BrowseDNS - Privacy & Consent
-
The aim of this post is to gain clarity regarding user consent and the specifics of how our data is harvested and utilized.
My goals in publishing this are twofold:-- Raise awareness around user consent and safety throughout BDNS, helping users stay mindful of these issues on future platforms.
-- Pose direct questions to the BDNS Administrative Team, in hopes of receiving honest and transparent answers.
From here on out, this post will be structured into two subsections, Questions & Statements. Questions will be labeled with "Q", and statements will be labeled with "S".
S1: My personal information, including a picture of my face, from a now-deleted account, remains on this platform, even after I 'revoked my consent' when I deleted it.
S2: Similar to Discord, leaving a chatroom or deleting your account does not remove your old posts or chat history. It's not gone, it's stored.*
S3: You may opt out of BDNS's consent to harvest and "use" your personal information, however the efforts in doing so are not extensive, and if you do not take action to erase all of your personal information on your end, you will not be able to in the future. Your data will remain on BDNS, with or without your knowledge, for years to come.**
S4: Despite the claim that account deletion equals revoking consent, BDNS’s lack of data removal options and vague Terms of Service suggest otherwise. This poses concerns not only for my privacy, but for every user who assumes deletion means erasure.
*Unlike Discord, however, BDNS offers no detailed breakdown of data processing practices in its Terms of Service.
**The picture of my face I am referring to has remained on BDNS since 22. Apr. 2024.
Questionnaire section:
Q1: How is our data utilized for a “personalized experience”? As far as users can tell, BDNS doesn’t seem to use algorithmic structuring like most platforms, so if personalization isn’t the purpose, then what is?
Q2: What does “deleted” mean on BDNS’s backend? Is it wiped, archived, flagged, or something else entirely?
Q3: Why are user interactions, including private messages and deactivated posts, stored indefinitely? What future use could possibly justify that?
Q4: BDNS requires user consent during account creation, but why is the consent bundled with vague, open-ended terms about data retention? Would you consider moving toward a model where users clearly opt into specific data uses, rather than consenting to a blanket policy they can’t fully control?
As a closing note, and reiteration, this post's goals are NOT to start conspiracy nor distrust in BDNS. It is a call for honesty, and a call to every user on BDNS to take their internet safety and consent more seriously in the future.
-
@Mozuku-Kun
I want to be honest here; your response feels a bit ingenuine. I was expecting someone from the admin team, someone with actual authority over the ToS and backend to address these concerns directly. However, this comes off as heavily PR-oriented and AI-generated.While you acknowledge the issues with empathy, the reply doesn’t lay out what’s actually being done. Is there a roadmap for resolving this? Can we see a published version of what you seek to have done in the future? Have any changes been initiated yet, or is this still stuck in discussion?
If this platform has long recognized that its consent model is flawed, and the form I saw a year ago still hasn’t changed, then why has it been acceptable to leave that untouched?
I’m not trying to accuse, but when the issues have persisted this long, the thought of accountability becomes more and more unreliable. Why should users believe change will come now, when you’ve had more than enough time?
Recognition is a start. Action matters more. So, in final, my questions are, what is the plan to change, who's in charge of initiating that change, and when can we expect to see it? -
I am not surprised I got called out for being "AI-generated." So I will let the admin team respond instead of me. Since I don't have knowledge on when the changes will happen.
Best,
Mozuku-Kun
Forum Moderator. -
@Mozuku-Kun please :3 thx
-
System marked this topic as a question on
-
Hi, there's a lot to unpack here, and I'm going to try my best to respond as best as I can to the concerns raised. This is off the top of my head, and not an AI reply!
@Mozuku-Kun I appreciate your enthusiasm, but that answer does not accurately represent the way the platform works. It looks like it's lacking substance as well.
BrowseDNS forums are based on NodeBB, and as such, we inherit a lot of their account and data practices. Here is the main nodebb website: https://nodebb.org/
And here's the specific plugin that is used for most data "right to erasure" language: https://github.com/NodeBB/nodebb-plugin-gdpr
Firstly, regarding your first statement, it is news to me that user account uploads are not removed upon account deletion, and I will look into that directly. Please DM me with any information regarding specific content that you may have expected to have been removed in the past, and we can sort it out.
For the questions:
A1: That line is referring to collecting user data for advertising purposes. Specifically, this would be by using cookies and Google Adsense. As of today, we are not running any ads due to it being too intrusive for Switch users, but we're actively looking into this still, as the platform has costs associated with running it. Here's a thread from the last time that ads were enabled.
Calling it 'for personalization purposes' isn't referring to algorithmic feeds, but instead is digital marketing lingo for: We will show you ads for products that you are probably interested in (by using cookies across the web), thus creating a "personalized" experience.
A2: Deleted with respect to user account data means fully deleted and gone, which is done to comply with GDPR. Individual posts and chats do have a deletion that is a flag in the database, and then can be further "purged" by moderators or admins. But when an account is removed, it's irrevocably removed.
