LWN: Comments on "Lessons from the death and rebirth of Thunderbird"

UI and elderly users

Wol — Mon, 12 Aug 2024 21:56:58 +0000

THANK YOU VERY MUCH!!!

That looks exactly like what I was looking for. So if it's still available as a widget, why on earth did they delete it from Maps itself? Oh well ...

And you can't find it (well I couldn't) by googling for it :-(

Cheers,
Wol

UI and elderly users

dswegen — Fri, 09 Aug 2024 22:00:13 +0000

I think this will do what you're looking for: You need to add a google maps widget to your home screen that will launch it into drive mode (which is a weirdly obscure way of doing it). So, long press on an empty space on your home screen and bring up the list of available widgets. Scroll down to "Maps" and select "Driving Mode" which should add an icon to the home screen. If you now launch gmaps using this icon it should enter driving mode. Just swipe down the field at the bottom of the screen and it should be full screen.

Rebirth of the email client

pizza — Fri, 09 Aug 2024 14:12:11 +0000

> Isn't then the fix to simply create a throwaway gmail account and then auto-forward all mails to someplace where you have reasonable access?
>… or can they disable that too?

They not only can, but do, and IMO should.

Putting aside the obvious security concerns, it's also a spam vector.

Rebirth of the email client

smurf — Fri, 09 Aug 2024 13:58:21 +0000

Isn't then the fix to simply create a throwaway gmail account and then auto-forward all mails to someplace where you have reasonable access?

… or can they disable that too?

UI and elderly users

Wol — Sat, 03 Aug 2024 09:09:17 +0000

> All this seems stupid and obvious, and yet I've seen teams of experienced engineers and PMs fall into this trap and even discard any concern. The metrics had become the objective for them.

Which is why, despite officially working at head office, I spend a lot of time "driving a desk" down the yard. I chat to the people at the sharp end.

I think Barclays have just fallen in to this trap, their "new improved" web site is a PITA of more clicks, less information, harder to read, ... etc etc.

And there's no way to give any feedback! I'd have thought a quick survey for logged in users wouldn't be that hard ...

Cheers,
Wol

UI and elderly users

cpitrat — Sat, 03 Aug 2024 06:33:36 +0000

Personally, if I click twice (not necessarily quickly) on the button that centers the position, it zooms, goes from top view to perspective and stays centered and oriented on me. The search bar and band at the bottom keep polluting the screen but are relatively small.

I also have an app called caffeine installed which provides a button in the shortcuts at the top (where you can activate wifi, torch, ...) to prevent the screen from turning off for a given amount of time (I set 1h by default but this can be tuned).

It could be better, but it kind of works.

You can thank telemetry for the disappearance of features. Nobody [1] uses it? Remove the feature[2]

[1] for Google "Nobody" means less than a billion users

[2] in some cases, this is very similar reasoning to not building cycle lanes because there are no bikes on the road. Or not building a bridge over a river because nobody crosses swimming. The feature may not be used because people don't know it exists. Sometimes, users even want it but don't find it. Unfortunately, telemetry is often used poorly ignoring this kind of bias. Another example is A/B testing a change measuring adoption, ignoring the existing user base. Or measuring "user engagement" by how long users spend on the app, meaning a change that confuses them and make something that used to be quick take longer is seen as positive. All this seems stupid and obvious, and yet I've seen teams of experienced engineers and PMs fall into this trap and even discard any concern. The metrics had become the objective for them.

Thunderbird LIVES

raven667 — Thu, 01 Aug 2024 23:20:43 +0000

huh, I didn't know Thunderbird was an actively maintained project either so I decided to try it out. It worked out of the box with MS Office365 IMAP/OAuth2 with SAML and MFA which was fantastic, but there is no overlap in protocol to support the built-in Calendar, but a third-party commercial plugin called Owl exists which implements the EWS API client and was able to sync mail and calendar from O365 without trouble. The Tbird search interface is different than I've seen before and I'm continuing to use it instead of outlook.office.com, which has been my preferred daily driver for years. Before outlook.office.com got decent at handling volumes of mail I used Evolution for years, and Mail.app and Entourage on a Mac before that, and PINE and Thunderbird/Communicator before that. I'm enjoying having proper quoting for replies and not just top-posting, and having a notification pop-up instead of just a browser notification for meetings, which tends to disappear before I notice it.

