=== fenris is now known as Guest24916
[17:56]  * popey removed the stupid trolling post about debian from the G+ community
[17:56] <popey> dickhead was asking people in debian community to back him up
[19:00] <mhall119> popey: what now?
[19:01] <popey> oh just that loon posting a picture and trolling
[19:01] <popey> https://plus.google.com/u/0/111716948575577959969/posts/SXxTnz1VAuo
[19:04] <mhall119> oh, that old joke again?
[19:28] <popey> indeed
[19:28] <popey> "joke"
[19:31] <czajkowski> evening folks
[21:32] <AlanBell> https://extensions.gnome.org/extension/564/amazon-shopping/ now Gnome Shell has a shopping lens  :)
[22:18] <IdleOne> Well done AlanBell :)
[22:51] <mhall119> AlanBell: zomg! Amazon Ads in Gnome-Shell!  Someone fire up the rant-o-matic and take aim!
[22:51] <JanC> erm...
[22:52] <mhall119> but seriously, it's pretty cool and I hope you don't get flamed over it
[22:52] <mhall119> JanC: http://www.theopensourcerer.com/2012/12/shopping-lens-for-gnome-shell/
[22:52] <JanC> most people never complained about being able to search amazon, they complained about the amazon search being enabled by default
[22:53] <mhall119> JanC: there were lots of variations on the complaints
[22:54] <JanC> mhall119: I am talking about the informed rants
[22:54] <JanC> obviously a lot of people parrot what they read elsewhere, often not getting the real point
[22:55] <mhall119> JanC: The people who think it shouldn't have been default are reasonable and informed, yes.  The people who think that it being default made it bad/evil/spyware/adware not so much.
[22:55] <JanC> but enabling the Amazon search by default was a *real* privacy violation (partially because it was implemented amateurishly)
[22:56] <mhall119> JanC: I would agree that it was a minor to moderate privacy concern
[22:56] <MrChrisDruif> JanC; +1
[22:56] <IdleOne> mhall119: it is very similar to the ubuntu shopping lens but gives more power to the user.
[22:57] <mhall119> but the fact that it was well known, public, and transparent to the best of our abilities
[22:57] <IdleOne> mhall119: of course he is going to get flamed, how many people actually will look at the code.
[22:57] <AlanBell> mhall119: yes indeed :)
[22:58] <JanC> mhall119: I think you don't know about EU consumer protection law (and apparently, Canonical legal didn't check this either...)
[22:58] <AlanBell> this is a bit of a pot stiring activity on some levels, but I figured someone else would do it if I didn't
[22:59] <mhall119> JanC: Well I can't comment on that side of things, not my department
[23:00] <JanC> but then again, Canonical is using Google Docs etc. too, against recommendations of every business association I know...
[23:00] <mhall119> well, my XChat try-out was short lived, do people actually use that?
[23:00] <JanC> mhall119: I use XChat (not XChat GNOME!) all the time
[23:00] <mhall119> JanC: we also give our products away for free and let people outside the company work on them.  It's safe to say we're not like most businesses
[23:01] <MrChrisDruif> mhall119; I use it as my default irc-client
[23:01] <MrChrisDruif> JanC; +1 =D
[23:01] <JanC> mhall119: EU privacy law applies to for-profits or non-profits equally
[23:02] <mhall119> MrChrisDruif: I'll give that one a try
[23:02] <mhall119> JanC: Does EU privacy law say that we can't use google docs?
[23:02] <AlanBell> nope
[23:02] <AlanBell> depending on what data you put on it
[23:03] <AlanBell> it does mean that public authorities tend not to be able to use it
[23:03] <JanC> it's forbidden to export private information about EU persons outside the EU, and Google does host their data (partially) outside the EU...
[23:03] <czajkowski> JanC: canonical isn't a non profit organisation
[23:03] <JanC> so an addressbook in Google mail would likely be illegal for EU companies...
[23:03] <AlanBell> indeed, but that doesn't mean you can't use google docs, there are just specific types of data that have jurisidictional issues
[23:04] <AlanBell> nope, address book tends not to be personal information
[23:04] <JanC> czajkowski: like I said, doens't matter if it's for-profit or non-profit
[23:05] <mhall119> JanC: that seems particularly silly, you mean you can't carry a laptop out of the EU if it has information about EU persons on it?  You can't send that data over the internet if it goes outside the EU?  You can't use off-site backup outisde the EU?
[23:05] <JanC> AlanBell: addressbooks definitely *are* personal information
[23:05] <czajkowski> JanC: think it does tbh, and especially when it's a private ltd
[23:06] <JanC> czajkowski: it doesn't matter for privacy laws
[23:06] <JanC> and there are currently lots of companies violating these laws
[23:06] <mhall119> JanC: so the EU has legislated a data-wall around the continent?
