User tracking in forum? Privacy declaration somewhat irritating

Hi there,

I am coming to this forum merely as a guest now. Before being able to register as a user, I saw myself required to read the privacy declaration. Concerning the collection of usage data, it says: “We collect information from you when you register on our site and gather data when you participate in the forum by reading, writing, and evaluating the content shared here.”

So, when I register as a user, log in and read in the forum, my moves there might all be tracked automatically? That is not precisely how I would imagine being member of a forum, I’m afraid.

Simply using the forum, one might not even be aware of what happens in the background. As users, we have no means of perceiving how our user account is being treated technically. We can only rely on what the privacy declaration says (as far as we take the time to read it).

As member of a forum, I would enjoy, if my postings could be read with certain attention. I don’t call for attention on what I am reading or how I do it. Now, unfortunately something like this seems to be happening here as the privacy declaration suggests: “We […] gather data when you participate in the forum by reading […]”. So, any member just reading in the forum, might be followed on their path through the different threads and themes. Actually, when I am reading, I would rather prefer not have anyone looking over my shoulder and taking notes, when or how I am finding my way across a set of written messages.

To be clear, I don’t see much danger for me personally here at the moment. Now, I probably won’t want to offer much information about myself anyway. But, as you might understand, I also do not have a broad basis for giving recommendations to others now, unfortunately. Reading the privacy declaration, I actually found myself losing most of my enthusiasm about taking part in the forum. My initial joy about joining the discussion rapidly started fading away, when I realized it required moving into a zone of regular usage recording.

Only after some time I managed to convince myself to register here, so at least there would be an opportunity to share some of my considerations about background user tracking. Now, with a strong emphasis on privacy in the DeltaChat concept, I think it might be interesting or even essential to observe how this possible could be realized also regarding internet collaboration, as for example in this forum.

Regards

That’s probably mainly what “they” gather: https://support.delta.chat/u/atle/summary

It’s somehow total not understandable when fearing attentive private people with face and name and on the other side trusting to be secure in the huge ocean of “anonymous”. What would good Mr. do or desire to do of which he would fear that others could know? Wouldn’t it be not actually great if all could trace ones good undertakings?

(It’s hardly possible to interact in relation without leaving traces behind and surely as good as no software which would ever fit to fictions planted into consumers minds.)

My person guesses that runner here wouldn’t like to invest much into secondary means, yet on this place again encouraging on means, delta it self, as means to communicate! (Sure it would require ways for making chats public visible.)

Yes, certainly, that summary can probably give a good impression of how aggregated information about a user might look like after one day (or one post). On the other hand, not everything can be shown in a summary, though. For being able to summarize, the server will also have to keep track of the details: in this case, for example, what exact threads did I open and how much time did I spend on them? Who owns or manages the servers (or later gets hold of them) might have access to all details about all persons involved.

All that is obviously no problem here now. And I am sorry, if I mentioned a topic, that probably is not very pleasant to you, Johann. I am sorry, I didn’t really get to understand some parts of your posting, Johann (for example, what you were referring to by “good Mr.” or what you were trying to guess in the last lines). Of course you are right, it certainly is an illusion to believe one could or even should always stay anonymous in the world wide web. Maybe many things would be much easier, if all information would be accessible for everyone (though we might need a considerable time to adjust).

Thanks for your question, Johann: What a person would “do or desire to do of which he would fear that others could know?” – Yes, I think, that is important to be aware of, because it can change the course of our life in the community we live (for example negatively, in case some people start recognizing us as members of some minority group they consider allowed to attack). On the other hand your question helps me understand, that I might not have managed to communicate my topic well. I was referring to an extensive private data tracking by big organisations like internet corporations and some specialised authorities.

Now, I see an essential difference in what some people (as fellow human beings) know about a person and what global players like Google, Microsoft, Apple or Amazon try to accumulate (for economically understandable reasons). The big data they gather about many millions of people is like a treasure to them. Obviously, it is a necessary or inevitable base of their business now. They will hardly ever disclose it to the public (unless we find complete new ways of organizing internet economy altogether).

So the majority of us will hardly ever get to know in detail, what those few corporations (and some authorities) have collected about us. Yet, this inequality of access to knowledge might drastically change the way our society works. That’s one reason, I think, why several non-governmental organizations (NGOs) intensely fight for our privacy. One of them calls itself even NOYB – None of Your Business.

Obviously, there is a difference in leaving some traces in the internet (on a forum for example in writing some postings) or seeing our online behaviour being intensely tracked by some big organisations, that inevitably have to follow the particular logics of economy and power.

Concerning this forum, we can probably be very relaxed now and state that Merlinux GmbH and Discourse Inc. are no big multinational corporations (yet). Seemingly there are big chances they will never become. But how do we know, they might not grow more successful and receive incredible offers they cannot reject? On the other hand, there have also been companies, that had to go out of business – and the user data became part of the assets that were being handed over to some other economic entity. Former assertions, that user data would never be given away, could not be followed any more.

So even when we fully trust the owners and management of a company, there might be good reasons to prevent unnecessary accumulation of user data. At some point of time, the people we trust in may simply not be in charge any more. When detailed traces of private live or behaviour get written down in something like log files – or even further processed into personal profiles –, they become like material objects. How could we ever foresee what kind of business eventually will get hold of them?

That’s a good reason for minimizing the collecting of personal user data in the first place, I think. Certainly, the developers or organisers of DeltaChat had good reasons to choose Discourse as forum software. Whether they consider user profiling as necessary or desirable, I don’t know. Maybe they will give some hints, when they find time.

Glad that good householder Atle could find some release and it’s of course better to know whom one owes debt for ones being, becoming an existing in a particular created realm. Here good housholder can address the owner, leader, personal, whether for demands or to pay back gratitude and he can observe their doing and deeds so that he would know whether his sacrifices are possible good destinated or will fall back on one in unwished way.

It’s always amazing that people are more scared about “real” people that of “fictions” or systems, as if not also single persons actions are behind that.

As this anonymous stupidy has so strong increased, often birth-giver also start to stay hidden as people would be somehow scared if facing “oh, a living being, possible not perfect yet”.

Good householder can track the leader (see, here a demand, while greedy to share own at first place). Good master Holger (the avatar with real face and a hat on it), just not sure now about his nick name here, as well as others, maintaining this fine material realm, seems to be very serious in regard of good undertakings and virtuous ways. It’s sure, in any case, that they are general to be regarded as “Gods”, giver, in at least material things, and count therefore as “people of goodness”, like parents for children, as taking there offers.

If one turns ones ways of thinking from wrong view, demanding, to right view, gratitude, all around gets more ease and even leaving relations, if wishing, works if one is clear that giving is liberal and seldom there is such as generosity, one that does not desire one to get bond and dependend to simply use others off later for gains in the world.

Again, maybe: It’s not possible to go on without steady making debts, but because there are those who allow others to track them, observe them, it’s possible to chose possible virtuous people, those with right view, to be able to make debts for an ending of debts, with no bonds to the world but higher and beyond.

May good householder have gained certain bond to the way toward real independency by this share here, gain indebt toward liberation, a path starting with gratitude and right view.

mudita

And still and again, encouragement to use delta it self to promot, work with and optimize it, as for how much trust is in it if then using “stranger” developments with actually different ideas?

(just found the person who’s good to be tracked and get known in his virtues to have a share of fruits following patricular means created by certain intention : @hpk master Holger, who counts as Brahma of this realm, uniting a host of other Devas, gods (its a realm of gods yielding power over creation of others, those delight in creation and those enjoying creation of others), and it’s because of giving, generosity, that such a “feedback” can arise here)

And in regard of ones protection, there is NO other that virtue and goodwill. Power, armies, what ever protection, will not help one to escape from fruits of evil deeds. Having no fault, one is at ease, wouldn’t have causes for any fear. So please may all always look for there protection in useful effective way, not seeking refuge in frauds.

