Add ToS and PP documents for podmins to use


(altruism) #21

Groove, sorry, I now see that the ToS clearly states information about license, but not the PP (what I can see).


(Hans Fase) #22

You can see a working sample of what I have done here.
https://hfase.com/terms

Basically that covers both the terms and privacy of the site but could be re-written or translated. Also with a little more advanced coding it would be possible to add a field to the users table and a check-box for users to agree… :slight_smile:


(tortoise) #23

Hi Hans!

This is a great first stab.

I just spottd a few tiny things that you may want to correct [in brackets]:

“As a user[comma] you agree to any information you have entered above [to be] stored in a database. While this information will not be disclosed to any third party without your consent[comma] the webmaster, administrator[comma] and moderators cannot be held responsible for any hacking attempt that may lead to the data being compromised.”

As far as the second sentence, what about just using an indemnity clause. I think using the word “hacking” may scare people off. A lot of people have different definitions of that word. So why not say something instead like, “you agree to indemnify the webmaster, admin, and/or moderators of [this pod] to any third party for using this website.” I’m not sure if that is exactly the wording in legalese, but may be better than mentioning hacking! :slight_smile: What do you think?


(Hans Fase) #24

One of the biggest things was compliance with COPPA

For this reason a checkbox would be required so that the user can state that they are over the age of 13.

Having a ToS & Privacy page are absolutely essential in my eyes though as a webmaster. I do not want to run into litigation due to what somebody else does with my website…


(tortoise) #25

@Hase: It does seem a little reckless not to have a TOS/PP. I really do not understand the sentiments not to have one posted.

I do understand however that it is a complex and challenging issue.

I’m curious to know what are the consequences of having no TOS/PP if something terrible were to happen? Have you heard of anything?


(Hans Fase) #26

Disney was fined $3,000,000 for not adhering to COPPA…

http://www.pcmag.com/article2/0,2817,2385444,00.asp


(tortoise) #27

WOW! That is a good example.

Know of any others?


(Steven Hancock) #28

madamephilo even adding it to the CLA wouldn’t require podmins to have a TOS or PP, the CLA only applies to developers who contribute code to the project. Podmins are users (and, because the AGPL requires it, distributors) of the software so only the terms of the AGPL can apply to them, anything else would be “additional restrictions” and the license doesn’t allow that.

Of course, regardless of the license if they’re running a public pod (or any kind of public website) they still have to the law and (in the U.S., at least) FTC regulations.


(tortoise) #29

@Steven: OK I can see that, it was just a thought. But what about this: What is the difference of posting clearly “This is a Diaspora™ Pod” and “you must post a clear TOS/PP to use this software” ?

What enforces me to not take the name off the software and rename it? I believe that it is the copyright. There is also something called paternity rights. Let’s say I create a work of art called the mona lisa. If you buy it and you draw a mustache upon it, I can sue you for copyright infringement even if you bought it outright from me.

It seems to me the same possibility would exist that if the owners of the D copyright could license it and say, for the purposes of user education, you must have a TOS/PP clearly posted. What that TOS/PP actually says is up to the podmin, but THAT there is one posted, seems only good practice.

It’s only a matter of will. I’m waiting for someone to tell me a legitimate reason podmins should not post TOS/PP’s.


(Steven Hancock) #30

Actually it’s trademark law that governs the use of the name Diaspora… and that’s an interesting thought. The AGPL (a copyrigiht license) allows you, as a user of the software, to make whatever changes you want to the software as long as you distribute it freely… it’s even possible with any opensource software to fork the project and rename your fork… so there’s no issue of copyright infringement there (if the license says you can do it, you’re not infringing).

However, many opensource projects (Mozilla is a good example here) have separate licensing provisions for their trademarks, you can’t distribute a modified version of Firefox and still call it Firefox without permission, which is why Debian and Ubuntu at one time distributed a browser called IceWeasel. It might be possible, the provisions of the AGPL notwithstanding, to say that the Diaspora trademark can’t be used unless a TOS/PP is clearly posted.


(Jason Robinson) #31

Bumping this.

It would be really important IMHO for the project to offer ready generic templates for podmins to use or customize. Currently podmins are sort of alone here, not able to create a TOS or PP easily - and this comes with certain legal risks if one is running a service for potentially hundreds of users.

I had to start work on this because I want to open up I Like Toast for more users but before I do that I want to have a proper ToS and PP in place - for transparency and protection of users, and obviously for legal protection for myself too.

I looked around for a while and the easiest social networking style already existing terms I found from App.Net - and conveniently they have them in GitHub and share them with a CC BY-SA 3.0 license. So I’ve forked them and made some initial modifications.

Any thoughts? Could we work on these and then put them into the main repo?

Remember, the templates should be guidelines - not something that every pod should use. All pods can run on whatever terms they want - the project should never try to enforce anything.

Anyway, here is my fork: https://github.com/jaywink/terms-of-service


(goob) #32

I agree this would be really helpful, and it looks as though you’ve made a really good start, both in finding a template ToS we can work from and in amending it. Thanks a lot for your work on this, Jason.

