All new scopes are ignoring the privacy setting for Phone only

with the old scopes, the user had basically now control where his data was sent when doing a search on the home scope. The query went to the smart scope server and eventually to any recommended scope. Example: user typing "ter" in home scope just to start "terminal" app resulted in sending this query to e.g. Amazon. That's why the scopes privacy flag was introduced.

However, the situation with the new scopes is slightly different. No scopes are automatically queried without the user having any control over it. The scope scope just returns a list of recommended scopes, but does not query those (with some exceptions like wiki or weather). After getting a scope recommendation list, a user consciously selects a scope to query. Additionally, the user will be able to un-/favor scopes, e.g. unfavor the aggregating music scope (e.g. querying grooveshark) and just favor the local music if he doesn't want any remote source to be queried. So, to summarize, less magic, more control to the user to which scopes to actually query.

From that point of view, the question is if we really need the scope privacy flag in future. I mean we don't have the equivalent on the app side neither, if a user is deeply concerned about data leaving his phone then he should be turning off the data connection altogether.

Possible options to go forward:
1) Remove the scopes privacy flag because there is more control to the user.
2) Keep the privacy flag, with that trust the "trusted" scopes to not query the internet (we cannot enforce this), and utilize the
confinement to prevent running any untrusted scopes querying the internet.

After chatting with thostr, I agree that the new scopes design does not really benefit from a global setting that disables remote searches as the user now searches scopes explicitely. Instead there should be a visual hint that gives users an obvious clue whether his search will get leaked to the scope provider or not.

Right but the bug remains a blocker then till the settings team removes the setting which gives people upgrading from the last promoted image a false impression that nothing is being forwarded to scopes and this hint lands then right?

discussion continues on IRC. seems the current implementation might indeed be too confusing wrt to privacy behaviour. We will talk about this some more with internal stakeholders to ensure we do things with extra care...

Er... you mean, even after all the controversy over amazon results in the dash, we might *not* provide a global opt-out setting for online searches? That sounds like it'll go over pretty badly.

Hopefully we'll at least make it easy to uninstall/disable scopes?

With the new scopes, queries don't go randomly in the universe without the user knowing, e.g. amazon would only be queried if the user explicitly chooses the amazon scope.

In any way, we'll be fixing the issue for now, but revisit the setting later on.

In image 283, the "phone only" setting appears to prevent online scope searches.