|
|
|
|
|
|
by mikemcquaid
730 days ago
|
|
|
it's ok, sneak literally just comments this on any mention of Homebrew. we've made many changes to analytics but, according to sneak, unless we move to opt-out: we're spyware. weird how sneak doesn't post this on posts about all of the closed-source companies that use server-side analytics you cannot audit and data you cannot access. |
|
|
It's unethical for anyone, yourself included, to use an end user's device to spy on them without their consent. Transmitting their activity without explicit opt-in is spying, full stop. It's not spying to monitor your own server when servicing client requests as that is obviously done with the consent of the device's owner (yourself).
I'm not sure why you bring it up; surely you understand the difference between your own computer and someone else's? It feels like you are perhaps approaching it in bad faith.
There is no amount of ad hominem that will make producing and shipping spyware into an ethical choice.
Somehow projects much larger than your own, also run by volunteers, such as Debian, not only survive, but thrive, without spyware of their own, and also with pervasive policies that patch out spyware and phone-home and other such misfeatures in their packages. Nixpkgs manages to continue to grow without spying on their users, too.
If you really thought users would consent, you'd go opt-in. If you maintain the stance that opt-out is acceptable, it is implicit that you believe that not enough users would consent, which means you are intentionally violating their consent given that you know that. Hence, the ethical issue, which handwaving doesn't change.
Debian knows this. It's a shame that Homebrew doesn't. Normally you see for-profit enterprises selling their users out with surveillance; you have no revenue targets to hit so I'm not sure why you persist in this behavior.
> it's ok, sneak literally just comments this on any mention of Homebrew
I wouldn't have to if you would surface for your users when the software you provided them uploads their usage data. Most of your users are unaware of it.
I'll bet you $10k USD cash that if you printed some messages to the console each time you hit the analytics endpoint with a message that "brew analytics off" would disable it, you'd lose a double digit percentage of your inbound data within 100 hours. You won't take this bet and you won't surface the tracking in realtime because you know it's only giving you the data so long as users remain unaware of your unethical behavior.
Also, parhamn explicitly asked for reasons people might switch. This is the primary reason I use Nixpkgs and not homebrew, so it's a direct and accurate answer to their question. You might be surprised but there are lots of people who choose software based on the behavior (and resulting trust level) of the developers.