On Mo, 07.01.19 13:28, Matthew Miller (mattdm(a)fedoraproject.org) wrote:
On Mon, Jan 07, 2019 at 06:24:14PM +0100, Lennart Poettering wrote:
> > * The Fedora community cares about privacy and is adverse to tracking
> > measures. We don't want to track; just count.
> Uh, so what's the story there? i mean, if you pass over the uuid you
> make clients trackable, regardless if you want to make use of that or
Not if we don't keep them for long. One idea is to rotate them fairly
frequently. But this is mostly a statement of intent and might be more about
how we build the backend than about what we force in the client.
Well, that's entirely intransparent to users, what fedora does with
the uuid is entirely a blackbox for clients if you do it this way.
I wonder if it is worth introducing an entirely new tracking concept
here if you actually don't want to track but just count. The NTP
approach has the benefit that you introduce no new tracking concept at
all, but you just use the data that is pretty much generated
anyway. It also makes this all feel less one-sided, after all you
provide them with a deal: fedora gives the user correct time, the user
is therefore counted.
> BTW, afaik Ubuntu counts installations through NTP: they provide
> Of course, doing it that way would mean fedora would have to host NTP
Hmmm. We have fedora.pool.ntp.org
, in fact. I'm not sure who actually runs
That's fedora's allocation of the public NTP pool project, see
. That's hosted by all kinds of people
I guess the question is if hosting an NTP server is more or less work
than hosting a uuid counting server, and whether the privacy issues
the uuid solution brings are worth it.
BTW, iirc intel used to count installations through the http ping
check in their captive portal detection. Fedora runs a similar service
which is used by NM, no? maybe that's a nicer solution too: add a http
header field to the ping check that each client sets to "1" on one of
these ping checks a day, and "0" all other times. Then you count how
many non-zero ping checks you get within a 24h window and you have a
really good idea how many users you have. All without any explicit
tracking. And again this appears to me is a much better deal to me
than the uuid/dnf check that has been proposed, as you can say "we
provide you with ping check functionality therefore we count you":
both sides get something out of it.
(my educated guess is that mozilla might do the same actually, since
firefox appears to have such a http ping check built in now too)
Lennart Poettering, Red Hat