Simple fixes (albeit not suggesting easy implementation)
-Josh Weiss (aka @coder4life)
You mention some examples but Wordpress and Drupal the two closest competitors enable this by default with no option to disable in Wordpress (and I think Drupal too - although not 100% on that). Therefore having this as a disableable plugin seems actually like we are still in a better place than our competitors
We got a lot of slack from the community over our handling of Bcrypt and the subsequent minimum php version being raised to 5.3.10 - to make informed decisions like this we need data. Having a small subset of data available (because this is disabled by default) does not allow us to make informed decisions when this kind of stuff occurs.
I understand fully that privacy is an issue which is why we are allowing you to disable this - unlike Wordpress and are including a post install message to inform users of this fact.
I don't expect to alleviate your concerns (I watched this debate play out in Wordpress) but hopefully this explains why we have taken the steps we have.
Kind Regards,
George
--
You received this message because you are subscribed to the Google Groups "Joomla! CMS Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to joomla-dev-cm...@googlegroups.com.
To post to this group, send email to joomla-...@googlegroups.com.
Visit this group at http://groups.google.com/group/joomla-dev-cms.
For more options, visit https://groups.google.com/d/optout.
Kind Regards,
George
Cross posting from the github PR https://github.com/joomla/joomla-cms/pull/8291
Once again, just because others do it is not a good enough reason to copy them.
Project_desire !> User_choice
As for the Microsoft reference - they collect shit loads more, but is the negativity directed against the quantity they collect or the fact that they are collecting it in the first place. Answer, because they are collecting it.
Wordpress collect data like this - which is one of the reasons I don't use it
Drupal collect data like this - which is one of the reasons I don't use it
I will be checking how Drupal8 does this, which is very modular, and see if this has changed.
Would it really be so hard to make the post install message the opt-in question?
A post install message is already generated, so why not use it to get consent?
Something like
To help the Joomla! project we would like to collect the following information about your install.
[x] CMS version: 1.5
[x] Database type: ICL ME29
[x] Database version: 0.0.1
[x] Server OS: VAX/VMS
This will help us improve Joomla! in many ways. The stats are always visible at https://developer.joomla.org/about/stats.html and you can find out more about how we use this information {here}
[ ] Don't want to see this again, support Joomla! by auto-sending this data after every update
[ ] Don't want to see this again, opt out of all data collection
[x] Ask me every time
{submit button}
Implementing it as part of the post install message will not be affected by 3rd party installers (like it would if the data collection was an option during install), and would give people the choice.
If people do not consent to sharing the data, then despite the desire of the project, the users are not comfortable with it. This is their data, their information, they own it and can choose to share or not.
Perhaps a compromise, whereby the consent form is displayed as a post install message but if it is not interacted with within (for example) 48hours of the install/update the data is sent. This can be made clear in the message.
This would then catch those who can't be bothered to read and review the messages, those who simply don't care about it (one way or the other), as well as those of us who prefer to have a choice.
--
"Repeating what's been said numerous times. An install option is not an option"
"Mandating an install option cannot be relied upon for any actions at the user level."
"Have you boycotted those the same way you are raising concerns with Joomla trying to do something similar?"
Honest question. If it weren't mentioned in this thread or elsewhere in these discussions, how many folks would be aware of Drupal or WordPress' collection of similar data in a way that isn't optional (if you're allowing your site to phone home and fetch update data, they are scraping your server metrics)?
Given what Joomla has available today and the known limitations with working with third party platforms, every effort is being made up front to say the data is being sent. Yes, it is an opt-out system as implemented.
From a data gathering and analysis standpoint, this is going to give the project the most data with regard to its userbase and the platforms they use for hosting. As an opt-in platform, if decisions are based solely on the data that is received from say 10-15 thousand sites instead of the several hundred thousand that we assume are running 3.x given download numbers, that data is basically useless (does the data of less than 10% of the population represent everyone fairly?).
Point blank, Joomla does not have a mechanism to prompt users in any manner beyond the post-install message system with a static text message or a system that could track time from initial install (feeding off the 48 hour grace period idea). The message system does not allow the injection of dynamic data (so no you can't see a message that says "we will report your site is running Joomla 3.5.0 on PHP 5.6.15 with MySQL 5.6.27"). The only action that can be taken with the post-install is to enable/disable the plugin. If this is unacceptable, the only choices are to either stop trying to gather data (which just makes Joomla continue looking stupid because it can't make data driven decisions if it doesn't have the data) or to have users live with it. There are extensions in the ecosystem today collecting this data in a non-optional manner, there are other CMS' in a similar market space doing the same. Have you boycotted those the same way you are raising concerns with Joomla trying to do something similar?
