Re: F40 Change: Privacy-preserving Telemetry for Fedora Workstation (System-Wide)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 
On Thu, Jul 6 2023 at 11:33:03 PM +0200, Michal Domonkos <mdomonko@xxxxxxxxxx> wrote:
Given the detailed proposal, it's probably too late now for any fundamental changes, but there's a formal research area called Differential Privacy [1] that deals with the collection of user data in such a way that it preserves the 
privacy of each participating individual.
No, it's not too late for fundamental changes. Big changes would make this harder and take longer, but we're still very early on here. If the Fedora community wants to completely throw out the Endless system and use something else instead, that would be sad since it would mean more work for me, but we're still at the point where that's possible. (I'd *much* rather make changes to the existing system to adapt it to our needs, though. :)
But remember we do not want to keep information about individuals in the data set in the first place. It's easier to dodge privacy concerns if we just don't store such associations at all.
As for differential privacy, I'm quite unfamiliar with this topic so I don't know to what extent it could be useful, but Endless is interested in adding randomized response [1], where say 50% of the data sent is fake and the other half is accurate. This only works for boolean and possibly integer data, but it would make it even harder to deanonymize reporterd data. But that is not supported yet.
[1] https://blogs.gnome.org/wjjt/2023/07/05/endless-oss-privacy-preserving-metrics-system/ 


Have you guys, by any chance, considered looking into that for some
inspiration?
Either way, if anyone is curious, there's a nice and easy-to-read write up on 
the key concepts:
https://desfontain.es/privacy/differential-privacy-awesomeness.html
I will add that to my reading list. Certainly it seems a lot less intimidating than the Wikipedia article. ;)
A specific set of algorithms (RAPPOR) for collecting arbitrary user strings that preserves Differential Privacy has been proposed (and implemented) by 
Google a while back, too:
http://arxiv.org/abs/1407.6981
https://github.com/google/rappor
Wow. I'll add this to my reading list too, although remains to be seen whether I'll be able to understand it. :D 

Michael

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux