[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Smolt: firsboot revisited

On 2/16/07, Ralf Corsepius <rc040203 freenet de> wrote:
On Fri, 2007-02-16 at 02:46 +0000, Arthur Pemberton wrote:
> On 2/16/07, Ralf Corsepius <rc040203 freenet de> wrote:
> > On Fri, 2007-02-16 at 02:19 +0000, Arthur Pemberton wrote:
> > > On 2/16/07, Ralf Corsepius <rc040203 freenet de> wrote:
> > > > On Thu, 2007-02-15 at 02:33 -0500, seth vidal wrote:
> > > > > On Thu, 2007-02-15 at 08:20 +0100, Ralf Corsepius wrote:
> >
> > > I don't think you've ever said how the information is being sent
> > > without user permission or what the personal data is that is being
> > > sent.
> > The smolt developers would be the ones to reply this.
> >
> > AFAIS (I banned smolt from my installations), it transmits
> > a machine-id, several HW details (CPU brand, type, peripherials,
> > bogomips) and OS details via http.
> >
> > i.e. they have the IP, they have a "machine-id", and they have
> > information which is not publicly available elsewhere.
> >
> > Ralf
> >
> Fair enough. However the machine-id cannot legally id your computer,
> nor is it supposed to be able to. As far as I understand, your
> machine-id will be specific to Fedora.
> But considiering you have to TELL IT to transmit thoise things, how
> can there be any legal problems?

There is one dead-beat argument likely rendering this discussion moot:

Not wrt. smolt, because the server is hosted in a foreign country,
therefore the data, unless it's contents is lawful, is likely not
subject to German laws (To be verified by a German lawyer).

Maybe Fedora needs to simply not run smolt in german countries. You
make it seem as if there is some special, useful data being stored.
The data is only interesting from a statistical point of view, and to
a limited audience.

=> Case closed from a US-biased, RH/Fedora-biased view.

The actual problems remain: "trust" and "safety".

The thresholds to trust any such site probably are much higher in
Germany than in other countries because people are aware about different
standards of "privacy policies" in different countries/institutions.

[This applies even within Germany. Media are filled with warnings and
flames on certain enterprises on what "public opinion considers abuse of
data privacy"]

>  Or are you saying it is illegal to
> ask someone to fillout a survey form ,
No, it is not, but (at least some) Germans probably will be very
reluctant to fill out such forms and be very careful about what they
fill out.

Okay. So what's the differene bween not filling out the form and not
running smolt?

>  where they can simply ignore,
> in your country?
Common practice on "statistical survey forms" is them to carry an
explicit "data-privacy disclaimer", which people explicitly have to
check (== opt-in), which details what the data is being used for, to
whom it will be passed on and when it will be deleted.

There is no fundamental difference between smolt and a survey form -
down to to the fac that machine readable survey forms do have id
numbers (in this case the machine id - may be it should be called the
smolt id since there is no such thing as a machine id, yet at least)

Typical are disclaimers similar to
[ ] Personalized data and survey data will be kept strictly separate.
Survey data does not allow any conclusion to the person having submitted
the data. Personalized data will only be used for administrational
purposes during this survey and will be deleted upon termination of the
survey (<date>)

I'm pretty sure a disclaimer will be there, implied...or can be easily added.

Or in case of a "commercial customer survey":
"[ ] I acknowledge that the data obtained during this survey may be
passed on to other parties."


Fedora Core 6 and proud

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]