Quite a controversial topic currently floating around is that a change proposal has been made for Fedora Workstation 40 to have some "privacy-preserving" telemetry to "enable limited data collection of anonymous Fedora Workstation usage metrics".
This has generated quite the buzz across pretty much everywhere I look, with many people on both sides jumping in to argue about it. One thing to remember though, is that this is a proposal, nothing has been set in stone and the whole idea could be scrapped or changed a lot as discussions go on.
In summary:
Fedora is an open source community project, and nobody is interested in violating user privacy. We do not want to collect data about individual users. We want to collect only aggregate usage metrics that are actually needed to achieve specific Fedora improvement objectives, and no more. We understand that if we violate our users’ trust, then we won’t have many users left, so if metrics collection is approved, we will need to be very careful to roll this out in a way that respects our users at all times. (For example, we should not collect users’ search queries, because that would be creepy.).
We believe an open source community can ethically collect limited aggregate data on how its software is used without involving big data companies or building creepy tracking profiles that are not in the best interests of users. Users will have the option to disable data upload before any data is sent for the first time. Our service will be operated by Fedora on Fedora infrastructure, and will not depend on Google Analytics or any other controversial third-party services. And in contrast to proprietary software operating systems, you can redirect the data collection to your own private metrics server instead of Fedora’s to see precisely what data is being collected from you, because the server components are open source too.
As for what they might actually be collecting there's all sorts but they're not yet being exactly clear on what, because approval for it hasn't happened as it's early days for the proposal. If they do get approval, it seems then they will work out a clear idea of what to collect. They did suggest some of it may be things like what IDEs are popular, the click-through rate of recommended banners in GNOME Software, what panels are most used in gnome-control-center, what type of hard drive you have, count how many users use a particular locale so they can optimize language support and so on.
Telemetry is not actually a bad thing but the way it has been used in the past is what gives it a bad name. Some companies absolutely abused data collection in the past, and plenty still do. There are ways to do it properly though which they seem to be trying to do by fully informing people here.
What's a little confusing though is their part about opt-in versus opt-out. The way it has been explained could have been better. It seems they want to go for opt-out, with it turned on to collect the data by default but not actually upload anything until you've gone through a privacy page when installing Fedora to confirm it. Disabling it will then send them nothing but it will still collect it locally ready for if you turn it on later. For existing users upgrading, it will be opt-in though, as they don't currently have a mechanism for getting user consent through upgrades. This opt-in / opt-out also has it's own discussion area since it's a big thing.
How do you feel about this idea? Let me know in the comments.
There are plenty of alternatives out there.
Quoting: dziadulewiczThis is how it always starts. IBM has never been a Linux company, they have shady past in the 30's 40's Germany and Red Hat is but a name now from what it used to be.
There are plenty of alternatives out there.
Exactly. Many people always complain about how many different Linux distros are out there but this is the time when that becomes a huge positive. Try something else.
Quoting: PublicNuisanceMy thoughts would be that if it's opt out instead of opt in by default then it's a terible idea. Also saying "privacy preserving telemetry" is an oxymoron to me. If you are giving up any data then it is not preserving your privacy.
My goodness, it's a trend these days, isn't it. Words mean things... gaslighting buzzwords and phrases piss me off.
Now, if it is opt-in I don't care as much. The status quo is so bad in various respects that I'm willing to settle for this compromise (even though I still think it is far from ideal)... especially for FOSS projects, where we have more transparency and more assurances. In particular, it is more likely that the interests of users and devs align. When you give data to a proprietary developer to "improve the software", their idea of improvement is likely to be ways to manipulate you and squeeze more money out of you; it is not in your best interest to give them whatever data they want, because your goals are not necessarily theirs.
Last edited by m2mg2 on 8 July 2023 at 7:59 pm UTC
See more from me