| > That's exactly analogous to what's happening here. The data being tracked isn't you If we're talking about using a unique identifier, then I disagree. This isn't analogous to getting a store receipt at all. With a store receipt, there is nothing that connects me to the transaction described in the receipt except that I am in physical possession of the receipt. > If you visit the same doctor, even without a log of prior visits, he or she might remember you. Indeed, but that's in no way similar to what we're talking about. > I feel it's akin to looking at the ills that automobiles have brought about with pollution, and taking a stance against vehicles. When someone comes by to show you a bicycle, you say no-thanks I think this analogy also misses the mark. If tracking is like a car, then the UUID tracking we're talking about is like a compact car. Not at all like a bicycle (Poettering's suggestion, which I'm OK with, is more like that). > You're equating tracking, as being discussed here, with identity tracking, which is not really on the table as an option at all. I view this as effectively identity tracking. Much like the "advertising IDs" that Android uses. > And I would classify it as an overreaction to that problem. Perhaps it is, but if so, it's because as a user it's impossible to determine which tracking is OK and which isn't, therefore it's wise to avoid it all. > but does that mean we should attack real solutions which do not exhibit that problem just because it shares some easily identifiable similarities, such as a name? Of course not, but I'm not sure that this is an example of that. Also, it's important that a company prove (I'm not sure how that would be done, admittedly) that their representations of the tracking system are accurate, and that future business decisions couldn't change that. > That's what we already have, by nature of using IP transport. It's not, really. For instance, I run about a dozen Linux machines at home. Each of those machines does not go to the distro's repository for updates -- I have an update server that caches them and the other machines get their updates from that. So, if you're looking at the repository's logs, it looks like only one machine is getting updates. And, if I wanted to be even safer, my update server could get the updates using a VPN and thus completely disconnecting my IP address from the IP address the repository is seeing. Besides, as I said before, just because there's one data leak doesn't mean it's OK to introduce another one. > All they are proposing is to get a finer grained view (but still not perfect) of how many systems there are and what version they are. Yes, I understand. > I can't reconcile your hard line in one instance and apparent blasé attitude in the other. That might be because you're assuming I have a blasé attitude in an area where I don't. |