incubator-cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alain RODRIGUEZ <arodr...@gmail.com>
Subject Re: opscentrer is spying
Date Thu, 20 Jun 2013 17:34:43 GMT
Good, fast and appreciated reaction from Datastax.

Also thanks to Radim for the warning.

Alain, Opscenter-free user.


2013/6/20 Nick Bailey <nick@datastax.com>

> Thanks everyone. We always appreciate constructive criticism.
>
> Regarding what OpsCenter collects, we completely agree it should be
> documented more clearly. You can expect to see an update to the
> documentation later today. I will update this thread once that goes live.
>
> Regarding notifying the user when installing, we agree this process should
> be more transparent to the user. Adding that information as well as making
> it easier to disable will be a high priority for the OpsCenter team.
> Obviously that will take more time than documentation, but hopefully that
> feature will be out soon as well.
>
> -Nick
>
> On Thu, Jun 20, 2013 at 7:57 AM, Peter Lin <woolfel@gmail.com> wrote:
>
>> I use Cassandra, but I don't use OpsCenter.
>>
>> Seems like it would be in everyone's best interest to clearly define what
>> data OpsCenter collects today, what OpsCenter won't collect and a promise
>> to users none of the data will be used without first getting a customer's
>> approval.
>>
>> I can understand the desire to collect general statistics, since it helps
>> developers get a sense of how cassandra is used in production. I'm guessing
>> these types of security issues can be easily addressed by improving EULA,
>> documentation and communication.
>>
>> my bias 2 cents as a user.
>>
>> peter
>>
>>
>>
>>
>> On Thu, Jun 20, 2013 at 8:49 AM, Radim Kolar <hsn@filez.com> wrote:
>>
>>>
>>>  OpsCenter collects anonymous usage data and reports it back to
>>>> DataStax. For example, number of nodes, keyspaces, column families, etc.
>>>> Stat reporting isn't required to run OpsCenter however. To turn this
>>>> feature off, see the docs here (stat_reporter):
>>>>
>>> You never informed user that installing your crap will get him spyed
>>> upon. Thats very different from Firefox which asks for permission before
>>> sending data back and presents both choices to user.
>>>  1. You do not have documented what information and how often you are
>>> going to spy
>>>  2. how you are processing this information, which is required by EU law.
>>>  3. In your crap EULA you demand right to present any user of your
>>> spyware to public for PR purposes.
>>>  4. You guys tried to add spyware into apache cassandra and got huge
>>> negative response on cassandra-dev. You will simply never learn lesson.
>>>
>>> I dont trust Datastax:
>>> 1 .I am responsible for data security because we have sensitive data in
>>> database. Because you are spying by default, we can not trust that due to
>>> our admin mistake your spyware will not be left enabled.
>>> 2. We can not trust you that configuring that particual option really
>>> turns spying off. There might be bug in code or option can change name
>>> 3. We do not like to be spyed by software holding sensitive data
>>> 4. Spying is not anonymous - you will get IP address of reporter - you
>>> will see what company is using your product and from keyspace/CF names you
>>> can easily guess for what it is beeing used. If you do not spy keyspace/CF
>>> names yet you can do it in future since you have no clear privacy "what we
>>> spy" policy.
>>>
>>> I improved cassandra nagios plugin to fit our needs and give red stop
>>> sign to sw made by datastax.
>>>
>>
>>
>

Mime
View raw message