Re: Metrics and your privacy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Bruno Wolff III wrote:
Whereas if you collect via yum mirrors, there is a transaction going on initiated by the user that he benefits from. It seems hard for anyone to object to your IP getting used for anonymous aggregated stats in such a case, in fact if I visit any website I expect to have the same done for my visit from their logs (esp if they are on Google Analytics). 

The data can't just be stored as anonymous aggregated data since you need to
check for unique IP addresses. You could do hashing, but that wouldn't buy
very much privacy until ip6 is common. Still it would be nice if Fedora
had an official policy on when the IP data (as opposed to the aggragate data)
would be deleted.
No I'm not sure there is any point "checking for unique IP addresses". The nature of what the clients are doing with the mirrors is that each client is only going to pull a package once. So you can do the Geo stuff on the IP and just keep that, and examine the logs only for GET.*\.rpm
It would be cool to generate a GUID per machine and attach it to yum download URLs, eg, http://mirror.org/blah/thing.rpm?GUID=123-123-123.. so it is ignored by the server but is present in the logs. But the logs are still useful without it. 

Definitely don't do this.


It doesn't seem necessary on further thought.
Making a new machine check for updates at least once as soon as it saw the network was up would be a friendly and non-privacy threatening action that would solve this... 

No it wouldn't be friendly. I don't like that yum checks for updates on first
boot before I have a chance to turn it off.
This later turned into a "can I check for updates [y/n]" suggestion which is hopefully more compatible with your view. 


 3. Machines behind a local yum cache
Whatever tools are provided to run the yum cache should have the repo log processing stuff folded into them, and report stats up to Fedora HQ by default. But a user should be able to turn it off. 

Definitely not, but especially not by default.
Well I don't understand why you would say "definitely not" even if the thing is opt-in. 


One of the reasons I like free software is that it doesn't (normally) try to
spy on you.

Currently Fedora is a pretty good fit for me, but if it turns into spyware,
I will be looking at other options. (Though in the short run I would probably
look at respinning the install DVD to include modified packages without the
spyware.)
Hum none of this is "spyware". I just need to look in your mail headers and I see your IP address: the mirrors already have it anyway. The other information we discuss is if you took update packages, which and how many. 

-Andy
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux