unofficial mirror of bug-guix@gnu.org 
 help / color / mirror / Atom feed
* bug#43796: Privacy policy
@ 2020-10-04 15:34 pelzflorian (Florian Pelz)
  2020-10-04 15:56 ` Julien Lepiller
                   ` (2 more replies)
  0 siblings, 3 replies; 10+ messages in thread
From: pelzflorian (Florian Pelz) @ 2020-10-04 15:34 UTC (permalink / raw)
  To: 43796

[-- Attachment #1: Type: text/plain, Size: 717 bytes --]

IANAL but I think Guix needs a privacy policy for both its website and
the Guix software in general.

Attached is a patch for the website that also documents data use by
Guix and Guix System.  Maybe I’ve overdone some parts and probably
something important is missing.

In particular, the GDPR requires IP addresses to be deleted from logs
after a reasonable time.  I think but am not sure the current process
for nginx is to delete only when the log files become too big.  A more
suitable policy must be implemented and the users must be told about
it, I think.  See <https://gdpr-info.eu/art-13-gdpr/>.

In general I think it is better to have an incomplete policy than to
have none.

Comments?

Regards,
Florian

[-- Attachment #2: 0001-website-Add-privacy-policy.patch --]
[-- Type: text/plain, Size: 11239 bytes --]

From 080df2de1f1f99fce3d7dffcce57f723fd266e17 Mon Sep 17 00:00:00 2001
From: Florian Pelz <pelzflorian@pelzflorian.de>
Date: Sun, 4 Oct 2020 17:10:13 +0200
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Subject: [PATCH] website: Add privacy policy.

* website/apps/base/templates/privacy.scm: New file with
web page on privacy.
* website/apps/base/templates/components.scm (navbar): Add it.
* website/po/POTFILES: Add it.
* website/apps/base/builder.scm (privacy-builder): New procedure.
(builder): Add it.
---
 website/apps/base/builder.scm              |  23 +++++
 website/apps/base/templates/components.scm |  18 +++-
 website/apps/base/templates/privacy.scm    | 115 +++++++++++++++++++++
 website/po/POTFILES                        |   1 +
 4 files changed, 156 insertions(+), 1 deletion(-)
 create mode 100644 website/apps/base/templates/privacy.scm

diff --git a/website/apps/base/builder.scm b/website/apps/base/builder.scm
index 4882dc5..2acf4dc 100644
--- a/website/apps/base/builder.scm
+++ b/website/apps/base/builder.scm
@@ -1,6 +1,22 @@
 ;;; GNU Guix web site
+;;; Copyright © 2020 Florian Pelz <pelzflorian@pelzflorian.de>
 ;;; Initially written by sirgazil who waives all
 ;;; copyright interest on this file.
+;;;
+;;; This file is part of the GNU Guix web site.
+;;;
+;;; The GNU Guix web site is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU Affero General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; The GNU Guix web site is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU Affero General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU Affero General Public License
+;;; along with the GNU Guix web site.  If not, see <http://www.gnu.org/licenses/>.
 
 (define-module (apps base builder)
   #:use-module (apps base data)
@@ -13,6 +29,7 @@
   #:use-module (apps base templates help)
   #:use-module (apps base templates home)
   #:use-module (apps base templates menu)
+  #:use-module (apps base templates privacy)
   #:use-module (apps base templates security)
   #:use-module (apps base types)
   #:use-module (apps blog utils)
@@ -54,6 +71,7 @@
 	 (contact-builder)
 	 (irc-builder)
 	 (contribute-builder)
+         (privacy-builder)
 	 (security-builder)
 	 (graphics-builder))))
 
@@ -115,6 +133,11 @@
   (make-page "menu/index.html" (menu-t) sxml->html))
 
 
+(define (privacy-builder)
+  "Return a Haunt page representing the Privacy page of the website."
+  (make-page "privacy/index.html" (privacy-t) sxml->html))
+
+
 (define (security-builder)
   "Return a Haunt page representing the Security page of the website."
   (make-page "security/index.html" (security-t) sxml->html))
diff --git a/website/apps/base/templates/components.scm b/website/apps/base/templates/components.scm
index 44d410e..1bf11e9 100644
--- a/website/apps/base/templates/components.scm
+++ b/website/apps/base/templates/components.scm
@@ -1,7 +1,22 @@
 ;;; GNU Guix web site
-;;; Copyright © 2019 Florian Pelz <pelzflorian@pelzflorian.de>
+;;; Copyright © 2019, 2020 Florian Pelz <pelzflorian@pelzflorian.de>
 ;;; Initially written by sirgazil who waives all
 ;;; copyright interest on this file.
+;;;
+;;; This file is part of the GNU Guix web site.
+;;;
+;;; The GNU Guix web site is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU Affero General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; The GNU Guix web site is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU Affero General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU Affero General Public License
+;;; along with the GNU Guix web site.  If not, see <http://www.gnu.org/licenses/>.
 
 ;;; This module defines HTML parts like header, breadcrumbs, footer,
 ;;; buttons, etc., which are used website-wide.
@@ -425,6 +440,7 @@ manual.
          (C_ "website menu" (menu-item #:label "Contact" #:active-item active-item #:url (guix-url "contact/")))
          (C_ "website menu" (menu-item #:label "Contribute" #:active-item active-item #:url (guix-url "contribute/")))
          (C_ "website menu" (menu-item #:label "Security" #:active-item active-item #:url (guix-url "security/")))
+         (C_ "website menu" (menu-item #:label "Privacy" #:active-item active-item #:url (guix-url "privacy/")))
          (C_ "website menu" (menu-item #:label "Graphics" #:active-item active-item #:url (guix-url "graphics/")))))
       ,(horizontal-skip)
       ;; Languages dropdown.
diff --git a/website/apps/base/templates/privacy.scm b/website/apps/base/templates/privacy.scm
new file mode 100644
index 0000000..1511fe0
--- /dev/null
+++ b/website/apps/base/templates/privacy.scm
@@ -0,0 +1,115 @@
+;;; GNU Guix web site
+;;; Copyright © 2020 Florian Pelz <pelzflorian@pelzflorian.de>
+;;;
+;;; This file is part of the GNU Guix web site.
+;;;
+;;; The GNU Guix web site is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU Affero General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; The GNU Guix web site is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU Affero General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU Affero General Public License
+;;; along with the GNU Guix web site.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (apps base templates privacy)
+  #:use-module (apps base templates components)
+  #:use-module (apps base templates theme)
+  #:use-module (apps base types)
+  #:use-module (apps base utils)
+  #:use-module (apps i18n)
+  #:export (privacy-t))
+
+(define (privacy-t)
+  "Return the Privacy page in SHTML."
+  (theme
+   #:title (C_ "webpage title" '("Privacy"))
+   #:description
+   (G_ "Information on how your personal data is processed while using
+GNU Guix’ services.")
+   #:keywords
+   (string-split ;TRANSLATORS: |-separated list of webpage keywords
+      (G_ "GNU|Linux|Unix|Free software|Libre software|Operating \
+system|GNU Hurd|GNU Guix package manager|Privacy|Data Protection") #\|)
+   #:active-menu-item (C_ "website menu" "About")
+   #:css (list
+          (guix-url "static/base/css/page.css"))
+   #:crumbs (list (crumb (C_ "website menu" "Privacy") "./"))
+   #:content
+   `(main
+     (section
+      (@ (class "page centered-block limit-width"))
+      ,(G_ `(h2 "How we use your personal information"))
+      ,(G_
+        `(p
+          "Guix is made by people and organizations without a commercial
+           interest in your personal information.  Nonetheless, some
+           services for Guix necessarily process your data to provide the
+           functionality you requested.  We keep this to a minimum."))
+
+      ,(C_ "privacy policy section" `(h3 "Guix and Guix System"))
+      ,(G_
+        `(p
+          "During your use of Guix’ software in its default configuration,
+           your IP address may be revealed to the network services you use.
+           Your IP address could be used to identify who uses the service and
+           from which internet connection it is used.  These services include "
+          ,(G_ (manual-href "substitute servers"
+                            (G_ "en")
+                            (G_ "Substitutes.html")))
+          " hosted by "
+          ,(G_ `(a (@ (href ,(guix-url "donate/"))) "our donors"))
+          " for the Guix project but also "
+          ,(G_ (manual-href "third-party services"
+                            (G_ "en")
+                            (G_ "Networking-Services.html")))
+          " such as network, DNS and Network Time Protocol service providers.
+           This is necessary to provide you with a usable and secure system
+           environment.  It shall be assumed that these services log your use 
+           of their service along with your IP address to make it easier to
+           guard against malicious use.  The "
+          ,(G_ `(a (@ (href ,(guix-url "manual/"))) "manual"))
+          " describes how to change the configuration of Guix to disable such
+           services or how to send data over the network via an HTTP(S) proxy,
+           Tor or other means that maybe expose less of your personal data."))
+      ,(G_
+        `(p
+          "When you tell Guix to install software for you, Guix will attempt
+           to download said software from the respective upstream provider and
+           various download mirrors, revealing your IP address.  Your use of
+           third-party software installed via Guix is of course your
+           responsibility."))
+      ,(C_ "privacy policy section" `(h3 "Website"))
+      ,(G_
+        `(p
+          "When you access Guix’ website, your request will be logged along
+           with your IP address and the requested URL.  This enables the
+           admins to more easily respond to excess usage or security attacks."))
+      ,(G_
+        `(p
+          "For proper presentation, Guix loads videos and scripts from "
+          ,(G_ `(a (@ (href "https://audio-video.gnu.org/"))
+                   "audio-video.gnu.org")) " and "
+          ,(G_ `(a (@ (href "https://kiwiirc.com/"))
+                   "kiwiirc.com"))
+          ".  Please see their websites for explanations how they use your
+           data.  The website also contains hyperlinks to third-party sites.
+           When you follow them, it is likely that your web browser is
+           configured to report the Guix website URL you were previously
+           visiting to the third-party site in a "
+          ,(G_ `(a (@ (href "https://en.wikipedia.org/wiki/HTTP_referer"))
+                   "Referer header"))
+          "."))
+      ,(C_ "privacy policy section"
+           `(h3 "Mailing lists, IRC and other means of communication"))
+      ,(G_
+        `(p
+          "You can "
+          ,(G_ `(a (@ (href ,(guix-url "contact/")))
+                   "contact the Guix community"))
+          " via various third-party means.  Their respective privacy policy
+           applies."))))))
diff --git a/website/po/POTFILES b/website/po/POTFILES
index 6f9f349..a97c6e5 100644
--- a/website/po/POTFILES
+++ b/website/po/POTFILES
@@ -13,6 +13,7 @@ apps/base/templates/donate.scm
 apps/base/templates/graphics.scm
 apps/base/templates/irc.scm
 apps/base/templates/menu.scm
+apps/base/templates/privacy.scm
 apps/base/templates/security.scm
 apps/blog/templates/components.scm
 apps/blog/templates/feed.scm
-- 
2.28.0


^ permalink raw reply	[flat|nested] 10+ messages in thread

* bug#43796: Privacy policy
  2020-10-04 15:34 bug#43796: Privacy policy pelzflorian (Florian Pelz)
@ 2020-10-04 15:56 ` Julien Lepiller
  2020-10-05  9:54   ` pelzflorian (Florian Pelz)
  2020-10-05  7:09 ` bug#43796: (no subject) Tomás Ortín Fernández via Bug reports for GNU Guix
  2020-10-05 10:57 ` bug#43796: Privacy policy Jelle Licht
  2 siblings, 1 reply; 10+ messages in thread
From: Julien Lepiller @ 2020-10-04 15:56 UTC (permalink / raw)
  To: 43796, pelzflorian

[-- Attachment #1: Type: text/plain, Size: 1388 bytes --]

Looks nice, but:

The GDPR is not the only legislation that applies to us. For services hosted in France for instance, there is a legal obligation to keep logs for at least one year (not sure exactly who that applies to). There could be something similar in Germany where berlin is located.

I think some of the wording is vague. Does "can be used to identify" mean we will use the IP to identify the person (is it the reason we process this data?) Or is it something that we could technically do, but refuse to do?

Le 4 octobre 2020 11:34:19 GMT-04:00, "pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de> a écrit :
>IANAL but I think Guix needs a privacy policy for both its website and
>the Guix software in general.
>
>Attached is a patch for the website that also documents data use by
>Guix and Guix System.  Maybe I’ve overdone some parts and probably
>something important is missing.
>
>In particular, the GDPR requires IP addresses to be deleted from logs
>after a reasonable time.  I think but am not sure the current process
>for nginx is to delete only when the log files become too big.  A more
>suitable policy must be implemented and the users must be told about
>it, I think.  See <https://gdpr-info.eu/art-13-gdpr/>.
>
>In general I think it is better to have an incomplete policy than to
>have none.
>
>Comments?
>
>Regards,
>Florian

[-- Attachment #2: Type: text/html, Size: 1718 bytes --]

^ permalink raw reply	[flat|nested] 10+ messages in thread

* bug#43796: (no subject)
  2020-10-04 15:34 bug#43796: Privacy policy pelzflorian (Florian Pelz)
  2020-10-04 15:56 ` Julien Lepiller
@ 2020-10-05  7:09 ` Tomás Ortín Fernández via Bug reports for GNU Guix
  2020-10-05 13:16   ` pelzflorian (Florian Pelz)
  2020-10-05 19:53   ` pelzflorian (Florian Pelz)
  2020-10-05 10:57 ` bug#43796: Privacy policy Jelle Licht
  2 siblings, 2 replies; 10+ messages in thread
From: Tomás Ortín Fernández via Bug reports for GNU Guix @ 2020-10-05  7:09 UTC (permalink / raw)
  To: 43796

As I understand it, the Guix distribution is *not* a service but a piece of software. Neither the Guix community nor the GNU project have any responsibility over the third-party services you decide to use with the Guix system, your software in your computer; it's only responsible of what concerns their services: the website and the repositories.
For example, it's not that Guix shares your IP with your network provider, you share it yourself. It is indeed "your responsibility" (and your network provider's), but why would that be on the privacy policy for Guix?

>During your use of Guix’ software in its default configuration, your IP address may be revealed to the network services you use.

What configuration doesn't reveal your IP to the network services you use? If you use Tor, your IP will be revealed at least to the Tor access node. It's not possible to use the Internet without revealing your IP to at least one service.

I understand that the point of mentioning all that is more as an advice than a policy. Wouldn't it be more useful in a section about privacy recommendations (or something similar) that in the privacy policy?




^ permalink raw reply	[flat|nested] 10+ messages in thread

* bug#43796: Privacy policy
  2020-10-04 15:56 ` Julien Lepiller
@ 2020-10-05  9:54   ` pelzflorian (Florian Pelz)
  2020-10-05 11:14     ` Julien Lepiller
  0 siblings, 1 reply; 10+ messages in thread
From: pelzflorian (Florian Pelz) @ 2020-10-05  9:54 UTC (permalink / raw)
  To: Julien Lepiller; +Cc: 43796

[-- Attachment #1: Type: text/plain, Size: 1447 bytes --]

On Sun, Oct 04, 2020 at 11:56:04AM -0400, Julien Lepiller wrote:
> The GDPR is not the only legislation that applies to us. For
> services hosted in France for instance, there is a legal obligation
> to keep logs for at least one year (not sure exactly who that
> applies to). There could be something similar in Germany where
> berlin is located.

A quick web search does not reveal any such obligation in Germany.
I also know people who don’t log.  But again, IANAL.

The Debian Privacy Policy says they store web logs for 15 days.
But iplocation.net tells me their server is hosted in the Netherlands.

If the Guix admins do not intend to use such data to “respond to
excess usage or security attacks” on the website, logging should be
disabled and I will remove that wording from the proposed patch.

> I think some of the wording is vague. Does "can be used to identify"
> mean we will use the IP to identify the person (is it the reason we
> process this data?) Or is it something that we could technically do,
> but refuse to do?

I changed it to

During your use of Guix’ software in its default configuration,
your IP address will be revealed to the network services you use.
From an IP address it may be possible to identify who uses the
service and from which internet connection.  These services include

Attached is the complete patch with this single change.

Are there other things which are badly worded?

Regards,
Florian

[-- Attachment #2: 0001-website-Add-privacy-policy.patch --]
[-- Type: text/plain, Size: 11237 bytes --]

From 7f5354304697cf175dee3a76397d0f4ecff902cf Mon Sep 17 00:00:00 2001
From: Florian Pelz <pelzflorian@pelzflorian.de>
Date: Mon, 5 Oct 2020 11:08:34 +0200
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Subject: [PATCH] website: Add privacy policy.

* website/apps/base/templates/privacy.scm: New file with
web page on privacy.
* website/apps/base/templates/components.scm (navbar): Add it.
* website/po/POTFILES: Add it.
* website/apps/base/builder.scm (privacy-builder): New procedure.
(builder): Add it.
---
 website/apps/base/builder.scm              |  23 +++++
 website/apps/base/templates/components.scm |  18 +++-
 website/apps/base/templates/privacy.scm    | 115 +++++++++++++++++++++
 website/po/POTFILES                        |   1 +
 4 files changed, 156 insertions(+), 1 deletion(-)
 create mode 100644 website/apps/base/templates/privacy.scm

diff --git a/website/apps/base/builder.scm b/website/apps/base/builder.scm
index 4882dc5..2acf4dc 100644
--- a/website/apps/base/builder.scm
+++ b/website/apps/base/builder.scm
@@ -1,6 +1,22 @@
 ;;; GNU Guix web site
+;;; Copyright © 2020 Florian Pelz <pelzflorian@pelzflorian.de>
 ;;; Initially written by sirgazil who waives all
 ;;; copyright interest on this file.
+;;;
+;;; This file is part of the GNU Guix web site.
+;;;
+;;; The GNU Guix web site is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU Affero General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; The GNU Guix web site is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU Affero General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU Affero General Public License
+;;; along with the GNU Guix web site.  If not, see <http://www.gnu.org/licenses/>.
 
 (define-module (apps base builder)
   #:use-module (apps base data)
@@ -13,6 +29,7 @@
   #:use-module (apps base templates help)
   #:use-module (apps base templates home)
   #:use-module (apps base templates menu)
+  #:use-module (apps base templates privacy)
   #:use-module (apps base templates security)
   #:use-module (apps base types)
   #:use-module (apps blog utils)
@@ -54,6 +71,7 @@
 	 (contact-builder)
 	 (irc-builder)
 	 (contribute-builder)
+         (privacy-builder)
 	 (security-builder)
 	 (graphics-builder))))
 
@@ -115,6 +133,11 @@
   (make-page "menu/index.html" (menu-t) sxml->html))
 
 
+(define (privacy-builder)
+  "Return a Haunt page representing the Privacy page of the website."
+  (make-page "privacy/index.html" (privacy-t) sxml->html))
+
+
 (define (security-builder)
   "Return a Haunt page representing the Security page of the website."
   (make-page "security/index.html" (security-t) sxml->html))
diff --git a/website/apps/base/templates/components.scm b/website/apps/base/templates/components.scm
index 44d410e..1bf11e9 100644
--- a/website/apps/base/templates/components.scm
+++ b/website/apps/base/templates/components.scm
@@ -1,7 +1,22 @@
 ;;; GNU Guix web site
-;;; Copyright © 2019 Florian Pelz <pelzflorian@pelzflorian.de>
+;;; Copyright © 2019, 2020 Florian Pelz <pelzflorian@pelzflorian.de>
 ;;; Initially written by sirgazil who waives all
 ;;; copyright interest on this file.
+;;;
+;;; This file is part of the GNU Guix web site.
+;;;
+;;; The GNU Guix web site is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU Affero General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; The GNU Guix web site is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU Affero General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU Affero General Public License
+;;; along with the GNU Guix web site.  If not, see <http://www.gnu.org/licenses/>.
 
