I’ve spent a long, long time thinking about ethical software, the challenges we *necessarily* give ourselves compared to closed competitors, and crucially, how to overcome those challenges.
Four and a half years ago, I wrote:
>respecting your privacy is the ethical thing to do; users have a fundamental right to the utmost privacy, even from companies and products they trust.
That’s as true as ever.
The combination of rapidly-improving technologies like GNOME, Flatpak, Wayland, and portals also means our active privacy protections are better than ever on the desktop.
I went on to write:
>If and when we are able to develop an open, peer reviewed, industry-respected method of responsible and privacy-first telemetry, we may consider doing so.
While that post was in the context of elementary OS, I stand by every word I wrote.
I have also seen first-hand the wall we constantly hit when we can only rely on anecdata gathered from the most online, tech-savvy crowd—which is the majority of folks reading this, for example.
We are at a supreme disadvantage by not having good data to help inform our design processes. For System76, elementary, and GNOME I have been involved in small user studies and surveys to help inform us and while it was better than nothing, it always had an extreme bias towards that crowd.
What about that “privacy-first collection of useful data” I suggested as a future possibility?
It turns out Endless OS Foundation—the grant-funded social-wellfare non-profit deeply involved in furthering GNOME and Flatpak with tens of thousands of non-technical users across the globe—has been working on that. And we’re sharing it with and planning to work with the broader ecosystem in order to further the quality free and open source software—while keeping privacy paramount from the start.
Read my colleague @wjt’s post covering the privacy-first system we have built into @EndlessOS, how it fits together, and why it exists.
https://blogs.gnome.org/wjjt/2023/07/05/endless-oss-privacy-preserving-metrics-system/
I hope this can serve as the beginning of the ecosystem coming together to solve this unique challenge in a way that is objectively superior than any proprietary system—all with privacy as the fundamental principle.
You can also read and comment on @wjt’s own post over here:
This would be a massive boon to the open desktop space: dedicated engineering to develop, audit, and deploy leading-edge radically-transparent privacy-preserving metrics—which any other project could reuse to improve development while ensuring personal data is never shared.
Think Plausible for the desktop. This is the theoretical privacy-first metrics system I wanted in 2019, and it can become real.
Oh, and please actually read the post.
@cassidy What would consist of useful data in this case?
@AmonTheMetalHead off the top of my head:
• what settings do people in the wild actually change from the defaults?
• what extensions are in active use, possibly meaning the default experience is lacking in some way?
• what are the most used apps in the wild, possibly helping to inform better default app selection?
• what apps crash the most, potentially pointing to conflicts with platform code?
Even having a sense of what regions have the most active use could help prioritize localization.
@AmonTheMetalHead again, the crucial component is that this would be aggregate data with no identifying information transmitted anywhere. We don’t need or even want to handle anything personal—that would go against our own values!
When every proprietary product out there deeply surveils every action of every user and uses that to their own advantage, I believe we have an opportunity to do telemetry in a way that only FOSS can: radically transparent and objectively, provably privacy-preserving.
@cassidy Yeah, I can see the utility in that, should be doable too, in a fairly anonymous manner
@cassidy @wjt y’all should look at Ben Liblit’s early work on performance-protecting crash reporting in GNOME. The goal was scalability, but the same principles (essentially, client-side randomization to upload only a fraction of sampled information) would also work as a significant privacy-risk mitigation: https://pages.cs.wisc.edu/~liblit/pldi-2005/
@cassidy are you aware of @telemetrydeck ?
@phaus @telemetrydeck I’ve heard of it but not dug into it. I will have to read more, now. :)
@cassidy well that post sure blew up pretty quickly too
@cassidy it is only a matter of time before it is exploited and abused. ever heard of RedHat doing 180 on something they promised? especially after last couple of years it is obvious where this is headed. fool me once, shame on you. fool me twice.....
@lecroix74 this is literally not in the hands of Red Hat.
@cassidy that statement is like saying Canonical has nothing to do with Ubuntu.
@lecroix74 nope.
Show me when Red Hat has exerted control over the Fedora governance to ship something against the will of the community council. While Red Hat pays a lot of folks to contribute code to Fedora, GNOME, Linux, Flatpak, and a bunch of other projects, that doesn’t magically make them able to bypass those projects’ independent governance. Fedora’s much better structured than Ubuntu in that way.
Ubuntu is a product of Canonical first and foremost. Fedora is not a product of Red Hat.
@cassidy fine. Now you surely can list all instances when fedora fought back against Redhat.
No matter how you sugarcoat it, fedora is OWNED by Redhat. Yes,there are technical minds at the helm for fedora. But they report to RH. So yes, they are running the show behind the curtains.
This explanation from fedora is as calamitous as the latest RHEL debacle. Feels like the same person wrote it. Very much Musk-like. "We want your data in order to achieve more security and privacy"
@lecroix74 I'm not going to argue with someone who refuses to see reality. Have a nice day.
@cassidy we do like zero analytics or data collection where I am, and I get the "own-goal" vibe there. As someone whose job touches on marketing sometimes, SOME data would be really helpful, and I hope the sort of explorations you guys are doing will be things we can all learn from. So far the stuff you've pointed out seems pretty well-considered and a very reasonable approach.
@ryne thank you, your feedback is appreciated and valued!
It’s SO hard because it is much, much easier to scream, “REEEEEEE ALL DATA IS EVIL DATA, METRICS BAD” when what is actually being proposed here is even more radically transparent and privacy-preserving than anything coming from Apple, who has somehow privacy-washed their brand while doing all sorts of telemetry and advertising.
@cassidy do not get me started on Apple and privacy. The rubes they've convinced through nothing more than marketing buzzword bingo bullshit and massive ad spends. The hypocrites should be ashamed, but they spend enough money they get to be associated with a word they do nothing to evangelize or practice.
@cassidy I saw the proposal for Fedora today, I don't know exactly how proposals work yet, but I'm in favor