There may be server logs associated with the account that persist up to a few weeks, but these are also regularly automatically purged and not stored longer than needed for basic site maintenance. We could more clearly define these potential loose ends. But for personal data that is requested to be deleted, it is a true hard delete (purge) with intentionally no ability to recover.
A3: Regarding chats and posts, this content is "published" and is not considered personal user data. This is the built-in behavior of NodeBB, but as I understand it, it's because data you share with others (in a chat for instance) is owned by both of you. It's not necessarily fair to the other person in the chat if you are able to revoke all records of your interactions.
I found the following resource online regarding specifically chat messages and GDPR: https://law.stackexchange.com/a/31028
To me, that suggests that if the chat message contains personal data that there is grounds for allowing us to allow the user to delete/purge it. As of this time however, we do not have a way to do this. You would have to go one by one through your posts/chats/uploads, or contact a mod or admin.
Combined with the fact that account deletion is permanent, that does leave an ex-user in a corner, as they're unable to log back in and delete the data yourself. If someone is reading this, and finds themselves in this scenario, please email gdpr@browsedns.net or message an administrator directly. We can absolutely help purge old content and are not trying to be in the business of unknowingly holding onto your published content.
A4: I'll look at those terms specifically and try to add clarity for them, but in general they're mostly going to be bound by whatever wording enables advertising (again, despite the site not having any at this moment). The specific user consent flow though mostly dictated by NodeBB GDPR defaults.
As the hosters of this service, we are ultimately the ones who hold the responsibility, but NodeBB is open source software, and if there are specific complaints beyond that, it might be helpful to sign up for an account on their site, and suggest potential changes from that direction: https://community.nodebb.org (or alternatively, let us/the administrative team here know if their site provides additional guarantees that we may be able to include on our end)
I hope this response addresses some concerns. Most of the BrowseDNS backend is open source, and it's not our intention to be misleading or mince words in this area. Besides hosting open-source projects, I also have professional work experience with GDPR, user data deletion, and user rights, but I'm not an expert. I do welcome you keeping us honest in this regard, for future improvements for the entire site and the rest of the user base.
Sign the petition! Help us figure out the browser timeout.
-
Hi, there's a lot to unpack here, and I'm going to try my best to respond as best as I can to the concerns raised. This is off the top of my head, and not an AI reply!
@Mozuku-Kun I appreciate your enthusiasm, but that answer does not accurately represent the way the platform works. It looks like it's lacking substance as well.
BrowseDNS forums are based on NodeBB, and as such, we inherit a lot of their account and data practices. Here is the main nodebb website: https://nodebb.org/
And here's the specific plugin that is used for most data "right to erasure" language: https://github.com/NodeBB/nodebb-plugin-gdpr
Firstly, regarding your first statement, it is news to me that user account uploads are not removed upon account deletion, and I will look into that directly. Please DM me with any information regarding specific content that you may have expected to have been removed in the past, and we can sort it out.
For the questions:
A1: That line is referring to collecting user data for advertising purposes. Specifically, this would be by using cookies and Google Adsense. As of today, we are not running any ads due to it being too intrusive for Switch users, but we're actively looking into this still, as the platform has costs associated with running it. Here's a thread from the last time that ads were enabled.
Calling it 'for personalization purposes' isn't referring to algorithmic feeds, but instead is digital marketing lingo for: We will show you ads for products that you are probably interested in (by using cookies across the web), thus creating a "personalized" experience.
A2: Deleted with respect to user account data means fully deleted and gone, which is done to comply with GDPR. Individual posts and chats do have a deletion that is a flag in the database, and then can be further "purged" by moderators or admins. But when an account is removed, it's irrevocably removed.
There may be server logs associated with the account that persist up to a few weeks, but these are also regularly automatically purged and not stored longer than needed for basic site maintenance. We could more clearly define these potential loose ends. But for personal data that is requested to be deleted, it is a true hard delete (purge) with intentionally no ability to recover.
A3: Regarding chats and posts, this content is "published" and is not considered personal user data. This is the built-in behavior of NodeBB, but as I understand it, it's because data you share with others (in a chat for instance) is owned by both of you. It's not necessarily fair to the other person in the chat if you are able to revoke all records of your interactions.
I found the following resource online regarding specifically chat messages and GDPR: https://law.stackexchange.com/a/31028
To me, that suggests that if the chat message contains personal data that there is grounds for allowing us to allow the user to delete/purge it. As of this time however, we do not have a way to do this. You would have to go one by one through your posts/chats/uploads, or contact a mod or admin.
Combined with the fact that account deletion is permanent, that does leave an ex-user in a corner, as they're unable to log back in and delete the data yourself. If someone is reading this, and finds themselves in this scenario, please email gdpr@browsedns.net or message an administrator directly. We can absolutely help purge old content and are not trying to be in the business of unknowingly holding onto your published content.
A4: I'll look at those terms specifically and try to add clarity for them, but in general they're mostly going to be bound by whatever wording enables advertising (again, despite the site not having any at this moment). The specific user consent flow though mostly dictated by NodeBB GDPR defaults.
As the hosters of this service, we are ultimately the ones who hold the responsibility, but NodeBB is open source software, and if there are specific complaints beyond that, it might be helpful to sign up for an account on their site, and suggest potential changes from that direction: https://community.nodebb.org (or alternatively, let us/the administrative team here know if their site provides additional guarantees that we may be able to include on our end)
I hope this response addresses some concerns. Most of the BrowseDNS backend is open source, and it's not our intention to be misleading or mince words in this area. Besides hosting open-source projects, I also have professional work experience with GDPR, user data deletion, and user rights, but I'm not an expert. I do welcome you keeping us honest in this regard, for future improvements for the entire site and the rest of the user base.
@VGMoose
Thank you for your transparency and willingness.
Again, the main goal of this post was to get insight, which I find you have provided, and more, not only in your own wording but the cited sources are extremely appreciated as well. I especially appreciate your clarity around account deletion and the nuance of shared content ownership.That said, I do think there’s room for improvement in how these details are surfaced to users, particularly those trying to make informed choices before deleting their account.
For example, the fact that uploads or chat messages aren’t automatically purged, or that deletion locks a user out of further manual clean-up, feels like something worth spotlighting more prominently in your Terms or help pages. A “deletion checklist” or even just an annotated section could go a long way toward transparency.
Likewise, I respect the reliance on NodeBB’s defaults, but as the host, it’s your interpretation and implementation of those defaults that shape the user experience. Are you open to co-developing clearer guidance or even tweaks to the GDPR plugin to accommodate things like ex-user content purges?
Again, I appreciate your openness and professionalism here. The dialogue alone is already a huge step forward, but clarity and structure benefit everyone, especially when acting towards a world where users take more initiative as to what happens with their personal data.
-
I honestly thought all the account data would be deleted, posts and uploads included. The posts/Threads stay but their username stays as "A Former User" and you're unable to view their profile.
Edit: @Orbital We all try to stay transparent and professional, but that isn't always the case.
-
@VGMoose
Thank you for your transparency and willingness.
Again, the main goal of this post was to get insight, which I find you have provided, and more, not only in your own wording but the cited sources are extremely appreciated as well. I especially appreciate your clarity around account deletion and the nuance of shared content ownership.That said, I do think there’s room for improvement in how these details are surfaced to users, particularly those trying to make informed choices before deleting their account.
For example, the fact that uploads or chat messages aren’t automatically purged, or that deletion locks a user out of further manual clean-up, feels like something worth spotlighting more prominently in your Terms or help pages. A “deletion checklist” or even just an annotated section could go a long way toward transparency.
Likewise, I respect the reliance on NodeBB’s defaults, but as the host, it’s your interpretation and implementation of those defaults that shape the user experience. Are you open to co-developing clearer guidance or even tweaks to the GDPR plugin to accommodate things like ex-user content purges?
Again, I appreciate your openness and professionalism here. The dialogue alone is already a huge step forward, but clarity and structure benefit everyone, especially when acting towards a world where users take more initiative as to what happens with their personal data.
Are you open to co-developing clearer guidance or even tweaks to the GDPR plugin to accommodate things like ex-user content purges?
Definitely. A first step will be to make easier tools for bulk purging before account deletion or via global mod / admin intervention. Also, it should be pointed out that this kind of tool would help permanently banned users as well, who are unable to log back in and do it themselves.
I'm still not sure where to draw the line for something like chat messages though. There could be an automatic clean up if all users leave a chat, for instance, as that data could no longer be accessed.
We would also need a way to verify authenticity of the deletion requests, as we don't want users to be able to social engineer and wipe data of different accounts. Maybe on deletion, an email, IP, or other secret phrase could be left to allow managing the data without an account.
Regarding a roadmap, that's something we should also have. @Raven does occasionally post a thread with what we're working on / upcoming features, but we should also have something like a Github board with priorities and visibility to the public for the implementation progress or feedback.
Sign the petition! Help us figure out the browser timeout.
-
I'm not really consistent with the admin changelogs or whatever but that was my first one... If you guys really do want those change logs from us I can definitely do that for you and become consistent.
-
Woah, actual content, great post, though it does sound a little like you have swallowed OpenAI, especially when I look at all other content made: https://browsedns.net/user/orbital/posts , but I'm being sarcastic, as VG has replied in an exemplary manner as always.
GDPR is great for EU members, and for me UK GDPR I think Canada, Japan, Australia and a few others have similar attempts at Data policies , and I'm pretty sure the US have a Cali based effort.. but they really do need to catch up here.
Really interesting topic Orbital, seriously. Thumbs Up.
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
