On 08/10/2014 12:44 PM, Lodewijk andré de la porte wrote:
So, the response was this:
Guys, calm down.
The code you posted doesn't send your username to
bitcoinarmory.com <http://bitcoinarmory.com>, it sends the
*truncated hash* of your user home directory path. This does not
give us any information about you except that it will be the same
when your system makes multiple requests for version/announcement
information. We*intentionally* chose this *instead* of tracking
by IP because we knew that IP logging was "not cool". And in the
end, we don't care about your IP, we only use it the ID for
collecting statistics about what operatings systems are being use
to run Armory and what versions people are using, especially after
announcing new versions. This helps us remove duplicates.
Armory (the company) only tracks unique IDs long enough to collect
daily statistics of our user base, like how many people have
upgraded. If a announce-request is made and comes from an ID we
have never seen, we add the OS and Armory version to the
statistics. Otherwise we ignore it. That's it. We added the
unique ID so that we have a way to count unique users
*without* logging IP addresses. We also add the ability for you
disable this by running with "--skip-annuonce-check".
As a company, we have to have *some* way to measure our userbase,
and we felt this was the least intrusive way possible. And you
can opt-out.
I was very pleased to see the responses on that thread. Aside from one
or two, they share the same laudable traits:
* code is posted inline and accurately assessed for its privacy implications
* the posters couldn't care less about the author's _intentions_ (no
digressions into the irrelevant issue of whether or not the author acted
in bad faith)
* nearly every post focuses on collection of IPs and user info-- the
author is blocked from irrelevant digressions on whether this info is
actually used
* author is essentially forced to care about privacy or lose his user
community
* Tor users are referred to multiple times, and not as second-class
citizens(!)
This has to be the most focused and serious thread I've ever seen
regarding privacy, at least on a forum that's not dedicated to online
privacy. I'm not crazy about the idea of storing bags of gold on
internet-facing machines, but if that's what it takes to spur on this
kind of discussion then maybe it's worth the cost.
-Jonathan
--
Liberationtech is public & archives are searchable on Google. Violations of
list guidelines will get you moderated:
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe,
change to digest, or change password by emailing moderator at
[email protected].
