From: Duncan L. <dun...@gm...> - 2011-03-30 05:37:51
|
Regarding bug report #4055 http://www.gramps-project.org/bugs/view.php?id=4055 We'd like to hear users thoughts, and we understand that lots of users don't have accounts on the bug tracker - so here is the discussion so far. The bug report text: In the 'Narrative website' report, when looking through the dialogues for export, under the tab 'Privacy' the entry for handling 'Living People' is set to value 'include' by default. This must be a mistake as it would never be the default action of any sensible researcher to export information about living relatives. I've marked this as major because of the serious potential for Gramps creating a breach of privacy because of incautious defaults. Comments on the bug tracker: dsblank (developer) on 2010-06-08 07:51 wrote: There are many reasons for making a NarWeb report (sharing all details with trusted users, making a CDROM, etc), so I don't agree that this is a bug---just a difference of what should be the initial value. Gramps remembers the setting once you set it. On the other hand, I am re-writing all reports to use the same selection options that the Exporters use, so I will look at this when selecting a default for the initial install with the new selection options. Thanks! pez4brian (administrator) on 2011-03-29 23:44 wrote: I also agree that this is not a bug. Plenty of people publish the pages on a password protected web site which only their immediate family can access. Any sensible researcher who is going to publish the output on a public, unprotected web site is going to go looking through the options for a way to limit the private data that is exported. And then they find it, as Doug says, it will be remembered. Personally, I think that for any reports and exports, the default should always be to include everything. I'm not sure we can easily resolve this among ourselves. If you feel strongly about the change, we may need to circulate this on the devel list to get a consensus. Otherwise, I suggest we table it. Thoughts? DuncanNZ (manager) on 2011-03-30 01:32 wrote: I agree with what you say about 'Any sensible researcher', but Gramps is just as often a persons introduction to genealogy software. People say similar things about Facebook: 'any sensible person goes in and changes their privacy settings'. Gramps is not just for 'sensible' genealogy researchers, it's also for people who are completely new to genealogy and don't think about privacy. Something we can all learn from the ongoing privacy issues with facebook is that a lot of people just don't think about the consequences of being very public. I've tried hard to protect my families privacy and still I've had four occasions where bits of private information have slipped onto the web. Two of those got in a bit of trouble, one of the them with someone who I really would have liked to get talking - I don't see that happening now. (Only one of those events was connected with any 'weakness' in gramps) If we need to take this debate anywhere I would like to hear what people on the users list think - I'll go and do that now! -- 'The unconsidered life is not worth living' - Socrates |
From: Kaj P. <701...@te...> - 2011-03-30 07:33:51
|
Very wise words, Duncan. I completely agree in your point of view, that Gramps is also used by people who do not know much of genealogy, maybe not computer programmes neither. So, best case, they install this software themselves, or aided by a children, and then that's all. This is also the case for me, well not the computer knowledge, since I have been working with these things for whole my life. But genealogy is just some weeks old, and the option field this discussion concerns, had not come for my eyes yet. I also completely disagree with the signature pez4brian in that "for any reports and exports, the default should always be to include everything". This is the philosophy of Microsoft, which has given us the most unsafe environment of all. Not until during the resent years they have understood, that the advantage that also unskilled people can go on and run a computer, is not worth everything. The price with decreased privacy is often too high. And your example, Duncan, with Facebook, is also very relevant. Shortly, it is much better that the beginner will discover by her-/himself that the report is not complete, that some people are missing, search for, and find, the option field, and select the desired level of privacy, and this way becoming aware of the possible risk. This way she/he also has learnt where to find the option field, when it is time to change it the next time. Kaj Persson (Sweden) On 2011-03-30 07:37, Duncan Lithgow wrote: > Regarding bug report #4055 http://www.gramps-project.org/bugs/view.php?id=4055 > > We'd like to hear users thoughts, and we understand that lots of users > don't have accounts on the bug tracker - so here is the discussion so > far. > > The bug report text: > > In the 'Narrative website' report, when looking through the dialogues > for export, under the tab 'Privacy' the entry for handling 'Living > People' is set to value 'include' by default. This must be a mistake > as it would never be the default action of any sensible researcher to > export information about living relatives. I've marked this as major > because of the serious potential for Gramps creating a breach of > privacy because of incautious defaults. > > Comments on the bug tracker: > > dsblank (developer) on 2010-06-08 07:51 wrote: > > There are many reasons for making a NarWeb report (sharing all details > with trusted users, making a CDROM, etc), so I don't agree that this > is a bug---just a difference of what should be the initial value. > Gramps remembers the setting once you set it. On the other hand, I am > re-writing all reports to use the same selection options that the > Exporters use, so I will look at this when selecting a default for the > initial install with the new selection options. Thanks! > > pez4brian (administrator) on 2011-03-29 23:44 wrote: > > I also agree that this is not a bug. Plenty of people publish the > pages on a password protected web site which only their immediate > family can access. Any sensible researcher who is going to publish the > output on a public, unprotected web site is going to go looking > through the options for a way to limit the private data that is > exported. And then they find it, as Doug says, it will be remembered. > > Personally, I think that for any reports and exports, the default > should always be to include everything. > > I'm not sure we can easily resolve this among ourselves. If you feel > strongly about the change, we may need to circulate this on the devel > list to get a consensus. Otherwise, I suggest we table it. > > Thoughts? > > DuncanNZ (manager) on 2011-03-30 01:32 wrote: > > I agree with what you say about 'Any sensible researcher', but Gramps > is just as often a persons introduction to genealogy software. People > say similar things about Facebook: 'any sensible person goes in and > changes their privacy settings'. > > Gramps is not just for 'sensible' genealogy researchers, it's also for > people who are completely new to genealogy and don't think about > privacy. Something we can all learn from the ongoing privacy issues > with facebook is that a lot of people just don't think about the > consequences of being very public. > > I've tried hard to protect my families privacy and still I've had four > occasions where bits of private information have slipped onto the web. > Two of those got in a bit of trouble, one of the them with someone who > I really would have liked to get talking - I don't see that happening > now. (Only one of those events was connected with any 'weakness' in > gramps) > > If we need to take this debate anywhere I would like to hear what > people on the users list think - I'll go and do that now! > |
From: Dianne R. <pra...@ya...> - 2011-03-30 08:47:54
|
On Wed, 2011-03-30 at 07:37 +0200, Duncan Lithgow wrote: > DuncanNZ (manager) on 2011-03-30 01:32 wrote: > > I agree with what you say about 'Any sensible researcher', but Gramps > is just as often a persons introduction to genealogy software. People > say similar things about Facebook: 'any sensible person goes in and > changes their privacy settings'. I agree with this - I've used computers all my working life, and am very aware of privacy issues. On the other hand my Dad, who started our genealogical adventures over 40 years ago, is 87 and only came to computers about ten years ago. His attitude is "I don't mind my details being on line, why should anyone else?" If the report is for the purposes of a website, the default should be not to include living persons - but perhaps somehow make it clearer that it is possible to change the settings to include everyone. I haven't used all the reports available, so I don't know if they're all consistent on how they treat living persons. If they aren't consistent, perhaps they should be - all set to exclude living, with a warning that to include them you need to change the privacy setting. Dianne |
From: Michael L. <mic...@pc...> - 2011-03-30 11:38:30
|
On Wednesday 30 March 2011 16:37:25 Duncan Lithgow wrote: > Regarding bug report #4055 > http://www.gramps-project.org/bugs/view.php?id=4055 > > We'd like to hear users thoughts, and we understand that lots of users > don't have accounts on the bug tracker - so here is the discussion so > far. > I was equivocal until I read all the opinions. I now tilt towards hiding living people by default (using the sensible default definitions of what is considered "living") but with some explanation as to why we set it like that. I think that Gramps should be instructive as well as useful. :-) -- ==== Michael Lightfoot Canberra, Australia mic...@pc... ==== |
