F40 Change Request: Privacy-preserving Telemetry for Fedora Workstation (System-Wide)

I’m late to the party, I’ve made a Discussions account just to say NO to any telemetry/analytics.

I’m a day to day desktop Fedora user since about 2016. My first contact with Red Hat was probably in 2004.

Opt-out is evil, opt-in is a lesser evil, but still evil (one “bug” could turn the telemetry options on without anyone knowing it). You can’t opt-out at distro upgrade. OP wants opt-out, as they mentioned, only the hard core users use the opt-in, that is clear. So, they indirectly acknowledge that opt-out is a social engineered option to make people, knowingly or not, give their data out. Telemetry is evil, it helps a few lazy designers and devs, the real main value is for big data companies. Put your brain to work and you will make the best UI/UX/apps ever. This whole thing opens a Pandora Box into spyware. Just NO!

On the “we won’t collect any personal information” subject. Metadata can lead to personal data. This is a fact! Big data companies are using metadata and little other info (like location) to create full personal profiles with good to great accuracy. “Controversial third party services”. You don’t need third party services to be controversial. The tools are there to start collecting data and to become your own big data company, all you need is to hire a couple of data engineers and come up with some proposals like this one and get it accepted. Nothing is anonymous about a hash either.

Let’s say OP is truly honest about their intentions, even though I subjectively doubt it, this whole “feature” will help a fraction of the community. Why waste much of your efforts (time and people) in creating something that doesn’t add up in value (if you’re really not into spyware/big data), when you could just do a better job at Quality Assurance and Quality Control? Are your releases close to perfect? Let’s see, the devil is in the details: “Occasionally, Red Hat might need to collect specific metrics to justify additional time spent on contributing to Fedora or additional investment in Fedora.” Well, well, here’s a sneak peak into the Pandora Box. Nobody asked Red Hat to invest into telemetry on Fedora in the first place.

Not quote-on-quote “It shouldn’t concern you if you don’t use GNOME.” Really?! It’s not like you’re using a gnome- package, you use a 2nd tier package that could lurk into any spins, like it never happened to get even explicitly called gnome packages into other spins before. I don’t buy it. I’m not a GNOME 3 user, but, as others mentioned, GNOME 3 devs have other problems, like ignoring users’ feedback for years. This whole request doesn’t seem to have anything to do with GNOME than the fact OP worked for GNOME project.

Not quote-on-quote “It should respect GDPR / Legal team approved”. GDPR is a great idea poorly implemented. No user can battle a corporation or even a small company who steal their data. The EU regulation is ambiguous, GDPR consent service corporations have found loopholes into collecting data, making everything opt out and painstakingly hard to remove all of the options. By then they’ve already collected everything, as the system was designed to be opt out. Some GDPR services don’t even reside in EU, their clients are the corporations trying to steal users’ data, not the actual users for which GDPR was built. So, from my perspective, GDPR is a nice political fairy tale to impress the masses, but it doesn’t actually do anything much (I’ve read stories about healthy responses from the government organizations in Germany, but this is one country). In the end, GDPR made opportunistic and connected companies rich by offering consulting and web consent services. How come Microsoft didn’t get any penalty for using default on telemetry/analytics in Windows 10/11 in EU?! I wonder. So talking about GDPR is, for me, pointless. Anyone who cares about privacy knows zero data is best, opt-in in the cute evil and opt-out is a total violation of privacy rights. Funny enough, the same corporations who want to steal every day people’s data are the ones that fear the most sharing data with others or using software that might leak any information about their systems. Ironic. It’s for “security reasons”. And people privacy isn’t about security at all, right. Perhaps it’s not, it’s much more than that, it’s a human right.

Another non quote-on-quote “But X does it, and Y does it”. Because others do telemetry, it doesn’t make it right. Firefox is a good example. Just because they used opt-out telemetry and got away with it, it doesn’t make it morally right.

WOW, JUST WOW! Most users will not care or most users WILL NOT KNOW about dark pattern opt out telemetry to have an opinion on it? Or maybe it’s because, as I’ve mentioned, they have been conditioned to accept anything tech related. I think it’s both, not knowing and conditioned not to question things they don’t know much about. Sounds about right for a dictatorial political maneuver.

I’m done.

Thanks for taking the time to read my post.

I wouldn’t say any kind of telemetry is evil, what is evil in my view is profiling. And the proposal states that this wouldn’t do any kind of profiling (by putting every piece of telemetry from every user into one place, so that the identifiable data gets lost in conjunction with all the other data from every other user)

TL;DR It’s not Red Hat doing this, the desktop team wants telemetry to improve Fedora. Red Hat doesn’t need or want this data. It was an independent decision

For updates on the proposal and the enormous feedback it already received, visit the wiki: https://fedoraproject.org/wiki/Changes/Telemetry#Feedback

It’s definitely worth the read

Quoting from the feedback section:

The proposal owner suggests a compromise “suggested opt-in” design, where the UI encourages the user to opt-in, but the user must explicitly make a decision to do so or not

Too much reading? Your loss. Two sentences above, I’ve quoted exactly what OP posted “Occasionally, Red Hat might need to collect specific metrics to justify additional time spent on contributing to Fedora or additional investment in Fedora.” It clearly stated Red Hat.

Thanks for the link! Maybe this could have been added in the initial post, to have some kind of continuity update.

It’s literally the first paragraph of the proposal…

The Red Hat Display Systems Team (which develops the desktop) proposes to enable limited data collection of anonymous Fedora Workstation usage metrics.

So, I’ve read the wiki page. It’s hilarious, to say the least. Actually I’ve written a long post and deleted it, as it’s not worth to cry about it at this point.

Considering this proposal is too fuzzy for my taste and it wasn’t shut down for good, Fedora 38 is the last release I’ll ever use. It’s time to jump ship. All those techies on social media were right all along.

FC24-FC38 RIP

I might suggest that the problem isn’t that you’ve been around too long but not quite long enough to remember that this kind of stuff used to be common and part of the Fedora installer. It got dropped when the new installer hit somewhere around Fedora 17 (IIRC, not for privacy concerns, but for lack of people wanting to maintain and update it at the time - I think smolt even remained in the repos for some time afterward?), but this was in Fedora for many years without controversy:

image1026×761 115 KB

Most people in this thread would probably applaud and cheer if this telemetry proposal was replaced with that blast from the past. I know I would. And look at that, it was even opt-in - just as it should be!

Anyway, Smolt was just a hardware profiler. That’s far from the kind of snoopy system level telemetry service currently proposed for Fedora.

Assuming that it really is fully anonymized, I wouldn’t consider it “snoopy” as much as adjusting to what needs measuring. The hardware profile stuff was very useful in its own era when the likelihood of a random wifi card, webcam, or GPU working out of box was a gamble and there were a lot fewer OEMs contributing drivers for them, meaning it wasn’t feasible to get to everything right away. Just as the hardware profiling could guide how to target which hardware to focus on, the telemetry could be useful for guiding which software is getting used, which needs attention, which should be replaced etc.

There is something ironic to think about here. Firefox tends to show almost no market share among users in general metrics (though it remains very popular in annual surveys of Fedora users), which is often cited as both an existential threat to Mozilla and as a reason why developers should target Chrome and Safari instead, however, since Firefox users tend to be privacy oriented, they also tend to not only block ads, cookies, trackers, etc., but also opt-out of telemetry in general, which means that Firefox tends to get underreported, so it is quite possible the impact of not supporting Firefox is more significant than many assume at face value.

Opting into telemetry for Fedora, which isn’t going to turn around and sell your information or sell you ads, is a way for you to at some level get a vote on what software is being used and should be invested in. As a trivial example, if everyone that uses Gnome’s built-in Text Editor does so because it’s privacy focused (since there are no trackers) also opts out of telemetry where everyone using VSCode, etc., opts-in, then the maintainers might conclude that the Text Editor should no longer be shipped in Fedora by default, or perhaps shouldn’t be shipped by Fedora at all. There may be quite a few people who use the Gnome Text Editor, but the group that would propose to remove it now has data to back up their claim, where the people upset about it are appealing to individual anecdotes. Conversely, if everyone opted in, it might give some insight as to when someone who normally uses Text Editor opens VSCode instead, and it might inform that Text Editor is generally very useful but could do better at editing YAML, so work is then put towards improving the experience of editing YAML with Text Editor.

