Anonymous reviews in GNOME Software

Choosing an application to install is hard when there are lots of possible projects matching a specific search term. We already list applications based on the integration level and with useful metrics like “is it translated in my language” and this makes sure that high quality applications are listed near the top of the results. For more information about an application we often want a more balanced view than the PR speak or unfounded claims of the upstream project. This is where user-contributed reviews come in.


To get a user to contribute a review (which takes time) we need to make the process as easy as possible. Making the user create a user account on yet-another-webservice will make this much harder and increase the barrier to participation to the point that very few people would contribute reviews. If anonymous reviewing does not work the plan is to use some kind of attestation service so you can use a GMail or Facebook for confirming your identity. At this point I’m hoping people will just be nice to each other and not abuse the service although this reviewing facility will go away if it starts being misused.

Designing an anonymous service is hard when you have to be resilient against a socially awkward programmer with specific political ideologies. If you don’t know any people that match this description you have obviously never been subscribed to fedora-devel or memo-list.

Obviously when contacting a web service you share your IP address. This isn’t enough to uniquely identify a machine and user, which we want for the following reasons:

  • Allowing users to retract only their own reviews
  • Stopping users up or down-voting the same review multiple times

A compromise would be to send a hash of two things that identify the user and machine. In GNOME Software we’re using a SHA1 hash of the machine-id and the UNIX username along with a salt, although this “user_id” is only specified as a string and the format is not checked.

For projects like RHEL where we care very much what comments are shown to paying customers we definitely want reviews to be pre-approved and checked before showing to customers. For distros like Fedora we don’t have this luxury and so we’re going to rely on the community to self-regulate reviews. Reviews are either up-voted or down-voted according how useful they are along with the nuclear option of marking the review as abusive.


By specifying the users current locale we can sort the potential application reviews according to a heuristic that we’re still working on. Generally we want to prefer useful reviews in the users locale and hide ones that have been marked as abusive, and we also want to indicate the users self-review so they can remove it later if required. We also want to prioritize reviews for the current application version compared to really old versions of these applications.

Comments welcome!

Published by


Richard has over 10 years of experience developing open source software. He is the maintainer of GNOME Software, PackageKit, GNOME Packagekit, GNOME Power Manager, GNOME Color Manager, colord, and UPower and also contributes to many other projects and opensource standards. Richard has three main areas of interest on the free desktop, color management, package management, and power management. Richard graduated a few years ago from the University of Surrey with a Masters in Electronics Engineering. He now works for Red Hat in the desktop group, and also manages a company selling open source calibration equipment. Richard's outside interests include taking photos and eating good food.

13 thoughts on “Anonymous reviews in GNOME Software”

  1. How are you thinking on prevent fake reviews? I’m asking because after the issue with Amazon’s reviews being bought I trust very few reviews.

    1. I’m kinda hoping people will just downvote bad reviews. Given enough votes on reviews the good ones should bubble up to the top and the bad ones disappear. If people misuse the service I’ll just take the service away or require a facebook login or something.

  2. This feature would be great, but I personally would fear anonymous reviews. What will happen when it is used for spam or illegal stuff? Can one mark reviews as such? Will they be removed? When I read the social media these days, I have the feeling it gets crazier every day…

    1. No, I don’t think that’s going to work. Upstream doesn’t have to listen to the comments, and I don’t want to re-invent another support channel. It’s just not designed for that, and I think “reviews” that are just bugreports will be downvoted by other users.

      1. This is a good point. It would be nice to tell people that this is not a good place to report bugs and issues. Mozilla does this in their addon review form.

  3. How about making sure the stars system makes sense as well?

    In Discover we’ve had the 5 stars for a while (because we come from Ubuntu’s rnr service, which used stars) and there’s some people pushing into evaluating resources with positive/neutral/negative, rather than stars.

    Other than that: yes, I too want a review system around AppStream and it could be good if we could get it to stay anonymous.

  4. I like the idea, but fear it is doomed because “At this point I’m hoping people will just be nice to each other and not abuse the service” That is pretty much catnip to a certain type of socially awkward to worse personality.

    On the other hand, I don’t know of how one develop’s Satan’s Facebook (to use the Ross Anderson programming Satan’s computer) a step further.

  5. Hey Richard, great work. One thing though, please don’t assume that the review is written in the same locale that the app is running under. Look at Steam reviews how they do it, there’s a small drop-down allowing you to select the language your review is written in. I admit this feature is more useful in a social context (when you have a mixture of local and international friends, you often choose to publish a review in an international language to allow all of them to understand it), which gnome-software won’t have (at least not now), but it’s still pretty common to run my desktop in say Czech language but write reviews in English, so that it gets more useful for more people.

    If there’s no “review language” drop-down, some people will assume you detect the language automatically (even if you did, it will fail from time to time) and some people will feel constrained to their desktop language and feel unhappy. Both has suboptimal results. We’re moving into a multilingual world and people will prefer software which reflects that. Thanks.

  6. The design doesn’t make it clear that the reviews will be public. Nor does it make it super-clear that this is neither a comment nor support form. The “Post” button should say “Publish Review”, for example.

  7. Reviews should be available to all and not locked to a specific environment (GNOME in this example) as is often seen in proprietary software.
    Think about it. I can help if needed.

    1. They are! It’s not locked to GNOME or Fedora in any way. I’d be happy to discuss adding support for this stuff with the Muon guys for instance.

Comments are closed.