Re: [translate-pootle] Privacy issues in Pootle: Privacy policy
On Thu, 2008-09-18 at 17:11 +0200, Samuel Murray (Groenkloof) wrote: Dwayne Bailey wrote: I'm less concerned about the content then about how we display this. I think we have a generic mechanism for example to display error messages. A simple HTML snippet that can be embedded into that error message would do the trick. Options: 1. Put the privacy policy as a section on the about.html page. 2. The current documentation are just static web pages that are linked to from everywhere. Why not make the privacy policy a static HTML page too, linked to from every page? Adding this response in case anyone gets the urge before me. Both are good. 1) Probably easier if we want to move it onto a separate page in the long term. It would allow someone to see the full dynamic mechanism. 2) Easiest, you'll still need to work out how and where to point to the pages. -- Dwayne Bailey Associate +27 12 460 1095 (w) Translate.org.za +27 83 443 7114 (c) Recent blog posts: * The birth of the GNU generation http://www.translate.org.za/blogs/dwayne/en/content/birth-gnu-generation * Firefox users experience discrimination * RPM packages for py lib 0.9.2 - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ Translate-pootle mailing list Translate-pootle@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/translate-pootle
Re: [translate-pootle] Privacy issues in Pootle: Privacy policy
On Thu, 2008-09-18 at 16:57 +0200, Samuel Murray (Groenkloof) wrote: F Wolff wrote: I think each deployment should write its own policy, and we shouldn't pretend to be able to say anything about servers in general, because we can't. We could encourage administrators to include a privacy notice, in the same way we encourage them to put in contact details to the administrators. We can expect Pootle administrators to be experts in server administration and similar technical issues, but we can't expect them to know the issues surrounding privacy issues, copyright issues etc. Therefore I think Pootle should be distributed in such a way that Pootle admins can focus on what they do best, and safely assume that the rest has been taken care of. Few if any Pootle admins will think of writing a privacy policy, and by the time they realise they need one, it'll be mostly too late to implement one. If we can provide a generic privacy, it protects our customers. I think we should include a default one, but I'd rather see people actively take step to add their own or review the default. So I think similar to what the default setup does we simply prepend text that says: This is the default privacy policy distributed with Pootle. Please update this to reflect the policy of your organisation, write your own or review the default and remove this text to make it your privacy policy Or something like that. As Dwayne suggested, let's make it focus on the positives. My proposed privacy policy statement does not contain any negatives. Negative and positive are in the eye of the beholder, I think. The privacy policy is not a marketing document to make the system seem friendly, but a dry, factual statement about how private data is dealt with on the site. Nor do I think one should, as Dwayne suggested, identify aspects that we regard as unpleasant, and bury those in legalese... although I'm all for a more legal sounding privacy policy, and I'm not against rewording. Many people want credit for their work, and they want team communication to work. You're assuming a scenario in which Pootle is specifically touted to translators as a team system and where there are so many translators that they can't help but be aware of each other's presence. Samuel -- Dwayne Bailey Associate +27 12 460 1095 (w) Translate.org.za +27 83 443 7114 (c) Recent blog posts: * The birth of the GNU generation http://www.translate.org.za/blogs/dwayne/en/content/birth-gnu-generation * Firefox users experience discrimination * RPM packages for py lib 0.9.2 - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ Translate-pootle mailing list Translate-pootle@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/translate-pootle
Re: [translate-pootle] Privacy issues in Pootle: Privacy policy
In case such text becomes included somewhere, I'd recommend making it gender neutral. I know this is not easy with English (or most languages, indeed) but this is deeply appreciated by all our female contributors...and this is not only about political correctness, believe me..:) Thankfully, translator is gender neutral, so the trick is only avoiding his most of the time..:) Example: Typically, a translation file includes the translator's name and e-mail address. The owner of this Pootle server I strongly encourage this as well. Thank you for noting this. Note also that there is nothing wrong with using his/her. It reminds the guys out there that there are women too. Olivier. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ Translate-pootle mailing list Translate-pootle@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/translate-pootle
Re: [translate-pootle] Privacy issues in Pootle: Privacy policy
Hi Samuel, On Tue, 2008-09-16 at 09:11 +0200, Samuel Murray (Groenkloof) wrote: G'day everyone At the moment, new users are not told how their details will be used and how much of it will be made public. This is actually kinda crucial. Users are not told, for example, that their e-mail addresses will be visible to the public, to anyone who downloads the PO file, or to anyone who encounters the PO file at any stage. It is important that they be told of this. All of this can be written in a privacy policy page that is linked to from every page on Pootle (at the bottom somewhere). The problem is that different Pootle servers have different policies, so I think one should write a policy that is half explanatory so that it can apply to all servers. A better (but more complicated) solution may be that the privacy policy page is generated automatically from options selected in the pootle.prefs file. But let's keep it simple for now. So here's my attempt: == GENERIC PRIVACY POLICY OF POOTLE SERVERS The way a Pootle server deals with privacy, depends on the licence of the translated files and the specific policies of the computer on which the Pootle server is hosted. Pootle was originally designed not for private participation but with public collaboration in mind, and the way it deals with a user's information, reflects that. Typically, a user's name and e-mail address is automatically added to his translation. The owner of this Pootle server has no control over the way the translations (and therefore also the user's name and e-mail address) will eventually be made public. Various pieces of information about a user can be accessed by the public, by other users, by users with administrative privileges, by users of the server with read access rights, and by users of the server with root privileges. Some information that cannot be accessed directly, can be deduced from other information. The only information about a user that is truly private, is his password. All other information submitted by the user, including record of his activities, may be available to a number of people, including members of the public. A user's activities are written to a log that typically cannot be accessed via the web interface and only be accessed by users of the server with read access rights. Whether users of the server may make such logs public depends on the policies of the server itself. For privacy purposes, therefore, users should assume that everything on their profile pages (except the password) can eventually be viewed by any member of the public, and that a log of all of their activities on Pootle can either be viewed or deduced by any member of the public. == So, what do you think? Looks OK, although a bit scary. I prefer legalise that says the same but makes it sound wonderful ;) I'm less concerned about the content then about how we display this. I think we have a generic mechanism for example to display error messages. A simple HTML snippet that can be embedded into that error message would do the trick. Anyone interested in taking a look at this? If not I'll probably give it a go. -- Dwayne Bailey Associate +27 12 460 1095 (w) Translate.org.za +27 83 443 7114 (c) Recent blog posts: * The birth of the GNU generation http://www.translate.org.za/blogs/dwayne/en/content/birth-gnu-generation * Firefox users experience discrimination * RPM packages for py lib 0.9.2 - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ Translate-pootle mailing list Translate-pootle@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/translate-pootle
Re: [translate-pootle] Privacy issues in Pootle: Privacy policy
On Di, 2008-09-16 at 09:11 +0200, Samuel Murray (Groenkloof) wrote: G'day everyone At the moment, new users are not told how their details will be used and how much of it will be made public. This is actually kinda crucial. Users are not told, for example, that their e-mail addresses will be visible to the public, to anyone who downloads the PO file, or to anyone who encounters the PO file at any stage. It is important that they be told of this. All of this can be written in a privacy policy page that is linked to from every page on Pootle (at the bottom somewhere). The problem is that different Pootle servers have different policies, so I think one should write a policy that is half explanatory so that it can apply to all servers. A better (but more complicated) solution may be that the privacy policy page is generated automatically from options selected in the pootle.prefs file. But let's keep it simple for now. So here's my attempt: == GENERIC PRIVACY POLICY OF POOTLE SERVERS The way a Pootle server deals with privacy, depends on the licence of the translated files and the specific policies of the computer on which the Pootle server is hosted. Pootle was originally designed not for private participation but with public collaboration in mind, and the way it deals with a user's information, reflects that. Typically, a user's name and e-mail address is automatically added to his translation. The owner of this Pootle server has no control over the way the translations (and therefore also the user's name and e-mail address) will eventually be made public. Various pieces of information about a user can be accessed by the public, by other users, by users with administrative privileges, by users of the server with read access rights, and by users of the server with root privileges. Some information that cannot be accessed directly, can be deduced from other information. The only information about a user that is truly private, is his password. All other information submitted by the user, including record of his activities, may be available to a number of people, including members of the public. A user's activities are written to a log that typically cannot be accessed via the web interface and only be accessed by users of the server with read access rights. Whether users of the server may make such logs public depends on the policies of the server itself. For privacy purposes, therefore, users should assume that everything on their profile pages (except the password) can eventually be viewed by any member of the public, and that a log of all of their activities on Pootle can either be viewed or deduced by any member of the public. == So, what do you think? I think each deployment should write its own policy, and we shouldn't pretend to be able to say anything about servers in general, because we can't. We could encourage administrators to include a privacy notice, in the same way we encourage them to put in contact details to the administrators. As Dwayne suggested, let's make it focus on the positives. Many people want credit for their work, and they want team communication to work. Therefore the default setup is to put the translator's name and contact details in the PO files when they are updated. If the translators are lucky, server admins will publicly praise translators that did a lot of work. This mostly says the same thing, but gives a more positive starting point and explains better why the software does what it does. An idea Friedel -- Recently on my blog: http://translate.org.za/blogs/friedel/en/content/vrot-mango - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ Translate-pootle mailing list Translate-pootle@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/translate-pootle
