On Sun, May 15, 2016 at 2:01 PM, Dennis E. Hamilton <dennis.hamil...@acm.org > wrote:
> There are web pages delivered by Apache OpenOffice properties that, when > browsed, signal their access to tracking sites that collect statistics > about site usage. This is done by fetching scripts and/or images from the > sites that provide the statistics. > > This is a form of tracking that is carried out by services not under > control of the Apache OpenOffice project. > > The effort to track usage also causes "insecure content" warnings in > browsers, depending on the security options the user has set for their > browser and the web address being used. > > PROPOSAL > > Remove all tracking elements from AOO-authored and published web pages. > > This eliminates an under-used arrangement and also removes the uncertainty > that is raised when visitors are warned that there is insecure content > associated with the web page they are viewing. > > This proposal is offered for lazy consensus no earlier than > 2016-05-23T23:00Z. > > BACKGROUND > > We have been enabling https: access to Apache OpenOffice web properties. > This is in line with the desire to use secure connections. By secure is > meant that the traffic on the connection itself is encrypted and there is > protection against man-in-the-middle and spoof sites that high-jack the > traffic in some manner. This is not complete privacy. > > As pointed out in a couple of Bugzilla issues, such as < > https://bz.apache.org/ooo/show_bug.cgi?id=126959>, browsers now report > that there is insecure content being provided on some of the pages that are > visited. This is because browsing the page fetches some content without > using https. These sites are under Apache OpenOffice control and we cannot > change to using a secure connection. Even if we did, it would not change > the tracking that is achieved. It would simply not call attention to it. > > These images, and also some scripts, are used for gathering access and > usage statistics from various services. > > Since we are not routinely making the available statistics public, this is > one of those we-collect-it-because-we-can and not because-we-need-it. > There is, as far as can be determined on these lists, no active use of the > information that is collected. > > -- Dennis E. Hamilton > orc...@apache.org > dennis.hamil...@acm.org +1-206-779-9430 > https://bz.apache.org/ooo/show_bug.cgi?id=126959 > https://keybase.io/orcmid PGP F96E 89FF D456 628A > X.509 certs used and requested for signed e-mail > > > > > I took a quick look at this issue. Just for clarification, this seems to ONLY be an issue with accessing certain elements from https://forum.openoffice.org/ , correct? If this is the case, I am requesting that you change the subject of this message so it is restricted ONLY to forum.openoffice.org. I got very concerned by the stated subject because we use Google Analytics extensively -- it's part of every single page on http://www.openoffice.org/ -- and of course, this IS a tracking mechanism. I understand the problems this is causing but in this case, I think we need to be a more specific. -- ---------------------------------------------------------------------- MzK "Time spent with cats is never wasted." -- Sigmund Freud
