I know that download.opensuse.org redirects to a mirror and that it is possible to skip that redirect by selecting the mirror as a source directly. The question is - how does one know that what zypper/yast downloads from the mirror is really a mirror copy and not something else (e.g. malware)? Perhaps this question is not directly related to the topic but still I am interested to know.IANAL either but I have read the GDPR and I know how 'personal data' and 'processing' are defined in it . Although recital 26 says "This Regulation does not therefore concern the processing of such anonymous information, including for statistical or research purposes", the combination of IP+UUID+timing is a not anonymous data and can surely be used as a fingerprint, and "funding purposes" is different from "statistical or research". I don't see any information how this 'personal data' is 'processed'. Hence this thread.How can I get more information about all this?