On 7/7/24 16:49, Marc Deop i Argemí wrote:
With that statement you are showing that many here do not understand the
concern: nobody (I daresay) believes the proponents of this want to spy on
Fedora users or sell the data.
The concern is that the data is available at all!
I haven't heard WHY is the existence of this data dangerous. The
proponents have stated that the data will not be aggregated, which I
understand to mean that the pieces (which CPU, what memory, what
localization) will be kept separately and as an accumulated total count;
this means that they cannot be leveraged to identify their source.
We all know that privacy can be compromised in spite of safeguards like
private browsers and VPNs by looking at a signature formed by a
combination of features like the browser window size, fonts, video
extensions and whatnot. This is because those features can be tied to a
specific connection, and the privacy-busting attacker can see them all
together, and use that ensemble signature as an identifier. But when the
features are disaggregated, this privacy attack is not possible.
So, I ask the questioners what is the exact scenario they are
contesting? why is the data on distribution of memory sizes
privacy-relevant?
At the same time, I ask the proponents to confirm that there will be no
way to re-aggregate the data by any means (timestamps, Fedora account
cookies, load factor on the server, etc).
--
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
