I use Cassandra, but I don't use OpsCenter. Seems like it would be in everyone's best interest to clearly define what data OpsCenter collects today, what OpsCenter won't collect and a promise to users none of the data will be used without first getting a customer's approval.
I can understand the desire to collect general statistics, since it helps developers get a sense of how cassandra is used in production. I'm guessing these types of security issues can be easily addressed by improving EULA, documentation and communication. my bias 2 cents as a user. peter On Thu, Jun 20, 2013 at 8:49 AM, Radim Kolar <h...@filez.com> wrote: > > OpsCenter collects anonymous usage data and reports it back to DataStax. >> For example, number of nodes, keyspaces, column families, etc. Stat >> reporting isn't required to run OpsCenter however. To turn this feature >> off, see the docs here (stat_reporter): >> > You never informed user that installing your crap will get him spyed upon. > Thats very different from Firefox which asks for permission before sending > data back and presents both choices to user. > 1. You do not have documented what information and how often you are > going to spy > 2. how you are processing this information, which is required by EU law. > 3. In your crap EULA you demand right to present any user of your spyware > to public for PR purposes. > 4. You guys tried to add spyware into apache cassandra and got huge > negative response on cassandra-dev. You will simply never learn lesson. > > I dont trust Datastax: > 1 .I am responsible for data security because we have sensitive data in > database. Because you are spying by default, we can not trust that due to > our admin mistake your spyware will not be left enabled. > 2. We can not trust you that configuring that particual option really > turns spying off. There might be bug in code or option can change name > 3. We do not like to be spyed by software holding sensitive data > 4. Spying is not anonymous - you will get IP address of reporter - you > will see what company is using your product and from keyspace/CF names you > can easily guess for what it is beeing used. If you do not spy keyspace/CF > names yet you can do it in future since you have no clear privacy "what we > spy" policy. > > I improved cassandra nagios plugin to fit our needs and give red stop sign > to sw made by datastax. >
