| 1 | Why I can't enable registrations |
| 2 | |
| 3 | If you've used any of my services, you have more than likely have had |
| 4 | to use it as a guest rather than a registered user. There's one simple |
| 5 | reason why I can't allow you to. GDPR... and lack of helping the little |
| 6 | guy with it. |
| 7 | |
| 8 | ## The case of Matrix |
| 9 | I love [Matrix](https://matrix.org/) - I would love to contribute to the |
| 10 | wider ecosystem of it with my homeserver, but I've always had to shut |
| 11 | down requests of people wanting to register an account in my homeserver |
| 12 | if I do not know them. |
| 13 | |
| 14 | The annoyance comes from the fact that Element **[only covers their own asses.](https://matrix.org/legal/privacy-notice)** |
| 15 | I would love to add a privacy notice and easy methods to remove all user |
| 16 | data whatsoever. I would love to open registrations for many services. |
| 17 | However, I wouldn't like to get a GDPR fine for being in violation of the |
| 18 | law. You cannot easily readapt the privacy notice for Synapse and Element. |
| 19 | They're written on a scale of a business - the only templates in repositories |
| 20 | are ones for Element themselves. I have tried rewriting one of their GDPR |
| 21 | and privacy notices to no avail - it's full of legalese jargon that is hard |
| 22 | to read for a normal person. |
| 23 | |
| 24 | ## Okay? Matrix has a deactivate button. |
| 25 | That isn't GDPR compliant still. It doesn't fully erase all of your data. |
| 26 | It only wipes your profile data, which can still be retrieved from the |
| 27 | channels that the user was partaken in. Not only that, but you cannot remove |
| 28 | data from other homeservers - this is a huge red flag in data sharing. |
| 29 | |
| 30 | ## What about this other service you're hosting? |
| 31 | There is even less of a legal notice put up for those. If you find a reasonable |
| 32 | legal notice anywhere that can be adapted by an individual, not a business, |
| 33 | please let me know. |
| 34 | |
| 35 | |
| 36 | |
| 37 | **TL;DR** - GDPR non-compliance if I would enable. No safety net either by |
| 38 | the bigger projects, only to cover businesses. Smaller projects tend |
| 39 | to not even have any documents in first place. |
| 40 | |
| 41 | |
| 42 | Thanks for reading |
| 43 | - Cernodile |
| 44 | |
| 45 | ;tags:rant gdpr privacy site future |
| 46 | ;description:If you've used any of my services, you have more than likely have had to use it as a guest rather than a registered user. There's one simple reason why I can't allow you to. GDPR... and lack of helping the little guy with it. |
| 47 | |