[R] Question about R software and output

Ivan Krylov kry|ov@r00t @end|ng |rom gm@||@com
Tue Oct 3 16:41:52 CEST 2023

В Mon, 2 Oct 2023 07:48:36 +0000
"Ferguson Charity (CEMINFERGUSON)" <Charity.Eminferguson using gstt.nhs.uk>

> My understanding is that the R software is downloaded from a CRAN
> network

This is mostly true. (There are other ways of installing R, but it is
most frequently downloaded from a CRAN mirror.)

> and data is imported into it using Microsoft Excel for example.

This is not exactly the case.

It is possible to prepare data using Microsoft Excel and store it in
the Microsoft Excel format, but the actual import process is performed
either using base R functions (e.g. read.csv(), which is built into R),
or using third-party packages running inside R (e.g. "openxlsx", which
is available on CRAN) that implement the functions necessary to
transform Excel format into R data structures.

It is also possible to prepare data using other software, or type it
manually into R, or store it only in R's native data format (using
the saveRDS() or save() functions).

> Could I please just double check whether any data or results from the
> output is held on external servers or is it just held on local files
> on the computer?

As long as you're running R on your own computer, it should keep the
data locally. The words of a J. Random Hacker from the Internet don't
carry much weight with government agencies (as they shouldn't), but the
source code of R is open to audits. Additionally, there are some
guidance documents at <https://www.r-project.org/certification.html>.

Note that this only covers R itself and not any third-party software
packages that you could be using together with R. (You could also be
connecting to an RStudio server or running an instance of webR in your
web browser, in which case your data is subject to the privacy policy
of the server administrators.) For example, the "googleCloudRunner"
package available on CRAN is designed for the purpose of running code
on Google infrastructure and will send the data there if asked to.

CRAN packages are required never to do anything that might be regarded
as antisocial <https://cran.r-project.org/web/packages/policies.html>,
but a dedicated attacker may be able to slip something past the
reviewers anyway.

Since your e-mail address contains nhs.uk, the
<https://nhsrcommunity.com/> website could help you find the
information you need.

Best regards,

More information about the R-help mailing list