Rebirth of the email client

pizza — Thu, 01 Aug 2024 21:48:31 +0000

> At least for the moment, you can access GMail and Exchange from GNOME Evolution very easily and seamlessly:

Only if your "organization" allows external client access..

Many do, many don't. Anectdotally the trend is towards the latter.

> I will admit I'm not sure whether Evo's GMail support relies on GMail IMAP being enabled or not

It does not, but it still relies on API access that your organization admin can disable.

Rebirth of the email client

madscientist — Thu, 01 Aug 2024 18:47:05 +0000

At least for the moment, you can access GMail and Exchange from GNOME Evolution very easily and seamlessly: on my screen right now is a single Evolution instance managing mail accounts (and calendars, and contacts) from my personal IMAP/Ical server, two separate GMail accounts, and my work Exchange account.

I work with email the same way in all the accounts including creating folders and filters to automatically sort mail, my calendar shows the sum of appointments on all the different calendars, email To: lines auto-complete from all the contact lists, etc. You can also download and store mail to access locally and remove it from server storage, if needed.

I will admit I'm not sure whether Evo's GMail support relies on GMail IMAP being enabled or not, but ultimately if you have a browser that can access your email then it can also be accessed by an email client, pretending to be a browser (I'm not saying this is how it works, but it COULD work that way if there's no better option).

I've not tried Thunderbird in many years so I don't know if it's kept pace. But this capability is still available, in at least some places.

Rebirth of the email client

callegar — Thu, 01 Aug 2024 08:46:51 +0000

I was relieved by the "rebirth" of thunderbird, because I percieved it as the rebirth of the email client as a concept. The very idea that you can access all your mail "aggregating" it in a single program, no matter how many email addresses you need to watch from how many providers. The alternative is typically a website with a web-mail interface for every single provider, with its own notifications on, the inconsistency in the interfaces of the multiple web-mail codes, etc.

IMHO, there are two threats that could rapidly lead to the redeath, though, and both are serious.

The first one is on the side of the email client itself. The mass of archived email is constantly growing and Gmail has taught everybody never to delete email. Email clients must remain fast and *practical* enough even where the folders are huge. Thunderbird currently fails on the practicality side. When you search email, the message list view often starts "jumping" all around (see https://www.reddit.com/r/Thunderbird/comments/176y7z8/kee... or https://bugzilla.mozilla.org/show_bug.cgi?id=1827042 or https://bugzilla.mozilla.org/show_bug.cgi?id=1860875). On the speed side, it is a bit on the boundary (still on the good side, because web-mail interfaces are slow themselves).

The second and more serious one is on the providers' side. In many cases they have stopped serving IMAP altogether. For instance, schools in Italy provide an email address to students used for parents to receive communications from the school, but you can only access that from the provider web mail interface (often gmail). This was already discussed on lwn. While the matter involves many aspects, most of it has ultimately to do with "what email is". Apparently, many institutions/companies, etc would like email to be "revokable" and to be able to "remove" what you have already received. This is clearly diverging from the original concept of email as the electronic counterpart of physical mail. Clearly, anything that helps local email storage is undesired in this model, in which there is no space for thunderbird or any other email client.

Some donation data prompts are nasty

farnz — Wed, 31 Jul 2024 15:14:28 +0000

It's also worth being realistic about the outcome of defending against a specific threat; I can promise you now that if a sufficiently capable bad actor has taken me and my family hostage, and is going to kill us all if we don't give the bad actor everything they need to get into my accounts, that they're getting what they ask for, because the consequence of not giving them everything is bad enough that I don't want to risk it.

There is, of course, a relevant XKCD comic about this, with the bad guys not giving up because the computer security is too good, but instead assaulting the computer owner to get access, and we forget that observation at our peril.

Some donation data prompts are nasty

somlo — Wed, 31 Jul 2024 13:31:21 +0000

> The threat model is someone has downloaded or somehow otherwise captured a whole lot of usernames/passwords

Keeping the specific threat model in mind is important, and unfortunately underrated. When we lose track of that, we end up looking for *perfect* security that's somehow also palatable to the average normie user, which so far hasn't happened.

It's important to distinguish between the zombie that's chasing after *you* specifically, in which case you need to prepare by focusing on Rule #1 (Cardio) -- vs. a bear that's just chasing after *lunch*, in which case outrunning the poor sod next to you is perfectly adequate. :)

I find this very insightful on the topic: https://scholar.harvard.edu/files/mickens/files/thisworld...

Some donation data prompts are nasty

kleptog — Wed, 31 Jul 2024 13:12:43 +0000

The thing is, that's not the threat model 2FA is protecting against.

The threat model is someone has downloaded or somehow otherwise captured a whole lot of usernames/passwords and is trying them on all sorts of websites. For that 2FA works perfectly because they don't have your phone. They don't even know who the users are so couldn't find the phone even if they wanted to.

Against targeted attacks 2FA is obviously less useful, though still a step up from the example that started this conversation, which is asking people to include their zipcode when using a credit card.

You don't need to outrun the leopard, you just need to be faster than the next person.

(The bank's 2FA does require a biometric or separate pin code to unlock.)

Some donation data prompts are nasty

mb — Tue, 30 Jul 2024 17:54:38 +0000

>I assume anyone with TOTP codes protecting anything important is using an app with such security,
>and has it enabled.

I don't use any of the "normal" apps.

TOTP is trivial to implement in a few dozen lines of Python code:
https://github.com/mbuesch/pwman/blob/master/libpwman/otp.py

You can quickly write an authenticator with any additional access control and security guarantees that you want. (or just use mine ;-)

And an attacker probably won't know that it's there, if you wrote it by yourself.

Some donation data prompts are nasty

paulj — Tue, 30 Jul 2024 16:21:49 +0000

Yes, indeed, they need that second channel - e.g. a regular password. But, they probably have your access to your email now to reset that. Agreed.

However: FreeOTP+ lets you set "authentication", which means you must pass system authentication (e.g., system PIN unlock, or whatever you have configured) to open the app. If you are diligent about swiping-away/closing FreeOTP+ once you're done with it, this can give an additional layer of protection from general-case phone-stolen-while-unlocked.

I assume anyone with TOTP codes protecting anything important is using an app with such security, and has it enabled.

Some donation data prompts are nasty

pizza — Tue, 30 Jul 2024 16:10:14 +0000

> If you mean TOTP, the security depends on the seed (length, randomness, and op-sec in storing it on client and server).

If someone steals or otherwise gains access to your phone when it's not locked (and sometimes even if it is locked if you have sufficient resources to expend on unlocking it quickly) they typically will get full access to your 2FA/TOTP client _and_ the communication channels that are typically used to reset credentials.

(Most "2FA clients" don't have any access control, such as an additional PIN. Worse, some are effectively "new account sign-in request, tap here to grant access" tissue paper)

In other words, when the 2FA device is the also the communication device, you've reduced your 2FA effectively to 1 (if not 0) FA for many attack scenarios.

(Granted, this is more of a problem for the device owner should it get damaged, lost, or stolen -- how do they regain legitmate access? And how can that necessary backchannel not become the weak attack vector?)

Some donation data prompts are nasty

paulj — Tue, 30 Jul 2024 15:47:27 +0000

If you mean TOTP, the security depends on the seed (length, randomness, and op-sec in storing it on client and server).

The time interval is almost always easily obtainable, in rare cases it is not, there's a few common values. Current time is known.

SS7 network and SMS hijacking

farnz — Tue, 30 Jul 2024 15:22:40 +0000

You don't even need to do a SIM swap; if you have sufficient access to the SS7 signalling network, you arrange for all SMS to a given number to route via your systems. And as they're unencrypted, you get to inspect the contents before forwarding them to the original recipient.

This particular hole is going to go away eventually - once there are no more 2G or 3G networks anywhere in the world, nobody will consult SS7 systems as part of SMS handling - but not in the next decade or so. LTE and later standards can avoid this particular hole, because they can do everything via IMS (over IP), which has been secured a lot better than SS7 was (SS7's "security" is "only trusted telcos have access - and no-one working for a telco would ever do a bad thing").

Some donation data prompts are nasty

DanilaBerezin — Tue, 30 Jul 2024 15:17:41 +0000

In order to steal someone's phone number, you don't have to physically steal the actual SIM card. You can perform what's known as a SIM swap, which is way ridiculously easy to do by modern security standards. Furthermore, SMS communications are entirely unencrypted, meaning 2FA codes sent over SMS are trivial to intercept with a man in the middle attack. Guessing a random seed and some very precise clock parameters is WAY more difficult.

Re-enabling telemetry

pizza — Tue, 30 Jul 2024 14:48:22 +0000

> I can't enable it that way. "Allow Thunderbird to send technical and interaction data to Mozilla" (along with the associated checkbox) is grayed out, and a note below it says "Data reporting is disabled for this build configuration."

It looks like you're going to have to either run an upstream-provided binary [1] or compile your own. [2]

You might consider filing a bug ticket against your distro's package requesting that instead of completely disabling telemetry capabilities, they leave it in but set the default to off.

[1] Obtainable via Snap and Flathub, and from thunderbird.net directly.
[2] Perhaps by taking your distro package and removing the "Telemetry removal" patch?

Opt-out telemetry

Wol — Tue, 30 Jul 2024 07:22:30 +0000

> Saying "I don't want this to be done to me" and saying "I want this thing to be forbidden for everyone" are not the same.

The GP says "this is 100% wrong". Given that ethics and morals are inherently a grey area, saying something is "100% wrong" IS forbidding it for everyone (which is, itself, wrong!!!)

Cheers,
Wol

Opt-out telemetry

LtWorf — Tue, 30 Jul 2024 06:51:00 +0000

> You're effectively saying "I'm the most important guy in the world - nobody else deserves any say". That may be ethical and morally correct for you, but I bet everybody else in the world would beg to differ!

Uh?

Saying "I don't want this to be done to me" and saying "I want this thing to be forbidden for everyone" are not the same.

I don't think there's any request to completely remove telemetry from everyone's computers here.

There is a request to ask for consent before doing things that clearly many people don't want done to them. And of course you can't give consent if you're not informed.

Some donation data prompts are nasty

LtWorf — Tue, 30 Jul 2024 06:45:19 +0000

> App-based 2FA fares little better.

How?

If someone steals your phone you have got the same problem.

Even worse actually because you can report a SIM card as stolen and deactivate it, while you can't do that with a seed and a clock.

Re-enabling telemetry

KJ7RRV — Tue, 30 Jul 2024 01:53:43 +0000

I can't enable it that way. "Allow Thunderbird to send technical and interaction data to Mozilla" (along with the associated checkbox) is grayed out, and a note below it says "Data reporting is disabled for this build configuration."

Re-enabling telemetry

pizza — Mon, 29 Jul 2024 20:49:19 +0000

> Yes, I'm asking if there is a way for me to opt in and enable telemetry when my distro has opted out,

Assuming your distro didn't patch it out altogether (highly unlikely), this should just be a matter of turning the default back on. See this page for the specifics:

https://support.mozilla.org/en-US/kb/thunderbird-telemetry

(That page also shows how to examine the gathered data, for those that want to ground this discussion in facts rather than conspiratorial hand-waving)

Re-enabling telemetry

KJ7RRV — Mon, 29 Jul 2024 20:35:08 +0000

Yes, I'm asking if there is a way for me to opt in and enable telemetry when my distro has opted out, other than building Thunderbird myself. I do want to send telemetry, but my distro disabled it.

Re-enabling telemetry

somlo — Sun, 28 Jul 2024 23:51:20 +0000

> Is there a way to re-enable telemetry on distros that disable it?

Re-enable by whom? If it's by the end user, that's just a deliberate "opt-in", which nobody should have anything against.

If we're talking by the original software author, then, thank $deity, it's Free/OpenSource, so any intermediary (like e.g., a distro) could modify that source, rip out the re-enable-telemetry-after-distro-disabled-it functionality, and redistribute so modified copies to their downstream.

This would be an example of why distros are a *good* thing, when they advocate on behalf of their users when users' interests are at odds with those of upstream software authors.

Opt-out telemetry

DanilaBerezin — Sun, 28 Jul 2024 23:00:35 +0000

Once again, not interested in debating the specifics of moral philosophy here since it's largely off topic. But I'm not sure how you believe that the situation you described is comparable to the situation here, where some external organization is insisting on pushing software that sends them data without your consent just so that they can have better statistics.

Opt-out telemetry

Wol — Sun, 28 Jul 2024 22:26:18 +0000

> I think in a modern, civilized society, respecting user consent and autonomy is a basic moral principle most people have already accepted

So you consider it evil and unethical to break into a hijacked computer, in order to stop it being used in ransomware attacks? Because without the consent of the owner you can do nothing?

Life is not black and white. The Synnovis ransomware attack has had a massive - and seriously damaging - impact on my family ...

Cheers,
Wol

Opt-out telemetry

DanilaBerezin — Sun, 28 Jul 2024 19:07:43 +0000

Correction:

*like pushing opt-out telemetry

Opt-out telemetry

DanilaBerezin — Sun, 28 Jul 2024 17:43:23 +0000

I'm not going to debate the philosophical foundation of ethics here. I think in a modern, civilized society, respecting user consent and autonomy is a basic moral principle most people have already accepted in the same way that most people have accepted apriori that things like murder are evil and unethical. Of course developers, corporations, foundations etc are free to be spineless and unethical in their behavior, that is entirely their prerogative. That's not the point of my statement. The point of my statement is to point out their evil and unethical behavior, protest it, and hope that others will join me in doing so with the goal that maybe that will stop them from being evil and doing unethical things, like pushing opt-in telemetry.

Re-enabling telemetry

KJ7RRV — Sun, 28 Jul 2024 16:50:04 +0000

Is there a way to re-enable telemetry on distros that disable it?

Opt-out telemetry

Wol — Sun, 28 Jul 2024 15:22:42 +0000

> It's 100% because it's unethical to do so. Not because there are no benefits.

And who defines "ethical"? In this case, it's clearly you, which is in itself unethical. You are defining the scenario to your benefit.

> Yes and all those things are unethical too. The fact that there are already a lot of evil things in the world doesn't mean we should just be okay with other evil things being introduced.

And again, who is defining "evil" here? You are!

The fact is, "ethical" and "evil" are social constructs defined by the requirement for us to be able to live together with each other. I'm sure you would disagree with the fact I would define "Freedom of Speech" and "The right to seek happiness and wealth" as unethical, but it's an objective fact that both of these (as practiced by America today) are actively harmful to the majority!

And - in almost all cases - you fall foul of the "pick two, pick any two" dilemma. Is it unethical for other people to pick a different two to you?

You're effectively saying "I'm the most important guy in the world - nobody else deserves any say". That may be ethical and morally correct for you, but I bet everybody else in the world would beg to differ!

Cheers,
Wol

Opt-out telemetry

DanilaBerezin — Sun, 28 Jul 2024 14:07:31 +0000

> But it's not 100% because there are clear benefits to doing so. That you disagree about the relative importance of those benefits does not mean those benefits do not exist.

It's 100% because it's unethical to do so. Not because there are no benefits.

> Uh, WTF? Who do you think adds/commits code into "their open source software" if not "developers"?

Read again: Mozilla =/= developers

> You can "should" all you want, but the harsh reality is that "100% control" hasn't been true since the WIPO copyright treaties of 1996 (making DRM legally enforceable) were ratified and subsequently enacted by nearly every nation on this planet. But even before that treaty made it effectively illegal to break the flimsiest of digital locks, nearly every computing device on the planet already had some degree of proprietary software embedded into it that the "user" has no meaningful control over.

Yes and all those things are unethical too. The fact that there are already a lot of evil things in the world doesn't mean we should just be okay with other evil things being introduced.

Opt-out telemetry

Wol — Sun, 28 Jul 2024 13:28:00 +0000

> So... if you don't want your email client to send or receive data, then switch it off and don't use it?

I don't want it to send or receive data I DON'T KNOW ABOUT. Big difference.

By my definition, spam is also illegal. Doesn't stop the authorities doing nothing about it.

It's like trespass, in the UK at least. The law defines trespass - aka being on someone else's property - as illegal. But it doesn't care about it. It presumes that the property owner will grant retro-active permission.

But if the trespasser knew - or should have known - that permission would not be granted, it is THAT that is the serious offence. That is why there are notices "Trespassers will be prosecuted" - it places people on notice that retroactive permission will NOT be granted. So what would have been treated as an "innocent incursion" becomes a criminal offence.

So using my internet connection, to send telemetry data that you have reason to suspect I would be unhappy about if I knew, is in principle exactly the same as Criminal Trespass (which is classed as "the same sort of thing as burglary").

Cheers,
Wol

Opt-out telemetry

pizza — Sun, 28 Jul 2024 12:34:20 +0000

> It's also illegal in many jurisdictions. Doesn't matter whether it's PII or not.

Even in the EU, automatic opt-out data collection is not inherently illegal.

> If I'm on a metered internet connection, and I don't know it's happening, it's "theft of electricity" or something like that.

