New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add notes to users and instances #11797
Comments
I don't think it's a good idea to store personal information about others, without their consent, on servers you don't control. That probably is also not GDPR-compliant. |
@tastytea This has nothing to do with personal information. It is only a self-defined label you apply to others, visible only from your own account on your own server. |
@trwnh The information in the label is likely personal. It is visible to you, the admins, maybe the moderators, possibly the company that runs the server and successful attackers. |
@tastytea that's like saying keeping an online to-do list is a violation of the GDPR. it isn't, and you'd get laughed out of court for alleging so. it falls under the category of household and personal use, especially since it's only intended to be published to one person. |
@nightpool A to-do list is not designed to store personal information. The data processing itself is probably lawful, since it can be construed as “legitimate interest“. However, the admin/company (the “controller”) has to notify the persons about which data is stored (the “data subject”) at the latest within one month and give them access to the data. The “controller” may be the user, I'm not sure. If so, it may fall under “personal or household activity”, but I would argue that there would need to be sufficient protections against use by others. |
Neither is a flair/label. To be clear, such a feature is 100% absolutely considered "personal activity", as much as bookmarking a status would be personal. It is a basic "note to self". It would not be visible to moderators at all. |
a to-do list about the presents I'm getting my relatives for Christmas
certainly has personal information about other people in it. again, the
idea that adding a simple personal notes field (that could even be stored
entirely client side, like RES does) is a GDPR concern is ludicrous.
…On Mon, Dec 2, 2019, 12:28 AM tastytea ***@***.***> wrote:
@nightpool <https://github.com/nightpool> A to-do list is not designed to
store personal information.
The data processing itself is probably lawful, since it can be construed
as “legitimate interest
<https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN#d1e1888-1-1>“.
However, the admin/company (the “controller”) has to notify the persons
about which data is stored (the “data subject”) at the latest within one
month
<https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN#d1e2355-1-1>
and give them access to the data
<https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN#d1e2513-1-1>
.
The “controller
<https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN#d1e1489-1-1>”
may be the user, I'm not sure. If so, it may fall under “personal or
household activity
<https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN#d1e1404-1-1>”,
but I would argue that there would need to be sufficient protections
against use by others.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#11797>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AABZCV3BFJYQZIR7KLRJENLQWSTH3ANCNFSM4IU5W6BQ>
.
|
A todo-list is normally not connected to identifiable data. Fediverse-accounts usually contain identifiable data. It is no problem (as far as I know) to store “Steve is an alcoholic” on a todo-list, as long as Steve is not identifiable or the list is sufficiently protected from others (because it is encrypted, for example). If the note is stored on the server it has to be encrypted, in my opinion. Even if it is not required by law. The fewer possibilities for misuse of the data there are, the better. |
So, why not just encrypt it and only decrypt it in the client? Like how Tutanota & co does email. Or add this to native clients instead, but specify a file format. They can store it offline and transfer it between each other. |
Where is the key stored?
E-mail is rarely stored in encrypted form on servers. It is transmitted in encrypted form. |
Pitch
Similar to how Discord allows you to add a note to people's profiles, or the Reddit Enhancement Suite extension lets you add custom flairs on usernames, it would be useful to have the same functionality built into Mastodon and made available via the API.
Motivation
It would make it easier to remember things about people instead of having to keep track of it externally.
The text was updated successfully, but these errors were encountered: