[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [cross-project-issues-dev] New UUID in Eclipse Platform
|
On 2016-06-03 04:47 PM, Pascal Rapicault wrote:
On 6/3/2016 4:35 PM, Alexandre Montplaisir wrote:
Hi Ian,
Sorry I will have to be "that guy", but I do find this a bit concerning.
First, The eclipse.uuid file is put in the user's home directory,
which means that it ends up identifying a *user*, not just an Eclipse
installation. If the same user wipes his installation and re-installs
another Ecilpse, he keeps the same ID.
The missing part here is the definition of user. Yes the file is
stored in the user folder but there is no way for the EF to match your
UUID to an actual individual. The reason why it matters to store
this file in the user folder is to because we want to be able to know
if a user updates, or uses multiple versions of Eclipse. This is again
very important to figure out the profile of our users.
The EF cannot match a UUID to an actual individual, yes, but you still
want to "figure out profiles" of actual individuals.
I completely understand the helpfulness of such metrics. However some
users, like myself, are not comfortable with the idea that somebody
somewhere is building a profile of them. The polite thing to do is to at
least ask the user if they agree to be tracked. If they are fine with
it, then no problem.
The biggest problem, imo, is not that the feature exists, but that is it
being enabled by default, and silently. There should at least be a
warning to the user, or as Jesse mentioned, making it opt-in instead of
opt-out.
Finally also know that the UUID is generated uniquely and if it was
regenerated multiple times on the same machine, it would lead to a
different ID.
Of course, but the default case that will happen 95% of the time is that
file will be generated once and stay there until the user wipes its home
directory.
This is also done by default, with no warning to the user. Even
proprietary programs often pop a window on the first run, asking the
user if they want to provide anonymous usage statistics and the like,
and giving them the option to disable it. Even if that option is
enabled by default in the dialog, that is still miles better than not
telling the user about it at all, and requiring him to know about an
obscure "eclipse.uuid=0" configuration option.
I realize I'm late to the party and the decision has already been
made, but you said to let you know if we have questions or concerns,
so I am doing just that ;)
Regards,
--
Alexandre Montplaisir
Trace Compass Committer & Project Lead
On 2016-06-03 11:13 AM, Ian Skerrett wrote:
All,
I wanted to make everyone aware that a UUID has been added to the
Eclipse
Platform [1] and is available in the current Neon RC. This was done
at the
request of the Eclipse Foundation.
The UUID is automatically generated and stored in the
${user.home}/.eclipse/eclipse.uuid file. The UUID does not contain any
personally identifiable information. If a user do not want to have this
property set they are instructed to set eclipse.uuid=0. Information
about
the UUID has been included in the Eclipse Platform N&N [2].
The UUID will be automatically added to the user-agent of http
requests to
*.eclipse.org servers. For Neon, the projects that make these types of
requests include p2 [1], MPC [3] and AERI [4]. I would expect other
projects
will add a uuid in the future.
The immediate questions for many people are 1) why are we doing
this, and 2)
what about the privacy concerns. Let me attempt to answer both of
these
questions.
Why are we doing this?
The Eclipse Foundation has started an program to better understand
our user
community. We are using a log file analysis service, Splunk, to
analyze many
of our log files to get a better idea of how people are using
Eclipse. For
instance, how many people actively use Eclipse, what version of Java
is the
most popular with the Eclipse user community, what version of Eclipse
Platform is being used or what operating system is being used? In
the past,
this type of information was typically a 'best guess'. We believe
can do
better by having the actual data of our user community. The UUID
will allow
us to get a more accurate answer to many of these questions.
What about the privacy concerns?
The UUID is anonymous and does not contain personably identifiable
information. We only intend to use and analyze the UUID at an aggregate
level. A user is able to opt-out of sending a UUID by setting
eclipse.uuid=0. The Eclipse Foundation has a published Privacy
Policy [5]
that details our specific practices.
Please let me know if you have any questions or concerns. I
appreciate this
might be a sensitive topic but I do believe it is the right thing to
do for
the Eclipse community.
Regards
Ian
[1] https://bugs.eclipse.org/bugs/show_bug.cgi?id=490112
[2] https://www.eclipse.org/eclipse/news/4.6/platform.php
[2] https://bugs.eclipse.org/bugs/show_bug.cgi?id=492916
[3] https://bugs.eclipse.org/bugs/show_bug.cgi?id=492917
[4] https://eclipse.org/legal/privacy.php