Adding Privacy to the Debian Social Contract

This idea is part of the A Dollar Worth of Ideas series, with potential open source, research or data science projects or contributions for people to pursue. I would be interested in mentoring some of them. Just contact me for details.

Introduced in 1997, the Debian Social Contract and its accompanying Debian Free Software Guidelines (DFSG) are the guiding principle of the Debian Project and many other Free Software projects world-wide.

Plenty has changed since its introduction and last amendment in 2004. In particular, we have now live in a world were most software routinely records and reports the activities of its users (what the FSF calls proprietary surveillance).

These practices are splashing into the Free Software world. For example, the official Wikipedia Android App is a fairly straightforward piece of code made quite complex due to the massive amounts of analytics packed into the app. To the point it earns the "anti-feature" badge on F-Droid: This app tracks and reports your activity.

As a Debian user, nobody should have to endure such scrutiny. Sadly, Debian packs plenty of software that "calls home" every time is launched (under the guise of checking for new versions, something completely unnecessary for Debian-packed software). This problem is particularly exacerbated with the packaged Web browsers. Chromium runs experiments that change the features available and reports back results of the experiments continuously. And Firefox, the privacy cuddling browser, won't stop calling home without recompiling.

The proposal here is to change the DFSG and treat all privacy violations defects as release critical bugs. This will require a General Resolution within the project.