[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Privacy vs vendor support



On Wed, 2 Jul 2003 jam mcquil com wrote:

>On Wed, 2 Jul 2003, Eric Harrison wrote:
>
>> The best idea I have so far is to create a package (maybe named something
>> like "privacy_violator" ;-) that added an anacron job that ran once a
>> month which did something like "wget -q http://k12ltsp.org/I_USE_K12LTSP";
>> That would leave a log entry in the K12LTSP.org web server logs that 
>> looked like this:
>> 
>> 12.34.56.78 - - [02/Jul/2003:19:11:43 -0700] "GET /I_USE_K12LTSP HTTP/1.0" 200 0
>> 
>> where "12.34.56.78" would be the IP address of the server (or the address of
>> the NAT server).
>> 
>> This would give us a general idea of how many K12LTSP servers are in use
>> while revealing as little information as possible (the IP address). It 
>> would also be very easy to disable.
>> 
>> What you all think? Does anyone have a better idea?  Is a small decrease
>> in privacy worth greater influence on vendors to help support us and/or
>> port their software?
>
>I too am not crazy about violating privacy rights, but if it is
>easy to disable, and the sysadmin knows about it, it seems like
>it might help.
>
>Another interesting piece of information would be to know how
>many terminals are being served by that server.  Probably more
>difficult to get that number, but it should still be possible.
>
>And, if it was configurable, to allow the sysadmin to choose
>between the following:
>
>    send nothing
>    send only the single GET request showing that the server is alive
>    send the GET request along with a count of terminals
>
>
>It just might help show the total count.

Thanks for the quick feed back Jim (and Jason ;-).

With a small amount of work, we could probably come up with something
that would make everyone happy, be easy enough to do that we'd receive
decent results, and be extremely easy to completely avoid for those who
prefer 100% privacy.

I originally thought about adding a link on root's desktop that lead to
a form that could be filled out. That is somewhat like OpenOffice's 
registration popup, where I have seen the vast majority of admins select
the "do not register" option - which is really nice to have but doesn't
do a very good job of providing the OOo folks with good idea of how many
people are using their software ;-)

How about this:

  * the first time root logs in, have an app startup that asks something
    like:

       It helps us a great deal if we know how many LTSP servers are
       in use and how they are used. Please select one of the following
       options on how much summary information about your LTSP server
       you would to provide for the cause:

       [X] Acknowledge that this server exists, but nothing more
       [ ] Provide basic information about this server (i.e. how many
           terminals it supports, # CPUs, Ram)
       [ ] Buzz off, I don't want any information revealed


   * have a icon on root's desktop to re-run this app, should the admin
     change their mind later (or their boss changes their mind, etc)

   * have the app write the info in plain text to a file in /etc/sysconfig
     named something like "k12ltsp-privacy-leak-data" or something blatantly
     obvious like that

   * have the monthly anacron script I suggested be a script that reads
     the /etc/sysconfig/k12ltsp-privacy-leak-data file. Unless
     "VIOLATE_MY_PRIVACY=YES" is set, it does nothing. 

   * if they select "Provide basic information", have it post some of
     the more interesting but not-too-revealing information, such as
     CPU info, amount of ram, # of uniq IP address that have NFS mounted
     /opt/ltsp (or some other stat that would give an idea of how many
     terminals are in use).


This way, if the admin just takes the default, it reveals very little
info. If they choose to do so, they can provide us with some very useful
info about how K12LTSP is being used. There is an option to completely
opt out. If they hit cancel, it defaults to opt-out. You can change your
mind later. It is all in simple scripts so you don't have to worry about
hidden code that does bad things.

Is that a more acceptable approach?

-Eric




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]