Testers needed: Manjaro Data Donor

[joel@joel-mantest ~]$ pamac install mdd
Preparing...
==== AUTHENTICATING FOR org.manjaro.pamac.commit ====
Authentication is required to install, update, or remove packages
Authenticating as: joel
Password:
==== AUTHENTICATION COMPLETE ====
Synchronizing package databases...

Choose optional dependencies for mdd:
1:  os-prober: to check for multi-boot setups
2:  xorg-xrandr: fallback to find basic graphics data

Enter a selection (default=none):

Os-prober on Raspberry pi?

Welcome to MDD - The Manjaro Data Donor
Preparing data submission...
grep: /var/log/pacman.log: binary file matches

------------------------------------------
        Sending the following data
------------------------------------------
{
    "meta": {
        "version": 1,
        "timestamp": "2024-11-04T07:12:40.234969+00:00",
        "device_id": "373e4760-429f-5cad-9966-def9d010c8d0",
        "distro_id": "manjaro-arm",
        "release": "24.04",
        "inxi": true
    },
    "system": {
        "kernel": "6.6.59-1-MANJARO-RPI5",
        "form_factor": "",
        "install_date": "2023-11-13T04:10:43+00:00",
        "product_name": "Raspberry Pi 5 Model B Rev 1.0",
        "product_family": "bcm2712",
        "sys_vendor": "raspberrypi",
        "board_name": "5-model-b brcm"
    },
    "boot": {
        "uefi": false,
        "uptime_seconds": 1510
    },
    "cpu": {
        "arch": "aarch64",
        "model": "N/A",
        "cores": 4,
        "threads": 4
    },
    "memory": {
        "ram_gb": 7.8574066162109375,
        "swap_gb": 11.786102294921875
    },
    "graphics": {
        "comp": "xfwm4",
        "dri": "vc4",
        "gpus": [
            {
                "vendor": null,
                "model": "bcm2712-hdmi0",
                "driver": "vc4_hdmi"
            },
            {
                "vendor": null,
                "model": "bcm2712-hdmi1",
                "driver": "vc4_hdmi"
            }
        ],
        "outputs": [
            {
                "model": "LG (GoldStar) 32ML600",
                "res": "1920x1080",
                "refresh": null,
                "dpi": 102.0,
                "size": "480x270",
                "mapped": "HDMI-A-1"
            }
        ]
    },
    "audio": {
        "servers": [
            {
                "name": "PipeWire",
                "active": true
            }
        ]
    },
    "disk": {
        "disks": [
            {
                "size_gb": 59.478515625,
                "root": {
                    "size_gb": 59.00167798995972,
                    "fstype": "ext4",
                    "crypt": false
                },
                "home": null
            }
        ],
        "windows": false
    },
    "locale": {
        "region": "en_GB.UTF-8",
        "language": "en",
        "timezone": "Australia/Brisbane"
    },
    "package": {
        "last_update": "2024-07-26T00:15:48+10:00",
        "branch": "arm-unstable",
        "pkgs": 968,
        "foreign_pkgs": 2,
        "pkgs_update_pending": 0,
        "flatpaks": 1,
        "pacman_mirrors": {
            "total": 89,
            "ok": 80,
            "country_config": ""
        }
    },
    "desktop": {
        "cli": "/bin/bash",
        "display": "unspecified",
        "display_with": null
    }
}
------------------------------------------

Succesful sent at 2024-11-04 17:12:49

Yes, was a mistake. Got removed again.

got a segfault with latest build File “/usr/bin/mdd”, line 391

xrandr output fail?! installed?

I have libxrandr and xorg-xrandr there dose not appear to be a xrandr package
Line 192 the if statement, comes up with syntax error

Try installing lib32-libxrandr:

$ pamac search --installed -i xrandr
xorg-xrandr  1.5.2-2                                                                                                                                                              extra
Primitive command line interface to RandR extension
libxrandr  1.5.4-1                                                                                                                                                                extra
X11 RandR extension library
lib32-libxrandr  1.5.4-1                                                                                                                                                       multilib
X11 RandR extension library (32-bit)

Works now with latest mdd just now.

It may be advantageous to display data that cannot be interpreted directly (no “de” found / unknown) as “unknown” on the website. (At least while beta testing)

Then you can at least identify more quickly which parts of your script can still be improved.

So if you see 24% “unknown” refresh rate, you know what to do

Some of the data may only be accessible while the monitor is on (not sleeping), or while a user is logged in.

linux-hardware.org has a large amount of data about the hardware used by users. Have you ever thought about doing something together with them?

I believe it would be possible to export the data from Linux Hardware and have a separate Manjaro Dashboard.

We are currently testing the basic functions before we will roll out our first version to all our installations. It needs to be a solid base before we activate the services. Most likely we will use systemd user services to get a daily count from each system.

Today we focused on some ARM SBCs which also come as headless installations. A new version of mdd should be now available on all branches and architectures of Manjaro. Feedback and bug reports are welcome!

We will look into other FOSS projects as we see fit. Sure, there will be some parts we could adopt or share with other projects, if that makes sense.

I find this all very reminiscent of Big Data’s early “don’t panic, it’s just telemetry to help” days. Simply going to the effort to try to “akshually” GDPR’s protections in an attempt to defend it for opt-out state is quite disturbing. The usual queries around the reasons for and use of the data come to mind: Big Data cross-referencing (one more metric source from something you’re supposed to have freedom, privacy, and control over), governments/regimes, etc. People with problems come to the forums to offer their own data when there’s an issue…I see absolutely zero need for it to be collected en-masse forcibly (it being opt-out in a way that still forcibly reports something when opted out instead of no telemetry). I’ve added metrics-api and ping (I disable NCSI anyway, local NTP as well) to my blocklists and new installations and live runs will be done offline until I can have a go at removing/subverting this behavior. Opt-in would have been fine but opt-out alone with forcible minimum telemetry communicated is horrifyingly dystopian, nevermind what data is being collected. One person’s opinion and suggestion to make this 100% opt-in and not a requirement for any installation.

Just speaking my piece on this kind of…“software” and information “gathering”.

Edit: Yes, I am aware this is not yet live for everyone. I’m just heading it off before it hits, in my opinion.
Edit: Yes, I also expected this to happen sooner or later once Manjaro went “commercial/corporate” but hoped it’d have not happened so soon. Seems to be a growing trend.
Edit: I don’t like the idea of setting up Manjaro installations and feeling like I have to disable something to protect my privacy similar to the way I had to with Windows.

Uhm …

This is so far only a development package available for testing.

And it has always been proposed so far as being opt-in.

And I have no idea why you would block ping.
Its not somehow a mechanism for collecting or sending data.
(Furthermore I cannot guess as to what general impact it may have … as some tools expect ping.)

You dont.
At least not in concern to mdd.
Even if this thread were discussing something scary and taboo … it is not present on any ISO.

It will end up as opt-out. This is a no-go for me. It also does not fit the name “donor”. Im donating willingly but this seems something I have to do, so it’s rather a Manjaro data tax.

I am well aware of it currently being for testing. By default reporting data even when opted out is not ‘opt-in’, the distinction is in that opt-in should report nothing. I never said it was in any ISO. I clearly communicated these were my opinions on the opt-out nature of this and the future assuming it makes it past testing without being shuttered.

Blocking ping is for my own benefit of less traffic and less suggestion of pre-configured devices coming online to determine their online connectivity status. I don’t care for NCSIs, they only communicate whether I was able to read one domain and that is useless to me, I do not use them, that’s all. I’ve found no impact from disabling it in my own use.

And again, I never said this was present in any ISO. The context in which I communicated was quite clearly about my opinion on it being opt-out by nature of reporting at least a minimum regardless whether you want to or not (and some posts suggesting it might be a required package).

Edit: Seeing as I can’t do more than one reply (my account always gets deleted due to low post count, I keep recreating it) I’ll edit this to say I agree entirely with @mithrial but personally I’d use a different context than “tax”…

Edit: “it is not present on any ISO” sounds like “don’t panic, it’s not …” as if my concern is downplayed. It may not be present but it might be included. Mdd appears as useful as inxi…so people can just use inxi and report their issue(s), mdd just appears as a redundant anti-donation.

Edit: Not allowed to post anymore in this thread, can only edit. This is from edpb.europa.eu regarding GDPR (ELEMENTS OF VALID CONSENT):

The element “free” implies real choice and control for data subjects. As a general rule, the GDPR prescribes that if the data subject has no real choice, feels compelled to consent or will endure negative consequences if they do not consent, then consent will not be valid. If consent is bundled up as a non-negotiable part of terms and conditions it is presumed not to have been freely given. Accordingly, consent will not be considered to be free if the data subject is unable to refuse or withdraw his or her consent without detriment. The notion of imbalance between the controller and the data subject is also taken into consideration by the GDPR.

When assessing whether consent is freely given, one should also take into account the specific situation of tying consent into contracts or the provision of a service as described in Article 7(4). Article 7(4) has been drafted in a non-exhaustive fashion by the words “inter alia”, meaning that there may be a range of other situations, which are caught by this provision. In general terms, any element of inappropriate pressure or influence upon the data subject (which may be manifested in many different ways) which prevents a data subject from exercising their free will, shall render the consent invalid.

Example 1: A mobile app for photo editing asks its users to have their GPS localisation activated for the use of its services. The app also tells its users it will use the collected data for behavioural advertising purposes. Neither geolocalisation or online behavioural advertising are necessary for the provision of the photo editing service and go beyond the delivery of the core service provided. Since users cannot use the app without consenting to these purposes, the consent cannot be considered as being freely given.

I’m not a lawyer and this is a random quote from a PDF on guidelines from May of 2020 from European Data Protection Board (not allowed to include a link) but it sounds like it would not be freely consented to because I wouldn’t want to share any data and mdd would return data that is not necessary for the installation and running of Manjaro. (This assumes a future scenario in which mdd is included/required. I know mdd is not currently in any ISO, those sentiments expressed were my opinion about how this would affect my own future Manjaro installations, if any.)

Edit: I agree with @omano’s most recent post and would like to add that I think showing a dry-run of the data intended to be collected during that solicitation of consent might be beneficial for someone eager to share hardware, for example. I myself contribute to KDE’s telemetry (they’re opt-in on Manjaro at least…something I find funny given the nature of that compared to mdd).

Edit: If the above example quoted is unclear in how it relates to the scenario of Manjaro including mdd, it’s that assuming Manjaro includes mdd or in any way requires it and if mdd sends telemetry even if opted out then it can’t be consented to because that minimal amount wasn’t consented to because it isn’t freely given (because in the scenario mdd is included you can’t tell it to not report that data and still use Manjaro). Mdd should not be required or be ‘opt-out’. Personally I’d have no problem opting in if it were opt-in-only. I just want my choice. I live in the US so I’m screwed for rights as far as data protections could be concerned.

Edit: Responding to Teo’s “The big difference here is we can see exactly what is collected”: It doesn’t matter, no means no.
Edit: Responding to Teo’s “is the dev board visible to all”: Hidden development boards? Especially with something like this? Creepy and alarming, no different to me than politicians deciding things behind closed doors.
Edit: Responding to @omano’s “You can’t gather these info from the forum.” Yes, you can. Simple copy-pasta of inxi/whatever output. If you want install it as a preload, fine, but not ‘on’ by default and certainly not a required package.

Edit: Responding to linux-aarhus’s No means no. Untrustworthy stewardship and moderators/“team” simping for data-“bend over and like it”-ing and no different from any other turn-coat project that runs on FOSS only to switch after it’s built up. rm -rf /Manjaro, done with it.

Sorry, I missed this part. Maybe it was added with a quickness after initial post?
I dunno, but in this case …

In my rather modest understanding of international law … I do then echo some other concerns in this regard as well. Like - at the very least there needs to be a popup of notification before the download of the ISO or similar if this were in place. Though there is some precedent for it requiring user interaction in the EU, so a simple notification is likely inadequate.

I already provided simple ideas to implement it in a way that will brush off any concern. Just ask the user for consent with a popup and if user agrees, enable the service, if user disagrees, do not enable the service. This way it will be transparent to the user, will not violate any EU law about collecting forcibly user data, and there is no possibility of uproar of the user base, and people who would automatically disable it and criticize Manjaro for doing that, may even change their mind if some short and clear explanation in the popup would encourage user to do so willingly…

So far all signs indicate it has been decided that it will be enabled by default and user will have to opt-out.

Manjaro team should rethink about this, the excuse of “but if we don’t force it, nobody will do it” is as poor as all excuses Mozilla tries to use to justify all their bad practice regarding user data in the few last years.

Agreed! Something like:

Would you like to contribute some statistics so the team can get a better idea of the hardware people use?

You can turn this off or on as you wish.

The big difference here is we can see exactly what is collected and so far the scope seems ok. It’s not like they are reading all your emails or recording your voice nonstop in the background like some other big companies.
So it is a bit easier for me to say yes (as i have uploaded from cpuz, or to the linux hw database with the probe, and boy it gathers a lot of data, and the script runs as root).

Other that that we know how this will end - “semi-consensual” with opt out.

P.s. is the dev board visible to all? I thought it requires level 3 (or maybe i have not seen it as i was level 2).
Cause i saw a similar topic in another forum closed with link to here.

+1. And it’s no good putting tape over the webcam when what’s on the screen is more interesting to them.

Good point -(I don’t know either, but think it was visible at TL2?)-.
EDIT: Visible to “Basic” users upwards, at least. @xman1 can see it at their current “level”.

Please don’t do this. I’m so dead tired of telemetry. Adding this package by default is a strange idea. You could conduct surveys or use the data from your site’s user profile instead.