Please remove this {{Draft}}template, when you're sure the page is complete and correct.
|
There are different domains:
- the Mageia distribution, that you may install and use on your own systems;
- the Mageia project Web sites and online applications, as a visitor or as a contributor.
Contents
Who to contact
In case of question regarding this policy, please contact the Council, Board or contact AT mageia DOT org. In case of emergency regarding something related to this policy, please mail contact AT mageia DOT org.
General rules
Mageia distribution privacy policy
TBD
Mageia.org Web sites & apps privacy policy
Current situation
As of July 29th 2011, the following is used/set
*.mageia.org
- most (if not all) web services keep access logs, that include: IP address, browser user-agent (and potentially any request header your user agent send to our servers); these logs retention policy is not set yet (but likely to fit French law requirements) and are not to be used for anything else than service stats and audit within mageia.org.
- More TBD
www.mageia.org
- Google Analytics to track anonymous traffic data
- a Facebook widget
- a Google +1 button
- a Twitter button
- publishes a list of donators, with their consent (see http://www.mageia.org/en/thank-you/
blog.mageia.org
- Google Analytics to track anonymous traffic data
- wordpress.com to track anonymous blog traffic data
- akismet to detect/filter spam comments
wiki.mageia.org
- Google Analytics to track anonymous traffic data
Mailing-lists
- Mailman-based: http://www.mageia.org/mailman/
- Sympa-based: http://ml.mageia.org/
- both provide public archives
ldap.mageia.org / identity
LDAP users directory stores all user accounts (username, public name, email, (encrypted) password, other data) for: association members management, community members management, non-commercial email notifications, and authentication purposes through all Mageia services
Other sites/apps
- forum, wiki, bugzilla, subversion and other code repositories track and publishes users commits/comments
Projects
- a dashboard may gather and cross some of this data to build: group/team pages, user pages, and on each, link to related docs through mageia.org resources (all packages/bugs relative to someone, or a team/group for instance) (see https://bugs.mageia.org/show_bug.cgi?id=1045)
- a contributors' map may publish users location (opt-in only) (see https://bugs.mageia.org/show_bug.cgi?id=998)
- a service to aggregate logs (web, mirrors, bugzilla, buildsystem, code repositories) and provide the possibility to visualize/extract useful patterns/info from it
All aggregated, anonymous, non-personally-identifying data are meant to be released within a metrics publishing/understanding system.
This is subject to change/improve, one way or the other.
Google Analytics
- same account is used, managed by Mageia board
- http://www.google.com/intl/en/analytics/privacyoverview.html
- http://www.google.com/intl/fr/analytics/privacyoverview.html
General principles
Orientations for the privacy policy for the project. Valid for web site, distribution/software, community tools.
MUST
- be highly careful about users account, data
- users can register, edit and remove their account at any time (with proper consideration regarding consequences)
- educate users about their privacy, their public life online and netiquette
- educate users, before and after their registration, about their involvement in the project and the publication of related data (commits, archives, forums, blogs, IRC logs, etc.):
- "Chat rooms, forums, and/or news groups are available to our community. Any information that you disclosed in these areas becomes public information. Please exercise caution when deciding to disclose any personal information in those areas."
- no redistribution of users personal identifying data outside of Mageia.org scope
- user data must only be accessed per user approval and for its own use/benefit
- disclose in detail what data is collected, by whom, why, what for, how long
- disclose how to prevent some of this data to be collected anyway (opt out)
- disclose who to contact in case of data abuse, leak, doubt, account forced removal, etc.
- actual official privacy policy will be written/committed in a editable plain text format (rendered afterwise for better display, but source version is still available); each update/revision of this policy must be notified (blog/ml) with a rationale about the change and the related diff between the old and new versions.
SHOULD
- user account removal should not harm apps and contents consistency
COULD
WILL NOT, NEVER
Proposals
It's not a black or white world. To improve our understanding of users and usages, we could need to use some info usually delivered transparently by users. So we need to list any type of user data we may be using at some level, to explain what we would use, why, or why not, and in what scope. Goal is to be explicit.
To be notified to users when using such services/software (through a privacy policy, a warning, terms of use, whatever), we would like to:
Type of information | Intended usage | Note |
IP address | Adapt Web sites or services to user location (local server, locale, other) | A remote/local service may be queried to associate this IP address with a country/city location |
Gather usage/downloads statistics (country/city level at most) | ||
Browser headers | Adapt Web sites or services to user preferences (locale, other) | |
Gather usage stats (locale, browser, device) | ||
Cookie | Keep user sessions on our Web apps | |
Cookie/events | Collect anonymous traffic data for usage statistics and discovery | A remote/local service may be used to collect and munch this data |
Anonymous here means: not linking behaviour data to discovered/known user account (better definition?).
Remote/local service may be:
- maxdata geodb
- google analytics
- piwik
- other?
Other privacy policies
- http://www.mozilla.org/about/policies/privacy-policy.html
- http://intlstore.mozilla.org/privacy.php
- http://www.mozilla.com/en-US/third-party.html
- http://www.mozilla.com/en-US/legal/privacy/firefox-en.html
- http://www.mozilla.com/en-US/opt-out.html
- https://one.ubuntu.com/privacy/
- http://twitter.com/privacy
- ?