openoffice-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kay Schenk <kay.sch...@gmail.com>
Subject Re: [PROPOSAL] Removing all tracking from AOO sites
Date Sun, 15 May 2016 21:33:56 GMT
On Sun, May 15, 2016 at 2:01 PM, Dennis E. Hamilton <dennis.hamilton@acm.org
> wrote:

> There are web pages delivered by Apache OpenOffice properties that, when
> browsed, signal their access to tracking sites that collect statistics
> about site usage.  This is done by fetching scripts and/or images from the
> sites that provide the statistics.
>
> This is a form of tracking that is carried out by services not under
> control of the Apache OpenOffice project.
>
> The effort to track usage also causes "insecure content" warnings in
> browsers, depending on the security options the user has set for their
> browser and the web address being used.
>
> PROPOSAL
>
> Remove all tracking elements from AOO-authored and published web pages.
>
> This eliminates an under-used arrangement and also removes the uncertainty
> that is raised when visitors are warned that there is insecure content
> associated with the web page they are viewing.
>
> This proposal is offered for lazy consensus no earlier than
> 2016-05-23T23:00Z.
>
> BACKGROUND
>
> We have been enabling https: access to Apache OpenOffice web properties.
> This is in line with the desire to use secure connections.  By secure is
> meant that the traffic on the connection itself is encrypted and there is
> protection against man-in-the-middle and spoof sites that high-jack the
> traffic in some manner.  This is not complete privacy.
>
> As pointed out in a couple of Bugzilla issues, such as <
> https://bz.apache.org/ooo/show_bug.cgi?id=126959>, browsers now report
> that there is insecure content being provided on some of the pages that are
> visited.  This is because browsing the page fetches some content without
> using https.  These sites are under Apache OpenOffice control and we cannot
> change to using a secure connection.  Even if we did, it would not change
> the tracking that is achieved.  It would simply not call attention to it.
>
> These images, and also some scripts, are used for gathering access and
> usage statistics from various services.
>
> Since we are not routinely making the available statistics public, this is
> one of those we-collect-it-because-we-can and not because-we-need-it.
> There is, as far as can be determined on these lists, no active use of the
> information that is collected.
>
>  -- Dennis E. Hamilton
>     orcmid@apache.org
>     dennis.hamilton@acm.org    +1-206-779-9430
> https://bz.apache.org/ooo/show_bug.cgi?id=126959
>     https://keybase.io/orcmid  PGP F96E 89FF D456 628A
>     X.509 certs used and requested for signed e-mail
>
>
>
>
>
​I took a quick look at this issue. Just for clarification, this seems to
ONLY be an issue with accessing certain elements from ​
https://forum.openoffice.org/
​, correct?​ If this is the case, I am requesting  that you change the
subject of this message so it is restricted ONLY to forum.openoffice.org.

I got very concerned by the stated subject because we use Google Analytics
extensively -- it's part of every single page on http://www.openoffice.org/
-- and of course, this IS a tracking mechanism.

I understand the problems this is causing but in this case, I think we need
to be a more specific.





-- 
----------------------------------------------------------------------
MzK

"Time spent with cats is never wasted."
                                -- Sigmund Freud

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message