[openstreetmap/openstreetmap-website] gravatar / user image should only be available to authenticated users (#1631)
Simon Poole
notifications at github.com
Tue Jul 28 15:16:24 UTC 2020
Well that would be a partial fix, naturally IP address etc would still be accessible, but it would better than doing nothing.
My guideline would be that there should be no off site transfer of any communications related data -except- if the user explicitly clicks on a link/button/image that clearly goes to a place outside of the control of the OSMF (not going to the extreme that I've seen some suggest that even in these cases you should show a modal with a warning).
And yes there are a couple of things where that is not so obvious, in particular accessing the routing engines and the query function (we do mention these in the privacy policy though).
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/1631#issuecomment-665101703
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20200728/b887e6cb/attachment.htm>
More information about the rails-dev
mailing list