Okay, so here's my plan.
I'd like to have a new version out by next week (0.92.2). Given that the change is small and doesn't go by any critical code paths, the release testing process can be relaxed slightly. We'll try to have it out by Monday.
Second, the way I'd like to do it is to put a 4-byte random identifier in the settings file, and use that to for duplicate detection. That identifier will be overwritten/changed every month, so that any thing that would care about trying to match IDs to systems will expire after a month. This allows us to aggregate up to monthly statistics. Anything longer than that we can do without.
Third, we will decouple the announcement stuff entirely from OS/version reporting. We will add an option in File->Settings to completely disable this. Then announcement fetching will send a bare string with no extra metadata. And as suggested, no extra data needs to be sent on subsequent announcement fetches.
Fourth, we will add a command-line option called "--tor" (with an equivalent option in the settings). Then we will adapt the code to use that flag to implement all the standard Tor-based settings: most likely "--skip-announce-check --skip-online-check --satoshi-port=X". You guys will be able to examine what code paths are affected by this setting and make recommendations for us to improve it. (note there is also a "--skip-version-check" flag, but that is no longer used, since we updated the announcement system in 0.91).
I want to reiterate that we do care about privacy -- I've personally been a proponent of security and privacy on these forums for years. And it would be tough to see why we would really care to match up IDs with announcement fetch pings. We're not in the data collection business, no advertising, nothing. We wouldn't know what what to do with it even if we saved it. We (I) simply made a judgment error when implementing this (compounded by the fact that it was developed as part of a feature we wanted to aggressively promote -- security announcements). Armory is a massive program, and it is respected for being thorough and careful, but we can't get 100% right. One of the nice things about open-source is that people can find issues, call them out, and get it fixed. And that's exactly what happened here. Thanks for your guys' patience and we'll get this fix out there.
Thanks! That sounds great. Thank you for your continued development.I'd like to have a new version out by next week (0.92.2). Given that the change is small and doesn't go by any critical code paths, the release testing process can be relaxed slightly. We'll try to have it out by Monday.
Second, the way I'd like to do it is to put a 4-byte random identifier in the settings file, and use that to for duplicate detection. That identifier will be overwritten/changed every month, so that any thing that would care about trying to match IDs to systems will expire after a month. This allows us to aggregate up to monthly statistics. Anything longer than that we can do without.
Third, we will decouple the announcement stuff entirely from OS/version reporting. We will add an option in File->Settings to completely disable this. Then announcement fetching will send a bare string with no extra metadata. And as suggested, no extra data needs to be sent on subsequent announcement fetches.
Fourth, we will add a command-line option called "--tor" (with an equivalent option in the settings). Then we will adapt the code to use that flag to implement all the standard Tor-based settings: most likely "--skip-announce-check --skip-online-check --satoshi-port=X". You guys will be able to examine what code paths are affected by this setting and make recommendations for us to improve it. (note there is also a "--skip-version-check" flag, but that is no longer used, since we updated the announcement system in 0.91).
I want to reiterate that we do care about privacy -- I've personally been a proponent of security and privacy on these forums for years. And it would be tough to see why we would really care to match up IDs with announcement fetch pings. We're not in the data collection business, no advertising, nothing. We wouldn't know what what to do with it even if we saved it. We (I) simply made a judgment error when implementing this (compounded by the fact that it was developed as part of a feature we wanted to aggressively promote -- security announcements). Armory is a massive program, and it is respected for being thorough and careful, but we can't get 100% right. One of the nice things about open-source is that people can find issues, call them out, and get it fixed. And that's exactly what happened here. Thanks for your guys' patience and we'll get this fix out there.