[cfarm-users] privacy

[Bruno Haible]

Jonathan Wakely wrote:
> > It would not be straightforward to track all SSH access on the farm, both
> > for privacy reasons and technical reasons (the farm has very diverse
> > systems, and some people run jobs via cron).
> 
> What are the privacy reasons?
> 
> It's a free, public service offered to the community, why should users have
> any expectation of being able to use it in secret?
> 
> If you don't want the cfarm admins to be aware of whether or not you are
> using the service, you should pay for your own access to another service.

While the principles of handling personal information (limiting the purposes,
minimizing the data, ...) [1] are legally binding only in the EU, they are
good guidelines for helping ensure privacy all over the world.

If the compilefarm were to track all SSH access on the farm, taking
correlations on the data would, for example:
  - reveal whether the accesses are within or outside regular business hours,
  - reveal if two persons have nearly the same login/logout times and thus
    allow conjectures about their relationship.

The stated purpose in this thread is to detect "long-dormant users".
Tracking all SSH accesses would produce more data than needed for the
purpose — which goes against the principle of data minimization.

Other approaches (such as getting the 'atime' of the ~user/.ssh/* files
once a year) would produce less data. But it was not what was discussed
in the sourceware.org thread and replied-to by Baptiste.

Bruno

[1] https://en.wikipedia.org/wiki/General_Data_Protection_Regulation#Principles_and_lawful_purposes