Measuring success/failure in the installation

Clint Byrum clint at ubuntu.com
Wed May 18 17:41:52 UTC 2011 

Excerpts from Martin Pool's message of Tue May 17 09:17:13 -0700 2011:
> It seems like a great thing to try to measure.
> 
> 1- I wonder if it would be possible to have just one single checkbox
> "contribute anonymous non-personal technical information to help
> improve Ubuntu" that covers both the installer and the later use of
> other programs.  If there's only one box for all time, the burden may
> be less.  It would need a way to get more details and a way to opt
> back out.

+1 for this.

I'd like to see the policy and the implementation submitted for review
by serious privacy experts.  There's a difference between "we asked the
user" and "we took care of the user's best interests."

> 
> 2- istr sabdfl specifically ruling out any kind of user registration
> card; I'm not sure if this would also be covered.
> 
> 3- Since most machines already poll the archives during or shortly
> after installation I'm not sure if the "I'm alive" message would
> really be giving away any more information.

At this point, IP addresses are decent geolocators when users are not
careful to use a proxy of some kind in everything they do. We do allow
them to set that up, but casual installers are exposing their IP to us.

If I can tell that a machine contacted Ubuntu's security archives at a
certain time, I can make a legal case that I should be able to see the
logs from the security archives. Right now, all I'd get would be all the
IPs that requested updates at that time. The sheer popularity of Ubuntu
provides a decent amount of plausible deniability. However, if there's
a GUID still on the hard drive, then it does exactly what it is designed
to do, disambiguates the event chain, so now someone can "close the loop"
and know exactly what IP a machine had at that moment. Once they can rule
out a proxy server, this gives a reasonably certain physical location
for the machine at a certain time.

This is bordering on tinfoil-hat-wearing level of paranoia, but its
something that needs to be considered before doing anything rash.

More information about the ubuntu-devel mailing list