search

wechaty / PMC

Project Management Committees
https://www.apache.org/foundation/how-it-works.html#pmc
Apache License 2.0
4 stars 0 forks source link

We need a blog post to clarify the relationship between Wechaty OSS Project and the Commercial Puppet Service Provider (CPSP) #11

Open huan opened 4 years ago

huan commented 4 years ago

Today I saw an issue comment from a developer from our Wechaty community at https://github.com/wechaty/wechaty/issues/1941#issuecomment-633362094, and he is very confused with our project and the token application process.

I believe that there's a need to document the relationship between the Wechaty as an Open Source Software project with the Commercial Puppet Service Provider (CPSP) from our community.

Wechaty is an Open Source Software Project

Wechaty is an Open Source Software (OSS) project with Apache-2.0 License.

Originally, we are using the Web protocol which means anyone who wants to use Wechaty can just use it without any additional steps.

However, after the Web protocol has been limited by Tencent a year ago, many new Wechat accounts can not use the Web protocol anymore.

Learn more about it from https://github.com/wechaty/wechaty/issues/872

Then we have designed and opened the Wechaty Puppet Abstract Class system so that anyone can develop their own wechaty puppet implementation. This design makes Wechaty more powerful because it makes Wechaty could benefit from the protocols other than Web, for example, the wechaty-puppet-padplus implements the iPad protocol, and the wechaty-puppet-macpro implements the Mac protocol.

The web protocol became wechaty-puppet-puppeteer and wechaty-puppet-wechat4u.

Commercial Puppet Service Provider (CPSP)

However, the puppet protocol other than the web is very complicated and resource-consuming because they need more technics to maintain the Robotic Process Automation (RPA) service.

The Wechaty Org currently has only maintained the two web protocol puppet officially:

  1. wechaty-puppet-puppeteer
  2. wechaty-puppet-wechat4u

The other puppets are all provided from the third party, which means they are coming from 3rd parties. (Thanks for our strong community!)

Summary

  1. Wechaty supports to use of the puppet provider module so that it can run on almost all of the Wechat protocols. Two of those modules are Web Protocol, and the others are all built by the 3rd party.
  2. Wechaty Organization is not selling any token. All token is provided by the 3rd party CPSP (Commercial Puppet Service Providers).

Update Oct 12, 2020

All Wechaty Puppet Service Providers will be listed at https://github.com/wechaty/puppet-service-providers/issues/new/choose

ax4 commented 4 years ago

I agree with this clarification. As our offline meetup in Shanghai last Thursday #6 , we’ve raised the same concerns and developed a few discussions.

nelsonie commented 4 years ago

Hi, huan, thank you so much for the clarification. I believe many developers and organizations might concern about the data privacy, I strongly suggest Wechaty to mention it on your project home page that all the wechat message info will go to CPSP if they use 3rd party Puppet.

huan commented 4 years ago

@nelsonie You are welcome and thank you for the suggestion to mention the CPSP and the data privacy in our README. It is indeed necessary and I'll think about how to write it when I got some time.

It would be great if you can send a PR to add a notice for that because you are sitting at the developers' position and know what you care about most.

nelsonie commented 4 years ago

@huan I'd love to send a notice PR but it's inappropriate due to some questions I can't answer, hope these questions can be helpful for writing the clarification.

  1. Whether CPSP stores these Wechat data? Or just do proxy
  2. What actions does CPSP take for avoiding data leak if CPSP stores these data
  3. What will CPSP do with these data, train a chatbot or what
huan commented 4 years ago

@nelsonie Hi, sorry for missing your issue reply.

For your three questions, the short answer should be it depends.

Long Answer

A Commerical Puppet Service Provider (CPSP) is the provider of a puppet service, who makes their service compatible with our puppet-service module and providing/publishing TOKENs so that our Wechaty developers can use their service with wechaty-puppet-service and the TOKEN.

The puppet service behind the service provider is highly customized by the provider. The Wechaty has no idea about the puppet service, which means that the developer must pay attention by themselves about your questions: whether the data will be stored/leaking/usage.

In other words, different puppet service providers might have different behaviors. So please read the User Agree License from the service provider before using their services.

I hope my answer can make your question clear, please feel free to let me know if you have more questions.

rosendolu commented 3 years ago

@huan I'd love to send a notice PR but it's inappropriate due to some questions I can't answer, hope these questions can be helpful for writing the clarification.

  1. Whether CPSP stores these Wechat data? Or just do proxy
  2. What actions does CPSP take for avoiding data leak if CPSP stores these data
  3. What will CPSP do with these data, train a chatbot or what

Nice ques;It seems that these risks do exist。

dotaZealot commented 7 months ago

too late to see this clarification,so we need ammunition to fight against limitation from Tencent:)