On Di, 08.01.19 16:22, Lennart Poettering (mzerqung(a)0pointer.de) wrote:
On Di, 08.01.19 07:49, Stephen John Smoogen (smooge(a)gmail.com)
wrote:
> The additional information could be
>
> 10.5.124.209 - - [31/Dec/2018:09:07:21 +0000] "GET
>
/metalink?repo=fedora-28&arch=x86_64&uuid=<blah>&edition=<blah>
> HTTP/1.1" 200 62200 "-" "dnf/2.7.5"
If all you want to do is count, then it should be entirely sufficient
to do it like this:
GET /metalink?repo=fedora-28&arch=x86_64&edition=<blah>&countme=1
HTTP/1.1
the first time within each one-week window and a simple
GET /metalink?repo=fedora-28&arch=x86_64&edition=<blah> HTTP/1.1
all other times.
Then, sum up how many "countme=1" GET requests we get per week, and
you have a good count, without tracking individual clients, without
inventing new uuids¹.
Such a form of counting is so minimal that I think you don't even have
to query the user whether he agrees with that in the installer UI. And
the user knows that with the one additional bit of info he grants you
every week there's very little you can do you couldn't do in the
status quo ante.
Morever, doing accumulation like the proposed also makes things
extremely simple to account for, as you don't have to store per-client
info in a huge database on the server. Instead it's entirely
sufficient to have a single counter for each subset of distro you want
to count.
In the interest of privacy the valid desire to have statistics
about the use of our distro needs to be implemented with data
frugality in mind. Keeping a full database of all uuids of all clients
on a Fedora server somewhere is definitely not data frugality if all
you want is count. Even if Fedora wouldn't misuse the data, somebody
might exploit the server and steal the database and there you go. Not
even having the database is hence the much better approach, and you
really need neither the database nor the uuid concept to do proper
counting.
So yeah, in the interest of privacy and simplicity, please don't got
the uuid way, there are simpler and better approaches.
And let me also stress that if you do it this way there's a better
chance that people will leave this on, since you won't raise red flags
all over the place that you can track individual users with this.
Lennart
--
Lennart Poettering, Red Hat