-
-
Notifications
You must be signed in to change notification settings - Fork 199
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Account creation section #1723
Account creation section #1723
Conversation
🎊 PR Preview 9da5318 has been successfully built and deployed to https://privacyguides-privacyguides-org-preview-pr-1723.surge.sh 🕐 Build time: 105.415s 🤖 By surge-preview |
I have some questions:
Any suggestions are welcome. |
docs/basics/account-creation.en.md
Outdated
@@ -7,17 +7,17 @@ Whenever you have to create a new account for a service you are required to read | |||
|
|||
## Terms of Service(ToS) | |||
|
|||
Terms of Service(ToS) are one of the most ignored aspect when creating a new account. They are the legal agreements for using the service including how your data will be used, often referred to as the **Privacy Policy**. | |||
Terms of Service(ToS) are one of the most ignored aspect when creating a new account. They are the legal agreements in order to use the service and also include how your data will be used, often referred to as the **Privacy Policy**. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
? I don't think this is correct. I am not talking about the correction but the Privacy Policy is a legal agreement? Also in the way that the sentences follow up it looks like Privacy Policy is some part of ToS which often isn't the case.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I thought it was part of the ToS it's just different document, Wikipedia also says so. ToS are the legal agreements and the Privacy Policy is a legal document. Perhaps someone with a legal background can clarify this point.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well a privacy policy legally cannot be part of the ToS. Doesn't mean that it doesn't happen but the GDPR has set strict rules on accessibility to privacy information and therefore it cannot be hidden in a ToS.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To avoid any confusion I can talk about it separately but I still think that it's part of the ToS. It is a separate document for easier access, following GDPR rules. If you have a look at some ToS privacy section you can find links to the Privacy Policy.
All the websites I checked asked you to accept the ToS and only sometimes they mentioned the PP during registration. You do not accept the PP, only the ToS. So if I accept the ToS I also accept the PP but not vice versa.
For example ProtonMail ToS says "...By agreeing to the present Terms and to be able to use the Services, you also agree to our Privacy Policy." and inside the Privacy Policy "...This privacy policy is to be read and understood as being a complement to our terms of service."
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry but none of this is right. Under GDPR data processors are required to ask for consent to the data subject. I highly doubt the legality of putting it in the ToS.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we are both missing something here, I do agree that consent must be given.
The way it's given is different form website to website. Some ask only for ToS, some for ToS and tell you to read the PP(linked in the form or inside the ToS), others want you to accept everything(ToS, PP, cookies...). I found a few, like banks, that you need to give consent on each type of data process.
The European Commission website has a lot of guidelines on how to implement GDPR, including consent for data collection, but there is a lot to unwarp here. Maybe someone will chime in to help us understand.
To avoid getting too much off topic I think it would be a good choice to discuss ToS and PP separately in this page and advise users to read both.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I already do understand :) but I agree with the latter.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Typically the Terms of Service are things you are agreeing to do when using a site, and the Privacy Policy is the site agreeing to only do certain things with the data you give it. I think I agree with just discussing both of them independently of each other.
@Redre1l Thanks, I don't always get along with english grammar 😅 |
b5ff399
to
b9612de
Compare
✅ Deploy Preview for privacyguides ready!
To edit notification comments on pull requests, go to your Netlify site settings. |
One thing that we could mention here is that the way services use email is essentially a crappy version of SSO, since if your email account is compromised you essentially can access any account that uses that email. So I wouldn't put that as a disadvantage for SSO, since email has the same problem but worse. It's actually superior in this regard IMO. |
There also a potential security advantage if you use Google's SSO for example while securing your Google account with a hardware key, for example, whereas whatever service you're using may not implement it. |
@mfwmyfacewhen Thanks for your contributions.
They share this problem, but with emails it can be mitigated if you setup 2FA for your accounts. If SSO security is breached, not much can be done.
I like the idea to leverage on SSO providers security features if other services lacks them. Edit: would you like to explain it yourself or should I write a rough draft? |
8269880
to
7ceb905
Compare
a333784
to
f04be34
Compare
docs/basics/account-creation.en.md
Outdated
|
||
## Terms of Service & Privacy Policy | ||
|
||
Terms of Service(ToS) and Privacy Policy are two of the most ignored aspects of creating a new account. The ToS are the rules that you agree to follow when using the service. Breaking them could result in account termination or other action, so it's important to be familiar with them. The Privacy Policy is how the service will use your data. Sometimes critical privacy issues can be hidden here, so you should take the time to read it. A company or organization might not be legally obligated to follow everything in it; you should check your local laws and see what they legally must do to protect your data, or what data they might be legally required to collect. | ||
The ToS (Terms of Service) are the rules that you agree to follow when using the service. With larger services these rules are often enforced by automated systems. Sometimes these automated systems can make mistakes such as if the account is new, you use a VPN or a phone number not tied to a real mobile service (such as a virtual number). Appealing such bans is often difficult, and involves an automated process too, which isn't always successful. This would be one of the reasons why we wouldn't suggest using Gmail for email as an example. Email is crucial for access to other services you might have signed up for. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ToS (Terms of Service)
It's best to put the abbreviation inside the brackets .
if the account is new
I don't think this is relevant. You can break ToS at any time, not just with new accounts.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's best to put the abbreviation inside the brackets .
Thinking we can just remove the bracketed version afterwards, because it does have the mouse over abbreviation. It's also in the heading.
It is, because you may not necessarily break the ToS, but can still have accounts locked, due to them being new, using a VPN, or using VOIP numbers.
I don't think this is relevant. You can break ToS at any time, not just with new accounts.
These are all things often "recommended" by the privacy community for "privacy".
Co-authored-by: matchboxbananasynergy <107055883+matchboxbananasynergy@users.noreply.github.com> Co-authored-by: mfwmyfacewhen <94880365+mfwmyfacewhen@users.noreply.github.com> Co-authored-by: Daniel Gray <dngray@privacyguides.org>
4a9bc15
to
dd3dffc
Compare
Co-authored-by: matchboxbananasynergy <107055883+matchboxbananasynergy@users.noreply.github.com> Co-authored-by: mfwmyfacewhen <94880365+mfwmyfacewhen@users.noreply.github.com> Co-authored-by: Daniel Gray <dngray@privacyguides.org>
dd3dffc
to
0d59716
Compare
New section to discuss the various aspect of creating new accounts.
The idea came from the discussion about Single sign-on #1609 and suggestions from @matchboxbananasynergy on his passwords knowledge base #1706 .
As of now I added some general ideas for the page, feel free to give me you opinion.