Privacy policy, new draft

[Bastien Nocera]

----- Original Message -----
> On Mon, Mar 16, 2015 at 03:04:21PM -0400, Paul W. Frields wrote:
> > https://fedoraproject.org/wiki/User:Pfrields/PrivacyPolicyRedux
> > 
> > There is still a significant section missing from the draft (on
> > sharing information) but I hope to have something there by Wednesday.
> > This hasn't been vetted through any actual attorneys but I wanted the
> > WG to be aware of it and to see diffs.
> 
> IIUC, this is the policy to be linked from PRIVACY_POLICY in os-release.
> If not, then my comments are probably mostly irrelevant.
> 
> My issue with the text as it is now is that it lists all kinds of things
> which *might* be collected. So it protects the project from liability. But
> it does not answer the question of a user what information is exposed
> in various situations.
> 
> The roots of this text in the corporate-designed policy are
> still very much visible. For example, it places heavy emphasis on the
> data collected at conventions and trade shows. But for a majority of users
> of Fedora this isn't interesting — I'd guess that everybody knows that if
> they sign up for a contest during a fair, their name is kept somewhere —
> but they'd instead like to know what kind of information is exposed
> and stored when they install Fedora, install updates, enter bug reports,
> use ask.fedora.
> 
> To present all this information in a form which is palatable for a normal
> user, I think it should be broken into a few broad types of usage:
> normal use of Fedora, requesting help through forums, bug tracker, mailing
> lists,
> registration as a project member.
> 
> - If you download and/or install Fedora, and/or enable updates, your
>   IP and Fedora version will be logged on Fedora servers and will be
>   visible to anyone who can watch your traffic. The list of packages
>   and their versions too.
> 
> - If you create an account in the bugzilla to post bug reports or
>   create and account on a Fedora user forum (ask.fp.o), your e-mail
>   address and name and IP address will be stored, and ... will be
>   publicly visible.
> 
> - If you register to become a Fedora contributor, your GPG key, timezone,
>   and location if you decide to share it will be publicly visible.
> 
> I presume that PRIVACY_POLICY will point to this. I think it should be
> mentioned that this is the official policy linked to from GNOME privacy
> policy dialog.

Nothing much to add to this review.

The list of things that "could" be collected shouldn't need to be exhaustive, instead
we should focus on how data we give "Fedora" is going to be used and shared.

For example, the list in "Publicly Available Personal Information" really isn't palatable.
A better way of showing this might be to say: "the information you give when creating your account
will be public by default. You can see what data is publicly visible <here> (link to the public page
for the user), modify your privacy settings <here>, and request deletion of the account <here>"

I also don't like the "Personal Information" vs. "Non-Personal Information". It might be how
a lawyer works, but just because it pertains to a computer and not to a person doesn't make
it less identifying.

I would focus instead on what is enabled by default, depending on the service. For example, instead
of burying the installer geolocation usage under "IP addresses":
"
Installer

The installer, by default, will attempt to locate the country you are in to detect the default timezone and
languages to use using your IP address. The timezone and languages can be changed during and after
installation. You can also disable this feature through <link: an option to the installer>.
"

There I know what piece of software does something, why it does it (which is obviously very important to
justify the collection), and how to disable it.

Cheers