Hiya, On 22/05/2019 21:49, Roman Danyliw wrote: >> - Does this constitute tracking behaviour? The current privacy >> policy [2] says we don't do that. > My read is no. > > [3] says that "tracking is the collection of data regarding a > particular user's activity across multiple distinct contexts and the > retention, use, or sharing of data derived from that activity outside > the context in which it occurred. A context is a set of resources > that are controlled by the same party or jointly controlled by a set > of parties." > > *.ietf.org servers are single context controlled by the same party > (IETF). The proposed implementation plan is a self-hosted solution > which does indeed collect activity data but NOT across "multiple, > distinct contexts". (Re-)identification over time would I guess represent "multiple distinct contexts." If you geo-locate the addresses e.g. at a country level then that's not anonymous - .mu and .ie would not be hard to translate into people's names given the relevant population sizes. These are just more reasons to minimise the data being collected and stored. (Did I already say I'd go for zero of both? :-) And while I'm sure the IESG would be aware of that, these things can get lost between the people who want it done a certain way and the people who end up doing the doing who may be more used to customers being more invasive than us;-) S.
Attachment:
0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
Attachment:
signature.asc
Description: OpenPGP digital signature
