Re: Phoning home
On Mon, 2008-02-25 at 09:32 -0800, Russ Allbery wrote:
> I suppose that apt never updates itself unless you have something
> configured to do so (although does synaptic default to running aptitude
> update periodically?). But at least in theory Debian could track all
> sorts of interesting information about users based on what packages they
> download and when. We *don't*, of course, but companies who software does
> similar things do so.
These are two separate concerns.
Concern One: What a server does with information as a result of its
operations;
Concern Two: What network traffic a program makes in its operation.
Concern Two is what the original worry was about. The problem is that a
program is "phoning home" *unnecessarily*, in a way which is not
connected with its normal purposes.
Concern One is a broader concern, but it's not something that software
can enforce at the user's end, because it's the server which is doing
the nasty thing, if it's keeping inappropriate records, say.
One reason to be worried about Concern Two is that it is a key step in
people who want to cross Concern One to track things they shouldn't be.
We can deal with Concern Two, by saying that programs in Debian must not
"phone home" in ways which are not the actual purpose of the program.
We cannot fix Concern One directly for other people's servers, and so we
must not get sidetracked into thinking we should.
Thomas
Reply to: