Write an Iceraven Privacy Policy
bbigam opened this issue ยท 9 comments
As we prepare to go public more fully, hoping for inclusion in F-Droid and maybe even Google Play, we probably ought to have a Privacy Policy, rather than just linking to Mozilla's. We can probably just do a Privacy.md in the repo and link to it from the About page. I don't think our next release needs to wait for this, though.
I'd like to see a simple policy. I don't suggest the following language specifically, and don't know the legalese, but here are some points we should probably hit:
EDIT: Draft 3
Tl;dr We don't use Iceraven to collect your data at all, and we try to strip out or disable most third party data collection. Any third party data collection that remains is subject to the privacy policies of those third parties. If you choose to share your information with us, we only use it for development purposes and don't sell or otherwise financially profit from it.
Iceraven Browser
- Iceraven Browser is maintained by fork-maintainers, an all-volunteer informal GitHub group that does not profit from Iceraven by means of any ads or data collection.
- Iceraven does not collect/report any user information to fork-maintainers in any way whatsoever.
- Iceraven removes or disables most telemetry or other tracking features from upstream Firefox that would collect or share user information with any upstream or third parties, such as Mozilla, Adjust, LeanPlum, or Google.
- The exception to the above is that Iceraven retains Mozilla's crash reporter, and users may choose to submit crash reports to Mozilla.
- Iceraven also retains Google Safe Browsing, which is on by default, and may collect some browsing data.
- Any telemetry or other user tracking data that may still be collected or reported to third parties is subject to the privacy policies of the organizations (i.e. Mozilla, Google) that collect it. The fork-maintainers never have any access to this data.
- Iceraven retains the Firefox Sync feature, which is always optional; no data is synced unless users create and log in to Firefox Sync accounts. This data is subject to Mozilla's privacy policy.
- Please file a bug report if you find Iceraven still collecting and reporting any user data other than via Google Safe Browsing, user-initiated crash reports, or Firefox Sync.
Iceraven Browser Development
- If you choose to get involved with Iceraven development, feature requests, bug reports, etc, the only information the fork-maintainers have on any user is only what users voluntarily share at their own initiative. Please note that if you choose to submit logs for debugging purposes, these may contain sensitive information.
- Anything shared through GitHub is subject to GitHub's privacy policy.
- The fork-maintainers use any voluntarily shared user information, whether it is shared through GitHub or otherwise, only inasmuch as it is directly relevant to Iceraven development, and do not share or sell it to anyone else for any reason.
- The fork-maintainers cannot be responsible for any private data that a user chooses to share in a public forum.
Just my suggestions to open the discussion. Comment away!
This looks like a good start.
does not profit from Iceraven in any way.
I don't think that's true necessarily. Somebody on Reddit sent me some money when I first put out the fork, and we also collect... Github stars and coolness points. Maybe we get better job opportunities. And who knows if we're going to set up an OpenCollective or something in the future.
The only information the fork-maintainers have on any user is only what users voluntarily share through GitHub issues.
They could also share it not through Github Issues.
We could also specifically mention how the log bundles people send us for debugging can have sensitive system information in them, and if people post them publicly on Github, that's their choice.
As much as possible, Iceraven removes or disables all telemetry or other tracking features from upstream Firefox that would collect or share user information with any upstream or third parties, such as Mozilla, Adjust, LeanPlum, or Google.
Does the crash reporter count as telemetry? We haven't made an attempt to rip that out, and I think it still does exactly what it says in the dialog and reports our app's crash to Mozilla when you tell it to do so.
We also keep Firefox Account sync, which shares all sorts of synced information with Mozilla, when you log into it.
This looks like a good start.
does not profit from Iceraven in any way.
I don't think that's true necessarily. Somebody on Reddit sent me some money when I first put out the fork, and we also collect... Github stars and coolness points. Maybe we get better job opportunities. And who knows if we're going to set up an OpenCollective or something in the future.
