From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id YIIpA2riyGAKCwAAgWs5BA (envelope-from ) for ; Tue, 15 Jun 2021 19:24:58 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id uEYmOmniyGDoKwAAbx9fmQ (envelope-from ) for ; Tue, 15 Jun 2021 17:24:57 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 4EAEA14A01 for ; Tue, 15 Jun 2021 19:24:57 +0200 (CEST) Received: from localhost ([::1]:58978 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ltCo4-00030d-1T for larch@yhetil.org; Tue, 15 Jun 2021 13:24:56 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41812) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ltCnl-000303-Vv for guix-devel@gnu.org; Tue, 15 Jun 2021 13:24:38 -0400 Received: from ns13.heimat.it ([46.4.214.66]:52674) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ltCne-00015b-II for guix-devel@gnu.org; Tue, 15 Jun 2021 13:24:37 -0400 Received: from localhost (ip6-localhost [127.0.0.1]) by ns13.heimat.it (Postfix) with ESMTP id 47AB83021BA; Tue, 15 Jun 2021 17:24:27 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at ns13.heimat.it Received: from ns13.heimat.it ([127.0.0.1]) by localhost (ns13.heimat.it [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fwdQAsvfONe4; Tue, 15 Jun 2021 17:24:25 +0000 (UTC) Received: from bourrache.mug.xelera.it (unknown [93.56.171.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by ns13.heimat.it (Postfix) with ESMTPSA id 2FF073021B7; Tue, 15 Jun 2021 17:24:25 +0000 (UTC) Received: from roquette.mug.biscuolo.net (roquette [10.38.2.14]) by bourrache.mug.xelera.it (Postfix) with SMTP id 9FBAAFE73C1; Tue, 15 Jun 2021 19:24:24 +0200 (CEST) Received: (nullmailer pid 32239 invoked by uid 1000); Tue, 15 Jun 2021 17:24:24 -0000 From: Giovanni Biscuolo To: Leo Famulari Subject: Re: Telemetry on by default kitty In-Reply-To: Organization: Xelera.eu References: <87fsxm7s69.fsf@disroot.org> <87eed695yb.fsf@nckx> <87czsq7oyl.fsf@disroot.org> <87bl8a92r4.fsf@nckx> <83e3ea6de4daa14a81c826d9200941719abe2f82.camel@student.tugraz.at> <877diy7c7w.fsf@disroot.org> <2e8ede06b4786e4604269b9a7a4a5f04b154040e.camel@student.tugraz.at> <05c05536dde5660ada17b9f4dc8dc041272c1a4a.camel@student.tugraz.at> Date: Tue, 15 Jun 2021 19:24:23 +0200 Message-ID: <87a6nrnirc.fsf@xelera.eu> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Received-SPF: pass client-ip=46.4.214.66; envelope-from=g@xelera.eu; helo=ns13.heimat.it X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: guix-devel@gnu.org Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1623777897; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post; bh=K3QUY07rYzOVc9CifDdowvr+Qvn0GLVuhgsu/Yp/+PQ=; b=qcHFo0wdCSWTUSmn9B14gxNcBXxzQuhduKpJTJZuoVwobmH2sEOszO08kXUX8eezjXgUeY ffpYSrthDSSuP8hVqXVJVyCGj/9DILK4VMdYPCcdH09gJ/r6AqKsx/QdPWkZ32wohh5Ere FfPrs0NDYt6vxZxuiiQJ8QFlz2hyLknmiypdynJBTyJwJFFIS3LodWb3x1i2ttYH4WyMcW pnCq3TCOTam0Oiiabmfd8RQ1BLDQ46MlBsBUdHfTNc0J6Ne7TSM6u9uA9566Ou6/8Eg/33 qI6UN+/i8FY7p7sdrK6qfMp5chcoP1pTD2YlZlVxtt4JOLqL2EHechW9M7c8vg== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1623777897; a=rsa-sha256; cv=none; b=C3js1ae2Gy+o7iOt6zGME6DDcsdEf4JrYSGUpfX5H8Rl37C6zs5xpLSWIuonyhe6XbF/hr NtFPfhuydUDm0jWonl3qCplVSFfJYS+aH5CmVqojLBIlTK6DXk9UbqW5ZH15JW6j7RUV4t HdZBjOdEWjk23WFW9KFq7cTWa0SZm9NKariojWWTRcGJnVUT2klu5oPtp87x6911NNWxGn 5XzhCgXC6ANdMWS5z8S3A9YbqKFSIST8A5Znw6fcB/mWcpOSpLAH0Imr1eTLORECQVkfTl NcWExR3eD8l0KMHeKGbJwxvFyg1eel2KXoISmc0sZi4qBgvnzQ2+3omS8vIpTA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Spam-Score: -4.52 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Queue-Id: 4EAEA14A01 X-Spam-Score: -4.52 X-Migadu-Scanner: scn1.migadu.com X-TUID: hhoWJ6RyrPaX --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi Leo and Guix, sorry for this long message but I would like to add my point of view to the discussion about telemetry. I apreciated the laconic statement by Tobias Geerinckx-Rice on Sat, 12 Jun 2021 22:35:40 +0200 [1]: =2D-8<---------------cut here---------------start------------->8--- This is not a point of discussion. Telemetry or =E2=80=98phoning home=E2= =80=99=20 for updates must be opt-in if possible or disabled entirely=20 otherwise. Would you care to submit a patch? =2D-8<---------------cut here---------------end--------------->8--- AFAIU there is a general consensus above all GNU Guix maintainers (and all FSDG compliant distros) on the above statement: am I wrong? I'm using Guix (and other ditributions) primarily for this very reason, for me this is the most important *feature* of a free software distribution: no spyware ALSO means no opt-out telemetry. To be clear: if Guix "only" had the fantastic features it has but was not FSDG compliant, I'd use something else (and be very very sad). Leo Famulari writes: > On Sun, Jun 13, 2021 at 08:35:18PM +0200, Leo Prikler wrote: >> Perhaps it's valuable for developers, but as a user I often have next >> to no information about what data gets collected and for which purpose, >> both of which are important for *informed consent*. [...] > Yeah, I agree that telemetry is a problem in addition to being valuable > for developers. No, telemetry is not just "a problem", it's A HUGE legal issue. I don't want to have a too long privacy related discussion here, but please consider in EU (I live in Italy) we have the GDPR [2] and we had a LOT of issues with the "Privacy Shield", now invalidated by the Schrems II [3] EU Court of Justice judgement, meaning that data transfers abroad are... VERY problematic :-D Just to give you one recent example, in Italy we have a public service app called "IO App" (processing a lot of very sensitive data) that was recently surveied by the italian Privacy Authority and it was a *disaster* [4]: =2D-8<---------------cut here---------------start------------->8--- the Authority, on general criticisms on the functioning of the IO App, has ordered, with a urgent measure, to PagoPA to temporally block the personal data processing by this App which require the interaction with Google=E2=80=99s services and Mixpanel, and which involve a transference to third countries (for example: USA, India, Australia) of personal sensitive data (like: cash back transactions, payments instruments, holydays bonus), carried out without the consent of the users. =2D-8<---------------cut here---------------end--------------->8--- So, the italian goverment is (still) tranfering a lot of personal data to NOT (equivalent) GDPR compliant nations. Please consider that much, if not all, of the personal data transferred (and it's LOT of data) was allegedly for "telemetry" and "issue tracking" purposes. We are talking about this. This is not for sure a kitty issue, but it is a telemetry issue. > I think that making it opt-in doesn't really help very much. People use > defaults. I read that Firefox struggles with software quality on > GNU/Linux because almost nobody enables the telemetry. This is freedom n. 0 :-D > I feel that, ultimately, we already trust most software authors > implicitly and totally, because we are not auditing their > programs. So, I am personally happy to enable the telemetry for most > software I use =E2=80=94 especially if it is free software and especially= for > software that deals with the network. I don't personally see the point > of treating telemetry as a special case in terms of trust or consent. I'm sorry you don't see the point, but please remember that in some countries providing personal data to data processors needs informed consent on what, why, by whom and where the data is processed (please consider this as an executive-summary, it's a complex matter). Please also consider I'm not willing to provide data to the developers of software I use simply because I don't want to exchange data for the permission to use the software... and I'm not the only one: this is the most important reason telemetry must be disabled by default (opt-in) if possible or completely disabled otherwhise. Privacy is valuable, developers must respect their users. Thank you! Giovanni. [1] Message-Id:87eed695yb.fsf@nckx [2] https://en.wikipedia.org/wiki/GDPR [3] https://en.wikipedia.org/wiki/Max_Schrems#Schrems_II [4] https://www.privacy365.eu/en/by-the-italian-data-protection-authority-g= reen-certification-the-green-light-of-the-authority-but-with-specific-guara= ntees-it-has-been-disposed-the-block-of-io-app/ https://www.privacy365.eu/en/by-the-italian-data-protection-authority-app-i= o-the-authority-implements-the-technical-relation/ (unfortunately the relation is in italian only, it's very very interesting!) =2D-=20 Giovanni Biscuolo Xelera IT Infrastructures --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQJABAEBCgAqFiEERcxjuFJYydVfNLI5030Op87MORIFAmDI4kcMHGdAeGVsZXJh LmV1AAoJENN9DqfOzDkSRHQP/1ilBtaBqHm6fT3MLBtsIgZvMz1b0UEN6d285ZKY qQFHLs+V8F2BiDcJlteRvhWNsTI2IqgIfYDAOBCMusYi6OX7l8rLfPbOMHv1EtFu HV83Kc2DOAmsRwfDEvRAbLB/vQVcrwQD2dNHy/x4Wa3rE1QhicQrx/uJj8FoTvVQ Eyxqe11db4f0IWewRT8qrZMXEmvUoj7uts+2FGO4ugnlr/fBmvwUtifuxpz40PYp 2MmL5LQ0+1azEzl/OM8vjnAIw1oQa1u95XeXA3VVS5kxIw8/JviKSNjdmqcT3/Kv Ha9z/NRT8qhpUOmE4y2P65ArpDXNV/xR50lg+1NuooahHMKyd2BmIj6EALMkNY9A 1YYwxfVPzPs5tlUIajizF7lYxqzgk+TrTk4NCUJwZuTcyNjrf3nzI8+7w1tMFEKa r0m5RRWSY2ObAYhdTx7yisUk3Khucwhj1UGgvhaA0Y4D2c9kQwWmyupYLRJCuebZ dIM0OtGSmtAeXTxUJZyTAkHVWcCBws49DxHwdGSG/LvLaE7oVnXVdpL0ADJH1PJs e5AgZcBQqAHEUJrqdhI6kqybjLiKbAOZc+ebbqyjBBOn6YPXN9VHquO4pu7xVx0c qmJoSX4nmCbKkmq7BYsnijQX+2ypYluppL+L7u1JH8WLP7j+ZJsyO1wOH6UgwxJI 0pls =BN7p -----END PGP SIGNATURE----- --=-=-=--