From: Colin R. <col...@gm...> - 2011-03-30 13:47:16
|
On March 29, 2011 23:37:25 Duncan Lithgow wrote: > Regarding bug report #4055 > http://www.gramps-project.org/bugs/view.php?id=4055 > > We'd like to hear users thoughts, and we understand that lots of users > don't have accounts on the bug tracker - so here is the discussion so > far. Put me down as equivocal also. However most of the alternatives to Gramps that I have looked at seem to default to hiding living people. This argues for making that the default in Gramps also so that those who have not considered the issue and are new to Gramps will get the privacy they may expect. Colin. |
From: Gerald B. <ger...@gm...> - 2011-03-30 13:54:38
|
I was ambivalent but am coming over to the "privacy-first" camp. Consider the Unix model: You can't do anything you're not explicitly permitted to do. That means that you can't usually run programs in /sbin that might destroy your system or reformat the partition holding /boot and other foot-gun ops, just to give a couple of examples. If you want to mess things up, you have to so something proactive (like run sudo). I think our handling of privacy-related issues should be like that. By default your privacy and that of those in your database should be protected. You should have to do something proactive to lift that protection. On Wed, Mar 30, 2011 at 9:47 AM, Colin Reynolds <col...@gm...> wrote: > On March 29, 2011 23:37:25 Duncan Lithgow wrote: >> Regarding bug report #4055 >> http://www.gramps-project.org/bugs/view.php?id=4055 >> >> We'd like to hear users thoughts, and we understand that lots of users >> don't have accounts on the bug tracker - so here is the discussion so >> far. > Put me down as equivocal also. However most of the alternatives to Gramps > that I have looked at seem to default to hiding living people. This argues > for making that the default in Gramps also so that those who have not > considered the issue and are new to Gramps will get the privacy they may > expect. > > Colin. > > ------------------------------------------------------------------------------ > Enable your software for Intel(R) Active Management Technology to meet the > growing manageability and security demands of your customers. Businesses > are taking advantage of Intel(R) vPro (TM) technology - will your software > be a part of the solution? Download the Intel(R) Manageability Checker > today! http://p.sf.net/sfu/intel-dev2devmar > _______________________________________________ > Gramps-users mailing list > Gra...@li... > https://lists.sourceforge.net/lists/listinfo/gramps-users > -- Gerald Britton |
From: Mike W. <txt...@gm...> - 2011-03-30 14:00:35
|
My opinion is that of Gerald's. I believe in privacy first, data second. On Mar 30, 2011 8:55 AM, "Gerald Britton" <ger...@gm...> wrote: > I was ambivalent but am coming over to the "privacy-first" camp. > Consider the Unix model: You can't do anything you're not explicitly > permitted to do. That means that you can't usually run programs in > /sbin that might destroy your system or reformat the partition holding > /boot and other foot-gun ops, just to give a couple of examples. If > you want to mess things up, you have to so something proactive (like > run sudo). > > I think our handling of privacy-related issues should be like that. > By default your privacy and that of those in your database should be > protected. You should have to do something proactive to lift that > protection. > > On Wed, Mar 30, 2011 at 9:47 AM, Colin Reynolds > <col...@gm...> wrote: >> On March 29, 2011 23:37:25 Duncan Lithgow wrote: >>> Regarding bug report #4055 >>> http://www.gramps-project.org/bugs/view.php?id=4055 >>> >>> We'd like to hear users thoughts, and we understand that lots of users >>> don't have accounts on the bug tracker - so here is the discussion so >>> far. >> Put me down as equivocal also. However most of the alternatives to Gramps >> that I have looked at seem to default to hiding living people. This argues >> for making that the default in Gramps also so that those who have not >> considered the issue and are new to Gramps will get the privacy they may >> expect. >> >> Colin. >> >> ------------------------------------------------------------------------------ >> Enable your software for Intel(R) Active Management Technology to meet the >> growing manageability and security demands of your customers. Businesses >> are taking advantage of Intel(R) vPro (TM) technology - will your software >> be a part of the solution? Download the Intel(R) Manageability Checker >> today! http://p.sf.net/sfu/intel-dev2devmar >> _______________________________________________ >> Gramps-users mailing list >> Gra...@li... >> https://lists.sourceforge.net/lists/listinfo/gramps-users >> > > > > -- > Gerald Britton > > ------------------------------------------------------------------------------ > Enable your software for Intel(R) Active Management Technology to meet the > growing manageability and security demands of your customers. Businesses > are taking advantage of Intel(R) vPro (TM) technology - will your software > be a part of the solution? Download the Intel(R) Manageability Checker > today! http://p.sf.net/sfu/intel-dev2devmar > _______________________________________________ > Gramps-users mailing list > Gra...@li... > https://lists.sourceforge.net/lists/listinfo/gramps-users |
From: Duke N. <duk...@ml...> - 2011-03-30 13:55:07
|
On Wed, 30 Mar 2011, Colin Reynolds wrote: > On March 29, 2011 23:37:25 Duncan Lithgow wrote: > > Regarding bug report #4055 > > http://www.gramps-project.org/bugs/view.php?id=4055 > > > > We'd like to hear users thoughts, and we understand that lots of users > > don't have accounts on the bug tracker - so here is the discussion so > > far. > Put me down as equivocal also. However most of the alternatives to Gramps > that I have looked at seem to default to hiding living people. This argues > for making that the default in Gramps also so that those who have not > considered the issue and are new to Gramps will get the privacy they may > expect. I agree! It's _always_ best to err on the side of caution! I suggest hiding living people by default. If a user is OK with making the information public, then he should have the option to do so - IMHO! -- Duke |
From: Doug B. <dou...@gm...> - 2011-03-30 14:02:42
|
On Wed, Mar 30, 2011 at 9:54 AM, Duke Normandin <duk...@ml...> wrote: > On Wed, 30 Mar 2011, Colin Reynolds wrote: > >> On March 29, 2011 23:37:25 Duncan Lithgow wrote: >> > Regarding bug report #4055 >> > http://www.gramps-project.org/bugs/view.php?id=4055 >> > >> > We'd like to hear users thoughts, and we understand that lots of users >> > don't have accounts on the bug tracker - so here is the discussion so >> > far. >> Put me down as equivocal also. However most of the alternatives to Gramps >> that I have looked at seem to default to hiding living people. This argues >> for making that the default in Gramps also so that those who have not >> considered the issue and are new to Gramps will get the privacy they may >> expect. > > I agree! It's _always_ best to err on the side of caution! I suggest > hiding living people by default. If a user is OK with making the > information public, then he should have the option to do so - IMHO! This discussion is really about what to make as the initial setting... it has always been the case that users have the option to set it as they wish. I am working on this setting for Gramps 3.3, and had always planned to make privacy the priority. I'm looking through the code to make sure that this will be consistent with other settings, and make sure that there are no unwanted side effects. -Doug > -- > Duke > > ------------------------------------------------------------------------------ > Enable your software for Intel(R) Active Management Technology to meet the > growing manageability and security demands of your customers. Businesses > are taking advantage of Intel(R) vPro (TM) technology - will your software > be a part of the solution? Download the Intel(R) Manageability Checker > today! http://p.sf.net/sfu/intel-dev2devmar > _______________________________________________ > Gramps-users mailing list > Gra...@li... > https://lists.sourceforge.net/lists/listinfo/gramps-users > |
From: Johnny <ygg...@gm...> - 2011-03-30 17:21:35
|
Gerald Britton <ger...@gm...> writes: > Consider the Unix model I may be flogged for trawling the wiki first, but considering the *ix model, I would expectect to be able to change this in my config file? In my .gramps/report_options.xml, I can't find this option? > By default your privacy and that of those in your database should be > protected. I fully agree this is the sensible choice for this setting. -- Johnny |
From: Johnny <ygg...@gm...> - 2011-03-30 18:31:47
|
Johnny <ygg...@gm...> writes: > Gerald Britton <ger...@gm...> writes: > >> Consider the Unix model > I may be flogged for trawling the wiki first, That should, of course, be negated to "not trawling"! My apologies! > but considering the *ix model, I would expectect to be able to change > this in my config file? In my .gramps/report_options.xml, I can't find > this option? -- Johnny |