Privacy policy

[paulmelnikow]

:clipboard: Description

The Shields production servers should have a privacy policy. This may be required for regulatory compliance and is a good idea regardless.

Possibly as part of that, it would be helpful to clarify how Shields interprets its long-established "no tracking" promise.

Some possible models:

• https://www.iubenda.com/
• https://github.com/wulkano/kap/blob/master/PRIVACY.md

[dg0yt]

:+1: for documenting the privacy policy.

At the same time, it might be worth mentioning that usage in README.md or wikis on Github is covered by GH's image proxying for privacy:

• https://help.github.com/en/articles/about-anonymized-image-urls
• https://github.blog/2014-01-28-proxying-user-images/

[aidin36]

It's worth mentioning that EFF Privacy Badger blocks the shields.io

[dg0yt]

It's worth mentioning that EFF Privacy Badger blocks the shields.io

So does this include blocking Github's anonymized urls at all?

[chris48s]

@aidin36 - I think we're straying from the original point of this but that may or may not be by design. Last time it happened, it was reported as a bug and fixed: https://github.com/EFForg/privacybadger/issues/1394

[aschrijver]

Bringing back to original point:

The Shields production servers should have a privacy policy.

Shields needs one to be GDPR-compliant. There are 3rd-party services used that needs mentioning. Shields looks like a great community-driven project, but it might just as well be a (de-facto) tracker one rather avoids for privacy reasons. Privacy policy would reassure people about appropriateness of using shields.