Hacker News new | past | comments | ask | show | jobs | submit login
CyanogenMod Android privacy vs. developer wars (zdnet.com)
36 points by wagtail on Apr 4, 2013 | hide | past | web | favorite | 17 comments

"Personally, I regard it as rather sad that simply collecting such basic anonymous data about a smartphone or tablet could cause such an overreaction. Simply using the Internet, without extra effort to erase your digital footsteps, reveals far more about you than the information CM was going to collect."

Some users choose the extra effort to minimize their digital footprint. What I find sad is the trend in software and hardware products making that choice impossible to make.

I think Cyanogenmod deserves praise for listening to their users and addressing their concerns, even if they did not agree with them.

Can't he just collect stats on opt outs vs opt ins? It's a minor concession from the privacy people and it should allow him to do basic analysis.

If I download offline software and opt out of any sort of online registration or reporting I would hope it wouldn't even report my opt out. I don't want it to go any calling home.

The key that people are missing is CM is trying to get this info to make the best directional decisions possible and those that opt out are left out of that conversation, but they probably are aware and okay with that. I say leave them out.

Demanding opt-out for something like this is a broken way of looking at it and is, fundamentally, sleazy. Opt-in is the only justifiable strategy.

The key to these sorts of issues seems to be that people hate change to privacy issues.

If these had been baked in at the start most people wouldn't have cared or noticed, but because they are being changed (to something which is still essentially anonymous, so doesn't affect 'digital footsteps' or whatever other silly metaphor people want to use) there's an opportunity for people to make themselves heard.

At the end of the day, this makes it harder for established software products to compete against newly introduced things where this is baked in from day one as part of a generic analytics thrust.

I don't think they originally changed what data they collect, they only changed whether you could opt out. After the small hubbub I think some people claimed that you could brute force an IMEI from the hash so they decided to use a more anonymous ID which I think gets regenerated on device wipe so it's actually less useful for tracking total installs... I think the whole thing is a brouhaha over nothing, the information is in no way trackable to an individual user and it gives them the clout to go to manufacturers and say "look, X people are using CyanogenMod, you should consider what we have to say." By using Google services you leak way more information so caring about this is just a little bit silly.

Saying that other companies collect more information doesn't make it right in this situation, as the people most opposed to anonymized data collection likely do not use those services or have them set up in such a way as to obscure as much of their personal information as possible.

Personally, I wouldn't have a problem with a UUID and the occasional "phone home" - if UUID X hasn't phoned home in Y days, it's no longer part of the install base. Given that more CM users tend to be obsessive device-wipers, it may make sense to phone home more often; given the limited data points they're collecting, it's a negligible hit to users' data plans (though given some Android users' network misconfigurations, may be more of a hit to CM's servers than they'd expect).

Transmitting and storing md5 hashes of device IMEIs and MAC addresses, though? No bueno. That the project owners don't see a problem with this (and that they believe cracking these hashes is non-trivial, especially given the restricted address space of these two data points) worries me far more than the data collection itself.

Debian's popcon is an elegant solution to this problem.

Yes, and that's because it's opt-in, the way respectful software is.

Malware is opt-out for a reason. Don't be malware.

CM is totally awesome..every Android developer should use CM personally.

Besides, if it wasn't violating privacy, the numbers are worthless because they have no way of knowing that each number represents a user; someone could be spamming them with false numbers and, without being able to weed the random ones from the real ones, they'd have no way of knowing.

Really, all this needs to be opt-in only. That's the only way to proceed that's respectful of users and not redolent of the stench of malware.

It's funny how people will throw fits over this yet be be contempt to know that other sites (i.e. Facebook ) and browsers collect tremendous amounts of information on them anyways. Hypocritical ?

I rather doubt that the particular people that threw fits about this issue are allowing sites such as Facebook to collect "tremendous amounts of information" about them.

Exactly. It's a totally baseless assumption to make that advocates for privacy are using Facebook or similar.

Giving an inch doesn't mean you want to give a mile. Or perhaps more appropriately to facebook, giving a mile doesn't mean that any passerby who wants an inch is entitled to it.

Making privacy tradeoff decisions about facebook doesn't mean someone has given up on privacy all together, just that facebook has proven itself worth the cost of the information they give to facebook.

Not to mention the fact most people don't understand just how deeply facebook is datamining them in the firstplace.

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact