[arch-general] [arch-dev-public] AUR ToS (aka making AUR user names public)

Mauro Santos registo.mailling at gmail.com
Mon Mar 6 11:53:34 UTC 2017 

On 06-03-2017 11:20, Henrik Danielsson via arch-general wrote:
> 2017-03-06 11:18 GMT+01:00 Ralf Mardorf <silver.bullet at zoho.com>:
>>
>> Privacy is a principle. You seem not to understand the difference
>> between giving somebody data with the formal permission to use this data
>> and data that simply is available for everybody, but not explicitly
>> handed over to somebody. Paranoia isn't involved in my concern.
>>
> My standpoint is that privacy does not apply to this kind of public
> information, simply because it's not private and by no means sensitive
> (people freely chose the username and other visible info they posted, no?).
> Thus, no, I see no difference and really no point in even considering
> trying to keep such information private.
> 
> What anyone does with the freely available information posted in the AUR is
> up to them ("mining" it or handing it over to someone else included), we
> could not do anything about it anyway, nor would I even care if I was in
> that list or not, since there seems to be no ToS between the one submitting
> that information and the one publishing it. Since it was freely submitted
> without any terms, I can simply not find any restrictions on its usage.
> 
> Yes, we should have a ToS to at least keep the principle of privacy alive.
> But let's face it, real privacy online has been dead for long, if it ever
> existed.
> 
> If there was a ToS, the situation would perhaps have been different, at
> least legally. I'm no legal expert of course, but to me it makes perfect
> sense that if you posted something on the internet, in a very public space,
> you can have no expectations of keeping any of that information private in
> any way, nor any information easily associated with.
> No, I don't see that as a problem, at least not if you never explicitly
> agreed that information would not be shared. What I really want to keep
> private I don't post anywhere.
> 

I think the point here is not so much privacy, as I believe everyone
recognizes that the information that was asked for (the full list of
usernames) is public and can be scraped.

The point here is handing over the full list of usernames on request. Do
note that in their research proposal[1] they specifically mention
scraping information from github. That information is public, github
does have an API to query that information, but they still have to
scrape it, I suppose that implies github does not hand it over wholesale
on request, why should we? This might be due to their ToS or they know
something we don't.

[1]
https://ncn.gov.pl/sites/default/files/listy-rankingowe/2016-03-15/streszczenia/337724-en.pdf

-- 
Mauro Santos

More information about the arch-general mailing list