Le 2019-01-08 18:13, Robert Marcano a écrit :
On 1/7/19 2:28 PM, Matthew Miller wrote:
On Mon, Jan 07, 2019 at 06:24:14PM +0100, Lennart Poettering wrote:
* The Fedora community cares about privacy and is adverse to
tracking
measures. We don't want to track; just count.
Uh, so what's the story there? i mean, if you pass over the uuid you
make clients trackable, regardless if you want to make use of that or
not...
Not if we don't keep them for long. One idea is to rotate them fairly
frequently. But this is mostly a statement of intent and might be more
about
how we build the backend than about what we force in the client.
If the client generate a new UUID every month (for example), or use
the current month in the UUID generation algorithm, There is no need
for the users to trust that the server is removing the logs is true.
Of course there is. It's rather trivial to correlate the previous UUID
to the new one when you also have access to the corresponding IP
addresses.
You need to be serious about data collection and approach it with a
security mindset “how could I hijack the system and betray users trust”
not “of course my data users are good they will never try anything evil
I can collect everything I get my hands on and think later” (the kind of
credulous US thinking that gave us Cambridge Analytica).
That’s what the GDPR is about. It’s *your* responsibility as data
collector to think about how data could be used, it’s *your* problem to
protect it, it’s *your* problem if it’s misused, you can not make it
available on a platter for others to do evil things with and claim it’s
those people’s problem.
--
Nicolas Mailhot
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
