MDD - Opt-in vs Opt-out

dmt · 18 November 2024 17:20

It wouldn’t be onerous…in fact the majority want something like that…but that’s not what’s being discussed as opt-out (except by @soundofthunder). That would be opt-in.

The opt-out version is enabled by default.

With opt-out, that data is sent until you turn it off. The only way to stop it being sent at all is to prevent internet access until you’ve disabled it.

EDIT:

If you don’t believe me then read the options for the vote and these two posts (which are what prompted the discussion of opt-out vs opt-in and this vote):

Testers needed: Manjaro Data Donor
Testers needed: Manjaro Data Donor - #146 by romangg

ydar · 18 November 2024 18:16

I just don’t see the big problem with sharing some non-personal data like what they are trying to collect, especially if it’s just for their own use only.

brucew · 18 November 2024 18:31

While I’m a n00b WRT an account here, I’ve been a lurker for many months. I’ve been nothing but impressed with the high level of problem-solving and low level of griping and personal attacks. On the whole, it’s a very well behaved forum. This helped influence me to choose Manjaro when after decades, I decided to distro shop.

TL;DR: Let’s stop the philosophical wars and help Manjaro solve the problem of being able document usage in order to raise funds. And oh, BTW, have you donated?

Longer version:

I’d like to start with a little light-heartedness. With tongue firmly in cheek, I’ve changed the Location field in my profile to show my IPv4 address. See if you can find me.

One of the bits of advice that has helped me tremendously in my career was from a boss in my first or second job. He told me, “Never come to me with a problem unless you have a solution, or a path to one. Or if you’re stuck, you can tell me what you’ve done so far. Otherwise, you’re just whining. And nobody likes a whiner.” I’ve used that advice both upstream and downstream and found that it’s not only useful and helpful, but it earns you the respect of people both upstream and downstream.

It also has a TL;DR version: “Helen Waite runs our Complaint Department. If you have a complaint, go to Helen Waite.” (Apologies to non-native English speakers. Pronouce the name as its individual syllables. That can help.)

Once upon a time, when teh interwebz were filled with nothing but unicorns and rainbows (and not the Zuckerberg version of unicorns) I ran some web servers. (RedHat and CentOS, mainly.) Again, it was back in the day when one person could do such a job, and bare metal was your only choice. One of the services I provided to my clients was a monthly analysis of the server logs. They were amazed at the level detail the logs provided.

In case you need a refresher, I’m referring to the Access Logs section here: Log Files - Apache HTTP Server Version 2.4

Next, I’ll go out on a limb and guess that this forum is not run on IIS. Thus, your access here appears in Manjaro’s Apache Access Log for this forum. Combined with your user account information, if Manjaro care to look and analyse, they already know, or have the ability to know, very much about you from your access to this forum.

This is long before any discussion of trackers and beacons and stuff. (Oh my!)

Is there any evidence they have used (or in the current parlance, “weaponized”) this information against you?

No?

Is there any evidence they’re selling this information?

No?

Then let’s dispense with the accusations of nefarious activity against Manjaro and get down to the business of funding this whole circus. There are people who need to eat, and servers to keep humming. (And perhaps children. Think of the children!)

Whether it’s investment or charity, before they part with it, people with money like to know if it’s a good deal or a worthwhile cause. The accepted way of providing this information is with numbers. That and that alone is the issue at hand. What numbers are both useful to funding sources, and appropriate to collect? Then, how do we go about that.

@philm has taken a first stab at it. Think of it as a public alpha. Not even to beta yet. So there’s plenty of room to maneuver, adjust and re-aim.

Now, what needs to be pruned or grafted in order to be a reasonable compromise between meeting the conflicting goals of data reporting and anonymity? (Remembering that you’re already not as anonymous as you think.)

Much of the discussion so far has been similar to arguing how many angels can dance on the head of a pin. (If you’re Presbyterian, the answer is none at all, since Presbyterians don’t dance, nor do they believe in angels. But I digress … )

Which data elements would you be comfortable with sharing? How should they be collected to maintain a level of anonymity you are comfortable with? We’re talking about you, and you alone. Personally.

Leave the moral stuff to the philosophers, and the legal stuff to the lawyers. For the complaints, go to Helen Waite.

And finally, have you donated yet? Donate – Manjaro

mithrial · 18 November 2024 18:31

I do. The actual benefit of the collected data is unclear to me. If you don’t care, that’s fne, enable the service and profit.

dalto · 18 November 2024 19:11

Since I am no longer a Manjaro user, I won’t vote or comment directly. However, I have been watching this conversation and I did want to share some opinions.

Manjaro is not evil for wanting telemetry.
The people who are supportive of telemetry are not misinformed fools who don’t understand anything. They simply don’t see sharing that info as an issue for them.
The people who are opposed to telemetry are not paranoid conspiracy theorists. They just believe that their data should not be shared without their express consent.
What defines personal data is highly subjective. Ultimately, each person needs to define this for themselves. Just because you don’t think something is personal, doesn’t mean someone else who has a different opinion is wrong.

It would be awesome if everyone could try to understand each other’s perspective without attacking those who have a different opinion.

tracyanne · 18 November 2024 21:23

With opt out, the user has the choice IF it is presented to him or her right from the get go before ANYTHING is sent.

There Clarified that for you.

The difference between Opt In and Opt Out, IF THEY ARE PRESENTED UP FRONT, before any data s sent, is Semantics.

In both cases the user gets to choose, do I send the data or not.

However, the discussion about Opt In verse Opt Out is moot, as the Vote is for Opt In. And that is the difference between an Ethical organisation like Manjaro, and those corporate giants who want it all, and will take it regardless.

The only issue seems to be correcting the Misinformation about the legitimacy of the data collection.

Not if the choice is made before any data is sent.

Some1 · 18 November 2024 21:38

“With opt out, the user has the choice IF it is presented to him or her right from the get go before ANYTHING is sent.”

Sure, but that is often enough not the case and the initial description by the Manjaro team does not exactly indicate this approach with a system service that you have to deactivate and also by rooting out stuff like pop ups that actually ask for consent.

Opt in is the safe side and even if a user does not read carefully enough, he will not send something he does not want to.

“The difference between Opt In and Opt Out, IF THEY ARE PRESENTED UP FRONT, before any data s sent, is Semantics.”

in some cases yes, but not in others. Depends on the implementation. With opt in there is no choice other than presenting the choice up front which is important to me at least.

“In both cases the user gets to choose, do I send the data or not.”

Yes, but in one of the two cases, the correct way of getting consent is honored by assuming no as a default. You might not care about that, but I do.

tracyanne · 18 November 2024 21:40

What @brucew said. several posts ago.

Some1 · 18 November 2024 21:52

I dunno, you and soundofthunder tried to correct me (seemingly) under the assumption that I don’t know the difference between opt in and opt out. You shouldn’t be surprised about me responding.

¯\(ツ)/¯ If you don’t want to discuss that further, I’ll respect that.

GeorgeB · 18 November 2024 22:53

Amen brother. The community wasn’t toxic back in the day. Even if contributors like gohlip, yourself and Jonathan all decided to move on at one point or another, for their own reasons, that doesn’t mean the direction Manjaro’s team is going to is wrong. It simply means we’re getting older and our understanding of how things should be, become archaic and incompatible with the new age. That’s not my first account here, but this probably is my last Manjaro install. I use it less and less, and visiting the forum doesn’t inspire great confidence. The focus is on all the wrong things, and while it makes sense commercially, it alienates renegades and dinosaurs. Because the herbivorous vibrant selection of them from the old forum, has simply melted away.

As for telemetry (what a pointless discussion), every Microsoft user since 1995 shrivels at the thought that the computing resources available to him can be shared for any other activity than what he explicitly wants them allocated for, regardless of whether he is happy to share identifiers and logs, or not. Hence opt-in is the only reasonable choice, but then again, this is pointless either way. The trouble with personification and all its good sides (eye candy themes, art, useful gadgets, customisations, kernel builds and driver hooks) is when it consumes the ‘person’. Arch has different ideas and principles in many aspects, and it often is easier to strip it down to its core and build from scratch, instead of removing bloatware added by its alter ego.

Just like an old fella who fared many winters, and finds it easier to put on any old shirt and a dusty jacket. If he finds that it leaks, or that it’s getting colder for his intent and purpose, he won’t patch it up. He’ll just get another. Following the same analogy, we hereby discuss on new ways to rip up a jacket to keep up with the times and be in tune with the cool kids.

dmt · 18 November 2024 23:10

Indeed…unless you decide (with good reason) that actually they’re both opt-in with different default selections…but again it’s semantics.

Also the misinformation about how opt-out will be implemented.

It will be enabled by default, without the user being presented with a choice (at least that was the plan when this vote was called).

The whole argument for opt-out was - If you present the user with a choice you get less users sending data.

