Without even wading into trying to rank projects by track record, it's worth noting that "Everything has a poor security track record" and "All software doesn't have the same security track record" are not contradictory statements.

Well, except OpenBSD. They’ve only had two vulns in forever.

Only two remote code execution vulnerabilities in the default configuration. But that's not the only type of security bug.

As `tptacek caught on to, I was joking since OpenBSD's published claim is such a convenient comparison to the idea upthread that Linux specifically had a poor track record.

They're trolling me. :)

You mean "in the default install, in a heck of a long time". :)

If your read is that this is a vanity project, I guess that's a take.

It's more of a DEI/Jobs program

Both your examples are purchases. Musk had to raise actual capital to buy Twitter because the people getting the money were taking it and walking away.

Funding doesn't work like that. Investors are giving you money as part of a longer-term deal where they stick around.

Why?

I lived in an apartment building, and one of the upsides was that the building had a security system and a front desk that helped control who could be wandering down my hall.

Me too.

But we, owners, collectively choose that. We choose the security company, we pay then, we can vote them out. Most importantly: the construction company has zero say in this.

Also, no one actually check the IDs of my friends, and they don't have to pay the construction company when they first come.

I give the codes, they ring, I open. I hire a company to monitor the building but I can kick then out any day.

I own the place, you see?

Doesn't really seem like it fits the analogy. Even ignoring that, I doubt they were checking passports and collecting tolls from guests, right?

Do we think that maybe the 3,732 people who responded to a poll on Mastodon by an account centered around one side of this disagreement might potentially not be a representative sample of all Android users?

It's a bit hard to poll 4 billion devices, but out of all 4 billion devices I think it's safe to assume that the percentage of users who do care can be rounded up to maybe 1% at most.

Developers and enthusiasts are an extreme minority that's incredibly vocal. I think most people here disagree with Google's approach but too many people are pretending like their interests and use cases are significant on a "half the planet" scale.

Would you?

This makes me think of back when people were really hyped about DAOs because technology was going to solve the problems with squishy, fallible humans.

Again, this collects usage data. If you click the button by accident and don’t interact, they get no data.

So? This feature is available to everyone and you have zero idea how many people actually use it.

If I go to one of your GPL projects and I ask a simple question to find out what this project is about, you will be perfectly "ok" that this interaction (that includes most of the code that is required to answer my dumb the question) will be used for training?

This is not ok.

Nobody in this subthread is saying if it's OK or not. We're just saying that it's very useful to know that this is what they're specifically collecting. Jiminy.