[nycbug-talk] FreeBSD & Google Analytics

Mon Dec 10 11:47:42 EST 2012

On 12/09/12 23:13, Glen Barber wrote:
> On Sun, Dec 09, 2012 at 07:54:13PM -0800, Pete Wright wrote:
>> Glen - thank you for point that out!  I've been following the thread
>> regarding this on chat@ and it's been driving me up the wall.  I feel
>> like there has been a lot of FUD surrounding this announcement, along
>> with a side order of "there are all these great open-source analytic
>> engines they could use" w/o providing on concrete example of what they
>> are, or how to implement them, or even an offer to provide such a
>> platform to the freebsd project.
>>
>
> IMHO, it is not FUD, it is legitimate concern.  But, from what I see so
> far, it is concern from those who are already security- and
> privacy-aware.
>
> We (FreeBSD) are respecting DNT, not relying on Google.  Additionally,
> disabling Javascript will also disallow tracking.
>
> Many alternative solutions were proposed, mostly to me in private as
> response to the original announcement.  All of the proposed solutions
> fail to provide the benefit we gain by using Google's system.  One key
> gain is security of the Project's resources - we do not need to worry
> about our cluster administrators wasting time (which they volunteer) to
> ensure the latest version of Piwik is installed, for example.

Wow.  This conversation went in a direction I was not aiming for.  I 
will start jumping on email as soon as my talk@ posts are replied to. 
Maybe we should implement Disqus? ;)

There are several issues here:

1.  Administratively and for legitimate improvements of the FBSD.org 
www, yes, it makes sense.  I opened my email with that point.  I 
understand it, and many of us certainly entrust sites and projects such 
as FBSD to 'play nice'.  We certainly do it with the operating system 
code.  The argument of "let's just build our own" is weak to me, 
especially in the costs of time and responsibility.  I completely 
understand why the FBSD project would opt for it for legitimate purposes.

2.  I'm not concerned about 'black helicopters' or anything one might do 
that could be drawn from hitting FBSD documentation.  Of course, I do 
find it frustrating that forums.freebsd.org can't be accessed from Tor 
(black list of exit nodes?)

That said, it's the 3rd party we should have concern about.  It's their 
data collection that is the issue, and requiring a DNT bit set instead 
of having it off by default follows the logic of "you should request not 
to be tracked" and even worse "there's a sign on my door to not rob my 
house, so please don't".

There is a slippery slope for open source projects at work here:  a 
third party who profits from their 'free' services allows a path to 
broaden functionality.  But they aren't doing it for free.  They are 
benefiting in terms of data collection, and we merely become will parts 
of their game.

And of course, what happens if such a third party offers some generous 
funding or reward for expanding their data collection?

Transparency is not about opting out.  It is about not enabling by default.

g

(ps: this email lacks flow since I'm jumping between it and 12 other things)