Re: Minutes of the Board Meeting of March 11th, 2014

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

    that was actually the second question I asked, and the current answer,
    as explained by Richard Hughes, is:

       the installed and removed applications

It's a bad thing for software to send this sort of information by
default.  We condemn Microsoft for making Windows send this sort of
information, and we have to apply the same standard to ourselves.

       a hash of the IP address

We might _store_ just a hash code, but I am pretty sure the messages
contain the real IP address of the sender.

    leaving asing the NSA, FBI, CIA, GCHQ, and other malevolent actors,

We can't ethically leave them aside, given that they do exist.

    some point we need users to be able to tell us what they use, what
    they want, and what they like.

We would like users to be able to tell us.

I agree sending this info is ok if the user explicitly authorizes it.
Sending should not be enabled by default, and should not be tied
to any other feature.

Allan Day wrote:

    The main data we want is which apps people have installed. The primary
    purpose is to enable recommendations for applications - we'd like to
    predict which apps you might want to install, based on what other
    users have installed. eg. "You are using Inkscape; you might also be
    interested in the GIMP."

The feature should be useful, but it should operate locally.  Based on
whoever chooses to tell us what is installed, we could calculate a set
of recommendation rules.  The package installation facility could
check those rules to make recommendations, in a purely local way.
That would avoid asking people to upload their list of installed packages
in order to get recommendations.

Ekaterina Gerasimova said:

    I would like to point out that the GNOME Foundation does not collect
    any data and does not plan to do so in the future. The data in
    question is potentially collected by individual distributions at their
    own discretion.

Thanks for the clarification.  I think this does not alter the issue;
it does change who is responsible.

I think we should provide them with code that invites users to send
that information but does not turn it on by default.  And we should
say loud and clear that it shouldn't be on by default.

If, after that, someone else changes it to turn on by default, someone
will figure that out, and then we should rebuke these actions.

I basically agree with Allan Day's response

    What we can do,
    though, is make recommendations to distros on how to ensure that a)
    GNOME provides the best experience possible and b) what we think a
    good privacy statement looks like.

Dr Richard Stallman
President, Free Software Foundation
51 Franklin St
Boston MA 02110
Skype: No way! That's nonfree (freedom-denying) software.
  Use Ekiga or an ordinary phone call.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]