Product addition: 1.1.1.1 #155
Conversation
| ] | ||
|
|
||
| [rubric.data-deletion] | ||
| value = "no" |
There was a problem hiding this comment.
Is it possible that this would be na instead? My impression was that there were no accounts or any data that could be (within reason) traced back to an individual person.
There was a problem hiding this comment.
Your guideline for NA states " The service doesn't collect any personal information." If you changed it to "collects so little personal data " (which data-breaches's NA states) then the little they do (email, IP address) would qualify it
| [rubric.data-breaches] | ||
| value = "na" | ||
| citations = [ | ||
| "\"We only collect and store the minimum amount of data we believe is required to operate and improve the Application. There are three categories of data that we collect: Account Data, Operational Data, and DNS Resolver Information[.]\n\n[...]\n\nWe do not collect your name, phone number, or credit card information (or records of any payments collected by the applicable App Store). The only information we receive from the applicable App Store is a limited amount of information that we need to confirm your subscription for a Service. We do not receive from the App Store any of your personal data or other information about your App Store account. We only receive your email address (and name, if you voluntarily provide it) if you have decided to give us feedback and/or report bugs.\"" |
There was a problem hiding this comment.
Although na is likely the best value, this citation doesn't really help. A note saying that they don't collect contact information to be able to disclose breaches might be a better solution (see Quad9).
There was a problem hiding this comment.
The citation indeed helps reader understand why N/A by your criterion ("collects so little personal data") is true. You can change it to a note if you want I don't care (I assumed you wanted citations to inform beyond notes)
| citations = [ | ||
| "\"[W]e may also share your information with others [...] [w]hen we are required to disclose personal information to respond to subpoenas, court orders, or legal process[.]\n\n[. ..]\n\nOur commitments under the Privacy Shields are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. We may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.\"" | ||
| ] | ||
| notes = [ |
There was a problem hiding this comment.
This note might be unnecessary. Although it may not be common knowledge, it is readily available knowledge that not everyone is informed that they're being investigated.
cc @milesmcc
There was a problem hiding this comment.
I told clients when police requested their SSN when I worked at a homeless shelter. The purpose of notes should be to inform readers which companies don't operate that way, without driving traffic away by suggesting they research "readily available knowledge" which would make every note irrelevant by your logic (are privacy policies not readily available?)
| [rubric.law-enforcement] | ||
| value = "always" | ||
| citations = [ | ||
| "\"[W]e may also share your information with others [...] [w]hen we are required to disclose personal information to respond to subpoenas, court orders, or legal process[.]\n\n[. ..]\n\nOur commitments under the Privacy Shields are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. We may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.\"" |
There was a problem hiding this comment.
always might not be the right score given this citation. reasonable seems, no pun intended, more reasonable— some kind of process is required as opposed to constantly feeding the data out.
There was a problem hiding this comment.
I simply used https://privacyspy.org/product/any-do/ as a guide ("always" for policy admitting compliance w/ law + in response to requests, same as 1.1.1.1's) to correctly conclude that Cloudflare will always allow such access. What process do you refer to that somehow makes this less true?
There was a problem hiding this comment.
(the question is do they allow access not how)
There was a problem hiding this comment.
always wouldn't be in compliance with law, per se. It would be that there is a firehose of data available for the government to use rather than using the proper legal process for obtaining data. If always was described as if a service ever could share data, basically anything on the internet could fit that criteria in my eyes.
There was a problem hiding this comment.
always wouldn't be in compliance with law, per se. It would be that there is a firehose of data available for the government to use rather than using the proper legal process for obtaining data
Read the actual question: "When does the policy allow law enforcement access to personal data?"
What part of that does answering "always" have anything to do with firehoses? The answer to this question literally means "The policy always allows law enforcement access." It has literally nothing to do with what you say...
If always was described as if a service ever could share data...
Not "could" the question literally asks "does" (and no need for if's necessary, just read the question it literally asks that)
...basically anything on the internet could fit that criteria in my eyes.
No, not basically every company in the world always allows access lol you must be joking
There was a problem hiding this comment.
And even if your false assumption were true, why would most things being a certain way to you bizarrely compel you to censor edge cases on a site who's entire existence is literally provide transparency...
There was a problem hiding this comment.
And if firehoses exist, the question "When does the policy allow any gov't entity access?" properly adresses it, not one concerning law enforcement (which the reader is expecting an answer on law enforcement requests obviously)
There was a problem hiding this comment.
And I just noticed any.do was submitted by you lol. Your citation similarly cites processes that by your logic, should not be always yet you strangely only criticize submissions of others that followed the same common sense. Why do you preach one thing but practice the opposite ?
| [rubric.third-party-access] | ||
| value = "no" | ||
| citations = [ | ||
| "\"We do not sell, rent, or share personal information with third parties as defined under the California Consumer Privacy Act of 2018 (California Civil Code Sec. 1798.100 et seq.), nor do we sell, rent, or share personal information with third parties for their direct marketing purposes, including as defined under California Civil Code Sec. 1798.83.\n\n[...]\n\nCloudflare will not sell or share Public Resolver users’ personal data with third parties[.]\n\n[...]\n\nCloudflare will not share the Public Resolver Logs with any third parties except for APNIC pursuant to a Research Cooperative Agreement. APNIC will only have limited access to query the anonymized data in the Public Resolver Logs and conduct research related to the operation of the DNS system.\"" |
There was a problem hiding this comment.
Wouldn't sending data to APNIC constitute as third-party access/sharing? A value like yes-specified-noncritical would likely be more fitting.
There was a problem hiding this comment.
The citation states "anonymized data"
I don't know what this means |
|
I no longer want to contribute to this project |
|
😕 |
How do you remove this from my profile? (I never made pull requests on GitHub before) |
Type of pull request: product addition
Related issues: no issues