Announcement

Collapse
No announcement yet.

Fedora Planning A Per-System Unique Identifier For DNF To Count Users

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #51
    Originally posted by skeevy420 View Post
    I'm getting a kick out of all the UUID hate. We don't know how they're going to come up with their UUIDs to know if they're using a method that can be tracked to an individual user.

    Y'all would get a kick out of my UUIDs. I do stuff like a1000000-a100-a100-a100-a10000000000 for the first disk in a raid, a2blah-blah becomes the next disk, etc....it makes for easier tab completion.....and remembering passwords.....like, I can use "Horse Battery Staple, a1." for the first disk, "Horse Battery Staple, a2." for the 2nd (complete with commas and periods).
    I'm taking a very much not so wild guess here and say that they will use the already existing "uuidgen" application (that is just a front end for the libuuid library that is installed on virtually every distro out there) which by default creates it from /dev/random

    Comment


    • #52
      Originally posted by F.Ultra View Post

      This is counting and not tracking. And they are not even counting "your usage" aka there will not be a post at the Evil Fedora HQ no-sql database with "Danny3: downloaded xterm 33 times".
      Unique identifiers are used more for tracking than for counting
      Having a unique identifier on the internet is the same as having a GPS device always on in real life.
      The one that put it in you pocket might say that he just want to count how many times you entered a bar or a shop, but we know that actually it can do much more than just counting.
      Do you honestly believe that they will restrict themselves to just counting? Just because they say so?
      Next day they will realize that they need (want) more info. So they take it (the hardware info).
      Next day they will realize again they need (want) more info. This time it will be the software info. What programs you install / use.
      Before you know it, I bet they will have a big profile about what you use.
      All because of the unique identifier, that they said initially that it was just for harmless counting.
      Let's wait and see if I'm right.

      At least I know for sure that I will never use Fedora!

      Comment


      • #53
        Originally posted by Danny3 View Post

        Unique identifiers are used more for tracking than for counting
        Having a unique identifier on the internet is the same as having a GPS device always on in real life.
        The one that put it in you pocket might say that he just want to count how many times you entered a bar or a shop, but we know that actually it can do much more than just counting.
        Do you honestly believe that they will restrict themselves to just counting? Just because they say so?
        Next day they will realize that they need (want) more info. So they take it (the hardware info).
        Next day they will realize again they need (want) more info. This time it will be the software info. What programs you install / use.
        Before you know it, I bet they will have a big profile about what you use.
        All because of the unique identifier, that they said initially that it was just for harmless counting.
        Let's wait and see if I'm right.

        At least I know for sure that I will never use Fedora!
        Sorry but you are paranoiding yourself into stupidity here (if that ever was a word).

        A guy putting a GPS in your pocket knows that he put device A in the pocket of person B (yes that is you) and from that moment he can track every movement of that person.

        Fedora can only see that some computer out there that happens to have 5c7adfab-fe21-485a-9dba-3ccc76024d68 stored in /etc/os-release have yet again polled "https://archives.fedoraproject.org" for an update. They do not know who is running this server, don't know where it's located and so on. So no these two things cannot be compared at all.

        If you want to fall even deeper into that paranoid hole of yours then you should contemplate that they (as in Fedora) have complete control over the software that you install on your system and they could at any time replace a random binary on your system and take full control of your entire computer and network. For us normal people this means that Fedora can do a shit ton of stuff in secret if they wanted to be evil so that they are using UUID:s in public to track the number of users of their platform is just that; a means of counting the users and nothing more.

        Being upset about a change now because "whay if they do something completely evil thing next time" reminds me of this part (28:38) in Shaun:s excellent video (the link should go the correct place):

        Comment


        • #54
          Originally posted by Danny3 View Post
          Next day they will realize that they need (want) more info. So they take it (the hardware info).
          Next day they will realize again they need (want) more info. This time it will be the software info. What programs you install / use.
          Before you know it, I bet they will have a big profile about what you use.
          I'm sure it does not matter to your paranoia, but this is still wildly generic information to use for any other purpose than basic hardware and software statistics.
          They could not monetize it even if they wanted.

