Update privacy policy #418
Conversation
keunes
force-pushed
the
privacy-policy-update
branch
from
ed74365 to
476f6fb
Compare
_i18n/en/general/privacy.md
Outdated
| - Google: If you have activated backup & reset in your phone settings (`Settings` » `Backup & Reset` » `Back up my data`), you should be aware that Android itself will periodically save a copy of your phone's data in Google's servers. This backup contains private information, including your WiFi passwords, messages and call history. It may also include data from AntennaPod and from other apps you use. The developers of AntennaPod do not have access to this data. For more information, see [Google's privacy policy](https://policies.google.com). | ||
| #### Podcast hosters | ||
| - When provided in the podcast settings, a host will receive authentication data you provided. | ||
| - Web servers that provide podcast feeds may collect additional data, such as your IP address, access time and what is being accessed. This includes the episodes you are downloading or streaming. Please refer to their respective privacy policies for details. You can view a podcast’s URL by opening the podcast and pressing the info icon. AntennaPod does not allow remote servers to set cookies. If multiple podcasts are hosted on the same server, the server can detect the list of podcasts that you subscribed to and that are hosted on that server. This can happen when publishers use services like FeedBurner, Podtrac, or similar to distribute their feeds. |
There was a problem hiding this comment.
Actually it does allow setting cookies but clears them when the app is restarted. Not sure if that's an important distinction to make
There was a problem hiding this comment.
I suppose all cookies are stored in one big pot. Would there be any way that podcast owners can check what data is in other cookies, and, for example, through that find out what else you might have subscribed to? (Apart from when providers are on the same host/network, what is described elsewhere.)
There was a problem hiding this comment.
No, cookies are only sent to the server that created them
| - Google: If you have activated backup & reset in your phone settings (`Settings` » `Backup & Reset` » `Back up my data`), you should be aware that Android itself will periodically save a copy of your phone's data in Google's servers. This backup contains private information, including your WiFi passwords, messages and call history. It may also include data from AntennaPod and from other apps you use. The developers of AntennaPod do not have access to this data. For more information, see [Google's privacy policy](https://policies.google.com). | ||
| #### Podcast hosters | ||
| - When provided in the podcast settings, a host will receive authentication data you provided. | ||
| - Web servers that provide podcast feeds may collect additional data, such as your IP address, access time and what is being accessed. This includes the episodes you are downloading or streaming. Please refer to their respective privacy policies for details. You can view a podcast’s URL by opening the podcast and pressing the info icon. AntennaPod allows remote servers to set cookies but clears them when the app is restarted. When AntennaPod reaches out to a server it only sends the cookies created by the same server (based on the domain name). If multiple podcasts are hosted on the same server, the server can detect the list of podcasts that you subscribed to and that are hosted on that server. This can happen when publishers use services like FeedBurner, Podtrac, or similar to distribute their feeds. |
There was a problem hiding this comment.
This sending of cookies only to the correct servers is a bit too detailed and confusing for regular users, I would say.
| - Web servers that provide podcast feeds may collect additional data, such as your IP address, access time and what is being accessed. This includes the episodes you are downloading or streaming. Please refer to their respective privacy policies for details. You can view a podcast’s URL by opening the podcast and pressing the info icon. AntennaPod allows remote servers to set cookies but clears them when the app is restarted. When AntennaPod reaches out to a server it only sends the cookies created by the same server (based on the domain name). If multiple podcasts are hosted on the same server, the server can detect the list of podcasts that you subscribed to and that are hosted on that server. This can happen when publishers use services like FeedBurner, Podtrac, or similar to distribute their feeds. | |
| - Web servers that provide podcast feeds may collect additional data, such as your IP address, access time and what is being accessed. This includes the episodes you are downloading or streaming. Please refer to their respective privacy policies for details. You can view a podcast’s URL by opening the podcast and pressing the info icon. AntennaPod automatically clears any cookies set by the remote servers when the app is restarted. If multiple podcasts are hosted on the same server, the server can detect the list of podcasts that you subscribed to and that are hosted on that server. This can happen when publishers use services like FeedBurner, Podtrac, or similar to distribute their feeds. |
There was a problem hiding this comment.
@ByteHamster I'm not sure. Most people will not read this document. People actually reading it are most likely interested in understanding how exactly it works. So I would not say we're writing for 'regular users'.
Given this I think we can go a bit more into the technical details (for example, indicating that we apply the same principles about cross-domain access as browsers). What about this?
| - Web servers that provide podcast feeds may collect additional data, such as your IP address, access time and what is being accessed. This includes the episodes you are downloading or streaming. Please refer to their respective privacy policies for details. You can view a podcast’s URL by opening the podcast and pressing the info icon. AntennaPod allows remote servers to set cookies but clears them when the app is restarted. When AntennaPod reaches out to a server it only sends the cookies created by the same server (based on the domain name). If multiple podcasts are hosted on the same server, the server can detect the list of podcasts that you subscribed to and that are hosted on that server. This can happen when publishers use services like FeedBurner, Podtrac, or similar to distribute their feeds. | |
| - Web servers that provide podcast feeds may collect additional data, such as your IP address, access time and what is being accessed. This includes the episodes you are downloading or streaming. Please refer to their respective privacy policies for details. You can view a podcast’s URL by opening the podcast and pressing the info icon. AntennaPod allows servers to set cookies but clears them each time the app is restarted. Web servers only get access to cookies that were set by the same server. If multiple podcasts are hosted on the same server, that server can potentially detect which of its hosted podcasts you've subscribed to. This can happen when publishers use services like FeedBurner, Podtrac, or similar to distribute their feeds. |
There was a problem hiding this comment.
for example, indicating that we apply the same principles about cross-domain access as browsers
That goes without saying. Explicitly stating this feels quite odd. Cookies are never sent to a server that did not set them, just by the way cookies work technically.
| - Android version | ||
| - visit or participate on our forum: as described in the [forum's privacy policy](https://forum.antennapod.org/privacy) | ||
| - actively make a financial contribution via Open Collective (unless you make an [anonymous guest](https://docs.opencollective.com/help/financial-contributors/payments#contributing-as-a-guest) or [incognito](https://docs.opencollective.com/help/financial-contributors/payments#select-a-contributor) contribution): | ||
| #### Android system managers |
There was a problem hiding this comment.
I have never heard that word. How about just "Google"?
There was a problem hiding this comment.
I came up with this term because a) if possible I'd like to avoid mentioning specific parties in these headings (as we don't do it anywhere else in the policy) and b) I don't know if/what services other manufactorers to collect their diagnostics data. Murena doesn't seem to have this. Samsung does because we have received automatic reports via email about battery discharge.
If we change this to 'Google', then should we also move the point about 'back-ups' in the same section? At the same time Samsung seems to have its own app settings back-up service. Maybe we should add a general note along the lines of 'Your phone manufacturer might have a similar service; check their privacy policy'
There was a problem hiding this comment.
Maybe "device vendors"? I guess Google still somehow counts as a device vendor because they build the system that vendors ship on their device
Closes #139
'Last updated' date to be adjusted when implementing feedback.