On Wed, 2006-11-22 at 13:19 +0000, James Wilkinson wrote: > Andy Green wrote: > > If there is a gratuitous connection action for statistic-collecting > > purposes, it would be best to ask. But then you lose some information > > from the people who for whatever reason said no. > > I think there is, and will remain to be, a large amount of suspicion > about programs which contact sites on the Internet when this is not > reasonably expected by their users. Fedora and Red Hat have a lot of > goodwill in many quarters (especially on this list), but this will not be > shared by users who are new to Linux. > > There may be situations where government or other organisations expect > non-employees (e.g. students, people who need to interface with them) to > use Fedora. [1] In this case, the rumour that the computer was spying on > you could be damaging. > > > Whereas if you collect via yum mirrors, there is a transaction going on > > initiated by the user that he benefits from. It seems hard for anyone > > to object to your IP getting used for anonymous aggregated stats in > > such a case, in fact if I visit any website I expect to have the same > > done for my visit from their logs (esp if they are on Google > > Analytics). > > Agreed. > > > It would be cool to generate a GUID per machine and attach it to yum > > download URLs, eg, http://mirror.org/blah/thing.rpm?GUID=123-123-123.. > > so it is ignored by the server but is present in the logs. But the logs > > are still useful without it. > > I'm not sure how this would play with European data-privacy laws, > especially in cases where one can tie an IP address to an individual. > > > 1. Machines that never update at all even once > > > > Making a new machine check for updates at least once as soon as it saw the > > network was up would be a friendly and non-privacy threatening action that > > would solve this... > > On a related subject -- may I propose that the standard Fedora web > browser home page (which is common to l*nx, Firefox, Konqueror and other > web browsers) as distributed in ISO images points users to the need to > upgrade ("Welcome to Fedora. Please upgrade now! Here's how."), and that > this is replaced > > > 3. Machines behind a local yum cache > > > > Whatever tools are provided to run the yum cache should have the repo > > log processing stuff folded into them, and report stats up to Fedora HQ > > by default. But a user should be able to turn it off. > > Again, you may need to inform the user that this was being done, since it > would be a change of functionality where there had been an expectation of > privacy. > > James. > > [1] For example, there are a number of computers on my company's network > which are provided by shipping companies so we can enter details of > shipments we are sending. I remain surprised that they chose Windows for > this, and not a locked down Linux. > > -- > E-mail: james@ | "WARNING: Letters may be used to construct words or > aprilcottage.co.uk | phrases which some people may find objectionable" > | -- Alphabet spaghetti disclaimer. > Personally, any intelligence gathering that is done surreptiously, that is without an explicit acknowledgement by myself that you are doing it for each and every transaction is espionage, and should be treated as such. What software I chose to run, what documents I use or create, what knowledge I seek or what purchases I make should be treated with respect by the party I am working with. Anything else is sloppy ethics, arrogance personified, and above all gossip. It should be ostracized by any thinking individual as beneath them. I grant that there are threats in the world that are considerable, however compromising our ethics and sinking to the 11th century forms of government and 18th century forms of business espionage are not the appropriate responses. 90% of the people in the world are good people, just trying to survive in their particular political, social and physical environments. Spying on them to catch the particular 10% you do not agree with, or to promote your own agenda, whatever it is, is not the way I want our world to develop. Have you read "1984 or seen "The Minority Report"? Or perhaps "Metropolis"? I realize there are risks with my stance. But believe me when I say those risks are much less than the risks one takes when one permits their entire lives to be placed under a microscope. Have none of you made a mistake? What if the mistake you made affected an entire family or culture. That is the risk you propose with any form of spying. No matter how benign the intent, the ultimate use of any technology exposes us to trials and tribulations that are serious. Of all people, those of us who know and use computers, data analysis tools, and comprehend the information available on ones computer, which is more like a diary than a typewriter, should recognize the dangers present in such schemes. Regard your own life carefully and think of which pieces could be restated by some one, or misstated by someone out of context and how it would look to your family, friends and neighbors. I know I dare not cast that first stone, and I would encourage isolating anyone who did. Regards, Les H