You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As someone providing public computational services for random unauthenticated users, we have some legal & moral responsibilities to our users & the world. We won't get them right from the start, but we have a responsibility to think about and implement all of these things.
Legal
Figure out whom DMCA complaints can be forwarded to. We don't actually host content so we should be fine, but that doesn't mean we won't get DMCA notices! An easy way to 'host' content on binder is to use a Dockerfile that's downloading copyright protected material from wherever - this means the code itself (on GitHub) isn't a copyright violation, but the built container image on mybinder.org is. There'll also be frivolous DMCA notices that we'll have to respond to in some form. (Bump prometheus chart version #449)
Have an abuse@ email contact that is appropriately monitored. This will be used in DNS to tell people where to send abuse complaints to, and as good internet citizens we should respond. Complaints could be about Spam being sent out of mybinder (since we don't limit network in any way), mybinder used as part of a botnet / other cyber attack, doxxing / revenge-porn type situations, even child porn. (fixing abuse link mybinder.org-user-guide#69)
Build means to enforce network policy. For example, we might want to restrict outgoing connections on port 25 (to prevent smtp spamming), and if we are notified of being used for a botnet we would need to put additional protections in place.
Make sure we respect the Do Not Track user preference header for all tracking we do.
The text was updated successfully, but these errors were encountered:
There are probably issues here that I am missing - most of these come from my experience running similarish infrastructure for Wikimedia. Need wider perspectives too.
I updated the top-level comment with checkboxes and links to issues etc where this has already been covered (or created issues)
Some of them have already been covered (e.g. we now have an abuse link in the docs)...we should figure out what's remaining to be done, though I'm hesitant to check any off because I'm not sure whether they're just partially fixed and not totally fixed
As someone providing public computational services for random unauthenticated users, we have some legal & moral responsibilities to our users & the world. We won't get them right from the start, but we have a responsibility to think about and implement all of these things.
Legal
Technical
The text was updated successfully, but these errors were encountered: