Disroot/Disroot-Project

Fork 0

[UPLOAD (Lufi) / PRIVACY POLICY]: Missing or inaccurate information #444

New issue

Closed

opened 2023-02-25 20:44:45 +01:00 by fede · 4 comments

fede commented

2023-02-25 20:44:45 +01:00

Owner

PP (4.5 Disroot Upload) doesn't mention maximum time retention for uploaded files via Lufi, only that:

Files uploaded to the server are wiped based on the retention period set by the user upon upload.

There's a discrepancy between PP and the Upload About page (https://upload.disroot.org/about). While the first states that:

No log data (IP address, session cookie, etc.) is stored on the server;

the About page says:

be aware that, for legal reasons, your IP address will be stored when you send a file.

- PP (4.5 Disroot Upload) doesn't mention maximum time retention for uploaded files via Lufi, only that: > Files uploaded to the server are wiped based on the retention period set by the user upon upload. - There's a discrepancy between PP and the Upload About page (https://upload.disroot.org/about). While the first states that: >No log data (IP address, session cookie, etc.) is stored on the server; the About page says: >be aware that, for legal reasons, your IP address will be stored when you send a file.

antilopa was assigned by fede

2023-02-25 20:44:45 +01:00

avg_joe was assigned by fede

2023-02-25 20:44:45 +01:00

fede self-assigned this 2023-02-25 20:44:45 +01:00

meaz was assigned by fede

2023-02-25 20:44:45 +01:00

muppeth was assigned by fede

2023-02-25 20:44:45 +01:00

fede added the

Lufi

label 2023-02-25 20:45:59 +01:00

meaz commented

2023-03-04 08:06:20 +01:00

Owner

There is a "max_delay" car that is set to 30 days, so after 30 days files will be deleted, even if they were uploaded with "no delay" (or value superior to max_delay)

We have also size thresholds: max delays for different sizes of file. If a file is smaller than the smallest configured size, it will have a expiration delay of max_delay (see above)

We have:

10MB => 60, # between 10MB and 50MB => max is 60 days, less than 10MB => max is max_delay
50MB => 30, # between 50MB ans 100MB  => max is 30 days
100MB => 15, # between  100MB and 1GB => max is 15 days
1GB => 2, # more than 1GB => max is 2 days

I would change perhaps to this:

100MB => 15, # between  100MB and 1GB => max is 15 days
1GB => 2, # more than 1GB => max is 2 days

so that less than 100MB => max is max_delay

As for IP's, there is setting for that keep_ip_during which is the number of days senders' IP addresses are kept in database. We have set it to 0.

The About page is static as you can see here https://framagit.org/fiat-tux/hat-softwares/lufi/-/blob/master/themes/default/templates/about.html.ep so we could changed the Privacy part if needed. What do you think @muppeth

There is a "max_delay" car that is set to 30 days, so after 30 days files will be deleted, even if they were uploaded with "no delay" (or value superior to max_delay) We have also size thresholds: max delays for different sizes of file. If a file is smaller than the smallest configured size, it will have a expiration delay of max_delay (see above) We have: ``` 10MB => 60, # between 10MB and 50MB => max is 60 days, less than 10MB => max is max_delay 50MB => 30, # between 50MB ans 100MB => max is 30 days 100MB => 15, # between 100MB and 1GB => max is 15 days 1GB => 2, # more than 1GB => max is 2 days ``` I would change perhaps to this: ``` 100MB => 15, # between 100MB and 1GB => max is 15 days 1GB => 2, # more than 1GB => max is 2 days ``` so that less than 100MB => max is max_delay As for IP's, there is setting for that `keep_ip_during` which is the number of days senders' IP addresses are kept in database. We have set it to 0. The About page is static as you can see here https://framagit.org/fiat-tux/hat-softwares/lufi/-/blob/master/themes/default/templates/about.html.ep so we could changed the Privacy part if needed. What do you think @muppeth

fede commented

2023-03-04 19:44:13 +01:00

Author

Owner

For what is worth, I've tested it with files within the file sizes ranges.
My results:
from 0 to 96MB -> 30 days
from 96.5 to 954MB -> 15 days
from 955MB and more -> 2 days

For what is worth, I've tested it with files within the file sizes ranges. My results: from 0 to 96MB -> 30 days from 96.5 to 954MB -> 15 days from 955MB and more -> 2 days

meaz commented

2023-03-05 08:31:21 +01:00

Owner

That makes sense because of the max_delay set to 30. So if @muppeth agrees I would set this:

100MB => 15, # between  100MB and 1GB => max is 15 days
1GB => 2, # more than 1GB => max is 2 days

so that less than 100MB => max is max_delay as I explained already.

That makes sense because of the `max_delay` set to 30. So if @muppeth agrees I would set this: ``` 100MB => 15, # between 100MB and 1GB => max is 15 days 1GB => 2, # more than 1GB => max is 2 days ``` so that less than 100MB => max is max_delay as I explained already.

👍 1

meaz added this to the 23.04 - April milestone 2023-04-01 19:17:15 +02:00

meaz referenced this issue from Disroot-themes/lufi_beetroot

2023-04-08 22:22:19 +02:00

add template to remove mention that logs are kept #4

meaz referenced this issue from Disroot/Disroot-Privacy-Policy

2023-04-08 22:25:30 +02:00

add info about default retention time on lufi #45

meaz commented

2023-04-08 22:29:05 +02:00

Owner

I fixed on prod (and in different needed repos) the retention periods and the mention about the fact that IP are kept on logs (which there aren't).

There is a PR for PP: Disroot/Disroot-Privacy-Policy#45

I fixed on prod (and in different needed repos) the retention periods and the mention about the fact that IP are kept on logs (which there aren't). There is a PR for PP: https://git.disroot.org/Disroot/Disroot-Privacy-Policy/pulls/45

meaz closed this issue

2023-04-08 22:29:05 +02:00

meaz referenced this issue from a commit

2023-05-16 14:30:49 +02:00

fix inconsistency for lufi max size (#51)