SoylentNews is people
SoylentNews
I've been approached about working on a new privacy policy for SoylentNews and have agreed to do so. This journal is the first step in that process.
SN currently runs on Rehash, which is written in Perl and dates back to Slash 2.0. Many privacy-related considerations in Rehash are dictated by decisions made by the Slashdot admins nearly 25 years ago when they wrote the original code. The age of this code and its dependencies on tools like mod_perl make it nearly unmaintainable, meaning that SN may implement a new code base sooner rather than later. This is a pivotal time to discuss a new privacy policy for SN, an the decisions made now will likely influence the implementation of whichever new code base powers SN in the future.
SN has three primary stakeholders, which are 1) the ownership, 2) the staff, and 3) the community. To be successful, any site policy needs the support of all three of these stakeholders. That means the community needs to be actively engaged in the process.
My first steps will be to solicit input from the SN community and to spend most of my time listening. There are three important questions to discuss:
1) Problems: What privacy-related considerations are important to you, the members of the SN community? What are your concerns? As long as the issues are reasonably relevant to privacy, anything should be on the table here. This includes things like what user data gets stored, how long it is retained, who has access to it, the right to be forgotten, anonymous commenting, and anything that can reasonably be construed as a privacy issue.
2) Process: All three stakeholders must be supportive of any privacy policy for it to be effective. Therefore, once a privacy policy is drafted, we need a process for all three stakeholders to approve this. I anticipate the biggest questions here will be how you, the members of the SN community, get to voice your support or to request amendments to the policy. What process would the community like us to follow for enacting policy? Do all logged-in users get to vote? Does the community elect representatives?
3) Potential Solutions: Once you, the members of the SN community, make your privacy concerns heard, we need potential solutions for those concerns. These solutions will be limited by a few constraints. To allow for robust discussions and make SN a welcoming community, we need the ability to track abuse of the site (e.g., spam comments, sock puppet account creation, gaming the moderation system, etc...) to prevent disruption of the discussions. SN is required to comply with the laws in relevant jurisdictions such as the United States and the state of Delaware. Any solutions have to be practical, given the limited financial and human resources. Working within those constraints, SN policy should go above and beyond what is merely required by law, and to maximize the privacy of the members of the community.
I'll start by posting three journals at least 7-10 days apart to discuss each of these issues. For this journal, I want to focus on the first point, which is what privacy concerns you have, What is important to you, as members of the SN community, and what do we need to address in the new privacy policy? While any discussion of privacy matters is on-topic in this journal, I'd like to try to keep the discussion focused as much as possible on privacy-related problems that we need to address.
There are a few ground rules in this discussion:
1) If you're giving examples of specific privacy concerns, please don't include actual user names or people. Please use hypothetical terms, or use generic names like "person A" and "person B."
2) The new privacy policy is forward looking, meaning that the discussion should focus on how we can be better in the future, and not on holding people responsible for past mistakes or how the existing code is written.
3) Please keep the discussion civil and welcoming. Everyone deserves a chance to participate in this discussion and to be heard. Please keep the discussion constructive and refrain from posting personal attacks. Privacy is for everyone, and that means everyone deserves to be heard. I ask that you please don't try to dominate the discussion or shout other people down, and instead let everyone make their opinions known.
4) Please keep the discussion on-topic. Any privacy-related matters are on-topic, but issues like story selection are beyond the scope of this policy. Let's keep issues like politics out of this discussion, too.
5) Please don't moderate people down unless they're off-topic, trying to dominate the discussion, shouting people down, or posting personal attacks. Even if you disagree with someone else, please don't moderate them down unless they're violating the ground rules for this discussion. I want everyone to be heard.
I pledge that I'll read every comment that you post. My direct input to this discussion will be minimal, and I probably won't post at all except maybe to answer questions or ask for more detail if appropriate. I'm not here to debate with people. I just want to listen to your concerns. Anonymous Cowards are welcome in this discussion, but all comments that I post will be from the dalek account. I have unchecked the "willing to moderate" box in my user preferences, which means that I am not moderating any comments in this discussion. I am just here to listen.
I want to make these discussions as inclusive as possible. That means I intend to allow Anonymous Coward input to all of these journals. In exchange for keeping these discussions open, I ask that you please keep these discussions on track. I will post future journals, but for now, I want to know what your privacy concerns are, and what topics we need to address in the new privacy policy.
(Score: 4, Insightful) by Mykl on Thursday June 01, @01:10AM
I appreciate that many users of this site are strongly privacy-focused. I need to disclose that I am probably on the lower end of the scale when it comes to privacy concerns on this site, as I live in a stable democracy (i.e. not the USA) where it is legal to post opinions that disagree with the government. I feel I am in no danger of being disappeared or persecuted based on anything I say online.
IMHO, privacy concerns on this site were much more relevant when the conversation was a lot more political. These days, most articles are tech-focused and unlikely to offend powers-that-be. Having said that, there is always the possibility that conversation of a sensitive nature will occasionally turn up in articles or journals.
I am OK with the admins having short-term access to IPs being used by logged in users and ACs for the purposes of avoiding spam / bots / sock puppets / griefers. I would also extend that to identifying characteristics (browser type, OS, CPU type etc) - again stored for a short time only.
I would expect that this information would not be used for any other purpose, and that the admins would agree to a code-of-conduct reflecting that. Obviously this means that we need to place a certain level of trust in our admins. If a user is not comfortable with that then I would argue that this is not the place for them.
Having a truly 100% anonymous site is not practical - it's far too easy for griefers to grief, and we can all remember some of the less savory characters that have abused our goodwill over the years. I'm tired of griefers constantly crying persecution, and frankly don't care what their opinions are - all I'm interested in are the opinions of genuine users of this site (whether logged in or AC). As mentioned above, some of those users may hold strong opinions about privacy, which I welcome to the debate.
I doubt that this site will ever be big enough to draw the attention of a three-letter-agency, but those who are worried about this may benefit from a 'canary' statement put out each month (e.g. If no TLA requests were made, publish a statement to that effect. If the statement is ever missed, then a TLA has by definition made a request).
In terms of email addresses, anyone who is security-sensitive is unlikely to have used their real email address to register for the site, so I don't really have any issues with admins being able to see email addresses of logged in users.