Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[community] justify and declare use of Savannah #1476

Open
tomchiverton opened this issue Oct 13, 2024 · 8 comments
Open

[community] justify and declare use of Savannah #1476

tomchiverton opened this issue Oct 13, 2024 · 8 comments

Comments

@tomchiverton
Copy link

tomchiverton commented Oct 13, 2024

The community may not be ware, but this project has been connected to data aggregator savannahhq.com

This aggregates and merges the community activity across multiple platforms; processing data in novel ways that are not expected and not strictly required, such as linking diverse identities across different platforms, copying participated thread/issue data out of GitHub etc.

The use of this tool should be declared so participants are aware of this data processing, and can opt out or delete their data if required. It's not clear this is even possible, even by registering at Savannah, IANAL, but this may be illegal in the EU.

@lj3954 lj3954 added triage Further information is requested or required and removed triage Further information is requested or required labels Oct 13, 2024
@lj3954
Copy link
Member

lj3954 commented Oct 13, 2024

I'll wait for @flexiondotorg to provide a response for this. I have no knowledge as to what is being referred to here.

@tomchiverton
Copy link
Author

tomchiverton commented Oct 14, 2024

Alan Popey demonstrated this at Ogg Camp, UK, over the last weekend. per https://www.savannahhq.com/privacy-policy/ "importing certain personally identifiable information about your community members from 3rd party services, including but not limited to names, email address, and public communications."

It seems this can happen without the community being aware of it.

Now you are and can make an informed choice.

If you do decide to stick with it, I suggest making it's continued use explicitly stated somewhere so that current and future contributors are informed.
Either way, maybe the project needs something like an explicit privacy policy or something, stating the community preference for being ingested into 3rd party tools

@mhall119
Copy link

Savannah doesn't get any information out of GitHub that I can't get simply by looking at GitHub

@philclifford
Copy link
Contributor

https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement#sharing-of-personal-data

"Other Users and the Public: Depending on your account settings, we may share Personal Data with other users of the Services and the public. You control what information is made public. To adjust your settings, visit User Settings in your profile. Please be aware that any information you share in a collaborative context may become publicly accessible."

@tomchiverton
Copy link
Author

tomchiverton commented Oct 18, 2024 via email

@mhall119
Copy link

I'm unable to tell from their website where they are even copying the data to.

It's stored in a Postgres database in AWS

@tomchiverton
Copy link
Author

tomchiverton commented Oct 18, 2024 via email

@theophilusx
Copy link

Savannah is justg one example of the many data broker companies that are doing this sort of data collection. There is no point in specifically calling them out as for every one you know about, there are another 10 you don't. Bottom line, you put stuff in a public forum, it will be collected and processed and combined with data from other sources to generate data of value to the brokers. No legislation, privacy laws, data retention rules are going to have any impact here. You put it out there, its out there.

This is NOT a quickemu issue. All repositories in github, gitlab, sourcehut or any public repository as well as all social media platforms are data sources for companies like savannah.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants