On Fri, 2007-02-16 at 02:46 +0000, Arthur Pemberton wrote: > On 2/16/07, Ralf Corsepius <rc040203@xxxxxxxxxx> wrote: > > On Fri, 2007-02-16 at 02:19 +0000, Arthur Pemberton wrote: > > > On 2/16/07, Ralf Corsepius <rc040203@xxxxxxxxxx> wrote: > > > > On Thu, 2007-02-15 at 02:33 -0500, seth vidal wrote: > > > > > On Thu, 2007-02-15 at 08:20 +0100, Ralf Corsepius wrote: > > > > > I don't think you've ever said how the information is being sent > > > without user permission or what the personal data is that is being > > > sent. > > The smolt developers would be the ones to reply this. > > > > AFAIS (I banned smolt from my installations), it transmits > > a machine-id, several HW details (CPU brand, type, peripherials, > > bogomips) and OS details via http. > > > > i.e. they have the IP, they have a "machine-id", and they have > > information which is not publicly available elsewhere. > > > > Ralf > > > > Fair enough. However the machine-id cannot legally id your computer, > nor is it supposed to be able to. As far as I understand, your > machine-id will be specific to Fedora. > > But considiering you have to TELL IT to transmit thoise things, how > can there be any legal problems? There is one dead-beat argument likely rendering this discussion moot: Not wrt. smolt, because the server is hosted in a foreign country, therefore the data, unless it's contents is lawful, is likely not subject to German laws (To be verified by a German lawyer). => Case closed from a US-biased, RH/Fedora-biased view. The actual problems remain: "trust" and "safety". The thresholds to trust any such site probably are much higher in Germany than in other countries because people are aware about different standards of "privacy policies" in different countries/institutions. [This applies even within Germany. Media are filled with warnings and flames on certain enterprises on what "public opinion considers abuse of data privacy"] > Or are you saying it is illegal to > ask someone to fillout a survey form , No, it is not, but (at least some) Germans probably will be very reluctant to fill out such forms and be very careful about what they fill out. > where they can simply ignore, > in your country? Common practice on "statistical survey forms" is them to carry an explicit "data-privacy disclaimer", which people explicitly have to check (== opt-in), which details what the data is being used for, to whom it will be passed on and when it will be deleted. Typical are disclaimers similar to [ ] Personalized data and survey data will be kept strictly separate. Survey data does not allow any conclusion to the person having submitted the data. Personalized data will only be used for administrational purposes during this survey and will be deleted upon termination of the survey (<date>) Or in case of a "commercial customer survey": "[ ] I acknowledge that the data obtained during this survey may be passed on to other parties." Ralf -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list