search

PokemonGoers / Catch-em-all

Now that we have tons of data about Pokemon (what they are, where they are, what’s their relationship, what they can transform into, which attacks they can perform, aso) we want to integrate it all into a comprehensive website. This website should contain sections about each Pokemon and its details. Additionally, the website should register the user’s location and tell the user how close is that the predicted pokemon to him/her. Additionally you will be incorporating the apps that were created by project B,C and D into the website. Your group will need to create automated builds and testing for this apps and use continuous integration to pull in new changes in the code repositories. Apps from projects B-D should be packaged and made available on NPM. Ideally when you completed these tasks the webapp component would integrate the apps by “requiring’ them. Here is a possible user story: when a user opens the website or the app the current location of the user will be shown. Additionally, the website/app will show automatically where the pokemons that are currently active are and where the pokemons that we predict to active in the nearest future (i.e. within half a day) will be located (all of this will be available from the app developed in project D). Hopefully, the website will be somewhat crowded by that data. Then, there needs to be a menu bar or something available (e.g. above the map or on the right side to it) that will list currently active or predicted pokemons. Clicking on one of them will make other pokemons on the map disappear, except of this clicked one. Separate web pages would allow the search and presentation of individual Pokemons and the information we gathered about them, including third party data (project A) and twitter analysis (project C)
9 stars 7 forks source link

Privacy policy #53

Closed gyachdav closed 7 years ago

gyachdav commented 7 years ago

I need someone from project E to go with me through a series of questions so we can generate a mobile app privacy policy. This will be taken care of during presentation week.

WoH commented 7 years ago

@Lugitan @philbu @Georrgi @johartl @AlexanderLill @MajorBreakfast @mfkaptan

gyachdav commented 7 years ago

https://github.com/PokemonGoers/Catch-em-all/issues/51

WoH commented 7 years ago

I got #53 / #51 on my list for tomorrow, give us a day to sort out who's working on what next. Right now work is distributed slightly unequally and this should be something we can use to help others catch up. (Including: HashPokemonGo#11)

AlexanderLill commented 7 years ago

For reference see https://www.got.show/privacy

MajorBreakfast commented 7 years ago

Note: The Game of Thrones site seems to be currently offline.

Edit: Not anymore

WoH commented 7 years ago

What's the status here?

sacdallago commented 7 years ago

@MajorBreakfast I was trying to get the rostlab server to collaborate, in vain.

philbu commented 7 years ago

@gyachdav @sacdallago did you manage to take care of the privacy policy? What's the status here?

sacdallago commented 7 years ago

@philbu Just take the one from got.show and replace the necessary parts (GOT> pokemon, TUM > PokemonGoers) :) https://got.show/privacy

philbu commented 7 years ago

I have to criticize the privacy policy from the got.show page. It's seems like an auto-generated, copy-paste, free policy from this webiste and it seems like it was placed on the website without even reviewing it.

First of all there are so many typos. You can't even read fluently at some points.

So let's begin with the first question:

What personal information do we collect from the people that visit our blog, website or app?

We do not collect information from visitors of our site or other details to help you with your experience.

First of all the formulation of this sentence. We don't collect information from visitors because we don't want to improve their experience? That's horrible. We should at least change the second part of the sentence.

When do we collect information?

We collect information from you when you or enter information on our site.

Didn't we already tell the user that we don't collect anything?

How do we use your information?

We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways: • To improve our website in order to better serve you. • To allow us to better service you in responding to your customer service requests. • To administer a contest, promotion, survey or other site feature.

Just look at the first answer. It's getting pretty ridiculous now or at least the first answer is a really bad lie.

Do we use 'cookies'?

We aren't explaining cookies. This should be done before talking about them.

We do not use cookies for tracking purposes

Just remember this sentence I will come back to this.

You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Internet Explorer) settings. Each browser is a little different, so look at your browser's Help menu to learn the correct way to modify your cookies.

A browser won't ask you to set a cookie. It will either set a cookie or it won't. So the first sentence is only semi-correct. The example of the browser is outdated and it won't work if you watch this policy in our application. Most important: Why do you want to turn of cookies which aren't used anyway?

If you disable cookies off, some features will be disabled that make your site experience more efficient and some of our services will not function properly. However, you can still place orders .

This is just nonsense considering the previous answers and the use case for the got.show page and our page

Third-party disclosure

We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information.

After this there is a paragraph about using Google Advertising. So that sentence is wrong.

Third-party links

We do not include or offer third-party products or services on our website.

No third-party products or services as Twitter, OpenStreetMap, Google for Locations.

Google

Google's advertising requirements can be summed up by Google's Advertising Principles. They are put in place to provide a positive experience for users. https://support.google.com/adwordspolicy/answer/1316548?hl=en We use Google AdSense Advertising on our website. Google, as a third-party vendor, uses cookies to serve ads on our site. Google's use of the DART cookie enables it to serve ads to our users based on previous visits to our site and other sites on the Internet. Users may opt-out of the use of the DART cookie by visiting the Google Ad and Content Network privacy policy.

Do we use Google AdSense? I assume not. Otherwise we'll have to change our Cookie policy and Niantic will take down our site in one week or less.

