There are web pages delivered by Apache OpenOffice properties that, when browsed, signal their access to tracking sites that collect statistics about site usage. This is done by fetching scripts and/or images from the sites that provide the statistics.
This is a form of tracking that is carried out by services not under control of the Apache OpenOffice project. The effort to track usage also causes "insecure content" warnings in browsers, depending on the security options the user has set for their browser and the web address being used. PROPOSAL Remove all tracking elements from AOO-authored and published web pages. This eliminates an under-used arrangement and also removes the uncertainty that is raised when visitors are warned that there is insecure content associated with the web page they are viewing. This proposal is offered for lazy consensus no earlier than 2016-05-23T23:00Z. BACKGROUND We have been enabling https: access to Apache OpenOffice web properties. This is in line with the desire to use secure connections. By secure is meant that the traffic on the connection itself is encrypted and there is protection against man-in-the-middle and spoof sites that high-jack the traffic in some manner. This is not complete privacy. As pointed out in a couple of Bugzilla issues, such as <https://bz.apache.org/ooo/show_bug.cgi?id=126959>, browsers now report that there is insecure content being provided on some of the pages that are visited. This is because browsing the page fetches some content without using https. These sites are under Apache OpenOffice control and we cannot change to using a secure connection. Even if we did, it would not change the tracking that is achieved. It would simply not call attention to it. These images, and also some scripts, are used for gathering access and usage statistics from various services. Since we are not routinely making the available statistics public, this is one of those we-collect-it-because-we-can and not because-we-need-it. There is, as far as can be determined on these lists, no active use of the information that is collected. -- Dennis E. Hamilton orc...@apache.org dennis.hamil...@acm.org +1-206-779-9430 https://bz.apache.org/ooo/show_bug.cgi?id=126959 https://keybase.io/orcmid PGP F96E 89FF D456 628A X.509 certs used and requested for signed e-mail --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
