Skip to content

Instantly share code, notes, and snippets.

@X448NAX

X448NAX/daisy.ubuntu.com-whoopsie-guide.md

Created December 26, 2021 22:35
Show Gist options
  • Save X448NAX/15689164f4400dc370a04659f74c133e to your computer and use it in GitHub Desktop.
Save X448NAX/15689164f4400dc370a04659f74c133e to your computer and use it in GitHub Desktop.
Download ZIP
"What the hell is daisy.ubuntu.com? How do I get rid of it from my DNS logs?"
Raw
daisy.ubuntu.com-whoopsie-guide.md

What is daisy.ubuntu.com? What is whoopsie?

daisy.ubuntu.com is a domain Ubuntu phones home to with "diagnostic infomation". In plain English, it is a tracking domain.

whoopsie is the process on Ubuntu that phones home to the above domain.

How do I stop it?

Open a terminal and run this:

sudo apt remove whoopsie

Sorry to disappoint if you were expecting a long complex tutorial because that's it.

I did that and I still see new requests for daisy.ubuntu.com pop up.

Are you sure you ran it on every computer on your LAN that uses either Ubuntu or a derivative of Ubuntu? It is very possible (although I have obviously not checked every single Linux distro based on Ubuntu) the requests are coming from one of the many other distros based on Ubuntu like Mint or Zorin.

If you are sure, reboot your Ubuntu machines, and if the requests continue, take a deeper look at the devices connected to your WiFi network.

Do I have to worry about Ubuntu Server?

Previous reports regarding whoopsie state it comes on both the desktop and server varients, but when I say "previous" here I mean like 2012.

As far as modern versions of Ubuntu from this century go, I have tried running sudo apt remove whoopsie on every new Ubuntu VPS I set up since discovering this just to be safe. All of them have said the package couldn't be found.

That said, VPS providers almost always modify their images, and I don't run Ubuntu Server locally at the moment, so I'm not sure if it still comes with the vanilla image direct from Canonical.

Might as well run sudo apt remove whoopsie to check. If you have an answer on this please leave it in the comments along with the version of Ubuntu Server you're using!

Desktop version still ships with it though for sure.

Is it safe?

It claims to not send any information anywhere until the user opts to send the diagnostic report. Like anything that comes with Ubuntu it is open source and people who've audited the code have found this to be true, despite pinging daisy.ubuntu.com daily.

However in 2019 alone five exploits together making up a privilege esculation vulnerability were found in the service. Here is a writeup by GitHub.

So even if you aren't overly paranoid on the privacy end, unless you really like to send crash reports, it's a good idea to remove this service to reduce your system's attack surface regardless.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment