Hi,
we are working on improving the abrt integration in the Fedora Workstation for F22. Part of this is adding a 'automatic bug reporting' setting to the privacy panel in the control center (see the last mockup in https://raw.githubusercontent.com/gnome-design-team/gnome-mockups/master/sys... )
The design suggests that we should include a link to privacy policy of the OS vendor here. I've been pointed at https://fedoraproject.org/wiki/Legal:PrivacyPolicy as the existing Fedora privacy policy, but that seems entirely focused on Fedora the project, not on the OS itself. It also does not mention coredumps (and the associated data we may collect) at all. Could you add a section about that here, or should there be a separate page describing the privacy expectations when using Fedora, the OS ?
Matthias
On 01/13/2015 09:58 PM, Matthias Clasen wrote:
we are working on improving the abrt integration in the Fedora Workstation for F22. Part of this is adding a 'automatic bug reporting' setting to the privacy panel in the control center (see the last mockup in https://raw.githubusercontent.com/gnome-design-team/gnome-mockups/master/sys... )
How do you implement anonymous submission and scrubbing of private data?
On 01/13/2015 03:58 PM, Matthias Clasen wrote:
Hi,
we are working on improving the abrt integration in the Fedora Workstation for F22. Part of this is adding a 'automatic bug reporting' setting to the privacy panel in the control center (see the last mockup in https://raw.githubusercontent.com/gnome-design-team/gnome-mockups/master/sys... )
The design suggests that we should include a link to privacy policy of the OS vendor here. I've been pointed at https://fedoraproject.org/wiki/Legal:PrivacyPolicy as the existing Fedora privacy policy, but that seems entirely focused on Fedora the project, not on the OS itself. It also does not mention coredumps (and the associated data we may collect) at all. Could you add a section about that here, or should there be a separate page describing the privacy expectations when using Fedora, the OS ?
How does this sound?
== Automatic Bug Reporting == Fedora contains tools designed to detect and report bugs when they occur on your system. These tools are configured so that the end-user must opt-in to reporting these bugs to us (either via a system-wide setting or on a case-by-case basis).
In reporting these bugs, we collect debugging information about the state of your system and its running applications. Every attempt is made to anonymize these reports and scrub them of personal information, however, it is possible that they may still contain personal information and/or information about your computer usage. Please keep this in mind before submitting these bug reports. By choosing to submit these reports, you are giving Fedora permission to use their contents, even if those contents contain personal information about you and/or your computer usage.
~tom
== Red Hat
On Wed, 2015-01-14 at 11:39 -0500, Tom Callaway wrote:
On 01/13/2015 03:58 PM, Matthias Clasen wrote:
Hi,
we are working on improving the abrt integration in the Fedora Workstation for F22. Part of this is adding a 'automatic bug reporting' setting to the privacy panel in the control center (see the last mockup in https://raw.githubusercontent.com/gnome-design-team/gnome-mockups/master/sys... )
The design suggests that we should include a link to privacy policy of the OS vendor here. I've been pointed at https://fedoraproject.org/wiki/Legal:PrivacyPolicy as the existing Fedora privacy policy, but that seems entirely focused on Fedora the project, not on the OS itself. It also does not mention coredumps (and the associated data we may collect) at all. Could you add a section about that here, or should there be a separate page describing the privacy expectations when using Fedora, the OS ?
How does this sound?
== Automatic Bug Reporting == Fedora contains tools designed to detect and report bugs when they occur on your system. These tools are configured so that the end-user must opt-in to reporting these bugs to us (either via a system-wide setting or on a case-by-case basis).
In reporting these bugs, we collect debugging information about the state of your system and its running applications. Every attempt is made to anonymize these reports and scrub them of personal information, however, it is possible that they may still contain personal information and/or information about your computer usage. Please keep this in mind before submitting these bug reports. By choosing to submit these reports, you are giving Fedora permission to use their contents, even if those contents contain personal information about you and/or your computer usage.
That sounds pretty good to me, thanks.
== Automatic Bug Reporting == Fedora contains tools designed to detect and report bugs when they occur on your system. These tools are configured so that the end-user must opt-in to reporting these bugs to us (either via a system-wide setting or on a case-by-case basis).
In reporting these bugs, we collect debugging information about the state of your system and its running applications. Every attempt is made to anonymize these reports and scrub them of personal information, however, it is possible that they may still contain personal information and/or information about your computer usage. Please keep this in mind before submitting these bug reports. By choosing to submit these reports, you are giving Fedora permission to use their contents, even if those contents contain personal information about you and/or your computer usage.
I'm not comfortable with this message. It's extremely broad, and there some loose ends we really should clarify.
1) What do we do about other things that collect user data (Firefox will send bug reports to Mozilla, not Fedora, for example). We've mostly just ignored this in the past as best as I can tell.
2) If we find personal information in a bug report, what will do we do?
3) What exactly are we collecting? This should be clearly defined so we know where the line is, and when it gets crossed. It's easy for things like to feature their way to being dangerous.
4) How long do we keep the data?
We also will need to ensure the Fedora privacy policy is adjusted to reflect this.
On Friday, January 16, 2015 06:58:51 AM Josh Bressers wrote:
== Automatic Bug Reporting == Fedora contains tools designed to detect and report bugs when they occur on your system. These tools are configured so that the end-user must opt-in to reporting these bugs to us (either via a system-wide setting or on a case-by-case basis).
In reporting these bugs, we collect debugging information about the state of your system and its running applications. Every attempt is made to anonymize these reports and scrub them of personal information, however, it is possible that they may still contain personal information and/or information about your computer usage. Please keep this in mind before submitting these bug reports. By choosing to submit these reports, you are giving Fedora permission to use their contents, even if those contents contain personal information about you and/or your computer usage.
I'm not comfortable with this message. It's extremely broad, and there some loose ends we really should clarify.
- What do we do about other things that collect user data (Firefox will
send bug reports to Mozilla, not Fedora, for example). We've mostly just ignored this in the past as best as I can tell.
If we find personal information in a bug report, what will do we do?
What exactly are we collecting? This should be clearly defined so we
know where the line is, and when it gets crossed. It's easy for things like to feature their way to being dangerous.
- How long do we keep the data?
What about things that collect information about the end user that the end user may not know is being collected, like zeitgiest? While its not supposed to leave the system, people might be surprised to know how much has been collected and how long. Opt-out instructions at a minimum might be nice.
-Steve
On Fri, 2015-01-16 at 16:04 -0500, Steve Grubb wrote:
What about things that collect information about the end user that the end user may not know is being collected, like zeitgiest? While its not supposed to leave the system, people might be surprised to know how much has been collected and how long. Opt-out instructions at a minimum might be nice.
Lets try to stay on topic here. I've asked a fairly concrete question about amending the privacy policy to mention ABRT. And I'd like to get that settled before this thread looses focus.
Zeitgeist is a different discussion, and not one we need to have now, since it is not even installed by default.
Its been a few weeks.
https://fedoraproject.org/wiki/Legal:PrivacyPolicy
still states: This Privacy Statement was last amended on August 14, 2008.
Can we come to some conclusion and either update the policy, or create a separate document that talks about Fedora, the product, instead of Fedora the project ?
Thanks, Matthias
On 02/13/2015 10:14 AM, Matthias Clasen wrote:
Its been a few weeks.
https://fedoraproject.org/wiki/Legal:PrivacyPolicy
still states: This Privacy Statement was last amended on August 14, 2008.
Can we come to some conclusion and either update the policy, or create a separate document that talks about Fedora, the product, instead of Fedora the project ?
In order to do either, I need to understand how we (Red Hat/Fedora) are storing personal data about users and systems. I need to sync up with the abrt team to determine what they are collecting and storing, and for how long. If the Desktop group is collecting and storing any information, it would be good to know that as well (you can send it directly to me).
~tom
== Red Hat
On Fri, Feb 13, 2015 at 11:16:59AM -0500, Tom Callaway wrote:
In order to do either, I need to understand how we (Red Hat/Fedora) are storing personal data about users and systems. I need to sync up with the abrt team to determine what they are collecting and storing, and for how long. If the Desktop group is collecting and storing any information, it would be good to know that as well (you can send it directly to me).
As mentioned at DevConf, I'd like to explore the idea of having machines report a tuple of:
uuid | fedora version | fedora edition or spin
Where the UUID would be randomly generated, not used for anything else, and regenerated within a relatively short window (because tracking over time isn't the intent). The log could discard IP addresses so those wouldn't be correlated as well.
On Fri, 2015-02-13 at 11:16 -0500, Tom Callaway wrote:
On 02/13/2015 10:14 AM, Matthias Clasen wrote:
Its been a few weeks.
https://fedoraproject.org/wiki/Legal:PrivacyPolicy
still states: This Privacy Statement was last amended on August 14, 2008.
Can we come to some conclusion and either update the policy, or create a separate document that talks about Fedora, the product, instead of Fedora the project ?
In order to do either, I need to understand how we (Red Hat/Fedora) are storing personal data about users and systems. I need to sync up with the abrt team to determine what they are collecting and storing, and for how long. If the Desktop group is collecting and storing any information, it would be good to know that as well (you can send it directly to me).
We are not; we are merely providing the UI for what abrt is doing.
Hi Tom,
copy-pasting my previous answer about the nature of data collected (it may have been in another thread): """ The data contained in the automatic bug report (uReport) is described here: https://github.com/abrt/faf/wiki/uReport It was designed with anonymity as a requirement and doesn't contain any user sensitive data, only a simple backtrace and some statistical info like OS version and related package versions. We don't save IP addresses where the reports are coming from.
Reporting to Bugzilla may contain sensitive data (coredump), but is manual, for advanced users only and the user is required to do a review of the data. """ I would add that if a user uploads to Bugzilla, he's agreeing to Bugzilla's privacy policy, so that case probably doesn't concern Fedora directly.
Right now, processed data is begin stored for indefinite time in the database, the original uReport files uploaded are archived for approx. one year.
If you need anything more or to clarify something, please don't hesitate to contact us. Thank you.
Marek
----- Original Message -----
From: "Tom Callaway" tcallawa@redhat.com To: "Matthias Clasen" mclasen@redhat.com, legal@lists.fedoraproject.org Sent: Friday, February 13, 2015 5:16:59 PM Subject: Re: [Fedora-legal-list] Privacy policy
On 02/13/2015 10:14 AM, Matthias Clasen wrote:
Its been a few weeks.
https://fedoraproject.org/wiki/Legal:PrivacyPolicy
still states: This Privacy Statement was last amended on August 14, 2008.
Can we come to some conclusion and either update the policy, or create a separate document that talks about Fedora, the product, instead of Fedora the project ?
In order to do either, I need to understand how we (Red Hat/Fedora) are storing personal data about users and systems. I need to sync up with the abrt team to determine what they are collecting and storing, and for how long. If the Desktop group is collecting and storing any information, it would be good to know that as well (you can send it directly to me).
~tom
== Red Hat
legal mailing list legal@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/legal
On Fri, Feb 13, 2015 at 11:16:59AM -0500, Tom Callaway wrote:
On 02/13/2015 10:14 AM, Matthias Clasen wrote:
Its been a few weeks.
https://fedoraproject.org/wiki/Legal:PrivacyPolicy
still states: This Privacy Statement was last amended on August 14, 2008.
Can we come to some conclusion and either update the policy, or create a separate document that talks about Fedora, the product, instead of Fedora the project ?
In order to do either, I need to understand how we (Red Hat/Fedora) are storing personal data about users and systems. I need to sync up with the abrt team to determine what they are collecting and storing, and for how long. If the Desktop group is collecting and storing any information, it would be good to know that as well (you can send it directly to me).
I edited the current policy into a new draft here: https://fedoraproject.org/wiki/User:Pfrields/PrivacyPolicyRedux
I notified the Workstation WG about the new draft since work in that group is what motivated the changes. Tom, did you want to review and comment before we decide what to do with this next?
On 03/16/2015 03:06 PM, Paul W. Frields wrote:
On Fri, Feb 13, 2015 at 11:16:59AM -0500, Tom Callaway wrote:
On 02/13/2015 10:14 AM, Matthias Clasen wrote:
Its been a few weeks.
https://fedoraproject.org/wiki/Legal:PrivacyPolicy
still states: This Privacy Statement was last amended on August 14, 2008.
Can we come to some conclusion and either update the policy, or create a separate document that talks about Fedora, the product, instead of Fedora the project ?
In order to do either, I need to understand how we (Red Hat/Fedora) are storing personal data about users and systems. I need to sync up with the abrt team to determine what they are collecting and storing, and for how long. If the Desktop group is collecting and storing any information, it would be good to know that as well (you can send it directly to me).
I edited the current policy into a new draft here: https://fedoraproject.org/wiki/User:Pfrields/PrivacyPolicyRedux
I notified the Workstation WG about the new draft since work in that group is what motivated the changes. Tom, did you want to review and comment before we decide what to do with this next?
Yeah, it is a good start, but we need to do more on that before we can send it over to the WG. I'll try to make some time tomorrow to draft up some additional wording.
~tom
== Red Hat
On 16/03/15 21:01, Tom Callaway wrote:
On 03/16/2015 03:06 PM, Paul W. Frields wrote:
On Fri, Feb 13, 2015 at 11:16:59AM -0500, Tom Callaway wrote:
On 02/13/2015 10:14 AM, Matthias Clasen wrote:
Its been a few weeks.
https://fedoraproject.org/wiki/Legal:PrivacyPolicy
still states: This Privacy Statement was last amended on August 14, 2008.
Can we come to some conclusion and either update the policy, or create a separate document that talks about Fedora, the product, instead of Fedora the project ?
In order to do either, I need to understand how we (Red Hat/Fedora) are storing personal data about users and systems. I need to sync up with the abrt team to determine what they are collecting and storing, and for how long. If the Desktop group is collecting and storing any information, it would be good to know that as well (you can send it directly to me).
I edited the current policy into a new draft here: https://fedoraproject.org/wiki/User:Pfrields/PrivacyPolicyRedux
I notified the Workstation WG about the new draft since work in that group is what motivated the changes. Tom, did you want to review and comment before we decide what to do with this next?
Yeah, it is a good start, but we need to do more on that before we can send it over to the WG. I'll try to make some time tomorrow to draft up some additional wording.
~tom
== Red Hat
legal mailing list legal@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/legal
Dear Tom, Paul, Can I please request we write down somewhere, what abrtd collects. I am sure this would interest a lot of the community guys and would answer any future questions, because we can refer people to that wiki page.
Best regards,
Tristan
On 03/16/2015 04:07 PM, Tristan Santore wrote:
Can I please request we write down somewhere, what abrtd collects. I am sure this would interest a lot of the community guys and would answer any future questions, because we can refer people to that wiki page.
Yeah, thats one big item that needs to be added. Also, wording around geolocation.
~tom
== Red Hat
On 03/16/2015 04:07 PM, Tristan Santore wrote:
Can I please request we write down somewhere, what abrtd collects. I am sure this would interest a lot of the community guys and would answer any future questions, because we can refer people to that wiki page.
I opted not to encapsulate that information directly into our privacy policy revisions, because if it changes (or a different tool is in use), it complicates the text significantly and forces us to make changes.
That said, the information you're looking for can be found here: https://github.com/abrt/faf/wiki/uReport
~tom
== Red Hat
On 17/03/15 16:08, Tom Callaway wrote:
On 03/16/2015 04:07 PM, Tristan Santore wrote:
Can I please request we write down somewhere, what abrtd collects. I am sure this would interest a lot of the community guys and would answer any future questions, because we can refer people to that wiki page.
I opted not to encapsulate that information directly into our privacy policy revisions, because if it changes (or a different tool is in use), it complicates the text significantly and forces us to make changes.
That said, the information you're looking for can be found here: https://github.com/abrt/faf/wiki/uReport
~tom
== Red Hat
Tom, Could we at least link to that github resource then ? I think it is more about transparency and information transmission to community members.
Kind regards, Tristan
On 03/17/2015 11:21 AM, Tristan Santore wrote:
On 17/03/15 16:08, Tom Callaway wrote:
On 03/16/2015 04:07 PM, Tristan Santore wrote:
Can I please request we write down somewhere, what abrtd collects. I am sure this would interest a lot of the community guys and would answer any future questions, because we can refer people to that wiki page.
I opted not to encapsulate that information directly into our privacy policy revisions, because if it changes (or a different tool is in use), it complicates the text significantly and forces us to make changes.
That said, the information you're looking for can be found here: https://github.com/abrt/faf/wiki/uReport
~tom
== Red Hat
Tom, Could we at least link to that github resource then ? I think it is more about transparency and information transmission to community members.
Again, I'm hesitant to include that directly in the privacy policy. If they stop using github, or that file, or if we stop using abrt for some reason, we then have to go through the process of revising the privacy policy and informing the entire fedora community. That process is non-trivial. :/
~tom
== Red Hat
On 17/03/15 16:40, Tom Callaway wrote:
On 03/17/2015 11:21 AM, Tristan Santore wrote:
On 17/03/15 16:08, Tom Callaway wrote:
On 03/16/2015 04:07 PM, Tristan Santore wrote:
Can I please request we write down somewhere, what abrtd collects. I am sure this would interest a lot of the community guys and would answer any future questions, because we can refer people to that wiki page.
I opted not to encapsulate that information directly into our privacy policy revisions, because if it changes (or a different tool is in use), it complicates the text significantly and forces us to make changes.
That said, the information you're looking for can be found here: https://github.com/abrt/faf/wiki/uReport
~tom
== Red Hat
Tom, Could we at least link to that github resource then ? I think it is more about transparency and information transmission to community members.
Again, I'm hesitant to include that directly in the privacy policy. If they stop using github, or that file, or if we stop using abrt for some reason, we then have to go through the process of revising the privacy policy and informing the entire fedora community. That process is non-trivial. :/
~tom
== Red Hat
Yeah I see your point. Bit irritating, but it is what it is.
;-|
Regards, Tristan
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 03/17/2015 09:32 AM, Tristan Santore wrote:
On 17/03/15 16:40, Tom Callaway wrote:
On 03/17/2015 11:21 AM, Tristan Santore wrote:
On 17/03/15 16:08, Tom Callaway wrote:
On 03/16/2015 04:07 PM, Tristan Santore wrote:
Can I please request we write down somewhere, what abrtd collects. I am sure this would interest a lot of the community guys and would answer any future questions, because we can refer people to that wiki page.
I opted not to encapsulate that information directly into our privacy policy revisions, because if it changes (or a different tool is in use), it complicates the text significantly and forces us to make changes.
That said, the information you're looking for can be found here: https://github.com/abrt/faf/wiki/uReport
~tom
== Red Hat
Tom, Could we at least link to that github resource then ? I think it is more about transparency and information transmission to community members.
Again, I'm hesitant to include that directly in the privacy policy. If they stop using github, or that file, or if we stop using abrt for some reason, we then have to go through the process of revising the privacy policy and informing the entire fedora community. That process is non-trivial. :/
~tom
== Red Hat
Yeah I see your point. Bit irritating, but it is what it is.
Would it make sense to have a stand-alone wiki page that lists such details, and have that page linked from the privacy policy as "here is a list of updated stuff we collect and how"?
Another option is to have the page but not link it from the privacy policy, then publicize/socialize it separately.
- - Karsten - -- Karsten 'quaid' Wade .^\ CentOS Doer of Stuff http://TheOpenSourceWay.org \ http://community.redhat.com @quaid (identi.ca/twitter/IRC) \v' gpg: AD0E0C41
Would it make sense to have a stand-alone wiki page that lists such details, and have that page linked from the privacy policy as "here is a list of updated stuff we collect and how"?
