From: Ian Jackson Date: Sat, 20 Jun 2009 21:23:46 +0000 (+0100) Subject: Update privacy docs X-Git-Tag: 1.9.2~107 X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~yarrgweb/git?p=ypp-sc-tools.web-live.git;a=commitdiff_plain;h=cde017ed6b76840ce2ae1aa5fc740a6e06352f92 Update privacy docs --- diff --git a/pctb/README b/pctb/README index 1261296..986338a 100644 --- a/pctb/README +++ b/pctb/README @@ -27,7 +27,7 @@ Options to vary the processing: --quiet Suppress progress messages --screenshot-file F Store or read screenshots in F rather than #pages#.pnm --window-id ID Specified X window is the YPP client - do not search - --edit-dictionary Enable dictionary editing. See README.dictionary. + --edit-charset Enable character set editing. See README.dictionary. Controlling what happens to the results: --upload (default) Upload to the PCTB server @@ -36,6 +36,18 @@ Controlling what happens to the results: --best-prices Print best buy and sell price for each commodity --arbitrage Print arbitrage opportunities +Privacy options, which control conversations with the dictionary server: + --dict-local-only * Do not talk to the server even to fetch new dictionary. + --dict-read-only * Only fetch new dictionary, do not submit new entries. + --dict-anon Don't quote pirate name if submitting entries. + --dict-submit Submit entries quoting my pirate name. (default) +Please do not use options marked * with --upload. See README.privacy. + +Options to override which servers we talk to: + --pctb-url HOST|URL Talk to the PCTB server at HOST or URL. + --dict-submit-url URL Submit dictionary entries with HTTP POST under URL. + --dict-update-url URL Fetch updated master dictionary with rsync from URL. + Files we use and update ----------------------- @@ -128,27 +140,24 @@ error messasge. I'll then be able to understand what's wrong, hopefully. -Phoning home - privacy ----------------------- +Privacy +------- The main purpose of this program is to connect to the PCTB server and -upload data. The program does not currently phone home at all in -modes other than --upload, and when it does it connects to the -PCTB server not to a system of mine. +upload data. It will do that if you run it with --upload. -However, there are some improvements which I may introduce in the -future which may change this. I am considering: +This program will also, by default, talk to the dictionary server I +have set up: to download updated image dictionaries, and to upload new +dictionary entries which you create with the PCTB client dictionary +GUI. This feature is mentioned in and controllable in the GUI itself, +so it won't happen without you knowing about it. - * Having the ocr character resolver talk to a server run by me - to look for missing glpyhs, and/or upload those glyphs back - to that server so that they can be shared. +The uploads will by default mention your ocean and pirate name; if you +don't want that, pass the --dict-anon option, or untick the box in the +GUI. - * Having the upload client upload a copy of the data to a server run - by me, when run in --upload mode. +See README.privacy for full details. -If I do do this these new functions may be enabled by default, but it -will be possible to turn them off, or direct them to different -servers, with command-line options, and they will be documented here. - Ian Jackson diff --git a/pctb/README.privacy b/pctb/README.privacy new file mode 100644 index 0000000..aa98ae8 --- /dev/null +++ b/pctb/README.privacy @@ -0,0 +1,111 @@ +Communications with servers - and your privacy +============================================== + +The Special Circumstances YPP PCTB client talks to two different +servers for different purposes. + +(The information below is true if you invoke the system using the main +`ypp-commodities' program. If you want to know the relationships +between it and its various helper programs, and the specific +behaviours of the helpers, you'll have to read the source. Sorry.) + + +1. PCTB server +============== + +This records everyone's uploads of commodity prices and allows you to +conveniently search for good trade routes using the PCTB website. + +We upload to the PCTB server if you select the --upload option, and +not otherwise. + +We also query the PCTB server to determine possible island names, if +we don't recognise the island and want to ask you about it. It is not +currently possible to disable this behaviour, but if you don't select +an operating mode (like --upload) which needs to know your island, it +won't happen. + + +2. YPP SC PCTB client dictionary server +======================================= + +This server maintains the master database of character and island name +images, which is used for the commodity screen OCR and also for +determining your island name. + +By default, we ask the server for an updated set of dictionaries every +time we run; this is done with the rsync protocol (indeed, by invoking +rsync). You can disable this with --dict-local-only. + +If we find a screen display we don't understand, we will ask you about +it by popping up a window which allows you to select the island (or +provide character set information - see README.charset). Your answers +to these questions are recorded locally and will be used by your +client in future. + +By default, these dictionary updates are also submitted to my server. +That allows me to check them; if they are correct, I will include them +in the master database so that everyone gets the benefit of them. +If there are any incorrect submissions, I can contradict them in the +master database so that your client will automatically behave +correctly anyway. + +So, thanks for your help! + + +Dictionary submissions (uploads) include your pirate name by default +-------------------------------------------------------------------- + +These dictionary submissions are reported to me along with the ocean +name and your pirate name. + +I will only use this to talk to you about your dictionary submissions +(for example, to let you know if you have made a mistake, or to thank +you for your contributions). + +However, if you prefer to be anonymous, you can tell your PCTB client +not to mention your pirate name (in the GUI, or with the --dict-anon +option). In this case I won't see your ocean or your pirate name, +although of course the actual images in your submissions may reveal +your island and thus your ocean. + + +User interface for privacy +-------------------------- + +The dictionary submission feature, and whether to quote your pirate +identity, is exposed in and controllable from the dictionary update +GUI, for maximum visibility. The settings in the GUI are not recorded +anywhere from one run to the next; instead the initial settings in the +GUI come from the --dict-* privacy options. See the table of options +in the README for details. + +Having said all that, please do not upload data to the PCTB server +without also participating in dictionary sharing. If you don't update +your dictionary, your parses may be wrong and thus the data you upload +to PCTB may be wrong. If you don't submit your dictionary entries, +any mistakes you make will remain uncorrected. + + +Records kept +------------ + +I keep a permanent log of all the submissions, including date, time, +submitting pirate or IP address, and YPP SC PCTB client version.. +This is so that I have enough information to go back and fix things if +anything goes badly wrong (for example, if a particular client is +broken). + +My system probably also records your IP address when your client +fetches new master dictionaries; those logs are used only for +debugging the rsync server (which also serves many other files), and +they are routinely expired. + +The information about the source of a submissions doesn't appear in +the dictionaries as available for download, so other people won't +know you're using my program. + +I don't know what records the actual PCTB server keeps, but the upload +process tells the server your ocean and island name, and your PCTB +upload client version number (including the fact that it's this Linux +client). The PCTB server is not told your pirate name. diff --git a/pctb/dictionary-update-receiver b/pctb/dictionary-update-receiver index 078b9f8..8f53438 100755 --- a/pctb/dictionary-update-receiver +++ b/pctb/dictionary-update-receiver @@ -1,20 +1,7 @@ #!/usr/bin/perl -w # -# This script is invoked when the YPP SC PCTB client phones home to -# provide updated character set OCR data or updated screenshot pixmap -# interpretation (island name) data. -# -# The client will also phone home anyway to fetch the latest parsedb -# before -# -# This allows me (the operator of the SC server) to: -# - review the choices made by the user -# - if they are correct, incorporate them in the next client version -# - if they are wrong, incorporate fixes of them, or contradictions of them, -# in - -# The information reported -# The SC PCTB client does this so that +# This script is invoked when the YPP SC PCTB client talks to the +# dictionary server. See README.privacy. use strict (qw(vars)); use POSIX;