So... if you don't want your email client to send or receive data, then switch it off and don't use it?

Opt-out telemetry

Wol — Sun, 28 Jul 2024 12:23:35 +0000

> Mozilla =/= the developers of their open source software and it's entirely reasonable to not trust them. Either way, my personal opinion on Mozilla and their trustworthiness is irrelevant. User's should have 100% control of their machines and opt-out telemetry is in direct violation of that principle.

It's also illegal in many jurisdictions. Doesn't matter whether it's PII or not. If I'm on a metered internet connection, and I don't know it's happening, it's "theft of electricity" or something like that. (Google Prince Philip and the Ceefax scandal or whatever it was back in - iirc - the 1980s.)

(Okay, the chances of it being prosecuted are probably the wrong side of zero, but never mind ... :-)

Cheers,
Wol

Opt-out telemetry

pizza — Sun, 28 Jul 2024 12:18:31 +0000

> 2. That distros should stop circumventing that policy by packaging the software with telemetry disabled by default, which mind you is 100% the right thing for them to do in this case.

Nope, it is not "100% the right thing for them to do in this case."

Maybe it is 99%, maybe it's 20%. But it's not 100% because there are clear benefits to doing so. That you disagree about the relative importance of those benefits does not mean those benefits do not exist.

> Mozilla =/= the developers of their open source software and it's entirely reasonable to not trust them.

Uh, WTF? Who do you think adds/commits code into "their open source software" if not "developers"?

Meanwhile. I have yet to read any specific objections to what Thunderbird claims to collect or if any PII is part of it. Whether or not you "trust" anyone involved, the source code of Thunderbird is F/OSS in every sense, and can be inspected to confirm that it does what its developers claim it does.

> User's should have 100% control of their machines and opt-out telemetry is in direct violation of that principle.

You can "should" all you want, but the harsh reality is that "100% control" hasn't been true since the WIPO copyright treaties of 1996 (making DRM legally enforceable) were ratified and subsequently enacted by nearly every nation on this planet. But even before that treaty made it effectively illegal to break the flimsiest of digital locks, nearly every computing device on the planet already had some degree of proprietary software embedded into it that the "user" has no meaningful control over.

Meanwhile, when you use a computing device you do not own, or use that device to connect to any external service (ie "someone else's computer") by definition you do not have "100% control" of anything. I can promise you that far, far, far more data (and personally identifiable at that!) is leaked (if not outright collected by every intermediary) with every email you send or receive than Thunderbird's documented telemetry can possibly gather.

Opt-out telemetry

DanilaBerezin — Sun, 28 Jul 2024 00:51:08 +0000

> Exactly what violations of user consent are being alleged here?

Opt out telemetry means that data is sent from a users computer by default, whether they consent to it or not. Hopefully the violation of consent here is self explanatory.

> If you don't trust Fedora (and/or the the various upstreams and individual developers) to be honest about what they're doing

Who said anything about Fedora or it's proposals? Fedora's proposal is opt in, and I have absolutely zero issue with that. The speaker in the article is a product manager at mozilla, advocating that:

1. Thunderbird's opt out telemetry policy is justified.
2. That distros should stop circumventing that policy by packaging the software with telemetry disabled by default, which mind you is 100% the right thing for them to do in this case.

Mozilla =/= the developers of their open source software and it's entirely reasonable to not trust them. Either way, my personal opinion on Mozilla and their trustworthiness is irrelevant. User's should have 100% control of their machines and opt-out telemetry is in direct violation of that principle.

Opt-out telemetry

pizza — Sat, 27 Jul 2024 22:50:33 +0000

> I don't really care if not violating your user's consent and autonomy prevents you from accruing accurate statistics.

Exactly what violations of user consent are being alleged here?

> In the real world your statistics will never be accurate,

Nor does anyone ever expect them to be. The question, as always, is if they are "accurate enough".

> My solution was a proposed middle ground between a silent opt in telemetry users don't even know exists and evil opt out telemetry.

In other words, you didn't even read the proposal.

If you had read it, you would have seen that it requires the user to explicitly consent before any data leaves the local system.

If you don't trust Fedora (and/or the the various upstreams and individual developers) to be honest about what they're doing, under what basis are you accusing them of bad faith, especially when the software in question (along with the entire source-to-deployed-binaries pipeline) is fully open for inspection?