On Mon, 7 Jan 2019 at 22:47, Kevin Kofler <kevin.kofler@xxxxxxxxx> wrote: > > Matthew Miller wrote: > > Since there is no personal information attached, I don't see how on the > > face of it this is a privacy violation. I want to take this concern > > seriously, but I need more to go on than "this is inherent". Can you > > elaborate? > > I detailed it further down my message: my concern is that the UUID can > theoretically be used to track users, to build personas out of them from the > packages downloaded by the UUID, and in the extreme case even to identify > the person owning the UUID by name (e.g., if a package downloaded by the > UUID is downloaded only by 1 person and you find some bug report for it in > Bugzilla). I don't care that you promise that you won't do it, the fact is > that you *can*. And possibly others can too, depending on how exactly this > is implemented. > Currently we can't see what packages a client requested. All the Fedora mirror proxies sees is 10.5.124.209 - - [31/Dec/2018:09:07:21 +0000] "GET /metalink?repo=fedora-28&arch=x86_64 HTTP/1.1" 200 62200 "-" "dnf/2.7.5" The additional information could be 10.5.124.209 - - [31/Dec/2018:09:07:21 +0000] "GET /metalink?repo=fedora-28&arch=x86_64&uuid=<blah>&edition=<blah> HTTP/1.1" 200 62200 "-" "dnf/2.7.5" Individual mirrors do see what packages the person requested but do not see the uuid=<blah>, edition=<blah> data 10.5.124.209 - - [31/Dec/2018:06:44:46 +0000] "GET /pub/fedora/linux/updates/28/Everything/x86_64/repodata/repomd.xml HTTP/1.1" 200 3312 "-" "dnf/2.7.5" 10.5.124.209 - - [31/Dec/2018:06:44:46 +0000] "GET /pub/fedora/linux/updates/28/Everything/x86_64/repodata/5ca6bd7f4a9e8b0bc75e6c9f3d239549cfb627f34a5aa5d949c99fedf1a39ab7-comps-Everything.x86_64.xml.gz HTTP/1.1" 200 448854 "-" "dnf/2.7.5" 10.5.124.209 - - [31/Dec/2018:06:45:21 +0000] "GET /pub/fedora/linux/releases/28/Everything/x86_64/os/Packages/p/python3-rpmdeplint-1.4-2.fc28.noarch.rpm HTTP/1.1" 404 299 "-" "dnf/2.7.5" > > Like I said, tracking is a non-goal. And, we want a design that is > > resistant to tracking -- but I don't think we need to go overboard. > > If you take privacy seriously, you have to assume the worst. It is always > safer to send less data rather than more. > > Kevin Kofler > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx -- Stephen J Smoogen. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
