FreeNAS Telemetry

Status
Not open for further replies.

/dev/null

Cadet
Joined
May 8, 2016
Messages
4
Hi,

I will do my hardest to not have this devolve into an angry rant.


I just went through the process of upgrading my ~1.5 year old FreeNAS installation. While doing so, I've noticed the setting to 'Enable automatic upload of kernel crash dumps and daily telemetry'.

Much to my surprise, it was enabled (opt-out rather than opt-in). Shame on me for not noticing it earlier, I guess. I usually keep a close eye on network traffic and settings such as this, but in this case I didn't. It's FreeNAS/FreeBSD after all :(


After firewalling my system and deleting all telemetry related files, I calmed down a bit and went through what actually gets send.


According to the manual, it's 'some system stats'. Yeah. No.


As per https://github.com/freenas/freenas/search?q=telemetry:


Code:
  fieldsToCap['System']['Product'] = 'dmi-system-product-name'
  fieldsToCap['System']['UUID:'] = 'dmi-system-uuid'
  fieldsToCap['System']['Serial'] = 'dmi-system-serial-number'
  fieldsToCap['Base']['Product'] = 'dmi-baseboard-product-name'
  fieldsToCap['Base']['Serial'] = 'dmi-baseboard-serial-number'
  fieldsToCap['Base']['Manufacturer:'] = 'dmi-baseboard-manufacturer'
  fieldsToCap['Chassis']['Serial'] = 'dmi-chassis-serial-number'
  fieldsToCap['Processor']['Serial'] = 'dmi-processor-serial-number'
  fieldsToCap['Memory']['Serial'] = 'dmi-memory-serial-number'


Code:
  files_to_log = [
  '/data/license',
  '/etc/version',
  '/etc/hostid',
  ]


Code:
  cmds_to_log = {
  'zpool_list': ['/sbin/zpool', 'list'],
  'zfs_list': ['/sbin/zfs', 'list'],
  'zfs_get_all': ['/sbin/zfs', 'get', '-t', 'filesystem', 'type,creation,used,available,referenced,compressratio,recordsize,checksum,compression,copies,dedup,refcompressratio' ],
  'arc_summary': ['/usr/local/bin/arc_summary.py', ''],
  'dmidecode': ['/usr/local/sbin/dmidecode', ''],
  'kstat_zfs': [ '/sbin/sysctl', 'kstat.zfs' ],
  'uname': ['/usr/bin/uname', '-a'],
  'ipmitoolsdr': ['/usr/local/bin/ipmitool', '-c' , 'sdr' ],
  'ipmitoolsel': ['/usr/local/bin/ipmitool', '-c' , 'sel', 'elist' ],
  }



May as well use Windows 10 instead. This is insane. How is there no warning anywhere that my hardware's serial number is being uploaded to iXsystems? Information about my pools and filesystems? And this has been going on for over 1.5 years?!


Privacy truly is dead. Not happy. This goes beyond mere 'system stats' and should be opt-in by default.


What's the reasoning for needing such in-depth information on your users? I am assuming the commercial version does not include this 'feature'?
 

jgreco

Resident Grinch
Joined
May 29, 2011
Messages
18,681
Of course the commercial version includes this feature. iXsystems probably maintains detailed information on the parts contained in all the systems that they sell, this is hardly unusual. I bet they can tell you what your hardware is even if you've never connected it to the Internet, because, well, it came from their shop so they've actually laid hands and eyes on it.

We sell servers here too, and I can tell you that we track serial numbers of lots of stuff. It's necessary for warranty validation purposes.

As for the rest, I'd suggest you relax a bit. I doubt iXsystems has any intention of becoming the next Microsoft. What's useful when developing software like this is to have detailed information about a problematic system. If you'd spent any time at all in these forums where you see some new user come in and start talking about how he had a problem with his system but he couldn't even identify what his system was, or what was connected to it, or what kind of ethernet interface he had, etc., you might realize that going back and forth with people asking for specific bits of information on their system is a rapid-burnout sort of thing. What they really want to know are what sorts of things are being used out in the field, and what sorts of problems are experienced, and then they can focus on developing a better FreeNAS. They want information on kernel crashes and other system problems, but that only makes sense if they can also get useful information about your system.

If you don't like that, you can disable it.
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,456
Although I have no idea what use iXSystems has for your serial numbers, why do you care? Under what possible circumstance is their secrecy in any way useful? On the remaining information you note, the only thing that sounds like it has the potential to compromise anything private would be the zfs list, since that includes all the dataset names. Depending on how you structure your storage, that could disclose something sensitive.

I agree that it's quite a bit of information, that it should be documented, and that it would be better as opt-in--perhaps asked during the initial install, or during the first-run wizard. You could submit a bug against the documentation on the second point, and against the system on the third.
 

/dev/null

Cadet
Joined
May 8, 2016
Messages
4
@jgreco
Tracking serial numbers shouldn't be necessary when I bought and assembled all the hardware myself, and not through iXsystems. I understand the sentiment, however.


I guess I am just tired of all the (semi-)sneaky tracking of everything that I own.

At the very least be upfront about it. Mention it in the documentation-it's detailed about every other topic. Make it opt-in, rather than opt-out.

Anyway, thanks for reading. Even though no one agrees :p
 

jgreco

Resident Grinch
Joined
May 29, 2011
Messages
18,681
@jgreco
Tracking serial numbers shouldn't be necessary when I bought and assembled all the hardware myself, and not through iXsystems.

So what you want is the ability to choose which telemetry information is gathered? This seems like it rapidly adds complexity.

I understand the sentiment, however. I guess I am just tired of all the (semi-)sneaky tracking of everything that I own.

At the very least be upfront about it. Mention it in the documentation-it's detailed about every other topic. Make it opt-in, rather than opt-out.

Anyway, thanks for reading. Even though no one agrees :p

I'm certainly fine with the concept of opt-out. I guess it doesn't really concern me since the NAS units here don't even have a path to the Internet; "default opt-out."
 

/dev/null

Cadet
Joined
May 8, 2016
Messages
4
So what you want is the ability to choose which telemetry information is gathered? This seems like it rapidly adds complexity.

I was just making a point.


(...) I guess it doesn't really concern me since the NAS units here don't even have a path to the Internet; "default opt-out."

That is how I am handling it now as well.
 

jgreco

Resident Grinch
Joined
May 29, 2011
Messages
18,681
I was just making a point.

Sure, but as a matter of practicality, it seems like there's probably two general classes of people: those who care and those who don't. For those people, it seems like a "send telemetry? yes/no" checkbox would be sufficient, and, oh, look, they did that :smile:

For the rest of the people who would prefer a more selective approach, I suppose there's always the option of editing /usr/local/bin/telemetry-gather.py and changing the fields that bother you to "Why so nosy iX".
 

/dev/null

Cadet
Joined
May 8, 2016
Messages
4
Sure, but as a matter of practicality, it seems like there's probably two general classes of people: those who care and those who don't. For those people, it seems like a "send telemetry? yes/no" checkbox would be sufficient, and, oh, look, they did that :). (...)

Indeed, but it should A) specify the level of detail that is included in the telemetry report and B) be opt-in rather than opt-out.

When it comes down to it, those are my only two issues with this entire thing.
 

gpsguy

Active Member
Joined
Jan 22, 2012
Messages
4,472
Given the cost of the FreeNAS appliance, I'm fine with opt-in being the default. If the other way, noone would enable it.

We have a lot of users show up here, who had their boot pool go bad and they've never bothered to backup the configuration file.
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,456
Indeed, but it should A) specify the level of detail that is included in the telemetry report and B) be opt-in rather than opt-out.
Fair enough on both counts. On the opt-in vs. opt-out, though, supposing this data is actually useful to iX, the more they get, the better. Presenting the question during the config wizard (perhaps as the last screen) should put it up-front enough that those who are concerned about it can easily turn it off, and those who don't mind can turn it on. In that case, I don't know that it matters much whether the box is checked by default or not. The question is asked by a lot of software, and it could give a link to the (revised, to include detail) docs explaining what's collected.
 

jgreco

Resident Grinch
Joined
May 29, 2011
Messages
18,681
Fair enough on both counts. On the opt-in vs. opt-out, though, supposing this data is actually useful to iX, the more they get, the better. Presenting the question during the config wizard (perhaps as the last screen) should put it up-front enough that those who are concerned about it can easily turn it off, and those who don't mind can turn it on. In that case, I don't know that it matters much whether the box is checked by default or not. The question is asked by a lot of software, and it could give a link to the (revised, to include detail) docs explaining what's collected.

I think it's reasonable, on a free product, for it to be checked by default. Part of the point of giving away FreeNAS for free has got to be the software testing angle. You can hardly be mad at iX for wanting some automated feedback from systems in the field; they're already paying software developers and to support things like this forum, and you're getting an awesome NAS software package for a grand total of $0. So while I'd prefer to see "opt-out," I see the opt-in here to be a very mild price for the NAS software. I've got to open my eyes, look around, and remember to click off a checkbox. In exchange I get free software AND privacy. Seems equitable.

By way of comparison, you might pay $100-$200 for Win10 and not be able to shut off the telemetry on a product that you actually paid for (at least by a vendor-supplied mechanism). Plus Windows will merrily do things like be chatty with Microsoft's servers about what you're doing with your PC. The latest fat sack of bullshit is that they're requiring the Windows Store even when an administrator wants it gone. Unfortunately the tards don't understand that as an administrator, my stuff sits between their Windows desktop and their Microsoft internet servers so I can block their crap, and if they try to tell me I can't, I'm actually much more motivated to prove otherwise.

I keep wondering if maybe I'm somehow unusual, because when I do a fresh install of Win 10, there's all this ... crap ... that has to be cleaned up. I have no idea what the Windows Store is good for. They seem to think I'm going to buy software from them, but then they'd have to actually have useful stuff I'd want to pay money for there. I'm mostly fine with the free stuff, like LibreOffice or Firefox, though I do pay for VMware Workstation even if I don't use it that often.
 

cyberjock

Inactive Account
Joined
Mar 25, 2012
Messages
19,526
Okay, so I'll take a minute to say a few small things:

First a disclaimer: I am an iXsystems employee, but as always, what I'm about to say is my own opinions/etc and is NOT any official statement from iXsystems nor should you make any assumptions that what I'm saying isn't without potential errors, etc.

1. Yes, I'll agree that opt-in is less of a "privacy issue" than opt-out. The reason why it is opt-out is two fold:

-> The code is there if you want to see what precisely iXsystems is receiving (or not receiving if you opt out). Its in the very common python language.
-> The box is freely available and disabling it will disable the uploading of the data.

There isn't any intent to deceive, hide what we send, or anything of the sort. The reality is that statistically, if we have it as an opt-in we'll only get a very small percentage of people that will opt to provide the data. Not because they're concerned about privacy, but most people will use the defaults unless there's some obvious "big-red-flag-thingy" that makes them think changing the setting is something they need to do. Quite a few people around here work in IT and have a need to customize and personalize their system. Most everyone, by percentage, want to be able to install the OS, set it up, and leave it the heck alone. They're not going to go looking for features that help the project. They may not even be an IT person by trade.

On a personal note, I agree with you that opting-in should have been the better option. I'm more interested in privacy than most (and I do understand that I am not alone with this opinion about privacy), but I understand why iXsystems did what they did. It makes sense for what their goals are with the data, and how much data they need to be able to answer important questions. The reality is that we don't try to obfuscate what iX is being sent, but the data is pretty important to iX and has helped us in the past. Which takes me to #2.

2. The data is important.

Personally, I've already seen the data be used to help guide the direction that FreeNAS goes. We can easily see a percentage of users using things like NFS, iSCSI, and CIFS. So at a glance we can tell how much development resources we should spend on features. Things like AD and LDAP are "less commonly used" (some might even say "rarely" strictly by % of users) but at the same time using AD or LDAP are also features that are used by larger companies and corporations, so the small percentage of users is a small but potentially very well funded group of users that may be interested in spending money on TrueNAS. TrueNAS funds FreeNAS, so having TrueNAS sell product is obviously important.

