[web-hugo.git] / content / posts / why-i-cant-enable-registrations.md

---
title: "Why I can't enable registrations"
date: 2022-02-23T16:59:55+03:00
tags: ['rant','gdpr','privacy','site','future']
description: "If you've used any of my services, you have more than likely have had to use it as a guest rather than a registered user. There's one simple reason why I can't allow you to. GDPR... and lack of helping the little guy with it."
type: blog
aliases: ["/why-i-cant-enable-registrations.html"]
draft: false
---

If you've used any of my services, you have more than likely have had
to use it as a guest rather than a registered user. There's one simple
reason why I can't allow you to. GDPR... and lack of helping the little
guy with it.

## The case of Matrix
I love [Matrix](https://matrix.org/) - I would love to contribute to the
wider ecosystem of it with my homeserver, but I've always had to shut
down requests of people wanting to register an account in my homeserver
if I do not know them.

The annoyance comes from the fact that Element **[only covers their own asses.](https://matrix.org/legal/privacy-notice)**
I would love to add a privacy notice and easy methods to remove all user
data whatsoever. I would love to open registrations for many services.
However, I wouldn't like to get a GDPR fine for being in violation of the
law. You cannot easily readapt the privacy notice for Synapse and Element.
They're written on a scale of a business - the only templates in repositories
are ones for Element themselves. I have tried rewriting one of their GDPR
and privacy notices to no avail - it's full of legalese jargon that is hard
to read for a normal person.

## Okay? Matrix has a deactivate button.
That isn't GDPR compliant still. It doesn't fully erase all of your data.
It only wipes your profile data, which can still be retrieved from the
channels that the user was partaken in. Not only that, but you cannot remove
data from other homeservers - this is a huge red flag in data sharing.

## What about this other service you're hosting?
There is even less of a legal notice put up for those. If you find a reasonable
legal notice anywhere that can be adapted by an individual, not a business,
please let me know.


**TL;DR** - GDPR non-compliance if I would enable. No safety net either by
the bigger projects, only to cover businesses. Smaller projects tend
to not even have any documents in first place.


Thanks for reading
- Cernodile
Commit	Line	Data
7ba37647 JM	1	---
	2	title: "Why I can't enable registrations"
	3	date: 2022-02-23T16:59:55+03:00
	4	tags: ['rant','gdpr','privacy','site','future']
	5	description: "If you've used any of my services, you have more than likely have had to use it as a guest rather than a registered user. There's one simple reason why I can't allow you to. GDPR... and lack of helping the little guy with it."
	6	type: blog
	7	aliases: ["/why-i-cant-enable-registrations.html"]
	8	draft: false
	9	---
	10
	11	If you've used any of my services, you have more than likely have had
	12	to use it as a guest rather than a registered user. There's one simple
	13	reason why I can't allow you to. GDPR... and lack of helping the little
	14	guy with it.
	15
	16	## The case of Matrix
	17	I love [Matrix](https://matrix.org/) - I would love to contribute to the
	18	wider ecosystem of it with my homeserver, but I've always had to shut
	19	down requests of people wanting to register an account in my homeserver
	20	if I do not know them.
	21
	22	The annoyance comes from the fact that Element [only covers their own asses.](https://matrix.org/legal/privacy-notice)
	23	I would love to add a privacy notice and easy methods to remove all user
	24	data whatsoever. I would love to open registrations for many services.
	25	However, I wouldn't like to get a GDPR fine for being in violation of the
	26	law. You cannot easily readapt the privacy notice for Synapse and Element.
	27	They're written on a scale of a business - the only templates in repositories
	28	are ones for Element themselves. I have tried rewriting one of their GDPR
	29	and privacy notices to no avail - it's full of legalese jargon that is hard
	30	to read for a normal person.
	31
	32	## Okay? Matrix has a deactivate button.
	33	That isn't GDPR compliant still. It doesn't fully erase all of your data.
	34	It only wipes your profile data, which can still be retrieved from the
	35	channels that the user was partaken in. Not only that, but you cannot remove
	36	data from other homeservers - this is a huge red flag in data sharing.
	37
	38	## What about this other service you're hosting?
	39	There is even less of a legal notice put up for those. If you find a reasonable
	40	legal notice anywhere that can be adapted by an individual, not a business,
	41	please let me know.
	42
	43
	44
	45	TL;DR - GDPR non-compliance if I would enable. No safety net either by
	46	the bigger projects, only to cover businesses. Smaller projects tend
	47	to not even have any documents in first place.
	48
	49
	50	Thanks for reading
	51	- Cernodile