Thanks for addressing my comment, @zbyszek.

In the long run, when used properly, telemetry is beneficial for users too.

This is a difficult case to make, but it’s beside the point. An argument for its utility doesn’t overcome the fact that telemetry represents an anti-feature, because it is prioritizing some other party’s interests over the individual users’: in this case, a process running on my machine working against my immediate interests on the Fedora Project’s behalf. There are all kinds of unethical practices that have utility.

Developers want to do well by users, but now we often work “in the dark”, with very little idea what features are actually used.

What features are used on my machine is no one’s business but my own. The developers are not entitled to this information, though they are welcome to solicit it through other channels.

(I contend that this proposal in itself is an example of not doing well by users, so we’re off to a bad start if that’s the end goal.)

Please note that the proposal and subsequent discussion makes a huge effort to keep the data collection anonymous and aggregated.

This is a side-issue that is secondary to the more basic unacceptability of the presence of an anti-feature in a free-software project. Making the anti-feature “less bad” is nice, but doesn’t rise to the level of being acceptable.

OK, things are cooling down a bit in the discussion. That’s good.

As I stated before, I’m all for sharing my data if this helps Fedora and the community in any way.

I’ve read some interesting comments around here. Some of them gave me some perspective:

for example, Mark Pearson was very transparent and that made me want to help even more by contributing my data. I do want to help him get Fedora everywhere within Lenovo.

Also, all posts by Andrew Jorgensen make a lot of sense too. He has some good ideas about what to ask for and how to do it.

And Gerald B Cox also made some good points. It’s not the devil wie’re sharing our data with anyway. It’s Fedora and Red Hat. I still like 'em both.

In the end, at least it’s the feeling I get, we all want to contribute. We all want an omnipresent Fedora and a better one as well. But, if we are to share our data (which, it seems, is a very hard thing to do to many):

• we want to be able to opt-in to that; in different levels of disclosure.
• we want to know exactly what is collected
• we want a very detailed explanation of what is going to be done with the data.
• we want to authorize any change to that and be offered the option of opting-out if we don’t want to continue.

If not enough users opt-in, we make a campaign to ask users to opt-in more until we get most of our users to help. We will do that by informing them of:

• how many people are sharing data currently and on which level of disclosure.
• what have we done with it.
• what could we do if more people opted-in.
• badge (or something) for contributing.

That sounds easy and straight forward, doesn’t it? It’s that simple.

Preface

For as much as I want to read all 150+ posts that have come out of this discussion, I’m going to voice my opinion on it’s own for the sake of having my say and giving perspective from the Marketing Team (I’m not speaking for the Marketing Team of course).

I’m grateful for @catanzaro’s respectfulness in the proposal and with the replies I’ve seen. Given the circumstances, I want to make sure to affirm that. Respect to @cassidyjames too because I know this is based on your work on Endless OS. Sorry for the lopsided reaction.

To acknowledge my bias, I don’t want to see telemetry in Fedora at all. That’s my preference, but that’s not the perspective I’m writing from.

Preserving the Fedora brand

When people think of Linux, it is usually in contrast to Windows and macOS. Linux users are looking to gain control over their systems and avoid telemetry that many times can’t be removed from those OSes. Linux has the reputation of being private. Fedora Linux specifically has risen to be recommended as the most private and secure Linux distro for desktop. Through hard work and dedication to openness and user privacy, we have an extremely positive reputation in this space.

With this proposal, we’re unfortunately on track to burn it.

I understand that part of the negative reaction to this proposal is overblown or misguided. For many, they just see the title and immediately assume that the change is already implemented and must be the worst kind of telemetry there is. Some don’t make a distinction between different ways of collecting data and what exactly is collected. In fact, some have already dismissed Fedora as spyware. The majority of those who remain are currently upset and/or scared that their distro is going to become more privacy invasive. It bears mentioning that this proposal is tainted by Red Hat’s recent decision to change how RHEL’s source code is made available, which was incredibly unpopular. This is just the reaction to a change proposal that hasn’t been accepted and won’t even take affect until next April.

