• Activity
  • Votes
  • Comments
  • New
  • All activity
  • Showing only topics with the tag "privacy". Back to normal view
    1. Comment Visits Setting This data is retained for 30 days. After not visiting a particular topic for 30 days, the data about your last visit to it will be deleted. We've had discussions before...

      Comment Visits Setting

      This data is retained for 30 days. After not visiting a particular topic for 30 days, the data about your last visit to it will be deleted.

      We've had discussions before about long-lived topics, resurrecting old topics, etc. and the general consensus is that they were good and encouraged. Unfortunately, with the limited 30-day memory for topic read-vs-new comments, resurrected posts become a real pain. The current activity-sorted all-time front page has three topics from 2018, each with over a hundred comments. It'd be nice to read the new activity, but that takes either some tedious Ctrl+F with various terms ("minutes", "days", etc.) to find newish comments or re-reading everything.

      I'd like to avoid relying on a third-party extension to handle this (browser and device support, issues with syncing multiple devices, etc.), and I understand the privacy goals. What are people's thoughts on making read-comment memory user-configurable, even if it's just "default 30-days" and "all-time"?

      10 votes
    2. Tildes code of conduct says Do not post anyone's sensitive personal information (related to either their real world or online identity) with malicious intent. Can you change that to just say don't...

      Tildes code of conduct says

      Do not post anyone's sensitive personal information (related to either their real world or online identity) with malicious intent.

      Can you change that to just say don't post personal info? Even if it's not done with malicious intent it should still be removed to protect people's privacy.

      Also while it does say to not post spam on tildes terms of service I think It should say that on the code of conduct.

      Edit: I mean posting personal info without consent and not public information.

      Telling someone how to contact a company would be fine but not posting someone's address.

      12 votes
    3. Anonymity on Tildes

      I had a thought, which I'm not sure I agree with, but figured it would be a good conversation. So much of our social discourse, and exploitation of our social platforms, can be associated with...

      I had a thought, which I'm not sure I agree with, but figured it would be a good conversation.

      So much of our social discourse, and exploitation of our social platforms, can be associated with anonymity. Given the divisiveness of our times, it feels like it's almost a pre-req for a platform like this (this has already been discussed in other threads).

      A slightly different question: Is there ever a place for folks that want to announce their identity, and go through something like a Twitter verification process? This could feed into the future trust/reputation feature.

      24 votes
    4. Tildes is 100% donation-supported. It sounds great but I'm doubtful it's a sustainable model. Countless sites have started this way but ended up seeking other ways to monetize, including......

      Tildes is 100% donation-supported. It sounds great but I'm doubtful it's a sustainable model. Countless sites have started this way but ended up seeking other ways to monetize, including...

      1. Showing ads on the site
      2. Intermingling "sponsored posts" or "promoted posts" with regular posts, basically giving preferential treatment to content from users who paid for extra visibility (native advertising)
      3. Selling user data
      4. Cryptocurrency mining (either with user permission or on the sly)
      5. Opening a store for selling branded merch
      6. Periodic "pledge drive" fundraising campaigns
      7. Enacting paywalls

      I've been thinking a lot about site monetization in the abstract lately. Some of these options are better than others. Personally, I'd draw a hard line against 1-4 on Tildes. I think all of those are in direct opposition to what this site is all about.

      I think 5 is a "good in theory, but not in practice" idea. A merch store might generate enough revenue for the first few months but would see rapidly diminishing returns. It would have to resort to increasingly gimmicky promotions just to reach eyeballs and meet its goals.

      I think 6 could be a popular option but I personally recoil from the annual hard-sell guilt trip. The recurring drama of "THIS COULD BE OUR LAST YEAR IF YOU DO NOTHING" is exhausting and paints the site's future as constantly in turmoil.

      Finally we come to 7, the paywall. Traditionally I hate these too, especially when they block content like news that is available for free elsewhere. Sometimes they are "soft" paywalls that give you free access to an article (or the first few paragraphs of one) before they ask you to pony up. I feel that these are the worst form of paywall because they tease and frustrate users, and are often easily circumventable anyway.

