Commit | Line | Data |
---|---|---|
a90b78c0 JM |
1 | Why I can't enable registrations |
2 | ||
3 | If you've used any of my services, you have more than likely have had | |
4 | to use it as a guest rather than a registered user. There's one simple | |
5 | reason why I can't allow you to. GDPR... and lack of helping the little | |
6 | guy with it. | |
7 | ||
8 | ## The case of Matrix | |
9 | I love [Matrix](https://matrix.org/) - I would love to contribute to the | |
10 | wider ecosystem of it with my homeserver, but I've always had to shut | |
11 | down requests of people wanting to register an account in my homeserver | |
12 | if I do not know them. | |
13 | ||
14 | The annoyance comes from the fact that Element **[only covers their own asses.](https://matrix.org/legal/privacy-notice)** | |
15 | I would love to add a privacy notice and easy methods to remove all user | |
16 | data whatsoever. I would love to open registrations for many services. | |
17 | However, I wouldn't like to get a GDPR fine for being in violation of the | |
18 | law. You cannot easily readapt the privacy notice for Synapse and Element. | |
19 | They're written on a scale of a business - the only templates in repositories | |
20 | are ones for Element themselves. I have tried rewriting one of their GDPR | |
21 | and privacy notices to no avail - it's full of legalese jargon that is hard | |
22 | to read for a normal person. | |
23 | ||
24 | ## Okay? Matrix has a deactivate button. | |
25 | That isn't GDPR compliant still. It doesn't fully erase all of your data. | |
26 | It only wipes your profile data, which can still be retrieved from the | |
27 | channels that the user was partaken in. Not only that, but you cannot remove | |
28 | data from other homeservers - this is a huge red flag in data sharing. | |
29 | ||
30 | ## What about this other service you're hosting? | |
31 | There is even less of a legal notice put up for those. If you find a reasonable | |
32 | legal notice anywhere that can be adapted by an individual, not a business, | |
33 | please let me know. | |
34 | ||
35 | ||
36 | ||
37 | **TL;DR** - GDPR non-compliance if I would enable. No safety net either by | |
38 | the bigger projects, only to cover businesses. Smaller projects tend | |
39 | to not even have any documents in first place. | |
40 | ||
41 | ||
42 | Thanks for reading | |
43 | - Cernodile | |
44 | ||
45 | ;tags:rant gdpr privacy site future | |
46 | ;description:If you've used any of my services, you have more than likely have had to use it as a guest rather than a registered user. There's one simple reason why I can't allow you to. GDPR... and lack of helping the little guy with it. | |
47 |