Re: Telemetry on by default kitty

unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed

From: Jack Hill <jackhill@jackhill.us>
To: Mark H Weaver <mhw@netris.org>
Cc: guix-devel@gnu.org, Leo Prikler <leo.prikler@student.tugraz.at>
Subject: Re: Telemetry on by default kitty
Date: Wed, 16 Jun 2021 01:28:38 -0400 (EDT)	[thread overview]
Message-ID: <alpine.DEB.2.21.2106152336050.2109@marsh.hcoop.net> (raw)
In-Reply-To: <878s3an2uv.fsf@netris.org>

[-- Attachment #1: Type: text/plain, Size: 2357 bytes --]

On Tue, 15 Jun 2021, Mark H Weaver wrote:

[…]

> However, I strongly believe that each Guix user should be given the
> opportunity to make that decision for themselves, i.e. that telemetry,
> auto-update checks, and more generally unsolicited network traffic
> should be disabled until the user has given informed consent.
>
> What do other people think?

I'm not sure I have too much to add to the discussion, but since I once 
submitted a patch to disable this type of telemetry⁰, I support the notion 
that programs should not generate network traffic unless they are asked to 
do so. As Mark says, it's more than just the two endpoints that can 
observe the traffic. Even encrypted traffic provides some information.

Perhaps opting-in can be another use case for parameterized packages. We 
could have our cake and still allow folks to opt-in without having to 
tediously configure or modify their packages.

On the note of trusting software authors, for me a lot of it is 
understanding the development process and analyzing if my interests are 
aligned with those the authors. However, that can be a complicated thing. 
In general, I'm much more trusting of community projects than ones with 
corporate sponsors. Track record also counts too, so I'm glad that Bone 
referred us to the upstream discussion. I'll probably spend more of my 
time looking for problems in future releases of projects like kitty and 
audacity¹ than more trusted (to me) projects like goffice.

Even if we're not able to catch everything, auditing source can still be 
useful. I found an information leak in innernet (not packaged for Guix 
yet) in part because the authors where kind enough to point it out in a 
comment². Perhaps auditing/patching is a test that is well suited to 
combining efforts with folks beyond Guix. That can be either in dedicated 
projects like Icecat or ungoogled-chromium, or simply by looking at what 
patches and configuration options other package distributions apply. Of 
course we can also share anything that we learn.

⁰ https://issues.guix.gnu.org/40360
¹ https://www.theregister.com/2021/05/14/audacity_telemetry/
² https://github.com/tonarino/innernet/blob/46d97831094d04fe3ad802a4bf2ac645e09d568c/publicip/src/lib.rs#L3-L4

Well, I guess I ended up adding more comments than I thought I would. Hope 
they're helpful!

Jack

next prev parent reply	other threads:[~2021-06-16  5:28 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-06-12 20:18 Telemetry on by default kitty Bone Baboon
2021-06-12 20:35 ` Tobias Geerinckx-Rice
2021-06-12 21:28   ` Bone Baboon
2021-06-12 21:44     ` Tobias Geerinckx-Rice
2021-06-12 23:12       ` Leo Prikler
2021-06-12 23:14         ` Leo Prikler
2021-06-13  1:32         ` Mark H Weaver
2021-06-13 14:16           ` Tobias Geerinckx-Rice
2021-06-13  2:03         ` Bone Baboon
2021-06-13  9:32           ` Leo Prikler
2021-06-13 17:57             ` Leo Famulari
2021-06-13 18:35               ` Leo Prikler
2021-06-13 19:04                 ` Leo Famulari
2021-06-13 23:54                   ` Ryan Prior
2021-06-14  6:53                     ` Leo Prikler
2021-06-14 21:15                       ` Ludovic Courtès
2021-06-15 17:24                   ` Giovanni Biscuolo
2021-06-15 21:39                     ` Leo Prikler
2021-06-16 16:21                       ` Leo Famulari
2021-06-16 17:32                         ` Mark H Weaver
2021-06-16 17:32                         ` my apoligies (was Re: Telemetry on by default kitty) Giovanni Biscuolo
2021-06-16 18:27                           ` Leo Prikler
2021-06-16 22:54                           ` Leo Famulari
2021-06-20 15:50                     ` Telemetry on by default kitty Ludovic Courtès
2021-06-15 23:07                   ` Mark H Weaver
2021-06-16  5:28                     ` Jack Hill [this message]
2021-07-06 12:52         ` Bone Baboon

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=alpine.DEB.2.21.2106152336050.2109@marsh.hcoop.net \
    --to=jackhill@jackhill.us \
    --cc=guix-devel@gnu.org \
    --cc=leo.prikler@student.tugraz.at \
    --cc=mhw@netris.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).