[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Phoning home

I'm involved in sponsoring a proogram (meshlab, ITP #426581) where
I've discovered that it phones home with statistical information about
the files being used, and so forth.  I'm working with upstream and
with the prospective maintainer to resolve this and I don't think
there will be any difficulty for the specific package.

But I was rather surprised to find this situation.  It looks like the
prospective maintainer was aware of the phoning home but didn't
consider it a release-critical bug; they are also reluctant to
override upstream's wishes without some clear Debian policy statement
to the effect that this is not permissible.

The upstream developer seems reasonable and honest and the
phoning-home is described in a part of the meshlab upstream website
which I didn't happen to read; apparently Windows users get a `licence
acceptance' dialogue which mentions this.  So I'm sure no malice was
involved.  However, upstream are clearly surprised at my objections.

When we originally wrote the core of the policy documents, the DFSG,
the SC, and so on, no-one would have considered this behaviour
acceptable.  But nowadays everyone seems quite blase' about spyware
and so forth.  Upstream more or less said `skype does it, why can't my
program'.  Obviously this is not a good argument, but it does show how
many people's mores are surprising to old-timers like me.

I think therefore that we should add some statement to policy about
phoning home.

As a starting point:

 * Software in Debian should not communicate over the network except
   - in order to, and as necessary to, perform their function
     (which includes the established Debian software update
      distribution infrastructure); or
   - for other purposes with explicit permission from the user

 * When Debian software is talks to a central server, whether to
   perform its core function (eg, an ntp client talking to ntp
   servers), or for other purposes with permission (like collection of
   usage information), the servers should be chosen and managed in a
   way that gives maximum regard to the users' privacy.  In
   - Usually, our software should communicate only to servers we
     control or which we have substantial reason to trust.
   - The information which is transmitted, and the information
     store those servers, should be limited to that necessary for
     the purposes in question.

It would be nice to allow users to choose to report to meshlab
upstream the statistical information which meshlab upstream would like
to collect about the data files users are processing.

At the moment we have only the single question about popcon.  Should
we have a separate question about each package like meshlab ?  How
often is this going to arise ?

I think from the pov of meshlab, it would be good to be able to
anonymise and aggregate the information on Debian servers before
reporting it upstream.  What do people think about some kind of
package-specific ad-hoc laundering service, or a popcon addon ?


Reply to: