tag:blogger.com,1999:blog-2238516101365346732.post432143584778252867..comments2023-09-20T17:56:42.131+02:00Comments on tech & sp: What's all the fuzz about canonical-census?Anonymoushttp://www.blogger.com/profile/10693058812548733549noreply@blogger.comBlogger7125tag:blogger.com,1999:blog-2238516101365346732.post-64381319273874409592010-08-14T09:28:53.642+02:002010-08-14T09:28:53.642+02:00Well, there are people like you and me who actuall...Well, there are people like you and me who actually do have a look at those scripts, so users who are not tech-savvy can still read our blogs, emails and so on. However, they have to trust us to really believe that what we are saying is true. It is the same issue as with an OEM, they have to trust the OEM too to be sure they are not doing something evil with their data.<br /><br />As I said, the second the script changes and either encrypts data somehow or is not open to the public to read anymore it's time to have a look at it again. I totally agree on that fact that just because those scripts are open and not doing something evil right now doesn't mean they will not do so in the future. It's really something we, the tech-savvy community, must watch.Anonymoushttps://www.blogger.com/profile/10693058812548733549noreply@blogger.comtag:blogger.com,1999:blog-2238516101365346732.post-59172551887022623722010-08-14T05:26:40.639+02:002010-08-14T05:26:40.639+02:00@sp
It is all dandy and good and I am glad that t...@sp<br /><br />It is all dandy and good and I am glad that they are open about their scripts, but the thing is that that does not mean that they will stay this way forever. Extrapolating the future newer works this way. The second problem is that not many users are developers or command line savy. How many of those Ubuntu users will really be happy that the code is open and ready to dig in and hack those scripts? <br /><br /><br />thanks for the comments fix btw. Word.<br /><br />kkkkkkAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-2238516101365346732.post-84033847036280617612010-08-13T21:14:39.760+02:002010-08-13T21:14:39.760+02:00Thanks for your comments.
@Brett:
Yes, an opt-in...Thanks for your comments.<br /><br />@Brett:<br /><br />Yes, an opt-in would be great, especially if this should ever be added to the non-OEM distribution of Ubuntu. As for the OEM versions I am sure the OEMs are at least in charge of informing their users that the system is going to report back and/or have an opt-in method.<br /><br />@kkkkkk:<br /><br />The point that I was trying to make is that the way canonical-census works right now is not bad. We know which kind of information is being transferred, we know that it is being transferred using an unencrypted transport and we know how to get rid of it. I strongly object any way of transferring such data in a for us users nontransparent way, such as in encrypted form or from binary programs we cannot have a look at. If at any point in time Canonical would opt for deploying such a program you can rest assured that I will also cry out loud.<br /><br />As for requiring a login of some kind of posting comments:0<br /><br /> I have been hit with a lot of spam in the past and thus have decided to turn on user authentication (OpenID is also available, which should give you a better chance at protecting your information, given your OpenID provider asks you which information to submit upon logging in).<br /><br />I later turned on comment moderation too, but disabling the authentication option was not possible due to the lack of proper spam detection methods available via blogspot.com. <br /><br />I just checked (after reading your comment) and it seems like spam detection has finally been added, so you will be able to provide anonymous comments in the future. However, those comments will still go through moderation until I can verify that the spam detection method works properly.<br /><br />Thanks for point this out though.Anonymoushttps://www.blogger.com/profile/10693058812548733549noreply@blogger.comtag:blogger.com,1999:blog-2238516101365346732.post-35463590320525685832010-08-13T18:04:39.281+02:002010-08-13T18:04:39.281+02:00I think that you are too naive about the intention...I think that you are too naive about the intentions of bigger commercial structures like Canonical. They might have chosen an open source method at the moment, but in the future they might change that to an encrypted data schemes and a closed source method for their tracking <br /> intentions. They are slowly sneaking in. I was happy to dump Ubuntu recently for other reasons, and after learning about Canonical`s future intentions I am even more delighted about my past move.<br /><br />Btw it should be enough to provide an email address and a name for posting comments. At the moment your comment script looks for certain profiles from Aim , Google or some others. Why would I need to login a service to post comments on a page that talks about tracking user data?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2238516101365346732.post-54494909380164932852010-08-11T23:00:53.275+02:002010-08-11T23:00:53.275+02:00Ditto the opt-in approach. This could be a simple ...Ditto the opt-in approach. This could be a simple popup, "Do you want to send version and model information to Canonical?"... but it MUST be opt-in, or security experts will cry foul.<br /><br />Thou shalt not send any information from my pc, to anyone, at any time, without my knowledge and consent.Bretthttps://www.blogger.com/profile/14310530597249481995noreply@blogger.comtag:blogger.com,1999:blog-2238516101365346732.post-64329531961205851482010-08-10T20:54:46.155+02:002010-08-10T20:54:46.155+02:00Well, nothing has been said whether this is going ...Well, nothing has been said whether this is going to be opt-in only or not yet. So it's possible they are targeting such an integration anyways.<br /><br />As for the movement profile I am not entirely sure. If enough systems are sold I doubt creating a movement profile using log times, counts and IP addresses (and the DMI product name) is actually possible. What they seem to process though is your location, in terms of using GeoIP to build a map of where the systems are distributed. I have only had a quick look at the log parsing code, but they are importing the GeoIP module there.<br /><br />Also, what I wanted to get straight using this article was what information gets submitted and that it's better to have this system in the open than having a proprietary one that uses encrypted channels to submit information to the vendor.<br /><br />Last but not least: they could also gather times, IPs and counts from apt mirrors, if they wanted to.Anonymoushttps://www.blogger.com/profile/10693058812548733549noreply@blogger.comtag:blogger.com,1999:blog-2238516101365346732.post-54650906761827676162010-08-10T18:00:16.295+02:002010-08-10T18:00:16.295+02:00Stuff like this needs to be opt-in. As much as it ...Stuff like this needs to be opt-in. As much as it sucks for Canonical. They could easily log times and counts and IPs and build a movement profile for my machine (me).Tomhttps://www.blogger.com/profile/10566325100945295105noreply@blogger.com