So do I. How do distribution/platform name and version numbers violate one's privacy?

The distributions and platforms I'm running in my home is known to me. It is private knowledge. It is not public.

The information can only be used for statistics.

You may only be using it for statistics. It can certainly be used for other purposes.

<paranoid>

1. I kindly take over maintenance of SOAP::Lite
2. I add a tracker like the one you propose and log all the information I receive. Note that this information will also include the IP address of the server the module was installed on.
3. I "accidentally" include an exploit that allows me to call arbitrary Perl code in the next SOAP::Lite release.
4. I wait for the IP addresses of vulnerable machines to roll in

</paranoid>

I will force nobody and will be very open about what happens. There will be an easy, obvious way to opt out and it will be printed on screen and mentioned in the README.

But an automated install with no manual intervention will opt-in. This is the behaviour I think most people are (correctly in my opinion) objecting to.

Because the information sent is static and not privacy-sensitive

I don't think other people are entitled to determine how sensitive my private data is. I guess I'm just funny that way.

<paranoid>
1. ...
2. ...
3. I "accidentally" include an exploit that allows me to call arbitrary Perl code in the next SOAP::Lite release.
4. ...
</paranoid>

<realistic>
1. I "accidentally" include code that downloads and evals some string.
2. Eh, done.
</realistic>
I am no more dangerous to you with this information than without. Besides that, if you're PARANOID, you never install a module without reading its documentation, without looking at installation output. If you're REALLY PARANOID, you never install a module without reading exactly what it does.

Juerd # { site => 'juerd.nl', plp_site => 'plp.juerd.nl', do_not_use => 'spamtrap' }

I still disagree. I think that demanding opt-out of your users is inherently disrespectful of their privacy, no matter how innocuous you think the information you're collecting is. It's my damn information, and it's my choice to share it with whomever I feel like, or not. Creating automated response code that's enabled by default is no better than spyware.

It's my damn information, and it's my choice to share it with whomever I feel like

But it is his "damn" code that you are planning to use. I think the author deserves some gratitude for allowing you to use this software. Consider it the same as sending a thank you email to an author for saving you the time and trouble of having to write this code yourself.

That being said, I am kind of on the fence with this one. I would personally like the stats myself, but the opt_out strategy doesn't quite sit right with me either. Even though I agree that the information collected is innocuous.

- Cees

I think the author deserves some gratitude for allowing you to use this software.

Let's get off of the high holy horse here, and get back to the real world. You write code and put it out on the internet because you think it's useful and/or cool, and you want other people to take it for a spin, in hopes they think the same and want to help you improve it. Perhaps you're putting the code out there to impress potential future employers. To be brutally honest, you are owed NOTHING. If you were owed something, it would be in your License.

That being said, I'm not opposed to the collection of information that helps drive your module development. I'm opposed to the method of collection. Want to talk about default behavior? Most people's default behavior, when confronted with opt-out code, is hostility.

A further thought - if you use perl -MCPAN to install your perl modules, a lot of times you end up with a big pile of dependencies to install (especially on a new system). I generally start the process, and walk off to do something else while the install process runs. Guess what? Your oh-so-friendly opt-out procedure is now broken.

privacy

Specify why you think the four strings I want to send violate privacy in any way or do not use that word again. Repeating the same thing over and over does not explain to the other party why you think it is relevant or important.

it's my choice

If you properly read the information on your screen and in the README file, it will still be your choice.

Creating automated response code that's enabled by default is no better than spyware.

I'm sorry you feel this way. You offended a lot of people by saying that, including me.

Juerd # { site => 'juerd.nl', plp_site => 'plp.juerd.nl', do_not_use => 'spamtrap' }