[GH-ISSUE #135] Rethinking pingback #103

New issue

Closed

opened 2026-02-26 09:35:55 +03:00 by kerem · 3 comments

kerem commented 2026-02-26 09:35:55 +03:00

Owner

Copy link

Originally created by @denydias on GitHub (Apr 12, 2015).
Original GitHub issue: https://github.com/opensolutions/ViMbAdmin/issues/135

Hi, ViMbAdmin developers.

First things first: I would like to deeply thank you for the great and useful application you all came up with.

Now, let me call you up to think about your pingback feature. From a fresh install, if the user doesn't pay attention to it, the default is to ViMbAdmin to phone home and update a statistic somewhere. The comment in application/configs/application.ini makes it very clear:

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; ViMbAdmin 'pings' the developers as part of the set up process to let
;; them know there is a new installation.
;;
;; All we are interested in is knowing whether people are using the software
;; or not and whether continued support and development is worth the time
;; and effort.
;;
;; Unless you're very shy, PLEASE LET US KNOW YOU'RE USING IT!
;;
;; This can be disabled by setting the below to 1
;;

skipInstallPingback = 0

I can understand the need for this. One is about to know the relevance so one can keep it moving forward. Why to bother developing something that has no market? Another one is the human need to be recognized. As this is kinda personal, I'm going to refrain myself to give my opinions on this particular matter.

But we live in a quite different and increasingly dangerous world, unfortunately. Nowadays, IMHO, it's not a good practice to let an application just phone home by default. There are too many implications on this: log anonymization, metadata disclosure, privacy policies, individual rights, data-on-rest secrecy and so on. No metadata is free of guilt at the present time.

So, I kindly ask you to rethink this 'statistical harvesting' from the ground. It would be nice to let users do something like this (although its not so nice to you):

1. Instead to 'phone home by default', a 'big red button' at the end of installation process saying something like: 'Please, click here to let your ViMbAdmin setup count on our statistics'.
2. This 'big red button' comes together with a short and clear privacy policy stating that:
   1. The log at the request endpoint is anonymized;
   2. No referral metadata is sent at all;
   3. The request is done through secure connection.
3. To implement all the points on 2 properly.

I know this imposes some quite difficult challenges from the market perspective, such as not knowing when someone is not using the software anymore, or not to have any warranty that the user will click that 'big red button' at the end of the process. But I think that worth to try as it gives user a choice on how and when to disclose some information. It doesn't even need to be that way I described above at all if the result is the same: to keep the user privacy while collecting some marketing juice.

Last, but not least, I would not saying all this s** for any other software I did not like. I think ViMbAdmin worth my time to write this up. I also think that its job is to touch on something very, very important to many individuals and organizations out there: email administration. So that's why I'm hitting that 'big red button', as I had set skipInstallPingback = 1 prior to install.

Thank you all.

EDIT: For the sake of clarification, I did not had the time to take a look in the code to see what skipInstallPingback actually does. So forgive me if all the points above are already covered.

Originally created by @denydias on GitHub (Apr 12, 2015). Original GitHub issue: https://github.com/opensolutions/ViMbAdmin/issues/135 Hi, ViMbAdmin developers. First things first: I would like to deeply thank you for the great and useful application you all came up with. Now, let me call you up to think about your pingback feature. From a fresh install, if the user doesn't pay attention to it, the default is to ViMbAdmin to phone home and update a statistic somewhere. The comment in `application/configs/application.ini` makes it very clear: ``` php ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;; ;; ViMbAdmin 'pings' the developers as part of the set up process to let ;; them know there is a new installation. ;; ;; All we are interested in is knowing whether people are using the software ;; or not and whether continued support and development is worth the time ;; and effort. ;; ;; Unless you're very shy, PLEASE LET US KNOW YOU'RE USING IT! ;; ;; This can be disabled by setting the below to 1 ;; skipInstallPingback = 0 ``` I can understand the need for this. One is about to know the relevance so one can keep it moving forward. Why to bother developing something that has no market? Another one is the human need to be recognized. As this is kinda personal, I'm going to refrain myself to give my opinions on this particular matter. But we live in a quite different and increasingly dangerous world, unfortunately. Nowadays, IMHO, it's not a good practice to let an application just phone home by default. There are too many implications on this: log anonymization, metadata disclosure, privacy policies, individual rights, data-on-rest secrecy and so on. No metadata is free of guilt at the present time. So, I kindly ask you to rethink this 'statistical harvesting' from the ground. It would be nice to let users do something like this (although its not so nice to you): 1. Instead to 'phone home by default', a 'big red button' at the end of installation process saying something like: 'Please, click here to let your ViMbAdmin setup count on our statistics'. 2. This 'big red button' comes together with a short and clear privacy policy stating that: 1. The log at the request endpoint is anonymized; 2. No referral metadata is sent at all; 3. The request is done through secure connection. 3. To implement all the points on 2 properly. I know this imposes some quite difficult challenges from the market perspective, such as not knowing when someone is not using the software anymore, or not to have any warranty that the user will click that 'big red button' at the end of the process. But I think that worth to try as it gives user a choice on how and when to disclose some information. It doesn't even need to be that way I described above at all if the result is the same: to keep the user privacy while collecting some marketing juice. Last, but not least, I would not saying all this s*\* for any other software I did not like. I think ViMbAdmin worth my time to write this up. I also think that its job is to touch on something very, very important to many individuals and organizations out there: email administration. So that's why I'm hitting that 'big red button', as I had set `skipInstallPingback = 1` prior to install. Thank you all. EDIT: For the sake of clarification, I did not had the time to take a look in the code to see what `skipInstallPingback` actually does. So forgive me if all the points above are already covered.

kerem closed this issue 2026-02-26 09:35:56 +03:00

kerem commented 2026-02-26 09:35:56 +03:00

Author

Owner

Copy link

@barryo commented on GitHub (Apr 13, 2015):

Thanks for the positive comments about ViMbAdmin 😃

I can understand the need for this. One is about to know the relevance so one can keep it moving forward.

As we state clearly, this is why (and only why) we do it.

You cannot install ViMbAdmin without editing this config file so it's clear as day. This is FOSS software so the means of how we do the ping back is also clear.

But, not only do we have the above, when you do the actual admin account creation via the browser during install / setup, you are again reminded and told how to opt out.

In summary: we'd appreciate the ping back, it's clear and transparent, it helps us, but you can opt out. No changes required here.

Also, in the interests of complete transparency - the result on our end is:

<!-- gh-comment-id:92279310 --> @barryo commented on GitHub (Apr 13, 2015): Thanks for the positive comments about ViMbAdmin :smiley: > I can understand the need for this. One is about to know the relevance so one can keep it moving forward. As we state clearly, this is why (and only why) we do it. You cannot install ViMbAdmin without editing this config file so it's clear as day. This is FOSS software so [the means of how we do the ping back is also clear](http://git.io/vvOJZ). But, not only do we have the above, when you do the actual admin account creation via the browser during install / setup, you are again reminded and told how to opt out. In summary: we'd appreciate the ping back, it's clear and transparent, it helps us, but you can opt out. No changes required here. Also, in the interests of complete transparency - the result on our end is: 

kerem commented 2026-02-26 09:35:56 +03:00

Author

Owner

Copy link

@denydias commented on GitHub (Apr 13, 2015):

Hi, @barryo! Thank you for the quick reply.

I understand your points, although I do not agree 100% with them. Anyway, this will not make ViMbAdmin any less valuable for me and many others out there, as the graphic you've posted clearly shows.

Congratulations to you and your team for providing us with this beautiful piece of code.

Best wishes from Brazil.

<!-- gh-comment-id:92282403 --> @denydias commented on GitHub (Apr 13, 2015): Hi, @barryo! Thank you for the quick reply. I understand your points, although I do not agree 100% with them. Anyway, this will not make ViMbAdmin any less valuable for me and many others out there, as the graphic you've posted clearly shows. Congratulations to you and your team for providing us with this beautiful piece of code. Best wishes from Brazil.

kerem commented 2026-02-26 09:35:57 +03:00

Author

Owner

Copy link

@barryo commented on GitHub (Apr 13, 2015):

😄

<!-- gh-comment-id:92287163 --> @barryo commented on GitHub (Apr 13, 2015): :smile:

kerem referenced this issue 2026-02-26 09:36:00 +03:00

[GH-ISSUE #144] Password field not of type password #113

kerem referenced this issue 2026-02-26 10:30:39 +03:00

[PR #145] [MERGED] disable autocompletion on password formfields. fixes #103 and fixes #144. #288

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

dependabot/composer/smarty/smarty-4.3.1

v2

3.4.1

3.4.0

3.3.0

3.2.1

3.2.0

3.1.1

3.1.0

3.0.15

3.0.14

3.0.13

3.0.12

3.0.11

2.2.4

3.0.10

3.0.9

3.0.8

3.0.7

3.0.6

3.0.5

3.0.4

3.0.3

3.0.2

3.0.1

3.0.0

2.2.3

2.2.2

2.2.1

2.2.0

2.1.0

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.1

2.0.0

0.3.4

0.3.3

0.3.2

0.3.1

0.3

Labels

Clear labels   

bug

  

feature

  

feature

  

improvement

  

improvement

  

pull-request

Mirrored from GitHub Pull Request

No labels

bug

feature

feature

improvement

improvement

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/ViMbAdmin-opensolutions#103

No description provided.