[aviaviavi]

Well, Scarf offers free pixel tracking too so you definitely have the correct model for what we do, though sorry to hear you dislike the approach.

Our goal is to help enable OSS developers to financially support their work. Do you think it's still wrong when it's OSS developers trying to sell their services or premium offerings to the companies that already rely on their work? If so - companies are tracking people all the time at a very granular, personally identifiable level. Why should we hold OSS developers to an even higher standard than what we tolerate from large companies?

[esrh]

> Why should we hold OSS developers to an even higher standard than what we tolerate from large companies?

The problem here is that i DON'T tolerate this from large companies either. I find the pixel tracking thing outrageous and disable images by default in my email client to avoid it.

I understand your argument, I just find it personally strongly disagreeable, and I'm willing to bet poster above did as well.

[aviaviavi]

> The problem here is that i DON'T tolerate this from large companies either. I find the pixel tracking thing outrageous and disable images by default in my email client to avoid it.

If you are already using OSS today and grabbing that software over the internet, you are tolerating it even if you claim otherwise. If you pull something down from GitHub, Microsoft has all the data that we're talking about here.

> I understand your argument, I just find it personally strongly disagreeable

Fair! And I understand yours too. I also think your argument is more idealistic than practical for the current state of the ecosystem, especially considering how many parties already have access to this web traffic data. Maintainers having this data too is a very benign additional party to have access to it. Furthermore, it's a concrete way we can all chip in to help OSS maintainers and make their jobs a little bit easier, short of reaching for your credit card (which we should all be doing too).

[smoldesu]

You're going to be walking a thin (and difficult) line if you're trying to find open source developers also interested in introducing involuntary tracking to their software. Open Source software, since it's inception, has been about creating respectful software for the commons.

> Do you think it's still wrong when it's OSS developers trying to sell their services or premium offerings to the companies that already rely on their work?

No, but I shouldn't have to worry about that as a user. The onus is on corporations to disclose the software that they use in accordance with their respective licenses, the regular user doesn't deserve to suffer for the incompetence of funded organizations.

> Why should we hold OSS developers to an even higher standard than what we tolerate from large companies?

You don't, they do. That's the point of open source licensing in the first place: defining what you're comfortable with other people using your software for. By choosing an Open Source license, you're assuming one of the most difficult and thankless positions in the world of software. That's how it's intended to be though, because that kind of transparency is imperative when we're distributing free software. You wouldn't poison the rations being donated to the homeless, so why are you comfortable poisoning the CDN of my download? This all seems pretty cut and dried to me.

sigh Time to start dropping Scarf URLs in my hosts file...

[aviaviavi]

This argument conflates licensing of a piece software with the the distribution channel that distributes artifacts of that software. The service being discussed here is purely part of the distribution layer and has no footprint on the artifacts themselves. It's merely a passthrough layer sitting in front of the current stack.

If you are using open source today, you're already hitting servers that have access to all of the same information Scarf sees. Visiting a URL is by definition asking a server on the other side to process your request. That data can be very helpful to all of the great open source maintainers out there, but has historically been difficult or impossible to access. The result will be better informed maintainers, and better OSS for everyone.

[smoldesu]

Take your cut, pick-and-choose your criticism, but remember you're working in a privacy-conscious sector.

[aviaviavi]

Absolutely agree. And that's why we've put so much effort into making sure the system handles all PII as correctly and securely as possible.

End-user privacy does not need to be compromised in order to give OSS maintainers a basic quantitative understanding of how their software is used. This is our best attempt at a solution. We will be continually improving it better however we can.