From: Jack Hill <jackhill@jackhill.us>
To: Mark H Weaver <mhw@netris.org>
Cc: guix-devel@gnu.org, Leo Prikler <leo.prikler@student.tugraz.at>
Subject: Re: Telemetry on by default kitty
Date: Wed, 16 Jun 2021 01:28:38 -0400 (EDT) [thread overview]
Message-ID: <alpine.DEB.2.21.2106152336050.2109@marsh.hcoop.net> (raw)
In-Reply-To: <878s3an2uv.fsf@netris.org>
[-- Attachment #1: Type: text/plain, Size: 2357 bytes --]
On Tue, 15 Jun 2021, Mark H Weaver wrote:
[…]
> However, I strongly believe that each Guix user should be given the
> opportunity to make that decision for themselves, i.e. that telemetry,
> auto-update checks, and more generally unsolicited network traffic
> should be disabled until the user has given informed consent.
>
> What do other people think?
I'm not sure I have too much to add to the discussion, but since I once
submitted a patch to disable this type of telemetry⁰, I support the notion
that programs should not generate network traffic unless they are asked to
do so. As Mark says, it's more than just the two endpoints that can
observe the traffic. Even encrypted traffic provides some information.
Perhaps opting-in can be another use case for parameterized packages. We
could have our cake and still allow folks to opt-in without having to
tediously configure or modify their packages.
On the note of trusting software authors, for me a lot of it is
understanding the development process and analyzing if my interests are
aligned with those the authors. However, that can be a complicated thing.
In general, I'm much more trusting of community projects than ones with
corporate sponsors. Track record also counts too, so I'm glad that Bone
referred us to the upstream discussion. I'll probably spend more of my
time looking for problems in future releases of projects like kitty and
audacity¹ than more trusted (to me) projects like goffice.
Even if we're not able to catch everything, auditing source can still be
useful. I found an information leak in innernet (not packaged for Guix
yet) in part because the authors where kind enough to point it out in a
comment². Perhaps auditing/patching is a test that is well suited to
combining efforts with folks beyond Guix. That can be either in dedicated
projects like Icecat or ungoogled-chromium, or simply by looking at what
patches and configuration options other package distributions apply. Of
course we can also share anything that we learn.
⁰ https://issues.guix.gnu.org/40360
¹ https://www.theregister.com/2021/05/14/audacity_telemetry/
² https://github.com/tonarino/innernet/blob/46d97831094d04fe3ad802a4bf2ac645e09d568c/publicip/src/lib.rs#L3-L4
Well, I guess I ended up adding more comments than I thought I would. Hope
they're helpful!
Jack
next prev parent reply other threads:[~2021-06-16 5:28 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-12 20:18 Telemetry on by default kitty Bone Baboon
2021-06-12 20:35 ` Tobias Geerinckx-Rice
2021-06-12 21:28 ` Bone Baboon
2021-06-12 21:44 ` Tobias Geerinckx-Rice
2021-06-12 23:12 ` Leo Prikler
2021-06-12 23:14 ` Leo Prikler
2021-06-13 1:32 ` Mark H Weaver
2021-06-13 14:16 ` Tobias Geerinckx-Rice
2021-06-13 2:03 ` Bone Baboon
2021-06-13 9:32 ` Leo Prikler
2021-06-13 17:57 ` Leo Famulari
2021-06-13 18:35 ` Leo Prikler
2021-06-13 19:04 ` Leo Famulari
2021-06-13 23:54 ` Ryan Prior
2021-06-14 6:53 ` Leo Prikler
2021-06-14 21:15 ` Ludovic Courtès
2021-06-15 17:24 ` Giovanni Biscuolo
2021-06-15 21:39 ` Leo Prikler
2021-06-16 16:21 ` Leo Famulari
2021-06-16 17:32 ` Mark H Weaver
2021-06-16 17:32 ` my apoligies (was Re: Telemetry on by default kitty) Giovanni Biscuolo
2021-06-16 18:27 ` Leo Prikler
2021-06-16 22:54 ` Leo Famulari
2021-06-20 15:50 ` Telemetry on by default kitty Ludovic Courtès
2021-06-15 23:07 ` Mark H Weaver
2021-06-16 5:28 ` Jack Hill [this message]
2021-07-06 12:52 ` Bone Baboon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.DEB.2.21.2106152336050.2109@marsh.hcoop.net \
--to=jackhill@jackhill.us \
--cc=guix-devel@gnu.org \
--cc=leo.prikler@student.tugraz.at \
--cc=mhw@netris.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).