I’m wondering if, during all the years of Discourse’s development, there have been discussions of having a privacy-hardened version? I’m specifically thinking of disabling any tracking and profiling features and corresponding data storage in the back-end, not storing time-read for articles, no user-last-seen stats, etc. Basically anything that stores/reveals personal information about a user that they do not choose to publish themselves would be left out.
I’m not asking this as a hypothetical, as I’ve been trying to get a Discourse forum hosted in a policy environment which goes beyond the GDPR and which does not allow any type of tracking or profiling by default. So far it’s been a though sell (even though the quality of Discourse is not in question). I’m also of the opinion that at least some of the tracking/profiling features are useful to have in an online community (and so not having them in whatever forum software you’re using would have a negative impact on the interaction and experience).
A related question then is if it would be possible to create such a privacy-hardened version, as a fork? Or are the tracking and profiling features and corresponding data too tightly integrated in the whole system and experience to make that even a possibility?
You don’t want to fork. You could create a plugin that would remove whatever features you want to remove.
As you point out, many of those things that are tracked are tracked to improve the quality of conversation and fight spam. I guess you’re asking to disable the automatic trust level system, for starters. If your users want to be part of a system where a spammer has the same rights and privileges as a longstanding member, that is certainly possible.
If you wanted to do that, you’d start by making a list of the things that are tracked that or your constituency think are problematic and override the classes that create and depend on them.
It would definitely be possible, as a plugin. You would need to sacrifice some features for that (or make them work less well), and you would need to consider in relatively great detail where functionality stops and tracking starts (for example, if you remove the user-last-seen-stats you would still have the latest timestamp of a users posts and likes as a minimum last-seen-date).
I think the better bet would be to go the consent and contract legal basis routes where users know and agree that the data that is collected about them (exclusively) serves the goal of offering them a good forum experience. You even won’t need to go the legitimate interest route since you’re not selling their data to advertisers or anything.
First, thank you both for the quick replies. I wasn’t aware of plugins and that they might be able to help in this case. I’ll look into those, sounds promising!
I definitely agree with both of these points, but the problem is not with our users and what they would agree to. It’s with our internal privacy policies not allowing to host Discourse (or similar software) as a service due to the use of tracking and profiling.