The developers of the Manjaro Linux distribution, built on the basis of Arch Linux and aimed at beginners, announced the beginning of testing a new service MDD (Manjaro Data Donor), designed to collect statistics about the system and send it to the external server of the project. The author of the MDD intended to enable telemetry by default (opt-out), but the decision has not yet been approved and, judging by the objections of some developers and users, it is likely that telemetry will be offered as an option requiring prior consent of the user (a request to enable telemetry is proposed to be added to the greeting interface after the first download).

The report includes data such as host name, kernel version, desktop component versions, detailed information about hardware and drivers involved, screen size and resolution information, network device MAC addresses, disk serial numbers, disk partition data, information about the number of running processes and installed packages, versions of basic packages such as systemd, gcc, bash and PipeWire.

The sent data is stored on the project server in the ClickHouse database and visualized using the Grafana platform. The IP addresses of users are not stored, and the hash from the /etc/machine-id file is used as the system identifier.

Аccording to the code https://github.com/manjaro/mdd/blob/master/mdd.py#L40 sends everything.

  • @auzy
    link
    -142 months ago

    Don’t like it, don’t opt in

    Even Debian has popcon

    There are lots of benefits for developers to gather telemetry.

    Don’t like that? Fork and do your own distro (presumably though you don’t contribute anything to open source, so id expect such people to simply whine and get angry at contributors)

    • @[email protected]
      link
      fedilink
      92 months ago

      Debian popcon is opt-in, first of all.

      https://popcon.debian.org/FAQ

      Q) What information is reported by popularity-contest ?

      A) popularity-contest reports the system vendor [1], the system architecture you use, the version of popularity-contest you use and the list of packages installed on your system. For each package, popularity-contest looks at the most recently used (based on atime) files, and reports the filename, its last access time (atime) and last change time (ctime). However, some files are not considered, because they have unreliable atime. For privacy reasons, the times are truncated to multiple of twelve hours.

      [1] i.e. the dpkg Vendor field, see dpkg-vendor(1).

      So no fucking MAC addresses and machine-ids and harddrive serial numbers and stuff.

      They only want package statistics, the point being to have statistics about the popularity of packages, mainly so they can be prioritized for the CD/DVD isos. You know, information that actually has a use, not hardware identifiers that can only be used for tracking purposes.

      • @auzy
        link
        12 months ago

        Each popularity-contest host is identified by a random 128bit uuid (MY_HOSTID in /etc/popularity-contest.conf). This uuid is used to track submissions issued by the same host. It should be kept secret.

        Oh, and by default, IP, unless usetor is enabled

        A machine I’d is just a hash too

        Can you explain to me how you track Mac address, serial numbers over the internet.

        Just fyi, the backend project I made 20 years ago was hardware related. There’s potential reasons to grab this info…

        But, if it is a concern, I’m sure they’d welcome submissions to improve the parsing and allow things to be filtered.

        In fact, popcon could be used for digital fingerprinting technically

        In all likelihood, op never spoke to the manjaro developers either

    • r00ty
      link
      fedilink
      52 months ago

      Yeah, my only concern here was if it was opt-out. That’d be bad.

      Now I completely understand the developer on this. This is useful info to have to help decide future changes/features and general direction, but balancing the right to privacy means this kind of data provision should ALWAYS be opt-in. Microsoft, you hearing me here?

    • AlexanderESmith
      link
      fedilink
      12 months ago

      90% of the time I see a post this stupid, it’s also a mirror for the poster.

      What, exactly, have you contributed to open source? Hell, what have you contributed to any source, closed, open, or otherwise?

      • @auzy
        link
        0
        edit-2
        2 months ago

        Yep. I’m not going to get into details of which projects.

        But one project was mentioned in hard print magazines (it was a backend project). Despite the publicity, people like you guys basically offered no help, and whilst there were supporters, were happy to criticise (Ubuntu ended up doing something similar after I dropped it). There were people who thought it was life changing, but also people happy to tell me it was unnecessary and the wrong way of doing it and pointless (simply because they didn’t understand why I was doing some things)

        I’m watching you guys do exactly the same thing to many projects where you’re purposely damaging morale for the developers

        I documented an entire web panel project (not sure if they’re still around), and wrote an rewote the nsis installer for a app to fix bugs

        I also did some other misc projects.

        Again, downvote me, don’t care. But the reason Linux hasn’t dominated the industry yet Is because many developers feel unappreciated, and move to commercial projects.

        The culture needs to change

        Also, I’m in commercial development now (specifically because I got sick of the lack of support). It doesn’t matter if you believe me. I just want to see change in the community so developers are treated better