"General criteria" of PG

Shouldn’t we add a general criteria about privacy in PG’s General Criteria ?
Like that services should not have a business model based on invading the privacy of its users ?

I am not sure I see the point.

What are you recommending exactly that isn’t already covered by the general criteria, either implicitly or explicitly?

For example a “business model based on invading the privacy of its users” would never get recommended anyway, I am not sure its worth staff time to enumerate the obvious.

it’s so obvious that everyone seem to have forgotten it.
May be useless because it is implicit but I would rather see it explicit.

There could be an open source, usable, secure, cross-platform, actively maintained project with documentation that require your phone number and address or ID, with tracking links in emails, with non-optional telemetry, that does not respect GDPR and DNT, that sells your device informations and IP adresses.

OBVIOUSLY, most people would not suggest it for tool recommendation. But better explicit it. So we have objective criterias to show if someone suggest such a tool, even a tool that only does ONE of these things.

What makes you believe that people have forgotten this?

If you are already willing to consider this whole suggestion “may be useless” isn’t that a sign its probably not worth the time?

Remember, that the criteria is basically a baseline. Even if a tool meets all the criteria it does not mean it will be recommended. In addition to the general criteria, the tool would also have to meet the specific criteria for that category as well as community approval.

While enumerating the obvious might feel good, its an unnecessary waste of staff time (most of whom are volunteers).

Writing down every single thing we could possibly like as a criteria can also lead to a situation where the criteria does not provide the flexibility it needs to. Especially when it is supposed to be a “general” criteria.

I find this unlikely to happen, but there is a possibility nonetheless. Like when Canonical put Amazon tracking in Ubuntu. Is it still there? I don’t know. Overall though the criteria seems to be pretty fool-proof, especially when you actually start looking at the tools they recommend. Stuff like Tor, Monero, Veracrypt, etc. aren’t just open sourced and actively maintained, they’re also FREE software. Free as in freedom, not free as in beer (but also free as in beer, lol). My biggest stickler is separating the term “open source” from “free software.” Most people, particularly in privacy communities, probably use these interchangeably so there’s no need to make a big fuss about it. But there is some subtle distinctions that can have profound differences in how projects are maintained. What was that old quote Richard Stallman said? It was something like “I don’t mind paying for software as long as it’s free.” That pretty much sums it up, lol.

No. I should have say that “it may seem useless for you because it is implicit but I would rather see it explicit.“

Good point.

I am also using my free time to get the site better. You can see this as a waste of staff time, but you could also consider it as a valuable opinion of a community member, even if you disagree with the proposal.

Then isn’t is also unnecessary to put as a general criteria that the tools should be secure and actively maintained ? I hope this is obvious for everyone. We put it as a general criteria though. Even if it could be considered implicit that we won’t recommend unsafe unmaintained software.
Anyway, I just found it was strange to not have any privacy related general criteria when we are recommending privacy tools only. But we may leave this as implicit and rest upon common sense of the community.

Gotcha.

This is odd. I have no issue with you suggesting it but, one of my disagreements to this proposal is its not worth the time. The addition of the criteria your recommending does not seem to provide anymore clarity then what is already there.

No. Lots of user still use unmaintained repos and there have been tons of examples of people recommending tools that are not maintained.
Whereas I can’t think of one example where a tool that has a “business model based on invading the privacy of its users” has ever been recommended and PG is quick at removing tools that change their privacy standards.

Understandable. I think the criteria is purposefully vague and flexible so that there is room for further inspection and discussion with the community before a decision is made.

Fair point.

Like that services should not have a business model based on invading the privacy of its users ?

I think this is assumed/implied, and not necessary to explicitly state.

On the other hand, it doesn’t seem unreasonable to include it as an explicit criteria. But if so, I think it should be kept very general like the current Security Criteria, something like:

Security: Tools should follow security best practices wherever applicable.

Privacy Respecting: Tools should be private-by-design where applicable, and/or give users meaningful control over their own privacy choices.

1 Like