There are some key things to keep in mind if you want to try to figure out how to do truly anonymous tracking of installs for F-Droid:
* The anonimity of the data must be proven, not assumed. It only takes 33 bits of data to uniquely identify every person on the planet. There are so many cases where organizations put data on the internet that they believed had been "anonymized", only to find out it was trivial to deanonymize with the right techniques.
* F-Droid will not add user accounts, ever.
* Any kind of unique ID must be opt-in, never opt-out, and must be generated only for this specific use (so IMEI, IMSI, MAC address, Android ID etc cannot be used).
@fdroidorg Thank you so much for protecting my data 🙏
Relevant link: the slides of a recent talk on the topic, pointing out various genres of pitfalls naive attempts fall into:
@fdroidorg I love F-Droid~
I dont know much about TOR but isnt there a way to provide user accounts with TOR being the tracking offuscator
a legitimate way of using TOR
What do you want user accounts for in @fdroidorg?
User accounts are hard to do properly, can destroy your performance (conversely, send your hosting costs through the roof), and we will not talk about the legal issues.
Say why it is that you want user accounts and let's come up with ways to achieve the same goal safely, efficiently, and without screwing user privacy.
I think people might want accounts for ratings and reviews. In the early days of FDroid.org there was a lot of experimental alpha software in the repo. Ratings and reviews would have helped then.
I am not for tracking at all but several years ago I met a guy who was and he had a legitimate reason. He wanted to know if his software was being used. Websites have these hit counters on their pages and his argument was so should software. He just wanted a sense that his software was being used. Download numbers wasn't enough. He wanted to know if it was being used.
The question is: *why* did he want to know if his software was being used?
As I have said, there are perfectly good ways to measure user engagement that do not rely on #spyware. Any interaction of this kind *must* be a) voluntary, b) customer-initiated.
If you are not getting bug reports, emails, etc., your software is not being used to any significant extent. Whether the exact number is 0 or 71 is irrelevant.
Speaking as a #foss developer myself, that's pretty far from being a legitimate reason to track users.
Of course we all wonder how people are using our stuff. Some of the feedback I've had over the years made me feel really important too. 😊
But that's *never* a justification to violate anyone's #privacy.
Besides, I repeat: if your software is popular you will know it. People will tell you of their own accord.
Nae stats please! At least, not publicly available stats.
Showing a download counter *to the application packager only* is probably OK-ish.
Showing the same counter to the public at large, either raw or aggregated (e.g., a “popularity” ranking) is asking for pain.
We devs know how popular #foss apps are by proxies such as number and quality of issues in the bug tracker, donations, etc.
That's all we need to know. The rest is data masturbation.
Thank you f-droid 😍
This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!
We adhere to an adapted version of the TootCat Code of Conduct and follow the Toot Café list of blocked instances. Ash is the admin and is supported by Fuzzface, Brian!, and Daniel Glus as moderators.
Hosting costs are largely covered by our generous supporters on Patreon – thanks for all the help!