The Fedora Workstation team — and me, for that matter — would like to get some very basic statistics on use of the GUI upgrade tool. As I've noted at talks, we're seeing daily Fedora repo connections go up (yay!) but on the week of each release, the number of ISO downloads trending down (not so yay). I'd like to better understand the impact of the new GUI upgrade tool.
I'm not interested in long-term tracking, or tracking of individuals, but as this is a network check-in, we wanted to proceed with Council approval.
Specifically, GNOME Software would check in with "upgrade starting" and "upgrade complete" messages, including the release upgraded from and target release, and a random identifier to tie those two events together. By necessity as a network service, we'd get IP addresses, but we'd leave those out of any reporting and not store them longer than we store normal logs (like the mirror server logs), and just end up with an aggregate report of number of upgrades per day for each release-from-to, and how long each took. (Possibly also "number per IP address", without keeping the addresses themselves — this would help us better understand proxies. But I can do without that.)
Is this acceptable?
+1
+1 as necessary measures to protect privacy are taken.
I'm not sure if this can be done without a disclaimer on the website, at least for EU. We have strict privacy laws and actually, if you want to track behaviors of your visitors you can do that only if you respect the cookie law. Even if you, as in our case, want to get just technical information, you need to add a disclaimer to inform the user about that, even if you store the information just for a short time.
Did you already ask Legal about it?
@robyduck This isn't, however, the web site. I can run it by legal. If necessary, we could do without or allow an opt-out of using an identifier to tie start and end events.
Yeah I know, and the cookie law also is just an example, because we won't use cookies here. But we are going to track other stuff and even IPs, which I see critical.
Note, I'm not against it (I'm +1 btw) as it will help to improve how we release Fedora and the GUI, just wanted to make sure you consider also we might incur into laws which are different from US. I don't know anything about APAC or LATAM, but I guess EU is as always the most strict here.
Keep in mind that since upgrades are provided over the network, we already have IP information (which we do exercise considerable caution around).
+1 as a part of this I would like to see us get a legal opinion on the tracking question raised by @robyduck so we don't have to keep having it asked.
I am also +1 on tracking # per IP if this can be done privately as well.
What is the aim ? Is it usage of of the new GUI upgrade tool, or we would like to know better the number of Fedora users upgrading their distro ? These two seems to be mixed in the Matt's justification.
If we would like to know the usage of the new GUI upgrade tool, than these numbers IMO should not be compared to the number of downloaded ISOs. Many Fedora users are using DNF to upgrade their distro (at least most of the people I know around me), so the number of people using the new GUI upgrade tool, does not say nothing about the number of people upgrading their distro.
If we would like to know the number of people upgrading and compare it to ISO downloads, than we should expand this proposal to at least include DNF upgrades.
I am +1 for this (either we go just for GUI or for upgrades in general), i just want to clearly understand what we are trying to achieve.
Yeah, I'll talk to the DNF team — and Richard for GNOME Software — about extending this to the command-line version as well.
Christian was checking with Legal... I'll check back with him.
Instead of talking to legal, could we not add (for the GUI) a selector for the welcome splash screen of gnome software (selected by default) and say something like "Help make Fedora better by sending update health data" or something like that.. and than the user agrees to that, or disables the selector and data is not send.
This way we bypass all legal issues, as the user is a) aware of the data send and b) agreeing to it on his own.
We are having some trouble getting legal to answer due to being busy, we will keep chasing them.
Not sure I want to add that extra question Oliver suggests unless there is no other option.
Just to update on this. Matthew Miller and I did have a meeting with the lawyer and the outcome was that there should be no legal concerns with the proposed implementation. He lawyer did suggest however that we do put a notification in the UI letting the users know that Fedora is trying to count the number of upgrades undertaken.
this is approved.
Metadata Update from @mattdm: - Issue close_status updated to: approved - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.