While this is true of the feature mentioned, do note that packages are currently hosted on various third party hosting services that can and do track substantially similar information. In 1.5, we're moving to our own infrastructure for serving packages (which should give better performance and allow things like incremental updates). This thread is about what information gets sent along with those requests.
If you make an HTTP request, you are sending “telemetry” information in the form of endpoints, headers and IP information. The server may not track this information, but it’s exploitable
My issue is that I’ve come to terms with the fact that the IP address of every connection can be tracked server side- I can use a VPN to get a little anonymity but can’t stop a server from logging connections and downloads. But telemetry adds data on top of that, and it seems like a lot of software wants to track me. I’d feel it was okay if I was required to register an account and log in before downloading/updating packages, that’s a noticeable action that lets my brain process the idea that I’m able to be tracked. But sending “anonymous” metadata with almost no action on my part rubs me the wrong way. Lots of devs try to optimize things so they are low friction for users, but I think the Julia user base is a little different than normal software and wouldn’t mind a little friction if it meant they had better control of their privacy.
As far as I can tell, this isn’t adding anything to IP sharing: the package manager just attaches a persistent UUID to every request. In fact, it is more private than IPs because it can’t be tied to an ISP or geographical region.
As someone that was active in the previous HN thread [1], this one, and in the Discourse one this position has popped up several times and it perplexes me. Attaching a persistent UUID on top of a protocol that carries your IP can not be more private as you are giving away additional information that would have to be inferred statistically from the IP alone. Now, we can argue other benefits of the UUID, but simply calling it a day by ignoring the fact that you are already giving away your IP is just baffling to me. Am I being thick here? What am I missing?
I'm guessing there's an unspoken assumption that given a UUID the server-side would not log IPs. It then comes down to trust that they'd stick to that.
Thank you, that could be it. Then again, there would at least have to be a separate log somewhere on the same box with IPs to counter abuse. I think creating and using a UUID without explicit opt-in is still a red line for me, but I do concede that I could very well be too paranoid for the good of myself and the community as a whole.
I should probably get back into the Discourse thread to see if I can contribute constructively, but the amount of back and forth between mostly “My freedom!” and “Tū quoque!” [1] in the thread over the weekend – apart from me being far too busy to take the time to summarise it all – has kept me away, although it looks way better over the last few hours. With the little free time I have I would rather work on my Julia code. '^^
Yeah, it sounds like they’re designing a way for package authors to get usage stats: imo, this extra piece of data doesn’t really help the server owners de-anonymize because it’s less identifying than the data the server is already collecting as an http server (especially if it’s in an unlogged part of the request like a header or a post body). But, even if it is a privacy risk relative to the server owners, it’s preferable that data derived from this uuid be shared with package authors, rather than IP-based data, because it’s based on a less-identifying datasource, which means that even if someone were to breach the database, they’d have less ability to de-anonymize people.
Also, I find this whole discussion to be somewhat irrelevant when talking about a service serving up arbitrary code to be executed on your machine: if you don’t trust the server owners, you really shouldn’t be executing the code they serve up.
This strongly resonates with me. As as sometime who has considered Julia, I would be happy to sign up so that devs could use the information. Opt-out instead of opt-in is a dark pattern; I am uncomfortable seeing it used. Julia needs adopters to grow it's community. This move frankly makes me less likely to use the language in the future. I am certain I am not the only person who feels this way.
