Jump to content

CyanogenMod Android Privacy Vs. Developer Wars


Tweety.Abd

Recommended Posts

The chief developer of the popular alternative Android firmware CyanogenMod thought that requiring devices to report unique smartphone and tablet data would be an unqualified blessing. They reckoned without their users.

It seemed like such a good idea. The developers of CyanogenMod, the popular alternative Android firmware, decided to require their users' devices to report device-specific data so they could create better versions of CM. Who could argue with that? CM's users could.

It all sounded easy enough. In the CyanogenMod github depository, Steve Kondik, who recently returned to CyanogenMod from Android, wrote: "Not having an accurate count of how many people are using CM is painful. I am making an executive decision to remove the opt-out and always turn stats on. The data is anonymized and there is nothing evil that can be done with it. The only purpose here is to tell us if we are a successful project or not."
Koushik Dutta, a CM developer, added more detail about this on Google+. Dutta wrote, "As we start growing as an organization, this sort of data becomes invaluable for CyanogenMod. Understanding our user base, their devices, CM version, and other data helps us build a better product." Specifically, CM would be collecting:
- Anonymized/Hashed IMEI or Wi-Fi MAC address
- Device name
- CM Version
- Country
- Carrier
Dutta added, "This type of anonymous data is already collected by most Google Play apps and even Google themselves."
Sound harmless enough? Not according to CM's users. They threw a fit.
Kondik fired back:
It's a unilateral change because I run the project and need these stats in order to plan. Without stats, I am just making up random shit with no facts to back it up. You can debate this all you want with me, but I have put the last three years of my life into this project and have only its best interests in mind. While CM is a community project, it is not a democracy.
The thing is that we have NO IDEA how many people are actually turning the stats off, and that is what is bothering me. The number could be in the millions, or it could be insignificant. If it's in the millions, that is a HUGE deal for us.
His comments did not go over well. Things rapidly descended to the Godwin Law (http://catb.org/esr/jargon/html/G/Godwins-Law.html) level "Just because some people make a bad decision doesn't mean its OK to do it ... last time I checked, Hitler also thought what he was doing was for the good of the world."
In the face of so much screaming about the issue, Kondik gave up on the change. He wrote on Google+:
I restored the opt-out feature to stats gathering in CM this morning.
It's incredibly frustrating that a handful of incredibly vocal users are ready to "fork" over the issue. News flash: there are already a hundred forks of CM. We like it, and we enable it! And there's no sinister plot to crack the hashed data and sell your deepest darkest secrets to Verizon and the NSA.
In the end though, we should respect everyone's wishes here. The change was well-intentioned — we just want to have better answers to certain questions. There are many applications out there that are doing incredibly dubious things like uploading all of your contacts without your consent, so certain suspicions are understandable. I do not want CM to ever be perceived as a group that doesn't respect the privacy of its users.
Personally, I regard it as rather sad that simply collecting such basic anonymous data about a smartphone or tablet could cause such an overreaction. Simply using the Internet, without extra effort to erase your digital footsteps, reveals far more about you than the information CM was going to collect.
Link to comment
Share on other sites


  • Replies 5
  • Views 1.3k
  • Created
  • Last Reply
  • Administrator

Everything wells then. :)

I have no problem giving the rest, but giving "Anonymized/Hashed IMEI or Wi-Fi MAC address" is something I am against.

Link to comment
Share on other sites


Everything wells then. :)

I have no problem giving the rest, but giving "Anonymized/Hashed IMEI or Wi-Fi MAC address" is something I am against.

Already also changed to "Android ID" which is regenerated every wipe of the device.

So more or less not so unique anymore (for CM users^^)

http://review.cyanogenmod.org/#/c/35054/

Link to comment
Share on other sites


RadioActive

Personally, I'm not using CM itself but another AOSP-based ROM (Purity). That being said, while I think forcing it on is a bit extreme I also think the people's reaction is out of proportion.

Link to comment
Share on other sites


The ironic part is those same users probably have Facebook and Instagram accounts. People, who don't trust CyanogenMod, shouldn't install it. Period.

Steve "Cyanogen" Kondik's rationale:

It's a unilateral change because I run the project and need these stats in order to plan. Without stats, I am just making up random shit with no facts to back it up. You can debate this all you want with me, but I have put the last three years of my life into this project and have only it's best interests in mind. While CM is a community project, it is not a democracy.

The thing is that we have NO IDEA how many people are actually turning the stats off, and that is what is bothering me. The number could be in the millions, or it could be insignificant. If it's in the millions, that is a HUGE deal for us.
The code is open source- you can turn this off by commenting out a couple of lines. There is no magic or surprises here. No black helicopters or silent assassins lurking in the trees outside your house. We just want to know our install count, and what countries we have the most presence in. If this were a website, we would look at your IP address and user agent in the server logs- unfortunately this won't work for mobile devices.

Link to comment
Share on other sites


They have no idea this can be used dangerously for evil purposes. In our country this is already a very scary issue.

Some of our friend's internet dongle MAC address was erased and changed to an all zero values.

And, just this week more than 10 of my forum friend's in that local site lost their MAC address.

Someone is snatching our internet dongle WIFI MAC addresses here.

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...