 I want to enable comments on my blog again, but (I'm current possibly overthinking things in that) I'm worrying if I need a privacy policy, or how I should think about things like GDPR, and should users be able to delete their comments? Never thought about this stuff for a second back in the 2000s! 21 comments | Expand all CWs
 @simon honestly: would not sign up to host other people’s content/identity on my blog. @janl yeah, I get that there's a risk here - but I'm losing faith in the thing where conversations happen elsewhere, I want to post things like "what X do you recommend?" and host the results in one place If it's no longer possible for an individual to run a comments section that would /suck/ @simon I’d like a system where I can collect others’ comments on my blog elsewhere and re-host them archive-org style. @simon @janl We have a privacy policy on our podcast website, but only because my co-host insisted he wouldn’t agree otherwise 🫠. I don’t believe the legal requirements are as stringent as some people think, but there’s a lot of vague fear and a shortage of clear, reliable information on the topic. It’d be a shame if this fear ends up leaving the medium in the hands of megacorporations alone.  @simon https://eur-lex.europa.eu/eli/reg/2016/679/oj#d1e1797-1-1 remember, this is a blanket text. Member-states can add but hot remove constraints. Under general don't need a function to delete comments, but you need to have a [not necessarily automatic] way for a user to ask to delete all the comments and the information that they ever left any comments. I'll find the exact article and point in some minutes. I'm very interested what LLM would say. @simon if I were adding comments to my site I would probably use webmentions. Encourages people to comment on social and you still get to decide which comments get surfaced. @sethmlarson I'm actually thinking I'll do GitHub auth and require accounts to have existed for more than six months there (unless I allow-list someone), I turned off comments last time because of spam @simon What about spam? How are you going to balance between preventing spam and not discriminating against disabled users with captchas? @matt I was planning on doing sign-in-with-github and require accounts there to be at least six months old so when I ban someone it at least costs them something (plus I can allow-list individuals with newer accounts on a case-by-case basis) @simon Maybe it would be helpful to look at the privacy policy/FAQs of something like Disqus or Discourse, even if you’re not planning on using them? They might have some guidance for their users on how to embed their comments in a GDPR-compliant way. @simon this sounds a bit like there is a need for a good open platform to integrate that handle these things appropriately. A discourse but ran in a sourcehut / lobster, etc style. Alternatively , detect geoip and no commenting for EU users while everyone else can. @simon I'm not a lawyer (or in the EU), but would ActivityPub comments maybe solve your problem? You wouldn't be "processing user data" as it were, so that might side step things and shift liability to you Mastodon instance. @jszym I host my own personal Mastodon instance already so say that won't save me any worry!  @simon If you simply do WebMentions then you don’t host the content yourself, you simply provide a preview of the content from the authorative source And if you keep the preview up to date and remove it if the source is removed, then you should be okay? @simon You might look at https://scottaaronson.blog/ comments policy .. He recently (July 24) changed it, having suffered through a lot of spam   @simon If you go the federated route, I like how these daily prompts work. See ,https://kmcd.dev/posts/daily-prompts/ for details and then click on the /prompts section to see them in action. (there is pretty low engagement) That said, I saw your post about using GitHub Auth and that's what I default to these days. The stakes are higher for not being a jerk plus you have GH's moderations rules/team should you need to have to report someone. |
Gregory's Server
It's difficult to find good answers to these questions, I'm not sure what to search for and I don't trust LLMs for this kind of thing either