Hi Johann,
thanks for your unexpected wisdom lecture. It’s certainly important and subtle questions you are raising.
Best wishes

I don’t think anyone would offer merlinux anything for the data their forum software collects on their forum.
I assume if somebody would try to bribe us they would rather ask for back-doors or trackers in the app.

Not really, I don’t know why we should profile forum users or share that data with third parties. (though most of it is public anyway so others could query the forum and collect the metadata on the user pages).
We don’t have embedded google analytics here for a reason.
We might use the analytics tools provided by the forum software, though:

admin-interface1165×1822 276 KB

@Simon: Thanks for answering.

Glad to hear, you are not particularly interested in user tracking. So probably it came just as part (or feature) of the forum software.

Still, it makes a big difference to me, whether just the intended postings are being recorded or every move (reading) in the forum. Already the privacy declaration is, in my view, quite decisive.

Actually, I didn’t have any impression, Merlinux could or would want to start selling forum user data at any time in the near future. Certainly, you are occupied with many other and more important things now.

When I wrote about some imaginable “incredible offers” at some point in the future, I was not referring to any separate sale of user data, by the way. Those, who specialize on collecting user data, have obviously found easier, cheaper and broader ways of doing so.

Actually, my point there was rather meant to be: What could happen to the company Merlinux itself as well as to the DeltaChat project – and along with it, also its collected data –, in case one of the global players started to find its (desirable) success quite interesting (or uncomfortable)? Of course, that’s mere speculation now.

And maybe it’s not at all probable, there would be any big offer. Somehow, different kinds of obstacles might seem more likely to be on the way. Anyhow, in the software business, you can probably never really know, what might happen next month or next year.

Maybe, this could be an incentive to be prepared for any case and, for example, also try to practice the principle of data minimisation, where ever feasible. In the European Union, this principle also seems to be recommended by the the General Data Protection Regulation (GDPR). In case you are interested, maybe that could be helpful in giving reasons for it, when some people ask why.

I searched https://meta.discourse.org/, it has some topics about privacy, GDPR etc. Probably makes sense to ask there.

Judging from the dashboard screenshot, Discourse collects data about page views and search terms, hopefully anonymized. Would be nice to disable it completely if possible, I don’t think we use it.

Thanks for linking! Will have a further look there.

Would be nice to disable it completely if possible, I don’t think we use it.

Great proposal! If that could be done, it would be would be a big step ahead, I think.

Having spent some time on meta.discourse.org, I don’t think they precisely have an easy time dealing with privacy concerns. Unfortunately, the way the “Discourse” software is designed, doesn’t really seem to invite implementing very much of the principle of data minimisation. (Of course, when a Californian company is working hard on improving and establishing their services in a data driven internet economy, they cannot always focus on privacy legislations and concerns, that mainly seem to materialise only on the other side of the globe.)

As an example for their unfortunate difficulties, we might have a look at a December 2018 post, where a forum administrator expressed his privacy concern and wish:

“I’d really like one big check box under Basic Setup saying “Maximize privacy.” ”

The Discourse team member answering didn’t seem to see much sense in this, when he described privacy as a question of mere individual election:

“The problem with this is that “privacy” means something different to everyone.”

Here, like in other posts on meta.discourse,org, the concerning team member didn’t really seem to have developed a broader understanding or vision about the social meaning and necessity of privacy. (Given the economic conditions the company works in, this is certainly understandable. On the other hand, we might also want to be aware about the possible implications of insufficiently acknowledging privacy standards and needs.)

A fundamental design conception of the Discourse software in regard to broad data collection is being expressed a little further down in the same thread. As response the original posters clarification

“better than hide would be don’t collect,”

the team member declared:

“don’t collect would break Discourse. Don’t collect post date, no posting allowed. (…)”

Being asked later on,

“how does not collecting who posted when prevent posts?”,

the team member went somewhat more into detail and said, it would

“completely change how it works. […] it may not completely prevent posting, but it would definitely break how one expects Discourse to work.”