          Comment


          • #55
            Originally posted by F.Ultra View Post
            I'm taking a very much not so wild guess here and say that they will use the already existing "uuidgen" application (that is just a front end for the libuuid library that is installed on virtually every distro out there) which by default creates it from /dev/random
            Yep... a standard type-4 UUID, which is to say, a 128-bit random number... no identifying information whatsoever.

            I mean, if they wanted to spy, they *could* use one of the UUID variants based on MAC address, but that'd be far too obvious... the code will be open-source, so any paranoid nutjob (and there are many) could spot that pretty quickly...

            Comment


            • #56
              Usually Fedora projects do a really good and innovative/pioneering job in Linux World, but this is a no-go and sounds like a DRM for open source, uniquely trying to identify every Fedora installation in the world tracking private and accurate informations about every package from the a system, the time when the user do an upgrade, vulnerabilties of a given traget and many other usefull for spying who knows what laboratory, factory, institution, industrial or production or research facility etc

              Comment


              • #57
                Originally posted by onicsis View Post
                Usually Fedora projects do a really good and innovative/pioneering job in Linux World, but this is a no-go and sounds like a DRM for open source, uniquely trying to identify every Fedora installation in the world tracking private and accurate informations about every package from the a system, the time when the user do an upgrade, vulnerabilties of a given traget and many other usefull for spying who knows what laboratory, factory, institution, industrial or production or research facility etc
                Please explain how this even remotely resembles DRM, should be quite interesting to read. And for the rest of your ramblings, Fedore would not need any of that information if they ever wanted to target your system since you already give them full access to overwrite every single binary on your system when you run rpm/yum/dnf.

                Comment


                • #58
                  Originally posted by F.Ultra View Post

                  Please explain how this even remotely resembles DRM, should be quite interesting to read. And for the rest of your ramblings, Fedore would not need any of that information if they ever wanted to target your system since you already give them full access to overwrite every single binary on your system when you run rpm/yum/dnf.
                  Not by Fedora, but by a third-party using something similar to this cases: NSA Collects MS Windows Error Information,

                  Russian Hackers Used Bug in Microsoft Windows for Spying, Report Says

                  Comment


                  • #59
                    Originally posted by onicsis View Post

                    Not by Fedora, but by a third-party using something similar to this cases: NSA Collects MS Windows Error Information,

                    Russian Hackers Used Bug in Microsoft Windows for Spying, Report Says
                    Unlike the monkeys at Redmond, rpm/yum/dnf uses HTTPS when communicating so this data is not sent in the clear. Besides that NSA does not need a UUID for doing this, the reason they use the Windows Error info is because that message tells that the user with that IP is running software that is susceptible for e.g buffer overflows and for this they do not need the UUID and they could do the very same to your Fedora install today before this change.

                    Comment


                    • #60
                      It's really exciting to see Fedora turning into spyware, sure! Next they should try adding some ads. What about builtin keylogger as well? Just to improve quality of service! Oh, and shouldn't Zeitgeist or something send some random files to NSA for investigation? Would be nice to have feature parity with Windows Defender, etc.

                      P.s. all this UUIDs idiocy is rather annoying. Say, HDDs are far better off with human-readable labels rather than UUIDs. Yet corporate spiggots can't imagine life without spyware-like techs hostile to humans. So they prefer totally random numbers, only convenient for NSA and not really convenient for everyone else. Same crap for machine ID and so on. So now when one needs to respin say VM from template, they have to change plenty of things. Otherwise some unhealthy things eventually happen, since UUIDs eventually happen to be same and it causes funny bugs. And since UUIDs gone quite widespread, properly re-seeding all unique IDs is kind of black magic on its own.
                      Last edited by SystemCrasher; 01-13-2019, 01:52 PM.

                      Comment

                      Working...
                      X