Post A8WB37QAlDfJLO03aS by falk@chaos.social
 (DIR) More posts by falk@chaos.social
 (DIR) Post #A8Tl2Do4Y1sXjaAdv6 by Gargron@mastodon.social
       2021-06-20T13:46:40Z
       
       0 likes, 2 repeats
       
       So #iOS apps need to have a privacy policy, that is to say, even while all Mastodon servers have each their own privacy policy, the app also needs a separate privacy policy. The question I have is, what do I write in it if the app doesn't itself store any data, it connects to a server of the user's choosing, like a browser...
       
 (DIR) Post #A8Tl2EOaMH5NYpFnpg by TurdFerguson@noagendasocial.com
       2021-06-20T13:53:13Z
       
       1 likes, 0 repeats
       
       @Gargron have user select their primary mastodon server. Not ideal but...  or on the other hand create a base instance that is a dummy instance that all users can belong to but it stores no privacy information..Like select * from dual
       
 (DIR) Post #A8Tl7jctfc9LrxZXyy by TurdFerguson@noagendasocial.com
       2021-06-20T13:54:12Z
       
       0 likes, 0 repeats
       
       @Gargron or have the app create its own temporary instance just to get past the security
       
 (DIR) Post #A8TlIFs0dxe4ldep3g by noellabo@fedibird.com
       2021-06-20T13:56:06Z
       
       0 likes, 0 repeats
       
       @Gargron The privacy policy of this application is to act as a trusted agent for the user, conveying requests and responses straight to the server, not blocking or modifying connections against the user's intention, and not collecting or using information by the backend server without permission.Unfortunately, such a client application once existed and caused controversy.
       
 (DIR) Post #A8TlMcQkhrrjtZzNhI by grishka@friends.grishka.me
       2021-06-20T13:56:53Z
       
       0 likes, 0 repeats
       
       TurdFurgeson [Florida] Man?, they usually ask for a test account anyway.
       
 (DIR) Post #A8TotbfkqU58xmQZXc by beef@carnivore.social
       2021-06-20T14:36:29Z
       
       0 likes, 0 repeats
       
       @Gargron start with whatever the big browsers are saying.
       
 (DIR) Post #A8Tp769mogqDH0uMPw by alexbuzzbee@fosstodon.org
       2021-06-20T14:38:54Z
       
       1 likes, 0 repeats
       
       @Gargron This is exactly the problem that got one or more Android clients pulled down from the Play store. Frustrating as hell that these companies seem unable to understand "the app developer does not control the server."
       
 (DIR) Post #A8TzZZl9LapsjabP0a by stux@mstdn.social
       2021-06-20T16:36:04Z
       
       0 likes, 0 repeats
       
       @Gargron Hmm.. that it’s more like a ‘gateway’ and there’s no data stored only on the ‘3rd party’ server?
       
 (DIR) Post #A8U1WAE21g2ya5c1xI by GNUxeava@fedi.absturztau.be
       2021-06-20T16:57:55.501900Z
       
       0 likes, 0 repeats
       
       @Gargron see what privacy policy browsers have. Different sites have their own but the browser dev includes their own. You should do the same. Just list what you as a developer do with all the data *you* collect through the app.
       
 (DIR) Post #A8U1X9Gz3JeZuuSkWe by mdhughes@appdot.net
       2021-06-20T13:51:25Z
       
       1 likes, 0 repeats
       
       @Gargron You record just what data your app keeps. Presumably you have a server list and logins. Do you cache anything? Report that.
       
 (DIR) Post #A8U1gLEtvmfhdVs8Po by GNUxeava@fedi.absturztau.be
       2021-06-20T16:59:45.887305Z
       
       0 likes, 0 repeats
       
       @TurdFerguson @Gargron that would basically cripple the app the day X organization decides to nuke the server for various reasons. This also undermines decentralisation.
       
 (DIR) Post #A8WB37QAlDfJLO03aS by falk@chaos.social
       2021-06-20T13:55:33Z
       
       1 likes, 0 repeats
       
       @Gargron Exactly this. App doesn't store any data? Document it. App does communicate with a server of the user's choice but still doesn't track what the user dows? Write it in.
       
 (DIR) Post #A8WB3ECxWkFsOQs6Sm by Gargron@mastodon.social
       2021-06-20T13:52:36Z
       
       0 likes, 0 repeats
       
       @mdhughes Hm. It connects to the public api.joinmastodon.org to get the list of servers, anonymously. Any cache is local within the phone.
       
 (DIR) Post #A8WB3EffnzDvpUJ2Dg by grishka@friends.grishka.me
       2021-06-20T13:54:39Z
       
       0 likes, 0 repeats
       
       Eugen, also what sends push (APNS) notifications? Or does each instance handle that on its own?
       
 (DIR) Post #A8WB3F3QNgDr19Q0Ey by Gargron@mastodon.social
       2021-06-20T13:58:09Z
       
       1 likes, 0 repeats
       
       @grishka There's a relay Web Push to APN server that sees device tokens (not sure how much of a PII this is), but does not see notification contents as they are encrypted
       
 (DIR) Post #A8WB3GYIoMW3fCsB0a by Gargron@mastodon.social
       2021-06-20T14:01:05Z
       
       0 likes, 0 repeats
       
       @grishka Documentation says the device token is unique both to the device and the app, that means the device token should not be usable for identifying a user... I think