Somebody made a proposal on the fwupd mailing list that the machine running fwupd should “phone home” to the LVFS with success or failure after the firmware update has been attempted.

This would let the hardware vendor that uploaded firmware know there are problems straight away, rather than waiting for thousands of frustrated users to file bugs. The report should needs to contain something that identifies the machine and a boolean, and in the event of an error, enough debug information to actually be useful. It would obviously involve sending the users IP address to the server too.

I ran a poll on my Google+ page, and this was the result:

So, a significant minority of people felt like it stepped over the line of privacy v.s. pragmatism. This told me I couldn’t just forge onward with automated collection, and this blog entry outlines what we’ve done for the 1.0.4 release. I hope this proposal is acceptable to even the most paranoid of users.

The fwupd daemon now stores the result of each attempted update in a local SQLite database. In the event there’s a firmware update that’s been attempted, we now ask the user if they would like to upload this information to the LVFS. Using GNOME this would just be a slider in the control center Privacy panel, and I’ll leave it to the distros to decide if this slider should be on or off by default. If you’re using the fwupdmgr tool this is what it shows:

$ fwupdmgr report-history Target: https://the-lvfs-server/lvfs/firmware/report Payload: { "ReportVersion" : 1, "MachineId" : "9c43dd393922b7edc16cb4d9a36ac01e66abc532db4a4c081f911f43faa89337", "DistroId" : "fedora", "DistroVersion" : "27", "DistroVariant" : "workstation", "Reports" : [ { "DeviceId" : "da145204b296610b0239a4a365f7f96a9423d513", "Checksum" : "d0d33e760ab6eeed6f11b9f9bd7e83820b29e970", "UpdateState" : 2, "Guid" : "77d843f7-682c-57e8-8e29-584f5b4f52a1", "FwupdVersion" : "1.0.4", "Plugin" : "unifying", "Version" : "RQR12.05_B0028", "VersionNew" : "RQR12.07_B0029", "Flags" : 674, "Created" : 1515507267, "Modified" : 1515507956 } ] } Proceed with upload? [Y|n]:

Using this new information that the user volunteers, we can display a new line in the LVFS web-console:

Which expands out to the report below:

This means vendors using the LVFS know first of all how many downloads they have, and also the number of success and failures. This allows us to offer the same kind of staged deployment that Microsoft Update does, where you can limit the number of updated machines to 10,000/day or automatically pause the specific firmware deployment if > 1% of the reports come back with failures.

Some key points:

We don’t share the IP address with the vendor, in fact it’s not even saved in the MySQL database

The MachineId is a salted hash of your actual /etc/machine-id

The LVFS doesn’t store reports for firmware that it did not sign itself, i.e. locally built firmware archives will be ignored and not logged

You can disable the reporting functionality in all applications by editing /etc/fwupd/remotes.d/*.conf

We have an official GDPR document too — we’ll probably link to that from the Privacy panel in GNOME

Comments welcome.