Community Terms of Service and Privacy Policy


Note: This discussion was imported from Loomio. Click here to view the original discussion.

One of the more important issues that Diaspora’s community members have been concerned about is the inclusion of Terms of Service and a Privacy Policy.

Many pods at the moment have no TOS at all, and some countries require that every site hosted in their country have something. Not having clear policies in place can be problematic; moreso to the point that it can create legal barriers for those that just want to host their own pod.

Here’s what I think: We need a generic TOS and PP. They are important for creating a form of legal protection for podmins and users, and they also help establish the guidelines of that specific pod’s culture. Some pods, like Diasp.org, don’t allow for pornographic content. Of course, users can still access it by federating with other pods, but general guidelines for memberships on a pod can set a certain standard for the type of audience that uses it.

For example, a school/work-appropriate pod could be encouraged to follow a set of guidelines for language and content that sets the standard for how people interact there, but other pods geared towards different communities could have much more relaxed restrictions, or in some cases, no restrictions at all.

Of course, the Terms should also address that a podmin is not responsible for the content and users of the site, so as to produce a Safe Harbor. For that matter, it ought to also be indicated that a podmin isn’t responsible for content from other pods on the network.

Sorry Sean, this feels like a duplicate of http://loom.io/discussions/728 to me (except that this one has a better title).

What would also be extremely useful is to have a system in place for podmins to easily change the TOS. I think it’d be neat to keep the generic TOS/PP in a database table as a string, or failing that, part of the app config. Modifying the terms could work like so:

  1. Podmin updates terms to the site via some field in the admin panel.

  2. As soon as the TOS is updated, all users are flagged with a simple value of true or false for a “signed-tos” variable.

  3. Users that have the value “false” are presented with a popup modal presenting the new Terms of Service, with a checkbox for a user stating that they understand and agree to the terms. In the future, it’d be nice to allow for users that disagree to still be able to export their data and photos to move to a pod with terms that they DO agree with.

  4. As soon as a user signs it, their personal value is flipped to “True”, and they don’t have to worry about it until the terms are updated again.

@Jonne: Although this too points to the need for a TOS/PP, this applies more to a project-wide support of easily being able to update the Terms of Service / Privacy Policy on any Diaspora pod, rather than illustrating that joindiaspora.com itself needs them.

Well the discussion over there went to project wide stuff pretty fast, that’s why I said the title is just better here :slight_smile:

While the original discussion began with the absence of TOS/PP on JD, the proposal there actually asks for what you are discussing here. Sometimes discussions are not algorithmic! :slight_smile: (I suppose I will get a beautifully friendly comment from Jonne on that.)

@Sean, these are excellent ideas. I am grateful to see some serious consideration about this. Podmins should be free to modify any TOS/PP to reflect what they deem to be fair use and fair conduct they expect on their pod, but there should be something that is actually posted and easy to find.

The boilerplate in the install sounds good (if this is what you are decribing). Also how users are pinged if there is a new revision.

Might it be possible that a “auto-survey” is done on the network that shows if a TOS/PP is posted at a pod. Could there be a way this is verified with some kind of ping? The results would be posted at a neutral site, such as DiasporaFoundation, or whatever.

If a pod has one posted, the link is downloaded and a thumbs up icon is displayed. If none, then a thumbs down.

People can decided where they want to go by surveying the different pods and the variety in their TOS/PP off of one page.

Perhaps even a grid that shows “features” like Porn OK? (check). Trolling not tolerated? (check). Animated avatars? (check). OK these are just illustrations.

This reporting chart also encourages a podmin to stay on top of it. It encourages trust. If people want to go to the dark side of the tracks they certainly are free to. But at least people are better informed before they sign on to a pod.

I encourage you to collaborate on ToS topic with friends from http://tos-dr.info (of http://unhosted.org fame)

Sean, your ideas look good to me on first reading. I think it would be worth developing two things (which are really two instances of the same thing):

  1. a generic, default ToS/PP for Diaspora pods, which can be adapted by podmins to suit the kind of pod they run (for instance, you mention diasp.org not allowing pornographic imagies);

but within this,

  1. a minimum ToS/PP, to which any pod must subscribe in order to be able to connect to the Diaspora network. In this, what are the ‘deal-breakers’ - such as basic respect for user privacy; not to retain a copy of user data once an account has been closed or migrated; not to harvest or retain any user data from accounts on other pods, and so on. This gives users some security, knowing that any pod they sign up to will subscribe to these minimum terms, and any pod which doesn’t come up to these standards will be kicked off the network (if that’s possible).

Does that make sense?

Hey Goob,

I agree that a generic, minimalistic TOS is probably fine for shipping by default, but I’m not sure about forcing pods to have a TOS to be part of the network. It just strikes me as something that is not only difficult to enforce, but it could be viewed as a restriction against the Open Web (“Accept these conditions as a podmin, or you can’t federate with us.”).

I think if we’re going to really be a decentralized network that federates with other platforms, those kind of restrictions are problematic in principle.

As for working with TOS;DR, I’m all for it. Maybe if we talk to them, they could set up a section for Diaspora pods or, failing that, maybe PodUptime could link to each pod’s TOS through the TOS;DR service?

Yeah I would strongly be opposed personally to forcing some kind of TOS on pods. Podmins should be able to set their ToS as they wish.

OK, I’m trying to think of how to prevent dodgy types setting up pods in order to harvest the personal data of unsuspecting people who sign up to their pod. It’s an issue that D* has yet to address. Perhaps TOS isn’t the way to approach it, but it needs to be addressed otherwise D* could become notorious as a means for criminals to harvest people’s data.

Of course, if someone sets up a pod just for themselves and no one else, their TOS and PP can be whatever they want.

Only public posts and posts that people share to other pods will be federated. Public posts are public so even Google can index them if it happens to find one.

AFAIK it’s a security problem if someone can hack other pods non-public posts over the federation protocol.

And also some pods might be private and still want to federate. For example our company has a pod and the ToS if there was one would be quite different from a public pod. The ToS of course is mostly governed by company NDA since the pod is company property.

@Goob: perhaps the problem of user-data harvesters is one that could be addressed by adding a list of dodgy pods to PodUpti.me, which users could give feedback on?

I hope it is clear that I am not advocating a TOS/PS that is one-size fits all. But just that there IS one.

This is completely different than saying everyone must have identical TOS/PP. And I have the sentiment that that is how people are responding to the original suggestion that one is mandated if you set up a pod, in the same spirit of using the trademark. If Diaspora encourages, and this is the culture, then it will create more trust.

What I’m not clear about is what the disagreement here is. Is there a philosophical disagreement about what constitutes privacy and how important that is to give users a notice in advance before using the system (even with regards to public posts), or that it’s more important to “let podmins run their pods as they like.”?

If it’s the former, then I have to ask, why presume that everyone wants to adopt someone else’s idea of what privacy is? It’s the latter then, why is encouraging a podmin to post a TOS/PP any different than posting the D logo? How does that stymie the activity of a podmin to run their pod as he or she wants to?

Please clarify that for me?

Possibly, Sean. I’m not sure what the answer is, but it’s something that needs some thought given to it before D* gets much bigger.

Apologies if I’ve muddied the waters by suggesting it on a TOS discussion, though.

David Morley over at Diasp.org adopted the Wordpress.org, which in all honesty might not be a bad option to consider. It’s under a Creative Commons license, so we’re free to add additional legal code if we want to.

You can see the standard Wordpress TOS here: http://en.wordpress.com/tos/

Some things to think about:

  1. How could a TOS account for the fact that some content comes from other pods, therefore being beyond the podmin’s control?

  2. What do we do about copyrighted content? Should it even be addressed?

  3. What parts of the TOS need to be flexible to provide better options for customization?

  4. If we wanted to get TOS;DR to work with us on reporting different pods Terms of Service, what would we need to do first? Could it be something that could be linked to from PodUptime?

We wrote some German terms of service which are prooved by two lawyers. CC-BY. Just in case somebody needs that… https://github.com/geraspora/german-terms-of-service