has been moving more towards the deb.debian.org mirror which is provided by a single CDN company, . It works well, but also feeds an enormous amount of to a single company, and it can be used to track computers and maybe even people. And the privacy policy in effect is unclear. Fastly says the policy of the "subscriber" applies, but the privacy policy for deb.debian.org is not listed anywhere I could find. Anyone have any insight here?

@eighthave @neil As far as I know Fastly chooses not to store logs but instead allows customers to have them forwarded directly to their own storage endpoint

Follow

@andydavies @neil that would be nice, do you have any documentation on that?

@eighthave @neil This is the clearest statement I know on the subject of customer request logs docs.fastly.com/en/guides/data

I’ve also had discussions with Fastly where they’ve talked about how they don’t want to store customer request log data for privacy reasons

@andydavies @neil I'm looking for actual privacy policies since those would be legally binding and the company could be help liable for violations. I've seen a lot of language like that, it promises little, since it has broad, vague exceptions like "except where explicitly stated in the Documentation and related to the functional performance of the services". Like, if some gov asks nicely for data, would handing it over be considered "functional performance of the services"?

@andydavies @neil Hi @eighthave we have a lot more information about our trust/ privacy practices and our ethical standards on our website: fastly.com/solutions/customer-

and our privacy/ data processing policies are on our website too:
fastly.com/privacy/
fastly.com/data-processing

@haubles @andydavies @neil thanks, I've read through those already, and it is still difficult for me to say what data about deb.debian.org Fastly actually keeps and for how long. Here are the policies of some other Debian mirrors, which are much simpler but perhaps leave out a couple key details like what log format they use.

* ftp.lysator.liu.se/datahanteri
* plug-mirror.rcac.purdue.edu/in
* mirror.fcix.net/policy/
* mirror.ossplanet.net/

Sign in to participate in the conversation
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml