Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Anti-abuse responsibilites of mybinder.org #824

Open
1 of 5 tasks
yuvipanda opened this issue Jun 27, 2017 · 4 comments
Open
1 of 5 tasks

Anti-abuse responsibilites of mybinder.org #824

yuvipanda opened this issue Jun 27, 2017 · 4 comments

Comments

@yuvipanda
Copy link
Contributor

As someone providing public computational services for random unauthenticated users, we have some legal & moral responsibilities to our users & the world. We won't get them right from the start, but we have a responsibility to think about and implement all of these things.

Legal

  • Figure out whom DMCA complaints can be forwarded to. We don't actually host content so we should be fine, but that doesn't mean we won't get DMCA notices! An easy way to 'host' content on binder is to use a Dockerfile that's downloading copyright protected material from wherever - this means the code itself (on GitHub) isn't a copyright violation, but the built container image on mybinder.org is. There'll also be frivolous DMCA notices that we'll have to respond to in some form. (Bump prometheus chart version #449)
  • Have an abuse@ email contact that is appropriately monitored. This will be used in DNS to tell people where to send abuse complaints to, and as good internet citizens we should respond. Complaints could be about Spam being sent out of mybinder (since we don't limit network in any way), mybinder used as part of a botnet / other cyber attack, doxxing / revenge-porn type situations, even child porn. (fixing abuse link mybinder.org-user-guide#69)
  • Set up a privacy policy and link to it prominently. Make sure we actually live up to it. (https://github.com/jupyterhub/binderhub/issues/70)

Technical

  • Build means to enforce network policy. For example, we might want to restrict outgoing connections on port 25 (to prevent smtp spamming), and if we are notified of being used for a botnet we would need to put additional protections in place.
  • Make sure we respect the Do Not Track user preference header for all tracking we do.
@yuvipanda
Copy link
Contributor Author

There are probably issues here that I am missing - most of these come from my experience running similarish infrastructure for Wikimedia. Need wider perspectives too.

@choldgraf
Copy link
Member

It sounds like this + #70 are still not explicitly done...perhaps a topic for our next team meeting?

@betatim
Copy link
Member

betatim commented Jan 25, 2018

Can abuse@ point to the newly created google group? Same for DMCA messages.

@choldgraf
Copy link
Member

I updated the top-level comment with checkboxes and links to issues etc where this has already been covered (or created issues)

Some of them have already been covered (e.g. we now have an abuse link in the docs)...we should figure out what's remaining to be done, though I'm hesitant to check any off because I'm not sure whether they're just partially fixed and not totally fixed

@choldgraf choldgraf transferred this issue from jupyterhub/binderhub Nov 7, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@yuvipanda @betatim @choldgraf