[23:07] <JanC> a wall around data that contains private data indeed (unless you get special permissions)
[23:07] <mhall119> JanC: how can they possibly hope to enforce that?
[23:08] <AlanBell> czajkowski: nope, it doesn't make a difference. Public authorities are a bit different though
[23:08] <AlanBell> http://www.ico.gov.uk/for_organisations/data_protection/the_guide/key_definitions.aspx
[23:08] <czajkowski> JanC: I'm sure this is something we're all missing given canonical is registered in multiple counteries also
[23:08] <JanC> mhall119: in theory, you can sue companies that export your private information
[23:08] <AlanBell> "and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual." <- without that an address book is OK
[23:09] <mhall119> JanC: oh, so it's just a blank-check for lawsuits
[23:09] <AlanBell> but if you have notes about people or sensitive data in the address book then it becomes personal data or sensitive personal data
[23:09] <JanC> mhall119: only if you can prove that they export it  ☺
[23:09] <mhall119> JanC: how does the law define "export"?
[23:10] <JanC> moving/copying data outside the EU territory
[23:10] <AlanBell> that is a grey area, but putting it in range of a US subpoena is probably a bad idea
[23:10] <JanC> mhall119: if other countries make decent privacy laws, they will make exceptions, I'm sure
[23:10] <mhall119> so if Alice in the EU emails data to her co-worker Bob in the EU, but the internet path makes a hop outside the EU, are they in violation?
[23:11] <AlanBell> mhall119: technically, yes
[23:11] <mhall119> so basically you can't send private data over the internet
[23:11] <cjohnston> what a joke
[23:11] <AlanBell> not private data
[23:11] <AlanBell> personal data
[23:11] <JanC> you can use encrypted channels  ☺
[23:11] <mhall119> ok, so you can't send personal data over the internet
[23:12] <mhall119> JanC: does the law make an exception if it's encrypted?
[23:12] <JanC> if you have a company mail server, it should enforce SSL outside the company LAN
[23:12] <mhall119> a) Does the law make an exception for encrypted data
[23:13] <mhall119> b) what if the recipient of the mail doesn't have their server setup for SSL?
[23:13] <AlanBell> mhall119: the law doesn't mention it (as far as I know)
[23:13] <cjohnston> What if Alice works in the EU and Bob works outside of the EU but they both work for the same company?
[23:13] <AlanBell> but it is about responsible stewardship of data about people
[23:13] <mhall119> AlanBell: I'm all for responsible stewardship, but vague unenforcable laws are rubbish
[23:14] <cjohnston> +1
[23:14] <JanC> I'm sure encryption would be acceptable, but exchanging data between EU and non-EU subsidiaries probably would not be...
[23:14] <JanC> not without permission, at least
[23:15] <cjohnston> So the EU is trying to prevent companies from doing business
[23:15] <AlanBell> there are practical difficulties with compliance I totally agree with that. Cross border law is always a pain
[23:15] <AlanBell> this pre-dates the EU really
[23:15] <JanC> cjohnston: they try to force other countries to get decent privacy laws  ;)
[23:16] <cjohnston> That isn't how the world works
[23:16] <cjohnston> I don't want my country to be forced to do anything that the EU wants to do
[23:16] <JanC> cjohnston: most countries have laws like that
[23:16] <mhall119> no, it forces companies to try and not do anything outrageously stupid for fear of being sued
[23:16] <AlanBell> rubbish
[23:17] <AlanBell> this is about particular classes of data
[23:17] <cjohnston> JanC: the way your saying it though, even if Bob's country has decent privacy laws, Alice still can't send him the data
[23:17] <mhall119> cjohnston: why not, the US does that kind of thing all the time
[23:17] <czajkowski> just FYI, while this topic is interesting it;s spiriling down fast into our country V EU fast and it's reading well.
[23:17] <czajkowski> not nice
[23:18] <cjohnston> mhall119: what are you saying that the US does all the time? trying to force other countries to do what we do?
[23:18] <AlanBell> the way it breaks down is that we have laws that mean the data subject can ask an organisation what data is held about them - medical records, insurance stuff, etc.
[23:18] <JanC> cjohnston: you can get exceptions
[23:18] <mhall119> cjohnston: yes
[23:19] <cjohnston> mhall119: I don't agree with it though. I don't want to force any of our laws on other countries and the other way around
[23:19] <AlanBell> it is to enforce a bit of transparency on companies siloing lots of data about people they want to mine for their evil purposes - the data subject has some rights over data about themselves if it is *personal data* or *sensitive personal data*
[23:20] <AlanBell> this is a good thing, and it predates the widespread use of the internet
[23:20] <JanC> AlanBell: right, and as EU law can only enforce that inside the EU, they forbid export of such that in general
[23:21] <AlanBell> we then harmonised this across the EU and that has become the larger jurisdictional area because all EU countries are required to implement laws to meet the EU regulation
[23:21] <JanC> such data
[23:21] <AlanBell> sending this type of data outside the jurisdiction of the EU is problematic - and 99% of the time unneccessary
[23:22] <JanC> cjohnston: the US actually forced the EU to disclose private information about people flying to the US, for example (otherwise EU citizens would have to get a visum to fly to the US individually, seriously hampering business...)
[23:23] <czajkowski> ESTA waiver is money racket
[23:23] <cjohnston> That I don't have a problem with.. That is a potential national security issue.. but Joe Bob's 'private' info, not so much
[23:23] <AlanBell> http://www.ico.gov.uk/for_organisations/data_protection/the_guide/principle_8.aspx and there is a bilateral agreement with the USA anyway relating to the Department of Commerce Safe Harbor Scheme
[23:24] <AlanBell> and that page specifically addresses the issue of data in transit
[23:26] <AlanBell> now the problem with Google Docs is partially to do with misunderstandings around what constitutes personal data, but it also presents problems for public authorities in particular for political and legal reasons that don't include data protection acts
[23:28] <JanC> anyway, the original issue was about the amazon search...  ;)
[23:29] <JanC> and even where that would be legally allowed, I (personally) would still consider it a privacy violation on moral grounds...
[23:30] <daker> being enabled by default and lambda users didn't that they where sending that to canonical when they try searching something throw the dash even if it's localy
[23:30] <daker> sending data*
[23:31] <JanC> daker: sending data to Canonical might be acceptable (you are using a product from them, after all, so you sort of have to trust Canonical), but the fact is that it sends data directly to Amazon too...
[23:32] <daker> the only thing i know : data is sent to canonical
[23:33] <AlanBell> so send it to me instead \o/
[23:33] <JanC> daker: and then you get results, and the results include direct links to Amazon to display the images?
[23:34] <daker> ah yes
[23:34] <JanC> which allows Amazon to correlate queries to you
[23:37] <AlanBell> probably not actually
[23:37] <AlanBell> I doubt they bother tracking image hits, and that wouldn't tell them the query
[23:37] <JanC> AlanBell: I doubt they do that right now (not enough people use Ubuntu yet), but if Ubuntu ever gets really popular they would be stupid not to do it
[23:37] <daker> AlanBell: +1
[23:37] <JanC> it's all about economics
[23:38] <AlanBell> JanC: as soon as someone clicks a result then they are subject to all the normal amazon tracking
[23:38] <JanC> AlanBell: sure
[23:38] <AlanBell> we will be sending them so much crap data as people search for "chrome" on amazon and stuff like that
[23:39] <AlanBell> if Ubuntu was *huge* and people arrived at purchases a vast amount then they might contemplate doing a study of the data, but really they could get all the data they want about ubuntu users from the affiliate ID and what is actually purchased
[23:40] <AlanBell> so then bias the ubuntu portal results with stuff that Ubuntu people are more likely to want than the average population
[23:40] <JanC> in any case, a separate shopping lens sounds like a nice idea to me (provided the results can be tailored to people's personal preferences), but including it in searches by default is not useful and probably harmful
[23:42] <JanC> AlanBell: I already have to work (as much as possible) around Google's "most probably wanted" suggestions all the time, so I'd ratter not have that problem on other sites too  :p
[23:43] <JanC> (and of course Amazon is not what most people want to buy things from)
[23:46] <czajkowski> JanC: bought 29/31 xmas gifts from amazon this christmas and many via the dash :)
[23:48] <JoseeAntonioR> mhall119: https://launchpad.net/~iveworkedwithmichaelhall <-- nice team!
[23:53] <AlanBell> I went to the local recyling center today to chuck out christmas packaging, they basically have a skip full of amazon boxes
[23:57] <JanC> czajkowski: I didn't say nobody uses it, after all I said a shopping lens *is* a good idea!
[23:59] <JanC> remember that (to be legal) we have to pay 30% import taxes on whatever we buy on amazon.com (and maybe amazon.co.uk too?), and amazon.de & amazon.fr aren't that cheap compared to local shops either  ;)
[23:59] <czajkowski> Not only was amazon cheaper, it was also less hassle