Dev creeped out after he fired up Ubuntu VM on Azure, was immediately approached by Canonical sales rep

I always feel like somebody's watching me

Updated An Azure customer was outraged after finding himself on the receiving end of an unexpected LinkedIn message from Ubuntu maker Canonical last night.

The user, Luca Bongiorni, had spun up an instance of the Linux distro on an Azure corporate subscription in order to evaluate some tooling. Sensibly, the subscription is used as a sandbox for the purpose of testing.

Upon clicking "Add new VM", the first option was Ubuntu 18.04, according to Bongiorni, which he selected in order to get his Linux kicks. Shortly after, however, a message turned up from an Enterprise Development representative at Ubuntu with the ominous phrase: "I saw that you spun up an Ubuntu image in Azure," and offering to be a point of contact.

I would not have deployed that if I knew someone would stalk me outside corporate channels

Was Canonical somehow aware of what an Azure customer was doing on the dashboard?

The Register spoke to Bongiorni, who confirmed the sequence of events and noted that "Azure Portal's UI didn't provide any insight on whether that Template was coming with a specific ToS" as he cheerfully chose Ubuntu.

It's a reminder to always check the small print (and icons) as, indeed, the implications of the orange icon were not clear to him. Particularly not that his data would be shared.

"The creepiest thing," he said, "[was] the direct contact on my private LinkedIn account" – which he noted did not share "the same corporate email. Which means that Canonical sales hunted my name down into social medias to reach me directly."

Microsoft and Canonical are certainly good chums. The companies recently boasted of the one-year anniversary of "a partnership that delivers the best and most secure open source for customers" and a co-sell model launched back 2019 that was step up from mere passive engagement.

Certainly, a cold-call message out of the blue would not come under the description of "passive".

While the thought of Canonical's engineers peering over one's virtual shoulder with the tacit approval of Microsoft might appeal, the explanation is likely a little simpler. A look at the terms for the Azure Marketplace throws up this sentence: "If you purchase or use a Marketplace Offering, we may share with the Publisher of such Offering your contact information and details about the transaction and your usage."

A hunt around Ubuntu's legals (as noted by Twitter user @dezren39) shows a whole section giving the company the green light "To market our products or services to you."

Bongiorni reckoned that the sharing of data was "in some ways" understandable when spinning up a third party's template on Azure, but added: "Make it very clear when you are going to pick a specific VM from the Azure Portal UI.

"I would not have deployed that if I knew someone would stalk me outside corporate channels."

Certainly, something a bit clearer than a little orange icon would be useful to indicate the imminent deployment of the stalkerbots. Or maybe just not doing it at all, hmm?

We asked Microsoft and Canonical for comment but have yet to receive an explanation from either. AWS commentator Corey Quinn reacted in colourful fashion:

And Bongiorni? He told us he was considering a switch to a different provider, likely based in Europe, "just to be sure there will be more transparency and more GDPR openness."

He also highlighted a further wrinkle in the story. If Canonical, as an Azure Marketplace Publisher, are handed information about anyone using its templates, could a hypothetical malicious publisher also receive similar?

"I am very curious to know what else these 'publishers' are getting from Microsoft about me and the machines I spun over the time that relied on their templates."

Updated at 1000 UTC on 12 February to add

Following publication of this article, Canonical responded to our calls for comment with a written statement:

"As per the Azure T&Cs, Microsoft shares with Canonical, the publisher of Ubuntu, the contact details of developers launching Ubuntu instances on Azure. These contact details are held in Canonical’s CRM in accordance with privacy rules.

"On February 10th, a new Canonical Sales Representative contacted one of these developers via LinkedIn, with a poor choice of word. In light of this incident, Canonical will be reviewing its sales training and policies."

Microsoft also sent us a canned remark:

"Customer privacy and trust is our top priority at Microsoft. We do not sell any information to third-party companies and only share customer information with Azure Marketplace publishers when customers deploy their product, as outlined in our Terms and Conditions. Our terms with our publishers allow them to provide customers with implementation and technical support for their products but restricts them from using contact details for marketing purposes." ®

Send us news

Microsoft has made Azure Linux generally available. Repeat, Azure Linux

Come for the Kubernetes, stay for the containers

Microsoft rains more machine learning on Azure cloud

No surprise: Nvidia is in the picture

EU monopoly cops probe complaints about Microsoft Azure

Over in the US, FTC panel on cloud homes in on restrictive software licensing

Microsoft tries a deeper dive into Azure Firewall traffic

If the flow slows, you need to know why

Microsoft decides it will be the one to choose which secure login method you use

Certificate-based authentication comes first and phones last

Microsoft offers electrical engineers a lifeline as it pursues custom cloud silicon

Redmond see, Redmond do... what AWS and Google are also doing

Microsoft Azure CTO believes confidential computing is the future of targeted advertising

Wait... what?

Microsoft touts bigger, faster Azure VMs as data deluge grows

NVMe storage should mean better performance for data-intensive workloads, says tech giant

Developers now able to 'customize' their Azure Virtual Desktop experience

Build your own ‘golden images’ and then connect 'em to more stuff, says Microsoft

Boss fight cleared: Europe approves Microsoft's Activision takeover

Completing a tough level doesn't mean squat if you can't defeat UK and USA

Microsoft would rather spend money on AI than give workers a raise

At least that's what internal comments from the CMO make it sound like

Microsoft wants you to think inside the Dev Box from July

If you like the idea of building software on Windows in the cloud, this may be for you