 ;;; This module defines HTML parts like header, breadcrumbs, footer,
 ;;; buttons, etc., which are used website-wide.
@@ -425,6 +440,7 @@ manual.
          (C_ "website menu" (menu-item #:label "Contact" #:active-item active-item #:url (guix-url "contact/")))
          (C_ "website menu" (menu-item #:label "Contribute" #:active-item active-item #:url (guix-url "contribute/")))
          (C_ "website menu" (menu-item #:label "Security" #:active-item active-item #:url (guix-url "security/")))
+         (C_ "website menu" (menu-item #:label "Privacy" #:active-item active-item #:url (guix-url "privacy/")))
          (C_ "website menu" (menu-item #:label "Graphics" #:active-item active-item #:url (guix-url "graphics/")))))
       ,(horizontal-skip)
       ;; Languages dropdown.
diff --git a/website/apps/base/templates/privacy.scm b/website/apps/base/templates/privacy.scm
new file mode 100644
index 0000000..bea6552
--- /dev/null
+++ b/website/apps/base/templates/privacy.scm
@@ -0,0 +1,115 @@
+;;; GNU Guix web site
+;;; Copyright © 2020 Florian Pelz <pelzflorian@pelzflorian.de>
+;;;
+;;; This file is part of the GNU Guix web site.
+;;;
+;;; The GNU Guix web site is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU Affero General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; The GNU Guix web site is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU Affero General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU Affero General Public License
+;;; along with the GNU Guix web site.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (apps base templates privacy)
+  #:use-module (apps base templates components)
+  #:use-module (apps base templates theme)
+  #:use-module (apps base types)
+  #:use-module (apps base utils)
+  #:use-module (apps i18n)
+  #:export (privacy-t))
+
+(define (privacy-t)
+  "Return the Privacy page in SHTML."
+  (theme
+   #:title (C_ "webpage title" '("Privacy"))
+   #:description
+   (G_ "Information on how your personal data is processed while using
+GNU Guix’ services.")
+   #:keywords
+   (string-split ;TRANSLATORS: |-separated list of webpage keywords
+      (G_ "GNU|Linux|Unix|Free software|Libre software|Operating \
+system|GNU Hurd|GNU Guix package manager|Privacy|Data Protection") #\|)
+   #:active-menu-item (C_ "website menu" "About")
+   #:css (list
+          (guix-url "static/base/css/page.css"))
+   #:crumbs (list (crumb (C_ "website menu" "Privacy") "./"))
+   #:content
+   `(main
+     (section
+      (@ (class "page centered-block limit-width"))
+      ,(G_ `(h2 "How we use your personal information"))
+      ,(G_
+        `(p
+          "Guix is made by people and organizations without a commercial
+           interest in your personal information.  Nonetheless, some
+           services for Guix necessarily process your data to provide the
+           functionality you requested.  We keep this to a minimum."))
+
+      ,(C_ "privacy policy section" `(h3 "Guix and Guix System"))
+      ,(G_
+        `(p
+          "During your use of Guix’ software in its default configuration,
+           your IP address will be revealed to the network services you use.
+           From an IP address it may be possible to identify who uses the
+           service and from which internet connection.  These services include "
+          ,(G_ (manual-href "substitute servers"
+                            (G_ "en")
+                            (G_ "Substitutes.html")))
+          " hosted by "
+          ,(G_ `(a (@ (href ,(guix-url "donate/"))) "our donors"))
+          " for the Guix project but also "
+          ,(G_ (manual-href "third-party services"
+                            (G_ "en")
+                            (G_ "Networking-Services.html")))
+          " such as network, DNS and Network Time Protocol service providers.
+           This is necessary to provide you with a usable and secure system
+           environment.  It shall be assumed that these services log your use 
+           of their service along with your IP address to make it easier to
+           guard against malicious use.  The "
+          ,(G_ `(a (@ (href ,(guix-url "manual/"))) "manual"))
+          " describes how to change the configuration of Guix to disable such
+           services or how to send data over the network via an HTTP(S) proxy,
+           Tor or other means that maybe expose less of your personal data."))
+      ,(G_
+        `(p
+          "When you tell Guix to install software for you, Guix will attempt
+           to download said software from the respective upstream provider and
+           various download mirrors, revealing your IP address.  Your use of
+           third-party software installed via Guix is of course your
+           responsibility."))
+      ,(C_ "privacy policy section" `(h3 "Website"))
+      ,(G_
+        `(p
+          "When you access Guix’ website, your request will be logged along
+           with your IP address and the requested URL.  This enables the
+           admins to more easily respond to excess usage or security attacks."))
+      ,(G_
+        `(p
+          "For proper presentation, Guix loads videos and scripts from "
+          ,(G_ `(a (@ (href "https://audio-video.gnu.org/"))
+                   "audio-video.gnu.org")) " and "
+          ,(G_ `(a (@ (href "https://kiwiirc.com/"))
+                   "kiwiirc.com"))
+          ".  Please see their websites for explanations how they use your
+           data.  The website also contains hyperlinks to third-party sites.
+           When you follow them, it is likely that your web browser is
+           configured to report the Guix website URL you were previously
+           visiting to the third-party site in a "
+          ,(G_ `(a (@ (href "https://en.wikipedia.org/wiki/HTTP_referer"))
+                   "Referer header"))
+          "."))
+      ,(C_ "privacy policy section"
+           `(h3 "Mailing lists, IRC and other means of communication"))
+      ,(G_
+        `(p
+          "You can "
+          ,(G_ `(a (@ (href ,(guix-url "contact/")))
+                   "contact the Guix community"))
+          " via various third-party means.  Their respective privacy policy
+           applies."))))))
diff --git a/website/po/POTFILES b/website/po/POTFILES
index 6f9f349..a97c6e5 100644
--- a/website/po/POTFILES
+++ b/website/po/POTFILES
@@ -13,6 +13,7 @@ apps/base/templates/donate.scm
 apps/base/templates/graphics.scm
 apps/base/templates/irc.scm
 apps/base/templates/menu.scm
+apps/base/templates/privacy.scm
 apps/base/templates/security.scm
 apps/blog/templates/components.scm
 apps/blog/templates/feed.scm
-- 
2.28.0