... If the code is configured in a way that does not prompt users via a post-install message (I am talking new installs and upgrades now) and just assumes that the choice will be made during the initial install, you are ignoring all existing sites which will upgrade to 3.5 or users who install Joomla by way of a third party platform.
I support this new feature.
The important points for me are (1) this data will help improve Joomla in the future, and (2) there don't seem to be many real world complaints from WordPress or Drupal integrators or end users about similar practice they take.
Best,paul
Currently, there is no way around without at least sending it once.
That's why there is a PR to change that so it only is sent from the cPanel. This way you could go directly to the plugin manager and disable the plugin without it sending any data.That's a compromise I could see us implementing.
For new installations, you can change the SQL if you are that concerned about sending that data.
"It's not hiding the message in post-install. That is legitimately the ONLY place you can consistently place such a message because of the third party systems. Or are you saying that Joomla should instruct Bitnami and others to stop producing installation packages for Joomla without providing all installation options and messages that the installation application uses, because there are a fair number of users using those platforms to install Joomla and not using your native installer. The Softaculous installer doesn't even give users the option of setting the site offline, sample data, or setting up a multi-lingual installation; all configurable items in the Joomla installer."
And were you aware that several extremely popular extensions do this as well - no of course you weren't and you didn't care but it did mean that they were able to ensure that they could take advantage of advances in php and mysql.
"And were you aware that several extremely popular extensions do this as well - no of course you weren't and you didn't care but it did mean that they were able to ensure that they could take advantage of advances in php and mysql."
I’m amazed how lightly some people here are talking about fetching users website/server data without their clear consent.
Some of the comments give me the sense of “we’re entitled to it because we know best”.
This on a day and age when action is being taken to limit the data giants like FB and Google take from users. Even if, these giants have lately become real transparent/forthcoming about their activities.
Please note that I am well aware that Joomla is doing this in a much smaller scale, but the principle is the same.
Best Regards,
Paulo Faustino
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2016.0.7227 / Virus Database: 4457/10964 - Release Date: 11/07/15
There is a whole fruit basket of differences between sending your php version and your search history or friend list.
I agree there is a concern about opting out after data has already been sent but please get things into perspective.
To unsubscribe from this group and stop receiving emails from it, send an email to joomla-dev-cms+unsubscribe@googlegroups.com.
To post to this group, send email to joomla-dev-cms@googlegroups.com.
Visit this group at http://groups.google.com/group/joomla-dev-cms.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Joomla! CMS Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to joomla-dev-cms+unsubscribe@googlegroups.com.
To post to this group, send email to joomla-dev-cms@googlegroups.com.
Visit this group at http://groups.google.com/group/joomla-dev-cms.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Joomla! CMS Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to joomla-dev-cms+unsubscribe@googlegroups.com.
To post to this group, send email to joomla-dev-cms@googlegroups.com.
Visit this group at http://groups.google.com/group/joomla-dev-cms.
For more options, visit https://groups.google.com/d/optout.
“The Joomla version is simple enough to find out as well.”
That’s not a justification nor an excuse.
What you’re really saying is, “Let’s hope the users miss this, but if they find out and complain, we can always tell them that they are able to disable the feature”
It really doesn’t shine well upon Joomla!.
A spammer could say “You can always ask me to get out of my list”
Any other software publisher could say “Hey, you can stop me from gathering data from your computer, so I’ll catch the data until you tell me not to”
You see, your “point of view” can be used by anyone. But the bottom line is your fetching data without the user consent. I’m not sure, but I believe it’s even illegal in EU.
Best Regards,
Paulo Faustino
From: joomla-...@googlegroups.com [mailto:joomla-...@googlegroups.com] On Behalf Of Bakual
Sent: Sunday, November 8, 2015 8:10 PM
To: Joomla! CMS Development <joomla-...@googlegroups.com>
Subject: Re: [jcms] Re: Joomla 3.5, one pull request that I like changed.
The OS and PHP version is sent on each request to any browser visiting your site. It's not exactly a secret ;)
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2016.0.7227 / Virus Database: 4457/10964 - Release Date: 11/07/15
--
The OS and PHP version is sent on each request to any browser visiting your site. It's not exactly a secret ;)The Joomla version is simple enough to find out as well.
The OS and PHP version is sent on each request to any browser visiting your site. It's not exactly a secret ;)"
I advise you to read the following article:
From: joomla-...@googlegroups.com [mailto:joomla-...@googlegroups.com] On Behalf Of George Wilson
Sent: Sunday, November 8, 2015 11:20 PM
To: Joomla! CMS Development <joomla-...@googlegroups.com>
Cc: nbra...@bsds.de
Subject: Re: [jcms] Re: Joomla 3.5, one pull request that I like changed.
So are you telling me that wordpress is illegal in Germany?
--
Please pardon any errors, this message was sent from my iPhone.
To unsubscribe from this group and stop receiving emails from it, send an email to joomla-dev-cms+unsubscribe@googlegroups.com.
To post to this group, send email to joomla-dev-cms@googlegroups.com.
In your shoes, and defending what you-re defending that should be done, I would make sure to get legal advice from someone familiar with the subject and what EU is currently doing, not only what it plans to enforce across the EU in 2017.
But what strikes me as odd, is that instead of taking the small measure that is changing the current “process” from opt-out to opt-in, you prefer to spend Joomla! funds (that in the past days have been heavily discussed as being an all-time low) in legal advice, let alone to let the door open to have legal issues in the future.
Last but not least, this shows a lack of respect for the users ownership over their own data.
From: joomla-...@googlegroups.com [mailto:joomla-...@googlegroups.com] On Behalf Of George Wilson
Sent: Monday, November 9, 2015 12:52 AM
To: Joomla! CMS Development <joomla-...@googlegroups.com>
Cc: nbra...@bsds.de
Subject: Re: [jcms] Re: Joomla 3.5, one pull request that I like changed.
I'd need to take legal advice before being 100% on this as obviously this law is under planning (and is still kinda under change) but at least at present anonymous (non-identifiable) data is not covered by that data protection act (http://www.computing.co.uk/ctg/news/2337679/ico-says-anonymous-data-not-covered-by-data-protection-act-until-its-de-anonymised - and as far as I can tell e.g. from here http://www.computerworlduk.com/it-management/uk-organisations-eu-general-data-protection-regulation-3624909/ this will not change in this new data protection law). From the data we are taking there is no way that we can identify your host let alone your website - so I would be strongly surprised if the contents of the article applied to us.
Kind Regards,
George
To unsubscribe from this group and stop receiving emails from it, send an email to joomla-dev-cm...@googlegroups.com.
To post to this group, send email to joomla-...@googlegroups.com.
Visit this group at http://groups.google.com/group/joomla-dev-cms.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Joomla! CMS Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to joomla-dev-cm...@googlegroups.com.
To post to this group, send email to joomla-...@googlegroups.com.
"The Act applies when personal data is processed or is to be processed by a computer, or is recorded or to be recorded in a structured manual filing system."
"Personal data means data which relates to a living individual who can be identified from that data or from that data and other information which is in the possession of, or is likely to come into the possession of, the data controller."
On Monday, 9 November 2015 12:41:57 UTC+2, Brad wrote:
> but the OS and PHP version
> are absolutely already public... and Joomla!
>
>
> Can you tell us from where you see them public and if you see the url of a server?
>
--
You received this message because you are subscribed to a topic in the Google Groups "Joomla! CMS Development" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/joomla-dev-cms/FkdJH74rCqQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to joomla-dev-cm...@googlegroups.com.
--
Unless a server has manipulated the strings that PHP is grabbing to establish the server's operating system and version number, something like that "PC ALIKON" should not be received ever.
as i saw in code ( "server_os":{"Windows":66.67,"Linux":16.67,"Darwin":16.67} ) @alikon shows php built on and in his case is Windows NT PC ALIKON 6.0 .... which in a live server PC ALIKON could be myserver.mydomain.com . Do you say that this url will not be send with this plugin?--
I have sent a PR to Robert's PR that allow to customise almost everything in the plugin and that ensures that user decides before anything is sent.
It also shows the data that will be sent so users can review what is sent.
Check it in:
https://github.com/joomla/joomla-cms/pull/8346#issuecomment-155260754
I have sent a PR to Robert's PR that allow to customise almost everything in the plugin and that ensures that user decides before anything is sent.
It also shows the data that will be sent so users can review what is sent.
Check it in:
https://github.com/joomla/joomla-cms/pull/8346#issuecomment-155260754
Well if you're manipulating data then yes whatever you're manipulating will be what's sent ;-)