So a while ago I set out to rewrite the default Mastodon privacy policy to have a more limited scope and be more explicit about Mastodon features (because the original was adopted from WordPress, which is a totally different beast!). I've put a formatted render of the new text in here: https://github.com/tootsuite/mastodon/pull/6666
I wanna hear if people think it's okay to adopt. It might still have some vague wording because it's a default policy, but should be an overall improvement...
@elomatreb @gargron i swear he did it on purpose
@Gargron do you prefer feedback here or on GitHub?
@Gargron i'm very glad to see you taking community feedback before adopting a new privacy policy - it says a lot about how you think about the communit(y / ies) that use mastodon.
@gargron maybe refer to TLS rather than SSL.
Generally looks good to me, and an improvement. Thanks for working on this.
@Gargron looks good!
@Gargron how about just recommending a phone app?
Looks good. My only suggestion is, at the very end, it states:
"This document is CC-BY-SA."
I think you should state the exact version of the Creative Commons Attribution-ShareAlike license you're using, and have a link to it. I assume it's the latest one, but others may not:
@Gargron hey, nice idea but
"To personalize your experience"
"To improve customer service"
sounds like "we're stalking you to sell ads" kind of thing to me. Not sure how to do it better!
@Gargron 'personalization' and 'customer service' are very particular and corporate wordings which don't seem to apply to this project. Or do they?
It's the pull of Satan. 😈👿
@Gargron I agree with @charlag -A suggestion: in the section 'what do we use your info for?' I'd
1. remove the word 'one' from intro sentence
2. Remove the italics from all three of the following points. These sections speak for themselves and the italics words don't really add anything- & if anything they may make it sound a bit corporate.
As usual, you're doing more than great. your care for people is exemplary. Thank you Eugen!
@Gargron Suggestion: rewrite 'What information do we collect?' as 'What information does Mastodon store about your account'
I think this would remove the 'we', and 'collect', and make it sound more like there's not an omnipresent 'we (the corporation)' involved here.
Also, rewording 'about you' into 'about your account' makes it more obvious, I think, that Mastodon is not interested in the user's personal data...
@lauraritchie @charlag the italics appear as bold text on the real page
@lauraritchie @charlag Okay, I misread your message a bit - in the usage section alone, I see what you mean.
@Gargron Seems good to me.
@gargron I believe the FSF offer expert advice for legal-ish stuff like that, if it's any help to you..
@Gargron I think you should leave the privacy policies up to the instance admins. Different geographic regions have different privacy regulations and if everyone relies on your's they may be opening themselves up to legal trouble and hassle.
@mareklach @Gargron I think you proved my point.
@Gargron are the 90 day and 12 month IP address log retention times mentioned in the policy baked into the Docker install? In other words, is log deletion handled automagically at those intervals?
Is there any documentation on where the logs are located, and how admins can adjust the log retention times? I'd like to shorten mine to 30 days, and also be able to confirm that logs are being deleted.
@Gargron I think this needs a complement directed at instance admins (what do I need to do to be able to use the default privacy policy, maybe with relevant additions to the production guide).
@Gargron oooh evil PR number