[gazby]

I'm talking literally just access logging though. Expecting even an individual, let alone a business, to run a publicly accessible web service without any form of access logging is just absurd IMO.

I'd expect privacy-inclined people to care vastly more about detecting and tracing indicators of compromise or similar over avoiding access logging on the open internet.

Edit: Use actual English.

[em-bee]

i agree with you, but knowledge and understanding of these issues varies a lot. my confusion was your apparent conclusion that in a community run project this would have been better.

[gazby]

I would indeed expect a community-run project to have been better (at evaluating the trade-offs of access logging [which occurs on every other web property F-Droid users utilize]). If only because there would have been more than one voice that mattered, and thus consensus would be required rather than unilateral dictation.

Is the confusion a result of disagreement, or of my explaining my perspective poorly?

[em-bee]

it's disagreement. i fully understand your perspective, however from what i have seen, there is a tendency for the consensus lean towards the lowest common denominator that all can agree on. iaw. the most paranoid wins (ok, not that extreme, but it illustrates my point)

of course the upside of community input is that you also have more moderate voices and technically knowledgeable ones that can explain the risks and help reduce peoples worries.

[gazby]

Yeah that makes sense. One of those things I'd love to see play out both ways and watch what happens lol.