      That said, I think a "hard" paywall might actually be a good choice for Tildes. For starters, this is already a walled garden. We're actively trying to cultivate a community by not exposing the site to the wider world. That would at least make the transition to a paywall easier to swallow than if the site had been open the whole time.

      It's 2018. By now it's evident to me that TANSTAAFL online. If you're not paying for something, you are the product. I'm a dyed in the wool cheapskate and I don't like opening my wallet to use a website, but at this point I'm even more tired of being treated like a commodity. If I'm going to invest in an online community, I'd much rather pay a small subscription for access than be jerked around in shady ways. I feel it's the most honest and straightforward solution for a site like this.

      Caveats are that it would need to be cheap. Really cheap, like $1 a month. I don't know what the site's operating expenses are, but I would hope something in that ballpark would cover them, at scale. Also @Deimos would face the temptation to implement multiple options from the list as time goes on. Like, after we're used to the paywall, he might want to add "unobtrusive" ads too, or start selling "non-identifiable" user information. I think it's vital that the site never compromise like that. Raise the price if it comes to that, but don't get greedy. A page in the docs formalizing some promises about respecting users would be a nice thing to put on the record.

      What are your thoughts? I should say that I'm talking about the future here, I think it's way too early to put up a paywall now. The community would have to be large and mature enough to justify a paid subscription to it, and we're not there yet.

      12 votes
    5. Invite code privacy

      ~ takes privacy pretty seriously, which I’m a big fan of. Can’t say I’ve seen any other sites where even your email is hashed, but I like it. What I’m curious about are the invite codes. Don’t get...

      ~ takes privacy pretty seriously, which I’m a big fan of. Can’t say I’ve seen any other sites where even your email is hashed, but I like it.

      What I’m curious about are the invite codes. Don’t get me wrong, I don’t think Deimos is going to do anything nefarious, but I did use one of my personal (albeit secondary) emails to request my invite code. Thus, would it be possible to trace the invite code used to create my account back to that email in any way? Or is the code not stored anywhere once it’s used?

      Edit: yes, I realize this account uses my real name, and I’ve linked to my personal gitlab before. For the time being in a community this small, I don’t mind. I may end up creating a new account when the website opens the floodgates, but that’s neither here nor there.

      14 votes
    6. So one of the things I really liked about the project is point 1 of the privacy section of the Mechanics (Future). Proactive not reactive; preventative not remedial: When creating new features,...

      So one of the things I really liked about the project is point 1 of the privacy section of the Mechanics (Future).

      Proactive not reactive; preventative not remedial: When creating new features, think about what data will need to be stored, and consider how harmful it might be if that data was to be leaked in the future. Is it possible to reduce the amount of data being stored to lower the potential harm? Can the data eventually be aggregated or anonymized so that we're only storing recent data instead of a full history?

      I think a good first step would be to not have a public comment/submission history. Users should evaluate other users contributions based on the conversation the are having/reading, not past submissions.

      This doesn't make you anonymous, but at least it can prevent nosy people from knowing too much. (I get there are valid reasons to want to find other posts by the same user, but I think individual privacy is more important). At least, if not enforced for everyone, this should be an option, making your profile not display your history to others.

      Now, one of my biggest problems with reddit is that it doesn't make it easy for you to stay anonymous and also keep your content on the site.

      Let me explain. I don't like people being able to see my submission/comment history, because I don't want to give the chance for people to identify me if I don't choose to do so personally. It's not about reddit knowing what I like or do (I mean, I use Google, they know everything I do), it's about individuals, about other users knowing things I'm not happy sharing with them for whatever reason.

      There are only two options on reddit: deleting my content (using a script or whatever or going one by one) or deleting my account. This results in me deleting all my comments and submissions on reddit every few weeks.

      Now, I would love to be able to leave most of what I post on reddit online, because sometimes I have really interesting conversations and I try to be detailed and clear and other people might find (some of) my posts useful. But I don't want anyone who knows my username or anyone who sees a comment of mine going through my history. There's too many crazy people. Also, I haven't suffered doxxing, but that's just not nice.

      There are many reasons why someone could prefer to not be identifiable. Just to give some examples that come to mind: people might have an ideology that other users don't like/respect, people might post pictures of themselves (think fitness groups, for example), people might post in local groups revealing their location, people might look for counsel and talk about their personal problems, etc. Putting all of that together might make it easy to identify someone.

      So, what I would like to propose is a way to leave my content online if I wish to and giving other people the option to read it in the future, without it being publicly tied to my username.

      How could this be done? Well, I think users should be able to anonymize their participation in a thread individually and throughout the site. There could be an button (on every thread for thread only anonymization and on your profile for full site anonymization) that you tap and your username is replaced all through each thread with a randomly generated username (it'd be great if the username is consistent within the thread, so people reading would know its the same person).

      These usernames should be words, ideally, not difficult to parse by humans. Of course this would generate a great number of usernames, but there are some solutions.

      One could be using something like Google Docs uses when several anonymous viewers are watching a document. Each gets a name (RedFox, whatever) which is consistently used throughout the thread. The same username (RedFox) can then be reused in another thread for any other anonymous user. (So RedFox wouldn't be referring to the same person in different threads, but to two random, anonymized persons).

      I'm sure it wouldn't be difficult to generate these (similarly to how reddit gives you suggestions to new usernames when you open an account).

      Also, in order to avoid the admins having to reserve many usernames in advance, these usernames could have a special mark (like *RedFox or °RedFox, or ~RedFox~, for example). This way, a new user can register any available name without interfering with these anonymous usernames. A thread could have some non-anonymized user called RedFox and an anonymized user called °RedFox (or whatever mark is used).

      In any case, the user should be able to access all of their submissions and comments on their profile even after anonymizing, being able to edit or delete them if they wish to.

      Ok, I think that's it, I hope I was clear. I'm also not gonna be able to log in again until tomorrow. So please, go ahead and discuss and tell me what you think and I'll come back when I can.

      EDIT: User karma should not be public either. I can make an argument for it tomorrow if needed or we can discus it on another thread.

      42 votes
    7. Password Reset

      I don't need to reset my password, and I really appreciate the way that it is done to maximize anonymity. However, I think there is a bit of a problem with how it is done in terms of users getting...

      I don't need to reset my password, and I really appreciate the way that it is done to maximize anonymity. However, I think there is a bit of a problem with how it is done in terms of users getting locked out.

      If you're locked out, as far as I can tell, there is no way to view the email hint associated with your account. It seems a bit counter intuitive to me that in order to see the hint for how to regain access to your account, you have to already have that access! I also think that it won't work in the case that someone has been away for a few months and has forgotten their password. I'm not sure what a good way of displaying the hint would be, however, since if it is done by username anyone who has seen your posts can look at your password hint.

      Hopefully with a bit of discussion we can cook something up that can solve this catch 22!

      11 votes
    8. Warrant Canary

      Hey, Just a thought. I'm not sure what the legal standing of warrant canaries (i.e. being compelled to lie) are in Canada, but given the privacy level afforded by the site the key component to...

      Hey, Just a thought. I'm not sure what the legal standing of warrant canaries (i.e. being compelled to lie) are in Canada, but given the privacy level afforded by the site the key component to that privacy is trust.

      You're doing a lot to make sure private data is treated as harmful, and with the open source code being visible, but that's still not a guarantee that the server is actually running the code that will be open sourced.

      Tildes could probably benefit from a warrant canary given that it's a platform for user generated content and if it gets prominent enough it may be subject to LEO scrutiny. Compliance with LEO is a given since the website operates under Canadian Jurisdiction, but given the... nature of some requests (Gag Orders / Etc...) a canary could be a privacy positive move for users of Tildes.

      7 votes