I’ve noticed that I cannot remove the statistics mentioned on the About Us page to provide a more appropriate About Us description. It seems this is not possible by default on the Discourse platform.
Someone suggested using CSS as a workaround. However, when I want to remove something, it should be completely inaccessible. CSS merely hides the content, and a simple inspection panel in the browser can easily reveal it.
It gives the impression that Discourse has intentionally made the About Us section unmodifiable. I’m unsure of the rationale behind this design choice. It feels as if the Discourse team is imposing a predefined ‘About Us’ page onto my site, instead of allowing me to customize it and provide the information myself. This situation is quite strange.
The concern here extends beyond just the annoyance of not being able to personalize the site. Anyone could track the data and statistics of the site without violating any laws, as it appears that the site owner has voluntarily made these statistics publicly available. However, the reality is that the site owner didn’t want to make it public, but Discourse has made it publicly available without providing an option to hide it.
We, as site owners, should have control over what information is shared with the public. Unfortunately, the current Discourse platform doesn’t offer any options in this regard. This isn’t as simple as saying, “If you don’t like Discourse the way it is, then don’t use it.” Many people may be unknowingly affected by this issue.
Data tracking and the privacy implications associated with it are serious issues that require our utmost attention.
What data tracking and privacy implications are there? On my install the site statistics are just anonymous numbers.
Even though the data is anonymous, continuous exposure of such data could, in theory, be used to infer certain trends or patterns over time. Sophisticated data analysis techniques might be able to glean more information from these data points than one might initially imagine.
The principle of data minimisation in privacy law implies that we should only collect and display the data that is necessary. If these statistics are not essential for your users or the operation of my site, I should be given the option to not to be displayed the site data and statistics. In this case, you leave me (as site owner) with no option, as you’re forcing it.
I believe you’re even breaching,
General Data Protection Regulation (GDPR)
California Consumer Privacy Act (CCPA)
You’re not allowing me (as the site owner) to execute Data minimisation which are stated in those regulations and acts (which applies to both personal and anonymised data).
While these statistics are often used to foster a sense of community and transparency in a forum, I have valid reasons to consider removing or limiting access to them.
I believe it’s in the best interest of my community’s privacy to remove the statistics. So, you need to allow the forum owners to control what is shared with public or not.
I wonder how many people, both users and owners, are impacted by your forceful enforcement of these policies. It’s high time you started seriously considering improvements to data protection and privacy.
Please take these as suggestions for improving Discourse policies, some of which currently exist in a gray area, while others appear to be out of line with privacy norms. I mean to make no personal impact; my sole aim is to enhance privacy and data protection for all users.
From my understanding of GDPR (I’m not a lawyer but I was part of the small team that had to apply it at a large site before I retired) the site statistics are not personal data in any way so not covered by the regulations. I see no way to infer the identity of an individual from the statistics, so there’s no way to infer any personal sensitive data from the summary statistics.
Anonymisation can take personal data outside the regulations, and indeed many organisations use that as a way to process bulk data without having to implement the regulations for that data set - as long as they truly anonymise the data.
Data minimisation is also a good thing, but removing the data from display doesn’t minimise data. The data is still there and could be accessed by an admin.
As such if it were truly personal sensitive data, it would still be covered by GDPR just as much as if it were displayed.
By all means ask for the ability to change the About page, but don’t do it by claiming you’re breaking the law by not having that ability. To be honest, I’m intrigued at what personal information you believe could be inferred from the summary statistics that are provided? Perhaps if people could understand why you’re so worried about the data being displayed it might change our minds.
I understand that removing these statistics from public view doesn’t eliminate them from the backend and that admins could still access them. My suggestion is not about hiding data from admins, but about limiting public exposure of data.
As for what personal information could be inferred from the summary statistics, it’s more about the potential misuse of the data by bad actors, such as data scraping or unwanted analysis. While the risk is low and the data is anonymized, I believe we could offer users the peace of mind by giving them the option to hide these statistics.
I’m not claiming that we’re breaking the law by not having this ability. My point is that adding this option could be a valuable step towards promoting data privacy, which is the core ethos behind laws like GDPR and CCPA. I hope this clarifies my position and I’m open to further discussions.
Laws often have grey areas, but exploiting these ambiguities doesn’t contribute to a healthy community.
Further, may I inquire whether you’re an official member of the Discourse team or an unaffiliated member of the community?
Moreover, I would like to emphasise that the public site data is my own, even though the platform was created by Discourse. As a user (of discourse platform), it’s my preference to keep my data (statistics in my site) private and not display it publicly. I also think it’s important to note that it’s not as simple as saying, ‘If you don’t like it, then don’t use Discourse.’ There may be many other users who, unknowingly and without the option to remove their data, continue to use the platform.
Just an FYI, you can spot a Discourse Team member by the flair next to their avatar:
Though, as this is a community space, we welcome pertinent contributions from everyone. I think @packman makes some good points.
Actually not. You dropped off one very essential word: personal.
I don’t have a strong opinion about this, but was fairly sure it had come up a few times in the past:
So it’s probably not an unreasonable request.
Please re-read the following sentence in my last reply. thanks
I would like to emphasise that the public site data is my own, even though the platform was created by Discourse. As a user (of discourse platform), it’s my preference to keep my data (statistics in my site) private and not display it publicly.
And? Only your personal data is yours. Not public data, that can’t identify yourself.
Yes, perhaps Discourse is utilizing the gray area of GDPR and CCPA laws to collect user data or scrape information in order to measure the usage of their Discourse platform. However, I consider this sensitive site statistics data to be my own private data as the owner, and I believe I should have the option to decide whether to reveal my personal data to the public or not. This is crucial for protecting my data privacy as a Discourse platform user and as the owner of my website, as well as the privacy of my website users.
My intention is to protect the statistics of my site from being publicly displayed without my explicit consent. While certain data may not directly identify individuals, it is crucial to respect the privacy and control of such information.
GDPR and CCPA laws reinforce the significance of data protection and individual consent. As the owner of the website, I strive to uphold the principles of these laws by ensuring the confidentiality and privacy of my site’s statistics. By having the option to decide whether to share this data publicly, I can maintain the privacy of my users and comply with the regulations established in GDPR and CCPA.
Please don’t perceive my opinions as personal attacks; they are solely intended for the betterment of the Discourse platform for all users. It’s important to consider that there may be numerous other users who unknowingly continue to use the platform without the option to remove their data. By providing the ability to control and remove personal data, we can enhance privacy and ensure a more positive experience for all users.
What? There is no basis for your statement, right?
I think the GDPR debate is likely to muddy the waters in this discussion. As Simon says, removing the
/about stats/page info is something that has been mentioned before. Some have been happy with the CSS approach to hide things, though others did want to go a step further and remove/replace it altogether.
It is not a request without merit. Though I think the tone of the discussion is also important. If it becomes too fractious then I’m afraid the topic will be closed even if the feature request is valid. Could everyone please bear this in mind when posting.
My apologizies if my earlier comment came across as a definitive statement.
It was not my intention to assert that Discourse is exploiting legal gray areas. Instead, I was raising a hypothetical scenario based on the concerns of my site’s data and privacy, as well as that of my site’s users.
Further, I want to express my concerns about the possibility of my site’s data becoming publicly available without my consent (as discourse does not provide me an option to remove it). The unauthorised dissemination of such data would not only violate the trust of my site’s users, but it could also potentially contravene legal frameworks such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
These regulations mandate explicit consent and provide individuals with significant control over their personal data. Therefore, it’s vital that Discourse adheres to these principles, ensuring that any data shared or collected through my site is handled in a manner that upholds the highest standards of data privacy and protection.
I think these points have been adequately covered. Forgive me , but your replies are sounding a little AI ish. Let’s draw a line under the GDPR issue and say that your points have been heard.
I appreciate your understanding and patience.
While I understand my responses may come off as AI-like, my aim is to provide accurate and useful information. Regardless of the delivery, the points raised are of critical importance, particularly when it relates to data privacy and legal frameworks like GDPR and CCPA.
It’s essential that these matters are given due consideration, irrespective of whether they’re being written with help of an AI (which is not the focus of the thread). I’m glad to hear that these points have been heard, and I completely agree that it’s time to move forward. Thank you for the engaging discussion.
Just to clarify, there’s nothing wrong with an AI assist in writing your posts, it’s more the repetitive nature of the content/argument that would be of concern (trying to avoid the appearance of being stuck in a bot-loop )
Discussions about feature requests can get bogged down for a number of reasons, and I try and help them stay on track so they all get a fair consideration.
@JammyDodger I have the same feature request, but not for GDPR issues, simply so that none of my competitors can see the activity of our community. Which is something we absolutely would like to avoid.
Competitors can easily figure out that we use Discourse, and hence easily bypass any CSS masking or theming we could do simply by going to the https://[my-community-name].discourse.group//site/statistics.json
Should I create a new topic (it is the same feature request but a new use case)?