https://fedoraproject.org/wiki/User:Pfrields/PrivacyPolicyRedux
There is still a significant section missing from the draft (on sharing information) but I hope to have something there by Wednesday. This hasn't been vetted through any actual attorneys but I wanted the WG to be aware of it and to see diffs.
On Mon, 2015-03-16 at 15:04 -0400, Paul W. Frields wrote:
https://fedoraproject.org/wiki/User:Pfrields/PrivacyPolicyRedux
There is still a significant section missing from the draft (on sharing information) but I hope to have something there by Wednesday. This hasn't been vetted through any actual attorneys but I wanted the WG to be aware of it and to see diffs.
Thanks, Paul. A few minor suggestions:
- In the section about 'Cookies and other Browser information', it might be useful to mention that the 'User Agent ID' of Browsers that are packaged in Fedora is configured to identify the system as running Fedora.
- In the 'IP addresses' section, we might want to mention that Fedora 'pings home' to determine network connectivity.
Re user agents. My financial institution recognizes Linux as a response. Their comment "Too many Linux versions to stipulate that we recognize them each." Ditto for other systems such as Mac and android. If the browser is not recognized, it is considered insecure, and the bank's system will not proceed with communication. Regards Leslie Mr. Leslie Satenstein Montréal Québec, Canada
From: Matthias Clasen mclasen@redhat.com To: desktop@lists.fedoraproject.org Sent: Monday, March 16, 2015 8:22 PM Subject: Re: Privacy policy, new draft
On Mon, 2015-03-16 at 15:04 -0400, Paul W. Frields wrote:
https://fedoraproject.org/wiki/User:Pfrields/PrivacyPolicyRedux
There is still a significant section missing from the draft (on sharing information) but I hope to have something there by Wednesday. This hasn't been vetted through any actual attorneys but I wanted the WG to be aware of it and to see diffs.
Thanks, Paul. A few minor suggestions:
- In the section about 'Cookies and other Browser information', it might be useful to mention that the 'User Agent ID' of Browsers that are packaged in Fedora is configured to identify the system as running Fedora.
- In the 'IP addresses' section, we might want to mention that Fedora 'pings home' to determine network connectivity.
On Mon, Mar 16, 2015 at 03:04:21PM -0400, Paul W. Frields wrote:
https://fedoraproject.org/wiki/User:Pfrields/PrivacyPolicyRedux
There is still a significant section missing from the draft (on sharing information) but I hope to have something there by Wednesday. This hasn't been vetted through any actual attorneys but I wanted the WG to be aware of it and to see diffs.
IIUC, this is the policy to be linked from PRIVACY_POLICY in os-release. If not, then my comments are probably mostly irrelevant.
My issue with the text as it is now is that it lists all kinds of things which *might* be collected. So it protects the project from liability. But it does not answer the question of a user what information is exposed in various situations.
The roots of this text in the corporate-designed policy are still very much visible. For example, it places heavy emphasis on the data collected at conventions and trade shows. But for a majority of users of Fedora this isn't interesting — I'd guess that everybody knows that if they sign up for a contest during a fair, their name is kept somewhere — but they'd instead like to know what kind of information is exposed and stored when they install Fedora, install updates, enter bug reports, use ask.fedora.
To present all this information in a form which is palatable for a normal user, I think it should be broken into a few broad types of usage: normal use of Fedora, requesting help through forums, bug tracker, mailing lists, registration as a project member.
- If you download and/or install Fedora, and/or enable updates, your IP and Fedora version will be logged on Fedora servers and will be visible to anyone who can watch your traffic. The list of packages and their versions too.
- If you create an account in the bugzilla to post bug reports or create and account on a Fedora user forum (ask.fp.o), your e-mail address and name and IP address will be stored, and ... will be publicly visible.
- If you register to become a Fedora contributor, your GPG key, timezone, and location if you decide to share it will be publicly visible.
I presume that PRIVACY_POLICY will point to this. I think it should be mentioned that this is the official policy linked to from GNOME privacy policy dialog.
Zbyszek
----- Original Message -----
On Mon, Mar 16, 2015 at 03:04:21PM -0400, Paul W. Frields wrote:
https://fedoraproject.org/wiki/User:Pfrields/PrivacyPolicyRedux
There is still a significant section missing from the draft (on sharing information) but I hope to have something there by Wednesday. This hasn't been vetted through any actual attorneys but I wanted the WG to be aware of it and to see diffs.
IIUC, this is the policy to be linked from PRIVACY_POLICY in os-release. If not, then my comments are probably mostly irrelevant.
My issue with the text as it is now is that it lists all kinds of things which *might* be collected. So it protects the project from liability. But it does not answer the question of a user what information is exposed in various situations.
The roots of this text in the corporate-designed policy are still very much visible. For example, it places heavy emphasis on the data collected at conventions and trade shows. But for a majority of users of Fedora this isn't interesting — I'd guess that everybody knows that if they sign up for a contest during a fair, their name is kept somewhere — but they'd instead like to know what kind of information is exposed and stored when they install Fedora, install updates, enter bug reports, use ask.fedora.
To present all this information in a form which is palatable for a normal user, I think it should be broken into a few broad types of usage: normal use of Fedora, requesting help through forums, bug tracker, mailing lists, registration as a project member.
If you download and/or install Fedora, and/or enable updates, your IP and Fedora version will be logged on Fedora servers and will be visible to anyone who can watch your traffic. The list of packages and their versions too.
If you create an account in the bugzilla to post bug reports or create and account on a Fedora user forum (ask.fp.o), your e-mail address and name and IP address will be stored, and ... will be publicly visible.
If you register to become a Fedora contributor, your GPG key, timezone, and location if you decide to share it will be publicly visible.
I presume that PRIVACY_POLICY will point to this. I think it should be mentioned that this is the official policy linked to from GNOME privacy policy dialog.
Nothing much to add to this review.
The list of things that "could" be collected shouldn't need to be exhaustive, instead we should focus on how data we give "Fedora" is going to be used and shared.
For example, the list in "Publicly Available Personal Information" really isn't palatable. A better way of showing this might be to say: "the information you give when creating your account will be public by default. You can see what data is publicly visible <here> (link to the public page for the user), modify your privacy settings <here>, and request deletion of the account <here>"
I also don't like the "Personal Information" vs. "Non-Personal Information". It might be how a lawyer works, but just because it pertains to a computer and not to a person doesn't make it less identifying.
I would focus instead on what is enabled by default, depending on the service. For example, instead of burying the installer geolocation usage under "IP addresses": " Installer
The installer, by default, will attempt to locate the country you are in to detect the default timezone and languages to use using your IP address. The timezone and languages can be changed during and after installation. You can also disable this feature through <link: an option to the installer>. "
There I know what piece of software does something, why it does it (which is obviously very important to justify the collection), and how to disable it.
Cheers
Another point that I think is important to mention is that the privacy policy needs to refer to "user account" in such way that it'll be clear that it's talking about accounts for contributors (FAS) and not a user account on your system or an online account you add via GOA, to make it clear Fedora doesn't scrape your name (or other identifying details) from Google / Facebook accounts added via GOA, nor the "Full Name" field of user accounts on your computer.
On Thu, Mar 19, 2015 at 02:36:31PM +0200, Elad Alfassa wrote:
Another point that I think is important to mention is that the privacy policy needs to refer to "user account" in such way that it'll be clear that it's talking about accounts for contributors (FAS) and not a user account on your system or an online account you add via GOA, to make it clear Fedora doesn't scrape your name (or other identifying details) from Google / Facebook accounts added via GOA, nor the "Full Name" field of user accounts on your computer.
Good point, I've added this to our new draft still in progress.
desktop@lists.stg.fedoraproject.org