incubator-cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Lin <wool...@gmail.com>
Subject Re: opscentrer is spying
Date Thu, 20 Jun 2013 12:57:59 GMT
I use Cassandra, but I don't use OpsCenter.

Seems like it would be in everyone's best interest to clearly define what
data OpsCenter collects today, what OpsCenter won't collect and a promise
to users none of the data will be used without first getting a customer's
approval.

I can understand the desire to collect general statistics, since it helps
developers get a sense of how cassandra is used in production. I'm guessing
these types of security issues can be easily addressed by improving EULA,
documentation and communication.

my bias 2 cents as a user.

peter




On Thu, Jun 20, 2013 at 8:49 AM, Radim Kolar <hsn@filez.com> wrote:

>
>  OpsCenter collects anonymous usage data and reports it back to DataStax.
>> For example, number of nodes, keyspaces, column families, etc. Stat
>> reporting isn't required to run OpsCenter however. To turn this feature
>> off, see the docs here (stat_reporter):
>>
> You never informed user that installing your crap will get him spyed upon.
> Thats very different from Firefox which asks for permission before sending
> data back and presents both choices to user.
>  1. You do not have documented what information and how often you are
> going to spy
>  2. how you are processing this information, which is required by EU law.
>  3. In your crap EULA you demand right to present any user of your spyware
> to public for PR purposes.
>  4. You guys tried to add spyware into apache cassandra and got huge
> negative response on cassandra-dev. You will simply never learn lesson.
>
> I dont trust Datastax:
> 1 .I am responsible for data security because we have sensitive data in
> database. Because you are spying by default, we can not trust that due to
> our admin mistake your spyware will not be left enabled.
> 2. We can not trust you that configuring that particual option really
> turns spying off. There might be bug in code or option can change name
> 3. We do not like to be spyed by software holding sensitive data
> 4. Spying is not anonymous - you will get IP address of reporter - you
> will see what company is using your product and from keyspace/CF names you
> can easily guess for what it is beeing used. If you do not spy keyspace/CF
> names yet you can do it in future since you have no clear privacy "what we
> spy" policy.
>
> I improved cassandra nagios plugin to fit our needs and give red stop sign
> to sw made by datastax.
>

Mime
View raw message