’m done talking to Shuttleworth and I turn to you.
The reason these issues are not addressed is pessimism. Only because people believe it doesn’t matter, and their actions are meaningless do they do nothing. Well, I got some news for you, but a different vendor emailed us a few days ago, and they are doing the work to remove some Big Tech from their site, thanks to you helping these articles trend.
And so if you share this, you say to Ubuntu and all those forcing KYC to slowly creep into all aspects of our lives, that we will not stand by and let our freedoms be taken. That inside you is optimism and hope. And if Shuttleworth will not listen, someday Ubuntu will share the same fate as Ubuntu Phones. And it’s US dollars that are a cesspit of ignoble intentions.
The sources for this article can be found here.
Arweave Log: z9CyOfnzQcxC5g2J-xuOmdQCrpkuD2YDqrIINsFRi74