Ah, fair enough. Maybe we should say "do not profit from any data collection or ads in Iceraven" or something like that.
The only information the fork-maintainers have on any user is only what users voluntarily share through GitHub issues.
They could also share it not through Github Issues.
True. "...voluntarily share, such as through GitHub issues..."
We could also specifically mention how the log bundles people send us for debugging can have sensitive system information in them, and if people post them publicly on Github, that's their choice.
Indeed.
As much as possible, Iceraven removes or disables all telemetry or other tracking features from upstream Firefox that would collect or share user information with any upstream or third parties, such as Mozilla, Adjust, LeanPlum, or Google.
Does the crash reporter count as telemetry? We haven't made an attempt to rip that out, and I think it still does exactly what it says in the dialog and reports our app's crash to Mozilla when you tell it to do so.
We also keep Firefox Account sync, which shares all sorts of synced information with Mozilla, when you log into it.
Good points. Yes, we need to be as accurate as possible.
I've updated the initial draft, taking into account Interfect's comments. Please keep commenting. And if anyone knows legalese, please help!
I think we might have forgotten about the information the app sends for the phishing/malware detection feature (see #145). The backend there happens to be provided by Google, apparently, so people are going to care, and even if we have a switch to turn off whatever novel download hashes or whatever it sends in, we probably still will ship it on by default.
I don't mind continuing to work on the draft, but I'd really like to hear more from others.
@abhijitvalluri You do a lot of work on Iceraven, any thoughts?
I've updated the draft privacy policy again, and I separated it into "Browser" and "Development" sections to make it easier to read, and put the Tl;dr at the top.
@interfect @abhijitvalluri how does it look to to you now? Are we on the right track?
Not related to this but maybe we should change the name from 'Iceraven Mobile' to 'Iceraven Browser'.
Hello, lone wanderar and non-contributor here, but wouldn't the name "Halcyon Browser" fit better than "Iceraven"? Searching the net brought me to the myth of the Alcyonides and them turning into birds, Halcyons, upon thrusting themselves into the seas, and I thought that it fits with the theme of mythical elemental birds as Mozilla likes to do it?
I also would like to propose my own take on the privacy policy for this project:
Iceraven Browser
- Iceraven Browser is a wholly volunteer, non-profit effort made by a community of passionate contributors on the internet. We, the contributors that develops Iceraven, do not profit from the sale of personal data attained through datamining Iceraven users.
- The Iceraven app does not datamine its users, no personally identifiable and/or non-personally identifiable information is ever sent back to us, the contributors, under any circumstances.
- We, the Iceraven contributors, have done our best to disable or completely remove any tracking-code that was included in the original Mozilla Firefox (codename "Fenix") sourcecode, this has been done to increase user-privacy by stopping the sharing of user-data with Mozilla or any of its business-partners, including Adjust, Leanplum and Google.
- The one exception to this rule is the inclusion of Mozilla Firefox's crashreporting-functionality, which has been retained for if/and or when Iceraven-users want to share crashreports with Mozilla.
- Iceraven also retains Firefox's "safebrowsing"-functionality, which is turned on by default and may share some minute amount of data with Google to protect against malicious code that exists on the internet.
- If there remains tracking-code included in Iceraven that sends user-data to Mozilla or its business-partners, the shared user-data is subject to the privacy policies of the responsable entity (i.e Mozilla, Google etc).
- Iceraven Browser retains Firefox's optional "Account Sync"-functionality, allowing users to sync browser-data including searchhistory, bookmarks and passwords between Firefox instances by the way of a Mozilla account. This feature is wholly optional and doesn't share any data with Mozilla unless a user opts to use it, at from which point the data shared over the Mozilla-account is subject to Mozilla's privacy policy.
- We, the Iceraven contributors, would like for users like yourself to file bug-reports through Github if any instances of Iceraven unintentionally still sharing user-data with Mozilla or its business-partners outside of the data shared with Google via Safebrowsing, and Mozilla via crashreports and Account-syncing, are found.