Metrics and your privacy

[Andy Green]

AragonX wrote:

> Why not ask at the end of the install of Fedora if it can 'phone home' to
> give statistical information?  I think if you put in a questionare that

If there is a gratuitous connection action for statistic-collecting 
purposes, it would be best to ask.  But then you lose some information 
from the people who for whatever reason said no.

Whereas if you collect via yum mirrors, there is a transaction going on 
initiated by the user that he benefits from.  It seems hard for anyone 
to object to your IP getting used for anonymous aggregated stats in such 
a case, in fact if I visit any website I expect to have the same done 
for my visit from their logs (esp if they are on Google Analytics).

It would be cool to generate a GUID per machine and attach it to yum 
download URLs, eg, http://mirror.org/blah/thing.rpm?GUID=123-123-123.. 
so it is ignored by the server but is present in the logs.  But the logs 
are still useful without it.

Information is still lost or degraded for

  1. Machines that never update at all even once

Making a new machine check for updates at least once as soon as it saw 
the network was up would be a friendly and non-privacy threatening 
action that would solve this...

  2. Machines that get installed and updated once, and left forever in a 
working configuration

I think one should just accept that you only caught the install for such 
machines.  Ongoing checking in where the user has not enabled it by yum 
is a bit ugly.

  3. Machines behind a local yum cache

Whatever tools are provided to run the yum cache should have the repo 
log processing stuff folded into them, and report stats up to Fedora HQ 
by default.  But a user should be able to turn it off.

  4. Hand-updated boxes

People might have servers in production that they don't dare yum.  Maybe 
they yum one development box and then bring over the working RPMs by 
hand to the other servers.  Not much to be done there.

-Andy