Metrics and your privacy
andy at warmcat.com
Thu Nov 23 09:44:36 UTC 2006
Bruno Wolff III wrote:
Hi Bruno -
> However, when I do an install on a machine there isn't a good reason that
> I should need to provide a public IP address for that machine in order to
> do the install. I might for instance do downloads at one machine and then
> use them on several machines in different physical locations.
Yes, this is a fair enough complaint, it would be wrong to link the
install action with a *requirement* to touch anything external. But it
should be okay to propose to the user on firstboot to check for updates,
which he probably wants to do anyway, is in his interests and he can
> I consider any software that makes network connections back to the supplier
> for reasons not part of the function the software is providing to me to
> be spyware since it is supplying my IP address to the provider.
It's not a bad definition. The yum traffic generated by a user is
legitimate to use under that definition.
Just to be clear in general given some of the things said by others on
this thread, if I was running a mirror so people could choose to connect
to it and get the benefit of their free updates, for sure I will keep
logs and process then how I like without asking anyone's permission, for
abuse monitoring or anything else I felt like. This is the implicit TOS
of contacting ANY server on the Internet. Anyone here running a public
server NOT keeping logs, to be consistent with any deeply held feelings
> employees, I think it would be unlikely that a TLA could convince Red Hat to
> secretly put back doors into their products. I don't believe that is true
> of most software companies. While the odds of me being affected by this
> are very low, I want to support companies that I feel are supporting freedom.
> (I'm probably more at risk of marketting getting my data and annoying me with
> sales propositions.)
This is a different issue, but it wouldn't be RHAT but an upstream
project that got perverted, like that attack on the kernel a while back
where someone changed an if(uid==0) to an if(uid=0) to get root powers
almost invisibly just by going down that code path. Given the way the
OS is composed assuming there are no backdoors already is a matter of
faith (but I agree it is unlikely there are remote backdoors, or we
might have seen the resulting traffic floating by).
More information about the users