[sneak]

It’s not anonymous, it includes the client IP address as well as a permanent supercookie unique identifier. Coupled along with client IP geolocation, this leaks your travel history to the server. It does so silently when you install packages, just like any other spyware.

The problem is an ethical one: just because they made software does not entitle them to the information about what does or does not happen on a machine that they do not own without the informed consent of the owner or operator of that machine. Assuming consent and opting the user in automatically is the issue.

Anything other than advance, informed consent is just spying.

Debian has figured it out. Why do other open source projects have such a hard time understanding consent?

[ccorcos]

Homebrew says they ask before sending telemetry and you can say no…

And you’re sending your IP address all over the internet. Is Hacker News violating your privacy because they have a log an incoming requests?

It’s not like Homebrew is identifying YOU by name or cross referencing the UUID on your machine to advertise to you…

I just think it’s hard to appreciate how much work it takes to build quality software. And automated reporting really helps!

Living in a “trustless” world is a myth.

[sneak]

They don’t ask before, it happens without consent. The problem is claiming it’s anonymous when it’s not. Loading hacker news is also not anonymous. Calling something anonymous when it transmits your IP address is factually incorrect.

[userbinator]

I just think it’s hard to appreciate how much work it takes to build quality software. And automated reporting really helps!

It sounds like Homebrew has its own reality distortion field, to be able to produce such pure unadulterated self-congratulatory BS like that.

As someone who had the unfortunate experience of having to try it once and interact with the "community", I am not surprised to see that it's still a bubble of delusion lead by someone trying to emulate Apple's cult.

[inyourtenement]

I'm a fan of lihaoyi's response to similar tracking accusations.

> It's on by default. If you don't like that, turn it off. Or stop using Ammonite if you want to make a philosophical statement. I don't make any money off any of you, so I won't be particularly sad to see anyone go.

https://www.reddit.com/r/scala/comments/6irnix/about_ammonit...

[inyourtenement]

And by supercookie, do you mean this UUID? https://github.com/Homebrew/brew/commit/57844530a94d5686029c...

[mikemcquaid]

Yes, he does and, as you noted: it was removed.

We also always requested for Google to never store the IP address and now we run our own analytics infrastructure we definitely do not store it at all.

sneak just has a grudge against Homebrew because we blocked them for going on and on about this so they resort to ranting on Hacker News instead every time Homebrew is mentioned.

[sneak]

You are confused, despite my having explained many times. Your misrepresentation seems like bad faith. The Upton Sinclair quote comes to mind.

My issue is with all people who ship spyware; it is unethical. It’s nothing specific to Homebrew (sadly) and it’s not a grudge.

Lots of people would turn it off if they realized it was spying on them. The problem is people who assume consent and co-opt computers that do not belong to them to spy on users and exfiltrate data that isn’t theirs. They think that being volunteers or making f/oss entitles them to act unethically.

Opt-in consent is fine. These authors don’t use it because they secretly know that if they asked outright, most people would say no.

Seriously, it’s not any personal grudge against your project (and didn’t know until this moment that you had blocked me): Mattermost, VSCode, NetData, CapRover, and a thousand others also behave in such an unethical manner. It’s shameful, and it should be illegal.

Many people don’t know about it (as evidenced by sibling comments in this thread) and obviously should. This is a failure of the project that spreading public awareness about helps.

I would love to see the f/oss community abandon projects that are run in such an unethical manner. Nixpkgs on macOS, for example, doesn’t spy on you. (Neither do the package managers in the Linuxen you can replace macOS with.)

[ccorcos]

You're hijacking the term "ethical" to present yourself as morally superior. Many people don't think they're behaving unethically, and I think you're of the minority opinion.

> Many people don’t know about it and obviously should.

If people did know, what would be the consequence? What tangible difference would it make in anyone's life?

[sneak]

Morals are subjective, ethics are not. The fact that they are behaving unethically is not an opinion.