[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Alternate proposal for Declassification of debian-private archives

On Sat, Dec 03, 2005 at 01:41:24PM +0100, Adrian von Bidder wrote:
> > > The primary reason for this is that the existing messages were sent to
> > > debian-private with an expectation of privacy.
> > As Matthew pointed out in [0] this expectation of privacy isn't really
> > that strong, fundamentally because -private is open to anyone who joins
> > Debian, and Debian's open to anyone joining it.
> But even taking into account anybody being theoretically able to join 
> Debian, a -private post being readable in tha archive is still a huge 
> difference to the same post being available via google and other search 
> tools.

This kind of brings to mind the opening chapter of the HHGTTG, where the
plans on "public display" were in a locked filing cabinet in a disused
lavatory in attic with no stairs or lights, with a sign saying "beware
of the leopard", and a policy that no one should ever tell you about the
plans in advance.

The reason it brings that to mind is that if you're letting anyone
access stuff, but possibly requiring them to go to some trouble to do so,
then that's not actually that different from a pre-internet concept of
"public availability". Right now, getting some of the more detailed
breakdowns from the Australian Bureau of Statistics will easily cost
you as your time going through n-m is probably worth, eg.

Don't get me wrong, there's a real difference between having -private
accessible to anyone as long as they go through n-m, just as there's
a difference between ABS stats being available free or not. And you
can certainly expect the less available info to be substantially more
exclusive in both cases. But that's not enough to give you a pass for
privacy concerns -- certainly in the ABS case, you don't want the for
pay information to include private information of individual citizens
any more than you want that in the free information.

As far as I can see, similar reasoning applies for -private: sure, less
people will see it, and maybe they'll be nicer people, just like you might
hope that it'll mostly be university statisticians not organised criminals
looking to steal identities or nosy neighbours looking for gossip buying
data from the ABS. Basically, that's a "security by obscurity" approach --
things stay private as long as no one goes to the effort of snooping.

And I mean, that's okay -- I'm not trying to argue -private should be
done away in favour of purely public lists -- I'm just trying to get the
point across that the idea that -private is a good place for secrets
that shouldn't see the light of day already doesn't match reality.

(As you might guess, I've been thinking about making -private less of a
dark underbelly for Debian for a while already, and I hadn't thought the
above through until writing it just now; so I'm not trying to say that the
above's the final word or anything, just that, IMHO, there's more to this
beyond the simple public/secret dichotomy)


Attachment: signature.asc
Description: Digital signature

Reply to: