Monday 19 February 2018

Re: More diagnostics data from desktop

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJairIfAAoJEPFs1tYjUeSxUd8IAN3Be/XBc7iEWVVpIESxEXGd
3g8VN7u0ZvypgI/RwcR2D74dJDUYPru+C9+p80qvqP6WrwSjt+hIUkQnSw/vKBrv
AmDw3uzfXyEwIOACOVOZWO/mfLYtfgO31KTfKHarxcdVvwqGNUVhorUAa2T8/Isa
iDvsjPOGvpZOZujm1cVklj0FBiKaBO+YYiBL7mw5gBcWW5WupXZB10/Ya83QDhfE
z1nPwghF/X95Sav/Qze0kxDSc5E8kcqc+/iQP5BLhvNnfe1FOkksdAAM8ZQPHIYC
+9JmERK4emZ3a5xgE642O7JcssLonE08M5tVEwddqGbSy0u3PqnYAKV0GEDQB2Q=
=vhdU
-----END PGP SIGNATURE-----

Hello

I'm already seeing some blowback from the community, so I'd like to suggest that a few things be made clear.

There is three collection methods: 1) Post-Install report; 2) Popcon; and 3) Apport.

- It'd be nice to have some insurance that Canonical does not have the ability to match these three report sources by means for instance of a machine identifier.

- 1) if there is no chance for the user to inspect this data before it is sent at first boot, one should make sure it does not include Hardware UIDs (For disks, Mac Addresses for network interfaces, etc)

- 2) I don't know the popcon backend, but it'd be nice to know that the full list of packages for a given report is not stored (because such information can be used for tracking)

- 3) If Apport automatically submits a report a StackTrace is OK but no coredump data should be included

Cheers

On 14/02/2018 16:22, Will Cooke wrote:
Dear all,

We want to be able to focus our engineering efforts on the things that matter most to our users, and in order to do that we need to get some more data about sort of setups our users have and which software they are running on it.

We would like to add a checkbox to the installer, exact wording TBD, but along the lines of "Send diagnostics information to help improve Ubuntu".  This would be checked by default.

The result of having that box checked would be:

* Information from the installation would be sent over HTTPS to a service run by Canonical's IS team.  This would be saved to disk and sent on first boot once there is a network connection.  The file containing this data would be available for the user to inspect.

That data would include:
   * Ubuntu Flavour
   * Ubuntu Version
   * Network connectivity or not
   * CPU family
   * RAM
   * Disk(s) size
   * Screen(s) resolution
   * GPU vendor and model
   * OEM Manufacturer
   * Location (based on the location selection made by the user at install).  No IP information would be gathered
   * Installation duration (time taken)
   * Auto login enabled or not
   * Disk layout selected
   * Third party software selected or not
   * Download updates during install or not
   * LivePatch enabled or not

* Popcon would be installed.  This will allow us to spot trends in package usage and help us to  focus on the packages which are of most value to our users.

* Apport would be configured to automatically send anonymous crash reports without user interruption.

The results of this data would be made public.  E.g. People would be able to see that X% of Ubuntu users are based in .de vs Y% in .za.  Z% of our users run Dell hardware, and so on.
The Ubuntu privacy policy would be updated to reflect this change.

Any user can simply opt out by unchecking the box, which triggers one simple POST stating, "diagnostics=false".  There will be a corresponding checkbox in the Privacy panel of GNOME Settings to toggle the state of this.

And to reiterate, the service which stores this data would *never* store IP addresses.

We value your feedback and comments!

Cheers, Will
On behalf of the Ubuntu Desktop Team