BrowseDNS - Privacy & Consent
-
Hi, there's a lot to unpack here, and I'm going to try my best to respond as best as I can to the concerns raised. This is off the top of my head, and not an AI reply!
@Mozuku-Kun I appreciate your enthusiasm, but that answer does not accurately represent the way the platform works. It looks like it's lacking substance as well.
BrowseDNS forums are based on NodeBB, and as such, we inherit a lot of their account and data practices. Here is the main nodebb website: https://nodebb.org/
And here's the specific plugin that is used for most data "right to erasure" language: https://github.com/NodeBB/nodebb-plugin-gdpr
Firstly, regarding your first statement, it is news to me that user account uploads are not removed upon account deletion, and I will look into that directly. Please DM me with any information regarding specific content that you may have expected to have been removed in the past, and we can sort it out.
For the questions:
A1: That line is referring to collecting user data for advertising purposes. Specifically, this would be by using cookies and Google Adsense. As of today, we are not running any ads due to it being too intrusive for Switch users, but we're actively looking into this still, as the platform has costs associated with running it. Here's a thread from the last time that ads were enabled.
Calling it 'for personalization purposes' isn't referring to algorithmic feeds, but instead is digital marketing lingo for: We will show you ads for products that you are probably interested in (by using cookies across the web), thus creating a "personalized" experience.
A2: Deleted with respect to user account data means fully deleted and gone, which is done to comply with GDPR. Individual posts and chats do have a deletion that is a flag in the database, and then can be further "purged" by moderators or admins. But when an account is removed, it's irrevocably removed.
There may be server logs associated with the account that persist up to a few weeks, but these are also regularly automatically purged and not stored longer than needed for basic site maintenance. We could more clearly define these potential loose ends. But for personal data that is requested to be deleted, it is a true hard delete (purge) with intentionally no ability to recover.
A3: Regarding chats and posts, this content is "published" and is not considered personal user data. This is the built-in behavior of NodeBB, but as I understand it, it's because data you share with others (in a chat for instance) is owned by both of you. It's not necessarily fair to the other person in the chat if you are able to revoke all records of your interactions.
I found the following resource online regarding specifically chat messages and GDPR: https://law.stackexchange.com/a/31028
To me, that suggests that if the chat message contains personal data that there is grounds for allowing us to allow the user to delete/purge it. As of this time however, we do not have a way to do this. You would have to go one by one through your posts/chats/uploads, or contact a mod or admin.
Combined with the fact that account deletion is permanent, that does leave an ex-user in a corner, as they're unable to log back in and delete the data yourself. If someone is reading this, and finds themselves in this scenario, please email gdpr@browsedns.net or message an administrator directly. We can absolutely help purge old content and are not trying to be in the business of unknowingly holding onto your published content.
A4: I'll look at those terms specifically and try to add clarity for them, but in general they're mostly going to be bound by whatever wording enables advertising (again, despite the site not having any at this moment). The specific user consent flow though mostly dictated by NodeBB GDPR defaults.
As the hosters of this service, we are ultimately the ones who hold the responsibility, but NodeBB is open source software, and if there are specific complaints beyond that, it might be helpful to sign up for an account on their site, and suggest potential changes from that direction: https://community.nodebb.org (or alternatively, let us/the administrative team here know if their site provides additional guarantees that we may be able to include on our end)
I hope this response addresses some concerns. Most of the BrowseDNS backend is open source, and it's not our intention to be misleading or mince words in this area. Besides hosting open-source projects, I also have professional work experience with GDPR, user data deletion, and user rights, but I'm not an expert. I do welcome you keeping us honest in this regard, for future improvements for the entire site and the rest of the user base.
Sign the petition! Help us figure out the browser timeout.
-
Hi, there's a lot to unpack here, and I'm going to try my best to respond as best as I can to the concerns raised. This is off the top of my head, and not an AI reply!
@Mozuku-Kun I appreciate your enthusiasm, but that answer does not accurately represent the way the platform works. It looks like it's lacking substance as well.
BrowseDNS forums are based on NodeBB, and as such, we inherit a lot of their account and data practices. Here is the main nodebb website: https://nodebb.org/
And here's the specific plugin that is used for most data "right to erasure" language: https://github.com/NodeBB/nodebb-plugin-gdpr
Firstly, regarding your first statement, it is news to me that user account uploads are not removed upon account deletion, and I will look into that directly. Please DM me with any information regarding specific content that you may have expected to have been removed in the past, and we can sort it out.
For the questions:
A1: That line is referring to collecting user data for advertising purposes. Specifically, this would be by using cookies and Google Adsense. As of today, we are not running any ads due to it being too intrusive for Switch users, but we're actively looking into this still, as the platform has costs associated with running it. Here's a thread from the last time that ads were enabled.
Calling it 'for personalization purposes' isn't referring to algorithmic feeds, but instead is digital marketing lingo for: We will show you ads for products that you are probably interested in (by using cookies across the web), thus creating a "personalized" experience.
A2: Deleted with respect to user account data means fully deleted and gone, which is done to comply with GDPR. Individual posts and chats do have a deletion that is a flag in the database, and then can be further "purged" by moderators or admins. But when an account is removed, it's irrevocably removed.
There may be server logs associated with the account that persist up to a few weeks, but these are also regularly automatically purged and not stored longer than needed for basic site maintenance. We could more clearly define these potential loose ends. But for personal data that is requested to be deleted, it is a true hard delete (purge) with intentionally no ability to recover.
A3: Regarding chats and posts, this content is "published" and is not considered personal user data. This is the built-in behavior of NodeBB, but as I understand it, it's because data you share with others (in a chat for instance) is owned by both of you. It's not necessarily fair to the other person in the chat if you are able to revoke all records of your interactions.
I found the following resource online regarding specifically chat messages and GDPR: https://law.stackexchange.com/a/31028
To me, that suggests that if the chat message contains personal data that there is grounds for allowing us to allow the user to delete/purge it. As of this time however, we do not have a way to do this. You would have to go one by one through your posts/chats/uploads, or contact a mod or admin.
Combined with the fact that account deletion is permanent, that does leave an ex-user in a corner, as they're unable to log back in and delete the data yourself. If someone is reading this, and finds themselves in this scenario, please email gdpr@browsedns.net or message an administrator directly. We can absolutely help purge old content and are not trying to be in the business of unknowingly holding onto your published content.
A4: I'll look at those terms specifically and try to add clarity for them, but in general they're mostly going to be bound by whatever wording enables advertising (again, despite the site not having any at this moment). The specific user consent flow though mostly dictated by NodeBB GDPR defaults.
As the hosters of this service, we are ultimately the ones who hold the responsibility, but NodeBB is open source software, and if there are specific complaints beyond that, it might be helpful to sign up for an account on their site, and suggest potential changes from that direction: https://community.nodebb.org (or alternatively, let us/the administrative team here know if their site provides additional guarantees that we may be able to include on our end)
I hope this response addresses some concerns. Most of the BrowseDNS backend is open source, and it's not our intention to be misleading or mince words in this area. Besides hosting open-source projects, I also have professional work experience with GDPR, user data deletion, and user rights, but I'm not an expert. I do welcome you keeping us honest in this regard, for future improvements for the entire site and the rest of the user base.
@VGMoose
Thank you for your transparency and willingness.
Again, the main goal of this post was to get insight, which I find you have provided, and more, not only in your own wording but the cited sources are extremely appreciated as well. I especially appreciate your clarity around account deletion and the nuance of shared content ownership.That said, I do think there’s room for improvement in how these details are surfaced to users, particularly those trying to make informed choices before deleting their account.
For example, the fact that uploads or chat messages aren’t automatically purged, or that deletion locks a user out of further manual clean-up, feels like something worth spotlighting more prominently in your Terms or help pages. A “deletion checklist” or even just an annotated section could go a long way toward transparency.
Likewise, I respect the reliance on NodeBB’s defaults, but as the host, it’s your interpretation and implementation of those defaults that shape the user experience. Are you open to co-developing clearer guidance or even tweaks to the GDPR plugin to accommodate things like ex-user content purges?
Again, I appreciate your openness and professionalism here. The dialogue alone is already a huge step forward, but clarity and structure benefit everyone, especially when acting towards a world where users take more initiative as to what happens with their personal data.
-
I honestly thought all the account data would be deleted, posts and uploads included. The posts/Threads stay but their username stays as "A Former User" and you're unable to view their profile.
Edit: @Orbital We all try to stay transparent and professional, but that isn't always the case.
-
@VGMoose
Thank you for your transparency and willingness.
Again, the main goal of this post was to get insight, which I find you have provided, and more, not only in your own wording but the cited sources are extremely appreciated as well. I especially appreciate your clarity around account deletion and the nuance of shared content ownership.That said, I do think there’s room for improvement in how these details are surfaced to users, particularly those trying to make informed choices before deleting their account.
For example, the fact that uploads or chat messages aren’t automatically purged, or that deletion locks a user out of further manual clean-up, feels like something worth spotlighting more prominently in your Terms or help pages. A “deletion checklist” or even just an annotated section could go a long way toward transparency.
Likewise, I respect the reliance on NodeBB’s defaults, but as the host, it’s your interpretation and implementation of those defaults that shape the user experience. Are you open to co-developing clearer guidance or even tweaks to the GDPR plugin to accommodate things like ex-user content purges?
Again, I appreciate your openness and professionalism here. The dialogue alone is already a huge step forward, but clarity and structure benefit everyone, especially when acting towards a world where users take more initiative as to what happens with their personal data.
Are you open to co-developing clearer guidance or even tweaks to the GDPR plugin to accommodate things like ex-user content purges?
Definitely. A first step will be to make easier tools for bulk purging before account deletion or via global mod / admin intervention. Also, it should be pointed out that this kind of tool would help permanently banned users as well, who are unable to log back in and do it themselves.
I'm still not sure where to draw the line for something like chat messages though. There could be an automatic clean up if all users leave a chat, for instance, as that data could no longer be accessed.
We would also need a way to verify authenticity of the deletion requests, as we don't want users to be able to social engineer and wipe data of different accounts. Maybe on deletion, an email, IP, or other secret phrase could be left to allow managing the data without an account.
Regarding a roadmap, that's something we should also have. @Raven does occasionally post a thread with what we're working on / upcoming features, but we should also have something like a Github board with priorities and visibility to the public for the implementation progress or feedback.
Sign the petition! Help us figure out the browser timeout.
-
I'm not really consistent with the admin changelogs or whatever but that was my first one... If you guys really do want those change logs from us I can definitely do that for you and become consistent.
-
Woah, actual content, great post, though it does sound a little like you have swallowed OpenAI, especially when I look at all other content made: https://browsedns.net/user/orbital/posts , but I'm being sarcastic, as VG has replied in an exemplary manner as always.
GDPR is great for EU members, and for me UK GDPR I think Canada, Japan, Australia and a few others have similar attempts at Data policies , and I'm pretty sure the US have a Cali based effort.. but they really do need to catch up here.
Really interesting topic Orbital, seriously. Thumbs Up.
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
R Raven locked this topic on
-
R Raven has marked this topic as solved on
