Brew: Google Analytics Exposes Personally Identifiable Information

HIPPA in the US

I don't live in the US.

A user's IP address is exposed when GA is contacted

We tell Google to anonymise the IP addresses so they are not stored. Your IP address is exposed any time Homebrew makes any network call and Homebrew is not very useful without any network calls.

Homebrew should not a) be leaking user's information without their knowledge, notification, or consent

You are notified on installation or first update after analytics is enabled. No information is sent before notification.

not post misleading and false statements in the comment blocks justifying such actions

If you want to submit a pull request to make that comment more accurate we can talk about it being accepted.

There are many other ways to get download metrics, etc. without abusing user's trust. GA should be removed.

This will never happen. Analytics provides useful information that we require to be able to effectively run this project (that you receive free of charge from the work of volunteers). You have an opt-out you can use if you wish. Alternatively, you can stop using Homebrew.

Finally, I find your tone here rude, patronising and entitled. Due to the barrage of personal abuse I've received on about Homebrew's analytics I'm very likely to lock this thread and block people from Homebrew if they are unable to be civil here and assume malice.

US are the least privacy protective of major industrialized countries, if it is defined in US law this way there is a virtual guarantee it is much more closely regulated under Canadian and EU regimes.

The value of an IP address for tracking purposed is when it can be correlated with other activity. If a brew package host has my IP they have nothing to tie it with an it is indeed a non-issue. Google, however, has a massive database to correlate with, thus the information is much different.

The notification is not clear enough as I only caught it through Little Snitch, if you want to keep it in and want to follow a consent model it should stop and give the user a [y/n] prompt as when software is installed. If it scrolls by in a mass of text it is not helpful.

There are many alternatives to GA, I am not against analytics data. Piwik is among the best open-source projects around.

If my tone it rude I apologize, I am merely being direct. Privacy is a serious concern, and it has little to do with "entitlement" - many people in many places around the world have serious safety and security issues and exposure to Google's servers is a much more significant risk than pinging most servers that don't have focused attention from spy agencies.

I'll try to set up a pull request, I have some stuff going on at the moment but it would be best to have a [y/n] opt-in.

Google, however, has a massive database to correlate with, thus the information is much different.

Which is why, as I said before, we tell Google to anonymise the IP address: https://github.com/Homebrew/brew/blob/3cef6a3a78fb9d300b6d7db4cf9a389c1af4ce8b/Library/Homebrew/utils/analytics.sh#L100

it should stop and give the user a [y/n] prompt

Homebrew never prompts for anything and the installer only prompts for initial confirmation. This is not something we are willing to change.

Piwik is among the best open-source projects around.

If you (or anyone) are willing to provide and support free hosting of Piwik and it scales sufficiently then we're willing to use that instead. Last time we asked no-one was. I've enquired about hosting Piwik and no-one replied to my enquiries.

Privacy is a serious concern

We take it seriously too which is why we are careful with the information we send.

Closing this out as there's nothing actionable for us at this time.

Also: thanks for the apology :heart: and please note a closed issue does not indicate and end of the conversation but just that there's no TODO for us here for now. Cheers!

Cool, following up off-thread re: finding a sponsor for Piwik box.

..

Maybe this Piwik cloud hosting option is available for free to zero-profit open-source projects?

@rw I contacted them already. If anyone can actually make me an offer, that's fine, but I've spent too much time chasing up suggestions that have gone nowhere.

As a follow up: I used to be able to do brew update && brew install foo without worrying, but now I have to scan the output of update every time I run it in case there are other opt-out changes.

Is there a way to opt-out of all future opt-out changes, so to speak? Or to have update exit with nonzero status when a policy change happens?

Is there a way to opt-out of all future opt-out changes, so to speak? Or to have update exit with nonzero status when a policy change happens?

@rw No. Relatedly, the Piwik offer didn't work out as it would have stored more personal information rather than less. As noted in the 1.1.2 release notes the analytics messaging has been made more prominent and now "beeps". If you've read the documentation and still don't trust us, please use another package manager.

@MikeMcQuaid This seems somewhat adversarial: "If you've read the documentation and still don't trust us, please use another package manager." I don't think anyone dislikes Homebrew over this, it's just that a new social contract has been foisted upon us. FWIW, if you were sending this data to a self-made collection system, instead of Google, I doubt there would have been much complaining.

I can vouch that @MikeMcQuaid has made a good-faith effort to fix this after getting an offer for hosting, but the problem is rather complicated. I still think a solution is possible, but @MikeMcQuaid has made an effort.

@rw I work (mostly) in my spare time to work on a project people use (mostly) for their jobs. I don't expect unconditional trust but I'm frankly done with having to justify why we use analytics and why they are useful. You receive Homebrew free of charge and, as noted by the BSD 2-clause license Homebrew is under, "this software is provided by the author as-is". If you are uncomfortable with the leadership of this project it's perfectly reasonable for me to ask you to consider using other software that may be a better fit for your needs.