Metrics and your privacy

Andy Green andy at warmcat.com
Thu Nov 23 09:44:36 UTC 2006 

Bruno Wolff III wrote:

Hi Bruno -

> However, when I do an install on a machine there isn't a good reason that
> I should need to provide a public IP address for that machine in order to
> do the install. I might for instance do downloads at one machine and then
> use them on several machines in different physical locations.

Yes, this is a fair enough complaint, it would be wrong to link the 
install action with a *requirement* to touch anything external.  But it 
should be okay to propose to the user on firstboot to check for updates, 
which he probably wants to do anyway, is in his interests and he can 
deny it.

> I consider any software that makes network connections back to the supplier
> for reasons not part of the function the software is providing to me to
> be spyware since it is supplying my IP address to the provider.

It's not a bad definition.  The yum traffic generated by a user is 
legitimate to use under that definition.

Just to be clear in general given some of the things said by others on 
this thread, if I was running a mirror so people could choose to connect 
to it and get the benefit of their free updates, for sure I will keep 
logs and process then how I like without asking anyone's permission, for 
abuse monitoring or anything else I felt like.  This is the implicit TOS 
of contacting ANY server on the Internet.  Anyone here running a public 
server NOT keeping logs, to be consistent with any deeply held feelings 
about privacy?

> employees, I think it would be unlikely that a TLA could convince Red Hat to
> secretly put back doors into their products. I don't believe that is true
> of most software companies. While the odds of me being affected by this 
> are very low, I want to support companies that I feel are supporting freedom.
> (I'm probably more at risk of marketting getting my data and annoying me with
> sales propositions.)

This is a different issue, but it wouldn't be RHAT but an upstream 
project that got perverted, like that attack on the kernel a while back 
where someone changed an if(uid==0) to an if(uid=0) to get root powers 
almost invisibly just by going down that code path.  Given the way the 
OS is composed assuming there are no backdoors already is a matter of 
faith (but I agree it is unlikely there are remote backdoors, or we 
might have seen the resulting traffic floating by).

-Andy

More information about the users mailing list