On 7/6/23 12:10, Aoife Moloney wrote: > That said, Fedora Legal has determined that if we collect any > personally-identifiable data, the entire metrics system must be > opt-in. Since we are only interested in opt-out metrics due to the low > value of opt-in metrics, we must accordingly never collect any > personally-identifiable data. I oppose any telemetry that is not opt-in, but I also do not think that what this proposal is suggesting is possible to implement. For metrics to not be personally identifiable, it is necessary that the set of metrics collected have sufficiently low entropy that on average, _many_ users will send _the exact same metrics_. It is very hard for me to see any useful set of metrics having such low entropy. If Fedora has 2 million users (possibly an overestimate) then the metrics would need to have entropy much less than 2^21, which means that the entire metrics set would need to be able to be represented as a 20-bit integer. In practice, I suspect one would need to fit the entire set in a 16-bit integer or less, and possibly _significantly_ less. -- Sincerely, Demi Marie Obenour (she/her/hers) _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
