-
-
Notifications
You must be signed in to change notification settings - Fork 479
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[community] justify and declare use of Savannah #1476
Comments
I'll wait for @flexiondotorg to provide a response for this. I have no knowledge as to what is being referred to here. |
Alan Popey demonstrated this at Ogg Camp, UK, over the last weekend. per https://www.savannahhq.com/privacy-policy/ "importing certain personally identifiable information about your community members from 3rd party services, including but not limited to names, email address, and public communications." It seems this can happen without the community being aware of it. Now you are and can make an informed choice. If you do decide to stick with it, I suggest making it's continued use explicitly stated somewhere so that current and future contributors are informed. |
Savannah doesn't get any information out of GitHub that I can't get simply by looking at GitHub |
"Other Users and the Public: Depending on your account settings, we may share Personal Data with other users of the Services and the public. You control what information is made public. To adjust your settings, visit User Settings in your profile. Please be aware that any information you share in a collaborative context may become publicly accessible." |
True.
But it's copy of the data won't be removed if it's removed.
Merged identities also persist.
Savannah has no privacy policy worthy of name, no data impact statement, and no right of removal process I can find.
I'm unable to tell from their website where they are even copying the data to.
--
†øღ
Sent from a super computer that fits in my pocket and is connected to the sum total of all human knowledge
…On 18 October 2024 12:19:38 BST, Michael Hall ***@***.***> wrote:
Savannah doesn't get any information out of GitHub that I can't get simply by looking at GitHub
--
Reply to this email directly or view it on GitHub:
#1476 (comment)
You are receiving this because you authored the thread.
Message ID: ***@***.***>
|
It's stored in a Postgres database in AWS |
Any particular continent?
Holding derived data (such as linking identities across platforms) of EU persons in the US, for instance, might be problematic.
Even doing this in the EU without notice to the community might be seen as, at best, poor form.
At least we know now. And if Quick EMU is going to keep doing it, it's now more exploit than it was.
--
†øღ
Sent from a super computer that fits in my pocket and is connected to the sum total of all human knowledge
…On 18 October 2024 22:29:57 BST, Michael Hall ***@***.***> wrote:
> I'm unable to tell from their website where they are even copying the data to.
It's stored in a Postgres database in AWS
--
Reply to this email directly or view it on GitHub:
#1476 (comment)
You are receiving this because you authored the thread.
Message ID: ***@***.***>
|
Savannah is justg one example of the many data broker companies that are doing this sort of data collection. There is no point in specifically calling them out as for every one you know about, there are another 10 you don't. Bottom line, you put stuff in a public forum, it will be collected and processed and combined with data from other sources to generate data of value to the brokers. No legislation, privacy laws, data retention rules are going to have any impact here. You put it out there, its out there. This is NOT a quickemu issue. All repositories in github, gitlab, sourcehut or any public repository as well as all social media platforms are data sources for companies like savannah. |
The community may not be ware, but this project has been connected to data aggregator savannahhq.com
This aggregates and merges the community activity across multiple platforms; processing data in novel ways that are not expected and not strictly required, such as linking diverse identities across different platforms, copying participated thread/issue data out of GitHub etc.
The use of this tool should be declared so participants are aware of this data processing, and can opt out or delete their data if required. It's not clear this is even possible, even by registering at Savannah, IANAL, but this may be illegal in the EU.
The text was updated successfully, but these errors were encountered: