Typing on a phone, so sorry for any errors. I work for RH (I’m the Fedora QA team lead).
I think this is a perfectly reasonable and non-evil idea. I also think we probably shouldn’t do it.
For a lot of the reasons other folks have given, essentially. One, it just looks bad. That sounds like a dumb reason but it isn’t. We exist in an ecosystem with certain values, and one of those values is being extremely suspicious of data collection. If we want to keep existing in the ecosystem we have to respect that.
Two, the issues of competence that others have highlighted. It’s very difficult to be sure you’re doing this stuff “right”, even with good intent. I don’t want us to be eternally waiting for the shoe to drop on a privacy kerfuffle.
Three, issues of trust are kinda insoluble. The Fedora setup with fesco and the council and voting and yadda yadda is a fine setup. It is also, legally speaking, a polite fiction. AIUI - I am not a lawyer - Red Hat effectively “owns” Fedora for all practical purposes. Effectively, Red Hat would own the collection system and the collected data, “Fedora” would not. If RH had a heel turn and went full-on villain and the CEO of RH decided to take the system and use it for the most nefarious purposes they could think of, they could do that. All the elected bodies would be powerless in that scenario; Evil RH’s Evil CEO could just declare them defunct or overridden.
Similarly, IBM owns RH. Regardless of what anyone believes the current relationship between them is like, data collection is for keeps. At any time, since RH owns the data and IBM owns RH, an Evil IBM can take the data and use it for evil. Neither RH nor Fedora could stop Evil IBM in this case.
Given the above, I think it’s unreasonable to ask folks to “trust” Fedora with this. Effectively a request to trust Fedora is also a request to trust RH and IBM, forever, and that’s not reasonable.
At a minimum, we’d need to somehow be sure that all collected data was so innocuous and irreversibly anonymized that an evil owner with complete control over the system and access to all data ever collected by it could do nothing too evil with it. And I think that’s a very difficult bar to clear.