So, obviously, there would be other ways to organize posting etc. But due to Discourse software design decisions they are probably not going to be expected here. This could mean, that large scale privacy improvements might not to be easy to accomplish while using Discourse. Still, there could be some important on-site improvements imaginable that a forum administrator could enquire about.

I’m not seeing why you should be concerned that much about the forum software, you can just use a burner email with a new nickname and don’t ever mention anything regarding your real-life identity. And when you don’t want your read time & which posts you already read to be recorded by discourse you can use an incognito/private window to browse the forum privately.

This forum instance is hosted by us and not managed by discourse (they also offer forums that are hosted by them) if that can calm your mind.

Or is there a point, that I’m not seeing, that should worry me?
Otherwise our energy would be better spend improving the DeltaChat app than patching the forum software in my opinion.

Which ones would that be? what does privacy mean for you?

Discourse also offers “mailing list mode”, you can enable it and use the forum via email. This way it can’t track your read times and you can even read the forum offline.

Good, I thought about participating via email, as well. It might be an attractive temporary solution, I think – especially when you have a small, trustworthy email provider or, ideally, even host your own server.

Certainly, these kinds of technical workarounds can offer a good opportunity now to convey a message that otherwise might have stayed unsaid. On the other hand, unfortunately, I still don‘t precisely enjoy agreeing to any legally binding terms declaring

“We […] gather data when you participate in the forum by reading […]”.

Certainly, Simon, as a simple user I can avoid sharing much about my real life identity here (which might not be especially interesting for any of you, anyway). On the other hand, it’s not that much about a single individual like me now, I think, who can try to understand and avoid some of the internet-wide tracking mechanisms, that seem to be in use so far.

What I am worried about, rather, is the impact of the vast majority of people not being capable or willing to make such an extra effort. That’s why I think our society as a whole could largely benefit from more privacy by design software. If an application like DeltaChat becomes more well known – and widely used –, this might be very helpful for all of us.

That’s why I‘d strongly tend to agree to you. Certainly it’s desirable to concentrate as much as possible of your precious working time on DeltaChat itself:

So I wouldn’t suggest writing any forum patches, of course. Even if you had enough resources for doing anything like that, the most ingenious patches might have a hard time correcting a software design, that seems to go into quite a different direction.

What you probably could try, of course, (maybe when you need some break from your routine work anyway,) is having a closer look at the administration preferences interface of the forum software: Maybe there are still some ‘hidden’ tweaks to trigger some more privacy, especially to switch off some of the automated user tracking. As link2xt suggested:

If you find any possibilities, very good. If you don’t, that might also be a result worth keeping in mind. Maybe at some later point of time, there will have to be made some choice again. Considering the current state of the project, the forum does obviously not seem to require – or allow – much urgent administration or design attention (apart from, maybe, the keyless API, which would lead to a slightly different topic, though).

Now, imagine a changing situation. Maybe, as people start finding more need for private online conversation, DeltaChat becomes more widely known and adopted. Then there might also be more critical views and voices.

As of now, some people might simply turn away silently (as I had to consider, when I surprisingly found out the DeltaChat forum collects much more usage information than typically necessary). But at a point of time, when the DeltaChat approach has managed to receive more of the attention it deserves, any insecurity or discontent arising from its apparent work style (or seemingly limited privacy scope) might even start spreading as a kind of (bad) news about it.

When a project or company apparently offers a privacy relevant application, expectations might of course be somewhat higher than on other projects coming without this important message. People might want to have a look at, how well do things fit together. Is it all convincing? Consequently, some might try to find out, how well privacy principles are generally being recognized and observed in relation to your project.

Of course, when people have to decide for themselves, whether to trust or reject any offer, they necessarily refer to their personal insights and standards. These can obviously be can be quite different. For a project or company, such a broad range of attitudes or expectations is not always easy to handle. Nice to see someone still finding time and patience to ask, as you kindly do:

Trying to answer directly, I could say: For me, its mainly a question of social development and perspective. If we go on permitting large corporations and authorities to gather and process digital representations of much of our private lives, finally we might have a hard time trying to keep up anything that deserves to be called democracy.

