Follow

Reading this: daniel.haxx.se/blog/2022/07/21

... and thinking it would be an interesting problem to find a way to connect Open Source teams with their users that:

* Doesn't overwhelm the team, or create new work for them

* Respects the privacy of the people on both ends

* Connects teams to something closer to the median user of their software, unlike channels like forums or social media where you will disproportionately get superfans and/or irreconcilable haters

Is it even possible? I have no idea! But like I said, an interesting problem

· · Web · 3 · 2 · 2

@jalefkowit Intriguing, there's been a lot of discourse on the MacPorts Developer mailing list related to curl & libcurl (as utilized by fetch on macOS/OS X). Albeit, a lot of it is related to errors encountered on older Apple systems which use older variants (if using the MacPorts versions for fresher code, one can even use LibreSSL 3.5.3 for example, whereas macOS Monterey 12.4 still uses LibreSSL 2.8.3, four years old, with some known issues which have been fixed.)

@jalefkowit In other words, Apple, definitely uses curl and libcurl.

Lamentably, perhaps they do not use versions that are quite as up to date as people may utilize if they prefer working with source (and that seems to be a diminishingly small amount of savvy users amidst the masses of consumers for a company with a trillion dollar valuation these days).

@jalefkowit
Homebrew & MacPorts have analytics, Apple does too, but: are they on by default?

Pretty sure that Apple's System Information Report & MacPorts default to off, brew? Purportedly defaults to "analytics" (aka Alphabet Inc./Google spyware) boo.

As a developer, sysadmin and user, I would prefer privacy be the default.

Though, I acknowledge usability statistics can be useful, they can also be abused, and often are in the realm of surveillance capitalism technocracy so common of late.

@jalefkowit At least back in the "old days" usability studies, which existed at least as far back as the 1960s, were opt-in, consent was a given.

These days, the EULAs and nebulously impenetrable verbiage that, more often than not, seems to disclaim liability for the vendors, and often has nefarious gotchas for users.

"Television should be the last mass communication medium to be naively designed and put into the world without a surgeon-general's warning."ーAlan Kay (he was onto something)

@byterhymer Analytics always remind me of a scene in that terrible movie BATTLEFIELD EARTH.

The aliens who conquered Earth want to know what their human slaves like to eat, so they release a few of them into the ruins and watch them from afar. The humans, who are starving, see a rat and pounce on it, so hungry they’re willing to eat it raw. “Look at how they feast on it!” the aliens say. “Rat must be humans’ favorite food!”

You can learn a lot by just monitoring peoples’ behavior, but what you’re learning doesn’t always mean what you think it does.

@jalefkowit LOL, that seems apropos.

Admittedly, I used tools such as Webalizer & AWStats long before I cringe-fully encountered companies which used Google Analytics and seemed to put far too much credence into the results.

There was something, IMHO, which was great about the humbler tools. Not just self hosting (but that is huge, especially from a privacy perspective) but the stats were crude enough that no deep "insights" were really available, so no insane conclusions were typically made.

@jalefkowit There is an interesting statistical technique (which Google & Apple claim to use) that would be a great fit here: Differential privacy!

Inject some extra random samples on the clientside as noise obscuring which individual samples are fact or fiction. With an even enough distribution that normal statistical analysis can still validly be performed on it.

Could be a great candidate for a freemium webservice, to make it easy for FOSS projects to adopt...

@jalefkowit Differential Privacy can assure users studying the project's code that it still protects their privacy. On the serverside you can store aggregated data rather than individual samples to reduce operational costs to near nothing & satisfy any GDPR, etc enforcers!

There's mathematical proofs that histograms are privacy-preserving once you remove outliers...

@alcinnz @jalefkowit My project uses Firebase Crashlytics (so Google), and also Firebase Analytics whenever a crash report is submitted. It does ask on first launch whether the user would like to participate in data collection, and the prompt has no default option, just Yes and No buttons. And the Preferences page has a checkbox for toggling the option again later.

Do be sure to tell me which crash log collection service and general OS version and system specs collection service is preferred for FOSS projects, in case FOSS is allowed to collect that sort of data instead of just flying in the dark and hoping that users communicate with you occasionally.

@jalefkowit This is sort of what telemetry systems are for, aren't they? I know they can be controversial—the Audacity team got raked over the coals for implementing one without sufficient transparency—but I certainly understand why developers want to include them.

It'd be nice if there were some standardized telemetry package that app devs could use, that would let users inspect the outgoing information. I guess Debian's popularity-contest is sort of an attempt to do this.

Sign in to participate in the conversation
Octodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!