Hello Gervase,
In response to:
Perhaps, although I've not see anyone say "I've read Pocket's privacy
policy, the one that applies to this feature (as amended in consultation
with the Mozilla privacy team) and I object to X, Y and Z."
I'm assuming that this privacy policy is the correct one:
https://getpocket.com/privacy accessed 2015-06-09T17:06:00Z.
I normally don't get into these kinds of conversations and I'm not exactly
a stakeholder with firefox (I use it exclusively, but I don't donate to
mozilla or anything) but I thought I'd fill in some detail here. There
have been people complaining specifically about the privacy policy, but I
think they were drowned out by the other arguments. Recently (after the
quoted comment by you, I believe) commentsab...@riseup.net had a more
coherent privacy policy related argument, and I will reiterate some of
their argument here.
I am not a lawyer, but this line in the privacy policy is the biggest
problem to me:
In the event that we or certain of our assets are acquired, user
information may be included among the transferred assets.
I'd rather not have some big investment bank get a hold of my personal
information + URLs I've saved and be able to sell that to someone/do
whatever with it. If I understand privacy policies properly (which is by
no means guaranteed) this is a perfectly plausible scenario since the new
company would not be bound by it's terms.
Another thing I dislike about the policy, specifically because it appears
that all the information is stored unencrypted on the servers, are these
pretty standard lines:
Although we strive to protect the personal information of our users,
we will release personal information if required by law or in the
good-faith belief that such action is necessary. We follow the law
whenever we receive requests about you from a government or related to
a lawsuit. We will notify you when we are asked to hand over your
personally identifiable information in this way unless we are legally
prohibited from doing so. When we receive requests like this, we will
only release your personally identifiable information if we have a
good faith belief that disclosure is necessary or appropriate under
applicable law. Nothing in this policy is intended to limit any legal
defenses or objections that you may have to a third party's request to
disclose your information.
Basically no one better store links on articles about anything illegal!
Since all the URLs you saved are stored plain text, that could be used
against you if the law decides to ask for it.
Compare this to part of the non-legal part of the firefox sync privacy
policy(it's easier than the legalese):
Firefox Sync on your computer encrypts your data before sending it to
us so the data isnt sitting around on our servers in a usable form.
Basically, I think any service that is this integrated into firefox should
live up to the type of privacy policy that firefox sync has. I don't even
care if they(pocket) store the URLs I store in an anonymized way but then
encrypt the part that says which URLs I have saved (so that they can still
make money of the anonymized information). I would prefer their server
software to be open source, but the privacy concerns are a much bigger
problem.
Basically, if they would make it to where the law nor businesses that
acquire pocket can easily figure out what URLs I have saved then that
would fix my biggest objection with the service being integrated (Though I
also have concerns about them controlling the "standardized" API for other
backends to be integrated). As it stands, I find the integration of pocket
unacceptable.
Another acceptable option for me would be for mozilla to put the effort
forth to integrate with another backend for this functionality that does
meet my privacy concerns above, and make that default while keeping pocket
as an easily accessible option. Similar to the existing search engine
functionality, but with a privacy conscious choice being the default.
Finally, a barely acceptable option for me would be to do all of the above
but keep pocket the default. I'd feel better about this if pocket paid for
the privilege like yahoo did to be the default search engine.
Thank you,
Christopher Carpenter
P.S. I apologize if this doesn't properly make it into everyone's threaded
view. I subscribed to this topic with my work email but didn't want to
send this from that email as my views do not represent my employer. I had
to manually recreate the subject/to and am not entirely sure I did it
properly.
_______________________________________________
governance mailing list
governance@lists.mozilla.org
https://lists.mozilla.org/listinfo/governance
