On Thursday, 2016-04-14, 14:36:21, Jonathan Riddell wrote: > On Thu, Apr 14, 2016 at 04:18:30PM +0200, Thomas Pfeiffer wrote: > > Any potentially privacy-sensitive information transfer should be opt-in, > > not opt-out. > > I'd assume that the vast majority of users will allow it (given that it's > > not personally identifiable and they trust their distro), but opt-in puts > > you on the safe side. > > What's privacy sensitive about it? It's a machine ID but not linked > to any other information other than IP address and there's no personal > information we can link it to.
I am with Thomas. While individually pieces of information aren't personal, they can be in combination. In this case the combination of a unique machine ID and IP address together with geolocation would allows us to track movement of machines. Movement profiles can often quite easily be used to identify the moving person. There was a huge scandal in the US a couple of years back in which a telecom company released fully anonymized (random unique IDs) mobile phone location tracks. Researchers who correlated positions with addresses were able to identify more than 80% of the telco customers with pretty good accuracy only shortly after. Cheers, Kevni -- Kevin Krammer, KDE developer, xdg-utils developer KDE user support, developer mentoring
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ kde-community mailing list [email protected] https://mail.kde.org/mailman/listinfo/kde-community
