Solus using Snaps Which is Developed with Support from Canaonical

sneakycrab

I am really curious about this. Not that if snaps are supported or not, but rather Snaps were designed by an independent group that is under Cananocial. And Cananocial has a history for collecting user data along with geolocaiton, and many other things. Today i was looking through the Snapcraft website and i did find out that the website, and i think the way we also download snaps, it tracks our location, our time zone, and date, along with what we do on their store. Now they do mention that they apparently "only collect the data that they require", but the problem ends up is that Cananocial sold search results from the unity desktop environment to amazon, and now they have officially decided to collect everything you do on Ubuntu. And don't bother by saying that you "could disable the data collection". These actions of Canaonical are very similar to Microsoft's steps towards data collection, first you start with a little then you move on to collecting more data.

So what i want to know are the following:
1) Does the Developer community of Solus have any way to metagate potentially Cananocial collecting user data while downloading the snaps from Snapcraft through the terminal?
2) Will Solus community try to find an alternative to Snaps where user data is not taken lightly?
3) Are the Solus developers aware that Cananocial's history
4) Is Solus as an organization willing to take a stance on how to minimize data collection or promote as miniminal of user collection as possible?
5) Will Solus follow the same path that Deepin, Ubuntu, and many others are following, Open Source with data collection as a feature?
6) Will solus implement a similar solution to updating the repository developers of who is using their repos or software by having the software center every week update the main servers, that an unknown user, has installed the software, and that the software is either a new install (less than a week) or a new install (longer than a week) as a way to metagate user data collection?

yursan9

sneakycrab I don't get your rant. Do you use Steam? Steam collects user data of their users and Solus as OS supports Steam as platform for Games Distribution. Solus as OS only give you some freedom to choose where to get your software. If you don't want to use that platform, then don't.

Solus already minimize data collecting. Solus never collect data for OS and packages installation. If packages have telemetry, Solus always tried to disable the telemetry.

Harvey

To be perfectly clear I'm not a member of the Solus team so take what I say with a grain of salt.

sneakycrab

1) Does the Developer community of Solus have any way to metagate potentially Cananocial collecting user data while downloading the snaps from Snapcraft through the terminal?

Snap is for third party, how would one mitigate what isn't in the repository?

2) Will Solus community try to find an alternative to Snaps where user data is not taken lightly?

In addition to snaps there is flatpak and appimage. Once again these methods exist for things Solus does not support.

3) Are the Solus developers aware that Cananocial's history

I'm sure that the developers are very aware of one of the largest companies in this space.

4) Is Solus as an organization willing to take a stance on how to minimize data collection or promote as miniminal of user collection as possible?

Well considering they refused a simple addition of something similar to what debian has that is opt-in and tracks package popularity, and has publicly stated many times they do not track... What more of a statement do you want? A audit of every line of code in every application before it is included in the repository or updated? If you think ANYONE is doing this for ANY distro, you're insane.

5) Will Solus follow the same path that Deepin, Ubuntu, and many others are following, Open Source with data collection as a feature?

Read answer to 4.

6) Will solus implement a similar solution to updating the repository developers of who is using their repos or software by having the software center every week update the main servers, that an unknown user, has installed the software, and that the software is either a new install (less than a week) or a new install (longer than a week) as a way to metagate user data collection?

I don't even understand what you're saying here.

Other than that, if you've got such a hard on for RedHat and think they're doing things the right way. Why are you even wondering what Solus does? Use their stuff, I did for years, use what you're happy with.

arkhenius

Solus already does not collect any metadata or telemetry from their users, even for their own repos. Also, there is Flatpak support (which is, as a system, designed by Ret Hat folks) in Solus, as well as snaps.

Also, I am unsure if snapcraft can collect metadata if you search and install using the cli, instead of their website.

brent

Regarding 1-6 I still would not consider them liable for the tracking at the website outside of their purview. I guess it depends on how you view the word 'curator.' Buyer Beware has always been their consistent motto outside of repo.

And this is a very naive question: if you scrapped terminal and installed at snap website with the right extensions (user agent, etc) would this install tracking be moot?--a variation of what arkhenius proposed above?

2 cents as a user.

sneakycrab

arkhenius I appreciate you trying to answer my question. 😄

sneakycrab

brent I am sorry could you clarify the last 2 questions? I didn't get what you were asking 😅

sneakycrab

yursan9 I don't use Steam. I have been researching for quite some time now trying to find a way to find an operating system that will not collect my data, and that also includes that apps I use. I am already facing a major issue as I cannot find an alternative to replace my smartphone OS due to many options relying on android, which is run by google, and google with its history with chrome, chrome OS, and their other services and products, as well as Facebook, amazon, Microsoft, which all in common like to collect as much information as possible. I even started using protonmail and many other email services as a switch attempt from google. All i wanted to know is that will Solus as an "organizaiton" willing to fight for data privacy as Red Hat Interperise is trying to do and continue to do so in the future? And what will they do when they have to rely on something (either drivers, software, package manager, etc.) that collects user data?

