Qubes Website Privacy Policy

The Privacy Policy page of qubes-os.org says

Usage Data

We may also collect information about how the Service is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

It looks like a lot of personal data to me. According to the GDPR you have to tell, for how long these data are stored. I do not see the answer to that.

Another quote:

We may employ third party companies and individuals to facilitate our Service

Can we get a list of currently used third parties?

I suggest to use the following template to better explain how the personal data is handled, both for these forums and for the main Qubes website:

https://www.privacylabel.org/learn/

1 Like

IP address is certainly personal data, “unique device identifiers”
probably so, the rest not imo.
You are assuming that the data is stored, whereas it may be processed
and anonymised immediately.
I agree that this information should be available.

1 Like

It’s just a boilerplate generated privacy policy for the website. We used to use GitHub Pages + Cloudflare. I believe we dropped Cloudflare a long time ago and now just use GitHub Pages.

1 Like

Fair enough, but we are collecting at least IP information (or how are
stats generated), and processing that data.
I would amend the policy to match what actually does happen.
(If some of this is done at the GitHub level, then a link to that
policy will do.)

4 Likes

But the policy already mentions IP addresses, as quoted above, does it not?

If you think some specific amendment should be made, please feel free to submit a PR.

I’m happy to do so, but I do not know what information is gathered
(certainly IP address), what is processed, and for how long it is
retained.
Nor do I know if GitHub (who presumably have access to all the
information in that boilerplate, process or retain any of it. That
should be covered by their statement, and we could refer to it, if this
is the case.

4 Likes

I assume that the Qubes update server also collects the personal data in order to generate this plot, even if you never visit the websites. It should also be explained, for how long the data is stored.

1 Like

I don’t know either. I don’t have access to the infrastructure aside from being able to commit to GitHub repos. All I know I’ve already used to generate the existing Privacy Policy, the issue linked above, and to write these FAQs:

Perhaps @marmarek can provide more information.

1 Like

That’s why I said:
we are collecting at least IP information (or how are stats generated), and processing that data.

There is still no explanation for how long IP addresses are stored and what else is collected.

1 Like

True - it looks as if Qubes gathers IP addresses, processes data
daily but does not retain that data. No indication that Qubes
gathers anything else.
GitHub? That’s a separate issue, outwith Qubes control.

@deeplow You changed the title from “Qubes Privacy Policy” to “Qubes Website Privacy Policy”, but I actually would like to know about both website and Qubes OS policy. Should I create another topic for that? As I mentioned above, in order to make this plot, one has to collect IP addresses and either generate hashes from them or store them for some time. What is being done and are those hashes(?) stored for a month or longer?

This should be mentioned here with a link to GitHub privacy policy. Currently it is very misleading. It’s far from clear to a typical person that qubes-os.org is powered by Github.

Also the following is very concerning. Is this really necessary? To me it looks like a ToS from Facebook or Google which is trying to mislead the users:

Personally identifiable information may include, but is not limited to:
* Usage Data

Are there any limits to data collection at all?

1 Like

Qubes OS is still breaking the GDPR by not saying how long (and which exactly) data is stored…

The text on the Statistics page was updated, it finally says that IP addresses and number of requests are collected. Thanks.

It still does not say for how long those are stored. According to GDPR they should not be stored for longer than reasonable, which I expect here would be a month.

Erm, that’s been there for over three years. Here’s the commit that first added it on 2018-05-12.

I’ll try emailing the relevant people directly to see if I can get an answer.

1 Like

Well, since no one else has stepped forward or volunteered to help with this, I’ve attempted to address the problem by adding some text, even though I have no idea what I’m doing when it comes to writing a privacy policy:

1 Like

That was part of the auto-generated text I got from PrivacyPolicies.com. It says may include, which means that it doesn’t necessarily occur. My impression is that this is a common thing with legal documents, but I really have no idea.

I think you’re giving us too much credit when it comes to the specific language inside the Privacy Policy. In case it’s not obvious, my steps were something along these lines:

  1. Be told we have no privacy policy and need one.
  2. Ask for help from someone who knows about that stuff.
  3. crickets
  4. more crickets
  5. Figure something is better than nothing. Might as well at least try, right?
  6. Enter “how to make a website privacy policy” into a search engine.
  7. Sort through a bunch of results.
  8. Try to find something that looks reasonably legit.
  9. Decide on PrivacyPolicies.com.
  10. Generate a privacy policy.
  11. Add it to the website.

I would love it if someone who actually knows what they’re doing would replace this auto-generated Privacy Policy with a better one, but my experience tells me that the odds of that happening round to zero.

3 Likes

Indeed, somehow I overlooked it.

Well, I was not speaking about Github here. Who is collecting the data and making this plot? Is this plot outside of the Qubes team control? I don’t think so. AFAIK it’s the Qubes collecting that data via the update server, processing it and deleting (I hope!). Is the update server also hosted on Github and under the control of Microsoft? That would be an important thing to know for any privacy-aware person! I would probably switch my updates to Whonix if I find out this is so. I was asking what the Qubes team was doing with the data.

The problem with the Github pages is a separate one. Thank you @adw for making it more clear, the addition looks good to me and should help people understand better possible threats.

This is not just about the credit. I have the impression that the Qubes team, although very security-oriented, does not value privacy as much as security. Nevertheless many users of Qubes value both and sometimes actually value privacy more. Such wording makes a bad look for Qubes, because every shady company uses it to hide from users what they are actually doing, while complying with the law. I (and probably many others) learned to read it as “we collect everything possible”.

Thank you for the explanations. This really helps to see that you are trying to be as transparent as possible, which is a huge selling point of Qubes.

2 Likes