Hi all,
The following describes the policy for information controlled by the privacy flag in FAS.
https://fedoraproject.org/wiki/Legal:PrivacyPolicy#Publicly_Available_Person...
It appears to me that the IRC nickname if provided in FAS is also treated as public information in various places now regardless of the privacy settings. If I log into FAS and look at another user who has the privacy flag set I can see the IRC nickname, if I query the fas plugin to zodbot I also see the user's IRC nickname.
I do think the IRC nickname should be considered public information if provided (and especially for users with fedora cloaks) so I'm wondering if the privacy policy should just add this as a second exception along with the email address listed in the current policy?
I also have a question about what the "your affiliations" in the last bullet in that section refers to?
Thanks, John
On 03/08/2012 01:35 AM, inode0 wrote:
Hi all,
The following describes the policy for information controlled by the privacy flag in FAS.
https://fedoraproject.org/wiki/Legal:PrivacyPolicy#Publicly_Available_Person...
It appears to me that the IRC nickname if provided in FAS is also treated as public information in various places now regardless of the privacy settings. If I log into FAS and look at another user who has the privacy flag set I can see the IRC nickname, if I query the fas plugin to zodbot I also see the user's IRC nickname.
I do think the IRC nickname should be considered public information if provided (and especially for users with fedora cloaks) so I'm wondering if the privacy policy should just add this as a second exception along with the email address listed in the current policy?
This makes sense. We probably should also ask the Board (and Community) if there are any other changes they want to make to the privacy policy at the same time, since we have to make a big noise every time we change it (even for a minor change like this).
I also have a question about what the "your affiliations" in the last bullet in that section refers to?
At one point, there was a plan to extend FAS to show external "affiliations", but I don't think it ever happened. Toshio would know more, but he's off at PyCon atm.
~tom
== Fedora Project
On Thu, 08 Mar 2012 10:10:33 -0500 Tom Callaway tcallawa@redhat.com wrote:
On 03/08/2012 01:35 AM, inode0 wrote:
Hi all,
The following describes the policy for information controlled by the privacy flag in FAS.
https://fedoraproject.org/wiki/Legal:PrivacyPolicy#Publicly_Available_Person...
It appears to me that the IRC nickname if provided in FAS is also treated as public information in various places now regardless of the privacy settings. If I log into FAS and look at another user who has the privacy flag set I can see the IRC nickname, if I query the fas plugin to zodbot I also see the user's IRC nickname.
Yeah, this is a bug. ;(
We are fixing it now.
I do think the IRC nickname should be considered public information if provided (and especially for users with fedora cloaks) so I'm wondering if the privacy policy should just add this as a second exception along with the email address listed in the current policy?
This makes sense.
I'd be ok with ircnick being public too I suppose. I don't feel strongly about it though. ;)
I think we should clarify the email sentence tho. It says:
"The only exception to this is for your email address, which may still be visible in some Fedora services such as Bugzilla."
I think we should amend it to say:
"The only exception to this is for your email address, which will be publicly available."
Possibly adding a 'Fedora is a open community and identifies it's contributors by their email address, thus it's important to make this information available' or something.
Also, should we note something about usernames?
We probably should also ask the Board (and Community) if there are any other changes they want to make to the privacy policy at the same time, since we have to make a big noise every time we change it (even for a minor change like this).
Yeah. I wonder, should we consider badges? Would your badge information be public or private?
I also have a question about what the "your affiliations" in the last bullet in that section refers to?
At one point, there was a plan to extend FAS to show external "affiliations", but I don't think it ever happened. Toshio would know more, but he's off at PyCon atm.
yeah.
kevin
On 08/03/12 23:16, Kevin Fenzi wrote:
On Thu, 08 Mar 2012 10:10:33 -0500 Tom Callaway tcallawa@redhat.com wrote:
On 03/08/2012 01:35 AM, inode0 wrote:
Hi all,
The following describes the policy for information controlled by the privacy flag in FAS.
https://fedoraproject.org/wiki/Legal:PrivacyPolicy#Publicly_Available_Person...
It appears to me that the IRC nickname if provided in FAS is also treated as public information in various places now regardless of the privacy settings. If I log into FAS and look at another user who has the privacy flag set I can see the IRC nickname, if I query the fas plugin to zodbot I also see the user's IRC nickname.
Yeah, this is a bug. ;(
We are fixing it now.
I do think the IRC nickname should be considered public information if provided (and especially for users with fedora cloaks) so I'm wondering if the privacy policy should just add this as a second exception along with the email address listed in the current policy?
This makes sense.
I'd be ok with ircnick being public too I suppose. I don't feel strongly about it though. ;)
I think we should clarify the email sentence tho. It says:
"The only exception to this is for your email address, which may still be visible in some Fedora services such as Bugzilla."
I think we should amend it to say:
"The only exception to this is for your email address, which will be publicly available."
Possibly adding a 'Fedora is a open community and identifies it's contributors by their email address, thus it's important to make this information available' or something.
Also, should we note something about usernames?
We probably should also ask the Board (and Community) if there are any other changes they want to make to the privacy policy at the same time, since we have to make a big noise every time we change it (even for a minor change like this).
Yeah. I wonder, should we consider badges? Would your badge information be public or private?
I also have a question about what the "your affiliations" in the last bullet in that section refers to?
At one point, there was a plan to extend FAS to show external "affiliations", but I don't think it ever happened. Toshio would know more, but he's off at PyCon atm.
yeah.
kevin
legal mailing list legal@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/legal
I personally believe there should be a very frank discussion about this. There is a tendency to be quite liberal with personal information, which in my very humble opinion, in terms of the fas username is a security risk, in terms of the sign up email being shown, can allow anyone to write a script to query fas, and spam people to death, maybe harass them. In terms of the real name being shown, if you make public statements, you might disgruntle future employers, maybe your local judicial system, who do not value free speech, as the US constitution does or even worse, somebody just takes an exception to statements made, and you get arrested (happens a lot in other countries I hear). Of course these are all extreme examples, but I do not think we should underestimate these issue.
Further, speaking for myself, when I signed up years ago, I did not realise that: a. I could not change my username after sign up b. That this information was going to be public. Of course then, legally "you" would say, well we had this 100 page document in our terms and conditions, but does that make it right ? Should we as a free and open community not be better at respecting people's beliefs ? What if I want to change my username ? Or what if I want to delete my user/participation ? What are the procedures for our users ? What guarantees do we give people to protect their privacy/details after they leave, or they change their minds on being so open, in terms of disclosure ?
I personally think, these are very real concerns, especially when we see other corporations getting more and more greedy with information on the general public and more and more laws by government to snoop on people. We should also never forget, that it is getting harder and harder to delete data, which is why the EU is debating a "right to forget" law.
The community should have have a very frank and open discussion about these concerns and the board should then take up these issue, discuss the findings and make appropriate changes to the policies and how we inform our contributors about what happens with this data, and what and how we help them to erase any data about them.
Of course there have to be technical limits, especially as we use fas in pretty much everything, but these should be discussed too, and maybe work arounds found.
I apologise for this long email, but these are just some concerns I see with regards to this issue.
Regards,
Tristan
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 03/08/2012 03:42 PM, Tristan Santore wrote:
I personally believe there should be a very frank discussion about this. There is a tendency to be quite liberal with personal information, which in my very humble opinion, in terms of the fas username is a security risk, in terms of the sign up email being shown, can allow anyone to write a script to query fas, and spam people to death, maybe harass them. In terms of the real name being shown, if you make public statements, you might disgruntle future employers, maybe your local judicial system, who do not value free speech, as the US constitution does or even worse, somebody just takes an exception to statements made, and you get arrested (happens a lot in other countries I hear). Of course these are all extreme examples, but I do not think we should underestimate these issue.
I understand what you are saying. We have to balance personal rights with the rights of the community to know who they are entrusting. The "know who" in an online world comes about by interacting with people, building trust, and so forth.
In a simplistic sense, is what you are suggesting is that all FAS information be a secret that only a few sysadmins can access? Those sysadmins would be the centers of a trust web - I would have to trust those sysadmins that there are real people who can be reached (via email, for example) behind usernames.
In order to contact another user who I hadn't personally traded addresses with, I would have to use perhaps a web interface? Or would username@fedoraproject.org still be accessible information?
Further, speaking for myself, when I signed up years ago, I did not realise that: a. I could not change my username after sign up b. That this information was going to be public. Of course then, legally "you" would say, well we had this 100 page document in our terms and conditions, but does that make it right ?
I'm unclear here - are you saying it is not your responsibility to read and understand terms and conditions of websites you sign up for? If it is not your responsibility, whose is it?
If the document truly were 100 pages ... but I've always seen Fedora strive for brevity in all legal documents.
Should we as a free and open community not be better at respecting people's beliefs ? What if I want to change my username ? Or what if I want to delete my user/participation ? What are the procedures for our users ? What guarantees do we give people to protect their privacy/details after they leave, or they change their minds on being so open, in terms of disclosure ?
I can sort-of answer about the username change. I may be the only person in Fedora history who had this done - I asked for it especially because I had mistakenly signed-up as or received 'kwade' as my username. (I keep a strict separation so 'kwade=work' and 'quaid=community'.)
It was a huge pain that still has little cracks in it - teams where I was signed up as 'kwade', for example. I don't blame the Infrastructure Team for not wanting to do it anymore. The problem AIUI is, FAS was never designed to allow for usernames to be changed. (I don't know of any account system that really is - it may allow for an alias to be changed, but underneath is a UUID of some sort that can never be reused. For example, accounts in FAS are not deleted but rather are locked-as-closed, so no new person can reuse another username. I think this is key in the web-of-trust - I want to know that 'spot' is always the same 'spot', or at least someone who has his credentials and can write as well as he does.)
