umputun
commented
1 year ago I understand the concerns raised about the language used in the "Privacy" section of Remark42. However, it's important to note that the developers of Remark42 cannot control how a site owner uses the system. For instance, Remark42 itself does not log users' IP addresses; it uses irreversible hashes instead. Similarly, Remark42 does not set any tracking cookies. Yet, these privacy measures may not amount to much if the site owner decides to run Remark42 behind a reverse proxy that logs all this information, or if the embedding site sets tracking cookies.
Furthermore, we cannot honestly promise what real-life use cases with sites using Remark42 will mean for user privacy. The only thing under our control is this: Remark42 itself is very sensitive to all user information and doesn't store anything beyond what is technically necessary for functionality. Therefore, while Remark42 strives to maximize user privacy, the actual level of privacy also depends on the practices of the individual site owners.
@paskal - do you recall if we have a section in docs describing all the paranoid things we do for privacy? I think we used to have it but can't figure out what section it is now, maybe it is worth having a dedicated section for this describing things like minimal auth scopes, lack of any user's records, IP masking, hashed auth ids, ability to remove all the user-related everything and so on.
Specifically, the first dot point: "Remark42 is trying to be very sensitive to any private or semi-private information".
While I appreciate the honesty and intent of the statement, I think it is perhaps unsettling to many.
For one who perhaps realises the importance of privacy, but does not understand the difficulty of combining functionality with privacy, it comes across as quite wishy-washy or perhaps even cavalier.
While suggesting self-hosted commenting systems to a friend, this statement was immediately latched onto by them as "not confidence boosting".
Suggestion (though I'm no writer) would be to move it to a paragraph before the dot points as a summary and let the dot points provide the technical detail. Change the wording to something like "Remark42 strives to maximise the privacy of users by:"