Add a feature where users can opt-in for periodic reports to be uploaded as a private gist, and a link is transmitted to you. GitHub is already a trusted party where Homebrew is concerned, so the loss of privacy is minimal. Users control their own GitHub accounts, so they control of the permanence of the data you collect on them. You can use Google Forms to transmit the links, so your infrastructure is cheap-to-free. For bonus points, encrypt the links with your public key.
"We use the information we collect from all of our services to provide, maintain, protect and improve them, to develop new ones, and to protect Google and our users. We also use this information to offer you tailored content – like giving you more relevant search results and ads."
"When you visit a website that uses our advertising products (like AdSense), social products (like the +1 button) or analytics tools (Google Analytics), your web browser automatically sends certain information to Google... When you visit websites or use apps that use Google technologies, we may use the information we receive from those websites and apps..."
Google Analytics protects the confidentiality of Google Analytics data in several ways:
Google Analytics data may not be shared without customer consent, except under certain limited circumstances, such as when required by law.
Security-dedicated engineering teams at Google guard against external threats to data. Internal access to data (e.g., by employees) is regulated and subject to the Employee Access Controls and Procedures.
For their definition of "confidential", which they can change at any time.
> certain limited circumstances
If they only intended the "required by law" example, they wouldn't use such a broad - and completely undefined - set of circumstances.
> guard against external threats
Google may have good security practices now, but an continually growing collection of highly-revealing tracking data is a very tempting target for many businesses, governments, etc. If Google (or anybody else) wants to claim that they are protecting your data, they should indemnify the subjects of their spying against any damages those caused by those "external threats".
>they should indemnify the subjects of their spying against any damages those caused by those "external threats"
I despise GA as much as the next guy, but you'd have to be pretty crazy to expect any business to provide such a guarantee. Google isn't your insurance company.
I don't really expect that anyone would make that kind of guarantee; I'm arguing in the style of a proof by contradiction. These businesses shouldn't be making this kind of claim, and they shouldn't be holding onto data beyond what is necessary. Data should be expunged as soon as possible, because then there isn't anything to protect.
Businesses are acting like there is no risk in holding personal information. When people complain, they respond with claims that the data is safe. When businesses act like they are secured and that we should trust them, we should be asking them to stand behind those claims. I agree, this is crazy, but businesses really want to make strong claims but not be bound by those claims. An honest business that actually believed in their own promises shouldn't have problem putting those promises into a formal guarantee.
Collecting telemetry is reasonably, but it seems inappropriate for Google to get a copy and to be able to identify which of their users installed a particular piece of software from the IP address.
So yes. Running their own server would be much preferable.
It's worth noting that AIP's functionality requires you to trust Google -- the data is received by them, but their design specifies that they mask it before it's processed or stored.
While I feel we should all treat Google with skepticism here, I didn't realize they (and so failed to acknowledge) that Homebrew was attempting to remedy that, so I apologize for speaking out of turn.
Why worry about something that hasn't happened? Why not worry about a careless teenager wanting to get a sick Camera angle of the inside of your fridge? It's as valid a concern.
Normally I would agree with you, I often chide people for inventing problems to solve. But it is a little different when it isn't a hypothetical as much as an inevitable future occurrence.
As for refrigerators, I am just as worried about people trying to fly drones around my house as I am about people flying drones around planes, yes. I have it on good authority that anyone with the funds can purchase access to 3D drone-generated map of my city, my house included. A gentleman here in town who replaces windows doesn't bother to measure them anymore; he just uses the drone photos.
We will always have to worry about intelligent, motivated people who wish to do us harm. Isn't that enough to worry about without being vulnerable to careless people, behaving unintelligently, who put lives at risk through their ignorance? Keep in mind, the latter group is much bigger.
I don't see this as cheating, but we're talking about the company who convinced people "Rose Gold" was cool. If they told their customers it would be super for them to bring old iDevices back to the Apple store for recycling, I'm confident they would succeed.
