You are not logged in.
- Topics: Active | Unanswered
#1 2017-11-05 15:03:10
- jonathon
- Member
- Registered: 2016-09-19
- Posts: 128
"AUR Changes Affecting Your Privacy"
I got this email this morning, like, I assume, many others (though I searched and didn't find a thread about this):
Dear AUR user,
The next aurweb release, which will be released on 2017-12-03, includes a public interface to obtain a list of user names of all registered users. This means that, starting on 2017-12-03, your user name will be visible to the general public. The user name is the account name you specified when registering, and it is the only information included in this list. Any other account information, such as your real name or your e-mail address, will not be retrievable through this new interface. However, note that some of that information might already be visible directly or indirectly in other parts of the AUR web interface, such as your public profile or content you submitted to the AUR.
If you do not agree to this change, please delete your account by logging into the AUR web interface, going to your account details page and clicking the account deletion link before 2017-12-03. This account deletion is permanent and cannot be undone.
Thanks for using the AUR!
The Arch Linux Team
This appears to be related to this commit (https://git.archlinux.org/aurweb.git/co … c6e6875671), but that doesn't appear to have any public-facing method of obtaining the list so the functionality may not have been committed yet.
I can see the usefulness from (e.g.) an admin's perspective of generating a user list, but what's the rationale behind allowing anyone on the web to generate and pull a list of all valid AUR usernames?
Offline
#2 2017-11-05 15:11:49
- Scimmia
- Fellow
- Registered: 2012-09-01
- Posts: 11,540
Re: "AUR Changes Affecting Your Privacy"
Discussion here: https://lists.archlinux.org/pipermail/a … 28726.html
Offline
#3 2017-11-05 15:28:04
- jonathon
- Member
- Registered: 2016-09-19
- Posts: 128
Re: "AUR Changes Affecting Your Privacy"
Ah, thank you.
Reading through the messages I can see where the original reasoning came from, though I'd wonder whether this is overkill for providing data for research; the information can be generated and supplied without extending the RPC interface. It's still a valid rationale though.
The list also reads that these changes should be predicated on an AUR ToS being in place, which, at least on a summary look around aur.archlinux.org, doesn't exist (e.g. it's not in the page footer or on the "register" page where you might expect to see it). Should it?
Offline
#4 2017-11-05 15:29:37
- Scimmia
- Fellow
- Registered: 2012-09-01
- Posts: 11,540
Re: "AUR Changes Affecting Your Privacy"
Offline
#5 2017-11-05 15:33:10
- jonathon
- Member
- Registered: 2016-09-19
- Posts: 128
Re: "AUR Changes Affecting Your Privacy"
Ah, OK. Your Google-fu is better than mine. 
Offline