Linux Counter Organization Privacy Policy

The Linux Counter Organization is committed to open communication and respect for users' privacy.

This means that we will only reveal information to outsiders that you choose to allow us to reveal. We will also only store information about you that is relevant to our purpose, and we will take reasonable measures to ensure that the information that you have chosen to let us reveal is only used for the purposes you had in revealing it.

Legal framework

The Counter is operated in Norway, and is subject to Norwegian privacy laws; more information about those can be found at Datatilsynet. The Counter is a personal data registry according to the law, but is a "hobby activity", and is therefore not required to have permission to operate.

The requirements of the law include, among other things:

• The data must only be gathered with the permission of the registered person
• The data must be used only for the purpose for which it is gathered
• The data must be accurate and up-to-date

These are things the Counter project are required to do by law. They are also principles with which the Counter Project heartily concur.

What is gathered, and how you grant permission

When you type data into a form in the Linux Counter, we assume that you give us permission to store it.

There is a special field on the forms for revealing personal information; the settings are:

• No information about you as a person may be included in reports
• Your name, the email you entered for public viewing and place of residence may be included in the lists of Linux Counter users
• NOT YET IMPLEMENTED: All the data you have entered may be made public. (This setting is intended to include machine data.)

The counter stores a log of changes to the data, accessible only to counter staff.

The reports of the counter that involve person info are linked with a copyright notice that forbids use for spam.

Who can get at information

There are 3 groups of persons relevant here.

• The registrant can get at all information currently stored about him.
• The Linux Counter maintainers can get at all information, including historical information. They have promised to make use of it only for running the counter. The names of the maintainers are public.
• Anyone else can see the information where permission to make it public is given.

There are methods whereby one can "probe" information; for instance, when registering an already registered address, the counter will give an error message if you enter an address that is already registered. It is very hard to close all such loopholes, and even harder to do so without making the counter less user friendly for the case where the "prober" is the same person as the registered user; the counter staff watches the logs for such activity, and will take action if needed.

Antispam measures

There are 2 conflicting demands on the counter's supplying email addresses:

• The counter's person lists are intended to make it possible for Linux users to find each other. This means that email must be visible.
• The stored emails are a prime target for spam target gatherers. This means that it should be invisible.

The choice so far has been to use a quota system; when someone is accessing 2 or 3 pages looking for his friends, nothing happens; when someone tries to gather up large pieces of the database, his access is blocked. This seems to have worked well in practice; it does mean that any spammer who tries to gather addresses will get a few of them, but it is not possible to get any large proportion of them.

Obfuscation of addresses may be used too, but has to be balanced against user friendliness.

Who to contact for comments

The board of the Linux Counter Organization is reachable as . Comments are welcome!