Is Ubports still phoning home?
-
@tupp said in Is Ubports still phoning home?:
It looks like it's for volunteers. If so, why would you need to know someone's real name to accept their contributed code? Why would you need to know a contributor's date of birth?
That form has nothing to do with code contributions, or any other such contributions, to the software itself. It is for becoming a Foundation Member, which requires 3 months of contributions prior to becoming a member anyway.
-
@Lakotaubp said in Is Ubports still phoning home?:
@tupp I have asked for info on the age question.
Thanks.
Although asking someone's age is troubling, please note that "age" and "birth date" are two very different types of information.
@Flohack said in Is Ubports still phoning home?:
We count the number of active devices by device type and release channel they are on, thats all.
That's all?... That's too much!
My device is sending you telemetry whether I like it or not.
I don't want you to know my release channel nor my device type, and I especially don't want you to know if my device is active -- regardless of a claim that the data is anonymous.
At the top of the Ubports contributor recruitment page, there is a thoughtful and commendable video regarding the value of privacy, security and development openness and freedom. The very first two lines in the video are:
"We live in a world that is rapidly taking away one of our core values -- freedom of choice. Freedom does not exist without real choice."Please be true to your own admirable ideals of freedom, and at least give users a choice whether or not to participate in your statistics gathering -- allow them to "opt-in" (not "opt-out") to the telemetry.
@poVoq said in Is Ubports still phoning home?:
@Flohack said in Is Ubports still phoning home?:
We count the number of active devices by device type and release channel they are on, thats all.
Is that information actually available somewhere?
A third party is already inquiring about the availability of the telemetry data -- the start of the "slippery slope."
@dobey said in Is Ubports still phoning home?:
@tupp said in Is Ubports still phoning home?:
It looks like it's for volunteers. If so, why would you need to know someone's real name to accept their contributed code? Why would you need to know a contributor's date of birth?
That form has nothing to do with code contributions, or any other such contributions, to the software itself. It is for becoming a Foundation Member, which requires 3 months of contributions prior to becoming a member anyway.
To me, that page appears to be primarily addressed to coders and to other "hands-on" contributors.
The first section is titled "Join Us." It includes two general paragraphs that mention the Ubports Foundation, but nothing is said in regards to becoming a Ubports Foundation member.
The second section is titled "Find Your Topic." The "topics" clickable directly below are:
- Core Development;
- App Development;
- UX Design;
- Translations;
- Testing;
- Writng;
- Community Connections;
- Outreach;
- Documentation;
- Support;
- Triage;
- Monetary.
Except for "Community Connections," "Outreach" and "Monetary," the topics seem to be "hands-on" (although I am not sure what is meant by "Triage").
Directly below these topics, the form asks for "Name," "Surname" and "Date Of Birth."
-
@tupp said in Is Ubports still phoning home?:
My device is sending you telemetry whether I like it or not.
When you ask for an OTA, you need to identify your phone.
So these two data: channel and type of phone are knownYour IP is not logged or correlated with other data, you cannot be identified.
When you download a file for OTA14 for the Nexus 5 that's how data are collected.Your phone is not a beacon sending Mr X 25yo is running OTA13 on their OPO to UBports.
You make the request (opt in).The foundation is transparent on how they use data and respect privacy in every way.
If you don't want your phone to send information about its mark and model, then turn off the modem because your ISP knows what hardware you use.
-
@AppLee said in Is Ubports still phoning home?:
When you ask for an OTA, you need to identify your phone. So these two data: channel and type of phone are known
Well, that fact begs the question: Why is there separate statistical telemetry regarding channel and type of phone?
And the question that still remains: Why do the Ubports folks need to know if my phone is active?
@AppLee said in Is Ubports still phoning home?:
Your IP is not logged or correlated with other data, you cannot be identified. Your phone is not a beacon sending Mr X 25yo is running OTA13 on their OPO to UBports. You make the request (opt in).
One has to take your/their word for that.
I definitely did not opt-in for separate telemetry nor for separate telemetry that tells when my phone is active.
@AppLee said in Is Ubports still phoning home?:
The foundation is transparent on how they use data and respect privacy in every way.
Again, one has to take you/their word on that.
Furthermore, I don't want them to possess nor "use" my data.
@AppLee said in Is Ubports still phoning home?:
If you don't want your phone to send information about its mark and model, then turn off the modem because your ISP knows what hardware you use.
ISP issues are a different topic.
This thread involves an open source project that upholds the ideals of freedom of choice, privacy and security.
-
I'm having a hard time seeing the controversy here.
