Approving Questions to Ask All Privacy Companies (QtASK)

One question that might be pertinent: if relying on external third party services for transport, are such services open or closed source?

For example, in my case, I use SyncThing as the transport layer for the data-based mind-scanning operation. So none of what is actually transferred actually enters the main internet, outside of devices you’ve specifically chosen to hook up with it.

But if such a service is reliant on say, a public NextCloud the situation might be different. Not really sure how to resolve that issue.

My service is meant as a more private alternative to say…Lifenaut.

1 Like

I don’t see why not.

While I don’t consider myself as the right person to make decisions on this subject, I haven’t had much success getting attention here as seen above and in the wiki room and I am not sure if I asked somewhere else also. In the wiki I have seen read-receipts from both @blacklight447 and @jonah so I think they are aware of this question.

The wiki room can be found from #wiki:privacytools.io in Matrix and #wiki#privacytools.io@matrix.org using the XMPP bridge. There is also a new room #dev:privacytools.io / #dev#privacytools.io@matrix.org for website issues / content development, but I think the consencus is that this should be in the wiki.

3 Likes

Thanks for this information @Mikaela ! There are so many places where PTIO is discussed, it’s hard to follow. Can anyone access these discussions or are they restricted to PTIO Team Members?

The questions are final recommendations at this point and are still open to suggestions/refinements/additions/subtractions. I’d love to see these or some variation of these questions put in use.

PTIO has offered to host QtASK and use the questions to evaluate privacy services objectively, but there’s no reason others couldn’t adopt them, too. The sooner the better! It’s actually unfair (and unwise) that we’ve asked just a few companies these questions. We should want to know about the ownership and data processing of ALL privacy services.

Yes, the only restricted one is #team:privacytools.io if it still exists.

1 Like

As a status update on the wiki, there is a new policy that all official pages related to PrivacyTools begin with PrivacyTools: so I think there is now even less of a issue (if there ever was one) with creating a QtASK page.

1 Like

So if I create the page, should I add “PrivacyTools:” at the beginning or not? Because I am not a part of the staff but I think the project is going to be adopted as official?


I think it looks really ugly without a space after the “:”.
Example: “PrivacyTools:Whistleblower Protection Policy” instead of “PrivacyTools: Whistleblower Protection Policy”.

1 Like

[matrix] @jonah:aragon.sh: PrivacyTools organization-related pages are now gonna start with PrivacyTools:

[matrix] @jonah:aragon.sh: so we can differentiate between say, a page named Email covering email providers, and a page named PrivacyTools:Email which might include information on our @privacytools.io email addresses.

So…

No. Because it is not related to PrivacyTools as an organization. This is more for our internal policies 'n such, such as: https://wiki.privacytools.io/view/PrivacyTools:Whistleblower_Protection_Policy

That’s just how Mediawiki works. Like pages like this on Wikipedia: https://en.wikipedia.org/wiki/Wikipedia:Protection_policy (the Wikipedia prefix denoting it is WP policy and not a WP article).

1 Like

Mmm, I get it now, I think it was used for “official” articles uploaded by someone of the staff or something like that.

I see, Wikipedia has a horrible sense of aesthetics then. (?


Well, I will try to create the wiki page today.

2 Likes

I created the basic structure, I need some feedback, though.

https://wiki.privacytools.io/view/Questions_to_ask_all_privacy_services

3 Likes

Hi @a553d43c-f7fa-483a-8 - Sorry for the late reply! Just seeing this now.

Fantastic! Thanks for doing this! Feel free to use the original wording you posted in the second half of the page.

Here’s some feedback: At least 2 of the organizations you listed as having answered the questions did not answer them completely. For example, Infinity Search and C. Templar did not provide critical ownership information. I’m not sure PTIO should give space to companies that don’t answer in full. At least there needs to be a red flag warning IMHO. (Ownership is perhaps the most important question.)

Dan Arel wrote about this in a post about Brave that points out how critical ownership is to trust:

Brave is basically malware to sell the companies cryptocurrency and ads. Their main investor is Peter Thiel if you need a reason not to trust them. The dude sits on Facebooks board and creates tools for ICE. Also, people forget but when Brave was questioned about their product on Github, they requested to be removed from PTIO because they didn’t want to face scrutiny. …

How about separating the List of answered questions to a subpage like https://wiki.privacytools.io/view/Questions_to_ask_all_privacy_services/CTemplar and just listing subpages on the bottom?

2 Likes

That could work, but I believe it needs to be clear when companies don’t answer in full if they are mentioned at all. Perhaps a warning label whenever mentioned. Some people wouldn’t understand how important the information is to trust – and some people assume everything’s fine if they see a name at PTIO.

1 Like

Hi @a553d43c-f7fa-483a-8 - Sorry for the delay in helping fill out the QtASK page you posted! I finally got to it this morning. See: https://wiki.privacytools.io/view/Questions_to_ask_all_privacy_services

Please check over the edits and offer feedback – everyone! Thanks to everyone and PTIO for all the work and support for the QtASK project. (Special thanks to @a553d43c-f7fa-483a-8 for the terrific short and quippy QtASK moniker!)

1 Like

Don’t worry, I tried to get back to it but I’m doing kinda shitty with some personal stuff so I couldn’t manage to get the strength to do it.

The introduction seems really nice, I’m on a mobile so It’s a hassle to go through the code but I think you may have broken the collapsible text on the answered questions, but I’ll fix it when I’ll get my machine, today.

What about marking the non-answered or badly answered question with red and adding some kind of description to it?

It’s nothing, thanks to you for liking it, hahahaha!

1 Like

Hi @a553d43c-f7fa-483a-8 Sorry to here about the personal stuff. Hope all is well.

Sorry for breaking the collapsible text. I’m not sure how to fix it.

What about marking the non-answered or badly answered question with red and adding some kind of description to it?

Good idea!

1 Like

I changed the header to “Introduction” since it was a really long one, and deleted the io part on PT since they don’t officially endorse it, modified some wording for better aesthetic and to avoid repetition, and changed mostly this sentence because I thought it was a bit poorly constructed.

Original:

In addition, services should be asked to update answers to questions as service changes are made and at least annually.

Modified:

In addition, services should be asked to update their answers as service changes are made and/or annually, to verify that they continue to operate as they claimed to do.

You can see a detailed list of changes made to the introduction here, the rest of the changes are related to fixing the collapsible text and the lists in them. https://wiki.privacytools.io/w/index.php?title=Questions_to_ask_all_privacy_services&diff=3939&oldid=3913

1 Like

Thanks for the edits @a553d43c-f7fa-483a-8. Could you re-expand the collapsible text about companies that have answered or partially answered? Sorry I broke that, and I’m not sure how to fix it. (I’m not sure if the bottom two mentioned companies answered completely.)

ALSO:

…deleted the io part on PT since they don’t officially endorse it

I believe it’s important for PTIO to review the proposed questions and adopt a final questions list. @jonah @blacklight447 @Mikaela it’s been several months in review. Can we get final approval and move forward with the project?

If PTIO has decided NOT to move forward with QtASK, it would be good to know that, too, and the reasoning. Perhaps there are some edits needed?