[Enhancement] Due to local laws the possibility to remove the buy-a-coffee link OR the possibility to link to a privacy statement. about pairdrop HOT 14 CLOSED

Yes, it works. Thank you!

from pairdrop.

I use Portainer. I have managed it by omitting the "" in Portainer. Now it works.

Thank you very much for your help and for implementing the function!

from pairdrop.

@schlagmichdoch
Sure, we can stay in English :)

As far as I know, according to "DSGVO" you need an imprint for every website that has to do with any form of money, be it donations, subscriptions or other payments, as well as any offer of software or the possibility to download files.
On the other hand, you do not need an imprint if you password-protect everything, i.e. you can only access the site with a password (e.g. http auth). In addition, some points are different if you host things privately, such as a private cloud or something like that. From the point at which sites are intended/accessible to the public, an imprint + privacy policy is usually required.

I think the pairdrop instance itself is not a problem, but all links to other sites like twitter, buy-me-a-coffee or I think github could be problematic, especially the second one.

This is my knowledge, I am not a legal expert and all this information is without warranty. For really reliable legal advice, you need to consult a lawyer.

Nevertheless, I don't want to take any unnecessary risks, hence the question. You said you were happy with both ideas, but I think your idea with the custom links is great! I think making the whole thing customizable via Env's is the best solution.

Would you implement that?

Thank you very much for your answer and openness! :)

from pairdrop.

Also, there could be a button to a privacy policy (if needed) which would probably open in a scrollable dialog.
If anything else is specified via PRIVACYPOLICY_BUTTON_LINK the button would redirect to that link instead.

from pairdrop.

@schlagmichdoch
Great. I can't think of any more ideas for buttons, but the way you described it to me is the perfect solution from my point of view. I think the "PRIVACYPOLICY_BUTTON_LINK" button makes a lot of sense. When could you implement this?

As I said, I'm not a lawyer, so I can't give you any legally certain information. I can imagine that Pairdrop falls into a legal gray area here. You would be safe with an imprint and privacy policy, which does not mean that you will get mail from the lawyer tomorrow without it. Where there is no plaintiff, there are no proceedings.

from pairdrop.

I think the solution with the envs is good. As long as they are not absolutely necessary and pairdrop runs even if no env is available, i.e. the whole thing is optional, I don't see any disadvantages.

Thank you for being able to publish tonight!!!

from pairdrop.

@schlagmichdoch
Super! I see it's out. Thank you very much!
How is it working now? Which Envs can be set?

from pairdrop.

@schlagmichdoch
Thank you, it works, just not properly. The buttons are displayed correctly, only with the PRIVACYPOLICY_BUTTON, for example, if PRIVACYPOLICY_BUTTON_LINK="https://my-url.tld" is set, you go to pairdrop and click on the button you are not redirected to https://my-url.tld, but to https://pairdrop-url.tld/"https://my-url.tld"...

from pairdrop.

Probably you need to omit the double quotes. Could you test that? I would the change the docs accordingly.

from pairdrop.

May I ask what you are stating in your privacy policy?

from pairdrop.

Also, if you use the double quotes on the title env vars as documented, are the double quotes then included in the hover titles or does everything work as expected?

from pairdrop.

@schlagmichdoch
I have written there that I do not need an imprint and data protection declaration due to the idea of use [private use].

The double quotes in the title env can also be seen on the page.

from pairdrop.

You're probably deploying using docker-compose. I believe in docker compose you must not escape strings with double quotes as they are escaped by being on one line each.

Alternatively you can use the map syntax:
https://docs.docker.com/compose/compose-file/05-services/#environment

from pairdrop.

The following comments were deleted by GitHub (via hubot) as part of mistakenly marking this account as spam on 17th February 2024. The correct thread order and the creation date is unclear. I decided to manually restore them anyway in order to complete the information this issue holds even though the restored information might be outdated:

Comment by @schlagmichdoch:

you speak german

Although this is true, I'd like to keep all GitHub discussions in English to make them more accessible and transparent. :)

As far as I know, due to laws in my country, if I link a donation link from my instance, I would have to provide personal data.

Is this is a rule of the GDPR (DSGVO in German)? If so, could you provide a link to an explanation / description? What is the problem about the link to buymeacoffee.com and why would it need a privacy note? Is this different than a link to Twitter / Mastodon? BuyMeACoffee has it's own privacy note and PairDrop instructs the browser to omit the Referer header.