We have implemented the following: • Google Display Network Impression Reporting • Demographics and Interests Reporting We along with third-party vendors, such as Google use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together to compile data regarding user interactions with ad impressions and other ad service functions as they relate to our website.

We don't use these analytics.

Opting out: Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising initiative opt out page or permanently using the Google Analytics Opt Out Browser add on.

Not necessary.

CAN SPAM Act

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

We collect your email address in order to: To be in accordance with CANSPAM we agree to the following:

Empty list?

If at any time you would like to unsubscribe from receiving future emails, you can email us at and we will promptly remove you from ALL correspondence.

Which correspondence? We aren't using a newsletter system

I'll write a new improved one.

philbu commented 7 years ago

Privacy Policy

Privacy Policy Explanation

This privacy policy is for the website TODO:Link and served by PokemonGoers to better serve those who are concerned with how their 'Personally identifiable information' (PII) is being used online. PII, as used in US privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information in accordance with our website.

App and Website

This policy exists inside an application for mobile devices and on a website for mobile and desktop devices. Some of the displayed information may differ for your current device, e.g. Cookies are used on websites but not in applications.

Information

Information Collection, Use, and Sharing

We don't collect any information from visitors of our site. We only have access to information that you voluntarily give us via email or other direct contact from you. We will not sell or rent this information to anyone.

We will use your information to respond to you, regarding the reason you contacted us. We will not share your information with any third party outside of our organization, other than as necessary to fulfill your request, e.g. to change the policy.

Your Access to and Control Over Information

You may opt out of any future contacts from us at any time. You can do the following at any time by contacting us via the email address given on our website:

Cookies

What are Cookies?

A cookie is a text file containing a small amount of data which is downloaded to your computer when you visit a websites or see an adverts elsewhere on the internet. The vast majority of websites use cookies and tracking technologies. Cookies are useful because they help arranging the content and layout of websites and recognize those computers that have been to these websites before. They allow them to remember your preference settings and play an important role in helping to enhance the usability and performance of websites and your experience using them. Some cookies are also essential to enable you to move around a website and use its features.

Do we use Cookies?

We don't use cookies for tracking or identifying purposes.

External Links

This web site contains links to other sites. Please be aware that we are not responsible for the content or privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of any other site that collects personally identifiable information.

Google Maps Services

We use the Google Maps Services in our location search. Your search query will be send to Google. Google will response with a longitude and latitude.

COPPA (Children Online Privacy Protection Act)

When it comes to the collection of personal information from children under 13, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the nation's consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online. We do not specifically market to children under 13.

Fair Information Practices

The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.

In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur: We will notify the users via in-site notification within 7 business days

We also agree to the Individual Redress Principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.

CAN SPAM Act

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations. If at any time you would like to unsubscribe from receiving future emails, you can email us at and we will promptly remove you from ALL correspondence.

Contacting Us

If there are any questions regarding this privacy policy you may contact us using the information below.

TODO: Link Boltzmannstrasse, 3 Garching, Bayern 85748 Germany christian.dallago@in.tum.de

Last Edited on 2016-10-14

philbu commented 7 years ago

@gyachdav @sacdallago How do you find the new Privacy Policy?

gyachdav commented 7 years ago

Thanks for taking a crack at this. Indeed the got.show privacy policy was a hack we did in <5 minutes to get the site up and running.

The new privacy policy looks very comprehensive. a couple of questions:

Do we use Google maps? is that to get directions? also there is a type at:

"Google will response with a longitude and latitude."

And now for the kicker. Due to Niantic's draconian copyrights rules we will need to go rogue. For he privacy policy that means we will need to anonymize the privacy policy so no contact info and no details that tie as back to the TUM. This in itself may discredit the validity of the policy but that is as much as we can do.

I am no expert, but if you have some knowledge on the subject or can please check what is the rule for policies without any contact details. If that is still okay we publish the policy if it makes it pointless.. well we just wont have a privacy policy.

MajorBreakfast commented 7 years ago

@gyachdav Hehe these github issues are available to the public. Plus the about page shows a picture taken in a TUM building with students studying at the TUM and their names listed conveniently next to it. Well, at least the PokeDex part of the app should qualify as a fan encyclopedia. All in all the project kinda seems like being at least in a gray zone. :)

BTW the GOT privacy policy says in several places "US". German law applies though, right?

gyachdav commented 7 years ago

yeah, yeah i get that.. we will need to scrub out these issues as well as identifying details of people who dont wont to have their names associated with this project. At the very least the association with TUM should be completely scrubbed out.

one strategy will be to start obfuscating the names of the pokemons on the pokedex. possibly we can change the names a bit to make them still identifiable but at the same time not appear exactly as the "copyrighted" names.

Also we need to remove any mention of the app PokemonGo and instead just make strong references to it.

I will start a separate issue that will discuss how we can go rogue.

philbu commented 7 years ago

Remember that your name and the TUM contact address is also on the Imprint & Disclaimer page. Usually there is a contact address (location of firm and email) on the policy page. Because of the vague definition of policy pages we may be able to avoid a real life address and just go with an email address.

At least one contact information is needed. The user must be able to get in contact to delete his data on our server, even if we don't save his data. The privacy policy should mainly tell the user how and which of his data is used.

WoH commented 7 years ago

If anything needs to be discussed, please go there: #134