Privacy policy, new draft

Zbigniew Jędrzejewski-Szmek zbyszek at in.waw.pl
Tue Mar 17 02:24:30 UTC 2015 

On Mon, Mar 16, 2015 at 03:04:21PM -0400, Paul W. Frields wrote:
> https://fedoraproject.org/wiki/User:Pfrields/PrivacyPolicyRedux
> 
> There is still a significant section missing from the draft (on
> sharing information) but I hope to have something there by Wednesday.
> This hasn't been vetted through any actual attorneys but I wanted the
> WG to be aware of it and to see diffs.

IIUC, this is the policy to be linked from PRIVACY_POLICY in os-release.
If not, then my comments are probably mostly irrelevant.

My issue with the text as it is now is that it lists all kinds of things
which *might* be collected. So it protects the project from liability. But
it does not answer the question of a user what information is exposed
in various situations.

The roots of this text in the corporate-designed policy are
still very much visible. For example, it places heavy emphasis on the
data collected at conventions and trade shows. But for a majority of users
of Fedora this isn't interesting — I'd guess that everybody knows that if
they sign up for a contest during a fair, their name is kept somewhere —
but they'd instead like to know what kind of information is exposed
and stored when they install Fedora, install updates, enter bug reports,
use ask.fedora.

To present all this information in a form which is palatable for a normal
user, I think it should be broken into a few broad types of usage:
normal use of Fedora, requesting help through forums, bug tracker, mailing lists,
registration as a project member.

- If you download and/or install Fedora, and/or enable updates, your
  IP and Fedora version will be logged on Fedora servers and will be
  visible to anyone who can watch your traffic. The list of packages
  and their versions too.

- If you create an account in the bugzilla to post bug reports or
  create and account on a Fedora user forum (ask.fp.o), your e-mail
  address and name and IP address will be stored, and ... will be
  publicly visible.

- If you register to become a Fedora contributor, your GPG key, timezone,
  and location if you decide to share it will be publicly visible.

I presume that PRIVACY_POLICY will point to this. I think it should be
mentioned that this is the official policy linked to from GNOME privacy
policy dialog.

Zbyszek

More information about the desktop mailing list