Email or username:

Password:

Forgot your password?
All posts Pierre's posts Post Back to profile
Pierre Bourdon

I've seen 2 or 3 posts in my TL re: App Store privacy info for Threads vs. Mastodon. mastodon.social/@jsq/110653072 for example.

I feel like people greatly misunderstand the App Store privacy labels. They're not at all a ground truth you should read without careful interpretation.

- Entirely self reported
- No consistent auditing or data quality enforcement by Apple
- Very vague, both on the scope of categories and what's "collection"
- "May be collected" is a "worst case" statement.

(cont)
4 Jul 2023 at 3:32 | Open on mastodon.delroth.net
5 comments
Pierre Bourdon

- Only data shared directly with the app developer or contracted parties needs to be reported.
- Some categories that aren't vague are way too broad.

Mastodon reporting an empty list here is in fact very obviously wrong. When you log in to mastodon.social from the Mastodon app, you are sharing contact info (email address), identifiers, as well as usage data.

So at the very least you should conclude Threads is doing a better job of informing its users re: privacy than Mastodon gGmbH is.

- Only data shared directly with the app developer or contracted parties needs to be reported.
- Some categories that aren't vague are way too broad.

Mastodon reporting an empty list here is in fact very obviously wrong. When you log in to mastodon.social from the Mastodon app, you are sharing contact info (email address), identifiers, as well as usage data.

4 Jul 2023 at 3:37 | Open on mastodon.delroth.net
Pierre Bourdon

Overall the App Store privacy labels are a terrible implementation of a potentially good idea. There is no way for a user to figure out how accurately a developer filled that info, and there's no baseline of quality because nobody on the Apple side reviews or enforces this.

Large companies are in fact more prone to over-declaring here because that has ~ no cost except for pissing off privacy loonies (which you can never satisfy anyway) while covering your ass legally.

4 Jul 2023 at 3:43 | Open on mastodon.delroth.net
Pierre Bourdon

Disclaimer for this post: I worked for ~2 years as a privacy reviewer for infra services at Google. This is what I would minimally declare for the Mastodon app, from my reading of Apple's policy:

- Contact Info (email address, obviously)
- Location (coarse location, Mastodon stores IP addresses in logs)
- Contacts (your follows/followers)
- User Content (your toots)
- Search History
- Identifiers (handle)
- Usage Data (logs, anti-abuse)

Not far from Threads' list...

Disclaimer for this post: I worked for ~2 years as a privacy reviewer for infra services at Google. This is what I would minimally declare for the Mastodon app, from my reading of Apple's policy:

- Contact Info (email address, obviously)
- Location (coarse location, Mastodon stores IP addresses in logs)
- Contacts (your follows/followers)
- User Content (your toots)
- Search History
- Identifiers (handle)
- Usage Data (logs, anti-abuse)

4 Jul 2023 at 3:56 | Open on mastodon.delroth.net
Incognito ergo sum ⚔️

@delroth health info.... Just why?

4 Jul 2023 at 6:11 | Open on mas.to
avi

@brennschluss @delroth I assume that if you decide to share, for example, info about a workout on social media, they technically have health data that can technically be linked to the user.

4 Jul 2023 at 8:23 | Open on wetdry.world
Go Up