Re: Further inquiry regarding data privacy (for packages installed in Debian)
I don't know if many packages have them, but there is a privacy:: debtag that for potential privacy concerns and other anti-features. Synaptic should be able to show them.
On May 21, 2019 9:16:53 AM EDT, npdflr <npdflr@zoho.com> wrote:
>Hi,
>
>Would you recommend me or debian users to go through privacy policy for
>the default packages/softwares installed in Debian images/iso files.
>
>
>
>An example would be the firefox-esr that has data collection
>policy: https://wiki.mozilla.org/Firefox/Data_Collection
>
>The default is off for Web activity data and Highly Sensitive data so
>it should not be a problem.
>
>
>
>But for other default packages should I go through their privacy
>policies?
>
>
>Note: As for the packages installed manually by the user (not default
>packages), it would be the user's responsibity to make sure that they
>don't send any sensitive data.
>
>
>
>Also, what ways can one check the privacy policy of the packages
>installed (by default or manually installed)?
>
>- One way would be to open Synaptic Package Manager (for the packages
>installed from the repositories listed in sources.list), check for
>homepage (if there) for every package installed and then read the
>privacy policy on that homepage.
>
>- For the packages downloaded from elsewhere, I think the user would
>have to check the source/homepage etc for its privacy policy.
>
>
>Thank you.
>
>
>
>
>
>---- On Wed, 27 Feb 2019 13:02:28 -0800 Joerg Jaspert
><joerg@debian.org> wrote ----
>
>
>
>On 15326 March 1977, mailto:npdflr@zoho.com wrote:
>
>> I am posting an excerpt from the 'Data privacy' page
>> (https://www.debian.org/legal/privacy):
>
>> Service related logging
>
>> In addition to the explicitly listed services above the Debian
>> infrastructure logs details about system accesses for the purposes of
>
>> ensuring service availability and reliability, and to enable
>debugging
>> and diagnosis of issues when they arise. This logging includes
>details
>> of mails sent/received through Debian infrastructure, web page access
>
>> requests sent to Debian infrastructure, and login information for
>> Debian systems (such as SSH logins to project machines). None of this
>
>> information is used for any purposes other than operational
>> requirements and it is only stored for 15 days in the case of web
>> server logs, 10 days in the case of mail log and 4 weeks in the case
>> of authentication/ssh logs.
>
>> a) Does 'system' and 'Debian systems' in the above excerpt mean an
>> installation of Debian OS?
>
>No. It means a system installed and run by Debian admins providing a
>service. Like the machine handling this list, or a machine handling a
>webserver for www.debian.org.
>
>> b) I am assuming that 'Debian infrastructure' means the 'Debian
>> Security Infrastructure'
>> (https://www.debian.org/doc/manuals/securing-debian-howto/ch7) which
>> is used to handle security in the stable distribution. Please correct
>
>> me, if wrong.
>
>No, it means the whole infrastructure. We have many machines.
>
>> c) Details regarding non-personally identifiable data: Does Debian
>> (Debian.org) collect any kind of 'telemetry' or 'monitoring data'
>> other than required for operational requirements? I am asking this as
>
>> from a company's or business point of view: one is concerned about
>> intellectual property, company data etc.
>
>As written, no we do not.
>
>> d) (This is related to the above point) Does the statement in the
>> above excerpt "This logging includes details..... login
>information
>> for Debian systems" mean that Debian stores username and passwords of
>
>> users? In my case: A local login not a network based login.
>
>Not in the sense you read into it, no. We do not, in any way, collect
>users data of systems installed with Debian[1]. The above is for
>machines
>running "inside" the debian.org domain and affects Debian Developers,
>not any user who just happens to install Debian.
>
>
>[1] There is one tool named popcon. That does actually send data our
>way. That is opt-in and you can find more information at
>https://popcon.debian.org/
>
Reply to: