How about Homebrew's analytics move to an ethical, opt-in model (like Debian) instead of this silent surveillance of its users who have never explicitly consented to such data collection?
This thing drops a supercookie on your device that persists forever, and they close every issue raised discussing the privacy implications of same.
Anyone who runs the analytics service can see the approximate travel history over time of every Homebrew user (by geolocating the source IP).
It's not a for-profit project. There is no legitimate purpose for tracking installs.
> It's not a for-profit project. There is no legitimate purpose for tracking installs.
From the very top of the linked page:
> Homebrew is provided free of charge and run entirely by volunteers in their spare time.
> As a result, we do not have the resources to do detailed user studies of Homebrew users to decide on how best to design future features and prioritise current work.
> Anonymous analytics allow us to prioritise fixes and features based on how, where and when people use Homebrew
It then goes on to list some examples. Opt in renders this useless.
If opt in renders it useless then I dare question whether modern open source as a mode of development and operation is feasible at all, if the underlying foundation is snooping based on uninformed consent.
Yes, many tools give you an option to opt out nowadays, but then again do you want to learn how to do that dance every single time? It’s almost like we need some kind of… DNT, but for the console.
And even that misses the point: with the German concept of Datensparsamkeit, there shouldn’t be any data collected at all, unless it is absolutely necessary to conduct your business. Popularity contest in Debian comes to mind when talking about informed consent.
The point is not InfluxDB or GA. That just sounds like good guy with a gun/analytics vs. bad guy with a gun/analytics logic. The point is: the combined genius of the computing world, and all we could come up with even after the 100th iteration is “Analytics go brrr”.
I'm inclined to agree in principle that such tracking should be opt in.
In practice, I'd expect the behaviour of the modal complainer to be: 1. to complain about any broken/removed functionality 2. refuse to fix it themselves (or fund the fixing) 3. refuse to opt-in to tracking so as to give impartial of usage.
So I think the trade-off of default analytics where the volunteer contributors make a best-effort to keep things working for as many people as possible is beneficial to most users. (And for those who disagree, they can opt out).
If you wanted to work out how many people are buying flowers at your shop, rather than putting up a poster asking customers to mail in their receipts after every purchase you’d look at the anonymous sales data.
Opt in is renders the data statistically useless in the same way.
This data is required to allow Homebrew to continue to operate and make decisions.
They go out of their way to inform you before sending any data. First sentence of the article:
>You will be notified the first time you run brew update or install Homebrew. Analytics are not enabled until after this notice is shown, to ensure that you can opt out without ever sending analytics data.
I think it goes along with some personal responsibility to know what you're installing if you're extremely privacy conscience. No judgement on that, I do as much as seems reasonable to myself, however it's still their hard work and binaries and terms, or you can move to something else. There are several other packaging systems available for mac that do what brew does.
This thing drops a supercookie on your device that persists forever, and they close every issue raised discussing the privacy implications of same.
Anyone who runs the analytics service can see the approximate travel history over time of every Homebrew user (by geolocating the source IP).
It's not a for-profit project. There is no legitimate purpose for tracking installs.