Privacy Improvements

jenix · 12 July 2020 07:42

First of all: the new forum looks like a big improvement over askbot while maintaining the same functionality (just set the Default Homepage to “Latest”).

While browsing the forum, I noticed some third-party requests which do not seem to be necessary. The one I could reproduce is the forum trying to load a favicon from https://searchmobilecomputing.techtarget.com/favicon.ico.
I also saw some connections to discourse.org, but couldn’t pinpoint it further. Maybe, someone else noticed it to. In this case, please feel free to add to this thread.

And one last thing: During the sign up process, you have to agree to the Jolla Privacy Policy. But this forum seems to be hosted by discoursehosting.net which runs on DigitalOcean, which is nowhere mentioned, neither here on the forum nor on the privacy policy. While I know how much effort it takes to maintain such a server, I’d somehow expect from a privacy-aware company like Jolla to host the forum themself. At least, that is what the Jolla Privacy Policy, which at no point mentions the disclosure of all information entered here towards the hosting companies of the forum, suggests. At least make the users aware of where their data is stored to give them a choice (which is the purpose of the GDPR btw).

flypig · 12 July 2020 10:11

While browsing the forum, I noticed some third-party requests which do not seem to be necessary.

Do you recall which pages you saw these on? When I browse the forum with cache and tracking-blockers disabled, I’m seeing only requests to forum.sailfishos.org.

cy8aer · 12 July 2020 10:32

Names…

> host forum.sailfishos.org
forum.sailfishos.org is an alias for sailfishos.discoursehosting.net.
sailfishos.discoursehosting.net has address 157.230.16.168

Who owns the address?

> whois 157.230.16.168
NetRange:       157.230.0.0 - 157.230.255.255
CIDR:           157.230.0.0/16
NetName:        DIGITALOCEAN-157-230-0-0
NetHandle:      NET-157-230-0-0-1
Parent:         NET157 (NET-157-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       AS14061
Organization:   DigitalOcean, LLC (DO-13)
RegDate:        2018-08-22
Updated:        2020-04-03
Comment:        Routing and Peering Policy can be found at https://www.as14061.net
Comment:        
Comment:        Please submit abuse reports at https://www.digitalocean.com/company/contact/#abuse
Ref:            https://rdap.arin.net/registry/ip/157.230.0.0

Where is the ip hosted? Enter the ip into https://ipinfo.io

ip: "157.230.16.168"
hostname: "proffra934.discoursehosting.com"
city: "Frankfurt am Main"
region: "Hesse"
country: "DE"
loc: "50.1155,8.6842"
postal: "60311"
timezone: "Europe/Berlin"
asn: Object
asn: "AS14061"

name: "DigitalOcean, LLC"
domain: "digitalocean.com"
route: "157.230.16.0/20"
type: "hosting"

Ok looks like it is hosted at a provider in Frankfurt/Main aka Europe. American provider. So it should follow the european GPDR - but this chain is not directly mentioned.

DaveRo · 12 July 2020 10:55

I posted a link to discourse.org in:
First comment on the new Sailfish OS Forum
It probably fetches the site icon (favicon).

And if you view that topic again it probably won’t show my post or re-fetch it unless you scroll up from the first new post.

flypig · 12 July 2020 12:58

Yes, nice observation, that does seem to be it. The techtarget one is probably from here.

jenix · 19 July 2020 07:33

Thank you all for the replies.
In this case, these third-party requests are not necessary for the forum to function. I believe that there should at least be an option to disable third-party requests since the best data protection is to not produce data in the first place.

Does the current ruling on the Privacy Shield have any effects on hosting this forum? The best option from my point of view would still be a self-hosting solution.