mirror of
https://git.sr.ht/~seirdy/seirdy.one
synced 2024-11-23 12:52:10 +00:00
New note: limited tracking and consent
This commit is contained in:
parent
8fb4fa17a4
commit
5cff141cb3
1 changed files with 17 additions and 0 deletions
17
content/notes/limited-tracking-consent.md
Normal file
17
content/notes/limited-tracking-consent.md
Normal file
|
@ -0,0 +1,17 @@
|
|||
---
|
||||
title: "Limited tracking and consent"
|
||||
date: 2022-09-24T11:28:34-07:00
|
||||
replyURI: "https://indieweb.social/@Chronotope/109054613809239268"
|
||||
replyTitle: "if the initial collection is very limited it doesn't run afoul of the issues that should require consent"
|
||||
replyType: "SocialMediaPosting"
|
||||
replyAuthor: "Aram Zucker-Scharff"
|
||||
replyAuthorURI: "https://aramzs.github.io/aramzs/"
|
||||
---
|
||||
|
||||
Assuming data is a liability, how limited should data collection be to not require consent?
|
||||
|
||||
I think temporary storage (a week or less) of access logs combined with low-entropy binary information (dark mode, is viewport narrower than what I test with, etc) is reasonable for a small operation. This holds if the data collection is clearly documented in a privacy policy, is Tor-friendly, and obeys signals like GPC. These access logs should exclude high-entropy headers like client hints.
|
||||
|
||||
Larger operations should store even less since they have the means to correlate information from many sources. [ipscrub](https://github.com/masonicboom/ipscrub) comes to mind.
|
||||
|
||||
The only long-term storage that should happen without consent is of bot traffic.
|
Loading…
Reference in a new issue