About/Privacy Policy: Difference between revisions

From MusicBrainz Wiki
Jump to navigationJump to search
m (9 revision(s))
No edit summary
 
(13 intermediate revisions by 3 users not shown)
Line 1: Line 1:
==Summary==


# You do not have to provide any personal data to be able to browse the contents of the MusicBrainz database.
From time to time we've been asked if we have a privacy policy - until now it's never really been written down, so maybe it's about time to make one.
# You do not have to provide any personally-identifying information if you choose not to.
# We will never reveal your email address on MusicBrainz controlled web sites.


Having said that, in order to get maximum value out of MusicBrainz you may want to create an account and log in. Doing so grants you the ability to: edit the database, contribute your own data, communicate with other users, and keep track of recently released music from artists in your MusicBrainz collection. If you choose to create an account then the minimum we ask is that you: choose a unique username and password, use a web browser that accepts "session" cookies, and provide a verified email address.
==Summary==

If you do not create an account (or are not logged in) you will not have access to the above listed features, however, you will still have full access to browse and examine the database.

== Applicable to all users ==

=== Cookies ===

We use two cookies that contain sensitive information:

# remember_login: If you choose the "Log in permanently" option when logging in to MusicBrainz; the cookie will be used to remember your login details.
# musicbrainz_server_session: If you are logged into MusicBrainz, your current session ID is stored in this cookie.

We may store boolean dynamic preference information in other cookies, but these do not contain any sensitive information.

=== Web and FTP access logs ===


In a practice similar to other web sites we keep logs of all web requests made against our servers. These logs include: your IP address, your browser's "User-Agent" string, and which page you requested. Aggregate information about web and FTP traffic is made available to the public via our site usage pages.
You don't have to provide any personally-identifying information if you don't want to. You do not have to provide any personal data to be able to browse the contents of the MusicBrainz database. Any personal information you choose to provide will not be revealed to anyone else.


=== Third-party content ===
==Slightly Longer Summary==


The MusicBrainz web pages load some third-party content. Some, but possibly not all sites are listed below:
There are two types of ways of using the MusicBrainz web site: you can either register an account and be logged in, or you can choose not to log in. If you don't log in, you can browse, search and examine the site - if you do log in, you can additionally edit the data, communicate with other users, and so on. If you choose to register and log in, then the minimum we ask of you is that you choose a unique user name and a password, and that your web browser accepts "session" cookies, and that you provide a verified email address which allows other MusicBrainz editors communicate with you via the internal messaging system.
<ul><li style="list-style-type:none">'''Now read on for the more technical details.'''
</ul>


# Cover art images: These are provided by the various [[Cover Art Sites|cover art sites]] that have given MusicBrainz permission to do so. This means that the relevant site will know (if they want to) your IP address, User-Agent string, etc., and which MusicBrainz web page you were visiting (the one which included the cover art image).
==Web and FTP Access Logs (all users)==
# Google Analytics: We use Google Analytics in our web pages to get a picture of who visits MusicBrainz. From these analytics we can set targets for supported browser versions, screen sizes and other useful information that we take into consideration when developing or improving features on our site. If you object to the use of Google Analytics, please [https://tools.google.com/dlpage/gaoptout consider blocking it in your browser].
# AcoustID: Our fingerprints tab loads fingerprint information from acoustid.org.
# reCAPTCHA: Our account creation page loads third party content in order to prevent spammers from creating accounts.


''The above information assumes that you are using "normal" web browser settings, whereby images are always loaded and HTTP referrer information is always sent.''
Like just about all web sites, we keep logs of all web requests made against our servers. These logs include the usual stuff: your IP address, your browser's "User-Agent" string, which page you requested. Aggregate information about web and FTP traffic is made available to the public via our site usage pages.


It is impractical to constantly modify this privacy policy when MusicBrainz changes which third party content it utilizes. We will aim to use common sense, respect to our community and community review when adding more content from third party sites. We will also periodically review our policy to ensure that it remains current.
==Cookies==


== Applicable to account holders ==
We use session cookies, but only if you're logged in and/or using the Tagger. We currently only use two "permanent" (i.e. non-session) cookies:
* If you download something via one of our "download" pages, we use a cookie to remember your preferred MusicBrainz mirror site.
* When you log in there's an option called "Log in permanently" - if you activate this option, it uses a "permanent" cookie to remember your login details.


=== Account creation ===
==Third-Party Content and HTTP "Referrer" Data==


When creating an account with MusicBrainz you need to pick a unique username and choose a password, the username you pick is the only name associated with your account and will be what other MusicBrainz users know you as. You may optionally also tell us other information about yourself that will be displayed to other MusicBrainz users and the public.
There is no third-party content hosted on the MusicBrainz web servers (e.g. Javascript, CGI etc). The only third-party content loaded by MusicBrainz web pages are the album cover art images, provided and hosted by Amazon, CDBaby, or Archive.org. This means that the relevant site will know (if they want to) your IP address, your User-Agent string, etc, and which MusicBrainz web page you were visiting (the one which included the cover art image). If you log in, you can opt out of using Amazon cover art images if you wish.


Additionally, in order to edit the database you will need to provide a confirmed email address. This email address will be held in confidence, the only method of revealing your email address to another user is if you choose to send a message to another MusicBrainz user and enable the option to "reveal my email address". Changing the email address stored with your account will require you to verify the new address.
(The above information assumes that you are using "normal" web browser settings, whereby images are always loaded and HTTP "referrer" information is always sent.)


==Web Site (logged-in users)==
=== Edits and notes ===


If you make any changes to the MusicBrainz database, such as adding any data (including fingerprint submissions), the details of those changes will be visible to other logged-in MusicBrainz users and the change will be associated with your username.
===Creating an Account===


=== Subscriptions ===
When you create an account with MusicBrainz you need to pick a unique username, and choose a password. Other MusicBrainz users will know you by your username. You may optionally also tell us the URL of your "home" page, and/or a few words about yourself. Any information thus provided is made available to the public. If you want to change data stored in MusicBrainz, you need to enter, and verify your email address. We will never reveal this address to anyone. The only way in which the system can reveal your email address is if you choose to send a message to another MusicBrainz user, and tick the box marked "reveal my email address" (this box is not ticked by default).


As a logged-in user you can subscribe to one or more artists, labels, collections or other editors. The act of subscribing causes any edits made to (or by in the case of another editor) those entities to be emailed to you. By default, other users can see your list of subscriptions, however, you can opt out of this by editing the appropriate preference.
===Edits and Notes===


This does not provide "perfect" privacy though, in some cases it will be possible to infer information about the contents of your subscription list even though you have disallowed others from viewing that list directly. This imperfection arises because various parts of the system behave differently depending on whether or not an entity has any subscribers; also, the number of users subscribed to each artist is available via the artist pages. In the most extreme (possibly contrived) example, imagine that all users have their subscriptions set to "public", except for exactly one user whose list is "private". In that case, any discrepancy for a given artist between the shown list of subscribers and the total number of subscribers must be down to that one user. Thus, you can infer what artists are on that user's list.
If you make any changes to the MusicBrainz database (such as adding any data, including fingerprint submissions) then the details of the changes you make are visible to everyone, and the change is associated with your username.


===Subscriptions===
== Mailing lists ==


MusicBrainz has a number of [[Mailing List|mailing list]]s which you can subscribe to by providing your email address.
As a logged-in user you can subscribe to one or more artists or labels (which causes any data edits made for those artists or labels to be emailed to you). By default, other users can see your list of subscriptions. However you can opt out of this, with the preference labelled "Allow other users to see my subscribed artists".


This email address will not be revealed to anyone, unless you post a message to a list, in which case your email address will be revealed to all subscribers of the list(s) to which you posted on. Additionally, every mailing list has multiple public archives, and any posts made will contain the email address of the poster (albeit in a form intended to provide some anti-spam protection).
However this does not provide "perfect" privacy - in some cases, it will be possible to infer information about the contents of your subscription list, even though you have disallowed others from viewing that list directly. This imperfection arises because various parts of the system behave differently depending on whether or not an artist has any subscribers; also, the number of users subscribed to each artist is available via the artist pages. In the most extreme (possibly contrived) example, imagine that all users have their subscriptions set to "public", except for exactly one user whose list is "private". In that case, any discrepancy for a given artist between the shown list of subscribers and the total number of subscribers must be down to that one user. Thus, you can infer what artists are on that user's list.


== Third party sites ==
===Mailing Lists===


Our [http://codereview.musicbrainz.org Code Review] site is hosted with a trusted third party, but it is not under the control of MusicBrainz. Participating in code review on this site may expose your email address.
MusicBrainz has a number of mailing lists to which you can subscribe. To subscribe to the mailing lists, you need to provide your email address. This email address will not be revealed to anyone, unless you post a message to the list (see below).


The [https://www.transifex.com/ localization service] we use for creating localized versions of the MusicBrainz site embeds embeds email addresses into translation files that will be checked into our git repositories. If you participate in translating at Transifex, your email address will be visible in our git repositories.
Some of the lists allow you to post messages (whereas others only allow you to receive messages, for example the "Announcements" list). If you post a message, your email address will be revealed to all subscribers of the list(s) to which you posted. Additionally, all the mailing lists also have public archives. If you post, then the archives will include your email address (albeit in a form intended to provide some protection from spammer "harvesting").


== Exceptions ==
[[Image:Attention.png]] '''Please note:''' Reasonable exceptions may apply to the above policy, for example to comply with applicable laws. The MusicBrainz server administrators (about three people in all) can of course see any information on the system they want to, but to be honest we're probably not interested enough to look.


'''''Please note:''' Reasonable exceptions may apply to the above policy, for example to comply with applicable laws. The MusicBrainz server administrators (about five people in all) can of course see any information on the system they want to, but to be honest we're probably not interested enough to look.''
----- <small>originally written by [[User:DaveEvans|DaveEvans]], 22 September 2004 </small>


[[Category:To Be Reviewed]] [[Category:WikiDocs Page]]
[[Category:WikiDocs Page]]

Latest revision as of 14:10, 7 June 2013

Summary

  1. You do not have to provide any personal data to be able to browse the contents of the MusicBrainz database.
  2. You do not have to provide any personally-identifying information if you choose not to.
  3. We will never reveal your email address on MusicBrainz controlled web sites.

Having said that, in order to get maximum value out of MusicBrainz you may want to create an account and log in. Doing so grants you the ability to: edit the database, contribute your own data, communicate with other users, and keep track of recently released music from artists in your MusicBrainz collection. If you choose to create an account then the minimum we ask is that you: choose a unique username and password, use a web browser that accepts "session" cookies, and provide a verified email address.

If you do not create an account (or are not logged in) you will not have access to the above listed features, however, you will still have full access to browse and examine the database.

Applicable to all users

Cookies

We use two cookies that contain sensitive information:

  1. remember_login: If you choose the "Log in permanently" option when logging in to MusicBrainz; the cookie will be used to remember your login details.
  2. musicbrainz_server_session: If you are logged into MusicBrainz, your current session ID is stored in this cookie.

We may store boolean dynamic preference information in other cookies, but these do not contain any sensitive information.

Web and FTP access logs

In a practice similar to other web sites we keep logs of all web requests made against our servers. These logs include: your IP address, your browser's "User-Agent" string, and which page you requested. Aggregate information about web and FTP traffic is made available to the public via our site usage pages.

Third-party content

The MusicBrainz web pages load some third-party content. Some, but possibly not all sites are listed below:

  1. Cover art images: These are provided by the various cover art sites that have given MusicBrainz permission to do so. This means that the relevant site will know (if they want to) your IP address, User-Agent string, etc., and which MusicBrainz web page you were visiting (the one which included the cover art image).
  2. Google Analytics: We use Google Analytics in our web pages to get a picture of who visits MusicBrainz. From these analytics we can set targets for supported browser versions, screen sizes and other useful information that we take into consideration when developing or improving features on our site. If you object to the use of Google Analytics, please consider blocking it in your browser.
  3. AcoustID: Our fingerprints tab loads fingerprint information from acoustid.org.
  4. reCAPTCHA: Our account creation page loads third party content in order to prevent spammers from creating accounts.

The above information assumes that you are using "normal" web browser settings, whereby images are always loaded and HTTP referrer information is always sent.

It is impractical to constantly modify this privacy policy when MusicBrainz changes which third party content it utilizes. We will aim to use common sense, respect to our community and community review when adding more content from third party sites. We will also periodically review our policy to ensure that it remains current.

Applicable to account holders

Account creation

When creating an account with MusicBrainz you need to pick a unique username and choose a password, the username you pick is the only name associated with your account and will be what other MusicBrainz users know you as. You may optionally also tell us other information about yourself that will be displayed to other MusicBrainz users and the public.

Additionally, in order to edit the database you will need to provide a confirmed email address. This email address will be held in confidence, the only method of revealing your email address to another user is if you choose to send a message to another MusicBrainz user and enable the option to "reveal my email address". Changing the email address stored with your account will require you to verify the new address.

Edits and notes

If you make any changes to the MusicBrainz database, such as adding any data (including fingerprint submissions), the details of those changes will be visible to other logged-in MusicBrainz users and the change will be associated with your username.

Subscriptions

As a logged-in user you can subscribe to one or more artists, labels, collections or other editors. The act of subscribing causes any edits made to (or by in the case of another editor) those entities to be emailed to you. By default, other users can see your list of subscriptions, however, you can opt out of this by editing the appropriate preference.

This does not provide "perfect" privacy though, in some cases it will be possible to infer information about the contents of your subscription list even though you have disallowed others from viewing that list directly. This imperfection arises because various parts of the system behave differently depending on whether or not an entity has any subscribers; also, the number of users subscribed to each artist is available via the artist pages. In the most extreme (possibly contrived) example, imagine that all users have their subscriptions set to "public", except for exactly one user whose list is "private". In that case, any discrepancy for a given artist between the shown list of subscribers and the total number of subscribers must be down to that one user. Thus, you can infer what artists are on that user's list.

Mailing lists

MusicBrainz has a number of mailing lists which you can subscribe to by providing your email address.

This email address will not be revealed to anyone, unless you post a message to a list, in which case your email address will be revealed to all subscribers of the list(s) to which you posted on. Additionally, every mailing list has multiple public archives, and any posts made will contain the email address of the poster (albeit in a form intended to provide some anti-spam protection).

Third party sites

Our Code Review site is hosted with a trusted third party, but it is not under the control of MusicBrainz. Participating in code review on this site may expose your email address.

The localization service we use for creating localized versions of the MusicBrainz site embeds embeds email addresses into translation files that will be checked into our git repositories. If you participate in translating at Transifex, your email address will be visible in our git repositories.

Exceptions

Please note: Reasonable exceptions may apply to the above policy, for example to comply with applicable laws. The MusicBrainz server administrators (about five people in all) can of course see any information on the system they want to, but to be honest we're probably not interested enough to look.