I’m not suggesting that everyone needs to opt-in by any means, but please don’t frame it as Red Hat spying on people. There are legitimate reasons to do this. Rather, I see that it’s an opportunity to contribute input back to Fedora so Fedora can use it to make Fedora better for everyone, which is to me, the same kind of usefulness that smolt provided, simply retooled to better fit our current collective needs.

I would say that all telemetry is inherently snoopy. Doesn’t matter if it claims to be anonymous or not. It’s a matter of function, not just of motives.

Consider a system service that constantly tracks what UI elements you click, collects information on what software you’re running and reports which runtime you just based your new container on. In my books that counts as snoopy behavior. And those are just the limited data point examples given in the original change request. There would absolutely be more.

I’m not claiming that Red Hat is spying on people, but this change request is from Red Hat and driven by Red Hat’s interests. It is clearly stated it in the proposal: “One of the main goals of metrics collection is to analyze whether Red Hat is achieving its goal to make Fedora Workstation the premier developer platform for cloud software development.”

Now, one might argue that this is a goal worth supporting and running a snoopy system service is a small price to pay or even a way to contribute. That is fine. For me personally, adding telemetry would signify a fundamental change in Fedora. A change I can not be part of.

Hope it doesn’t come to that, but we’ll see.

So to help those who truly care about privacy we should take away what they care about… OK. You could also just believe what people tell you voluntarily (surveys) instead of relying on creepily tracking them. You can also actually try and judge the quality of software and make a good product as opposed to some garbage more people will use because it’s less capable but easier to use for the less adept.

Despite all the insistence to the contrary this is very much a corporate think sinkhole.

I’m not sure if I understood those examples correctly, but here goes.

How does privacy conscious users disabling tracking and using ad blockers lead to Firefox getting under-reported? And under-reported where? In browser usage stats maybe? Telemetry data collected by Mozilla goes to Mozilla’s servers, so I can’t see how it effects browser usage statistics. Firefox is also the default web browser in many distributions, Fedora included. No wonder it’s popular in surveys too.

The story about the two text editors is actually a really good example how blindly trusting telemetry data can lead to serious problems. Without telemetry this would not be an issue, so let’s hope it never gets implemented!

Also, I’m not even sure how knowing if users prefer editor A to editor B would bring any significant benefits. Everyone has their favorite piece of software and FOSS is all about choice anyway. If not, we can always dump Vim or Emacs from the repository based on telemetry data.

Surely one of them is more popular than the other.

I was trying to avoid this discussion, but this one really gets me.

My answer to you is: Maybe we are not a “representative sample” but we are the community that makes the decisions, and you You shall not pass over us.

Yeah, that one is really bad.

It’s almost like: “This proposal is based on ignorance of the masses. You folks are way too informed about privacy and implications of adding telemetry, so your opinion doesn’t matter.”

Maybe, just maybe the people who know about this stuff and actually care enough to discuss it are the one’s whose voice should matter the most?

Data collection will not make Fedora better. It will make it worse, becasue it will dirve away a large amount of users.

@mattdm can we please close this topic? No new commenter can possibly have read the whole discussion, and we only get necro-posting from people reacting to the title, or reactions to the reactions by people who really should stop feeling the need to reiterate their position every time they see a new reply, like the worst dopamine drip ever invented.

Incidentally, this kind of long tail necro-posting is precisely why we close topics after a set amount of days from the last reply on the GNOME Discourse instance.

I don’t think these threads should be closed. This is a very important topic of an ongoing issue and the volume of messages is low now. When and if @catanzaro posts a new change request, then sure, close them up. But not before that.

I feel like everyone’s point have already been discussed and analyzed by the proposer. New people will join the discussion without reading the 500+ replies and just regurgitate points and concerns that others already mentioned

or the proponents having to see over and over again how unwanted it is among the community and have their fallacies torn to shreds repeatedly because they just want that “precious” data that doesn’t belong to them so badly.

Yeah, I am going to close these now, as they clearly have run their course. From a procedural point of view, I think we should do that whenever a proposal reaches the next phase of the process — in this case, this proposal is withdrawn, and we waiting for a new one. Further discussion of the old one doesn’t seem useful. There are plenty of other places (including in Fedora spaces, and on Fedora Discussion elsewhere) to discuss privacy and related issues in general.