Telemetry Policy

Bhushan Shah bhush94 at gmail.com
Mon Aug 14 13:16:12 BST 2017


Hello Volker,

First of all thanks for working on this topic, I've some comments I
would like to add.

On Sun, Aug 13, 2017 at 11:47:28AM +0200, Volker Krause wrote:
> ## Control
> 
> We give the user full control over what data they want to share with KDE. In 
> particular:
> - application telemetry is always opt-in, that is off by default
> - application telemetry settings can be changed at any time, and are provided 
> as prominent in the application interface as other application settings
> - applications honor system-wide telemetry settings where they exist (global 
> "kill switch")
> - we provide detailed documentation about how to control the application 
> telemetry system

This is kind of technical point but here it goes,

I think we should include the point in policy that, this data is stored
and transferred in encrypted format only, on both user's machine and the
KDE's server. This prevents Man in middle attacks and also prevents
unwanted/unauthorized access to user's data by third party application
on local machine.

So how I think this should happen is,

-> Application starts
-> Writes encrypted data to storage file
-> Encrypted data is transferred to KDE server
-> They are decrypted on KDE server when needed

> We will provide a designated contact point for users who have concerns about 
> the data they have shared with KDE. While we are willing to delete data a user 
> no longer wants to have shared, it should be understood that the below rules 
> are designed to make identification of data of a specific user impossible, and 
> thus a deletion request impractical.

Can we have policy on how long we can store data? It's just random idea
but I think it makes sense to tell users that after X period of time
your data will be invalidated?

This gives the "part-solution" to problem where user wants to delete
their shared data.

> ## Compliance
> 
> KDE only releases products capable of acquiring telemetry data if compliance 
> with these rules has been established by a public review on [kde-core-devel|
> kde-community]@kde.org from at least two reviewers. The review has to be 
> repeated for every release if changes have been made to how/what data is 
> collected.

In addition to kde-community/kde-core-devel there should be public
webpage at e.g. https://telemetry.kde.org where we explain what
application collects what data and where it is used for clear
transperancy.

I think that's all points I wanted to add.

Thanks

-- 
Bhushan Shah
http://blog.bshah.in
IRC Nick : bshah on Freenode
GPG key fingerprint : 0AAC 775B B643 7A8D 9AF7 A3AC FE07 8411 7FBC E11D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-community/attachments/20170814/019005db/attachment.sig>


More information about the kde-community mailing list