privacytools / services

Web services issue tracker
10 stars 0 forks source link

✨ Feature Suggestion | DNT policy? #2

Open Mikaela opened 5 years ago

Mikaela commented 5 years ago

If I understand correctly, there is no other tracking than Matomo which respects DNT, so could we have a DNT policy in .well-known? Would it have any benefits regarding Matrix or hosted services, or would it do harm?

Edit 2019-11-16, affected services:

Mikaela commented 5 years ago

We say:

Raw data such as pages visited, anonymized visitor IPs, and visitor actions will be retained for 60 days.

The policy says:

2. LOG RETENTION: 

  a. Logs with DNT Users' identifiers removed (but including IP addresses and
     User Agent strings) may be retained for a period of 10 days or less,
     unless an Exception (below) applies. This period of time balances privacy
     concerns with the need to ensure that log processing systems have time to
     operate; that operations engineers have time to monitor and fix technical
     and performance problems; and that security and data aggregation systems
     have time to operate.

and

3. TECHNICAL AND SECURITY LOGGING:                   

  a. If, during the processing of the initial request (for unique identifiers)
     or during the subsequent 10 days (for IP addresses and User Agent strings),
     we obtain specific information that causes our employees or systems to
     believe that a request is, or is likely to be, part of a security attack,
     spam submission, or fraudulent transaction, then logs of those requests 
     are not subject to this policy.                                   

  b. If we encounter technical problems with our site, then, in rare
     circumstances, we may retain logs for longer than 10 days, if that is
     necessary to diagnose and fix those problems, but this practice will not be
     routinized and we will strive to delete such logs as soon as possible.

At first glance I thought we wouldn't be fine, but if we remove users identifiers, we should be fine, aren't we? I didn't see anything else in the policy that I think could be a problem.

4. PERIODIC REASSERTION OF COMPLIANCE: 

  At least once every 12 months, we will take reasonable steps commensurate
  with the size of our organization and the nature of our service to confirm
  our ongoing compliance with this document, and we will publicly reassert our
  compliance.

I think this could be nice transparency, but it would need to be remembered. I wonder if the people running Invidious instances are aware they have been forced into this though.

Mikaela commented 5 years ago

Also probably affects https://dimension.aragon.sh/ ?

jonaharagon commented 5 years ago

I am an online advertising / tracking company. How do I stop Privacy Badger from blocking me?

Notably we are neither of these things. If Privacy Badger is blocking one of our domains that seems like a bug on their end.

there is no other tracking than Matomo which respects DNT

There is no other tracking on our sites at all, besides Matomo.

Mikaela commented 5 years ago

When I am using Riot in web browser, Privacy Browser often ends up blocking either the homeserver, the integration manager server, or both.

It has also once managed to block forum.privacytools.io or something similar breaking the forum for me until I figured out what was wrong.

jonaharagon commented 5 years ago

At first glance I thought we wouldn't be fine, but if we remove users identifiers, we should be fine, aren't we?

The policy you linked states:

Logs with DNT Users' identifiers removed (but including IP addresses and User Agent strings) may be retained for a period of 10 days or less,

While we keep that information for 60 days for normal users, we don't track DNT users at all, so we would be compliant with this policy.

Does this policy need to be posted on every subdomain or just the root domain?

Mikaela commented 5 years ago

Does this policy need to be posted on every subdomain or just the root domain?

I have no idea. Can you see in the logs where it has been looked for?

Mikaela commented 5 years ago

I started reading about this.

@Swedneck said at #riot-web:

pretty sure it's because privacy badger blocks domains when 3 different sites connect to it which tends to happen with matrix, when you use multiple web-clients

and https://github.com/EFForg/privacybadger/issues/2003 confirms the number three (however with a question mark) and https://github.com/EFForg/privacybadger/issues/2003#issuecomment-391745819 confirms it more surely

1: It is very possible we overlooked this use case. Privacy Badger treats three different cookies (one per site) set by three different subdomains of the same third-party domain the same way Privacy Badger treats a single cookie set by one domain.

I am too tired to understand this comment though.

I mentioned a Discourse issue and found https://github.com/EFForg/privacybadger/issues/1953, but it has been closed in 2018 and potentially wasn't even a P issue, so I cannot say anything about that.

Some issue which link I didn't store also made me check my Privacy Badger settings and after confirming that I do want to see the list and filtering for "privacy", I see that "privacytools.io" and "stats.privacytools.io" are blocked trackers, while "chat.privacytools.io" has an arrow indicating that I have manually greenified it.

https://github.com/EFForg/privacybadger/issues/963 is the request to track and explain why trackers get blocked.

Mikaela commented 5 years ago

It appears that I had commented about the forum before and now know that it was 23 days ago. With the three hits rule, I wonder if it's possible that I have been linking there from three different Discourse instances or something like that? It seems a lot and unlikely though.

https://forum.privacytools.io/t/discussion-privacy-badger/265/4?u=mikaela

jonaharagon commented 5 years ago

Can you see in the logs where it has been looked for?

We don't have access logs.

Overall I think this is more of an upstream issue but I'll look into adding that policy.

Mikaela commented 5 years ago

On https://social.libre.fi/search?query=dngray%40social.privacytools.io I don't see avatars, because Privacy Badger considers assets.privacytools.io as a tracker.