openoffice-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis E. Hamilton" <dennis.hamil...@acm.org>
Subject [PROPOSAL] Removing all tracking from AOO sites
Date Sun, 15 May 2016 21:01:59 GMT
There are web pages delivered by Apache OpenOffice properties that, when browsed, signal their
access to tracking sites that collect statistics about site usage.  This is done by fetching
scripts and/or images from the sites that provide the statistics.

This is a form of tracking that is carried out by services not under control of the Apache
OpenOffice project.

The effort to track usage also causes "insecure content" warnings in browsers, depending on
the security options the user has set for their browser and the web address being used.

PROPOSAL

Remove all tracking elements from AOO-authored and published web pages.

This eliminates an under-used arrangement and also removes the uncertainty that is raised
when visitors are warned that there is insecure content associated with the web page they
are viewing.

This proposal is offered for lazy consensus no earlier than 2016-05-23T23:00Z. 

BACKGROUND

We have been enabling https: access to Apache OpenOffice web properties.  This is in line
with the desire to use secure connections.  By secure is meant that the traffic on the connection
itself is encrypted and there is protection against man-in-the-middle and spoof sites that
high-jack the traffic in some manner.  This is not complete privacy.

As pointed out in a couple of Bugzilla issues, such as <https://bz.apache.org/ooo/show_bug.cgi?id=126959>,
browsers now report that there is insecure content being provided on some of the pages that
are visited.  This is because browsing the page fetches some content without using https.
 These sites are under Apache OpenOffice control and we cannot change to using a secure connection.
 Even if we did, it would not change the tracking that is achieved.  It would simply not call
attention to it.

These images, and also some scripts, are used for gathering access and usage statistics from
various services.

Since we are not routinely making the available statistics public, this is one of those we-collect-it-because-we-can
and not because-we-need-it.  There is, as far as can be determined on these lists, no active
use of the information that is collected.

 -- Dennis E. Hamilton
    orcmid@apache.org
    dennis.hamilton@acm.org    +1-206-779-9430 https://bz.apache.org/ooo/show_bug.cgi?id=126959
    https://keybase.io/orcmid  PGP F96E 89FF D456 628A
    X.509 certs used and requested for signed e-mail



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org


Mime
View raw message