On Wednesday, January 9, 2019 3:45:16 AM EST Nicolas Mailhot wrote: > Le 2019-01-08 18:13, Robert Marcano a écrit : > > > On 1/7/19 2:28 PM, Matthew Miller wrote: > > > >> On Mon, Jan 07, 2019 at 06:24:14PM +0100, Lennart Poettering wrote: > >> > >>>> * The Fedora community cares about privacy and is adverse to > >>>> tracking > >>>> measures. We don't want to track; just count. > >>> > >>> Uh, so what's the story there? i mean, if you pass over the uuid you > >>> make clients trackable, regardless if you want to make use of that or > >>> not... > >> > >> > >> Not if we don't keep them for long. One idea is to rotate them fairly > >> frequently. But this is mostly a statement of intent and might be more > >> about > >> how we build the backend than about what we force in the client. > > > > > > If the client generate a new UUID every month (for example), or use > > the current month in the UUID generation algorithm, There is no need > > for the users to trust that the server is removing the logs is true. > > > Of course there is. It's rather trivial to correlate the previous UUID > to the new one when you also have access to the corresponding IP > addresses. > > You need to be serious about data collection and approach it with a > security mindset “how could I hijack the system and betray users trust” > not “of course my data users are good they will never try anything evil > I can collect everything I get my hands on and think later” (the kind of > credulous US thinking that gave us Cambridge Analytica). > > That’s what the GDPR is about. It’s *your* responsibility as data > collector to think about how data could be used, it’s *your* problem to > protect it, it’s *your* problem if it’s misused, you can not make it > available on a platter for others to do evil things with and claim it’s > those people’s problem. > > -- > Nicolas Mailhot > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx One other major issue I personally have with this is that using a UUID would make it very easy for anyone with the data to find what IP addresses a particular user frequents. This would allow for some pretty horrific physical location tracking. -- John M. Harris, Jr. <johnmh@xxxxxxxxxxxxx> Splentity https://splentity.com/
Attachment:
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
