On Mo, 07.01.19 11:34, Ben Cotton (bcotton(a)redhat.com) wrote:
=== Constraints ===
* The Fedora community cares about privacy and is adverse to tracking
measures. We don't want to track; just count.
Uh, so what's the story there? i mean, if you pass over the uuid you
make clients trackable, regardless if you want to make use of that or
not...
* For this reason, we don’t want to use any identifier like
/etc/machine-id which may be used for other purposes.
For purposes like this we have "application-specific machine
IDs". This is exposed in the sd_id128_get_machine_app_specific() API:
https://www.freedesktop.org/software/systemd/man/sd_id128_get_machine.html
App-specific machine IDs are determined as HMAC-SHA256 of the supplied
128bit ID identifying the app, keyed by the machine ID. (Why this way,
and not the opposite, i.e. the HMAC-SHA256 of the machine ID, keyed by
a specified app ID? simply because that is not how HMACs are supposed
to be used, as the data to protect here is not the app id — which
would normally be hardcoded in your public sources — but the machine
id.)
It appears to me that this concept is what you might want to use
here. You could either use our C API for that, but you can easily
reimplement it in a fully compatible way in any programming language
you like without using our C API too, after all HMAC-SHA256 is pretty
commonly available and not fancy in any way.
Anyway, just wanted to mention that the concept exists already, and if
the described feature is a good thing, then this is something to
consider, but then again I am not totally convinced what you want to
do here is the way to go in the first place...
BTW, afaik Ubuntu counts installations through NTP: they provide their
own NTP servers, and by default all installations are hooked up to
that. This way they have a pretty good estimate how many concurrent
ubuntu installations are online at any time, since NTP means there's a
regular ping cycle in place. Of course they will only track online
systems that way, but I think that's an OK limitation...
Of course, doing it that way would mean fedora would have to host NTP
servers...
Lennart
--
Lennart Poettering, Red Hat