That doesn't follow. The fact that many websites do this doesn't prove that it isn't malicious. It may not be (it probably isn't), but that has little to do with the complaints made about the change.
Since more people downvoted you than upvoted you, that proves that when most websites do something, it can't be malicious when an application on your computer does it. I think?
Not even your IP address is recorded. It's physically impossible for this to be malicious. There are no real privacy advocates complaining here, only people who post "it must be opt-in!" as an instant reaction to just reading the term "opt-out". Most of the complaints are probably from people who have never even used homebrew. The submission headline contains the phrase "Google Analytics", which attracts the people who always come to criticize the tool rather than actually analyzing how the tool is being used in each case.
> It's physically impossible for this to be malicious.
It's "physically impossible for Google to read the IP header addresses if the pack data contains "&aip=1"? The IP is still logged with Google, according to their own documentation[1]:
When present, the IP address of the sender will be anonymized.
So-called "anonymized" data can be re-correlated with the original values. DJB's gave a great description[2] of this problem, right after he started working for Verizon[3]:
Hashing is magic crypto pixie-dust, which takes personally identifiable
information and makes it incomprehensible to the marketing department.
When a marketing person looks at random letters and numbers they have no
idea what it means. They can't imagine that anybody could possibly
understand the information, reverse the hash, correlate the hashes, track
them, save them, record them.
>> The IP is still logged with Google, according to their own documentation
Not quite[1]. The full IP never makes it to disk. It's true that "anonymous IP" isn't as anonymous as I'd have expected. Only the last octet of an IPv4 address is removed. Considering homebrew's use specifically, not just looking at GA in general, I think this is acceptable.
The full IP makes it to Google. We don't know what Google actually does with the packets they receive; we only know what they say.
> Only the last octet of an IPv4 address is removed.
Really? Wow. They aren't even pretending to anonymize addresses with a hash. Given that there is certainly more than 8-bits of identifying data in the other data sent to GA, a unique identifier can easily be recovered. Also, the bits they mask are the least interesting part of the address. They are preserving the network part of the address, which probably gives them the AS number.
> Considering homebrew's use specifically, not just looking at GA in general
That's the point - homebrew is choosing to add data to GA, which cannot be considered in isolation. The problem with GA isn't that they collect data from any particular site. Knowing that you occasionally visit ${website} might be interesting, but it's of limited value and relevancy. A list of people that visit ${political_opponent}'s website might be very interesting, but most of the time nobody is going to care. Knowing that you installed some software isn't interesting in most cases.
All of those situations change when someone can aggregate the data. Consider all those data points combined with the other websites that send data to GA, gmail, when you loaded the Javascript, fonts, etc hosted by Google. Add in all the data that is sent to Google from Android devices, Chrome, Nest, and every other product that Google (err, "Alphabet") is involved in. In aggregate, just the timestamps and partial address information will produce surprisingly accurate profile of your life. This gets scary when you start to do an actual pattern-of-life analysis and correlate "anonymized" data back to real names.
Yes, but those are websites. Some degree of tracking is vital to the functioning of many websites. e.g. No cookies, no sessions (generally speaking). Furthermore, it is expected that a lot of websites are tracking you.
I feel pretty safe in saying that most developers do not expect a command-line tool to phone home without saying, especially if this behavior was introduced in an update for a tool which didn't do that historically (and without any notification of the change).
Considering the popularity of this tool, it's a bit shocking that the core dev team of Homebrew didn't seem to anticipate that people would be upset by this. It really knocks my trust in and willingness to depend on this project.
