Although some of them are very important and followed by masses, the ones that should be ‘upset’ are Fedora users and contributors, because it’s their distro at stake.
That said, the damage on image is very deep and if this passes as is Fedora WILL be called evil and named the spyware distro. Jeez, I believe some of them will call it evil even if this will not pass anymore.
Currently, I see a major point of conflict for the debate, with two points of view:
Data is so important to us that we don’t have problems implementing an opt-out system that will be seen as evil
Data is important, but we cannot supersede the moral aspect: let it be optin
I am not putting here anything else because what will matter most to Fedora image is not how telemetry will be implemented or what will be collected, but the opt-in/opt-out dilemma. And I believe that if Fedora eventually takes the opt-out path then it should be well aware that this will cause troubles with user trust across the Linux community, something that cannot be recovered, probably ever.
I disagree with you on the above point. This isn’t just a Fedora/Redhat/distro. problem. This is a problem for the Linux community. If Fedora goes through with their plans then some other entity will use it as a license/justification to pursue telemetry/data collection with other distros. Give it a few years and the telemetry/data collection will spread like a cancer, turning the Linux distros into Endless OS and Windows 10/11 clones. It will be like Gru’s minions.
I said awhile ago that the only way I’d be remotely okay with this is if it’s opt-in or an explicit choice, but after ruminating on it and reading, I’m just flatly against it. Having a telemetry system installed by default that could potentially be abused by Red Hat or any potential malicious entity just bothers me on a fundamental level. I came to Linux in part to escape worries like this. I recognize the potential value, but having such a system just makes me uncomfortable and weakens my trust.
GDPR
…
The proposal owners will not respond to mailing list posts that discuss GDPR or similar legal obligations during this change proposal discussion. In short, let’s keep discussion focused on what Fedora SHOULD or SHOULD NOT do, rather than what we MUST or MUST NOT do.
Simple: any Fedora data collection MUST be GDPR-compliant, as a minimal baseline. Why not simply state such a goal here? Trying to avoid discussing it even in abstract is not a good look.
So although I’m certainly open to feedback on all aspects of this design (except the need for telemetry to be opt-out), I am nervous about the explicit choice approach because that is the approach Apple has taken with iOS, and those users have overwhelmingly opted out of data collection (something like 95% refuse to share).
This is ethically dubious. If given explicit choice, most people refuse data collection. The solution to that is to not provide explicit choice, which presumably works only because then people are not aware of the data collection?
I disagree with “it is impossible”. That is overstatement to protect SW developer from finding other, less invasive ways to collect data, which I understand., but do not support. Trading security, data freedom of many users for developer(s) comforts - that’s not a fair deal. Internet is full of real stories of SW developers not being able/careful enough/interested to implement adequate data protection resulting to massive data leaks.
“Believe” and “could” it is not enough. In the proposal, the design, etc there must be specific details on how data security will be implemented. That is needed before starting the implementation as community wants and has the right to know that if telemetry is considered at all.
I fully agree with this, but telemetry is not the only way to get needed information.
Having been a computer user since before the PC existed and using Windows for the last decade, what finally pushed me off that platform was the telemetry of Windows 11.
Last week I installed Linux for the first time ever (I chose Nobara which is Fedora based) and now I see this in my social media (Mastodon). Bad timing (for me). I hope I didn’t choose the wrong distro after all the research I did so here’s my vote against telemetry.
Data for potential UX improvements seems to be the main reason if I understand things correctly, but being a former UI designer, telemetry is the lazy corporation’s tool. Do proper usability testing instead.
I think the biggest error with this proposal is that it approach the end users of Fedora as consumers, as buyers. “We need this data to make a better product for the users”, you say. I am not a consumer of your product!
If they people in the community feel the tool they’re gathered around is not good enough, they have to speak up. This approach is the other way around, it’s corporate thinking. It’s talking down to the “consumers”.
We can argue over whether it’s the best wording, but this is exactly what the proposal is trying to say. (Above and below the quote you’ve chosen.) It may not even be the GDPR that is the “minimal baseline” — there may be areas where other data protection regulations hold us to even stricter rules.
