Metrics and your privacy

Bruno Wolff III bruno at wolff.to
Wed Nov 22 16:33:44 UTC 2006 

On Wed, Nov 22, 2006 at 10:06:03 +0000,
  Andy Green <andy at warmcat.com> wrote:
> 
> If there is a gratuitous connection action for statistic-collecting 
> purposes, it would be best to ask.  But then you lose some information 
> from the people who for whatever reason said no.

And since they don't want to provide that information, that is appropiate.

> Whereas if you collect via yum mirrors, there is a transaction going on 
> initiated by the user that he benefits from.  It seems hard for anyone 
> to object to your IP getting used for anonymous aggregated stats in such 
> a case, in fact if I visit any website I expect to have the same done 
> for my visit from their logs (esp if they are on Google Analytics).

The data can't just be stored as anonymous aggregated data since you need to
check for unique IP addresses. You could do hashing, but that wouldn't buy
very much privacy until ip6 is common. Still it would be nice if Fedora
had an official policy on when the IP data (as opposed to the aggragate data)
would be deleted.

> It would be cool to generate a GUID per machine and attach it to yum 
> download URLs, eg, http://mirror.org/blah/thing.rpm?GUID=123-123-123.. 
> so it is ignored by the server but is present in the logs.  But the logs 
> are still useful without it.

Definitely don't do this.

> Making a new machine check for updates at least once as soon as it saw 
> the network was up would be a friendly and non-privacy threatening 
> action that would solve this...

No it wouldn't be friendly. I don't like that yum checks for updates on first
boot before I have a chance to turn it off.

>  3. Machines behind a local yum cache
> 
> Whatever tools are provided to run the yum cache should have the repo 
> log processing stuff folded into them, and report stats up to Fedora HQ 
> by default.  But a user should be able to turn it off.

Definitely not, but especially not by default.

One of the reasons I like free software is that it doesn't (normally) try to
spy on you.

Currently Fedora is a pretty good fit for me, but if it turns into spyware,
I will be looking at other options. (Though in the short run I would probably
look at respinning the install DVD to include modified packages without the
spyware.)

More information about the fedora-list mailing list