Kasra here from CapRover.
Regarding "netdata image":
- sneak and I have fundamental differences in what we call spyware. The issue that was brought up in that thread is standard analytics events - nothing like stealing passwords or etc.
- Regardless, CapRover uses NetData 1.8 [1] . According to NetData's github page, they added analytics in NetData 1.12 [2] , so even if you're concern with analytics events, this issue won't apply to you anymore.
Regarding two factor auth:
CapRover blocks brute-force attacks by limiting number of wrong passwords per minute.
Software that transmits information about its user (including their PII[1]) by misusing that user's computer hardware and resources without that user's consent and against their wishes is malware: specifically it is spyware. Netdata goes a step further and does it silently, without even notifying the user that it is spying.
People don't like their common, popular software being called that because it's truly not a good thing, not because their software isn't spyware (as you can see at the above link).
It's become somewhat popular amongst unethical developers to pretend that this sort of collection without consent is somehow okay or necessary to their ends as long as the users don't see it happening; this belief is not shared or widely held by users. Indeed, when exposed to users, it generates huge distrust of the manufacturer, and sometimes makers of software will backpedal, such as GitHub's Atom now offering[2] a consent dialog on startup[3] for user spying.
[1]: An IP address + timestamp, in practice, usually uniquely identifies a person, and is thus personally identifying information in reality, regardless of whether or not the GDPR classes it as PII for purposes of regulation or not.
It isn't a fact, because you keep saying that. It's reasonable to ask what constitutes spyware, and categorize analytics either in or out of that category.
In any reasonable definition of spyware (it spies on you to the creator's benefit and not yours) then analytics goes in that category.
Try to give comments the most generous interpretation. That's what silly HackerNews community members agree to in the rules.
It silently and without even first-run notification transmits your usage data without consent, pretty much the textbook definition of spyware. Netlify considers your agreement to their TOS (at account creation time) to be your opt-in to them silently spying from within your tools.
Until I complained, it even transmitted a telemetry event on the user’s explicit opt-out of telemetry.
> ZITADEL components send errors and usage data to CAOS Ltd., so that we are able to identify code improvement potential. If you don't want to send this data or don't have an internet connection, pass the global flag --disable-analytics when using zitadelctl. For disabling ingestion for already-running components, execute the takeoff command again with the --disable-analytics flag.
So, on by default spyware. How could anyone trust this in their infra when they are so shameless about exfiltrating data without consent?
- sneak and I have fundamental differences in what we call spyware. The issue that was brought up in that thread is standard analytics events - nothing like stealing passwords or etc.
- Regardless, CapRover uses NetData 1.8 [1] . According to NetData's github page, they added analytics in NetData 1.12 [2] , so even if you're concern with analytics events, this issue won't apply to you anymore.
Regarding two factor auth: CapRover blocks brute-force attacks by limiting number of wrong passwords per minute.
[1] https://github.com/caprover/caprover/blob/48440db14aa115aca1...
[2] https://github.com/netdata/netdata#quickstart
reply