On 14 April 2016 at 19:04, Kevin Krammer <kram...@kde.org> wrote: > On Thursday, 2016-04-14, 14:36:21, Jonathan Riddell wrote: > > On Thu, Apr 14, 2016 at 04:18:30PM +0200, Thomas Pfeiffer wrote: > > > Any potentially privacy-sensitive information transfer should be > opt-in, > > > not opt-out. > > > I'd assume that the vast majority of users will allow it (given that > it's > > > not personally identifiable and they trust their distro), but opt-in > puts > > > you on the safe side. > > > > What's privacy sensitive about it? It's a machine ID but not linked > > to any other information other than IP address and there's no personal > > information we can link it to. > > I am with Thomas. > > While individually pieces of information aren't personal, they can be in > combination. > > In this case the combination of a unique machine ID and IP address together > with geolocation would allows us to track movement of machines. > > Movement profiles can often quite easily be used to identify the moving > person. > > There was a huge scandal in the US a couple of years back in which a > telecom > company released fully anonymized (random unique IDs) mobile phone location > tracks. > Researchers who correlated positions with addresses were able to identify > more > than 80% of the telco customers with pretty good accuracy only shortly > after. > > Sure. But I think Jonathan only mentioned _access_ to the IP data as needed for an Internet service, not logging it for any purpose.
In user stats only particular aspects are important, uniqueness is very useful to know the users better (to serve them better) but even without that, statistical information is handy too for us, who have to make informed decisions about further developments. A completely different discussion would start as soon as some kind of (FOSS) app store is involved where users can have their accounts. Stats are paired with them or existing IDs created for different reason, with, say, KDE identity IDs. There's definitely opt-in needed. At different level, any online capability of our native apps is potential means for tracking if users don't trust us that we're not logging IP numbers. Yet, the apps are typically downloaded and updated somehow via TCP/IP. At this level the access alone is an opt-in and manifestation of trust. Jonathan also said about machine ID because the software is maintained at system (machine-like) level. With container technologies such as Ubuntu Snaps (which I'd like to see working well with KDE software) it's possible to switch from a system to a user-account level. Yet, if the snap packages can be migrated with the account between machines, the connection between the user-identity and the machine/system becomes more blurry. In an interesting way for me this resonates with the ideas of form-factor-independence formulated within KDE. > -- > Kevin Krammer, KDE developer, xdg-utils developer > KDE user support, developer mentoring > > _______________________________________________ > kde-community mailing list > kde-community@kde.org > https://mail.kde.org/mailman/listinfo/kde-community > -- regards, Jaroslaw Staniek KDE: : A world-wide network of software engineers, artists, writers, translators : and facilitators committed to Free Software development - http://kde.org Calligra Suite: : A graphic art and office suite - http://calligra.org Kexi: : A visual database apps builder - http://calligra.org/kexi Qt Certified Specialist: : http://www.linkedin.com/in/jstaniek
_______________________________________________ kde-community mailing list kde-community@kde.org https://mail.kde.org/mailman/listinfo/kde-community