My only question, having skimmed it through, is whether it would be worth formatting the template such that some information is presented as essential (i.e. we wouldn’t want a pod to have a ToS that didn’t include it, such as respecting ownership of data) and other things which have been included but which are optional (for example, ruling out certain content such as porn) - I realise porn isn’t mentioned in the draft, but it’s an example of something that some pods will want to ban and others won’t. There are probably various thing in the template which we won’t consider essential in a ToS but which it might be useful to leave in so that if someone wants to include it they don’t have to write it themselves. However, it would be good to distinguish these elements from the crucial stuff to make it easier for a podmin to tailor it to their pod without deleting anything crucial, if you see what I mean. I’d suggest using bold for essential elements, but I see that bold is already used in some places.

I realise that the App.Net ToS is free to fork and use, but if we decide to go ahead, shall we tell them we’d like to base ours on theirs and ask if they’re happy with that, just to be friendly?


(Jason Robinson) #33

My only question, having skimmed it through, is whether it would be worth formatting the template such that some information is presented as essential (i.e. we wouldn’t want a pod to have a ToS that didn’t include it, such as respecting ownership of data)

Well, this really is against the principle of licensing the software under AGPLv3. There should be absolutely no constraints on how someone wants to use the software - eg what ToS they want to run a pod under.
But sure, we can recommend such things :slight_smile:

There are probably various thing in the template which we won’t consider essential in a ToS but which it might be useful to leave in so that if someone wants to include it they don’t have to write it themselves. However, it would be good to distinguish these elements from the crucial stuff to make it easier for a podmin to tailor it to their pod without deleting anything crucial, if you see what I mean. I’d suggest using bold for essential elements, but I see that bold is already used in some places.

Maybe just surround the non-core stuff with brackets?

I realise that the App.Net ToS is free to fork and use, but if we decide to go ahead, shall we tell them we’d like to base ours on theirs and ask if they’re happy with that, just to be friendly?

There is no need - it’s CC BY-SA 3.0 - anyone has the right to fork it as long as attribution is given to the source :slight_smile: So we just need to keep a mention in the repo where the original is from. My suggestion would be to put the templates in a subdirectory of the diaspora repository and keep a README in that directory explaining how the templates can be used etc.
The other option is to put them in to the wiki - but I think Git is better for this kind of stuff personally. Then we can track changes via pulls as normal. Also it would be nice to make it easy for podmins to add the templates somewhere under the app as static files. Maybe add “terms of service” + “privacy policy” links to the side bar / footer (logged in and logged out) - and render them if the static files have been copied in place. Then podmins only have to copy the files into the correct place.


(goob) #34

Well, this really is against the principle of licensing the software under AGPLv3. There should be absolutely no constraints on how someone wants to use the software - eg what ToS they want to run a pod under.
But sure, we can recommend such things :slight_smile:

Yeh, I understand that - I meant a strong recommendation - i.e. ‘we really think you should include this in your ToS’, obviously can’t be a binding requirement.

My suggestion would be to put the templates in a subdirectory of the diaspora repository and keep a README in that directory explaining how the templates can be used etc.

I agree something like that would be good - or give them a .example suffix like the diaspora.yml and database.yml files. If a podmin wants to include a ToS and privacy policy, they just edit the files and save them without the .example suffix. If the app finds these files (maybe tos.tml and privacy.yml) where they should be, it automatically adds links to a ToS and privacy policy to pages (side-bar or somewhere).


(goob) #35

Oops, .yml not .tml.


(madrone) #36

Hi,
I joined diaspora a few months ago, trying to escape facebook, but have been concerned about the fact that there are no terms of service or privacy policy offered for the pod I am in, or many others. I realize that not having one leaves users vulnerable to content abuse, or theft similar to that practiced by facebook (at least they give you a hint that they’re going to abuse your information). I realize that many of the podmins are not as ill-intentioned, and I know that diaspora was founded on the basis of providing a network that would protect its users content. I think it’s wonderful that podmins can adopt whatever TOS they like, but the fact is, even well intentioned pods have no way to provide user protection. Diaspora is not only open to abuse, it provides a perfect platform for it, camouflaged as it is in a context of data protection. I have found countless pods with no policy whatsoever, pods with questionable practices at best, and one that even seemed to be constructed specifically to capitalize on the use and sale of user content, much like facebook, tumblr, google, etc…

As a user I would greatly appreciate a privacy agreement and terms of use that is not constructed solely to protect and or profit podmins. I understand that hosts have to protect themselves in the event of an unauthorized data breach, government data request, or other unforeseen events/failures, and such, and of course that should all be a part of it, but I am seeing only this side represented. I understand that additional allowances for data collection to aid performance is necessary, but many contain loopholes for retaining data forever, at the discretion of the host, and open to distribution to 3rd parties, and who ever else they desire, which is the kind of neglect of privacy that many users are trying to escape when they turn to diaspora. I would love to find a TOS that I can actually agree with, that for once seeks to protect its users content, not simply to open loopholes to abuse it. I’ve looked at the one I Like Toast has made and a few others, but they seem pretty unsatisfactory from the users perspective. I would like to be able to recommend diaspora to my friends, but currently I’m having to consider looking for a different network, for it is not something I can confidently recommend or even slightly trust myself at this point. I see so much potential in this, so I would like to cheer you all on in making a privacy policy and terms of service template that would make it easy for podmins to safely offer such a service while representing the concerns of all us end users. Thanks for all your efforts, and keep it up!!