Hello all,
I’d like to have some feedback on the crazy idea to collect some anonymized data from installed instances of LibreTime.
See Do we need software usage statistics ? · Issue #2410 · libretime/libretime · GitHub
Feel free to write here or on Github.
Cheers,
Jo
While I think that this would be interesting to know as a developer, I’m not sure what the justification would be. A compromise could be opt-in anonymized analytics vs. turning it on by default. I suspect that also many instances of libretime wouldn’t want to advertise their URL etc as it is often times not-intended for public consumption.
The ticket mentions that we will never make this feature “opt-out” (enabled by default), but rather ask the users if they agree to enable it.
The ticket also mentions that data MUST be anonymized, so the public url will not be part of the data.
IF we rely on some kind of pseudo anonymized ID, we might want to use the public url to derive a hash/random UUID from it, but that’s it.
I personally think it can be interesting to known how much LibreTime instance are installed around the world, and which versions are used.
It will probably help a bit on the “ego” side, which isn’t necessarily a bad thing, as it tends to be easier to dedicate time on a project that you know is being used.
But I can totally understand that this can be seen as useless.
The point of this ticket is to be challenged and get an idea from the community.
TL;DR: LibreTime should not have usage counts, analytics, or any other form of phoning home.
One of the reasons I use F/LOSS is to avoid the surveillance that commercial software imposes. Transmitting data about my installation just because “it would be interesting” to developers opens a whole can of security and trust issues. Additional software that transmits data is just another bit of software that can go wrong.
What is the benefit to me? To my radio station? I’m wary even of error reports that are sent automatically, even when the data dump is available to me for inspection.
LibreTime already has effective, open communication between users and developers (this forum, Mattermost, Github, maybe other forums I don’t know about. There’s no need to bake in surveillance when there are already so many other means of communication available.
Instead of baking in remote surveillance, let there be robust and comprehensive logging of everything[1], then if developers want to see how LibreTime is used they can ask the admins of LibreTime installations to send them copies of the logs.
–Bob.
[1] For security and audit purposes, I would really like to see a log of user activity. Who logs in and when, both WebUI and streaming, what activities they carry out, what tracks they upload, edit, delete, &c. (but I want to install an up-to-date version of LibreTime before making any Github feature requests)
Hi Bob,
you seem to be arguing against a very large data collection system that I am not even considering and some of the words/comparison you are using are a bit extreme with regards to what my proposal actually is about (e.g. ‘remote surveillance’, ‘commercial software that imposes’).
I understand your position, and I agree. I don’t want to force anything on the users, so this feature will be opt-in (disabled by default), and does give you the choice not to participate.
Obviously, the code for this feature will also be open source.
If we only want to consider you or your radio station in the whole community, and remove the maintainers and contributors of the project from the equation, I would say that on the long term, giving feedback to the maintainers will help them improve, make educated guesses and better plan their work for the software you are using.
Having feedback from the community can give the maintainers/contributors some more motivation.
But again, we are collecting a very small dataset (please see the ticket on Github), and I am happy to remove some of the data because we consider them too private/sensitive (users/files/playlists count).
What I am proposing is closer to debian’s popularity contest system (we collect even less data than popcon) than the system you are describing. This is not about gathering logs/error reports/metrics/…
I made a survey once and it took time, and I am not sure I have the time/energy to do such survey over and over. Users might not be aware of those surveys, nor have to time to answer them. So instead of using a survey to know which distro and LibreTime version you are using, I though we could automate the process.
Again “surveillance” seem to be too strong, when I only want to gather the versions used in your installation of LibreTime, and maybe some usage stats. And again, this is an opt-in feature.
This is unrelated to my proposal, we won’t collect any logs/error reports/metrics/… Please see the Github ticket to get an idea of what I want to collect.
If someone is against my proposal, I understand and am open to discuss or close this proposal, but please don’t be against an hypothetical “forced remote surveillance system” that I am am not proposing.
Jo
I support the idea of having something like Debian’s popcon in LibreTime. We do need to be very transparent about what would be transmitted and how. Also I strongly agree with it being opt-in, maybe a question at install time resulting in a flag in the config file?
Hi Joola: Sorry if I came across as a bit extreme. Certainly the current proposal intends nothing but good. But there is always the slippery slope, which we see time and time again. The best current example of that is Firefox and the W3C, integrating DRM in the browser. Yes, I know DRM is not the same as surveillance, my point is that as sofware grows in popularity, pressure increases to do things against the principles of the original developers. I want to stave that off as long as possible, and putting in the rudiments today to collect some anonymized data will certainly be misused in the future.
–Bob.