Re: Metrics and your privacy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



 
> On 11/23/06, Mike McCarty <Mike.McCarty@xxxxxxxxxxxxx> wrote:
> > Mike McGrath wrote:
> > > So we're looking for better ways to find out exactly who is out 
> > > there and what Fedora is being used for.  I've been compiling 
> > > thoughts and ideas on a metrics site.  Please take a look and 
> > > comment.  What are you, the community, most comfortable with?  
> > > Where's the line where you'd check the check box to not 
> participate?
> > >
> > > http://fedoraproject.org/wiki/Infrastructure/Metrics
> >
> > I wouldn't give out any of it.
> >
> 
> You're call, thats whats great about this open source stuff.  
> As far as support goes though, you're only hurting yourself.  
> Especially if you have odd hardware.  I mean its not like 
> we're gathuring this information to kill your kittens.  We're 
> trying to figure out who uses our stuff and for what purpose 
> so we can focus better on that.
> 
>                -Mike
> 

I've read the wiki page and I come away thinking that nothing the project
does will be satisfactory in the long run. As far as metrics go, I'd offer
information that would be asked for, given some provisos:

-- The information request has to be precise.  Tell me exactly what
information you are going to collect.  Don't hide it under phrases such as
"non-personally identifiable".  If I am able to give that information to
you, I will consent.  If I'm not able to, perhaps because my employer or
someone else forbids it, then I won't.  But I can't make a decision if I
don't know, because it's safer to decide any ambiguity in favor of privacy.

-- The rules of disclosure must be complete.  I often see a request that
reads, "We won't disclose your information...except as allowed by applicable
laws."  This is an automatic 'no'.  I don't know what the applicable laws
are.  I don't want to have any hassle if the laws that you think apply
aren't the same ones that I think apply.

-- Tell me precisely what you want to do with the information.  Offering me
a "better user experience" or "focusing on users" doesn't cut it.  Why does
the project care about what hardware I have?  Why do you care which packages
I have installed?  Before I get flamed, I _know_ why this information is
important.  My point is the need to explain it if you want the data from
users.  As an example, we don't have to ask users at install time to know
that Intel and Broadcom wireless cards are popular.  Red Hat could obtain
such data directly from manufacturers or computer vendors who sell Red Hat
software on their systems.  

-- Tell me when the data gets destroyed, if and how I can check the data I
give you, and how the information will be used in the future.  What happens
when Red Hat enters into its next technology partnership?  What happens when
Red Hat experiences a change-in-control?  Who controls and uses the data
then?

The real risk is not in disclosing personally identifiable information.  It
is in disclosing non-personally identifiable information, such as location
or ZIP code, that can be combined with other sources of data.  Those other
sources -- not collected from the user -- can together reveal or estimate
personal information.

For example, a geographic location such as a postal code can be combined
with public records (such as employment data and home sales) to estimate
one's income and net worth.  The location is not personally-identifiable or
"private", but that doesn't matter.  When combined with other commercial or
public data sources, the combination is personal enough.

It's almost never the original use of user data that is the problem; rather
it's the second and third use that causes trouble.  So I don't think it's
possible to be too specific and too up-front about collecting data. 

Erik


-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux