I am trying to be positive - not sure if my thoughts are feasible or even worth doing.
I am trying to say, how I want this to be done, so that I am willing to having a telemerty collecting service that is in “opt-out” mode.
First of all, before doing a Opt-Out mode. Do a “Survey” mode. When time is ready, transit to Opt-In mode, and ultimately “Opt-Out”.
Survey mode:
Users will got regularly prompted to allow sending a one time telemetry, such that:
All data to be send will be stored locally, so that user can inspect what is being collected
When the user say NO, then nothing is sending out
When the user say YES, it will not trick the user to agree as repeatedly sending
Better, allow user to set the frequently of being prompted to send: every logon, every day, everyweek, etc.
(There will be more requirement that I am thinking of, will write about that latter.)
Being Opt-In:
All Telemetry data will be store locally, so that user can inspect
Opt-in, give options of frequency of collection, frequency of sending, and what are collected/sent
Being Opt-out:
-All Telemetry data will be store locally for inspection
Opt Out should re-prompt regularly - monthly seems OK to me. (Say, I ignore Opt-Out prompt in Jan, so telemetry are sending during Jan. On Feb, I will got prompt again, if I answer Opt-Out now, not more telemetry are sent. And I will got prompted once per 3 months, for example.)
So, there are some concern that Telemetry plus Source IP will leak user details. How about Telemetry are only send when there is a VPN service in use. Buy some VPN service from Mozilla just for that.
There are some concern on how trust worth are the Data Server. Here, I will borrlow the concept of Silverblue.
The Data Server will only run Known and Published configuration, that anyone can download and install. The Data Server will got audited from time to time, to make sure nothing wrong is being done, and all software / service running in the server do match on the published detail.
Don’t ask me who is the trusted auditor - I don’t know.
No matter how much doubt we are having towards IBM/Redhat. How Fedora is doing is still opening to everyone to observe.
Let’s shout out loud when Redhat is really forcing Fedora to be worse.
It’s easy to conceptualize the argument as this, but friction applied as an explicit decision making roadblock will inevitably lead to a worse user experience. You are forcing a user to explicitly make an active choice. Which means the choice will most likely become “No, because I don’t want to figure out if I care” for most of the silent user base. And then you’re back at the problems with “survey” and “opt-in” models all over again, which is not providing statistically significant confidence in the data.
Defaulting to opt-out will reduce friction for the use cases where the person really doesn’t care, and will just take the default. Those that care will read it, understand it, and make an informed decision, either yes or no. And those that absolutely do not want this will immediately opt-out.
Which is why providing as much clear, honest, and open information on the implementation is the key part of all of this. Empower the users who want to decide to make as informed of a decision as possible.
Opt-out is not a subversion of what people want. It’s limiting the cognitive overhead required for the happy path, while providing everyone else with a clear and present choice to make that want to make it.
Extremely awful of you to suggest those of us who would choose to provide data would just be providing “garbage”. LIke I said before - extremely unimpressed.
I definitely fall in the opt-in camp. Anything that affects the users privacy or data should never default to an exposure of such. If opt-in makes the telemetry essentially useless than maybe we don’t need to be collecting telemetry at all. Telemetry is not a substitute for community engagement, or for good design. The idea that anyone needs to see what an app is doing on my assorted hardware outside of me, is a typical case of overreach. In particular it has no place in a community run project.
If I was using a paid offering i.e. RHEL than I fully expect telemetry to be an opt-out situation. I already have a financial relationship with the provider and baring any security directives I may or may not have a problem with it. My assumption going into the relationship, is that the vendor will have, or may need to have access to some data, and that it is incumbent upon me to make sure they do or don’t get it. This relationship does not exist when I am installing a linux distro for anything else. The assumption is that the default state of the system is private, not shared.
I don’t mean to be offensive or anything but I really don’t like the way you talk about the user community. That those of us who prefer privacy-by-default are people who would “complain” and “make a ruckus”, as if we’re unreasonable for wanting our data to stay on our computers as much as possible.
You’ve also still provided absolutely no answer as to why this really needs to be opt-out rather than opt-in*, or why you believe that those of us who would opt-in would provide “garbage” data. That’s also something that really doesn’t sit right with me.
It isn’t that the data you personally provide would be garbage. It would be that since the sample could be considered less representative, it might not accurately reflect usage as a whole.
No survey is ever 100% accurate, and (as this thread very clearly shows) a large amount of people will absolutely turn this setting off, or just stop using Fedora entirely, if it’s opt-out rather than opt-in.
