Smolt: firsboot revisited

Arthur Pemberton pemboa at gmail.com
Thu Feb 15 10:35:10 UTC 2007


On 2/16/07, Ralf Corsepius <rc040203 at freenet.de> wrote:
> On Fri, 2007-02-16 at 02:46 +0000, Arthur Pemberton wrote:
> > On 2/16/07, Ralf Corsepius <rc040203 at freenet.de> wrote:
> > > On Fri, 2007-02-16 at 02:19 +0000, Arthur Pemberton wrote:
> > > > On 2/16/07, Ralf Corsepius <rc040203 at freenet.de> wrote:
> > > > > On Thu, 2007-02-15 at 02:33 -0500, seth vidal wrote:
> > > > > > On Thu, 2007-02-15 at 08:20 +0100, Ralf Corsepius wrote:
> > >
> > > > I don't think you've ever said how the information is being sent
> > > > without user permission or what the personal data is that is being
> > > > sent.
> > > The smolt developers would be the ones to reply this.
> > >
> > > AFAIS (I banned smolt from my installations), it transmits
> > > a machine-id, several HW details (CPU brand, type, peripherials,
> > > bogomips) and OS details via http.
> > >
> > > i.e. they have the IP, they have a "machine-id", and they have
> > > information which is not publicly available elsewhere.
> > >
> > > Ralf
> > >
> >
> > Fair enough. However the machine-id cannot legally id your computer,
> > nor is it supposed to be able to. As far as I understand, your
> > machine-id will be specific to Fedora.
> >
> > But considiering you have to TELL IT to transmit thoise things, how
> > can there be any legal problems?
>
> There is one dead-beat argument likely rendering this discussion moot:
>
> Not wrt. smolt, because the server is hosted in a foreign country,
> therefore the data, unless it's contents is lawful, is likely not
> subject to German laws (To be verified by a German lawyer).

Maybe Fedora needs to simply not run smolt in german countries. You
make it seem as if there is some special, useful data being stored.
The data is only interesting from a statistical point of view, and to
a limited audience.

> => Case closed from a US-biased, RH/Fedora-biased view.
>
>
> The actual problems remain: "trust" and "safety".
>
> The thresholds to trust any such site probably are much higher in
> Germany than in other countries because people are aware about different
> standards of "privacy policies" in different countries/institutions.
>
> [This applies even within Germany. Media are filled with warnings and
> flames on certain enterprises on what "public opinion considers abuse of
> data privacy"]
>
> >  Or are you saying it is illegal to
> > ask someone to fillout a survey form ,
> No, it is not, but (at least some) Germans probably will be very
> reluctant to fill out such forms and be very careful about what they
> fill out.

Okay. So what's the differene bween not filling out the form and not
running smolt?

> >  where they can simply ignore,
> > in your country?
> Common practice on "statistical survey forms" is them to carry an
> explicit "data-privacy disclaimer", which people explicitly have to
> check (== opt-in), which details what the data is being used for, to
> whom it will be passed on and when it will be deleted.

There is no fundamental difference between smolt and a survey form -
down to to the fac that machine readable survey forms do have id
numbers (in this case the machine id - may be it should be called the
smolt id since there is no such thing as a machine id, yet at least)

> Typical are disclaimers similar to
> [ ] Personalized data and survey data will be kept strictly separate.
> Survey data does not allow any conclusion to the person having submitted
> the data. Personalized data will only be used for administrational
> purposes during this survey and will be deleted upon termination of the
> survey (<date>)

I'm pretty sure a disclaimer will be there, implied...or can be easily added.

> Or in case of a "commercial customer survey":
> "[ ] I acknowledge that the data obtained during this survey may be
> passed on to other parties."
>
> Ralf
>

-- 
Fedora Core 6 and proud




More information about the fedora-devel-list mailing list