Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

✨ Feature Suggestion | DNT policy? #1399

Open
Mikaela opened this issue Oct 11, 2019 · 10 comments
Open

✨ Feature Suggestion | DNT policy? #1399

Mikaela opened this issue Oct 11, 2019 · 10 comments

Comments

@Mikaela
Copy link
Member

@Mikaela Mikaela commented Oct 11, 2019

If I understand correctly, there is no other tracking than Matomo which respects DNT, so could we have a DNT policy in .well-known? Would it have any benefits regarding Matrix or hosted services, or would it do harm?

Edit 2019-11-16, affected services:

  • stats.privacytools.io (Matomo, but doesn't matter as it's respecting DNT anyway and statistics and shouldn't break anything)
  • chat.privacytools.io (when using web Riots)
    • possibly also dimension.aragon.sh (integration server)?
  • assets.privacytools.io (affects at least remote Pleroma instances)
  • forum.privacytools.io (my Privacy Badgers have decided it as red at times for unknown reason)
@Mikaela

This comment has been minimized.

Copy link
Member Author

@Mikaela Mikaela commented Oct 11, 2019

We say:

Raw data such as pages visited, anonymized visitor IPs, and visitor actions will be retained for 60 days.

The policy says:

2. LOG RETENTION: 

  a. Logs with DNT Users' identifiers removed (but including IP addresses and
     User Agent strings) may be retained for a period of 10 days or less,
     unless an Exception (below) applies. This period of time balances privacy
     concerns with the need to ensure that log processing systems have time to
     operate; that operations engineers have time to monitor and fix technical
     and performance problems; and that security and data aggregation systems
     have time to operate.

and

3. TECHNICAL AND SECURITY LOGGING:                   

  a. If, during the processing of the initial request (for unique identifiers)
     or during the subsequent 10 days (for IP addresses and User Agent strings),
     we obtain specific information that causes our employees or systems to
     believe that a request is, or is likely to be, part of a security attack,
     spam submission, or fraudulent transaction, then logs of those requests 
     are not subject to this policy.                                   

  b. If we encounter technical problems with our site, then, in rare
     circumstances, we may retain logs for longer than 10 days, if that is
     necessary to diagnose and fix those problems, but this practice will not be
     routinized and we will strive to delete such logs as soon as possible.

At first glance I thought we wouldn't be fine, but if we remove users identifiers, we should be fine, aren't we? I didn't see anything else in the policy that I think could be a problem.

4. PERIODIC REASSERTION OF COMPLIANCE: 

  At least once every 12 months, we will take reasonable steps commensurate
  with the size of our organization and the nature of our service to confirm
  our ongoing compliance with this document, and we will publicly reassert our
  compliance.

I think this could be nice transparency, but it would need to be remembered. I wonder if the people running Invidious instances are aware they have been forced into this though.

@Mikaela

This comment has been minimized.

Copy link
Member Author

@Mikaela Mikaela commented Oct 12, 2019

Also probably affects https://dimension.aragon.sh/ ?

@JonahAragon

This comment has been minimized.

Copy link
Member

@JonahAragon JonahAragon commented Oct 12, 2019

I am an online advertising / tracking company. How do I stop Privacy Badger from blocking me?

Notably we are neither of these things. If Privacy Badger is blocking one of our domains that seems like a bug on their end.

there is no other tracking than Matomo which respects DNT

There is no other tracking on our sites at all, besides Matomo.

@Mikaela

This comment has been minimized.

Copy link
Member Author

@Mikaela Mikaela commented Oct 12, 2019

When I am using Riot in web browser, Privacy Browser often ends up blocking either the homeserver, the integration manager server, or both.

It has also once managed to block forum.privacytools.io or something similar breaking the forum for me until I figured out what was wrong.

@JonahAragon

This comment has been minimized.

Copy link
Member

@JonahAragon JonahAragon commented Oct 12, 2019

At first glance I thought we wouldn't be fine, but if we remove users identifiers, we should be fine, aren't we?

The policy you linked states:

Logs with DNT Users' identifiers removed (but including IP addresses and
User Agent strings) may be retained for a period of 10 days or less,

While we keep that information for 60 days for normal users, we don't track DNT users at all, so we would be compliant with this policy.

Does this policy need to be posted on every subdomain or just the root domain?

@Mikaela

This comment has been minimized.

Copy link
Member Author

@Mikaela Mikaela commented Oct 12, 2019

Does this policy need to be posted on every subdomain or just the root domain?

I have no idea. Can you see in the logs where it has been looked for?

@Mikaela

This comment has been minimized.

Copy link
Member Author

@Mikaela Mikaela commented Oct 12, 2019

I started reading about this.

@swedneck said at #riot-web:

pretty sure it's because privacy badger blocks domains when 3 different sites connect to it
which tends to happen with matrix, when you use multiple web-clients

and EFForg/privacybadger#2003 confirms the number three (however with a question mark) and EFForg/privacybadger#2003 (comment) confirms it more surely

1: It is very possible we overlooked this use case. Privacy Badger treats three different cookies (one per site) set by three different subdomains of the same third-party domain the same way Privacy Badger treats a single cookie set by one domain.

I am too tired to understand this comment though.

I mentioned a Discourse issue and found EFForg/privacybadger#1953, but it has been closed in 2018 and potentially wasn't even a P issue, so I cannot say anything about that.

Some issue which link I didn't store also made me check my Privacy Badger settings and after confirming that I do want to see the list and filtering for "privacy", I see that "privacytools.io" and "stats.privacytools.io" are blocked trackers, while "chat.privacytools.io" has an arrow indicating that I have manually greenified it.

EFForg/privacybadger#963 is the request to track and explain why trackers get blocked.

@Mikaela

This comment has been minimized.

Copy link
Member Author

@Mikaela Mikaela commented Oct 12, 2019

It appears that I had commented about the forum before and now know that it was 23 days ago. With the three hits rule, I wonder if it's possible that I have been linking there from three different Discourse instances or something like that? It seems a lot and unlikely though.

https://forum.privacytools.io/t/discussion-privacy-badger/265/4?u=mikaela

@JonahAragon

This comment has been minimized.

Copy link
Member

@JonahAragon JonahAragon commented Oct 12, 2019

Can you see in the logs where it has been looked for?

We don't have access logs.

Overall I think this is more of an upstream issue but I'll look into adding that policy.

@Mikaela

This comment has been minimized.

Copy link
Member Author

@Mikaela Mikaela commented Nov 16, 2019

On https://social.libre.fi/search?query=dngray%40social.privacytools.io I don't see avatars, because Privacy Badger considers assets.privacytools.io as a tracker.

@Mikaela Mikaela added the [m] label Dec 6, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.