@yuvipanda brought up the good point that (I think) we're currently in violation of EU privacy law when it comes to EU visitors to mybinder.org. That's because we're using Google Analytics to track activity, but we don't ever ask visitors to "accept" us doing this. We should fix this :-)
FYI. There is an Elastic Webinar next week on GDPR Compliance: https://www.elastic.co/webinars/gdpr-compliance-and-elasticsearch
Here's also a white paper which likely has more than you would ever wish to know:
https://www.elastic.co/pdf/white-paper-of-gdpr-compliance-with-elastic-and-the-elastic-stack.pdf
We are now running google analytics with anonymized IPs and no cookies, so I think we are in compliance without a need for a dialog. We have short-term (30 days retention) logs of IPs for abuse-detection purposes, but that's it and appears to be permitted as long as it is destroyed in a reasonable amount of time.
Do you all think it's worth having a short paragraph on the docs somewhere? Maybe in the FAQ? Something like:
mybinder.org ensuring user privacy?mybinder.org takes user privacy very seriously! Because Binder runs as a public, free service, we don't require any kind of log-in that would let us keep track of user data. All code that is run, data analyzed, papers reproduced, classes taught - in short, everything that happens in a Binder session - is destroyed when the user logs off or becomes inactive for more than a few minutes.
Here are the pieces of information we do keep: We run google analytics with anonymized IPs and no cookies, which gives us just enough information to know how Binder is being used, and but won't be able to identify users. We also retain logs of IP addresses for 30 days, which is used solely in the case of detecting abuse of the service. If you have suggestions for how we can ensure the privacy of our data and users, we'd love to hear it!
And we should link to it from mybinder.org. Would be nice to integrate it with the "join the chat, read the docs, see the code" but I can't think of a nice way to continue it.
Most helpful comment
FYI. There is an Elastic Webinar next week on GDPR Compliance: https://www.elastic.co/webinars/gdpr-compliance-and-elasticsearch
Here's also a white paper which likely has more than you would ever wish to know:
https://www.elastic.co/pdf/white-paper-of-gdpr-compliance-with-elastic-and-the-elastic-stack.pdf