Community Terms of Service and Privacy Policy

OK, I'm trying to think of how to prevent dodgy types setting up pods in order to harvest the personal data of unsuspecting people who sign up to their pod. It's an issue that D* has yet to address. Perhaps TOS isn't the way to approach it, but it needs to be addressed otherwise D* could become notorious as a means for criminals to harvest people's data.

Of course, if someone sets up a pod just for themselves and no one else, their TOS and PP can be whatever they want.

Only public posts and posts that people share to other pods will be federated. Public posts are public so even Google can index them if it happens to find one.

AFAIK it's a security problem if someone can hack other pods non-public posts over the federation protocol.

And also some pods might be private and still want to federate. For example our company has a pod and the ToS if there was one would be quite different from a public pod. The ToS of course is mostly governed by company NDA since the pod is company property.

@Goob: perhaps the problem of user-data harvesters is one that could be addressed by adding a list of dodgy pods to PodUpti.me, which users could give feedback on?

I hope it is clear that I am not advocating a TOS/PS that is one-size fits all. But just that there IS one.

This is completely different than saying everyone must have identical TOS/PP. And I have the sentiment that that is how people are responding to the original suggestion that one is mandated if you set up a pod, in the same spirit of using the trademark. If Diaspora encourages, and this is the culture, then it will create more trust.

What I'm not clear about is what the disagreement here is. Is there a philosophical disagreement about what constitutes privacy and how important that is to give users a notice in advance before using the system (even with regards to public posts), or that it's more important to "let podmins run their pods as they like."?

If it's the former, then I have to ask, why presume that everyone wants to adopt someone else's idea of what privacy is? It's the latter then, why is encouraging a podmin to post a TOS/PP any different than posting the D logo? How does that stymie the activity of a podmin to run their pod as he or she wants to?

Please clarify that for me?

Possibly, Sean. I'm not sure what the answer is, but it's something that needs some thought given to it before D* gets much bigger.

Apologies if I've muddied the waters by suggesting it on a TOS discussion, though.

David Morley over at Diasp.org adopted the Wordpress.org, which in all honesty might not be a bad option to consider. It's under a Creative Commons license, so we're free to add additional legal code if we want to.

You can see the standard Wordpress TOS here: http://en.wordpress.com/tos/

Some things to think about:

1. How could a TOS account for the fact that some content comes from other pods, therefore being beyond the podmin's control?

2. What do we do about copyrighted content? Should it even be addressed?

3. What parts of the TOS need to be flexible to provide better options for customization?

4. If we wanted to get TOS;DR to work with us on reporting different pods Terms of Service, what would we need to do first? Could it be something that could be linked to from PodUptime?

We wrote some German terms of service which are prooved by two lawyers. CC-BY. Just in case somebody needs that... https://github.com/geraspora/german-terms-of-service

Wanted to bump this. I have a link to a current working draft, based entirely off of David Morley's modifications of the Wordpress TOS.

Here's what I want to get everyone thinking about: phrasing and necessary cleanup aside, what kind of modifications should we make for a general-use TOS? Should we omit items? Should we add them?