So far, I think the admins have done an exemplary job in running this instance. They managed to keep it active with many users, keep it error free, and their reaction to the defederation of beehaw was level headed and reasonable. When it comes to things that a successful instance needs, this one has a lot of them. Also it’s Canadian which is pretty based
However, this place needs a privacy policy. I think users are entitled to know exactly what info about them is kept, how it’s used, and how long it’s kept for. This information included on almost every website and it’s a big red flag if a site doesn’t have one. Just to be clear, I’m not trying to insinuate that the admins are trying to steal our info or anything like that. Since they have a lot on their plate already with keeping the server online, this is probably something that fell through the cracks, which is bound to happen when one volunteers their time and money to cultivating a community and handling all the infrastructure involved in that. Nevertheless I think it’s crucial to have one.
So funny thing about that, assuming that the admins are just running the default Lemmy software.
There isn’t one because there is not data being collected and or sent to third parties to speak of.
Here is the privacy policy: the only data the admins collect is whatever was in a text box when you pressed “send post” and your email address that you provided when you signed up. That… Is basically it. There are no tracking cookies, they don’t track analytics data, like genuinely the only data that even hits their servers at all is just what you submit, manually.
The reason every website has a privacy policy is because they don’t want to get sued for selling the data they collect on you.
Does the application not keep track of IP addresses used to register or anything like that?
Why would they store that? That info doesn’t need to be persisted for the application to work. (of course the obvious answer is to track you and sell your information, but apperantly that’s not the case, so)
Can you say something about the log files from running Lemmy on the admin end, or any federated service for that matter? Is there are data retention or privacy policy in terms of that? Or is that already public from a user perspective and has been made known for all users explicitly in a TOS/policy already?
On another note, please correct me if I’m wrong as I’m still learning about the fediverse, but the data in log files are not only for users within one instance, but due to federation, such (subset) data will also be in the log files of other Lemmy instances or services such as Mastodon if there is any interaction between them. Is that right? If so, is there any privacy or data policy around that as well?
Something like an IP addresses would have to be connected through your home instance bc that is the site you are connecting to. Generally, privacy policies do not have to cover data that is clearly public (I think you are mixing privacy policy/TOS a bit here). Your posts and comments are public and can only be set as public. Only email address and private data would need to be covered.
Can you clarify whether instance logs are public or only visible to admins? Posts and comments, even upvotes/down votes, are public. But private info like emails, IP addr may be in the logs, no?
Modlogs are public but the other ones are only available on the server. The servers can of course have their own logging too for connections, etc and cloud services would have access to that as well.
Every server you connect to knows your IP address, good possibility some of the intermediate routers log it in their netflow traffic too. I’m not sure that alone is enough for a full privacy policy as it is a basic function of the internet.
A good template could be the Wikimedia one https://foundation.wikimedia.org/wiki/Policy:Privacy_policy
Also fyi, the code is open source so you could always read exactly what info it’s collecting not that it’s an easy task but tbh I’d rather do that than read legal documents