Testers needed: Manjaro Data Donor - #146 by romangg

tracyanne · 18 November 2024 23:27

You do have a good point. But that is why I and some others preference the Opt Out as a choice up front. That way those who fear the Telemetry, and the rejection of the telemetry is based on fear, can opt out, those who actively support it or don’t care can ignore it, and/or Opt Out later.

But the majority call is for Opt In, so the argument is moot.

dmt · 18 November 2024 23:59

Fair enough.

However according to the previous thread and the vote, that would be opt-in. Calling it opt-out is only confusing things with misinformation, especially when it’s suggested that’s actually how it will be implemented. This is why I keep posting.

Ben · 19 November 2024 00:18

I disagree here.

Imagine a car which asks you when you buy it if you want brakes installed before you use it?

It’s not feasible - though you can offer OPTIONS, you must offer the SANE DEFAULT.

The difference here is the EULA.

I’m happy for Manjaro to collect whatever data will help, as I’m confident in the fact that they will tread more than carefully through this minefield (and still lose a leg in the attempt) and offer better than simple ‘full disclosure’…

But I think many folks in the community will simply twist it in their minds to be something far more sinister.

So perhaps with a fresh install, two options can be available - Sign a EULA for no benefit but allow metrics, or not bother and ‘maybe install later’…

But then many users are hidden from the data (unless their option to opt-out is also recorded as a ‘hidden user’ simply for the count).

Fangdrasil · 19 November 2024 00:27

Originally I voted for opt-out because that seemed the most practical to me. But I changed my vote to opt-in as a good-will gesture to the anti opt-outers

For all of those against opt-out (or against any kind of telemetry harvesting), think upon how many times someone has asked for a hardware compatibility list. Imagine having a tool that could take your hardware profile and compare it against existing hardware profiles on Manjaro. The benefit to support troubleshooting could be significant.

So be brave, have some trust, take the leap, change your vote to opt-out! That’s what I’m going to do.

This message brought to you by Manjaro Opt-Out Organization, MOO.

Tao · 19 November 2024 20:18

It would be spyware if it is opt out, it’s currently opt in. By storing such data without consent is a breach of privacy and represents a potential security risk.

This is the central point, no one minds it being opt in or people contributing their data freely. That’s their choice. Collecting data from users without their consent however is a rather more tawdry affair.

tracyanne · 20 November 2024 08:22

It would only be spyware if.

1/ You could not opt out
2/ You were not aware of it
3/ You were never given a choice

As things stand. The Manjaro developers have

1/ Not yet released the app for general inclusion
2/ Informed users… at least those who visit this forum of the development of this app
3/ Asked very politely what method of activating the app you would prefer when it is released for general inclusion.

The general consensus, in reply to the polite question, seems to be Opt-In

nikgnomic · 20 November 2024 13:40

We have already got one (it’s very nice )

Testers needed: Manjaro Data Donor

https://linux-hardware.org/?d=Manjaro

MDD telemetry and Manjaro Metrics are not needed for troubleshooting hardware

The python script already has 2 options

GitHub - manjaro/mdd: Manjaro Data Donor - WIP

Dry Run
python mdd.py --dry-run
only display the data that would be sent without actually doing so.

Telemetry

If you only want to count the device but not provide any data about your system, then run:
python mdd.py --disable-telemetry
If possible please provide all information though. It helps us with learning about what our users need. And the graphs look cool!

Users could use 2nd option just to be counted as a Manjaro user without sharing hardware information

So IMO this has never been a simple opt-in or opt-out thing

Ben · 21 November 2024 02:39

So much fake news and incendiary use of language here.

A huge issue is the dumbing down of the people - but really, it is very important when communicating to understand the language you use… you cannot claim ignorance and say ‘oh, well you know what I mean’.

“Spyware” is, by definition, malicious - so you’re saying that MDD has malicious intent by using this word.

“Spyware” would also share PERSONAL and SENSITIVE information with third parties - are you saying that Manjaro is doing this?

“Spyware” is usually deployed surreptitiously, made difficult to identify, and generally used to STEAL data.

There is already an issue that many people are paranoid about the word ‘telemetry’ which they conflate with ‘spyware’, but there is indeed a HUGE difference.

So, on balance, I would be within reason to say that your post is rather misleading in a malicious way - when I observe that the Manjaro team is discussing methods of openly and innocuously collecting impersonal data to improve our experience.

Would I be correct in this assumption?

soundofthunder · 21 November 2024 08:14

Hehehe, he told them we already have one…