Unfortunately it doesn’t matter how not responsible we are for the reactions of the Linux community. Perception is reality. Even if we implement the best version of this proposal where we collect almost nothing, all that most people will know is that Fedora has telemetry on by default. News articles and YouTube videos will be made giving their likely negative opinion on the change, which will affect interest in Fedora in the same way that influencer interest led to Fedora’s recent popularity. Only the folks who care enough to read documentation will know what’s actually going on under the hood. We will be defending this decision for years to come and likely not make serious headway, in my opinion.

Is the lose of users worth the data you gain by making this change? Is the lose of reputation worth the data you gain? That’s the tradeoff to consider. I’m not sure how to measure this. I think that we’ve been able to build great desktop environments and applications without telemetry. People are getting happier on Linux and Fedora with each year that passes. Is this telemetry proposal worth taking a wrecking ball to that momentum? Are we willing to lose the users that we could have converted into contributors over this change? As of now we are slowly getting better on our own. With telemetry as an opt-out option, maybe we get slightly better desktops at the cost of tons of users and the trashing of the Fedora brand in every Linux forum on the internet. We’ve already seen a small form of what that trashing looks like, so this isn’t a hypothetical consequence. If I was in the Fedora Engineering Steering Committee, this does not seem like a good trade at all.

I think this change request is well done, and present its case well. But, I question the idea anyway. While this change might add some information on how to optimize Fedora for the hardware that the Fedora users actually use, and might give some insight in the usage of Gnome (as per the well done description on what data to collect), I strongly oppose the idea on core values. That information is not worth the damage this will do.

Fedora is not Red Hat, but this comes very close to the kerfuffle about the Red Hat source code, and that showed how angry and agitated people can be about things. This is not even a business venture, with a bottom line to protect. To implement such a change as this, will create more damage to the community than the data collected will help.

I see a major problem with the opt-out solution, even though I realize it will generate more data than an opt-in solution. Fedora is not a platform that I feel represent a “holier than thou” attitude, in that someone other than you the end user knows what’s best for you, and does it “because that’s best for you”. That’s opt-out in a nutshell. But, I don’t think opt-in is a solution. This is a question of trust.

I want to trust Fedora to be a community built linux distribution that is the latest and greatest, secure and user focused. Collecting data on the users, regardless of how it is done, is what Elon wannabees like Shuttleworth does! Tracking their users is what companies like Microsoft does.

It’s a question of trust.

This is not a technical question, as such it presents an excellent solution. This is a question of telling people like me who have been using Fedora for decades that we as a community are going down a new path. I don’t want to be part of that.

Many people have already said what I have said, so I just wanted to add my voice to amplify the signal. There are those of us that oppose this, regardless of the implementation details.

I’m still pretty new with this, sorry for misunderstanding how Fedora works, and thanks for explaining it!

I won’t rehash what others have said. But I think it is important to examine why we are at this point, discussing opt-out telemetry in a historically fiercely free Linux distribution.

The above argument by Adam is very important. I’ve been around Fedora for more than a decade, and I was drawn to it because of its community engagement. However while today’s Fedora releases are more bug free than say 2010, I would still prefer the 10 year old project because then I could open a BZ report, and get a human to respond. Now only RHEL relevant reports get human responses. As a result, my participation in the community has also reduced (that includes the mailing list, and here). The alternative to telemetry isn’t easy, but wishing for telemetry is a dehumanising crutch popularised by corporations.

That said, some more specific comments:

1. Anyone affiliated to RH should declare their affiliation when responding to this thread. While reading several of the “in-favour” responses I realised they are RH employees. It wasn’t immediately obvious. This is important, since apparently internal RH goals are influencing this proposal:

2. The proposal asks for building surveillance infrastructure into the OS, and the only check against abuse is a “promise” to adhere to agreed processes. What guarantee does a user have that malware won’t target this OS level infra for abuse? How about proprietary software people might use on Fedora, how will a user ensure they are not abusing this infrastructure?

3. The implementation detail of how this will work, a project wanting telemetry will depend on eos-* packages. I suggest also requiring this dependency to be a “weak dependency”. I do not want to trust my privacy to a UI toggle. The user should have the ability to exclude all telemetry packages from their system with something like excludepkgs.

4. Why will the aggregated data be gated? As with everything Fedora, it should also be open to users to use. I can see two reasons, 1) the users played their part in creating the dataset, so they should have access to it (a reasonable check could be requiring a FAS account), 2) only if it’s open we can inspect it and verify if it is still privacy preserving after aggregation (I think this was pointed out in one of the responses: privacy preserving at collection is not necessarily privacy preserving after aggregation).

