An anonymous coward writes:
"In March 2014 Atlassian, a software vendor for Confluence wiki and JIRA incident tracking software, announced a change to their privacy policy which will result in private user information being sent to Google. This is a distinct change from their previous privacy policy which protected user information. This policy change affects Atlassian SaaS and downloadable products. Data sent includes URLs accessed, 'passively-collected Personal Information,' page names, project keys, JQL filters, page titles, space names, license identifier, username, size and name of attachments, IP address, and other meta data. For non wiki users: This is equivalent to Microsoft Office sending Google the folder name, file name, your system logon id, your license key etc when you create and modify documents with Microsoft office.
Atlassian's stance on the privacy of its users is stated in the new policy: 'If you disagree with any changes to this Privacy Policy, you will need to stop using Atlassian Services and deactivate your account(s).' The changes to this privacy policy will mean that all user actions will be tracked and sent to Google. In many cases Confluence and JIRA accounts use actual user names as the user id making it possible to link a person's Atlassian account to a real world identity. The end result is that users paying Atlassian to use their software will be tracking in a more intrusive fashion than visiting a public web site."
(Score: 4, Insightful) by jcd on Tuesday March 04 2014, @02:05PM
... I'll never use SaaS if I can avoid it. I use local office software, local databases, local photo storage, etc. Once they have it - whatever 'it' is - they can do anything want in the future.
"What good's an honest soldier if he can be ordered to behave like a terrorist?"
(Score: -1, Troll) by kwerle on Tuesday March 04 2014, @02:34PM
Did you keep a straight face the entire time you posted this? Or maybe you're the one hosting SN...
(Score: 2) by jcd on Tuesday March 04 2014, @02:52PM
That's fair. But that's why I said "when I can avoid it". I can't self-host a news network like this, but I *can* avoid using SaaS office suites.
"What good's an honest soldier if he can be ordered to behave like a terrorist?"
(Score: 3, Insightful) by Grishnakh on Tuesday March 04 2014, @03:18PM
This is a public website; the entire purpose of being here is to write posts that everyone can read. If you want privacy, then why are you posting your thoughts here for the entire world to see?
Just because you want to publicly post something in a public form doesn't mean you want all your private data (such as documents, banking details, etc.) available for the world (or Google) to see.
(Score: 2, Informative) by tftp on Tuesday March 04 2014, @03:41PM
Confluence is a product that is actively marketed to private businesses to manage knowledge on their Intranet. A lighter, cheaper SharePoint, if you wish. It has all the necessary controls to create groups of users and to exchange documents within a closed community.
(Score: 3, Interesting) by Open4D on Tuesday March 04 2014, @03:18PM
I haven't made any attempt to understand this in full, but I would like to point out that in the summary it says "This policy change affects Atlassian SaaS and downloadable products". And in the terms it says "Unless otherwise stated, our SaaS Products and our Downloadable Products are treated the same for the purposes of this document."
Of course, if you only run their software on machines without Internet access, you're fine.
`
N.B. Another possibly noteworthy passage from the terms is this:
(Score: 2) by Open4D on Tuesday March 04 2014, @03:58PM
Okay, the section on what Atlassian sends to Google only applies to Atlassian's website and their SaaS provisions, so the summary was a bit misleading to mention "downloadable products".
Atlassian gives free licences to open source projects [atlassian.com] - but it seems that's just licences for their "downloadable products", not SaaS. So, quite possibly, none of Atlassian's open source customers are affected by this.
(Score: 1) by E_NOENT on Wednesday March 05 2014, @02:27PM
Learn it. Know it. Live it:
http://www.gnu.org/philosophy/who-does-that-server -really-serve.html [gnu.org]
Help! I'm trapped in a PDP 11/70!
(Score: 2) by jcd on Wednesday March 05 2014, @06:02PM
That's a quality link. Exactly what I'm talking about. I'll start using SaaSS from now on.
"What good's an honest soldier if he can be ordered to behave like a terrorist?"
(Score: 2) by jcd on Wednesday March 05 2014, @06:04PM
That is, I'll start using "SaaSS" as a term to refer to internet software that I don't use from now on. Must... use... preview... button....
"What good's an honest soldier if he can be ordered to behave like a terrorist?"
(Score: 5, Funny) by FatPhil on Tuesday March 04 2014, @02:07PM
Making a public pledge to no longer contribute to slashdot
(Score: 1) by FuckBeta on Tuesday March 04 2014, @05:10PM
Fuck Beta!
Quit Slashdot...because Fuck Beta!
(Score: 1) by dyingtolive on Tuesday March 04 2014, @02:11PM
We JUST switched to Jira. I'll have to leave this article laying around for someone to notice.
(Score: 3, Interesting) by frojack on Tuesday March 04 2014, @06:02PM
Seriously, it warrants more than just leaving it laying around hoping someone will understand the implications.
This can get your company sued. (depending on your line of work.
I can not fathom why they would do this.
Are they expecting to get bought out by Google or something?
Discussion should abhor vacuity, as space does a vacuum.
(Score: 2, Insightful) by darinbob on Tuesday March 04 2014, @11:13PM
It is not clear that this applies to Jira or Confluence. The privacy notification refers to using SaaS Products or Websites. Jira and Confluence are managed locally by the customer rather than having Atlassian manage the data. But later it mentions Jira and Confluence by name. Are there SaaS versions of these products??
Anyway, any enterprise worth its salt should automatically and with prejudice block all access to google-analytics.com and googleadservices.com
(Score: 2, Interesting) by EvilJim on Tuesday March 04 2014, @07:56PM
We've been on it for a few months for our offshore support teams and I'm meant to be transitioning our local helpdesks to it shortly, confluence as well. I've sent my boss a copy of this article.
(Score: 4, Interesting) by c0lo on Tuesday March 04 2014, @02:15PM
If you, Atlassian, wish so then so be it.
Good bye bitbucket.org, nice to meet you, but you aren't the only one to provide free or cheap project hosting services.
(Score: 5, Interesting) by physicsmajor on Tuesday March 04 2014, @02:24PM
Could you elaborate on alternatives? For educational use, I've been recommending BitBucket to peers for years. Our internal lab repos are all hosted there.
We need unlimited repos/collaborators, fairly robust space, and privacy. For free. This meant BitBucket previously.
Does anyone else offer this?
(Score: 2) by VLM on Tuesday March 04 2014, @02:59PM
I'm confused about the whole "educational" yet "private" thing. Are you talking private like top secret DoD contract to develop a giant laser for sharks kind of private or just, I'd prefer the freshmen not have an easier way to copy each other's work type of private?
I haven't done a private repo on github, but it seems possible?
At work we just have a plain old server acting as a hub for git. No GUI, but coders who are intimidated by a CLI aren't going to get anything done anyway, so its kind of self correcting that way. It lives on a vsphere image where the NAS guys talk about exabytes or whatever (not my area) so a couple megs on a git server is pocket change to backup, and being a peer 2 peer ish protocol if we lost the hub we could push up from many clients to recreate faster than we could restore backups, and the same people who maintain dev and test servers maintain the git server, which is not exactly difficult.
The fundamental problem with most SaaS biz is if you overcharge, being a software service, people have a tendency to just self host unless you've got amazing vendor lockin. A SaaS trouble ticketing system, yeah, hard to roll off. A shell account server you can push GIT commits to and clone off, eh no big deal.
With virtualization and automation of sysadmin duties via puppet its worth thinking about spinning up and down a separate server for each project. Its not like you have to allocate physical hardware or do manual data entry beyond running a script just like any other virtualized server.
(Score: 1) by physicsmajor on Tuesday March 04 2014, @06:44PM
In this context, without naming names, the institution is technically a nonprofit corporation which happens to also have a small accredited graduate program. The institution claims the right to the code we produce if it's related to our day jobs, and this does also apply to students/PIs (for whom research IS their day job). The whole system makes operating in the FOSS world a very, very narrow line to toe.
If it were up to me, or most of the lab directors at this hypothetical place, we would prefer to develop in the open. But we simply are not permitted to do so.
So privacy here is motivated by "Imaginary Property" rather than DoD-level confidentiality, but they do mean business. Until now, BitBucket allowed us to collaborate within labs and even between institutions without requiring VPN access to institutional intranet. I fear after these changes we will be forced to exclusively use our intranet GitLab instance... which works fine, but is much less convenient (VPN always required; effectively terminates free-flowing external collaboration and review).
Private repos on GitHub are only possible if you pay $$. Non-starter on student stipends.
Of course, we can't host any external facing servers without an immense amount of red tape, to the point where it's really pointless to ask...
(Score: 2) by VLM on Tuesday March 04 2014, @06:59PM
So you have to be careful, but its not like there's DOD rules.
Its an interesting puzzle because there's so many non-technical rules and limitations, like not spending a penny and not having external facing servers.
I'm envisioning something like (free) dropbox accounts with very careful sharing rules mirroring a GIT repo and linux dropbox clients to sync up the GIT repo. And something like FUSE loop mounting using crypto and then sharing the encrypted looped back filesystem image might burn up a lot of bandwidth but anyone accidentally getting access couldn't make any sense of the raw data. (Might not meet DOD specs to keep the Chinese out, but you don't have to, so ...)
(Score: 2) by c0lo on Tuesday March 04 2014, @04:10PM
Turns out that privacy was struck down from the list.
I stumbled over http://xp-dev.com/ [xp-dev.com] a short while ago and I started to use it. Not perfect (this is why I don't recommend it unconditionally: I find the GUI of their trac installation quite ugly) but have a look: maybe it fits your needs too.
Have you looked on github? (I didn't look in too much details, if I remember well my objection was that one can create a single git repo/project).
Otherwise... probably it would worth googling for "SCM hosting" or "project GIT hosting" or the like, the list is likely to be quite long... (this is how I shortlisted xp-dev as good enough for my purpose).
(Score: 2, Interesting) by physicsmajor on Tuesday March 04 2014, @06:51PM
Student salaries can't really cover a GitHub subscription as a requirement to do their work. Or an XP-Dev subscription. "Free" is the name of the game here.
BitBucket was somewhat unique because they were academic friendly, unlocking practically all of their functionality for the price of a .EDU address. I realize writ large this isn't a sustainable business model, but I'd hoped they were doing the Adobe thing and looking to entice users while in school, and keep them as they transition out of education.
For institutions which claim ownership of your code and get antsy about data sharing, BitBucket was the best way to get everyone in a lab working together while satisfying legal about privacy issues. Very low (as in, no) bar to entry. Also, it made it possible to collaborate with other groups around the world, with minimal fuss. With these privacy changes, I fear they've thrown the baby out with the bathwater.
(Score: 2) by c0lo on Tuesday March 04 2014, @08:46PM
Well, whaddaya know? I swear when I joined they had a free/trial space, something like 1GB HDD (heap of space for something not very sophisticated).
(Score: 3, Informative) by c0lo on Tuesday March 04 2014, @08:54PM
I think I suggested you a google search.
The very first link on the top of the results (for "project hosting SCM free") is a page on kernel.org wiki [kernel.org]: there are a number of places with "free private repositories".
(Score: 4, Interesting) by ngarrang on Tuesday March 04 2014, @02:47PM
In so many EULAs and Policies, companies couch the wording in legalese and complex English constructions that would confuse a room full of Ph.D graduates. The policy sucks, but at least they are completely honest about their intent and your options.
(Score: 1, Interesting) by Anonymous Coward on Tuesday March 04 2014, @03:00PM
I suppose Google pays them for it?
(Score: 3, Insightful) by Grishnakh on Tuesday March 04 2014, @03:21PM
As with nearly everything else in life, follow the money.
(Score: 2) by c0lo on Tuesday March 04 2014, @04:54PM
I prefer to look for the woman... (a position that makes a better sense in life, me thinks).
(Score: 2) by Open4D on Tuesday March 04 2014, @03:31PM
No, it may be the other way around. http://en.wikipedia.org/wiki/Google_Analytics [wikipedia.org] says "The basic service is free of charge and a premium version is available for a fee."
It's also worth noting that some of the items listed in the summary (such as JQL filters) are actually not mentioned in the "Analytics" section of the linked privacy policy. So at first glance I'd say the summary is at least partially wrong, and I'd urge people not to jump to any quick conclusions.
(Score: 2) by regift_of_the_gods on Tuesday March 04 2014, @07:25PM
Google gets a bad rap because their mission statement from way back was widely misquoted. It was actually "Dent Boll Weevils".
(Score: 4, Funny) by VLM on Tuesday March 04 2014, @03:02PM
"This is equivalent to Microsoft Office sending Google the folder name, file name, your system logon id, your license key etc when you create and modify documents with Microsoft office."
I'm going to teach those guys a lesson and move all my stuff from Atlassian to Google Drive.
(Score: 1) by Common Joe on Tuesday March 04 2014, @03:40PM
Well, I'm shocked. Who could have ever seen that coming?
(Score: 1) by koalix on Wednesday March 05 2014, @12:49AM
Am I missing something?
From the linked Privacy policy: As of the date this policy went into effect, we use Google Analytics as an analytics provider. To learn more about the privacy policy of Google Analytics, refer to Google's Policies and Principles. Use the Google Analytics Opt-out Browser Add-on to prevent to analytics information from being sent to Google Analytics.
So the user is tracked as per the other sites using Google Analytics, giving you the option of not being tracked.
(Score: 0) by Anonymous Coward on Wednesday March 05 2014, @05:30AM
Works wonders on suckers. One born every minute, you know.
(Score: 0) by Anonymous Coward on Wednesday March 05 2014, @08:23AM
Don't just complain here, complain to the bosses:
Message our CEOs- ceos [atlassian.com]
https://www.atlassian.com/company/contact/contact
We love hearing from our customers! We can't promise a response to *every* comment, but we do read all feedback submitted through this form. Spill your guts.
Mike & Scott