Exodus-Privacy / exodus-android-app

εxodus Android application
GNU General Public License v3.0
690 stars 58 forks source link

Stop using Crowdin #86

Closed comradekingu closed 2 years ago

comradekingu commented 4 years ago

Crowdin is as far removed from privacy it gets.

Here are some direct clippings of all other relevant parts of https://support.crowdin.com/privacy-policy/. (My comments only to be found betwixt those, everything else verbatim, in the order it appears, minus irrelevant sections. I have made it easier by cutting it down in bold, which doesn't change the content, presented as is).

> **We** may **disclose information to third parties** if you **consent** to us doing so, as well as in the following circumstances: (OK, what constitutes consent, and what does that entail. Can the service be used _at all_ without it?) > **We work with third party service providers who provide** website, application development, hosting, maintenance, and **other services** for us. These third parties may **have access to, or process Personal Data or Client Data** as part of providing those services for us. > We may **make certain automatically-collected, aggregated, or otherwise non-personally-identifiable information available to third parties for various purposes, including** (i) compliance with various reporting obligations; (ii) **for business or marketing purposes; or (iii) to assist such parties in understanding our Clients’, Users’ and Visitors’ interests, habits, and usage patterns for** certain **programs, content, services, and/or functionality available through the Service** > **We** may **disclose Personal Data or other information** if required to do so by law or i**n the good-faith belief that such action is necessary to comply with applicable laws**, in response to a facially valid court order, judicial or other government subpoena or warrant, **or** to **otherwise cooperate with** law enforcement or **other governmental agencies**. > **We also** reserve the right to **disclose Personal Data or other information that we believe**, in good faith, **is appropriate** or necessary to (i) take precautions against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of the Service and any facilities or equipment used to make the Service available, or (v) protect our property or other legal rights, enforce our contracts, or protect the rights, property, or **safety of others**. (Wait for it) > **Information about Users and Visitors, including Personal Data**, may be **disclosed and otherwise transferred to an acquirer, successor or assignee** as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or **receivership in which information is transferred to one or more third parties as one of our business assets** and only if the recipient of the User or Visitor Data commits to a Privacy Policy that has terms substantially consistent with this Privacy Policy. > **Client Data** may be physically or **electronically transferred to** an acquirer, or successor or assignee as part of any merger, acquisition, debt financing, **sale of assets, or similar transaction**, as well as in the event of an insolvency, bankruptcy, or **receivership in which information is transferred to one or more third parties as one of our business assets**, for the sole purpose of continuing the **operation of the Service**, and only if the **recipient** of the Client Data commits to a Privacy Policy that has **terms** substantially **consistent** with this Privacy Policy > You may **decline to share** certain Personal Data with us, in which case we may **not be able to provide to you** some of the features and **functionality** of the **Service**. > The **Service** may **contain features or links to web sites and services provided by third parties**. Any **information you provide on third-party sites or services** is **provided directly to the operators** of such services and is **subject to those operators’ policies**, if any, governing privacy and security, even if accessed through the Service. We are **not responsible for the content or privacy and security practices and policies of third-party sites or services** to which **links or access are provided through the Service**. > **Interest based advertising** is the **collection of data from different sources and across different platforms in order to predict an individual’s preferences or interest** and to deliver to that individual, or his/her computer, smart phone or tablet, advertising based on his/her **assumed preference or interest inferred from the collection of data pertaining to that individual** or others who may have a similar profile or similar interests. > **We work with** a **variety of third parties** to **attempt to understand the profiles of** the **individuals** who are most likely to be interested in the Crowdin products or services so that we can send them promotional emails, or serve our advertisements to them **on the** **websites and mobile apps of other entities**. > These third parties include: (i) **advertising networks**, which **collect information about** a **person’s interests** when that person **views or interacts with one of their advertisements**; (ii) **attribution partners**, which **measure the effectiveness of** certain **advertisements**; **and** (iii) **business partners**, which **collect information when a person views** or interacts with **one of their advertisements**. > In **collaboration with** these **third parties**, we **collect information about** our customers, prospects and other **individuals over time and across different platforms** **when** they **use these platforms** or interact with them. **Individuals** may **submit information directly on our Sites or on platforms run by third parties**, **or by interacting** with us, our **advertisements**, or **emails** they receive **from us** **or** from **third parties**. **We** may **use special tools** that are commonly used **for this purpose**, such as **cookies, pixels**, and **similar technologies**. **We** may **have access to databases** of **information collected by** our **business partners**. > The **information** we or **third party collect** enables us to **learn** what **purchases the person made**, what **ads or content the person sees**, on **which ads or links the person clicks**, and **other actions that the person takes** on our **Sites,** or **in response to** our **emails**, or when **visiting or using third parties’ platforms**. > We, or **the third parties with which we work, use the information collected** as described above **to understand the various activities and behaviors of** our customers, **Site visitors and others**. We, or **these third parties**, do this **for many reasons**, including: to **recognize new or past visitors to our Sites**; to **present more personalized content**; to **provide** more useful and relevant **ads** - for example, **if we know what ads you are shown** we can try **not to show you the same ones repeatedly**; to **identify visitors across devices, sales channels, third party websites and Sites**, or to **display or send personalized or targeted ads** and **other custom content** that is more **focused on a person’s** perceived **interest in products or services similar to those** that **we offer**. > Our **interest-based ads** may be **served to you in emails** or on **third-party platforms**. We may **serve these ads about our products or services** or send **commercial communications directly** ourselves or **through these third parties**. Crowdin does **not provide any personal information to the third party sites** that **display interest-based ads promoting Crowdin**. (***Just have to interject here to differentiate between personal information and personally identifiable information, read on) > We allow **third parties** with which we **have a separate agreement to use cookies** and **other technologies** to **collect information about your use of the Site**. These third parties include (i) **business partners, which collect information when you view or interact with one of their advertisements on the Site**; and (ii) **advertising networks**, which **collect information about your interests** when you view or interact with one of their **advertisements**. > The **information gathered by** these **third parties** is used to **make predictions about your interests or preferences** so that they can **display advertisements or promotional material** on this Site and on **other sites** across the Internet **tailored to your** apparent **interests**. > The **business partners** and **advertising networks** that **serve interest-based advertisements** on **the Services** have limited **access to** a small amount of **information about your profile and your device**, which is necessary **to serve you advertisements** that are **tailored to you**r apparent **interests**. It is possible that **they** may **reuse this** small amount of **information on other sites or services**. (Bingo***) > We do not share with these third parties any information that would readily identify you (such as email address); however, **these third parties** may have **access** to **information about you**r device (such as **IP or MAC address**). We do **no**t have access to, or **control over**, the **technologies** that these **third parties** may **use to collect information about you**r **interests**, and the **information practices of these third parties** are **not covered by this Privacy Notice**. **Other than** as discussed in **this document,** we have **no control over these third parties**. (Interjecting again, e-mail address is identifiable, but IP and MAC isn't? Be the judge of this information.) > **functionality cookies** - These cookies allow the website to **remember choices you make** (such as your **user name, language** or the **region** you are in) and provide enhanced, **more personal features**. For instance, **a website** may be able to provide you with local weather reports or traffic news by **storing in a cookie the region** > in which **you are** currently **located**. These **cookies** can also be used to **remember changes** you have made to **text size, fonts** and **other parts of web pages that you can customise**. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. The information these cookies collect **may be** anonymised and they **cannot track your browsing activity on other websites.** (I'll let the reader be the judge of whether this in fact this grants a unique fingerprint that can track you across websites) > **behaviourally targeted advertising cookies** - These cookies are used to deliver **adverts** more relevant to **you** and **your interests**. They are also used to limit the number of times you see an advertisement as well as help **measure the effectiveness of the advertising campaigns**. They are usually placed by advertising networks **with the website operator’s permission**. They **remember that you have visited a website** and this **information** is **shared with other organisations** such as **advertisers**. Quite often **targeting or advertising cookies will be linked to site functionality provided by the other organisation**. > **Protecting the privacy of young children is especially important.** Our Service is not directed to children under the age of 18, and we do not knowingly collect Personal Data from children under the age of 18 without obtaining parental consent. **If you are under 18 years of age, then please do not use or access the Service at any time or in any manner.