Hacker News new | past | comments | ask | show | jobs | submit login

> Why is telemetry collected through Google?

No-one else provides anywhere near the same scale for free. We have over a million monthly active users and every other solution we tried (including FOSS ones) either fell over at that load or we couldn't find anyone willing to provide hosting for us.

We don't send any personally identifiable information to Google. You are tracked by a randomly generated UUID (which you can regenerate at any time) and we tell Google to not store IP addresses.




First of all, let me say I appreciate your response and your work on Homebrew, a great piece of software, and quite a blessing for Mac users.

> No-one else provides anywhere near the same scale for free.

That's a bit naive. Google is not a charity and provides that service by making a profit out of user data.

> We don't send any personally identifiable information to Google. You are tracked by a randomly generated UUID (which you can regenerate at any time) and we tell Google to not store IP addresses.

Even with no IP, Google can easily cross-references searches and the random UUID, since a typical use case is that a user installs something through Homebrew after Googling it.

Please rethink this bad default choice. And sorry if my reply sounds harsh, but I think that Google tracking by default is an extremely bad choice for your users.


> That's a bit naive. Google is not a charity and provides that service by making a profit out of user data.

Yep and that's an acceptable trade-off for the maintainers of Homebrew given that we need analytics to do our (volunteer, free-time) job adequately and we do not have financial resources for other alternatives. If you're willing to provide those financial resources indefinitely: get in touch.

> Even with no IP, Google can easily cross-references searches and the random UUID, since a typical use case is that a user installs something through Homebrew after Googling it.

That may be technically possible but I see no evidence that it is the case.

> Please rethink this bad default choice. And sorry if my reply sounds harsh, but I think that Google tracking by default is an extremely bad choice for your users.

We disagree. Please consider another macOS package manager. MacPorts is a good alternative.


I also use Google Analytics for tracking usage in my desktop applications (opt out) and it's great. I think most just think about web stats (page views) but I just use the event system. This allows me to identify unused features or possible confusing UX. I also started using it in a project at work and the data has been extremely useful.


> That's a bit naive. Google is not a charity and provides that service by making a profit out of user data.

So what if they make profit -- they provide a fantastic service that actually works well, and it allows homebrew (and many other systems) to continue to provide it's services for free.


If you are fine with a company profiting out of your personal information and habits, I am not, and I think is a reasonable choice to assume that people are not fine with that.


Then those people won't use Homebrew.


Sure! But the telemetry is a default setting, and the implications for the user’s privacy are not clear at all.

Opt-in telemetry clearly stating that Google will record the first three bytes of your IP? I’m OK with that!


> We don't send any personally identifiable information to Google.

Yes, you do. While you use[1] the "Anonymize IP" option, a packet is still sent from the user's IP. Google's business model includes gathering as much data as possible so it's foolish to think that they are throwing data away in this situation. You may disagree and trust Google to honor the "Anonymize IP" option, but trust is not transitive so you shouldn't ever assume users agree (use opt-in in every situation).

However, claiming you don't send pii to Google makes me wonder if you have actually read the documentation for GA? The "Anonymize IP" (aid=1) option is blatant doublespeak. From their own documentation[2]:

> The IP anonymization feature in Analytics sets the last octet of IPv4 user IP addresses ...

They are only masking out the last 8 bits of the address, which are the least interesting bits. You can still discover the ASN from the remaining data. At worst all that option did is add a 1-in-256 guess when correlating your analytics data to the rest of Google's tracking data. That is trivial to overcome Google's massive databases of tracking data.

You even provide a unique additional per-install tracking number that lets Google track users when they move to a different IP address. Once a correlation exists between your analytics data and everything else at Google, your analytics events provide a reliable report about that can allows other tracking data to be correlated to the new IP address.

Why does that option exist? It's possible that it was designed to mislead developers into sending Google tracking information, but their own documentation[2] suggests a different hypothesis:

> This feature is designed to help site owners comply with their own privacy policies or, in some countries, recommendations from local data protection authorities

This is a feature designed to check boxes on compliance requirements, not to provide any provide actual anonymity to users.

[1] https://github.com/Homebrew/brew/blob/fd4fe3b80cab9902437016...

[2] https://support.google.com/analytics/answer/2763052?hl=en


>> We don't send any personally identifiable information to Google.

> Yes, you do

PII is a term of the art which the GP is using in its standard sense and you are not. https://en.wikipedia.org/wiki/Personally_identifiable_inform...

(This is independent of the deontolic status of your comment.)


Redefining a phrase to omit much of its common meaning is what got us here. I appreciate you helping to bridge the gap by translating, I am just bemoaning its nessessity.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: