• @doniks This is the reason why I suggested already to at least hash lets say some serial number plus MAC id. It is still no real tracking, since there is no user info inside, but we would immediately see precise stats...

    So either: Unique device id tracking or useless stats (but then we can switch off the stats page also ;))

  • It'd also be possible to generate a random UUID at install-time and use that to communicate with the server. Problem is that I don't think anyone wants to take on putting that code into the system image AND system image server.

  • A mi se me ha ocurrido una idea para llevar un recuento más exacto. Si bien ahora el servidor registra la solicitud del dispositivo de buscar actualizaciones junto a la información del modelo del dispositivo, versión y canal, se podría hacer que dicha solicitud caduque al tiempo si no se vuelve a recibir otra solicitud desde el mismo móvil, pero con la diferencia de usar un ID aleatorio para cada dispositivo, o en caso contrario que se actualice la solicitud en el servidor en base al ID para no duplicar dispositivos. Espero haberme explicado bien y haber sido de ayuda 😉

    I have an idea to take more accurate stats. Now, the server registers device’s model, version and channel that uses, that request could be made to expire at the time if another request is not received again from the same device, but with the difference of use a random ID for each device, or otherwise to update the request on the server based on the device’s ID to not duplicate. I hope I have explained well and been of help 😉
    PD: Sorry for my bad English

  • In the meantime it shows 30K "Total Devices", which is also being picked up by other websites:


    wird die aktuelle Zahl aktiver Nutzer auf über 30.000 geschätzt.

    Shouldn't we do something? At least change the page title to something else like "Update server access".

  • @doniks

    Good point. I'll bring some people to this thread, maybe we need to remove the device counter for now.

  • could be based on the push notification service?...the push notification service to work shoud already know how many (unique) devices use it.

  • @ds2000x said in UBPORTS Stats:

    if another request is not received again from the same device

    But this seems to be axactly the problem. we don't (want to!) to know if it is the same device or not because we don't want to track it.
    The problem to be solved is how to identify the device without the device to be idetified...

  • @aury88 said in UBPORTS Stats:

    could be based on the push notification service?...the push notification service to work shoud already know how many (unique) devices use it.

    Maybe you are right. The moment UBpots decided to run this notification service, devices are identified anyway.

    By realizing this, I am not sure if this central notification service is such a good idea never the less I appreciate a notification service very much.

    Off Topic here: Afaik @DanChapman realized a local but not battery consuming notification service for dekko2 which runs like charm on my device.

  • @bastos I think we should stop being over-sensitive with the tracking problem. There is a fundamental difference between knowing how much unique devices of which hardware and which image channel we got, as opposed to tracking activity.

    By taking a unique device id at the moment of installation and telling a server that it has been installed means just that "someone anonymous has installed ubports on a new hardware". Apps wont have access to this ID for real activity tracking. So we should allow this fingerprinting because it greatly helps us to determine the needs of the community.

    How can I plan for server resources if I do not know the exact amount of devices? Be it 1.000 or 10.000 ? Its important to see a trend also, to just in time bring in new hardware etc.

    The push server does not show any device that is not using a push service and therefore has never signed in to U1 account, so its also not reliable.

    And there is a rationale for having those registrations, if we would open up the push service to the world, soon somebody will come and use it as a zombie virus/worm control dispatcher etc. The days of free access to Internet resources is over, as we trust no one. You have to identify yourself as a legit UT user to use our push server. And the easiest way is be requesting a U1 token for that.

    A mobile device will only be as good as it has integration with some central services, and thats impossible without a minimum exchange of information. So you can choose to not use our OTA and push services, but that makes a lot things harder or impossible.

    The local notification once more: This works because Dekko can easily check POP3 and IMAP accounts for new messages. This is far more complex with Telegram: You need to establish a full blown session to the server, do some crypto talk and then load the list of chats, find out which are muted, then from the remaining ones find those with new messages, and then find out which type of message has been sent there. Plus there are notifications that arent messages at all, which you would never get. There is a reason for implementing all this code on Telegram side, and let them send this to us. Dont think local notification is in any way a trivial, not battery-consuming process.


  • I agree, @Flohack
    Again thank you and your collegues for beeing privacy sensible. But you are right. There is a limit to hystery

  • @flohack do you think there are many upborts device without push services?
    however how does the id system work?

  • @aury88 Well we dont know 🙂 - I dont think there are many, but in theory it could be a few 100.

    The Id system will generate a hash value from the device MAC address plus some other installation-dependent id. Then we split the hash in half to make it double-proof and send this as unique id to the server when asking for updates.

    This way the server can safely count unique id´s and there is no backtrace to the user. It´s even more secure than using the IP addies since they could be linked to actual users.


  • @flohack but when is the id sent? any random time? only at first ubport device start? on server request?

  • @aury88 At every time you are asking for updates, specifically OTA image updates.

  • @flohack, that is a very interesting solution! thank you!

Log in to reply