On Mo, 07.01.19 13:28, Matthew Miller (mattdm@xxxxxxxxxxxxxxxxx) wrote: > On Mon, Jan 07, 2019 at 06:24:14PM +0100, Lennart Poettering wrote: > > > * The Fedora community cares about privacy and is adverse to tracking > > > measures. We don't want to track; just count. > > Uh, so what's the story there? i mean, if you pass over the uuid you > > make clients trackable, regardless if you want to make use of that or > > not... > > Not if we don't keep them for long. One idea is to rotate them fairly > frequently. But this is mostly a statement of intent and might be more about > how we build the backend than about what we force in the client. Well, that's entirely intransparent to users, what fedora does with the uuid is entirely a blackbox for clients if you do it this way. I wonder if it is worth introducing an entirely new tracking concept here if you actually don't want to track but just count. The NTP approach has the benefit that you introduce no new tracking concept at all, but you just use the data that is pretty much generated anyway. It also makes this all feel less one-sided, after all you provide them with a deal: fedora gives the user correct time, the user is therefore counted. > > BTW, afaik Ubuntu counts installations through NTP: they provide their > [..] > > Of course, doing it that way would mean fedora would have to host NTP > > servers... > > Hmmm. We have fedora.pool.ntp.org, in fact. I'm not sure who actually runs > that! That's fedora's allocation of the public NTP pool project, see https://www.ntppool.org/. That's hosted by all kinds of people voluntarily. I guess the question is if hosting an NTP server is more or less work than hosting a uuid counting server, and whether the privacy issues the uuid solution brings are worth it. BTW, iirc intel used to count installations through the http ping check in their captive portal detection. Fedora runs a similar service which is used by NM, no? maybe that's a nicer solution too: add a http header field to the ping check that each client sets to "1" on one of these ping checks a day, and "0" all other times. Then you count how many non-zero ping checks you get within a 24h window and you have a really good idea how many users you have. All without any explicit tracking. And again this appears to me is a much better deal to me than the uuid/dnf check that has been proposed, as you can say "we provide you with ping check functionality therefore we count you": both sides get something out of it. (my educated guess is that mozilla might do the same actually, since firefox appears to have such a http ping check built in now too) Lennart -- Lennart Poettering, Red Hat _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
