Adding trackers

[kaputnikGo]

Hi, im going to commit a template file to the Guides folder and a first tracker submission (Taplytics) to Tracker folder based upon a template derived from Exodus' issue #40. Not sure how you want submissions to progress. The intention is to get new trackers added to Exodus quickly and easily, so that would mean a minimum of useful information. Does the basic template cover enough? I assume that there needs to be at least a Code Signature for detection to be possible?

[seandiggity]

I updated this to better align with ETIP: https://etip.exodus-privacy.eu.org

...I'm afraid that makes the template much less basic, but we should encourage users to leave certain categories blank (maybe mark those somehow in the template?)

[jawz101]

Pretend it's me. What fields do you think you'd want me to leave blank?

Personally, if I can get discrete information: some of the domain names, code signatures, maven/gradle strings, websites & developer documentation- I'd like to put them somewhere and hopefully someone who knows regex can make them into detection rules. (maybe a checkbox that only the Exodus project people can check and lock the detection rules read-only once they've finalized the rules.)

When it comes to free text: (ex: business description) and picking the types of info they collect- that's when I know I can't be trusted for accuracy :/

[kaputnikGo]

ha ha, yes its no longer basic huh.

is it ok to leave the updated template entries that i have no info for as they are now? as in "xxx". will this be parsed correctly somewhere down the track at the etip stage?

[seandiggity]

@kaputnikGo Haven't decided yet if xxx is better than nothing... but I suppose it's easier to strip out with a regex. So, sure, that works for now.

@jawz101 Fill out whatever you can to the best of your ability. On my end, I'm recruiting (mostly) non-technical folks to fill in the blanks that you feel uncomfortable filling out.

That all said, even just URLs / links are useful when I pass the profile onward.

[jawz101]

Sweet. I really like that this project exists. BTW, have you all read this and then the responses? Some of the big corporations' letters are about as bland as can be.

[jawz101]

Another repository of information on many sdk libraries is here

Also nice is on the bottom of each page they give lists of apps that contain that network.

[joronzo]

jawz101: I have read through some of the responses to the NTIA's request for comment. A lot of interesting material, and a there's majority in support of privacy protections. Facebook didn't even respond. Google's letter is mostly corporate-speak (they actually state "ethics training in schools can promote better outcomes for consumers"). It does not appear any of the identified tracker companies responded either.

The FTC's letter is detailed and supportive of privacy but it notes their decision-making is hampered by a lack of congressional authority. I suspect this may be on the agenda for the incoming congressional class but its unclear what that will look like at this time.

[seandiggity]

FTC has no real power, and it's surprising when they even come out an make a statement (as they did with SilverPush and nUHF). To be fair, it really isn't the organization that should be handling these kinds of things... their scope is supposed to have much more to do with actual trade and commerce, not internal business practice and privacy protection.

I'd say the U.S. has the worst policies and legal framework for privacy in the modern world, but our friend @kaputnikGo might have a few comments about the #aabill ;)

[jawz101]

@joronzo yeah I posted it on reddit and downloaded all of the reports to my computer and started making comments about each of them (I used to be jawz101 there but deleted my account after 11 years. My reddit hiatus lasted for about a day o_0.)

I have no idea who should have the power, but the FTC's primary duty is to protect consumers... according to wikipedia.

One thing I did last night was email one of the people noted on the letter from the American Civil Liberties Union submission. There's seemed on point with the legal repercussions but missing the techie stuff. I also gave a mention of the work the Exodus Privacy Project & Yale Privacy Lab have done because it feels like privacy nowadays does take that blend of tech and legal professionals.

[seandiggity]

much appreciate @jawz101. The FTC is suppose to worry about things like monopoly power etc., which has some crossover, but we really need an actual privacy agency.

[seandiggity]

I don't mean to cut off conversation, but please drop me a line via e-mail @jawz101 and we can figure out how to best harness your energy re: Yale Privacy Lab. If there are no objections, I'm going to close this issue on Monday.

[jawz101]

... I was about to write the same thing lol. I'm pro-small government and so I didn't want to suggest making a new 3 letter agency. As long as something gets passed that gives lawyers something new to fight for I'd be happy. All of my proposals would probably crater a lot of businesses who get away with a lot unchecked.

[seandiggity]

I don't believe in the "small" vs. "big government" dichotomy. Something to discuss in another medium/venue at some point. Again, thanks for all the input.

[kaputnikGo]

aabill is being looked at currently as its so vague and stupid, that at the moment that it is causing a bit of confusion. Theres a call for tech lawyers to start preparing info for software devs as per their rights etc. this includes those that participate in FOSS projects .

also FTC? - https://www.theverge.com/2018/12/6/18129572/facebook-uber-ftc-conflict-interest-andrew-smith Also the report Internet of Things: Privacy & Security in a Connected World. (Washington: Federal Trade Commission, 2015), 55. basically summed up their position - dont do anything in case it hurts business.