Announcement

Collapse
No announcement yet.

Fedora Planning A Per-System Unique Identifier For DNF To Count Users

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    Obama conducts the largest domestic spying and bulk data collection operation in the history of the US. "Greatest Potus Evar!!"
    Fedora wants to implement an anonymous UUID value. "ZOMG! They're attacking our freedom!"
    LMAO

    Comment


    • #32
      Originally posted by cynical View Post
      How is a UUID less personal than an IP address? I can use a VPN or just put my computer behind a router with other computers and you don't necessarily know who I am, whereas the UUID is going to be recognizeable no matter how I decide to connect to your servers. In fact, the whole reason for this proposal is to better identify unique users, which implies that IP addresses don't do that nearly as well.
      Because an IP address, can, with some work, be used to actually identify people - but conversely, it's not much use for tracking systems, because multiple systems can share an IP. In contrast, a UUID does a much better job of tracking individual Fedora installations, but it's of no use in identifying people.

      Comment


      • #33
        Here is main points of this proposal from the wiki (for the ones who did not read). As far as I can see, this sounds reasonable.
        The problem

        • A. Currently, we can only count Fedora OS use by observing IP addresses. This is subject to undercounting due to NAT — and to overcounting due to short DHCP leases and laptops moving between work or school and home or coffee shop.
        • B. We can count what releases are observed, but we can’t distinguish variants.
        • C. We can’t count quickly because various logs are copied back to a central server and data is not consistent for several days.
        Constraints

        • The Fedora community cares about privacy and is adverse to tracking measures. We don't want to track; just count.
        • For this reason, we don’t want to use any identifier like /etc/machine-id which may be used for other purposes.
        • And, also for that reason, there needs to be a relatively easy way to opt out.
        • This needs to work with Yum/DNF, MicroDNF, PackageKit, Cockpit, rpm-ostree, GNOME Software, Muon, Apper, and software update mechanisms used in other spins.
        • We need to be able to distinguish between short-lived instances (like temporary containers or test machines) and actual installations.
        Non-Goals

        • We don’t want to track users, just count systems.
        • Except for distinguishing temporary installations from “real” use, we don’t need to track systems over time. We just want a daily or weekly moment-in-time count.
        • Being able to see how systems are upgraded over time might be interesting but isn’t as important as privacy concerns.
        Other Elements

        • VARIANT_ID will be set in /etc/os-release. See Changes/Label Our Variants We want that, plus VERSION_ID and machine architecture.
        • We may also want each report to contain a boolean flag showing whether the system has been in use for at least 24 hours to help separately categorize test and other throw-away instances.
        • openSUSE already uses a UUID in zypper; this is ground already traveled
        • Yum and DNF have built in support for fileset variables which can be ‘removed’ to deal with privacy issues.

        Comment


        • #34
          Originally posted by Danny3 View Post
          WTF? Spyware coming from Fedora now ?
          Yes. That is exactly what it is. It is spyware. This is the first building block of the prison grid turning the whole GNU/Linux ecosystem into a authoritarian and totalitarian control-system. You absolutely must resist the system UUIDs which will act as a permanent super-cookie and further resist the coming face-scans and thumb-scan requirements to install the OS of your choice on new computers.

          Keep a close eye on anything that resembles Red Flag Linux, which is their Fedora-based test-bed deployed in North Korea. This distribution already implements a UUID tracking-cookie which can not be erased and it is added to every single file which is opened and in some cases just present on removable media attached to the system. the UUID identifiers are added, not replaced, when files are opened which means that the loving government can easily view the full history of everyone who's opened a file since it's creation.

          It is not at all shocking that this comes shortly after IBM acquired RedHat. IBM has a long history of crimes against humanity. They worked very closely with Hitler and the Third Reich under a contract with IBM New York and the Third Reich. IBM had no small role, a custom punch-card system was sold and every Nazi slave labour camp had on-site staff from IBM who worked and maintained these machines. This is the company who's now in control of RedHat and Fedora.

          Comment


          • #35
            Originally posted by xiando View Post
            It is not at all shocking that this comes shortly after IBM acquired RedHat. IBM has a long history of crimes against humanity. They worked very closely with Hitler and the Third Reich under a contract with IBM New York and the Third Reich. IBM had no small role, a custom punch-card system was sold and every Nazi slave labour camp had on-site staff from IBM who worked and maintained these machines. This is the company who's now in control of RedHat and Fedora.
            It has absolutely nothing to do with IBM acquiring Red Hat. Even if Red Hat is *the* sponsor of Fedora, the project is independent: RH don't give orders to Fedora! Moreover, we started to discuss this topic ways before the IBM/RH announcement was relased (last discussed it at Flock 2018, in august).

            Comment


            • #36
              Originally posted by Britoid View Post
              So rather than using IP addresses which is personal, they want to use a unique UUID that isn't personal and you can change/remove as needed?

              Seems good to me.
              How is IP address personal? What ISP aren't aggregating and NATting many users behind the same dynamic IP in 2019?

              Comment


              • #37
                Originally posted by Danny3 View Post
                WTF? Spyware coming from Fedora now ?
                Who said I want to have a unique identifier assigned to my computer that follows and track me anywhere?
                It does not track you, only identifies the system so it can be counted.

                Tracking requires to send over much more than a unique identifier when looking for updates.

                Why don't they put an online download counter ?
                Download counters are not an indication of number of installed systems, they can also be faked by simply having someone run a script that downloads the ISO files on a loop.

                Comment


                • #38
                  Originally posted by kpedersen View Post
                  Will be fun watching Fedora fizzle out (Like Ubuntu) whilst blaming "user-interest" rather than their own arrogance.
                  Fedora is just the Beta of RHEL, which is the actual moneymaker. It's not going anywhere.

                  Comment


                  • #39
                    Originally posted by starshipeleven View Post
                    How is IP address personal? What ISP aren't aggregating and NATting many users behind the same dynamic IP in 2019?
                    Most Western ISP's still give you public IP addresses that most likely won't change if your machine isn't shut down for long periods of time unless you're talking of mobile connectivity.

                    Comment


                    • #40
                      Originally posted by nanonyme View Post
                      Most Western ISP's still give you public IP addresses that most likely won't change if your machine isn't shut down for long periods of time unless you're talking of mobile connectivity.
                      Define "western" as this isn't a thing in the EU afaik.

                      Comment

                      Working...
                      X