Description: AppRecommender is a package recommender system for Debian systems (and derivatives). Currently, AppRecommender only uses content-based recommendation strategies. One idea is for the application to also support collaborative recommendations, which would recommend packages based on users with similar package profiles. However, in order to do that, Popularity-contest data would be required. Therefore, this talk will discuss how this data can be used and also raise some security and privacy concerns about using them. AppRecommender went through NEW during Debconf and is already available in unstable. =============================================================================== BoF: Privacy considerations on using popularity-contest data for recommendations =============================================================================== AppRecommender ----- * A package recommender system for Debian (and derivatives) * Use the packages manually installed through apt to generate new recommendations Main goal of this BoF --------------------- * Discuss the privacy and security questions related on using popularity-contest data for recommendations * Discuss how we pretend to use the information provided by popularity-contest Conversation topics ------------------- * What is AppRecommender * What is a popularity-contest submission * How we believe popularity-contest could provide a file to be used for collaborative recommendation * Privacy and security concerns * Popularity-contest user did not agree to provide data for recommendation purposes. * Identify users by rare packages * Considerations regarding the generated cluster file * Remove packages that are used just by few users * Randomize submissions before processing them * Don't use all submissions to generate the file * Associate a random package to each submission before processing them * Examples: - pkgs_clusters: git-0:1 vagrant-0:1;1:1 vim-1:1 - 0.1;0.5;0.7 0.3;0.4;0.9 Session notes ------------- * SHOULD mention the fact that submissions are used for recommendation in the popularity-contest package description * as long as apprecommender does not send stuff to a server, it should be fine. * GOOD POINT: clustering is included in "statistics", already mentioned in the popularity-contest debconf question on whether to enable it or not. * we should have a discussion debian-devel OR debian-project mailling about this before going live; even it generates a flamewar, it's better to have it now than to have it later after this is already live * Remind to send an email to both debian-devel and debian-project about that * Notify Debian users about our intention on using popularity-contest data * Use this data for also test upgrade, on packages that belong together on a cluster. * Look at boxer package and see if it is a complement for AppRecommender. * Find cluster which mainly focusing on package applications and use them while also discarding cluster mainly focusing on lib packages. Questions --------- TODO ----