Commit | Line | Data |
---|---|---|
7ba37647 JM |
1 | --- |
2 | title: "Why I can't enable registrations" | |
3 | date: 2022-02-23T16:59:55+03:00 | |
4 | tags: ['rant','gdpr','privacy','site','future'] | |
5 | description: "If you've used any of my services, you have more than likely have had to use it as a guest rather than a registered user. There's one simple reason why I can't allow you to. GDPR... and lack of helping the little guy with it." | |
6 | type: blog | |
7 | aliases: ["/why-i-cant-enable-registrations.html"] | |
8 | draft: false | |
9 | --- | |
10 | ||
11 | If you've used any of my services, you have more than likely have had | |
12 | to use it as a guest rather than a registered user. There's one simple | |
13 | reason why I can't allow you to. GDPR... and lack of helping the little | |
14 | guy with it. | |
15 | ||
16 | ## The case of Matrix | |
17 | I love [Matrix](https://matrix.org/) - I would love to contribute to the | |
18 | wider ecosystem of it with my homeserver, but I've always had to shut | |
19 | down requests of people wanting to register an account in my homeserver | |
20 | if I do not know them. | |
21 | ||
22 | The annoyance comes from the fact that Element **[only covers their own asses.](https://matrix.org/legal/privacy-notice)** | |
23 | I would love to add a privacy notice and easy methods to remove all user | |
24 | data whatsoever. I would love to open registrations for many services. | |
25 | However, I wouldn't like to get a GDPR fine for being in violation of the | |
26 | law. You cannot easily readapt the privacy notice for Synapse and Element. | |
27 | They're written on a scale of a business - the only templates in repositories | |
28 | are ones for Element themselves. I have tried rewriting one of their GDPR | |
29 | and privacy notices to no avail - it's full of legalese jargon that is hard | |
30 | to read for a normal person. | |
31 | ||
32 | ## Okay? Matrix has a deactivate button. | |
33 | That isn't GDPR compliant still. It doesn't fully erase all of your data. | |
34 | It only wipes your profile data, which can still be retrieved from the | |
35 | channels that the user was partaken in. Not only that, but you cannot remove | |
36 | data from other homeservers - this is a huge red flag in data sharing. | |
37 | ||
38 | ## What about this other service you're hosting? | |
39 | There is even less of a legal notice put up for those. If you find a reasonable | |
40 | legal notice anywhere that can be adapted by an individual, not a business, | |
41 | please let me know. | |
42 | ||
43 | ||
44 | ||
45 | **TL;DR** - GDPR non-compliance if I would enable. No safety net either by | |
46 | the bigger projects, only to cover businesses. Smaller projects tend | |
47 | to not even have any documents in first place. | |
48 | ||
49 | ||
50 | Thanks for reading | |
51 | - Cernodile |