Gregory's Server
Overall the App Store privacy labels are a terrible implementation of a potentially good idea. There is no way for a user to figure out how accurately a developer filled that info, and there's no baseline of quality because nobody on the Apple side reviews or enforces this.
Large companies are in fact more prone to over-declaring here because that has ~ no cost except for pissing off privacy loonies (which you can never satisfy anyway) while covering your ass legally.
Disclaimer for this post: I worked for ~2 years as a privacy reviewer for infra services at Google. This is what I would minimally declare for the Mastodon app, from my reading of Apple's policy:
- Contact Info (email address, obviously)
- Location (coarse location, Mastodon stores IP addresses in logs)
- Contacts (your follows/followers)
- User Content (your toots)
- Search History
- Identifiers (handle)
- Usage Data (logs, anti-abuse)
Not far from Threads' list...
Disclaimer for this post: I worked for ~2 years as a privacy reviewer for infra services at Google. This is what I would minimally declare for the Mastodon app, from my reading of Apple's policy:
- Contact Info (email address, obviously)
- Location (coarse location, Mastodon stores IP addresses in logs)
- Contacts (your follows/followers)
- User Content (your toots)
- Search History
- Identifiers (handle)
- Usage Data (logs, anti-abuse)