www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Mattmann <mattm...@apache.org>
Subject Re: legal opinion on collecting usage statistics
Date Tue, 11 Jul 2017 18:55:00 GMT
Hi Paul,


As I mentioned, in my capacity as VP Legal I am not in favor of doing this for many of the
that Ted and others have stated.


I’ll continue to let feedback accumulate for a bit. It would be best for this to be codified
in a JIRA
here on the Legal JIRA http://issues.apache.org/jira/browse/LEGAL








From: Paul Libbrecht <paul@hoplahup.net>
Reply-To: <legal-discuss@apache.org>
Date: Tuesday, July 11, 2017 at 2:40 PM
To: <legal-discuss@apache.org>
Subject: Re: legal opinion on collecting usage statistics



Storing at the ASF is preferable since it is not being a party linked to all sorts of business
issues that relate to the everyday life of many people on this earth: We would not be sharing
this information, or a digest of it, with others. Google is.


While I rather trust Google’s security level, I do not believe that our normal data protection
method is weaker! 



On 11 Jul 2017, at 20:04, Ted Dunning <ted.dunning@gmail.com> wrote:



Uh... Google actually has people who take care of anonymization, international data privacy
requirements, encryption of potentially private data and serious levels of security.


The ASF has no history of masking data, no awareness of international data privacy, very little
history in encrypting private data and nobody much minding the store with regard to security
of data being uploaded by a project.


How is the ASF preferable?



On Tue, Jul 11, 2017 at 9:10 AM, Paul Libbrecht <paul@hoplahup.net> wrote:

To be honest, I feel it largely less good practice to let google analytics store the data
than the foundation does so!

yes, there’s a little danger into storing this data but as long as it is slightly anonimized,
I do not thing that this is a big danger.





On 11 Jul 2017, at 17:26, Alex Harui <aharui@adobe.com.INVALID> wrote:


Hi Chris,


That's what I figured.  Maybe the Ignite folks can do something similar.  Have the Ignite
runtime hit a URL on ignite.a.o and use Google Analytics.  They would probably have to put
some sort of warning in the user's face first though.  Is the requirements of notifying users
of Google Analytics usage under the jurisdiction of this list?




From: Chris Mattmann <mattmann@apache.org>
Reply-To: "legal-discuss@apache.org" <legal-discuss@apache.org>
Date: Tuesday, July 11, 2017 at 3:28 AM
To: "legal-discuss@apache.org" <legal-discuss@apache.org>
Subject: Re: legal opinion on collecting usage statistics


Hi Alex,


The data being stored on Google’s servers there is key…they are taking on the responsibility
it in that case…








From: Alex Harui <aharui@adobe.com.INVALID>
Reply-To: "legal-discuss@apache.org" <legal-discuss@apache.org>
Date: Tuesday, July 11, 2017 at 1:05 AM
To: "legal-discuss@apache.org" <legal-discuss@apache.org>
Subject: Re: legal opinion on collecting usage statistics


FWIW, the Apache Flex Installer hits a url on flex.a.o.  We use google analytics on our site
to answer pretty much the same questions.  The Installer has a notice on the main screen that
describes what we collect.  We worked this out with our mentors during incubation.  I think
the data is stored on Google's servers.





From: Chris Mattmann <mattmann@apache.org>
Reply-To: "legal-discuss@apache.org" <legal-discuss@apache.org>
Date: Monday, July 10, 2017 at 9:51 PM
To: "legal-discuss@apache.org" <legal-discuss@apache.org>
Subject: Re: legal opinion on collecting usage statistics


Agreed. I do not see a reason to incur liability from storage of this potentially identifiable

information on ASF servers.


I’ll collect more feedback from others and then make a decision.







From: Ted Dunning <ted.dunning@gmail.com>
Reply-To: "legal-discuss@apache.org" <legal-discuss@apache.org>
Date: Monday, July 10, 2017 at 6:12 PM
To: "legal-discuss@apache.org" <legal-discuss@apache.org>
Subject: Re: legal opinion on collecting usage statistics



I think that keeping private IP addresses is going to be a problem.




On Mon, Jul 10, 2017 at 2:43 PM, Nikita Ivanov <nivanov30@gmail.com> wrote:


I would like to get a legal ASF opinion on a proposed collection of usage statistics for Apache
Ignite project [1].


The basic idea is to automatically collect some information from the users when Ignite runtime
is launched, store it on ASF server, and infer some useful anonymous data from it such as
overall usage of the project, popular country and language to focus our documentation efforts,
typical size of the cluster, OS and Java versions to focus our testing efforts, etc. 


I think the main issue is the collection of the following semi-private data from the user:

- IP address (to do a GEO resolution)

- OS version 

- Java version


The proposal will keep this data on ASF controlled server for 12 months (retention policy).
Only aggregated data (like top 10 countries, languages, OS and Java versions) will be shown
to Ignite community through a special web interface. We propose to turn this collection on
by default and let users opt out by easily disabling this feature, if desired so.


Are there any legal implications in this proposal?




[1]: http://apache-ignite-developers.2346864.n4.nabble.com/usage-analytics-td19504.html


Nikita Ivanov




View raw message