#30 The Piwik usage in fedora.zanata.org doesn't align with Fedora Policy
Closed: Fixed 2 years ago Opened 2 years ago by jibecfed.

Hi,

I had a discussion with infrastructure team and Zanata team about the usage of piwik on fedora.zanata.org

I believe it doesn't align with https://fedoraproject.org/wiki/Legal/PrivacyPolicy

Zanata developpers (Alex and Carlos) said it is useful to have usage statistics about their software.

I understood the need for Zanata team, and I feel like they have:

  • a direct workaround with server log
  • the possibility use some internal probe not related to the user
  • some other instances translate.zanata.org, jboss, etc. to run such statistics, as far as it align with values of these communities.

We live in a world where most companies try to tracks us, I feel like gathering personal information should no be accepted in a volunteer based distribution. Even if Zanata team may do good usage of it, we do not know what other people may access the database, nor how safely it is (we learn new leaks everyday).

In addition, this is open-source, we already do a lot of things in the open and we don't need to give more data.

I feel like this also is the reasons why the Fedora Project Leader do not have deep statistics about end-user.

I ask:

  • to stop of this non essential user data gathering;
  • to remove of the piwik script;
  • to erase all previously gathered data related to fedora.zanata.org.

thanks for your help


@jibecfed like I said on fedora-infra list, please file issue on http://zanata.org/issues

This is totally issue with some project upstream that is Zanata project so need be addressed by its developers.

Let me try to get attention of @aeng here

Hi,

Just to reply all the questions:

I feel like this also is the reasons why the Fedora Project Leader do not have deep statistics about > end-user.

How does this have anything to do with Piwik?

Even if Zanata team may do good usage of it, we do not know what other people may access the
database, nor how safely it is (we learn new leaks everyday).

Well, same goes to anything online. Should we stop going to internet then?

I understood the need for Zanata team, and I feel like they have:

a direct workaround with server log
the possibility use some internal probe not related to the user
some other instances translate.zanata.org, jboss, etc. to run such statistics, as far as it align >>> with values of these communities.

Assumption is a huge risk and no, we do not have workaround in log. It is a riskier way compare to database.

But, like I said, we are more than happy to remove it if that's what the community wants :)
Just ping me or email me.

Till date did we used this data any time for any purpose?
If yes, for what?
If not, i think no harm in disabling it. (Or may be remove user specific info from it)

@pravins Yes we do use it to prioritize page redesign tasks according to visited count. But seems like concern about tracking is far more than the value it brings. We will remove it if that is what community wants.

@aeng Or can we simply remove some part like username from it?
I think person user tracking is only objectionable part here. Anything else @jibecfed here?

Quote from @pfrields

Hi Alex,

You may want to check out this page for information on configuring
Piwik to create additional privacy for users:

https://piwik.org/privacy/

The Fedora privacy statement[1] provides for the use of IP addresses
and cookies, among other purposes, to administer websites, identify
geographic location, and measure (in aggregate) traffic patterns and
habits. I don't believe the use of Piwik is disallowed under these
conditions. However, you may be able to tune Piwik configuration so
your team can get the information they need without unnecessarily
affecting the privacy of users.

My reply:

Thanks for the info Paul and yes, Zanata only collect page visits information, NOT user information. That information is valuable for us to understand type of browser, page with most visits and etc.
But we also respect community's decision if for some reason, they wish to have it remove.

As a start, I've changed the "terms" link in Zanata to https://fedoraproject.org/wiki/Legal:PrivacyPolicy to align with Fedora.

For piwik, I prefer have since it is not violating policy in fedora, but I will leave the community to decide :)

Thank you for the information and the replies, @aeng. It's great that you want to give the community an appropriate voice in this decision. I do think, however, that decision should not be made on a faulty reading of Fedora's privacy statement.

Well, I have no opposition to keep this Piwik script if user is not recorded and privacy settings are set to remove IP address as written in http://piwik.org/docs/privacy/

We should probably let L10N Admin to access statistics, so they can confirm the change is done.

I just have a read on the privacy statement

Using Your Personal Information

Fedora uses the personal information you provide to:

create and maintain your accounts;
answer your questions;
send you information;
for research activities, including the production of statistical reports (such aggregated information is not used to contact the subjects of the report);
send you surveys.
We also use this personal information to provide you with information related to your account and the products or services you acquire from us, to better understand your needs and interests, to improve our service, and to personalize communications.

So, theoratically Piwik is not violating any privacy rules. All members has signed this agreement when signing up for a Fedora account. I've update the privacy statement in Zanata to https://fedoraproject.org/wiki/Legal:PrivacyPolicy align with Fedora requirements. Apart from that, we are well within the written rules.

The issue was raised as "the Piwik usage in fedora.zanata.org doesn't align with Fedora Policy".
Now the privacy statement in Zanata has been updated to align Fedora Privacy Policy. I see problem solved.

To stop this from going on without any results, I have remove piwik from Zanata. The removal is not because of opinion from individual, but to stop community from spending time worrying about privacy and better use of their time. This means we no longer have any data on page visits by users and no more information on used browser/platform which we use when improving pages.

Having said that, Zanata will well within the privacy rule and does not violate anything. This action is simply to allow everyone to move on to more productive activity.

Zanata project always appreciate opinion from community and will always try our best to accommodate those feedback.

Well, I have no opposition to keep this Piwik script if user is not recorded and privacy settings are set to remove IP address as written in http://piwik.org/docs/privacy/
We should probably let L10N Admin to access statistics, so they can confirm the change is done.

First of all Thanks @jibecfed for coming to minimal amount of requirement/doubts which was their :)
We are living all core values of Fedora day to day. L10N Admin is free to request access or information about statistics. Please ask L10N admin to start different communication/thread about this.
IMHO This definitely does not account to removal of Piwik.

To stop this from going on without any results, I have remove piwik from Zanata. The removal is not because of opinion from individual, but to stop community from spending time worrying about privacy and better use of their time. This means we no longer have any data on page visits by users and no more information on used browser/platform which we use when improving pages.
Having said that, Zanata will well within the privacy rule and does not violate anything. This action is simply to allow everyone to move on to more productive activity.
Zanata project always appreciate opinion from community and will always try our best to accommodate those feedback.

Appreciated your decision from taking into perspective wider community benefits. But still few things which i feel important.

From community perspective, if Zanata sometime make analysis from this statistics public, it will actually help to better understanding of uses of Piwik.

As far as i understand presently this ticket open only for making statistics public/ or making it available to whoever requests it not for removing public.

From considering long term benefits of user and wider opensource community, i will leave decision to fedora.zanata.org side whether they want to use Piwik or not.

From considering long term benefits of user and wider opensource community, i will leave decision to fedora.zanata.org side whether they want to use Piwik or not.

I'm not sure to understand what this means.

Anyway, to answer the last comment from Alex, this debate is not a waste of time as it involves our values.

I have no problems against statistics for Zanata, if it respects community written rules, especially when it uses dedicated tools. I have no knowledge of such rules in Fedora, so it is what I mean when I say it does not align with Fedora Policy.

I'll go to council to suggest this:

1 users should be informed and be regularly updated about the results,
2 access to data should be audited (protect potention abuses),
3 personal data should not be collected and IP should be obfuscated (prevent malicious use),
4 raw data should be deleted after a reasonnable period of time (limit impact of leaks), aggregated data should be no problem

Fedora is a Friend community, I do not use professional analytics tools to gather information about my Friends without giving them details.
I know 21th century is a lot about user data gathering without any care, but it's not something we should copy.

For Zanata, (3) and (4) probably are only one option to activate in Piwik.
Point (1) is a reporting to set-up in Piwik.
Point (2) is about governance, I suggested L10N Admin: Noriko and Piotr. Maybe one person from Zanata developpement team to get relevant information for you. Aeng would be my choice.

Closing, since no further todo here.

Metadata Update from @pravins:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

2 years ago

Login to comment on this ticket.

Metadata