Hacker News new | ask | show | jobs
by yrro 1217 days ago
Homebrew should support the DO_NOT_TRACK environment variable.

https://consoledonottrack.com/

It doesn't look likely though. I don't think it looks good that comments pointing out that Homebrew's existing behaviour (collecting analytics without obtaining informed consent from users) violates the law have been classified as abuse and hidden!

https://github.com/Homebrew/brew/pull/6745
3 comments
voytec 1217 days ago
> Homebrew should support the DO_NOT_TRACK environment variable.

No, rather something like TRACK_ME opt-in variable.

link
steve1977 1217 days ago
Or, just not track.
link
sneak 1217 days ago
In retrospect (consoledonottrack operator here) I never should have pushed an opt out standard; it legitimizes opt-out which is indefensible and unethical.

Opt-in by advance consent is the only way. Homebrew devs are unethical jerks.

Use nixpkgs and don't look back.

link
therealdrag0 1217 days ago
What’s unethical about counting errors with no PII?
link
sneak 1217 days ago
Errors are the property of the user on the system in which they occurred. Exfiltrating them without consent is unethical and oftentimes illegal, and leaks the user's IP to Google. Homebrew has no claim to them without the consent of the user. It's simple spyware.

Unless you report with Tor, it's not without PII. (Homebrew also includes a unique install UUID supercookie which persists, so every analytics data point includes PII in addition to IP address which allows Google to track that user's physical travel history.)

link
therealdrag0 1217 days ago
> consent

Users are informed upon installation.

> IP to Google.

Lots of people seem to care. I haven't heard a reason why though.

But regardless, Homebrew is deprecating and nuking the google system, so that's nice.

link
sneak 1216 days ago
Consent doesn't work that way. Imagine posting a sign at the entrance to your house saying "all those who enter here consent to being groped".

Notice is not consent. Your statement that users are notified is a red herring. Users must also consent, not just be told of an entity's plan to violate/assume consent.

Surveillance without consent is unethical no matter who the data goes to, or whether or not the data is anonymized or otherwise stripped of PII. It's stealing of information unless the user agrees to it in advance.

link
kstrauser 1217 days ago
I appreciate you changing your mind on this.
link