| 1 | --- |
| 2 | title: "Why I can't enable registrations" |
| 3 | date: 2022-02-23T16:59:55+03:00 |
| 4 | tags: ['rant','gdpr','privacy','site','future'] |
| 5 | description: "If you've used any of my services, you have more than likely have had to use it as a guest rather than a registered user. There's one simple reason why I can't allow you to. GDPR... and lack of helping the little guy with it." |
| 6 | type: blog |
| 7 | aliases: ["/why-i-cant-enable-registrations.html"] |
| 8 | draft: false |
| 9 | --- |
| 10 | |
| 11 | If you've used any of my services, you have more than likely have had |
| 12 | to use it as a guest rather than a registered user. There's one simple |
| 13 | reason why I can't allow you to. GDPR... and lack of helping the little |
| 14 | guy with it. |
| 15 | |
| 16 | ## The case of Matrix |
| 17 | I love [Matrix](https://matrix.org/) - I would love to contribute to the |
| 18 | wider ecosystem of it with my homeserver, but I've always had to shut |
| 19 | down requests of people wanting to register an account in my homeserver |
| 20 | if I do not know them. |
| 21 | |
| 22 | The annoyance comes from the fact that Element **[only covers their own asses.](https://matrix.org/legal/privacy-notice)** |
| 23 | I would love to add a privacy notice and easy methods to remove all user |
| 24 | data whatsoever. I would love to open registrations for many services. |
| 25 | However, I wouldn't like to get a GDPR fine for being in violation of the |
| 26 | law. You cannot easily readapt the privacy notice for Synapse and Element. |
| 27 | They're written on a scale of a business - the only templates in repositories |
| 28 | are ones for Element themselves. I have tried rewriting one of their GDPR |
| 29 | and privacy notices to no avail - it's full of legalese jargon that is hard |
| 30 | to read for a normal person. |
| 31 | |
| 32 | ## Okay? Matrix has a deactivate button. |
| 33 | That isn't GDPR compliant still. It doesn't fully erase all of your data. |
| 34 | It only wipes your profile data, which can still be retrieved from the |
| 35 | channels that the user was partaken in. Not only that, but you cannot remove |
| 36 | data from other homeservers - this is a huge red flag in data sharing. |
| 37 | |
| 38 | ## What about this other service you're hosting? |
| 39 | There is even less of a legal notice put up for those. If you find a reasonable |
| 40 | legal notice anywhere that can be adapted by an individual, not a business, |
| 41 | please let me know. |
| 42 | |
| 43 | |
| 44 | |
| 45 | **TL;DR** - GDPR non-compliance if I would enable. No safety net either by |
| 46 | the bigger projects, only to cover businesses. Smaller projects tend |
| 47 | to not even have any documents in first place. |
| 48 | |
| 49 | |
| 50 | Thanks for reading |
| 51 | - Cernodile |