Hacker News new | ask | show | jobs
by em-bee 934 days ago
you mean that the f-droid maintainers did not want to rely on mirrors that would log downloads?

sounds a bit extreme on the privacy front, but not entirely unusual. i see no relation to how the project is run though. on the contrary, i expect community run projects even more likely to reject logging because it only takes a few vocal people to demand that. meaning the more people have a voice, the more likely demands for privacy come up. see debian and their popularity counter for example when they could just log all the downloads instead.
1 comments
gazby 934 days ago
I'm talking literally just access logging though. Expecting even an individual, let alone a business, to run a publicly accessible web service without any form of access logging is just absurd IMO.

I'd expect privacy-inclined people to care vastly more about detecting and tracing indicators of compromise or similar over avoiding access logging on the open internet.

Edit: Use actual English.

link
em-bee 934 days ago
i agree with you, but knowledge and understanding of these issues varies a lot. my confusion was your apparent conclusion that in a community run project this would have been better.
link
gazby 934 days ago
I would indeed expect a community-run project to have been better (at evaluating the trade-offs of access logging [which occurs on every other web property F-Droid users utilize]). If only because there would have been more than one voice that mattered, and thus consensus would be required rather than unilateral dictation.

Is the confusion a result of disagreement, or of my explaining my perspective poorly?

link
em-bee 934 days ago
it's disagreement. i fully understand your perspective, however from what i have seen, there is a tendency for the consensus lean towards the lowest common denominator that all can agree on. iaw. the most paranoid wins (ok, not that extreme, but it illustrates my point)

of course the upside of community input is that you also have more moderate voices and technically knowledgeable ones that can explain the risks and help reduce peoples worries.

link
gazby 934 days ago
Yeah that makes sense. One of those things I'd love to see play out both ways and watch what happens lol.
link