Here is one way that does have side effects and only affects the running of the dnf command
cat /etc/profile.d/dnf.sh
alias dnf='dnf --setopt=\*.countme=0'
The only documented way I could find would be to modify each repo file in /etc/yum.repos.d that has countme=1 to countme=0. I tried
dnf config-manager --setopt='*.countme=0' --save
but it changed more than I was aiming for (all repos even if they didn’t have a countme to start with). It seems that anytime the rpms that include those files are updated the countme gets re-enabled.
For kickstart installations while anaconda is installing packages I have
%pre
for repo in /etc/anaconda.repos.d/*
do
sed -i 's/countme=1/countme=0/' $repo
done
%end
bz#1965813 exists but does not capture a real solution. Does anyone know how to opt-out (both during installation and once running)? To opt-out permanently?
I dont know the technical details (please someone add them) but the countme is anonymous and just gives you a unique ID or something?
Your IP address may be enough to do that, but nonetheless the traffic is encrypted and you need to trust Fedora anyways with anything.
I see how it could be a problem that you are targetable because of that unique ID, and if certain state actors want you down, they could target only you, which could be legal, unlike implementing backdoors on everyones system.
Hello @steppybug ,
Sorry to hear you’re having difficulty with this. You’re correct that @mattdm who is the owner of the wiki at Changes/DNF Better Counting - Fedora Project Wiki, states there that it supposed to be easily turned off. Perhaps he could join in this conversation, and we can all figure out how to turn it off.
I note the countme toggle is default true, then resets to false after first time count then returns to true state after 7 days I think the doc’s say.
This also may be of relevance in the proposal noted …
Rather than a simple boolean, we'd like the "countme" variable to act as an increment-counter. That is, it would be "1" the first week, "2" the second week, "3" the third week, and so on.
This would indicate that it is used as not just a toggle, but as a how long (in weeks) is this a Fedora system?
I moved this to the project discussion area.
1 Like
jakfrost
(Stephen Douglas Snow)
Category updated
6
It doesn’t contain a unique ID.[1] It just tells dnf to, once a week with some randomization, send 1, 2, 3, or 4 instead of 0 along with the normal user-agent metadata it always sends. The numbers correspond to broad age buckets (first week, 2-4 weeks, 5-24 weeks, 24+).
This was supposed to be age-since-system-installed, but as you’ve noticed the implementation ended up per-repo. The dnf team is actually fixing that, which should also fix this whack-a-mole problem (there should be one global age and one global setting).
I’ll talk to them and make sure that it is easy in the updated code.
That said, whereever possible, please leave this on. It doesn’t cause any additional connections that could be seen by a third party[2], the information does go over https, and the information it gives is intentionally meant to be useless for individual tracking.[3]
The resulting information is extremely useful for basic things like “hey, is KDE really significant to our users, or is the KDE SIG really loud?”[4], or “do people really use Fedora Linux for anything other than desktops?”[5] or “is this new release seeing uptake?”[6] or “are a lot of people running past the eol without updates?”[7]
This, in turn, helps us make better decisions as a project.
That is what SUSE does, and it was my original proposal, but this is better. ↩︎
except on ostree systems, maybe — they have a different implementation ↩︎
We are also looking at adding differential privacy techniques (which add noise at the individual level which can be removed only in aggregate) but that’s a future possible improvement. ↩︎
When DNF 5 is the default, we’ll be able to use a configuration override (similar to how systemd has /usr/lib/systemd vs /etc/systemd) to just turn this off without overwriting the repo file that is RPM managed
Yes – weekly processed data goes to Index of /csv-reports/countme every thursday. I have some scripts that process those logs into useful graphs, but they’re pretty hacky. I’m planning on updating those to use graphana sometime after the f40 release.
It only looks at enabled repos with the countme option enabled. With the exception of ostree systems (which don’t use DNF), it’s entirely part of the normal DNF metadata refresh. Since that goes over SSL, to an external observer, there’s no difference from a refresh call which doesn’t contain the once-weekly countme request, or from a system with countme disabled.
If you have countme enabled but only your own internal repos, only your own servers get the metadata. So, these are already not counted.
I don’t think Foreman or Pulp pull DNF metadata in the same way, although I haven’t looked at it for a while.