I'd be happy with both ideas. If your concern proves to be true, I would need to add a privacy note to pairdrop.net anyways as it is hosted in Germany.

• Could this be the same privacy note for all instances? Must it include the URL of the instance?
• What would be the content of the privacy note?
• Do you know whether this is needed for any other feature of pairdrop.net? As no data is saved I don't think so but I'm no expert.

Also, I have seen instances that change the link to another link of their liking. Maybe a convenient way would be to set a environment variable with any link or completely hide that button by setting the env var to false.

I can understand that they want to earn some extra money

The money is used to pay for the server and the domain.

Sidenote:
As this software is open source and licensed under GDPLv3, you can always fork this and remove the link yourself before hosting this until then.

Comment by @schlagmichdoch:

Buttons

I think an implementation via envs would be fine. As I'm not sure about Twitters future, I will implement some other button to be customized as well. The GitHub and GitHub FAQ links should always be displayed as GitHub is the only documentation for users right now.

If a button link env var is set, the client will overwrite the current default value. If the env var set to false the button will be hidden by the client.

Buttons:

• MONETARIZATION_BUTTON_LINK
  • Default: buymeacoffee.com
• TWITTER_BUTTON_LINK
  • Default: twitter.com
• MASTODON_BUTTON_LINK
  • Default: hidden
• BLUESKY_BUTTON_LINK
  • Default: hidden
• CUSTOM_BUTTON_LINK
  • Default: hidden

Any other ideas for customizable buttons?

GDPR

but all links to other sites like twitter, buy-me-a-coffee or I think github could be problematic, especially the second one.

And you think these are a problem for the official PairDrop instance as well?

I'm not entirely sure a privacy policy is needed for outgoing links. If you take a look at the privacy policy of the CCC you will not find anything about outgoing links eventough they link to a Mastodon instance.

None of your business (NOYB) does indeed mention following links to a third party page but only mention that "you are then subject to the privacy policy of this third party".
you are then subject to the privacy policy of this third party.

for every website that has to do with any form of money, be it donations, subscriptions or other payments, as well as any offer of software or the possibility to download files

None of this is true for PairDrop itself.

In my opinion Twitter, GitHub and BuyMeACoffee need a privacy policy but PairDrop does not? I'm honestly interested in this, so if you have more information on this I'd appreciate if you would share.

Comment by @schlagmichdoch:

I'm currently working on version v1.10.0 to be released this evening and I think I can include this.

I'm currently working on this and think the hover titles should be customizable as well. I will not make the icons customizable for now as I don't think anyone will use this.

But then we would have 3 env vars for each of the 5 customizable buttons:

DONATION_BUTTON_ACTIVE=true
DONATION_BUTTON_LINK="https://www.buymeacoffee.com/pairdrop"
DONATION_BUTTON_TITLE="Buy me a coffee"

Would it be better to reduce it into one env var and use the JSON format or is that bad practice?

BUTTONS={ "donation_button": { "active": true, "link": "https://buymeacoffee.com/pairdrop", "title": "Buy me a coffee!" } }

We could also introduce a buttons.json to be loaded analogously to rtc_config.json.

Any ideas?

Comment by @schlagmichdoch:

I have only included it in v1.10.1 today. You find the documentation here:
https://github.com/schlagmichdoch/PairDrop/blob/master/docs/host-your-own.md#customizable-buttons-for-the-about-pairdrop-page

Comment by @schlagmichdoch:

The double quotes in the title env can also be seen on the page.

I cannot reproduce this.

If I use node or docker to start the PairDrop instance with the new env vars, it is working with the double quotes:

PRIVACYPOLICY_BUTTON_LINK="https://noyb.eu" PRIVACYPOLICY_BUTTON_TITLE="This is a test" npm start

docker run --pull="always" --restart=unless-stopped --name=pairdrop -e PRIVACYPOLICY_BUTTON_LINK="https://noyb.eu" -e PRIVACYPOLICY_BUTTON_TITLE="This is a test" -p 127.0.0.1:3000:3000 lscr.io/linuxserver/pairdrop

Result:

How are you deploying your PairDrop instance and what OS are you using?

from pairdrop.