Anyone correct me if I'm wrong, but as I understand this there are two things the OS does to 'phone home':
1 - a connectivity check which would include a browser user-agent string
2 - phone model and os version/channel - because it needs this info get the right files to do OTA updatesI guess one isn't opt in, but is kinda necessary for a connected device OS, and two is opt-in. It sounds like Ubports keeps a simple record of the above info.
The website should not be confused with the phoning home. That's a separate issue.
-
@Giiba said in Is Ubports still phoning home?:
Anyone correct me if I'm wrong, but as I understand this there are two things the OS does to 'phone home':
1 - a connectivity check which would include a browser user-agent stringI don't think that is happening (it doesn't seem to be what @Flohack refers to above), but, if so, that's also bad.
Separate telemetry to check "connectivity?" Why would that be necessary?
@Giiba said in Is Ubports still phoning home?:
2 - phone model and os version/channel - because it needs this info get the right files to do OTA updatesYes, but that is not the issue -- there is separate telemetry that regularly phones home.
@Giiba said in Is Ubports still phoning home?:
I guess one isn't opt in, but is kinda necessary for a connected device OS,Why is it necessary for the Ubports folks to regularly do a "connectivity" check?
@Giiba said in Is Ubports still phoning home?:
and two is opt-in. It sounds like Ubports keeps a simple record of the above info.The fact that they keep that information and how they use it is yet another issue.
Of course, there would be no issue if they didn't record nor keep the information in the first place.
@Giiba said in Is Ubports still phoning home?:
The website should not be confused with the phoning home. That's a separate issue.Nobody is confusing the website with the phoning home, but the website form is part of the larger issue involving an apparent disregard for privacy/security. Why must contributors give their full name and date of birth?
-
@tupp You can anytime contribute anonymously but to do so you need probably accounts on Gitlab and Github as those are the two main points of contribution.
If you do want to join the foundation as a member, you need to give us some data about who you are but this is totally optional. Among the benefits you get is voting rights for foundation steering committees and the board of directors, so for that we need to proof your identity. Because according to our statutes you will get a member of the foundation for that regard.
I dont think its written there that in order to contribute you must register.
For the telemetry part:
- Updates
Your device is checking for updates now and then, and in this case it needs to tell us on which channel and which architecture (armhf or arm64 etc.) you have on your device. Thats something we need to be able to send you your update, otherwise no over-the-air updates could ever happen.
We count the number of devices per type and channel to get a feeling about how many people are using our services, and which devices are preferred. Because we need to establish an idea what is important for the community: Shall we support an old device for 4 more years although it has less than 10 users? Probably not. We do not have the resources to support all the devices forever, thats the thing.
- Push Notifications
In order for your device to receive push notifications via our push server (for TELEports, Fluffychat, other Apps) it needs to be registered with this server. That includes a unique ID of course, otherwise how could we know which message to send to which device? However, this data is not stored on disk, only transient as long as the device is connected.
We do not have a master switch yet to disable looking to updates or turning off push notifications client entirely, so I take this a feature request.
For both items there is no way however to identify or allocate any data thats flowing there to a particular user. The push id is completly random so how we would know its exactly You for a particular message.
- Updates
-
Hello, interesting discussion. Is it possible to use ubports os without ota updates (only sideloading) and without push notifications (only local apps or those which does not use push or no apps at all)?
In case this would be possible can we (based on some tutorial or if not then somehow hacky) and are we allowed to get rid of telemetry?Johnoo
PS: I know this sounds very paranoid but just asking. - I am looking for phone without sending.
Regarding info about which phone and which rom - This can be substituted in paranoid cases like mine with questionaire once a 3m or 6m or 9m or 1y or request to upload the info with confirm yes / no. -
@johnoo Technically of course its possible, if you e.g. would use our installer after a new update came out. But the story continues with the Apps, so besides system image also App updates are an important part of keeping your system fresh.
So installing Apps manually is a bit cumbersome, if you donΒ΄t want to use the Open-Store update feature.
That said, currently there is no way to turn off at least the check for new updates from time to time (even if you would not use push notifications the system image version is checked periodically). YOu can make a feature request out of this in our usual issue tracker https://github.com/ubports/ubuntu-touch or raise awareness in our community to find people that want to implement a "master switch" for certain functions that result in telemetry.
-
@Flohack that sounds reasonable. Thank you. It would be interesting to find out how many of us would go for this "feature" or @tupp would be great to find out how many people would love to go for something which would completely leave out this "phoning home" especially if it is serving important role (push notifications) and some order in chaos (how many users of which device)