this post was submitted on 11 Jan 2024
32 points (90.0% liked)
Privacy
31954 readers
518 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
As long as it's opt-in (which it is), I'm not sure I understand the concern. You'd have to enable it.
Go has been routing module requests through GOPROXY since modules were introduced; it's where all of the mod version is cached, so any time anyone builds a Go package from source, calls are made to the mother ship. Unless the builder is running their own proxy, which is mostly corps, who care less about this sort of telemetry. There are good, valid reasons for the main Go proxy, but it's certainly also a valid concern that the Go core dev team is utterly deaf to.
In any case, the only thing that's new is the telemetry which, as I mentioned, is opt-in. I don't see any reason for new concern.
So, that means telemetry is optional? How I ensure is currently active or not? Just wanna an explanation. I (as I said) searched about this thing and got almost nothing :(
I don't understand it at all. Why I'll need something like that?
Thank you for your response!
IIUC it is mostly to avoid placing huge load on the original package host when people download the same package hundreds of times a day in their CI workflow. It also means that Google can take control over the user experience rather than huge issues coming up every time some smaller host goes down or someone deletes an existing package version.
Overall I doubt that this proxy was added as a source of tracking. And the privacy policy on the service is pretty strict: https://proxy.golang.org/privacy. So even though I am pretty wary of Google overall I think this is actually a fairly reasonable decision by them to have enabled by default.
That's a pretty good explanation about. Care if you reply the source of your information? I'd wanna keep it as reference <3
Thank you!
I don't really have a source. It is just me thinking logically about the system and many offhand comments I have read over time. Other than the privacy policy which I have linked.
I don't know what you mean by "the source of this concept".
~~Sorry my english spell is a shees.~~
I corrected my post