Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Option to keep private who a user is backing #1841

Open
jrfnl opened this issue Mar 21, 2019 · 6 comments

Comments

@jrfnl
Copy link

@jrfnl jrfnl commented Mar 21, 2019

User story

As a user who backs certain open source projects, I want to be able to donate to a project without it being mentioned on my profile or on the project's profile. It's nobody's business who I donate to and how much I donate to them and it should be a choice of the individual user whether they want that information is made public or not.

N.B.: Correct me if I'm wrong, but displaying this information publicly without my explicit permission violates the EU GDPR laws.

For that matter: it should also be a choice of the user whether they want to allow public access to their profile or not.

Best solution for this problem

An option in the advanced settings to turn "show projects you back" on or off. With the default setting being OFF.

When this setting is set to OFF, the user info may be shared with the owners of projects they back, but not displayed on the project page (or only as anonymous) and also not displayed on the user page.

Additionally, an option should be added to in the advanced settings to give users a choice who can see their profile:

  • Everyone
  • Projects I've backed
  • Noone
    (and possibly more options, but this is a good starting point)

Note: This would not be an issue if people could donate without creating an account, but as that's been made compulsory, due care should be given to privacy (which currently is not the case).

@xdamman

This comment has been minimized.

Copy link
Contributor

@xdamman xdamman commented Mar 26, 2019

It doesn't violate GDPR laws. It's like github showing your contributions across all the public repositories on your profile page, or Twitter showing all your conversations to different people on your profile, etc. It's all public information and your profile page just pulls that information together in one place.

We do offer users the ability to donate anonymously. It's a bit cumbersome as the user basically needs to use another email (or add a + in it if using a gmail address), and not provide identifiable information in their name and avatar. It would be great to make it easier to stay logged in and selectively make a donation anonymously. I like the idea of allowing users to show or hide the list of projects they are backing. No reason for us not to give users that option.

Thank you for the suggestion. I hope that someone can make a contribution to offer this feature.

@jrfnl

This comment has been minimized.

Copy link
Author

@jrfnl jrfnl commented Mar 26, 2019

It doesn't violate GDPR laws. It's like github showing your contributions across all the public repositories on your profile page, or Twitter showing all your conversations to different people on your profile, etc.

@xdamman I vehemently don't agree. How I spend my time is a completely different matter privacy-wise than how I spend my money (and how much of it). That's like saying it would be OK for banks to openly publish the transaction details of everyone holding an account there. There's a reason why that is not allowed.

@xdamman

This comment has been minimized.

Copy link
Contributor

@xdamman xdamman commented Mar 27, 2019

That's like saying it would be OK for banks to openly publish the transaction details of everyone holding an account there

There is a big difference. Those bank transactions are private. So of course no one can aggregate them and display them publicly. But in an open collective, all transactions are public by design. People want to know who is financing this or that collective. Is it mostly financed by people or by companies? Which ones? Etc.

Therefore anyone could scrape our website and display all the transactions clustered in different ways (e.g. all transactions made by the same account). So we may as well allow them to click on a profile to see all their transactions (and discover other collectives to support in the process).

We also publish all transactions as open data on our public drive: https://drive.opencollective.com

How I spend my time is a completely different matter privacy-wise than how I spend my money (and how much of it)

I agree.
That's why it's important to allow people to make anonymous or pseudonymous donations.
Which we do but arguably the process is clunky.

I'll create an issue to at least document this better in the flow of making a donation. That's something that we should be able to do quickly.

I'll create a second issue to get to a better solution which is to allow you to create different profiles and decide what identity you want to use (anonymous/pseudonymous) when making a donation.

Thank you for taking the time to share this important concern.

@stale

This comment has been minimized.

Copy link

@stale stale bot commented Jun 25, 2019

This issue has been automatically marked as stale because it has not had recent activity. We want to keep it in our todo list but haven't had the time to address it yet.
Thank you for your contributions!

@stale stale bot added the stale label Jun 25, 2019
@alanna

This comment has been minimized.

Copy link
Contributor

@alanna alanna commented Jun 27, 2019

We still get a lot of requests for this through support.

@stale stale bot removed the stale label Jun 27, 2019
@Betree

This comment has been minimized.

Copy link
Member

@Betree Betree commented Aug 27, 2019

This issue should now be resolved by #1875 - @xdamman?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
5 participants
You can’t perform that action at this time.