On Mon, Jan 07, 2019 at 22:00:25 -0500,
Matthew Miller <mattdm(a)fedoraproject.org> wrote:
Since there is no personal information attached, I don't see how on the face
of it this is a privacy violation. I want to take this concern seriously,
but I need more to go on than "this is inherent". Can you elaborate?
From the users point if view, they can't tell if IP addresses are tracked
along with UUIDs. Some IP addresses can be tied to specific users, and now
with UUIDs, the same machine can be seen to use different IP addresses so
that a person can now be seen to be using multiple IP addreses that couldn't
be as easily correlated before. Some of these IP addresses may have been
hard to associate with the person previously.
Users can defend against this by being selective when they do updates
relatively easily as long as updates are the only thing using this UUID.
If you care about that level of not revealing usage, Fedora is probably not
the best distribution in the first place. A number of packages do not make
a priority of limiting networking requests. For example it is common for
web browsers in Fedora to refer to a network version of a Fedora web page as
their default start page rather than using a local copy of this page that
might be a bit out of date. So I don't know if IP address correlation is
likely to be of big concern to many Fedora users. I would prefer that Fedora
make different privacy / convenience trade offs than it does, but I'm pretty
sure I'm in a small minority and I'm able to do work arounds on my end for
this for cases where I want to spend the effort.