On Wed, Feb 14, 2024 at 8:10 AM Phil Endecott via Boost < boost@lists.boost.org> wrote:
Before worrying about the legal jargon, the important thing is to decide what your privacy policy actually is. The simplest privacy policy is "we don't record any personal information". It's not difficult to translate that from plain English to legal jargon.
The site records whatever you give it, plus what is publicly available. If you enter your name we record that. So I think it is not technically correct to say "we don't record any personal information."
There are a couple of issues that make it a bit more complicated in this case. First, you're embedding YouTube videos on the site. YouTube is undoubtedly doing its best to "monetize" site visitors through those;
hmm...that's a good point. I think we should have an option to disable YouTube embeds. I despise what Big Tech companies have done to our privacy. This new Boost website should try to lead by example, and not force the YouTube embeds along with the tracking it comes with. I have opened a new issue for this that you can participate in here: https://github.com/cppalliance/temp-site/issues/961 The second issue is the login. If I understand correctly, the forum
is not yet active. If that's the case, I suggest that language to address that can be added later. What does the "sign up" form currently do?
When you sign up, an account is created which remembers settings. If you then, for example, submit a News item, then when a moderator approves the posting your screen name will appear along with your avatar as the author of the news item. And when someone clicks the name or avatar they will see your User Profile page. There will eventually be controls to let you decide what appears on that page. Right now I think there's nothing there except the avatar. But there will be things like, whether or not you are an author, how many reviews you've participated in, and so on.
If there is anything else that you are planning to do that involves personal information, please tell us!
Yes well there are a lot of ideas! The over-arching theme is to aggregate all of the publicly available information about you which is relevant to participation in Boost. How many GitHub issues you create, how many commits to boostorg repos do you make, how many reviews do you write or manage, and so on. I have a theory that one of the ways to stimulate participation in Boost is to raise the level of visibility of the contributors that are already here. A lot of what we do is "secret" not by choice but by circumstance. There is precedent here. wg21 was largely unknown until Boost, C++11, and conferences made it visible and then there was a groundswell of participation (too much, in my opinion, but that's another discussion). When the world moved away from mailing lists, Boost was kind of stranded on its own island. This website is the land bridge for connecting the rest of the world back to us, but in a way that preserves the mailing list as the primary means of communication for engineers and users.
No, you really don't need these documents "just to publish information legally". You need these documents if you plan to invade the privacy of site visitors.
I always thought it was stupid how every website has to ask about how many cookies you want, instead of just putting that in the browser as a global setting. A website cannot "invade the privacy of site visitors" without the help of the browser. All a website can do on its own really, without the user's input, is log your visits and whatever information the browser sends. But this conversation is veering into the political so I should shut up now.
There were a couple of questions I asked before which I don't think have been answered yet. Firstly, whose site is it? Does it belong to Boost, or to C++ Alliance? (In legal terms, who is the "data controller"?)
Currently The C++ Alliance owns everything.
If it belongs to Boost, then I think someone representing Boost really needs to sign off these documents.
Who "represents Boost?"
Secondly, why is Google Analytics on the site?
When I ask, I am told that it is needed to generate visitor reports such as which pages are popular, who is coming from where, and so on. I'm not happy at all that one company has a monopoly on this, so I am open to hearing reasonable alternatives. Google Analytics has a very robust set of features for site operators. I wouldn't mind trading some of that for a system that didn't give free data to Google. Thanks