I would say no. It should be hard to start collecting new personal information from users. And when the policy does need to be updated because we're collecting something new, we should be quite loud and clear about that.
On 03/17/2015 02:36 PM, Josh Bressers wrote:
Would it make sense to have a stand-alone wiki page that lists such details, and have that page linked from the privacy policy as "here is a list of updated stuff we collect and how"?
I would say no. It should be hard to start collecting new personal information from users. And when the policy does need to be updated because we're collecting something new, we should be quite loud and clear about that.
I agree.
~tom
== Red Hat
Dne 14.1.2015 v 17:39 Tom Callaway napsal(a):
before submitting these bug reports. By choosing to submit these reports, you are giving Fedora permission to use their contents, even if those contents contain personal information about you and/or your computer usage.
The last sentence. I think it would be better to say:
...to use their contents for purpose of fixing bugs.
Or something similar. Now it seems that once you submit personal data, Fedora may use them to <insert evil purpose here>.
Promise to not abuse the data would also work for me.
On Wed, Jan 28, 2015 at 12:28:52PM +0100, Miro Hrončok wrote:
Dne 14.1.2015 v 17:39 Tom Callaway napsal(a):
before submitting these bug reports. By choosing to submit these reports, you are giving Fedora permission to use their contents, even if those contents contain personal information about you and/or your computer usage.
The last sentence. I think it would be better to say:
...to use their contents for purpose of fixing bugs.
Or something similar. Now it seems that once you submit personal data, Fedora may use them to <insert evil purpose here>.
Promise to not abuse the data would also work for me.
This makes sense to me. I'll add.
On 17/03/15 22:16, Paul W. Frields wrote:
On Wed, Jan 28, 2015 at 12:28:52PM +0100, Miro Hrončok wrote:
Dne 14.1.2015 v 17:39 Tom Callaway napsal(a):
before submitting these bug reports. By choosing to submit these reports, you are giving Fedora permission to use their contents, even if those contents contain personal information about you and/or your computer usage.
The last sentence. I think it would be better to say:
...to use their contents for purpose of fixing bugs.
Or something similar. Now it seems that once you submit personal data, Fedora may use them to <insert evil purpose here>.
Promise to not abuse the data would also work for me.
This makes sense to me. I'll add.
I hate to be pessimistic. Legally a promise to not use something for an "evil" purpose is meaningless. Unless you specify what exactly you will prevent/protect against, outside the scope of your local data protection laws.
Regards, Tristan
On Tue, Mar 17, 2015 at 10:22:00PM +0100, Tristan Santore wrote:
The last sentence. I think it would be better to say: ...to use their contents for purpose of fixing bugs. Or something similar. Now it seems that once you submit personal data, Fedora may use them to <insert evil purpose here>. Promise to not abuse the data would also work for me.
This makes sense to me. I'll add.
I hate to be pessimistic. Legally a promise to not use something for an "evil" purpose is meaningless. Unless you specify what exactly you will prevent/protect against, outside the scope of your local data protection laws.
Yeah, I think we're familiar with that from the (banned in Fedora) "don't be evil" clauses in licenses. But I think Paul was saying he'd add the more specific thing — what we _will_ use it for: fixing bugs.
On Tue, Mar 17, 2015 at 11:00:27PM -0400, Matthew Miller wrote:
On Tue, Mar 17, 2015 at 10:22:00PM +0100, Tristan Santore wrote:
The last sentence. I think it would be better to say: ...to use their contents for purpose of fixing bugs. Or something similar. Now it seems that once you submit personal data, Fedora may use them to <insert evil purpose here>. Promise to not abuse the data would also work for me.
This makes sense to me. I'll add.
I hate to be pessimistic. Legally a promise to not use something for an "evil" purpose is meaningless. Unless you specify what exactly you will prevent/protect against, outside the scope of your local data protection laws.
Yeah, I think we're familiar with that from the (banned in Fedora) "don't be evil" clauses in licenses. But I think Paul was saying he'd add the more specific thing — what we _will_ use it for: fixing bugs.
That's correct. The policy should state outright what the contents are to be used for.