But it seems to me that the Solus community is more worried about Open Source and usability, and may be forgetting about how far companies are pushing to collect as much information as possible from their users through the execuse of ease of use.

I really wanted to invest into this OS, but if the Solus developers are going to be short minded, and just be like "we don't collect any data" and not make sure that the apps that can be installed from other sources could be tracked in any way, then that is the similar to Facebook saying "you can disable location tracking", or Amazon saying "the amazon alexa does not collect your audio recordings".

This rant is not to be some way to put down Solus. Its just that developers are now pushing Open Source without considering how Open Source software could be developed and designed to be spyware, and since the code can get very large over a large period of time, be difficult to track every little change, and have tracking integrated, and not bother checking it nor the company, community, or organization.

I just want a community that I can actually trust, that when they say you are not tracked, nor our services track nor the apps which we offer track you. I guess that might be too much to ask.

sneakycrab

Harvey For #6 i forgot to say that Fedora is going to implement a solution where rather than using IP address to determine if you have download a repo for a period of time, is have a software locally that will update the main servers that you have a file installed for a certain period of time. That way we don't know where the person is located, but we have an acurrate number of how many people are using each repo, or software, etc. What i am essentially asking is if Solus community will implement new methods like this to metagate potential data collection.

The reason why i want to know what Solus does, is that because if it is in a similar direction as Red Hat Enterprise, then I will support, spread the word about Solus, promote it, work alongside with them, and be defending them if anyone accuses them of mishave.

That is why i wanted to check about those kinds of questions, yes they seem very obvious to answer, my goal was to see what the direction that Solus is going to take in the linux community where they are essentially competing with many linux distros.

kyrios

Solus also uses AppArmor (for example) that is developed by Cannonical and straingely, you don't complain about that while snaps - which is something that you don't have to install if you don't like it - seems to be a problem for you.
If you look at the 3rd party repository, you'll find things like Google Chrome, Skype, etc... These apps are there because there is a demand for them, just like snaps packages, people can decide to install them or not, this is also freedom, isn't it?

Personally I would be much more concerned by the snap packages themselves (i.e: some may eventually contain malwares) than from the snap store.

So you think they track everything you do... Have you checked your network traffic and found any evidence of that? Because here is what they say about it:

There is no “telemetry”. All the store gets from you is your ip address, a system-key, snapd’s user-agent, and for the refresh endpoint, the snaps you have installed. If you’ve logged in to snapd and the store (via snap login) it’ll also get a macaroon (like a session cookie).

If you set SNAPD_DEBUG=1 and SNAPD_DEBUG_HTTP=7 in snapd's environment you can see the body of requests sent to and received from the store, and inspect them.

There are alternatives to snaps: main repository, flatpaks, appimages, building software from source...

Regarding Solus itself, it doesn't collect any data and has no intention doing it. And nope, Solus developers never heard about Canonical, it's not like some of their developers do contribute to the linux kernel, gnome or closer to Solus on projects like Budgie or the Brisk menu only to mention a few example. 😉

sneakycrab

kyrios I did not know that AppImage was developed by Canonical. I was researching it today but i did not run into it. I really appreciate the update thanks a bunch 😂

Now I will add AppImage to my collection of things to avoid.

My other issue is the system key, snapd's user-agent, ip address, is that there is no one that is coming in to validate that they are actually performing this. The reason why i am suggesting this is because Canonical has a history with data collection.

What I meant about have they heard of what Canonical is doing, i meant it like in a way like how Linux Mint made a post saying even though we use Ubuntu, we do not agree with this and will remove the features. I meant it in that way.

But man, I really appreciate you pointing out the fact about AppImage. Is there an easy way for me to find out which organizaiton does what? So that way I don't attack snaps only, like i did today? and attack rather every fault?

Thanks. 🙂

sneakycrab

kyrios Could you also link an article or something that AppImage wasy developed by Canonical. I am having troubling find this out myself.

Harvey

sneakycrab My other issue is the system key, snapd's user-agent, ip address, is that there is no one that is coming in to validate that they are actually performing this. The reason why i am suggesting this is because Canonical has a history with data collection.

The burden of proof lays with the accuser.

We get it, you don't like Canonical. You don't trust snaps. I don't trust snaps either, but its more that I want to make sure that the upstream developer is actually behind the snap, not some random person on the internet.

Perhaps I'm mistaken but for all the shitty things Canonical have done, I don't recall them lying about it.

CorvusRuber

sneakycrab

sneakycrab did not know that AppImage was developed by Canonical. I was researching it today but i did not run into it. I really appreciate the update thanks a bunch

AppArmor is from Canonical, not Appimage.
And lose the paranoid attitude, there's only one "solution" to this "problem" if it's so troubling for you.

Justin

There is no data collection.

Justin

We cannot control what Canonical track via Snaps.

Justin

CorvusRuber Not even that will help some. Disconnection is the only solution.