4:01 a.m.
Hi,
your website allows to search Docs. This automatically uses Google.
IMHO it is very unfriendly not to warn people that an external data harvester
is involved in your local search.
Please consider adding a warning.
BTW your website massively violates EU data privacy rights. You have
no Impressum and no info about your privacy policy. Your website does
not even have a contact address.
--
mit freundlichen Grüssen
Wolfgang Rohdewald
5:23 a.m.
On Mon, Dec 04, 2023 at 11:01:07AM +0100, Wolfgang Rohdewald wrote:
Hi,
your website allows to search Docs. This automatically uses Google.
IMHO it is very unfriendly not to warn people that an external data harvester
is involved in your local search.
Please consider adding a warning.
I've posted patches[1] to switch the search provider to DuckDuckGo
and mention the fact that an external provider is used in the first
place. Hopefully that mitigates your concerns somewhat.
BTW your website massively violates EU data privacy rights. You have
no Impressum and no info about your privacy policy.
Honestly I have no idea what the requirements would be here, much
less how to comply with them. Care to post some patches?
Your website does
not even have a contact address.
There's a "contact" section in the footer, which links to all the
relevant information. It seems to do its job, seeing as you managed
to find your way to the mailing list after all :)
[1]
https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/FZ...
--
Andrea Bolognani / Red Hat / Virtualization
5:32 a.m.
On Mon, Dec 04, 2023 at 03:23:18AM -0800, Andrea Bolognani wrote:
On Mon, Dec 04, 2023 at 11:01:07AM +0100, Wolfgang Rohdewald wrote:
> Hi,
>
> your website allows to search Docs. This automatically uses Google.
>
> IMHO it is very unfriendly not to warn people that an external data harvester
> is involved in your local search.
>
> Please consider adding a warning.
I've posted patches[1] to switch the search provider to DuckDuckGo
and mention the fact that an external provider is used in the first
place. Hopefully that mitigates your concerns somewhat.
> BTW your website massively violates EU data privacy rights. You have
> no Impressum and no info about your privacy policy.
Honestly I have no idea what the requirements would be here, much
less how to comply with them. Care to post some patches?
Aside from the search, our is just static content, so I'm not sure
how it can be said to be massively violating privacy.
Even for the search, if you've not visited google before, you'll get
prompted (by google) to agree to its terms before the search will be
executed.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
6:03 a.m.
Since I do not know in which country libvirt.org legally lives (it does not say that),
I do not know what regulations apply. But meanwhile all major US companies follow
EU regulations - in general even worldwide. So maybe this is all irrelevant
for you - but maybe not.
Am Montag, dem 04.12.2023 um 11:32 +0000 schrieb Daniel P. Berrangé:
Aside from the search, our is just static content, so I'm not
sure
how it can be said to be massively violating privacy.
Please re-read. It is not about the content.
The website defines no privacy policy which is against EU regulations.
Even for the search, if you've not visited google before,
you'll get
prompted (by google) to agree to its terms before the search will be
executed.
Again - not to the point. For two reasons:
1. Sometimes I am desperate enough to use Google Search - but I want do decide myself when
I want to.
2. the EU regulations request I am asked BEFORE the connection to google starts.
Otherwise
Google already learns something about me (it learns that I am interested in libvirt).
I believe renaming the button to "search local Doc using Google" should be
sufficient. But then
again - I am not a lawyer.
So I think it is libvirt.org having to ask me before connecting to Google.
--
mit freundlichen Grüssen
Wolfgang Rohdewald
8:30 a.m.
On Mon, Dec 04, 2023 at 01:03:07PM +0100, Wolfgang Rohdewald wrote:
Since I do not know in which country libvirt.org legally lives (it
does not say that),
I do not know what regulations apply. But meanwhile all major US companies follow
EU regulations - in general even worldwide. So maybe this is all irrelevant
for you - but maybe not.
Am Montag, dem 04.12.2023 um 11:32 +0000 schrieb Daniel P. Berrangé:
> Aside from the search, our is just static content, so I'm not sure
> how it can be said to be massively violating privacy.
Please re-read. It is not about the content.
The website defines no privacy policy which is against EU regulations.
Please provide any source for this requirement that applies to
libvirt.org. That site has only static pages, it doesn't collect any
personal data and based on my quick search the requirement for privacy
policy is when you do collect personal data which is not our case.
> Even for the search, if you've not visited google before,
you'll get
> prompted (by google) to agree to its terms before the search will be
> executed.
Again - not to the point. For two reasons:
1. Sometimes I am desperate enough to use Google Search - but I want do decide myself
when I want to.
2. the EU regulations request I am asked BEFORE the connection to google starts.
Otherwise
Google already learns something about me (it learns that I am interested in libvirt).
I believe renaming the button to "search local Doc using Google" should be
sufficient. But then
again - I am not a lawyer.
Agreed that having a button that redirects to google is not a good user
experience. But if you claim that it is required by EU regulation to
notify user before redirecting to some other website please provide us
with any relevant source information to support that claim.
Pavel
9 a.m.
On Mon, Dec 04, 2023 at 03:30:03PM +0100, Pavel Hrdina wrote:
On Mon, Dec 04, 2023 at 01:03:07PM +0100, Wolfgang Rohdewald wrote:
> Since I do not know in which country libvirt.org legally lives (it does not say
that),
> I do not know what regulations apply. But meanwhile all major US companies follow
> EU regulations - in general even worldwide. So maybe this is all irrelevant
> for you - but maybe not.
>
> Am Montag, dem 04.12.2023 um 11:32 +0000 schrieb Daniel P. Berrangé:
> > Aside from the search, our is just static content, so I'm not sure
> > how it can be said to be massively violating privacy.
>
> Please re-read. It is not about the content.
> The website defines no privacy policy which is against EU regulations.
Please provide any source for this requirement that applies to
libvirt.org. That site has only static pages, it doesn't collect any
personal data and based on my quick search the requirement for privacy
policy is when you do collect personal data which is not our case.
I think the problem is really rather fuzzy.
The first issue is that there is no legal notion of "libvirt" as an
entity, which it turn makes it harder to say whom has responsibility
for any parts the GDPR.
The project exists only in so much as a selection of contributors being
members of the gitlab group.
The services used by a project come from a variety of sources. The
main project infra is all run by GitLab. The mailing lists are
run by Red Hat. The web server is on a personal server belonging to
the project's founder.
I think the responsibility (probably) likely lies with the various
providers of infrastructure.
WRT libvirt.org, if there are web server logs, the IP addr within
can be considerered PII. It could be claimed that collecting web
servers logs is a neccessary function for running websites (eg to
identify hostile traffic) and thus not require consent. If you're
mining the data logs and correlating with other info though, it
probably would require consent. For avoidance of doubt: we're
not doing the latter.
In the end it probably doesn't hurt to have a simple privacy page
that says we're not doing anything untoward with server logs, etc.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
6:03 a.m.
Am Montag, dem 04.12.2023 um 03:23 -0800 schrieb Andrea Bolognani:
I've posted patches[1] to switch the search provider to
DuckDuckGo
and mention the fact that an external provider is used in the first
place. Hopefully that mitigates your concerns somewhat.
It will - when done. Thanks anyway.
> BTW your website massively violates EU data privacy rights. You
have
> no Impressum and no info about your privacy policy.
Honestly I have no idea what the requirements would be here, much
less how to comply with them. Care to post some patches?
Keywords:
Règlement général sur la protection des données RGPD
Datenschutz-Grundverordnung (DSGVO)
General Data Protection Regulation GDPR)
Not knowing where you live - I am sure you will find an Italian translation.
I actually downloaded the source and searched for some visible text
from the website but I did not find anything. Maybe I was too fast.
Anyway I will never do or propose changes which will have legal
consequences. This must be done by the person legally responsible for
the website.
> Your website does not even have a contact address.
There's a "contact" section in the footer, which links to all the
relevant information. It seems to do its job, seeing as you managed
to find your way to the mailing list after all :)
This is probably not enough. I am quite sure the requirements are
- directly reachable - no subscription to a mailing list (n/a)
- private communication (n/a)
- fast answers (done)
Actually I would really have preferred not to publish this thread.
Might sometimes be better for you too. Like when somebody wants to
tell you about malware on your site.
--
mit freundlichen Grüssen
Wolfgang Rohdewald
8:39 a.m.
On Mon, Dec 04, 2023 at 01:03:09PM +0100, Wolfgang Rohdewald wrote:
Am Montag, dem 04.12.2023 um 03:23 -0800 schrieb Andrea Bolognani:
> I've posted patches[1] to switch the search provider to DuckDuckGo
> and mention the fact that an external provider is used in the first
> place. Hopefully that mitigates your concerns somewhat.
It will - when done. Thanks anyway.
> > BTW your website massively violates EU data privacy rights. You have
> > no Impressum and no info about your privacy policy.
>
> Honestly I have no idea what the requirements would be here, much
> less how to comply with them. Care to post some patches?
Keywords:
Règlement général sur la protection des données RGPD
Datenschutz-Grundverordnung (DSGVO)
General Data Protection Regulation GDPR)
Not knowing where you live - I am sure you will find an Italian translation.
I actually downloaded the source and searched for some visible text
from the website but I did not find anything. Maybe I was too fast.
Anyway I will never do or propose changes which will have legal
consequences. This must be done by the person legally responsible for
the website.
> > Your website does not even have a contact address.
>
> There's a "contact" section in the footer, which links to all the
> relevant information. It seems to do its job, seeing as you managed
> to find your way to the mailing list after all :)
This is probably not enough. I am quite sure the requirements are
- directly reachable - no subscription to a mailing list (n/a)
- private communication (n/a)
- fast answers (done)
Please provide any relevant source that applies to libvirt.org stating
that we must and are legally required to provide contact information
that you are listing here.
My quick search produced such requirements only for companies and
businesses which we are not.
Pavel
9:27 a.m.
Am Montag, dem 04.12.2023 um 15:39 +0100 schrieb Pavel Hrdina:
Please provide any relevant source that applies to libvirt.org
stating
that we must and are legally required to provide contact information
that you are listing here.
The legal owner of libvirt.org - whoever that is - should really consult a lawyer.
I gave you keywords to search for like
General Data Protection Regulation GDPR
A quick search produces:
https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
https://www.tomsguide.com/how-to/how-to-make-a-website-gdpr-compliant
GDPR actually says it applies worldwide if the website is accessible in the EU.
(EU only follows other countries imposing their rules worldwide ...)
There is no general exception for personal websites even if some discussions only mention
businesses like tomsguide.
The only exception is when your website is only for your personal use or for your family.
https://law.stackexchange.com/questions/28070/would-gdpr-affect-my-own-pe...
I'd rather stop the discussion here - there is really nothing else to be said IMHO
--
mit freundlichen Grüssen
Wolfgang Rohdewald
5:54 a.m.
On Mon, Dec 04, 2023 at 04:27:55PM +0100, Wolfgang Rohdewald wrote:
Am Montag, dem 04.12.2023 um 15:39 +0100 schrieb Pavel Hrdina:
> Please provide any relevant source that applies to libvirt.org stating
> that we must and are legally required to provide contact information
> that you are listing here.
The legal owner of libvirt.org - whoever that is - should really consult a lawyer.
I created that project, I run the web site on my pocket money.
I'm not gonna spend more money getting a lawyer, sorry, nope.
I gave you keywords to search for like
General Data Protection Regulation GDPR
A quick search produces:
https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
https://www.tomsguide.com/how-to/how-to-make-a-website-gdpr-compliant
GDPR actually says it applies worldwide if the website is accessible in the EU.
"he GDPR is an important component of EU privacy law and human rights
law, in particular Article 8(1) of the Charter of Fundamental Rights of
the European Union. It also governs the transfer of personal data
outside the EU and EEA. The GDPR's goals are to enhance individuals'
control and rights over their personal information and to simplify the
regulations for international business.[1] "
We are not a business.
We don't collect personal data on the web site, no identity,
no registration, the search is externalized, game over, sorry not applicable,
thanks you for raising your concerns but as the owner of the domain
I deny applicability of what you pointed,
Daniel
(EU only follows other countries imposing their rules worldwide ...)
There is no general exception for personal websites even if some discussions only mention
businesses like tomsguide.
The only exception is when your website is only for your personal use or for your
family.
https://law.stackexchange.com/questions/28070/would-gdpr-affect-my-own-pe...
I'd rather stop the discussion here - there is really nothing else to be said IMHO
--
mit freundlichen Grüssen
Wolfgang Rohdewald
_______________________________________________
Users mailing list -- users(a)lists.libvirt.org
To unsubscribe send an email to users-leave(a)lists.libvirt.org
--
Daniel Veillard | Red Hat Developers Tools http://developer.redhat.com/
veillard(a)redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | virtualization library http://libvirt.org/
313
days inactive
318
days old
9 comments
5 participants
participants (5)
-
Andrea Bolognani -
Daniel P. Berrangé -
Daniel Veillard -
Pavel Hrdina -
Wolfgang Rohdewald