/srv/irclogs.ubuntu.com/2012/12/30/#ubuntu-community-team.txt

=== fenris is now known as Guest24916
* popey removed the stupid trolling post about debian from the G+ community17:56
popeydickhead was asking people in debian community to back him up17:56
mhall119popey: what now?19:00
popeyoh just that loon posting a picture and trolling19:01
popeyhttps://plus.google.com/u/0/111716948575577959969/posts/SXxTnz1VAuo19:01
mhall119oh, that old joke again?19:04
popeyindeed19:28
popey"joke"19:28
czajkowskievening folks19:31
AlanBellhttps://extensions.gnome.org/extension/564/amazon-shopping/ now Gnome Shell has a shopping lens  :)21:32
IdleOneWell done AlanBell :)22:18
mhall119AlanBell: zomg! Amazon Ads in Gnome-Shell!  Someone fire up the rant-o-matic and take aim!22:51
JanCerm...22:51
mhall119but seriously, it's pretty cool and I hope you don't get flamed over it22:52
mhall119JanC: http://www.theopensourcerer.com/2012/12/shopping-lens-for-gnome-shell/22:52
JanCmost people never complained about being able to search amazon, they complained about the amazon search being enabled by default22:52
mhall119JanC: there were lots of variations on the complaints22:53
JanCmhall119: I am talking about the informed rants22:54
JanCobviously a lot of people parrot what they read elsewhere, often not getting the real point22:54
mhall119JanC: The people who think it shouldn't have been default are reasonable and informed, yes.  The people who think that it being default made it bad/evil/spyware/adware not so much.22:55
JanCbut enabling the Amazon search by default was a *real* privacy violation (partially because it was implemented amateurishly)22:55
mhall119JanC: I would agree that it was a minor to moderate privacy concern22:56
MrChrisDruifJanC; +122:56
IdleOnemhall119: it is very similar to the ubuntu shopping lens but gives more power to the user.22:56
mhall119but the fact that it was well known, public, and transparent to the best of our abilities22:57
IdleOnemhall119: of course he is going to get flamed, how many people actually will look at the code.22:57
AlanBellmhall119: yes indeed :)22:57
JanCmhall119: I think you don't know about EU consumer protection law (and apparently, Canonical legal didn't check this either...)22:58
AlanBellthis is a bit of a pot stiring activity on some levels, but I figured someone else would do it if I didn't22:58
mhall119JanC: Well I can't comment on that side of things, not my department22:59
JanCbut then again, Canonical is using Google Docs etc. too, against recommendations of every business association I know...23:00
mhall119well, my XChat try-out was short lived, do people actually use that?23:00
JanCmhall119: I use XChat (not XChat GNOME!) all the time23:00
mhall119JanC: we also give our products away for free and let people outside the company work on them.  It's safe to say we're not like most businesses23:00
MrChrisDruifmhall119; I use it as my default irc-client23:01
MrChrisDruifJanC; +1 =D23:01
JanCmhall119: EU privacy law applies to for-profits or non-profits equally23:01
mhall119MrChrisDruif: I'll give that one a try23:02
mhall119JanC: Does EU privacy law say that we can't use google docs?23:02
AlanBellnope23:02
AlanBelldepending on what data you put on it23:02
AlanBellit does mean that public authorities tend not to be able to use it23:03
JanCit's forbidden to export private information about EU persons outside the EU, and Google does host their data (partially) outside the EU...23:03
czajkowskiJanC: canonical isn't a non profit organisation23:03
JanCso an addressbook in Google mail would likely be illegal for EU companies...23:03
AlanBellindeed, but that doesn't mean you can't use google docs, there are just specific types of data that have jurisidictional issues23:03
AlanBellnope, address book tends not to be personal information23:04
JanCczajkowski: like I said, doens't matter if it's for-profit or non-profit23:04
mhall119JanC: that seems particularly silly, you mean you can't carry a laptop out of the EU if it has information about EU persons on it?  You can't send that data over the internet if it goes outside the EU?  You can't use off-site backup outisde the EU?23:05
JanCAlanBell: addressbooks definitely *are* personal information23:05
czajkowskiJanC: think it does tbh, and especially when it's a private ltd23:05
JanCczajkowski: it doesn't matter for privacy laws23:06
JanCand there are currently lots of companies violating these laws23:06
mhall119JanC: so the EU has legislated a data-wall around the continent?23:06
JanCa wall around data that contains private data indeed (unless you get special permissions)23:07
mhall119JanC: how can they possibly hope to enforce that?23:07
AlanBellczajkowski: nope, it doesn't make a difference. Public authorities are a bit different though23:08
AlanBellhttp://www.ico.gov.uk/for_organisations/data_protection/the_guide/key_definitions.aspx23:08
czajkowskiJanC: I'm sure this is something we're all missing given canonical is registered in multiple counteries also23:08
JanCmhall119: in theory, you can sue companies that export your private information23:08
AlanBell"and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual." <- without that an address book is OK23:08
mhall119JanC: oh, so it's just a blank-check for lawsuits23:09
AlanBellbut if you have notes about people or sensitive data in the address book then it becomes personal data or sensitive personal data23:09
JanCmhall119: only if you can prove that they export it  ☺23:09
mhall119JanC: how does the law define "export"?23:09
JanCmoving/copying data outside the EU territory23:10
AlanBellthat is a grey area, but putting it in range of a US subpoena is probably a bad idea23:10
JanCmhall119: if other countries make decent privacy laws, they will make exceptions, I'm sure23:10
mhall119so if Alice in the EU emails data to her co-worker Bob in the EU, but the internet path makes a hop outside the EU, are they in violation?23:10
AlanBellmhall119: technically, yes23:11
mhall119so basically you can't send private data over the internet23:11
cjohnstonwhat a joke23:11
AlanBellnot private data23:11
AlanBellpersonal data23:11
JanCyou can use encrypted channels  ☺23:11
mhall119ok, so you can't send personal data over the internet23:11
mhall119JanC: does the law make an exception if it's encrypted?23:12
JanCif you have a company mail server, it should enforce SSL outside the company LAN23:12
mhall119a) Does the law make an exception for encrypted data23:12
mhall119b) what if the recipient of the mail doesn't have their server setup for SSL?23:13
AlanBellmhall119: the law doesn't mention it (as far as I know)23:13
cjohnstonWhat if Alice works in the EU and Bob works outside of the EU but they both work for the same company?23:13
AlanBellbut it is about responsible stewardship of data about people23:13
mhall119AlanBell: I'm all for responsible stewardship, but vague unenforcable laws are rubbish23:13
cjohnston+123:14
JanCI'm sure encryption would be acceptable, but exchanging data between EU and non-EU subsidiaries probably would not be...23:14
JanCnot without permission, at least23:14
cjohnstonSo the EU is trying to prevent companies from doing business23:15
AlanBellthere are practical difficulties with compliance I totally agree with that. Cross border law is always a pain23:15
AlanBellthis pre-dates the EU really23:15
JanCcjohnston: they try to force other countries to get decent privacy laws  ;)23:15
cjohnstonThat isn't how the world works23:16
cjohnstonI don't want my country to be forced to do anything that the EU wants to do23:16
JanCcjohnston: most countries have laws like that23:16
mhall119no, it forces companies to try and not do anything outrageously stupid for fear of being sued23:16
AlanBellrubbish23:16
AlanBellthis is about particular classes of data23:17
cjohnstonJanC: the way your saying it though, even if Bob's country has decent privacy laws, Alice still can't send him the data23:17
mhall119cjohnston: why not, the US does that kind of thing all the time23:17
czajkowskijust FYI, while this topic is interesting it;s spiriling down fast into our country V EU fast and it's reading well.23:17
czajkowskinot nice23:17
cjohnstonmhall119: what are you saying that the US does all the time? trying to force other countries to do what we do?23:18
AlanBellthe way it breaks down is that we have laws that mean the data subject can ask an organisation what data is held about them - medical records, insurance stuff, etc.23:18
JanCcjohnston: you can get exceptions23:18
mhall119cjohnston: yes23:18
cjohnstonmhall119: I don't agree with it though. I don't want to force any of our laws on other countries and the other way around23:19
AlanBellit is to enforce a bit of transparency on companies siloing lots of data about people they want to mine for their evil purposes - the data subject has some rights over data about themselves if it is *personal data* or *sensitive personal data*23:19
AlanBellthis is a good thing, and it predates the widespread use of the internet23:20
JanCAlanBell: right, and as EU law can only enforce that inside the EU, they forbid export of such that in general23:20
AlanBellwe then harmonised this across the EU and that has become the larger jurisdictional area because all EU countries are required to implement laws to meet the EU regulation23:21
JanCsuch data23:21
AlanBellsending this type of data outside the jurisdiction of the EU is problematic - and 99% of the time unneccessary23:21
JanCcjohnston: the US actually forced the EU to disclose private information about people flying to the US, for example (otherwise EU citizens would have to get a visum to fly to the US individually, seriously hampering business...)23:22
czajkowskiESTA waiver is money racket23:23
cjohnstonThat I don't have a problem with.. That is a potential national security issue.. but Joe Bob's 'private' info, not so much23:23
AlanBellhttp://www.ico.gov.uk/for_organisations/data_protection/the_guide/principle_8.aspx and there is a bilateral agreement with the USA anyway relating to the Department of Commerce Safe Harbor Scheme23:23
AlanBelland that page specifically addresses the issue of data in transit23:24
AlanBellnow the problem with Google Docs is partially to do with misunderstandings around what constitutes personal data, but it also presents problems for public authorities in particular for political and legal reasons that don't include data protection acts23:26
JanCanyway, the original issue was about the amazon search...  ;)23:28
JanCand even where that would be legally allowed, I (personally) would still consider it a privacy violation on moral grounds...23:29
dakerbeing enabled by default and lambda users didn't that they where sending that to canonical when they try searching something throw the dash even if it's localy23:30
dakersending data*23:30
JanCdaker: sending data to Canonical might be acceptable (you are using a product from them, after all, so you sort of have to trust Canonical), but the fact is that it sends data directly to Amazon too...23:31
dakerthe only thing i know : data is sent to canonical23:32
AlanBellso send it to me instead \o/23:33
JanCdaker: and then you get results, and the results include direct links to Amazon to display the images?23:33
dakerah yes23:34
JanCwhich allows Amazon to correlate queries to you23:34
AlanBellprobably not actually23:37
AlanBellI doubt they bother tracking image hits, and that wouldn't tell them the query23:37
JanCAlanBell: I doubt they do that right now (not enough people use Ubuntu yet), but if Ubuntu ever gets really popular they would be stupid not to do it23:37
dakerAlanBell: +123:37
JanCit's all about economics23:37
AlanBellJanC: as soon as someone clicks a result then they are subject to all the normal amazon tracking23:38
JanCAlanBell: sure23:38
AlanBellwe will be sending them so much crap data as people search for "chrome" on amazon and stuff like that23:38
AlanBellif Ubuntu was *huge* and people arrived at purchases a vast amount then they might contemplate doing a study of the data, but really they could get all the data they want about ubuntu users from the affiliate ID and what is actually purchased23:39
AlanBellso then bias the ubuntu portal results with stuff that Ubuntu people are more likely to want than the average population23:40
JanCin any case, a separate shopping lens sounds like a nice idea to me (provided the results can be tailored to people's personal preferences), but including it in searches by default is not useful and probably harmful23:40
JanCAlanBell: I already have to work (as much as possible) around Google's "most probably wanted" suggestions all the time, so I'd ratter not have that problem on other sites too  :p23:42
JanC(and of course Amazon is not what most people want to buy things from)23:43
czajkowskiJanC: bought 29/31 xmas gifts from amazon this christmas and many via the dash :)23:46
JoseeAntonioRmhall119: https://launchpad.net/~iveworkedwithmichaelhall <-- nice team!23:48
AlanBellI went to the local recyling center today to chuck out christmas packaging, they basically have a skip full of amazon boxes23:53
JanCczajkowski: I didn't say nobody uses it, after all I said a shopping lens *is* a good idea!23:57
JanCremember that (to be legal) we have to pay 30% import taxes on whatever we buy on amazon.com (and maybe amazon.co.uk too?), and amazon.de & amazon.fr aren't that cheap compared to local shops either  ;)23:59
czajkowskiNot only was amazon cheaper, it was also less hassle23:59

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!