Add privacy policy (cont.) #27
Conversation
privacy.md
Outdated
|
|
||
| ## Information we collect | ||
|
|
||
| We collect a few different kinds of information about you, like what part of the world you are in, what pages you come to our website from, and what device and software you use. We also collect information about how you use our website. We might collect your Scratch username. |
There was a problem hiding this comment.
We might collect your Scratch username.
Any specific reason for this to not be specific enough? We don't collect usernames unless explicitly given by users, in the feedback page.
privacy.md
Outdated
|
|
||
| ## Information we collect | ||
|
|
||
| We collect a few different kinds of information about you, like what part of the world you are in, what pages you come to our website from, and what device and software you use. We also collect information about how you use our website. We might collect your Scratch username. |
There was a problem hiding this comment.
maybe change this We also collect information about how you use our website. We might collect your Scratch username. to this: We also collect your Scratch username (if you have one) and data about how you use ScratchAddons.com
There was a problem hiding this comment.
Sounds good, but this isn't my pr anymore.
There was a problem hiding this comment.
@Explosion-Scratch I think it is "might" because it is an optional thing. Also, don't refer it as ScratchAddons.com. You can refer it as "our website" as stated on the first paragraph.
@easrng Just so you know, you can do a pull request that is directly to the privacy branch.
Hans5958
force-pushed
the
master
branch
2 times, most recently
from
662c251
to
b4acd86
Compare
|
Up to date version (without merge conflicts): #41 |
# Conflicts: # assets/css/base.scss # site/faq.md # site/farewell.html # site/feedback.html # site/index.html # site/scratch-messaging-transition.html # site/welcome.html
|
That is really weird. Will try to resolve this. |
Also revert unnecessary changes
|
@wgyt735yt Fixed it. You can check it again if you want. |
Thanks for doing it, can we merge this? |
|
I'll work on this after v1.14.0 release |
|
Related: does anyone know of an analytics service that does not require us to ask for opt-in, unlike Google Analytics? That way, we could avoid the banner altogether. I believe GitHub recently did some changes like that as well - they only kept necessary cookies and removed the banner. |
Ocular uses Plausible, and they don't have a banner. |
|
I plan to remove all cookies from the website by the second half of May. We'll probably move to a self-hosted instance of Plausible, which does not use cookies. Possibly hosted by @jeffalo. And we'll have a page that will display at least some of the data Plausible collected publicly (not sure if we want everything public yet). We'll continue to use Cloudflare for now, so there's no other option but to let it "see" the IP addresses of our visitors (at some point of the chain, someone has to be able to do that of course). But using Cloudflare infrastructure, we could make it so other 3rd parties (GitHub Pages, Plausible, let me know if we can think of any other) don't get the full IP addresses of our visitors (or don't get them at all). |
|
AFAIK plausible doesn't touch IPs. |
It doesn't. But the server hosting Plausible can still get it. "Never trust the client" and "never trust the server", they say. |
I think we can trust Jeffalo not to log IPs? |
You have to optin into enabling the Ocular addon - but the moment the extension is installed, we immediately open ScratchAddons.com without explicit consent. Not the same. |
|
@WorldLanguages Cloudflare's proxy doesn't pass the real IP unless you tell it to |
|
@wgyt Are you sure they can be disabled from settings? I was thinking of using a Cloudflare Worker |
AFAIK 'X-Forwarded-For' and 'CF-Connecting-IP' are always on. |
Spoiler alert: you can easily set up Nginx to de-obfuscate ips from behind cloudflare, so we have to trust whoever is hosting our server. |
|
On my website, I use Cloudflare analytics and it works well. It uses 0 cookies, and gives a decent amount of data, including visits, page views, page load time, country data, the referer, host, path, and browser. |
I don't think anything is stopping us from setting up a Cloudflare Worker that anonymizes the |
I think you could anonymize those headers, but I have no experience with CF workers so 🤷🏻♂️ |
Continuation of #26, resolves #24.
@WorldLanguages, you do the merge as you are the project leader.