One good example is the ctl kernel panic we had in Q4 2016. There was a bug in ctl that was causing kernel panics for a small subset of iscsi users. When the issue first came to light it was important for the purpose of the project that we be able to see "is this a widespread issue or a small subset of users experiencing this crash" as well as gather some information such as what hardware may be shared with the issue, what settings may be used, etc. Later the issue was identified by a developer just by reading through the code and trying to figure out "what could possibly go wrong?" type of scenario.

One cool tidbit is that statistically speaking >99.9% of crashdumps that are uploaded are the direct result of failing hardware (and especially RAM). This is good news for FreeNAS and FreeBSD because it does show that the OS is pretty stable and is doing what its supposed to be doing. This has been discussed in the past, but not everyone is reading prior posts from a year or more ago. ;)

The data also is useless for identification for a great many user (I'm speaking about FreeNAS users specifically that built their own systems and didn't buy iXsystems hardware), which takes me to #3...

3. The data is often useless.

If you look at the data gathered, many of the fields such as hardware serial numbers are either empty, or filled in with stuff like "0123456789" unless a company like iXsystems specifically burns a serial number onto the motherboard's firmware. My serial numbers are 0123456789 for all of my own custom-built servers. Not overly important for iXsystems to have such info. But if you are a TrueNAS or FreeNAS Certified system, it is nice to have serial numbers of our own hardware because an issue may be hardware specific, so it really does add some value.

4. Tracking a particular end-user is a bit more difficult than it sounds.

Last I heard, even if you gave me your IP address or some other identifying information about your system (even if you gave me every piece of information I requested to try to find your exact server), trying to find your specific system's information is really difficult. Only 3 or 4 people even have access to the raw data (I don't have access to the raw data). We end up with statistics like "% of CIFS users" and "% of users on latest build" and "number of unique hosts" but that's about it. Sifting through the data (current as well as historical) is rather time consuming.

It's not easy to get at a specific system and see what is going on. But the data is there. If you were an iXsystems customer and called with an issue, we might be able to get the info with enough search queries and whatnot. But you know what is usually easier? Just asking for a debug file from the WebGUI. That's got a lot more information on your system than the telemetry data.

So at the end of the day, is there at least a smidgen of potential concern? Of course. Data that you may not want shared may be shared if you don't uncheck the box. There's a clear non-zero probability of your personal info being caught in the telemetry data (like a CIFS share named after your full SSN).

Is it as bad as it could be? I don't feel it is. iXsystems could be much more draconian if they wanted. We could make it non-negotiable and the system would send it no matter what.

Is there cause for panic over an OS that is pretty open about how to disable telemetry if you so choose? I don't think so. If you uncheck the box, then telemetry data and crash data isn't sent.

That being said... do I have my check boxes enabled or not?

For my personal system, I leave the box unchecked. I often do things that could skew the data on the system, so I choose to keep my system out of the herd because of what I do. For the "production" systems I have, I leave the box checked and let it do its thing.

And yeah.. I disabled the Windows Telemetry with Aegis on my Windows machines. Not because I'm worried about the data sent. But because I detest the way in which Microsoft is handling their own Telemetry data. They gather it in the cloak of darkness, and send it over a secure link that is encrypted with no transparency to speak of.
 

cyberjock

Inactive Account
Joined
Mar 25, 2012
Messages
19,526
@cyberjock has seen the future! Fixing bugs before they happen. That's awesome! :)

I got mad skillz bro! Coder of the future! Also, windows 12 SP1 sucks! It keeps crashing on my desktop because I don't have enough RAM to run it. Minimum is 128GB and I only have 96GB of RAM. Since the economy crashed in 2018 when President Hillary Clinton made some bad choices and now the world is dark and cold. I can't afford all the sexy hardware I used to. :(
 
Status
Not open for further replies.
Top