^ permalink raw reply	[flat|nested] 10+ messages in thread

* bug#43796: Privacy policy
  2020-10-04 15:34 bug#43796: Privacy policy pelzflorian (Florian Pelz)
  2020-10-04 15:56 ` Julien Lepiller
  2020-10-05  7:09 ` bug#43796: (no subject) Tomás Ortín Fernández via Bug reports for GNU Guix
@ 2020-10-05 10:57 ` Jelle Licht
  2 siblings, 0 replies; 10+ messages in thread
From: Jelle Licht @ 2020-10-05 10:57 UTC (permalink / raw)
  To: pelzflorian (Florian Pelz), 43796

Hello,

"pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de> writes:

> IANAL but I think Guix needs a privacy policy for both its website and
> the Guix software in general.
Thanks for looking into this.

IANAL but I do not think it makes sense to have such a privacy policy at
this moment in time. I'd rather have a person with legal expertise look
at this situation and do the following:

1. Notice that we do need such a policy
2. Draft (or at least proof read) this policy.

The reason for this is two-fold: I think there are enough 'legal' texts
on the Internet of questionable enforcability/applicability, and doing
things this way creates a cargo-cult mentality.

Compare to the questionable habit of unconditionally adding the "The
content of this email is confidential ..."-esque spam outgoing email
(even if that mail is addressed to a public mailing list).

If others disagree in principle or in practice with me on this, that is
fine too of course :-)

- Jelle




^ permalink raw reply	[flat|nested] 10+ messages in thread

* bug#43796: Privacy policy
  2020-10-05  9:54   ` pelzflorian (Florian Pelz)
@ 2020-10-05 11:14     ` Julien Lepiller
  2020-10-05 14:14       ` Ludovic Courtès
  0 siblings, 1 reply; 10+ messages in thread
From: Julien Lepiller @ 2020-10-05 11:14 UTC (permalink / raw)
  To: pelzflorian (Florian Pelz); +Cc: 43796

[-- Attachment #1: Type: text/plain, Size: 1703 bytes --]

I'm pretty sure we log the date anl time along with IP and requested page.

Le 5 octobre 2020 05:54:32 GMT-04:00, "pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de> a écrit :
>On Sun, Oct 04, 2020 at 11:56:04AM -0400, Julien Lepiller wrote:
>> The GDPR is not the only legislation that applies to us. For
>> services hosted in France for instance, there is a legal obligation
>> to keep logs for at least one year (not sure exactly who that
>> applies to). There could be something similar in Germany where
>> berlin is located.
>
>A quick web search does not reveal any such obligation in Germany.
>I also know people who don’t log.  But again, IANAL.
>
>The Debian Privacy Policy says they store web logs for 15 days.
>But iplocation.net tells me their server is hosted in the Netherlands.
>
>If the Guix admins do not intend to use such data to “respond to
>excess usage or security attacks” on the website, logging should be
>disabled and I will remove that wording from the proposed patch.
>
>> I think some of the wording is vague. Does "can be used to identify"
>> mean we will use the IP to identify the person (is it the reason we
>> process this data?) Or is it something that we could technically do,
>> but refuse to do?
>
>I changed it to
>
>During your use of Guix’ software in its default configuration,
>your IP address will be revealed to the network services you use.
>From an IP address it may be possible to identify who uses the
>service and from which internet connection.  These services include
>
>Attached is the complete patch with this single change.
>
>Are there other things which are badly worded?
>
>Regards,
>Florian

[-- Attachment #2: Type: text/html, Size: 2230 bytes --]

^ permalink raw reply	[flat|nested] 10+ messages in thread

* bug#43796: (no subject)
  2020-10-05  7:09 ` bug#43796: (no subject) Tomás Ortín Fernández via Bug reports for GNU Guix
@ 2020-10-05 13:16   ` pelzflorian (Florian Pelz)
  2020-10-05 15:29     ` Tomás Ortín Fernández via Bug reports for GNU Guix
  2020-10-05 19:53   ` pelzflorian (Florian Pelz)
  1 sibling, 1 reply; 10+ messages in thread
From: pelzflorian (Florian Pelz) @ 2020-10-05 13:16 UTC (permalink / raw)
  To: Tomás Ortín Fernández; +Cc: Jelle Licht, 43796

On Mon, Oct 05, 2020 at 09:09:20AM +0200, Tomás Ortín Fernández via Bug reports for GNU Guix wrote:
> As I understand it, the Guix distribution is *not* a service but a
> piece of software. Neither the Guix community nor the GNU project
> have any responsibility over the third-party services you decide to
> use with the Guix system, your software in your computer; it's only
> responsible of what concerns their services: the website and the
> repositories.

Actually I think we Guix contributors are responsible for the default
configuration.  I would suppose we even should display the Terms of
Service of the default NTP pool <https://www.ntppool.org/tos.html>
during install.

Regards,
Florian




^ permalink raw reply	[flat|nested] 10+ messages in thread

* bug#43796: Privacy policy
  2020-10-05 11:14     ` Julien Lepiller
@ 2020-10-05 14:14       ` Ludovic Courtès
  0 siblings, 0 replies; 10+ messages in thread
From: Ludovic Courtès @ 2020-10-05 14:14 UTC (permalink / raw)
  To: Julien Lepiller; +Cc: 43796

Hi,

Julien Lepiller <julien@lepiller.eu> skribis:

> I'm pretty sure we log the date anl time along with IP and requested page.

I think we’ll have to work on the nginx and log rotation settings for
our machines (see maintenance.git under hydra/).

Ludo’.




^ permalink raw reply	[flat|nested] 10+ messages in thread

* bug#43796: (no subject)
  2020-10-05 13:16   ` pelzflorian (Florian Pelz)
@ 2020-10-05 15:29     ` Tomás Ortín Fernández via Bug reports for GNU Guix
  0 siblings, 0 replies; 10+ messages in thread
From: Tomás Ortín Fernández via Bug reports for GNU Guix @ 2020-10-05 15:29 UTC (permalink / raw)
  To: 43796

> I would suppose we even should display the Terms of
> Service of the default NTP pool <https://www.ntppool.org/tos.html>
> during install.

I don't know of any distribution that does that (although maybe there are, or maybe they all should even if they don't). Still, it would make much more sense to display that kind of information during the install than as an standard privacy policy for Guix. Actually I think including easy access to the privacy policies and/or terms of service of the default services is a good idea, but IMO that shouldn't be included in Guix's privacy policy.




^ permalink raw reply	[flat|nested] 10+ messages in thread

* bug#43796: (no subject)
  2020-10-05  7:09 ` bug#43796: (no subject) Tomás Ortín Fernández via Bug reports for GNU Guix
  2020-10-05 13:16   ` pelzflorian (Florian Pelz)
@ 2020-10-05 19:53   ` pelzflorian (Florian Pelz)
  1 sibling, 0 replies; 10+ messages in thread
From: pelzflorian (Florian Pelz) @ 2020-10-05 19:53 UTC (permalink / raw)
  To: Tomás Ortín Fernández; +Cc: 43796

On Mon, Oct 05, 2020 at 09:09:20AM +0200, Tomás Ortín Fernández via Bug reports for GNU Guix wrote:
> I understand that the point of mentioning all that is more as an
> advice than a policy. Wouldn't it be more useful in a section about
> privacy recommendations (or something similar) that in the privacy
> policy?

Do you mean that the part about Guix and Guix System should rather be
explained in the manual?  Then I agree.  The website’s privacy policy
(or whatever we shall call it) should reference the manual then.

Regards,
Florian




^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2020-10-05 20:18 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-04 15:34 bug#43796: Privacy policy pelzflorian (Florian Pelz)
2020-10-04 15:56 ` Julien Lepiller
2020-10-05  9:54   ` pelzflorian (Florian Pelz)
2020-10-05 11:14     ` Julien Lepiller
2020-10-05 14:14       ` Ludovic Courtès
2020-10-05  7:09 ` bug#43796: (no subject) Tomás Ortín Fernández via Bug reports for GNU Guix
2020-10-05 13:16   ` pelzflorian (Florian Pelz)
2020-10-05 15:29     ` Tomás Ortín Fernández via Bug reports for GNU Guix
2020-10-05 19:53   ` pelzflorian (Florian Pelz)
2020-10-05 10:57 ` bug#43796: Privacy policy Jelle Licht

unofficial mirror of bug-guix@gnu.org 

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://yhetil.org/guix-bugs/0 guix-bugs/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 guix-bugs guix-bugs/ https://yhetil.org/guix-bugs \
		bug-guix@gnu.org
	public-inbox-index guix-bugs

Example config snippet for mirrors.
Newsgroups are available over NNTP:
	nntp://news.yhetil.org/yhetil.gnu.guix.bugs
	nntp://news.gmane.io/gmane.comp.gnu.guix.bugs


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git