[UPLOAD (Lufi) / PRIVACY POLICY]: Missing or inaccurate information #444

Closed
opened 2023-02-25 19:44:45 +00:00 by fede · 4 comments
Owner
  • PP (4.5 Disroot Upload) doesn't mention maximum time retention for uploaded files via Lufi, only that:

Files uploaded to the server are wiped based on the retention period set by the user upon upload.

No log data (IP address, session cookie, etc.) is stored on the server;

the About page says:

be aware that, for legal reasons, your IP address will be stored when you send a file.

- PP (4.5 Disroot Upload) doesn't mention maximum time retention for uploaded files via Lufi, only that: > Files uploaded to the server are wiped based on the retention period set by the user upon upload. - There's a discrepancy between PP and the Upload About page (https://upload.disroot.org/about). While the first states that: >No log data (IP address, session cookie, etc.) is stored on the server; the About page says: >be aware that, for legal reasons, your IP address will be stored when you send a file.
fede added the
Privacy Policy
label 2023-02-25 19:44:45 +00:00
antilopa was assigned by fede 2023-02-25 19:44:45 +00:00
avg_joe was assigned by fede 2023-02-25 19:44:45 +00:00
fede self-assigned this 2023-02-25 19:44:45 +00:00
meaz was assigned by fede 2023-02-25 19:44:45 +00:00
muppeth was assigned by fede 2023-02-25 19:44:45 +00:00
fede added the
Lufi
label 2023-02-25 19:45:59 +00:00
Owner

There is a "max_delay" car that is set to 30 days, so after 30 days files will be deleted, even if they were uploaded with "no delay" (or value superior to max_delay)

We have also size thresholds: max delays for different sizes of file. If a file is smaller than the smallest configured size, it will have a expiration delay of max_delay (see above)

We have:

10MB => 60, # between 10MB and 50MB => max is 60 days, less than 10MB => max is max_delay
50MB => 30, # between 50MB ans 100MB  => max is 30 days
100MB => 15, # between  100MB and 1GB => max is 15 days
1GB => 2, # more than 1GB => max is 2 days

I would change perhaps to this:

100MB => 15, # between  100MB and 1GB => max is 15 days
1GB => 2, # more than 1GB => max is 2 days

so that less than 100MB => max is max_delay

As for IP's, there is setting for that keep_ip_during which is the number of days senders' IP addresses are kept in database. We have set it to 0.

The About page is static as you can see here https://framagit.org/fiat-tux/hat-softwares/lufi/-/blob/master/themes/default/templates/about.html.ep so we could changed the Privacy part if needed. What do you think @muppeth

There is a "max_delay" car that is set to 30 days, so after 30 days files will be deleted, even if they were uploaded with "no delay" (or value superior to max_delay) We have also size thresholds: max delays for different sizes of file. If a file is smaller than the smallest configured size, it will have a expiration delay of max_delay (see above) We have: ``` 10MB => 60, # between 10MB and 50MB => max is 60 days, less than 10MB => max is max_delay 50MB => 30, # between 50MB ans 100MB => max is 30 days 100MB => 15, # between 100MB and 1GB => max is 15 days 1GB => 2, # more than 1GB => max is 2 days ``` I would change perhaps to this: ``` 100MB => 15, # between 100MB and 1GB => max is 15 days 1GB => 2, # more than 1GB => max is 2 days ``` so that less than 100MB => max is max_delay As for IP's, there is setting for that `keep_ip_during` which is the number of days senders' IP addresses are kept in database. We have set it to 0. The About page is static as you can see here https://framagit.org/fiat-tux/hat-softwares/lufi/-/blob/master/themes/default/templates/about.html.ep so we could changed the Privacy part if needed. What do you think @muppeth
Author
Owner

For what is worth, I've tested it with files within the file sizes ranges.
My results:
from 0 to 96MB -> 30 days
from 96.5 to 954MB -> 15 days
from 955MB and more -> 2 days

For what is worth, I've tested it with files within the file sizes ranges. My results: from 0 to 96MB -> 30 days from 96.5 to 954MB -> 15 days from 955MB and more -> 2 days
Owner

That makes sense because of the max_delay set to 30. So if @muppeth agrees I would set this:

100MB => 15, # between  100MB and 1GB => max is 15 days
1GB => 2, # more than 1GB => max is 2 days

so that less than 100MB => max is max_delay as I explained already.

That makes sense because of the `max_delay` set to 30. So if @muppeth agrees I would set this: ``` 100MB => 15, # between 100MB and 1GB => max is 15 days 1GB => 2, # more than 1GB => max is 2 days ``` so that less than 100MB => max is max_delay as I explained already.
meaz added this to the 23.04 - April milestone 2023-04-01 17:17:15 +00:00
Owner

I fixed on prod (and in different needed repos) the retention periods and the mention about the fact that IP are kept on logs (which there aren't).

There is a PR for PP: Disroot/Disroot-Privacy-Policy#45

I fixed on prod (and in different needed repos) the retention periods and the mention about the fact that IP are kept on logs (which there aren't). There is a PR for PP: https://git.disroot.org/Disroot/Disroot-Privacy-Policy/pulls/45
meaz closed this issue 2023-04-08 20:29:05 +00:00
Sign in to join this conversation.
No Milestone
No project
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: Disroot/Disroot-Project#444
No description provided.