Maybe this is sufficiently private, maybe not. I'm not a security expert.
Maybe GA's fingerprinting heuristics are advanced enough to know that because user 1034324234 installed spacemacs at 4:01 and I visited the spacemacs documentation at 4:01 that there's a decent chance I'm user 1034324234.
Decent enough to see if the pattern happens again. After a few rounds of this, it's close enough to serve me ads based on user 1034324234's install patterns.
"oconnore" is a perfectly valid unique identifier on HackerNews that doesn't tie to anything about you if you don't have your email address in your profile. This is no different.
The difference is, it's a choice to post on a public website. homebrew is a package management tool, there is no expectation that it will send information about you to Google.
This. The reasons they articulate for suddenly deciding on performing this data collection, and for doing it via GA are laughable. I am sufficiently annoyed at this because of the generation of yet another outbound data stream from my system, but the fact that in all likelihood the project will do nothing with this data really annoys me. There is zero need for this in a package system.
> Just your universally unique id
...