unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
From: Giovanni Biscuolo <g@xelera.eu>
To: Leo Famulari <leo@famulari.name>
Cc: guix-devel@gnu.org
Subject: Re: Telemetry on by default kitty
Date: Tue, 15 Jun 2021 19:24:23 +0200	[thread overview]
Message-ID: <87a6nrnirc.fsf@xelera.eu> (raw)
In-Reply-To: <YMZWrBExKQSfoWNa@jasmine.lan>

[-- Attachment #1: Type: text/plain, Size: 5036 bytes --]

Hi Leo and Guix,

sorry for this long message but I would like to add my point of view to
the discussion about telemetry.

I apreciated the laconic statement by Tobias Geerinckx-Rice on Sat, 12
Jun 2021 22:35:40 +0200 [1]:

--8<---------------cut here---------------start------------->8---

 This is not a point of discussion.  Telemetry or ‘phoning home’ 
 for updates must be opt-in if possible or disabled entirely 
 otherwise.  Would you care to submit a patch?

--8<---------------cut here---------------end--------------->8---

AFAIU there is a general consensus above all GNU Guix maintainers (and
all FSDG compliant distros) on the above statement: am I wrong?

I'm using Guix (and other ditributions) primarily for this very reason,
for me this is the most important *feature* of a free software
distribution: no spyware ALSO means no opt-out telemetry.

To be clear: if Guix "only" had the fantastic features it has but was
not FSDG compliant, I'd use something else (and be very very sad).

Leo Famulari <leo@famulari.name> writes:

> On Sun, Jun 13, 2021 at 08:35:18PM +0200, Leo Prikler wrote:
>> Perhaps it's valuable for developers, but as a user I often have next
>> to no information about what data gets collected and for which purpose,
>> both of which are important for *informed consent*.

[...]

> Yeah, I agree that telemetry is a problem in addition to being valuable
> for developers.

No, telemetry is not just "a problem", it's A HUGE legal issue.

I don't want to have a too long privacy related discussion here, but
please consider in EU (I live in Italy) we have the GDPR [2] and we had
a LOT of issues with the "Privacy Shield", now invalidated by the
Schrems II [3] EU Court of Justice judgement, meaning that data
transfers abroad are... VERY problematic :-D

Just to give you one recent example, in Italy we have a public service
app called "IO App" (processing a lot of very sensitive data) that was
recently surveied by the italian Privacy Authority and it was a
*disaster* [4]:

--8<---------------cut here---------------start------------->8---

 the Authority, on general criticisms on the functioning of the IO App,
 has ordered, with a urgent measure, to PagoPA to temporally block the
 personal data processing by this App which require the interaction with
 Google’s services and Mixpanel, and which involve a transference to
 third countries (for example: USA, India, Australia) of personal
 sensitive data (like: cash back transactions, payments instruments,
 holydays bonus), carried out without the consent of the users.

--8<---------------cut here---------------end--------------->8---

So, the italian goverment is (still) tranfering a lot of personal data
to NOT (equivalent) GDPR compliant nations.

Please consider that much, if not all, of the personal data transferred
(and it's LOT of data) was allegedly for "telemetry" and "issue
tracking" purposes.

We are talking about this.  This is not for sure a kitty issue, but it
is a telemetry issue.

> I think that making it opt-in doesn't really help very much. People use
> defaults. I read that Firefox struggles with software quality on
> GNU/Linux because almost nobody enables the telemetry.

This is freedom n. 0 :-D

> I feel that, ultimately, we already trust most software authors
> implicitly and totally, because we are not auditing their
> programs. So, I am personally happy to enable the telemetry for most
> software I use — especially if it is free software and especially for
> software that deals with the network. I don't personally see the point
> of treating telemetry as a special case in terms of trust or consent.

I'm sorry you don't see the point, but please remember that in some
countries providing personal data to data processors needs informed
consent on what, why, by whom and where the data is processed (please
consider this as an executive-summary, it's a complex matter).

Please also consider I'm not willing to provide data to the developers
of software I use simply because I don't want to exchange data for the
permission to use the software... and I'm not the only one: this is the
most important reason telemetry must be disabled by default (opt-in) if
possible or completely disabled otherwhise.

Privacy is valuable, developers must respect their users.

Thank you! Giovanni.


[1] Message-Id:87eed695yb.fsf@nckx

[2] https://en.wikipedia.org/wiki/GDPR

[3] https://en.wikipedia.org/wiki/Max_Schrems#Schrems_II

[4] https://www.privacy365.eu/en/by-the-italian-data-protection-authority-green-certification-the-green-light-of-the-authority-but-with-specific-guarantees-it-has-been-disposed-the-block-of-io-app/

https://www.privacy365.eu/en/by-the-italian-data-protection-authority-app-io-the-authority-implements-the-technical-relation/
(unfortunately the relation is in italian only, it's very very interesting!)

-- 
Giovanni Biscuolo

Xelera IT Infrastructures

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 849 bytes --]

  parent reply	other threads:[~2021-06-15 17:24 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-06-12 20:18 Telemetry on by default kitty Bone Baboon
2021-06-12 20:35 ` Tobias Geerinckx-Rice
2021-06-12 21:28   ` Bone Baboon
2021-06-12 21:44     ` Tobias Geerinckx-Rice
2021-06-12 23:12       ` Leo Prikler
2021-06-12 23:14         ` Leo Prikler
2021-06-13  1:32         ` Mark H Weaver
2021-06-13 14:16           ` Tobias Geerinckx-Rice
2021-06-13  2:03         ` Bone Baboon
2021-06-13  9:32           ` Leo Prikler
2021-06-13 17:57             ` Leo Famulari
2021-06-13 18:35               ` Leo Prikler
2021-06-13 19:04                 ` Leo Famulari
2021-06-13 23:54                   ` Ryan Prior
2021-06-14  6:53                     ` Leo Prikler
2021-06-14 21:15                       ` Ludovic Courtès
2021-06-15 17:24                   ` Giovanni Biscuolo [this message]
2021-06-15 21:39                     ` Leo Prikler
2021-06-16 16:21                       ` Leo Famulari
2021-06-16 17:32                         ` Mark H Weaver
2021-06-16 17:32                         ` my apoligies (was Re: Telemetry on by default kitty) Giovanni Biscuolo
2021-06-16 18:27                           ` Leo Prikler
2021-06-16 22:54                           ` Leo Famulari
2021-06-20 15:50                     ` Telemetry on by default kitty Ludovic Courtès
2021-06-15 23:07                   ` Mark H Weaver
2021-06-16  5:28                     ` Jack Hill
2021-07-06 12:52         ` Bone Baboon

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87a6nrnirc.fsf@xelera.eu \
    --to=g@xelera.eu \
    --cc=guix-devel@gnu.org \
    --cc=leo@famulari.name \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).