Here is what I believe are the group splits within the community as of right now:
Group-A = no telemetry or data collection at all
Group-B = maybe some telemetry/data collection based on the details of how it is done
Group-C = some or full telemetry/data collection based on some opt-in/out mechanics/rules
Group-D = sign me up for the data collection
The groups can be whittled down as follows.
Group-D can merge with the Group-C members who consent to allowing data collection.
Group-A can merge with the Group-C members who decide they definitely do not want any data collection.
The above shake up leaves 3 groups:
Group-1 = no telemetry/data collection at all
Group-2 = sign me up for the full package of telemetry/data collection
Group-3 = can be forced to pick from a binary choice (no data collection or full data collection)
Forcing Group-3 to choose leaves just 2 groups:
Group-Off = no telemetry/data collection at all
Group-On = sign me up for the full package of telemetry/data collection.
Since we are left with 2 large camps. How about the following as a solution. Split the Fedora distro into 2 separate distro/repo. pairs:
No Telemetry/data collection = a distro and repos that only use telemetry free software packages
Full Telemetry/data collection = a distro and repos that is setup for full telemetry and uses telemetry laced software packages.
The above is based on just the Workstation product. The above creates clean separation between the distro (ISOs)/repository pairs. Devs get what they want which is data. Fedora leadership gets what they want which are reports. The telemetry/data collection averse folks get what they want which is a clean distro./repository pair. I’m naming to the two pairs as the following:
Fedora Free and Clear (FFC)
Fedora Dev Tester (FDT)
Those are the best names I could come up with in a short amount of time. There would be separate spins based on FFC and FDT.
Fedora leadership is given the responsibility of setting up and maintaining the systems and ensure that there can be no mixing between the distros and repos. Think in terms of Fedora cannot use Arch repos or the AUR level of separation. Fedora leadership (and thus Redhat) has to assume full responsibility and legal liability if the separation is violated for any reason. There can be no favoritism antics with respect to bug fixes, developer attention, new features, release schedules, repo connection speeds, etc. for each of the distro/repo pairs.
The installer for each distro needs an adjustment before committing the disk changes and starting the actual copying of files. The FFC requires that the user acknowledge that they are installing a version of Fedora that is free of data collection components. The FDT requires that the user acknowledge that they are installing a version of Fedora that is designed with tightly integrated data collection components. Part of the acknowledgement of each distro is that if the user wants to use the other version of Fedora at anytime post installation, then the user will have re-install of the OS with the appropriate ISO, or they can abort the install and use the appropriate ISO.
I don’t think that is feasible. Imagine coming to the download page and finding two options:
One says it is data collection free.
The other says it collects some anonymous data, otherwise identical to the first one.
I don’t think anyone would pick the second one, the same way as opt in collection will barely get anyone to enable it.
Can’t Fedora just do the same as Debian’s popularity contest? I don’t mind sharing what packages I have installed, but everything else is no ones business.
Another major problem with adding telemetry to an open source project is that forks of your project have to carry patches to disable or redirect the telemetry, and when they lazily or naively don’t, you get telemetry from forks that might have other goals or changes that make their data invalid for you.
No thank you. As soon as Fedora leadership sets things up in some sort of mixed soup of some data collection, many users who will just abandon Fedora. I don’t want any data collection on my desktop otherwise I would just run Windows 10 or install Endless OS. I abandoned Windows 10 because of telemetry and other issues. Having telemetry in Linux defeats the purpose of leaving Windows. There would be no point to installing Fedora. In my solution the Fedora devs will get data because users such as yourself are willing to participate in the data collection. You install FDT (pick your DE) and I install FFC (Cinnamon or KDE).
The end result is that users are going to segregate themselves no matter what Fedora leadership wants. If Fedora forces telemetry even with opt-in/out mechanics, then their reputation will forever be smeared. Lastly, why are you not running Debian right now since you are ok with PopCon? Why bother with Fedora?