I took the time to go through the whole thread. Your tone was pretty aggressive from the start and throughout the whole conversation. On the developer's side yeah, they did minimize the issue at the beginning and then eventually modified how it works to increase privacy (rotating the UUID every 3 months, permitting to disable it anyway, clearly state it in the TOS etc). You are still downloading a tons of data from their infra, and for free, I think it's fair for them to have some sort of control to avoid abuses.
And even if it sounds harsh, their initial suggestion is always valid: use another software, or fork it and maintain your own version. It's GPLv3.
Where does it sound aggressive? I read the whole thread as well and was more astounded that harmless messages were marked as "abusive". Maybe if you read into it he sounds a little pissed
> It seems unlikely that this is an accident.
> It appears that this spyware tracking feature was added by @vshcherb (Victor Shcherb) back in 2015 and has been leaking users' data and travel history (via client IP geolocation) to the OSMAnd index server ever since.
but to be honest there was a hidden tracking feature for many years and he only called it by its name and didn't get aggressive in any form.
The original author didn't acknowledge a problem and all his messages were hidden (or are it at least now) to logged out users. This doesn't seem like a healthy discussion, but I disagree that not the reporter, but the other users/developers seem to be aggressive. They deny any problem and don't appear to understand or care to understand the "allegations" brought forward.
He insinuates that this is a feature to track users and acts in this respect in "bad faith", but assuming the worst (it saved a unique identifier and time of use and ips...) which is understandable in this situation.
For everyone reading my reply until now, but didn't read the github thread - the issue is fixed and you can now disable the identifier in the settings.
Thanks for reading, sorry for the rant, have a nice day :)
> but to be honest there was a hidden tracking feature for many years and he only called it by its name and didn't get aggressive in any form.
The alleged "calling by its name" is the whole point. You are already judging something as ill-intended from minute 0. That's pretty aggressive in my book.
> was more astounded that harmless messages were marked as "abusive".
I was too, at first, but then I saw that this person refused to acknowledge any misunderstanding on their part or engage with any of the clarifications provided, and continued to spout their one-dimensional rhetoric. There's no "misinformation" marker on Github afaik, so unfortunately the "abusive" marker seems to be the tool available to fade those out.
I'd absolutely find this excessive if this was about a proprietary product, but I'm in support of FOSS developers standing up for themselves and drawing a boundary on how much mental energy they're willing spend on people like this.
> You are still downloading a tons of data from their infra, and for free, I think it's fair for them to have some sort of control to avoid abuses.
I agree with you 100%. The issue of client tracking is completely orthogonal, as a client-generated and client-reported identifier does nothing to avoid these abuses. All it does is allow them to track users of the software.
It's possible to disable it now in the app settings as the last message in the issue states.
The app does enable it and telemetry by default without any warning which I think is wrong.
And even if it sounds harsh, their initial suggestion is always valid: use another software, or fork it and maintain your own version. It's GPLv3.