[fab] Re: Firefox splash page tracker

[Christopher Blizzard]

seth vidal wrote:
> On Fri, 2006-10-06 at 12:40 -0400, Christopher Blizzard wrote:
>> seth vidal wrote:
>>>>> That's inappropriate and I will resist it.
>>>> I'm not that interested in the what or the who - just the if.  That is, 
>>>> are they using it?  That's it.
>>> Then choose your terminology much more carefully. It sounds a lot like
>>> you're interested in individual ips/users and when they interact with
>>> the system.
>> I'm interested in some set of those.  Bill (in another message) talks 
>> about tracking what packages people are using.  As part of what I'm 
>> suggesting (just a web cookie or auto generated uuid on the system) 
>> isn't that.  Doesn't show what someone is doing, or what they have used 
>> it for.  Just that it exists.
>>
> 
> and it shows that they download tor, gpg and seahorse then a lot can be
> inferred by that list.
> 
> HAVING the information means that others can subpoena it.

That depends on how you collect that information.  I think you're 
assuming that the collection is connected to the package manager.  It 
certainly doesn't have to be that way.  Collect it on another server 
entirely, don't correlate UUIDs or cookies to IP addresses and ditch old 
cookies that only show up once after some certain amount of time.

You can only correlate those things if you choose to.  Or you make poor 
system design choices.

You're worried about a subpoena.  What I'm saying is that if someone did 
that and asked for "the information" they would get a response that says 
something like:

"Yes, some computer out there generated an ID and submitted it to our 
system.  Sometimes it returns to reping us as well."

--Chris