FireGPG's developers blog Archive

Development and news about FireGPG

About stats

Lots of users, dues to the last post I suppose, have some questions abouts stats we collect.

Yes, there aren’t any warning about this stats because we forget to say it on the new update page (before it was inside FireGPG). It’s a problem, and we will add a notice for the next release.

Which stats are collected ?

Of course, don’t worry. We’re not collecting information about how do you use FireGPG or the average length of yours passwords ;). There both stats: Installations and XpCom.

Stats about installations send us the version number of FireGPG which you just installed and the previous version installed, if there one (so if there aren’t, we know it’s not an update but probably a new user).

Stats about XpCom are new and temporally. We send the status of the XpCom (if he works, if he doesn’t, if he is disabled), and the platform (Gnu/Linux, Windows).

There is only this, and ping are send only we you update FireGPG (or when the stats of the XpCom change, but it’s not very common).

Only these information are stored. Yes, we have in Apache logs more information: your Firefox’s version, your ip, when you install FireGPG. But first, we don’t read them, and then there are deleted after 7 days. It’s like we you navigate on a website: anybody who own a server can have the same information we you’re using it. And erm who relay care if you are currently reading this post at 23:12:21 on 04/02/08 from your office? We’re not Big Brother ;).

**Why stats? **

For the XpCom because we don’t know how the XpCom will work and as it’s a very critical feature, who we can’t test ourselves, the solution was to let’s user test themselves and get back stats. Have a look at the last post for more information ;). Notice that when the XpCom will be stable (about 2 or 3 versions) we will deactivate this stats.

For stats on installation: we want to know how FireGPG is used. FireGPG take us a lot of time and I think it’s normal we’re able to see how he is installed/updated: it’s a kind of ‘recognition’ of our work by having information about how he is popular…

Someone say we should remove this stats because FireGPG is a critical, as he works with GnuPG. I totally disagree. First for points explained before and then, if you trust us for using FireGPG in general, I suppose you can trust us to send only ‘goods’ pings and not adding spy in our addon…



I don’t like it. If it were openly disclosed up front from the start, I still would not like it. Sorry, i prefer to just type from the command line gpg –clearsign filename and then paste the contents of the resulting filename.asc

For example, I’m gonna gpg sign this comment.. not that you all have my public key, but it is on the public keyservers. Those that know me well, have it. And will thusly be able to verify that my snippy remarks have not been tampered with :P

If relying on statements such as “We’re not Big Brother ;)” constitued sound security policy, who would need OpenPGP anyway? —–BEGIN PGP SIGNATURE—– Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkr9FbcACgkQ5krsbgKesWUYVgCeL3aE17x7Fe8cD0JWZDKvAZmb TeIAmwYtdTHakn7J+OukbFlUzi1dMeVY =V2cs —–END PGP SIGNATURE—–

Joe Sniderman, 2009-11-13 10:18:24

I don’t care you don’t like it. Just don’t use FireGPG…

Maximilien Cuony [The_glu] , 2009-11-13 11:51:30