How Canonical’s Snap Strategy Undermines Linux Security and User Choice

Forced Snap Installations and Performance Impact

On Ubuntu 24.04, installing chromium-browser via sudo apt install chromium-browser silently pulls in snapd and installs the Snap version of Chromium, without any warning or user consent. Similar silent migrations affect Firefox and Thunderbird, increasing launch time from about 2 seconds (deb) to 12 seconds (Snap).

Timeline of Controversial Decisions (2012‑2026)

2012 : Amazon Shopping Lens embedded in desktop search, labeled a severe privacy issue.

2013 : Canonical receives the Austrian Big Brother Award for Shopping Lens.

2016 : Amazon integration finally removed in Ubuntu 16.04.

2019 : Chromium forced to use Snap in Ubuntu 19.10; apt install silently triggers Snap download.

2020 : Linux Mint 20 drops Snap support entirely.

2022 : Ubuntu Pro advertisements appear during apt upgrade.

2024 : Firefox and Thunderbird moved to Snap; malicious cryptocurrency wallet clones flood Snap Store.

2025 : Introduction of Ubuntu Insights telemetry system.

2026 : Domain‑resurrection attack hijacks expired Snap Store publisher domains, allowing malicious updates.

Supply‑Chain and Security Failures

Fake cryptocurrency wallet apps (Exodus, Ledger Live, Trust Wallet clones) have been distributed through the Snap Store, stealing users’ recovery phrases. In January 2026, a former Canonical developer discovered that attackers purchased expired publisher domains, reset credentials via email, and pushed malicious updates to at least two accounts (storewise.tech and vagueentertainment.com). The lack of mandatory two‑factor authentication and domain‑expiry monitoring demonstrates a fundamental supply‑chain security lapse.

Closed‑Source Snap Store vs Open Alternatives

While the Snap tooling (snapd, snapcraft.io) is open source, the backend Snap Store is proprietary and closed. Users cannot run their own store or add alternative repositories; every Snap installation contacts Canonical’s servers. In contrast, Flatpak’s Flathub is open, and distributions like Fedora host their own stores, preserving the principle that software distribution should not be monopolized.

Advertising and Telemetry Intrusions

Since around 2022, Ubuntu terminals display Ubuntu Pro ads during apt upgrade. The messages are generated from a template file in /var/lib/ubuntu-advantage/messages/. This mirrors the 2012‑2016 Shopping Lens episode, where user privacy was compromised for corporate promotion.

Impact on Users and Viable Alternatives

Linux Mint and Fedora, both using Flatpak, avoid Snap’s performance penalties, telemetry, and adware. Mint’s 2020 decision to disable Snap by default demonstrates a community‑driven response to Canonical’s centralization. Flatpak applications launch 20‑40 % faster and share runtimes instead of duplicating libraries.

Recommendations

If you run Ubuntu on a personal workstation, try Linux Mint or Fedora for a month; both respect user choice and lack terminal ads.

For Ubuntu servers, Ubuntu Pro may be justified, but monitor the Ubuntu Insights telemetry extensions closely.

When recommending a distro to newcomers, consider Mint over Ubuntu due to its cleaner experience and lack of legacy Snap baggage.

Canonical’s 2024 revenue of $292 million, an 88 % gross margin, and $144 million cash reserve indicate it could secure the Snap Store properly, yet it continues to prioritize forced distribution and neglect basic security hygiene, betraying the trust of the Linux community.