That’s, for example, why I like the DeltaChat approach. Properly applied, it could help relieve us from some of the worldwide mass surveillance that has been developed and implemented during the last two decades.

One of the preconditions for this to work, might be that its users-to-be can see the DeltaChat team showing and consequently applying a good overall understanding of privacy challenges. Of course, no one can in any way demand such a far-heading or even idealistic approach. No one else than the team and its members themselves can decide how deep they want to plunge into a seemingly bottomless pond like this.

In case a team wants to head further into this kind of direction, it might eventually even lead well beyond the (conscious) privacy concerns of many simple users, I think. As ordinary users, we typically cannot have the same broad basis of knowledge and understanding as the members of a specialized team. Most of us might simply not be sufficiently aware of the privacy or security implications of what we are trying to accomplish on the web.

This is why recognizing principles like privacy by design and, with it, for example privacy by default can be so essential, I think. Of course, in an online world dominated by data mining corporations this can require some intense preparation, orientating more and more towards alternative approaches.

On the other hand, it might also offer a clear, far-reaching perspective, that can deepen the exchange with similarly minded people and increase the personal sense of work. And, from my point of view, it might also help to make a privacy related software application like DeltaChat even more attractive and convincing.

The vast majority doesn’t care about how their data is used and way to much people repeat false dogmas like “I have nothing to hide, so why should I care about privacy?”
Sure you can go that route, but if you think it though why not live-stream your bathroom online? I thought you had nothing to hide… joke aside most people are only worried about the parties they can see, for example their family, friends and neighbors, and they don’t fear face-less organizations like big-tech or governments knowing their secrets.

That’s sad and dangerous because together with some other phenomenons (like selective freedom of speech) it could kill our freedom and democracy.

Analytics are not generally bad, for example seeing popular searches could help understand what topics forum users are interested in (and if the click-through rate is bad there might be a need for a topic with about that topic), though I also think it shouldn’t necessarily show the exact numbers of searches and don’t show search-requests that were made onetime.
But yes we currently don’t use it apart from me looking sometimes at the statistics, as long as they stay on our instance and don’t get connected with google I don’t see a big problem.
I’m sure most people use way bigger privacy invading stuff than what this forum does like your ISP, google, google chrome, windows 10, modern cars that connect to the internet, SIM cards and so on.

Then we can still think about what to do. (maybe migrate the forum to another software or try to patch it). But in such a case I fear such an argument wouldn’t be based on facts in the first place anyway .

We already got an article that says “Deltachat would be a privacy nightmare” because users can see their email addresses (so the privacy matter seems to be very subjective)

If you care that much about improving the privacy of the forum you could try things out and help us in that regard (basically join the DeltaChat team ).

There are also other areas that could be improved freedom wise:

• Translations are currently done over transifex
• Source-code is hosted on github which is owned by microsoft
• Use of mapbox in the app (experimental location streaming feature)
  Though for the first two the question is also about the community on those platforms and the network effect that we might loose contributor potential by moving away from those platforms.

Such is more seldom the case, unless one isn’t serious of ones actions at all or naive, G
good master Simon. It’s more the case that people think “actions have no results”, especially for the actor. It’s not meant to encourage in doing all to try to hide ones track, since effects of deeds follow anyway, like a shadow, but instead of investing to much time in outwardly protections to be always aware of that what is called the Governing Principles.
This, of course, requires also to prove with whom one get’s into trade, exchanges, and such requires also to know anothers way. So as provide, chef or leader, good to start with the right sample, because of what would he need to hide?
Fear has a cause and this being lack of virtue (wrong self-estimations cause as well), what ever someone likes to argue.

I found an option in the setting that allows you to hide your profile stats. (though admins/moderators can still see them):

2021-02-16_17-34778×753 59.2 KB