** If we learn that Personal Data has been collected on the Service from persons under 18 years of age and without verifiable parental consent, then we will take the appropriate steps to delete this information. (Remember the part about good-faith earlier?) > **The Service is not intended to be used** by minors, and is not intended **to** be used to **post content** to share publicly or **with friends**. To the extent that a minor has posted such content on the Service, the minor has the right to have this content deleted or removed using the deletion or removal options detailed in this Privacy Policy. If you have any question regarding this topic, please contact us as indicated in the “How to Contact Us” section. Please be aware that, **although we offer** this **deletion** capability**,** the removal of content may **not ensure** complete or comprehensive **removal of that content or information**. > Although we may allow **you** to **adjust your privacy settings** to limit access to certain Personal Data, please be aware that no security measures are perfect or impenetrable. We are **not responsible for circumvention of any privacy settings** or security measures **on the Service**. Additionally, we **cannot control the actions of other users** with whom **you** may choose to **share** your **information**. Further, even **after information** posted on the Service **is removed**, **caching and archiving services** may have **saved that information**, and **other users or third parties** may have **copied or stored the information** available on the Service. > **We** may **transfer, process and store Personal Data** we collect through the Services **in centralized databases** and with service providers **located in the U.S.** The U.S. may **not** have **the same data protection framework as the country from which you may be using** the Services. (Take heed of why this needs to be pointed out. Do any particular US laws come to mind? Bingo.) > The **Service** is **hosted in the United States** or Germany. **Regardless of the database** being **hosted in the EU**, if you choose to **use the Service from** the European Union or other **regions of the world with laws governing data collection** and use **that** may **differ from U.S. law, then** please note that **you** may be **transfer**ring your **Client Data and Personal Data** outside of those regions **to the United States for storage and processing** by our **service providers** listed in the Crowdin Terms of Service. (But nobody is on that list, right?) > **Crowdin** is **largely unaware of** what **Client Data** is actually being **stored or made available by a Client or User to the Service** and does not directly access such Client Data except as authorized by the Client, or as necessary to provide Services to the Client and its Users. (It is almost as if the EU GDPR has provisions for this) > Because Crowdin does not collect or determine the use of any Personal Data contained in the Client Data and because it does not determine the purposes for which such Personal Data is collected, the means of collecting such Personal Data, or the uses of such Personal Data, Crowdin is not acting in the capacity of data controller in terms of the European Union’s General Data Protection Regulation (Regulation (EU) 2016/679, hereinafter “GDPR”) and does not have the associated responsibilities under the GDPR. Crowdin should be considered only as a processor on behalf of its Clients and Users as to any Client Data containing Personal Data that is subject to the requirements of the GDPR. Except as provided in this Privacy Policy, Crowdin does not independently cause Client Data containing Personal Data stored in connection with the Services to be transferred or otherwise made available to third parties, except to third party subcontractors who may process such data on behalf of Crowdin in connection with Crowdin’s provision of Services to Clients. Such actions are performed or authorized only by the applicable Client or User. (And it is almost like Crowdin has noticed) > The Client or the User is the data controller under the Regulation for any Client Data containing Personal Data, meaning that such party controls the manner such Personal Data is collected and used as well as the determination of the purposes and means of the processing of such Personal Data. > **Crowdin is not responsible for the content of the Personal Data** contained in the Client Data or **other information stored on its servers (or its subcontractors’ servers**) at the discretion of the Client or User nor is Crowdin responsible for the manner in which the Client or User collects, handles disclosure, **distributes** or otherwise **process**es such **information**. > Please **revisit** this **page periodically to stay aware of any changes to this Policy**, which **we** may **update from time to time**. If we modify the Policy, **we** will make it available through the Service, and **indicate the date of the latest revision**, and will comply with applicable law. Your **continued use of the Service after** the revised Policy has become effective **indicates** that **you have read, understood and agreed** to the current version of the Policy. (What a complete spaghetti cluster of vagueness, and outright scandalous terms and practices. Notice the pattern of _always_ mixing legitimate concerns with those that are not, the pattern of how they are referenced, and how connected parts are hidden in different categories, under headers that seem like they concern other concerns entirely. Look how the content of sentences is padded to seem less alarming, and how fill like "may", etc. just happen to appear exactly everywhere the alarming action is carried out.) There is also the https://support.crowdin.com/cookies/ and https://downloads.crowdin.com/docs/DPA-singed.pdf

https://hosted.weblate.org/legal/privacy/ https://hosted.weblate.org/legal/terms/ are the polar opposite counterparts of the Hosted Weblate terms and conditions.

pnu-s commented 2 years ago

Also we appreciate the concern about privacy, we simply do not have enough volunteer time to discuss this at the moment. I prefer closing this for the time being.

comradekingu commented 2 years ago

@pnu-s Top stuff. In due time I volunteer to set it up and manage translations and community. If money is the issue, name your price.