Re: [translate-pootle] Privacy issues in Pootle: Privacy policy
F Wolff wrote: I think each deployment should write its own policy, and we shouldn't pretend to be able to say anything about servers in general, because we can't. We could encourage administrators to include a privacy notice, in the same way we encourage them to put in contact details to the administrators. We can expect Pootle administrators to be experts in server administration and similar technical issues, but we can't expect them to know the issues surrounding privacy issues, copyright issues etc. Therefore I think Pootle should be distributed in such a way that Pootle admins can focus on what they do best, and safely assume that the rest has been taken care of. Few if any Pootle admins will think of writing a privacy policy, and by the time they realise they need one, it'll be mostly too late to implement one. If we can provide a generic privacy, it protects our customers. As Dwayne suggested, let's make it focus on the positives. My proposed privacy policy statement does not contain any negatives. Negative and positive are in the eye of the beholder, I think. The privacy policy is not a marketing document to make the system seem friendly, but a dry, factual statement about how private data is dealt with on the site. Nor do I think one should, as Dwayne suggested, identify aspects that we regard as unpleasant, and bury those in legalese... although I'm all for a more legal sounding privacy policy, and I'm not against rewording. Many people want credit for their work, and they want team communication to work. You're assuming a scenario in which Pootle is specifically touted to translators as a team system and where there are so many translators that they can't help but be aware of each other's presence. Samuel -- Samuel Murray [EMAIL PROTECTED] Decathlon, for volunteer opensource translations http://translate.sourceforge.net/wiki/decathlon/ - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ Translate-pootle mailing list Translate-pootle@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/translate-pootle
Re: [translate-pootle] Privacy issues in Pootle: Privacy policy
G'day everyone At the moment, new users are not told how their details will be used and how much of it will be made public. This is actually kinda crucial. Users are not told, for example, that their e-mail addresses will be visible to the public, to anyone who downloads the PO file, or to anyone who encounters the PO file at any stage. It is important that they be told of this. All of this can be written in a privacy policy page that is linked to from every page on Pootle (at the bottom somewhere). The problem is that different Pootle servers have different policies, so I think one should write a policy that is half explanatory so that it can apply to all servers. A better (but more complicated) solution may be that the privacy policy page is generated automatically from options selected in the pootle.prefs file. But let's keep it simple for now. So here's my attempt: == GENERIC PRIVACY POLICY OF POOTLE SERVERS The way a Pootle server deals with privacy, depends on the licence of the translated files and the specific policies of the computer on which the Pootle server is hosted. Pootle was originally designed not for private participation but with public collaboration in mind, and the way it deals with a user's information, reflects that. Typically, a user's name and e-mail address is automatically added to his translation. The owner of this Pootle server has no control over the way the translations (and therefore also the user's name and e-mail address) will eventually be made public. Various pieces of information about a user can be accessed by the public, by other users, by users with administrative privileges, by users of the server with read access rights, and by users of the server with root privileges. Some information that cannot be accessed directly, can be deduced from other information. The only information about a user that is truly private, is his password. All other information submitted by the user, including record of his activities, may be available to a number of people, including members of the public. A user's activities are written to a log that typically cannot be accessed via the web interface and only be accessed by users of the server with read access rights. Whether users of the server may make such logs public depends on the policies of the server itself. For privacy purposes, therefore, users should assume that everything on their profile pages (except the password) can eventually be viewed by any member of the public, and that a log of all of their activities on Pootle can either be viewed or deduced by any member of the public. == So, what do you think? Samuel -- Samuel Murray [EMAIL PROTECTED] Decathlon, for volunteer opensource translations http://translate.sourceforge.net/wiki/decathlon/ - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ Translate-pootle mailing list Translate-pootle@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/translate-pootle