So that use case I suspect won't happen unless you or someone else rewrites FAS to allow for it.
I personally think, these are very real concerns, especially when we see other corporations getting more and more greedy with information on the general public and more and more laws by government to snoop on people. We should also never forget, that it is getting harder and harder to delete data, which is why the EU is debating a "right to forget" law.
The community should have have a very frank and open discussion about these concerns and the board should then take up these issue, discuss the findings and make appropriate changes to the policies and how we inform our contributors about what happens with this data, and what and how we help them to erase any data about them.
The problem that I see so far about "right to forget" for Fedora is that we are a publicly accessible open source project. Our data is, by nature, shared and archived all around the Internet. People have come in the past and requested to e.g. have all their emails removed from our mailing list archives. The problem is, we don't control the dozens or hundreds of other locations that have that email archived. It is literally impossible for Fedora to erase public data related to a username, especially when that user willingly wrote to e.g. public mailing lists.
So while I understand and sympathize with our sisters and brothers being oppressed around the world, if they have concern about what they say and do in Fedora, they should take appropriate steps to make themselves anonymous. It is likely there are users right now making copyright contributions to Fedora who are entirely anonymous fictitious persons to protect people who need or desire anonymity. Although I might not formally condone that, I certainly am able to build trust with someone who chooses anonymity - in fact, I've done that with someone whose anonymity and honesty stretches to not contributing actual copyright material nor making contribution agreements because "he" is anonymous.
Myself, I have an equal concern that I can identify properly the people who have contributed copyright material to Fedora, so I can properly attribute and/or reuse as per the terms of the license. Does my concern outweigh the political and personal risk people have when they identify themselves in FAS? Maybe not in other venues, but in the venue of "free/libre/open source software project", perhaps my concern *does* outweigh a right to total privacy and anonymity.
- - Karsten
Of course there have to be technical limits, especially as we use fas in pretty much everything, but these should be discussed too, and maybe work arounds found.
I apologise for this long email, but these are just some concerns I see with regards to this issue.
Regards,
Tristan
- -- name: Karsten 'quaid' Wade, Sr. Community Architect team: Red Hat Community Architecture & Leadership uri: http://communityleadershipteam.org http://TheOpenSourceWay.org gpg: AD0E0C41
On Thu, 08 Mar 2012 17:09:17 -0800 "Karsten 'quaid' Wade" kwade@redhat.com wrote:
I understand what you are saying. We have to balance personal rights with the rights of the community to know who they are entrusting. The "know who" in an online world comes about by interacting with people, building trust, and so forth.
In a simplistic sense, is what you are suggesting is that all FAS information be a secret that only a few sysadmins can access? Those sysadmins would be the centers of a trust web - I would have to trust those sysadmins that there are real people who can be reached (via email, for example) behind usernames.
In order to contact another user who I hadn't personally traded addresses with, I would have to use perhaps a web interface? Or would username@fedoraproject.org still be accessible information?
I don't think making 'username' private is practical or desirable.
Our community is a meritocracy (or we would at least like it to be). Without some identifier for a persons actions and accomplishments, we can't know who should be allowed to do more or less based on merit.
From a technical side, virtually all our tools would stop working or become useless. ;) Imagine filing a ticket and thinking, "Hey, someone could fix this, if I only could add them to the ticket to look, oh well".
Further, speaking for myself, when I signed up years ago, I did not realise that: a. I could not change my username after sign up b. That this information was going to be public. Of course then, legally "you" would say, well we had this 100 page document in our terms and conditions, but does that make it right ?
I'm unclear here - are you saying it is not your responsibility to read and understand terms and conditions of websites you sign up for? If it is not your responsibility, whose is it?
If the document truly were 100 pages ... but I've always seen Fedora strive for brevity in all legal documents.
Yeah. This has also been changed... if you sign up for a new account now there is a large banner at the top:
NOTE: Username is permanent (i.e. it cannot be changed after registration and will never be deleted from the system). Personal information may be updated or removed at any time.
See: https://admin.fedoraproject.org/accounts/user/new
...snip renaming...
So that use case I suspect won't happen unless you or someone else rewrites FAS to allow for it.
Yeah, renaming is a great deal harder than it seems.
Not only do you need to just rename the user, but you have to update all groups, change ownership of any files on any machines the old username had, etc.
Additionally, it breaks audit trail.
Say I sign up as 'phred' and gain a bunch of abilities, and I work on a bunch of things, then rename my account to 'phredq'. Unless there's a clear and easy to follow audit trail there, if I come along and see something 'phred' did I have no way to contact them or know who they are.
...snip good questions and answers...
kevin
-
inode0 -
Karsten Wade -
Kevin Fenzi -
Tom Callaway -
Tristan Santore