User: Password:
Subscribe / Log in / New account

Fedora is retiring Smolt hardware census (The H)

Fedora is retiring Smolt hardware census (The H)

Posted Oct 12, 2012 15:08 UTC (Fri) by Company (guest, #57006)
Parent article: Fedora is retiring Smolt hardware census (The H)

Linux distros seriously need to start collecting data about their users. And it must be on by default.

I've been trying to push that in GNOME for a while, but because we're still occupied by privacy maniacs (GNOME bugzilla isn't even googlable because of this), nobody does know who uses GNOME and what for.

Instead, the developers prefer to argue on Google+ and Facebook with their CarrierIQ phones about why those tools actually cater to their needs and GNOME doesn't.

(Log in to post comments)

Fedora is retiring Smolt hardware census (The H)

Posted Oct 13, 2012 10:02 UTC (Sat) by pabs (subscriber, #43278) [Link]

I really hope neither distros nor GNOME does as you suggest. Data should only be collected on an opt-in basis. Here is some data that has been collected on an opt-in basis:

I really hope developers would quit Facebook, Google+ and start contributing to and using Replicant/FSO/SHR/Debian/Nemo/Mer/etc on their mobile phones.

Fedora is retiring Smolt hardware census (The H)

Posted Oct 13, 2012 13:07 UTC (Sat) by rahulsundaram (subscriber, #21946) [Link]

From my understanding, this is not even legally possible because of EU privacy regulations. You have to make it opt-in.

Fedora is retiring Smolt hardware census (The H)

Posted Oct 13, 2012 13:49 UTC (Sat) by Jonno (subscriber, #49613) [Link]

IANAL, but as far as I know, it don't have to be opt-in, you only have to present the consumer with a clear option to opt-out. A check-box in the installer defaulting to enabled would probably suffice; while requiring the consumer to open some configuration dialogue to disable it probably wouldn't.

Fedora is retiring Smolt hardware census (The H)

Posted Oct 13, 2012 20:57 UTC (Sat) by Company (guest, #57006) [Link]

If that was even remotely true, how do you think Google Analytics works?

EU data protection

Posted Oct 13, 2012 21:43 UTC (Sat) by man_ls (guest, #15091) [Link]

I think EU data protection regulations don't work as you think they do. You can collect personal data to your heart's content, and you can make the collection mandatory. In fact, very often you have to (e.g. if you are opening a bank account you have to collect all kinds of personal data). But you have to provide for a way to remove that data; I think it is similar in the US. Also there are some stringent requirements on how you use the data: protect access to it with a password, store securely, do not share it with others without user consent, and so on.

As long as you are not collecting personal data, or data that can be used to identify you, then there is no need to do any of that. Example of personal data: your name. Example of data that can be used to identify you: your IP address. (Yes, every time you collect IP addresses in your weblogs, you are entering EU data protection territory. Funny, huh?) Example of data that might be used to identify you in some bizarre scenario but nobody cares about: your hardware information, your configuration is probably shared with the other 1000s of people that bought the same machine. And anyway nobody can prove that this particular configuration is only yours.

So remove all unique MAC-like information, anonimize the IP addresses and you are golden.

Disclaimer: IANAL (but I paid good money to a real lawyer to learn about these things). I may misrepresent everything in the little puppet theater inside my head.

EU data protection

Posted Oct 16, 2012 22:44 UTC (Tue) by tialaramex (subscriber, #21167) [Link]

All "personally identifiable" information stored in any sort of retrieval system by an EU company must obey the rules. A shoebox full of unsorted hand written letters is not a retrieval system, a list of railway stations is not personal, a novel is not information for this purpose.

Such information must be stored for a specific purpose, the subject must be told the purpose and consent to it. Using the information for another purpose is illegal. Giving the data to another entity, except if the subject was told this was part of the purpose, is illegal. Moving the data out of the EU is illegal, except if these rules can be enforced elsewhere.

The subject is entitled to see all information you have about them, and you must correct errors which are reported to you. You may charge a "reasonable" (most jurisdictions interpret this quite narrowly) access fee and demand some evidence of their identity.

You must destroy any information you no longer need. You should have explicit policies justifying any data retention and scoping it appropriately.

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds