Telemetry Policy

[Nicolás Alvarez]

Enviado desde mi iPhone
>> El 16 ago 2017, a las 20:46, Thomas Pfeiffer <thomas.pfeiffer at kde.org> escribió:
>>
>> On Mittwoch, 16. August 2017 09:33:02 CEST Valorie Zimmerman wrote:
>> Hi all, Mozilla has done a lot of work on telemetry, and we might be
>> able to use some of their findings. On this page:
>> https://wiki.mozilla.org/Firefox/Data_Collection they break down the
>> data they might possibly collect into four buckets - technical (such
>> as crashes), user interaction, web activity, and sensitive (personal
>> data).
>>
>> This bit might be relevant to our discussion: "Categories 1 & 2
>> (Technical & Interaction data)
>> Pre-Release & Release: Data may default on, provided the data is
>> exclusively in these categories (it cannot be in any other category).
>> In Release, an opt-out must be available for most types of Technical
>> and Interaction data. "
>>
>> I think the entire page might be enlightening to this discussion. I
>> believe our analysis of needs should be more fine-grained, and that
>> some parts of what we need can be "default on" especially for
>> pre-release testing. For releases, we can provide an opt-out.
>
> Hi Valorie,
> Even if opt-out for some data is legally and even morally fine, it does not
> align with the values we communicate to our users:
> Unlike Mozilla's Mission, our Vision mentions privacy explicitly, and we're
> striving to make privacy our USP.
>
> Therefore I agree with others who replied in this thread: We should respect
> privacy unnecessarily much rather than too little.
>
> In the end, of course, it's a matter of how we present this opt-in. If it's an
> option buried in some settings dialog, we might as well not do it at all.
>
> If we, however - like Firefox does -, pfominently present that choice to users
> the first time they run one of our applications or desktop environment and try
> to make clear why that data collection is important for us, I don't see why we
> could not convince a relevant number of users to opt in.
> Sure, we'll get less data than with an opt-out scheme, but let's try it out
> first before we go for the option that carries a significant PR risk.

I think discussing this as "opt-in" vs "opt-out" may be misleading. In
terms of amount of data collected, there would be a big difference
between going to Preferences and ticking a checkbox hidden somewhere,
and a first-run pop up that asks you, yet both could be reasonably
called "opt-in".

Similarly, in terms of privacy, there is a big difference between
opt-out by un-ticking a checkbox hidden somewhere vs opt-out via a
passive banner that says "we collect anonymous usage information,
click here if you don't want that" before any data is sent.

In slightly different words, as said in #kde-devel:
‎<‎argonel‎>‎ opt-in doesn't mean "unadvertised"
‎<‎nicolas17‎>‎ and opt-out doesn't mean you have to dig in settings
to turn it off
‎<‎nicolas17‎>‎ so I think putting it as an opt-in vs opt-out binary
discussion is too simplistic

We need to talk about the specifics of what opt-in or opt-out *means*.
Is there a first-use prompt? Is it a passive banner or a modal popup?
What happens by default if I ignore it? What happens by default
between starting the app and answering the prompt? How do I change the
choice later?

-- 
Nicolás