This by itself is a problem because nobody intends to search Amazon for sensitive personal information. For instance, someone might search for a file with a social security number, or with a specific text string that is in no way intended to be read by anyone else. They're ostensibly searching through their own local file system, after all, and the thought that by default that search string will be sent out to not one, but two, third parties is extremely disturbing. Further, as Etienne notes, while the query source IP address is proxied, the new feature goes directly to Amazon to download thumbnails and such to display the results. This makes it trivial to match queries with the original IP address -- for every single search you do through the Unity Dash. That's wrong on so many levels, I don't even know where to start.
Now, since this mess blew up, Ubuntu has started to backtrack somewhat. There's a method to uninstall the new feature through the command line ("sudo apt-get purge unity-lens-shopping"), and very recently, Canonical announced that it is working to incorporate this feature into the global privacy manager to allow users to disable this in the GUI, although that appears to have some caveats as well.
But the fact remains that, as of now, Canonical is planning on leaving this poorly conceived and implemented feature in the next release of Ubuntu -- and leave it on by default.
There have been times in the past when various changes to distributions and even core open source packages have been poorly received by the community, and generally, the community as a whole responds by heading in a different direction. See the X11 versus X.Org situation for an example. I don't think that integrated Amazon search alone will cause a massive backlash against Ubuntu, but it will definitely give privacy minded users cause to consider alternatives -- and to recommend those alternatives to others.
That by itself is a blemish on Ubuntu's generally stellar record. But the biggest problem I have with the Amazon debacle is another comment by Shuttleworth: "Don't trust us? Erm, we have root. You do trust us with your data already." That level of hubris from the founder of Ubuntu, in the face of what is clearly a bad idea badly implemented, should leave everyone with a bad taste in their mouth. If this idea can make it to the next Ubuntu release, then what other bad ideas are floating around? What's next? Why should we maintain that trust?
So fine, Mr. Shuttleworth. You have root. But not on my box. Not anymore.
Sign up for Computerworld eNewsletters.