You can. This is why default options exist. I’m not explicitly advocating, at least intentionally, in that specific post for one or the other. Just expressing the fact that opt-out is no more a subversion of user desire than opt-in is. You’re explicitly making the decision for a subset of people one way or another.
The use case behind this proposal appears to be to collect a statistically meaningful dataset to help drive development priorities and time investments for meaningful positive impact to Fedora. To achieve this goal, the data would need to be opt-out to maximize the amount of beneficial data.
It’s no secret that in most communities of anything, a significant amount of silent members will trust whatever direction it’s leadership takes it in. If the Fedora community deems this data valuable, the best and most efficient way to achieve the result will be to opt-out instead of opt-in, while clearly expressing and stating the desires for the data etc…
The problem with “survey” and “opt-in” is, although this data does help and provides a benefit, it is not statistically representative of the broader user base and use cases. It’s hard to have informed decisions based on just this small sample of data. The underlying problem is the classic statistics problems of sample size vs population.
Telemetry data has it’s merits, but for it to hold significant value, it would need to be explicitly coupled with opt-out, in my opinion.
It would be great if we had real world examples of # of opt-out fedora data vs # of survey reponses/opt-in, etc… I think that might help. not sure how to go about finding that myself.
edit: “statistically representative” instead of “representative”
No, nobody wants that. But there is obviously a disagreement if the proposed means will foster to increase or to decrease the number of users but also about the implications. Obviously many share your skepticism (including me), but please remain constructive, contribute by arguments and with the assumption, that no one here wants to intentionally cause harm to the community or to anyone else. Such posts don’t add value to the discussion but foster emotional developments that don’t support either side.
People in this thread already tried being constructive by saying “hey, we’re not against telemetry, but we don’t agree with it being opt-out, so please compromise with us by making it opt-in instead”. The response from this change’s proponents was very flatly “we don’t care, it’s opt-out, deal with it”, and we are told that if it’s opt-in the data would be garbage, and we the users are just complainers and ruckus-makers.
When we are so blatantly disregarded, what more can we do?
Expect that if the consensus of the community goes distinctly / clearly into one direction, the related committees will follow it. You might review the post of Miro. It is not necessary to develop an emotional way. Vice versa, even if a community leadership would fail to serve its members, the appropriate means would be different as well. Fedora ensures that you will be able to follow the development of the decision making, while the ease to change the community/distribution will always provide incentives that limit the power of any committee. So you shouldn’t feel too powerless.
The more rational/comprehensible/tangible and clearer your arguments are, the more likely they are to be supported and picked up by others and to influence the actual decision making.
Hi - I’ve personally opted-in to telemetry on most open-source projects I use, so I’m not philosophically opposed to telemetry at all…however, I’m very curious about the basis for your statement here.
Why do you believe that 95% would click Don’t Share? My assumption would be that, similar to what @pcreech17 said, most of that 95% “really [don’t] care” but would choose Don’t Share out of fear / lack of understanding / something else?
Shouldn’t it be incumbent upon us to educate those users, then? Otherwise, it feels like lumping in “does data about your usage of your computer get sent to someone else” along with power user settings that most people shouldn’t have to think about, like default filesystem type (and wouldn’t we agree that users should be thinking at least somewhat about privacy, and that telemetry built in to their operating system is a pretty impactful case to think about?)
If I’m misrepresenting how you’re looking at it, I apologize, but wanted to understand / offer a thought on that topic if that is the crux of your objection to that approach.
Personally, my observation of, and limited research into, understanding human behavior. We (you and me and everyone else on this thread) is already representative of the minority of the community, just by being vocal and involved. To us, opt-in makes sense because we would chose opt-in every. single. time. But we’re not representative of the majority of people who trust us to make good decisions and go along with it.
Forcing education upon a user is nice in theory, but will not work out in practice. The more barriers you put up in front of them, the more resistance they’ll feel and they’ll go do something else instead that’s easier. This is why so much time is spent reducing the happy path for use cases in almost everything in software. Hell, it’s why Windows is pre-installed on computers. Who wants a computer to come with no operating system, and then HAVE to make that choice?
This is why I say provide them off-ramps to more education/information if they want it, and be as clear and up front about what we’re doing as possible. That way, if their brain decides they care enough to research, they can go quickly and easily research and make a more informed decision.
People who don’t care aren’t going to care no matter how much we try to make them. If we try to force caring down their throat, they just won’t care about us instead and move on.