wiki:PrivacyPolicy
Last modified 6 years ago Last modified on 12/13/07 03:42:47

Smolt Privacy Policy

Please note that this document has not yet undergone legal review by Red Hat or Fedora lawyers. It is written entirely by Yaakov Nemoy. The copyright is assigned to the entity responsible for smolts.org. This document has absolutely no legal value, and does not represent any views or opinions of Red Hat, the Fedora Project, smolts.org, or Michael McGrath?. This is a work in progress only.

About

Smolt is a lightweight computer program that submits monthly reports about hardware and software configurations on Linux systems to a central server for the purposes of improving hardware support on all Linux systems. The Smolt server component, also called Smoon performs or maintains information about all data reporting, data aggregation, statistical calculations, bug errata, and technical support. One of the original design goals is to make Smoon useful for system administration, and it can be integrated into several other tools also being developed by members of the Fedora Project.

The Smolt Privacy Policy describes the details about the information stored by Smolt, how it is shared with the community, what the Fedora Project does with it, what the Fedora Project does not do with it, and what your rights are.

Content

Smolt is currently in development, so therefore it is impossible to determine what information will ultimately be stored by Smolt. We have a "Scope" which limits us in the design process to a certain set of information that we collect. This can be summed as 'everything reported by Hal, plus a few extras'. This definition is not definitive.. Instead, there will always be a list of items, either stored locally with Smolt, or available through a link to a web site. As development is changing, users are asked to refer to Scope [1] for further information.

[1] https://fedorahosted.org/smolt/wiki/Scope

Community Process

Before adding items to that list, the issue is discussed within the development community. If you are interested in contributing to this process, please join the relevant IRC channels and mailing lists where discussion takes place. We can currently be found at #smolt on freenode and fedora-devel-list@…. Your voice will be heard there. This is the opportunity to affect what is included in Smolt

Submission

Submission of information to Smolt is entirely VOLUNTARY. After installing a Fedora based Linux distribution, the user may be asked if he/she is willing to participate in the Smolt program and submit their information. On other distributions, as of the time of writing, Smolt must be installed manually and configured, and this signifies an implicit consent. If Smolt is provided by default in any distribution other than Fedora or a variant of Red Hat Enterprise Linux, control over Smolt is at the discretion of the implementor. The Fedora Project can not control what other organizations do. Nevertheless, Smolt can be either disabled or removed from any system without affecting its critical function.

Your Smolt information is sent either directly to the server maintained by the Fedora Project, or in certain environments, a server maintained by your System Administrator. On remote servers, the information can be forwarded to the central server at the discretion of the administrator. Due to the nature of the Internet, certain identifying information (IP addresses, and packet switching information) is embedded in the data transaction. As part of this privacy policy, the Fedora Project DOES NOT store this personally identifiable information inside of Smoon. The only information linked to a specific machine that is collected is a single UUID, a unique identifier, that is unique to Smolt. No other program can normally make use of this information, and within the Fedora Project, all efforts are made to keep this information as private as possible. The Fedora Project can not use a UUID to trace a computer back to any IP address without further information, provided by you.

Bugs

At the time of writing, there is a bug that the UUID stored locally is not fully protected from other programs. We hope to have this fixed by Fedora 9. Part of the technical solution behind it will be to use SELinux to secure the UUID file from other programs. A system not running SELinux or a similar restriction based security layer will not have this level of privacy protection. All currently maintained Linux distributions released by Red Hat and the Fedora Project enable SELinux by default.

If this is still a major concern, for any reason, it is recommended that you use Tor or another 'onion' network tool to hide your IP address.

Storage

Any information collected by Smolt will be saved indefinitely, with the following exceptions.

  • You request that the Fedora Project remove a profile from Smolt. A tool “smoltDeleteProfile” is available to do this from the command line. Using your UUID, all traces of your profile can be removed from the database, with the exception of any data backups, and cached information in the memory chips of the running Smolt instance. This list is non exclusive.
  • Our servers crash
  • You do not send us any information
  • Cthulhu comes to devour the souls of the members of the Fedora Project, and does not forget to turn the electricity off on the way out.

Wiki

The Fedora Project also maintains a wiki (MediaWiki?) in relation to the information stored by Smoon. All information provided there is provided entirely by the community. This wiki currently maintains the privacy practices and policies published by the Fedora Project. Use of the wiki is not required for Smoon or Smolt.

Rights

  • You maintain the right to control what information is sent by Smolt (This is, at the time of writing not yet implemented fully. We hope to have this complete by the time we release Fedora 9.)
  • You maintain the right to delete your profile at any time
  • You maintain the right to participate in the community discussion.
  • If an issue is ever brought to a vote between the developers and other parties involved in the process, you maintain the right to vote as specified in any guidelines released before the vote. (Note, this has never happened yet. The discussion process has worked so far.)

Ownership of data

You acknowledge that the party responsible for Smolt and smolts.org maintains ownership of the data that you submit. Currently that organization is the Fedora Project. All the data in stored by Smoon is privately owned and controlled by the employees, and is considered confidential. The Fedora Project makes efforts to keep the fewest number of copies in circulation, and when distributing data for testing and development, will make all attempts to sanitize the data so there is no personally identifiable information copied. Please keep in mind that all the information stored within the Smolt database is available to the public.

Distribution of Information and other Details

The UUIDs and other personally identifiable information will never be sold, or distributed by the Fedora Project.

All other information is provided freely to the public through the public interface at http://smolts.org/. If a private organization would like to see a particular statistical analysis, they are free to make a request to the Fedora Project. These requests will be entirely statistical in nature, and contain no identifiable information. It will not include information that is otherwise not already available to the general public in one form or another.

We also reserve the right to modify Smoon to show the public any statistical analysises requested by private parties, so that the general public can benefit from this information.