5. What is the process for notifying users on any changes in the collected data points? A user might agree to providing info about their editing behaviour, but not the languages/platforms they use in their projects. I’m deliberately choosing development as IDEs were mentioned in the proposal, but this can be extended to anything else.

6. Dismissing GDPR is naïve. Under GDPR, the user has certain rights, you cannot dismiss it without discussion.

This is important. Combine this with:

Is this RH doing yet another stupid move making sure they gather more bad will in the community?

Re GDPR, I think it is less that they are ignoring it, and more that because it is the law, they must follow it. So it isn’t relevant for debate because any solution has to be GDPR compliant.

I read it that way as well, however I would like to know what are the compliance measures. It can’t be something that some RH lawyers decide. But something that also respects community wishes. There is compliance, and then there is “compliance”.

Just joined here to say that I am totally against this telemetry proposal, I think it should be rejected right away.

I read earlier in this thread that anyone can make a proposal, so my proposal would be something like a clear statement somewhere in the Fedora Mission or Vision section that Fedora would be always telemetry-free, zero-telemetry forever. Only this would make those who already left Fedora because of telemetry to comeback I think. This all very sad…

If you want this to work, you could implement such a system, like this:

• Not having telemetry packages on the installation image (iso image) by default

• After installing, the user could be asked: “we would like to collect telemetry data to improve Fedora for everyone, here are the details: [Details on how the data is collected, what data is collected, when it is collected, where is it going to, and the user having access to said data (could be blended in with all the other data which would honestly be the best approach) For us to receive and collect this data in the first place, however we would like you to install this package [package name].”

I want to say I have no idea if such a system would work, but this is the approach that Arch Linux uses (kinda). They ask the user in a wiki page to install a package to provide the Arch Linux team with data (similar to Debian’s popcon).

This would be the best approach from a privacy-respecting perspective.

Also, if you do roll out with this idea, be sure to implement it in the most transparent way possible. What I’m suggesting here is merely that, a suggestion.
And also, if you roll it out with unsafe defaults from a privacy perspective, please be kind and remove this statement from your website:

IMG_30511242×534 81.2 KB

I’m sorry for being disrespectful in the end, but trust is something that has more value than anything in the linux community and in general. I know you had to think about it, but coming from the Red Hat Display Systems team, this is not very transparent at all (considering you had 2 years to think about this, I bet a lot of internal talk inside Red Hat was made about how to tackle this (I don’t know for sure, this is purely out of my mind. If I’m wrong I am sorry))

This is just my opinion on the topic. You value the opinion of your users, but if the team responsible already has a decision, there is no need for community opinion.

This will largely depend on how you implement this system. I gave out my suggestion, I don’t think it will matter if the team already made up its mind though…

Edit: removed some of the unnecessary rambling

I had to sign up to voice my opinion. Which is a simple; please do not add any telemetry to Fedora. Thank you.

I support adding telemetry. I will provide my justification and reasoning below:

1. Justification: Without telemetry it is impossible to know how end-users are interacting with your software. I believe that if this telemetry is anonymous, auditable, and modifiable (e.g. in the same way that crash reports are) it could be implemented in a way that respects users and developers. I believe that developers and designers having greater insight into how their software is used will lead to a better product.
2. Stipulations: I understand the desire to have telemetry opt-out. If it is opt-in it is likely that data collected with be subject to bias, which would raise the question as to whether the data is even useful at all. However, if it must be opt-out, I would like to see three things: 1) The opportunity to opt-out clearly marked and easily chosen at install time and during upgrades. 2) Regular notifications (bi-weekly? monthly?) reminding the user they are opted in to data collection 3) A view in settings to easily control telemetry, as well as view what has been sent and when

Thanks for all your work on Fedora!

If that gets written into the Vision and Mission statements, should then Fedora remove all packaging of applications that collects telemetry?

There’s a lot of people on FESCo that I really respect. While I’m not going to try to call their decision, I know at least a few of them are going to be committed to reading every single response before casting their vote.

Ultimately they were elected to the body to care for the entirety of the fedora community (not just devs for one specific portion of it) and I earnestly believe they’ll work towards that end.

