Regarding KDE Privacy policy
Ben Cooksley
bcooksley at kde.org
Fri Feb 28 21:35:17 GMT 2020
On Thu, Feb 27, 2020 at 4:02 AM Nate Graham <nate at kde.org> wrote:
>
> On 2/26/20 2:32 AM, Ben Cooksley wrote:
> > As we're changing how we use the data (to now include a distribution
> > component) we would need to invalidate all existing consents given by
> > users (for which no mechanism exists for us to do so, as we never
> > expected to need to change the policy) and I think we would have to
> > discard all the data we have already collected as well.
> >
> > Unfortunately, as the system includes no mechanism for the server to
> > communicate which revision of the privacy policy the user agreed to,
> > we would also have to come up with a way of blocking all old clients
> > from communicating with the system altogether (as we have no way of
> > telling if it is an old consent the software is relying on or a new
> > one) so you'd only start getting data in the system once users had
> > gone through a full update cycle.
>
> That seems like an oversight we should correct regardless of whether or
> not we release any data. It is not likely that the terms will *never*
> change.
Even if it is an option we never end up needing to use, having the
option to both require the user to re-consent, along with having a
remote kill-switch for Telemetry in certain applications/versions (so
if we end up shipping something that submits information which is too
identifying we can shut it off without requiring distributions to
assist us)
>
> Nate
Cheers,
Ben
More information about the kde-community
mailing list