installations, not participation in Fedora events
Reporter: zbyszek | Owner:
Status: new | Priority: normal
Component: General | Keywords:
for the operati[ng] system" . This line was added to allow Gnome to
It is currently shown by gnome-initial-setup .
== Recent attempts at updating ==
There have been two drafts that I'm aware of:
discussed at 
Neither of those significantly address issues that have been raised in
response to both proposals.
== What is wrong with current policy ==
[This part is subjective of course, please read it as prefixed with "IMO"
As stated in $subject, it's a policy for a different purpose. The privacy
prominently describe what information is collected (or otherwise made
public) when Fedora is installed, when a user account on the Fedora
machine is created, and in normal use of Fedora.
Crafting a clear and simple policy will make a good impression that Fedora
Project cares about it's users privacy, and is safe to use in situations
where preserving personal information is important.
A general problem is that existing policy and proposed draft do not make a
clear distinction between a) installing Fedora and downloading updates, b)
creating accounts for Fedora development and using the bug tracker, c)
participating in Fedora conferences and such. Those three broad categories
have completely different privacy implications. Without being clear to
which of those the policy pertains means that the policy greatly
overstates the types of information being collected. In effect the policy
is much more relaxed (i.e. bad for the users) than it could be.
Specific issues raised:
Should there be mention of NetworkManager-config-connectivity-fedora? (ie,
for captive portal)
In the section about 'Cookies and other Browser information', it might be
useful to mention that the 'User Agent ID' of Browsers that are packaged
in Fedora is configured to identify the system as running Fedora. 
For example, the list in "Publicly Available Personal Information" really
isn't palatable. A better way of showing this might be to say: "the
information you give when creating your account will be public by default.
You can see what data is publicly visible <here> (link to the public page
for the user), modify your privacy settings <here>, and request deletion
of the account <here>" 
I also don't like the "Personal Information" vs. "Non-Personal
Information". It might be how a lawyer works, but just because it pertains
to a computer and not to a person doesn't make it less identifying. 
be clear that it's talking about accounts for contributors (FAS) and not a
user account on your system or an online account you add via GOA, to make
it clear Fedora doesn't scrape your name (or other identifying details)
from Google / Facebook accounts added via GOA, nor the "Full Name" field
of user accounts on your computer. 
we may disclose personally identifiable information about you to
in limited circumstances, including:
- for research activities, including the production of statistical
aggregated information is used to describe our services and is not
contact the subjects of the report).
AFAIK, in Germany, it's the laws that any such "passing on
information" needs to be opt-in - "Opt-out" and "always-on"
What procedures are being put in place so that EU residents (and hopefully
everyone) can contact Fedora or Red Hat to obtain/understand/verify/delete
their machine data, beyond obviously personal data?
== tl; dr ==
The policy is too complicated, yet lacks detail and does not provide
Statements like "The Information We Collect ... your Fedora Account
password .. your SSH public key ... your affiliation" are not appropriate
I hope the Council can help to push towards a better policy document.
Currently things seem to be stuck in minimal edits over the last year and
half. Maybe the document should be opened for public editing on a wiki
somewhere so that people can rearrange the text and take it further from
current form. If the Council accepted the general idea of providing strong
privacy guarantees things could move forward.
Ticket URL: <https://fedorahosted.org/council/ticket/53>
Fedora Council Public Tickets