Golang is terrible for Privacy?

Hi there

i see that in golang you have modules and when you use these modules google does track your ip and log the instance each time you download a golang module. which i think i terrible for privacy. is this something most are not bothered or you have some privacy protection hacks you can apply when using golang modules thanks

From https://proxy.golang.org:

These services can only access publicly available source code. If you depend on private modules, set GOPRIVATE to a glob pattern that covers them. See Module configuration for non-public modules in the go command documentation for more details.

To opt-out of this module mirror, you can turn it off by setting GOPROXY=direct

2 Likes

In addition to @NobbZ’s advice, you can also set up your own private Go module proxy server.

Also, the proxy documentation describes what is being logged:

If I don’t set GOPRIVATE and request a private module from these services, what leaks?

The proxy and checksum database protocols only send module paths and versions to the remote server. If you request a private module, the mirror will try to download it just as any Go user would and fail in the same way. Information about failed requests isn’t published anywhere. The only trace of the request will be in internal logs, which are governed by the privacy policy.

And the privacy policy says,

We use that data for monitoring and debugging. In general, we’ve built these services to retain as little information about usage as possible while still ensuring that we are able to detect and fix problems.

We do not store logged personally identifiable information such as IP addresses for more than 30 days. We also do not correlate or combine information from our request logs with any personal information that you have provided Google for other services.

2 Likes

In addition to the excellent notes already made, I’m curious about package managers you’re using that are better about privacy than go modules.

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.