I think the amount of traffic has a lot of dissent. I don’t mean entirely for for telemetry=bad, but rather the proposal as it was originally stated. I would be shocked to see it go through with 0 revisions from FESCo. (We’ve already seen some happen)

I know that it’s easy to powerless, but your comments here are very helpful. So thanks.

Let’s take Firefox for example, if Firefox Fedora package had “Firefox Data Collection and Use” disabled by default, that would be awesome! I have to disable it every time on a fresh installation.

But I think it’s a bit offtopic, this thread about system-wide telemetry, not telemetry in some particular applications. Users should decide for themselves if they want to install app with such anti-feature or not.

My proposal was about telemetry-free on a system-wide level.

I think there’s two types of trust to consider here: trust that parties are working in good faith, and trust in parties’ “competency” (for lack of a better word). I absolutely trust that mcatanzaro is operating in good faith.

Do I trust that FESCo can keep the commitments regarding anonymisation of user data? Frankly, no, and there’s good reason to be sceptical (Guarding personally identifiable information [LWN.net] comes to mind, see the section “Problems with de-identification”). Even if I did believe this were possible, do I trust that FESCo would take their oversight role seriously and not just act as a rubber stamp? At present I have no reason to believe so (I don’t mean to imply that FESCo wouldn’t be acting in good faith, merely that FESCo has its own interests and priorities and I suspect this would not be high on the list).

If I opt out, do I trust that there won’t be some bug that results in my expectations or wishes being violated? Geoclue had just such a bug. In that event, do I expect that whoever is responsible will consider rectifying the situation a high priority? Well, it was eighteen months between that Geoclue bug being opened and the issue being fixed; it was closed earlier apparently as a WONTFIX. Again, I’m not trying to impugn anyone’s motivations or actions; bugs happen and we all have differing priorities.

Further, if something does go wrong (say there’s a bug in an update or an opinionated piece of software comes along, resulting in that preference option being flipped) it’s going to be a long time before I find out that my system has been shipping off all sorts of information without my consent. Am I supposed to rig up a cron job to check my configuration regularly? Black-hole the analytics reporting endpoint for my network?

All this probably sounds unnecessarily paranoid, but I feel like I’ve had the rug pulled out from under me on data protection issues too many times to just accept someone’s word. I used to be the type to opt-in to analytics to help out, but I’m well past that stage now.

I’ve been a Fedora user for over ten years, and a GNOME user for even longer; I really like both, and really don’t want to leave. Although I haven’t contributed nearly as much as I would like, I do have a handful of semi-notable contributions to the ecosystem. It’s a platform I enjoy using and one I’m invested in.

I would like to say that, were this proposal to be rejected, I could happily go on using and recommending Fedora as before, but I’ve been aware about telemetry as a recurring point of discussion over the years. Some have pointed out that this is not a foregone conclusion, that change proposals are subject to community approval. I’m aware of the (broad outlines) of the change request process, but I suspect that if this proposal is rejected the issue of telemetry isn’t going to go away. Regardless of the process, that such high-profile contributors are in favour of this proposal makes me feel like I need to reconsider the software I’m choosing.

Honestly, I’m just tired.

Long-time open source contributor, past team member of one of the largest open source foundations, worked with Linux users in over 50 countries, O’Reilly book author etc. Have signed up to comment on this change, hopefully with some practical information.

Specifically, I want to note that there are some pretty passionate Linux users in highly regulated environments for whom anything down the lines of this proposal will be a large problem. Having an in-built opt-out system that is able to extract information from secure environments, where the extraction of information has serious “real-world” consequences, would make Fedora unusable in these environments.

In the event that this change progresses, may I suggest that the temptation to “phone home” straight away after installation/boot is avoided? The user should be given a reasonable period of time to disable the telemetry mechanism before the first message is sent. Perhaps several hours at least?

It would be really sad if Fedora would enable telemetry by default. I became a contributor to Fedora because Fedora always valued privacy and patched telemetry out in other applications. If this goes through, this is such a shift in philosophy that I will probably have to leave the project, which would be sad, as I otherwise really like Fedora.

That’s what it should be. Everybody was asked, so if you don’t answer to the poll, your voice isn’t heard and your needs are not catered for. Completely fine.

In other words, if you want change, take part in the surveys…