Hi Leo,
Leo Famulari <l...@famulari.name> writes:
> I feel that, ultimately, we already trust most software authors
> implicitly and totally, because we are not auditing their programs.
Agreed.
> So, I am personally happy to enable the telemetry for most software I
> use — especially if it is free software and especially for software
> that deals with the network.
That's your personal decision, and I agree that telemetry functionality
should be permissible in Guix, as long as it's opt-in.
> I don't personally see the point of treating telemetry as a special
> case in terms of trust or consent.
One problem is that telemetry involves trusting more than just the
developer. Telemetry also reveals information to the user's internet
service provider, the network operators between user and the server, the
company that controls the hardware that the server runs on, and any
intelligence agencies or other hostile actors that have infiltrated
those networks or servers. Moreover, if the server keeps logs,
governments may coerce the developer into surrendering those logs.
Therefore, when a program generates unsolicited and unexpected network
traffic -- and I certainly do *not* expect a terminal program to
generate network traffic -- it is effectively leaking some of your
private information to all of those other actors. That, in itself, is
arguably a breach of trust, regardless of the developer's presumably
good intentions.
I understand that many people have given up on protecting their privacy,
or simply don't care. Kitty's developer seems to be of that mindset.
However, I strongly believe that each Guix user should be given the
opportunity to make that decision for themselves, i.e. that telemetry,
auto-update checks, and more generally unsolicited network traffic
should be disabled until the user has given informed consent.
What do other people think?
Regards,
Mark
--
Disinformation flourishes because many people care deeply about injustice
but very few check the facts. Ask me about <https://stallmansupport.org>.
