We may also collect information about how the Service is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
It looks like a lot of personal data to me. According to the GDPR you have to tell, for how long these data are stored. I do not see the answer to that.
Another quote:
We may employ third party companies and individuals to facilitate our Service
Can we get a list of currently used third parties?
I suggest to use the following template to better explain how the personal data is handled, both for these forums and for the main Qubes website:
IP address is certainly personal data, “unique device identifiers”
probably so, the rest not imo.
You are assuming that the data is stored, whereas it may be processed
and anonymised immediately.
I agree that this information should be available.
It’s just a boilerplate generated privacy policy for the website. We used to use GitHub Pages + Cloudflare. I believe we dropped Cloudflare a long time ago and now just use GitHub Pages.
Fair enough, but we are collecting at least IP information (or how are
stats generated), and processing that data.
I would amend the policy to match what actually does happen.
(If some of this is done at the GitHub level, then a link to that
policy will do.)
I’m happy to do so, but I do not know what information is gathered
(certainly IP address), what is processed, and for how long it is
retained.
Nor do I know if GitHub (who presumably have access to all the
information in that boilerplate, process or retain any of it. That
should be covered by their statement, and we could refer to it, if this
is the case.
I assume that the Qubes update server also collects the personal data in order to generate this plot, even if you never visit the websites. It should also be explained, for how long the data is stored.
I don’t know either. I don’t have access to the infrastructure aside from being able to commit to GitHub repos. All I know I’ve already used to generate the existing Privacy Policy, the issue linked above, and to write these FAQs:
True - it looks as if Qubes gathers IP addresses, processes data
daily but does not retain that data. No indication that Qubes
gathers anything else.
GitHub? That’s a separate issue, outwith Qubes control.
@deeplow You changed the title from “Qubes Privacy Policy” to “Qubes Website Privacy Policy”, but I actually would like to know about both website and Qubes OS policy. Should I create another topic for that? As I mentioned above, in order to make this plot, one has to collect IP addresses and either generate hashes from them or store them for some time. What is being done and are those hashes(?) stored for a month or longer?
This should be mentioned here with a link to GitHub privacy policy. Currently it is very misleading. It’s far from clear to a typical person that qubes-os.org is powered by Github.
Also the following is very concerning. Is this really necessary? To me it looks like a ToS from Facebook or Google which is trying to mislead the users:
Personally identifiable information may include, but is not limited to:
* Usage Data
The text on the Statistics page was updated, it finally says that IP addresses and number of requests are collected. Thanks.
It still does not say for how long those are stored. According to GDPR they should not be stored for longer than reasonable, which I expect here would be a month.
Well, since no one else has stepped forward or volunteered to help with this, I’ve attempted to address the problem by adding some text, even though I have no idea what I’m doing when it comes to writing a privacy policy:
That was part of the auto-generated text I got from PrivacyPolicies.com. It says may include, which means that it doesn’t necessarily occur. My impression is that this is a common thing with legal documents, but I really have no idea.
I think you’re giving us too much credit when it comes to the specific language inside the Privacy Policy. In case it’s not obvious, my steps were something along these lines:
Be told we have no privacy policy and need one.
Ask for help from someone who knows about that stuff.
crickets
more crickets
Figure something is better than nothing. Might as well at least try, right?
Enter “how to make a website privacy policy” into a search engine.
Sort through a bunch of results.
Try to find something that looks reasonably legit.
I would love it if someone who actually knows what they’re doing would replace this auto-generated Privacy Policy with a better one, but my experience tells me that the odds of that happening round to zero.
Well, I was not speaking about Github here. Who is collecting the data and making this plot? Is this plot outside of the Qubes team control? I don’t think so. AFAIK it’s the Qubes collecting that data via the update server, processing it and deleting (I hope!). Is the update server also hosted on Github and under the control of Microsoft? That would be an important thing to know for any privacy-aware person! I would probably switch my updates to Whonix if I find out this is so. I was asking what the Qubes team was doing with the data.
The problem with the Github pages is a separate one. Thank you @adw for making it more clear, the addition looks good to me and should help people understand better possible threats.
This is not just about the credit. I have the impression that the Qubes team, although very security-oriented, does not value privacy as much as security. Nevertheless many users of Qubes value both and sometimes actually value privacy more. Such wording makes a bad look for Qubes, because every shady company uses it to hide from users what they are actually doing, while complying with the law. I (and probably many others) learned to read it as “we collect everything possible”.
Thank you for the explanations. This really helps to see that you are trying to be as transparent as possible, which is a huge selling point of Qubes.