On 7/6/23 12:10, Aoife Moloney wrote: > Important process note: we are experimenting with using Fedora > Discussion as part of the Changes process. Change announcements (like > the one you are reading right now) will still be sent to the > devel-announce mailing list, but the conversation about each change > will take place on Fedora Discussion at > https://discussion.fedoraproject.org/t/f40-change-request-privacy-preserving-telemetry-for-fedora-workstation-system-wide/85320 > > > This will follow the same process as before, just with discussion in a > different format > https://docs.fedoraproject.org/en-US/program_management/changes_policy/ > > > You can subscribe to and interact with these conversations by email. > See https://discussion.fedoraproject.org/t/guide-to-interacting-with-this-site-by-email/ > for detailed instructions. To make sure you do not miss anything, make > sure that you have the Change Proposal category set to “Watching” — > or, if you just want to get notified about new changes but not every > reply in the conversation, to “Watching First Post”. (Click on the > little bell icon at the top right of the category page.) > > > > > The below document represents a proposed Change. As part of the > Changes process, proposals are publicly announced in order to receive > community feedback. This proposal will only be implemented if approved > by the Fedora Engineering Steering Committee. > > > == Summary == > > The Red Hat Display Systems Team (which develops the desktop) proposes > to enable limited data collection of anonymous Fedora Workstation > usage metrics. There are two problems here: 1. The GDPR and similar regulations are 100% clear that consent must be opt-*in*. Opt-*out*, as is proposed here, is not consent. Therefore, this change is proposing collecting telemetry *without user’s consent*. 2. Irrespective of whether or not the metrics are personally identifiable for the purposes of GDPR and other regulations, I highly doubt you will be able to convince people that they are in fact not personally identifiable. Techniques for correlating metrics can only get better, never worse, and this means that what information may become personally identifiable in the future even if it was not in the past. Even Differential Privacy cannot solve this problem because it works on aggregate statistics, not on the raw data collected. The only way I could be convinced that the raw data is in fact not personally identifiable is if there was a mathematical proof to that effect. Such a proof would probably be worthy of publication in a peer-reviewed research paper. Since this Change proposal comes from Red Hat, I have an alternative to propose: Red Hat can ask its paying corporate customers for this information, perhaps in exchange for a discount on their RHEL subscriptions. This should be much less controversial. -- Sincerely, Demi Marie Obenour (she/her/hers) _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue