-
-
Notifications
You must be signed in to change notification settings - Fork 884
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Custom privacy policies / terms for each instance #721
Comments
I second this. |
Does mastodon / pleroma have an editable privacy policy? |
I knew Mastodon and Pleroma instances with modified privacy policies. Edit: Mastodon "[e]nd goal would be making them dynamically editable by the instance admin, but we need a sensible default". (reference) |
In general, I'm very hesitant to sign up to any site without reading their privacy policy first, & I would hope I'm not the only one so I hope one is coming. At least since this one doesn't require an email address, there's no worry of them being able to sell your email address to companies that will spam you. The downside to that is if you forget your password, there's no way to recover it. Email aliases and/or filters are good ways to fight spam too though. Reddit doesn't require an email address either from what I've heard but that doesn't mean there aren't still potential privacy issues. There's atleast 2 sites that list all publicly available knowledge about any reddit username you type in, all derived from info they've posted, comments they made, communities they follow, etc;. The amount of info you can find is unbelievable. |
There isn't a way to prevent that unfortunately for publicly available data, I'm sure there's tools to do this for fediverse users too. But when we add private communities, then that'll be a way to restrict your viewable content. |
I know. I just meant that people put a lot of private data on social networks (which they shouldn't), so a privacy policy is needed. |
Is there any sort of functioning privacy policy template? I'm considering signing up but generally don't sign up on sites without a privacy policy. Not that I don't trust it, just being careful especially since the account can't be deleted. Is it at least possible to add an email later if I create an account without one? |
Here's a couple links that might be helpful: |
We are hosted in the EU so a privacy policy for the US wont help us. |
Ya. Anyone who wants to make this, I'd suggest starting with mastodon's as a template that @dioraman linked. |
California has calOPPA, (which actually took effect in '04 but has been amended since). It requires any site operating in California (any site providing a service to people living in California, it doesn't refer to where the company is located) that collects user info to have a privacy policy explaining how they use that info & mandates certain things that must be included in the privacy policy, like an outline of exactly what info is collected. |
EDITED: Edit: Without GDPR/CCPA/calOPPA wording the generator is free. |
I second this. |
There should be some sort of privacy policy. I was admittedly a little confused by the seeming lack of interest when I listed the links I did above allowing you to easily generate a privacy policy. I take my privacy seriously & I read every site's privacy policy before signing up so I know what is being done with my data, so a site not having one is a red flag for me. At the very least I would use an email alias, which is a good idea anyway, in case of a site being hacked, or sold. |
I opened a pull request for this, please have a look. |
@Nutomic Thank you very much. |
About IP addresses, Lemmy doesnt store them at all. They are only stored in log files, but that also happens when you serve static html files from your server. |
I feel this is pretty important to the survival of Lemmy. I AM NOT A LAWYER, but I have created a template based on the Mastodon privacy policy if anyone wants a basic framework to start from: https://github.com/BanzooIO/federated_policies_and_tos/blob/main/lemmy-privacy-policy.md I am not overly experienced with instance management yet, but I have done my best to cover all aspects of how data is shared. Please contribute in correcting any errors. I also feel it is important for admins to disclose the lack of SSL support in connecting to PostgreSQL and what the local admin has done to mitigate the risk. |
If it can be helpful for you and the project, here is the privacy policy on my Lemmy instance: https://community.nicfab.it/legal |
Awesome, nice to see an admin actually on this. Thanks. Definitely open to all input on this, and as you've correctly deduced from the title, plan to expand into other platforms. How would you prefer to be attributed (or if you would prefer not). As my current version is going to maybe be a bit unsettling for uninformed users, I have created an additional optional policy introduction: https://github.com/BanzooIO/federated_policies_and_tos/blob/main/optional-privacy-policy-intro.md |
To my knowledge, many jurisdictions (like the EU) require websites to have a comprehensive privacy policy, and in general having one is just a good idea. My suggestion would be to have a page that administrators can edit in order to describe their server’s privacy practices.
We could also provide a default one for all instances, but chances are that to stay accurate, each instance will have to edit it. This should also be made clear to instance administrators.
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
The text was updated successfully, but these errors were encountered: