Smolt: firsboot revisited

Ralf Corsepius rc040203 at freenet.de
Thu Feb 15 09:57:30 UTC 2007 

On Fri, 2007-02-16 at 02:46 +0000, Arthur Pemberton wrote:
> On 2/16/07, Ralf Corsepius <rc040203 at freenet.de> wrote:
> > On Fri, 2007-02-16 at 02:19 +0000, Arthur Pemberton wrote:
> > > On 2/16/07, Ralf Corsepius <rc040203 at freenet.de> wrote:
> > > > On Thu, 2007-02-15 at 02:33 -0500, seth vidal wrote:
> > > > > On Thu, 2007-02-15 at 08:20 +0100, Ralf Corsepius wrote:
> >
> > > I don't think you've ever said how the information is being sent
> > > without user permission or what the personal data is that is being
> > > sent.
> > The smolt developers would be the ones to reply this.
> >
> > AFAIS (I banned smolt from my installations), it transmits
> > a machine-id, several HW details (CPU brand, type, peripherials,
> > bogomips) and OS details via http.
> >
> > i.e. they have the IP, they have a "machine-id", and they have
> > information which is not publicly available elsewhere.
> >
> > Ralf
> >
> 
> Fair enough. However the machine-id cannot legally id your computer,
> nor is it supposed to be able to. As far as I understand, your
> machine-id will be specific to Fedora.
> 
> But considiering you have to TELL IT to transmit thoise things, how
> can there be any legal problems?

There is one dead-beat argument likely rendering this discussion moot:

Not wrt. smolt, because the server is hosted in a foreign country,
therefore the data, unless it's contents is lawful, is likely not
subject to German laws (To be verified by a German lawyer).

=> Case closed from a US-biased, RH/Fedora-biased view.


The actual problems remain: "trust" and "safety".

The thresholds to trust any such site probably are much higher in
Germany than in other countries because people are aware about different
standards of "privacy policies" in different countries/institutions.

[This applies even within Germany. Media are filled with warnings and
flames on certain enterprises on what "public opinion considers abuse of
data privacy"]

>  Or are you saying it is illegal to
> ask someone to fillout a survey form ,
No, it is not, but (at least some) Germans probably will be very
reluctant to fill out such forms and be very careful about what they
fill out.

>  where they can simply ignore,
> in your country?
Common practice on "statistical survey forms" is them to carry an
explicit "data-privacy disclaimer", which people explicitly have to
check (== opt-in), which details what the data is being used for, to
whom it will be passed on and when it will be deleted.

Typical are disclaimers similar to 
[ ] Personalized data and survey data will be kept strictly separate.
Survey data does not allow any conclusion to the person having submitted
the data. Personalized data will only be used for administrational
purposes during this survey and will be deleted upon termination of the
survey (<date>)

Or in case of a "commercial customer survey": 
"[ ] I acknowledge that the data obtained during this survey may be
passed on to other parties."

Ralf

More information about the fedora-devel-list mailing list