Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

devenv generate #1700

Merged
merged 21 commits into from
Feb 7, 2025
Merged

devenv generate #1700

merged 21 commits into from
Feb 7, 2025

Conversation

domenkozar
Copy link
Member

No description provided.

@domenkozar domenkozar requested a review from sandydoo February 4, 2025 05:20
@cloudflare-workers-and-pages Cloudflare Workers and Pages
Copy link

cloudflare-workers-and-pages bot commented Feb 5, 2025
edited
Loading

Deploying devenv with  Cloudflare Pages  Cloudflare Pages

Latest commit: 4d4973d
Status:🚫  Build failed.

View logs

@domenkozar domenkozar merged commit 59e7fed into main Feb 7, 2025
9 of 13 checks passed
@NotAFile
Copy link

NotAFile commented Feb 15, 2025
edited
Loading

This feature appears to flagrantly violate GDPR in every aspect:

  • There is no legal basis for sending all of your local files to a server. In particular there is no reasonable expectation that running a local command would result in a third party processing your data in this way or certainty that this is what the user intended. It is neither made obvious to the user and minimal in privacy impact, as required for a basis in Legitimate Interest, nor is any consent gathered. These are the only bases available.
  • None of the information that under articles 12, 13, 14, must be provided to data subjects are present. Particularly egregious is the lack of the identity of the data controller, the types of data collected and the storage duration and legal bases thereof.
  • While some types of minimal telemetry may be considered necessary in order to ensure performance of the service, this is limited to only that purpose. In particular, if you are storing any information for any other purpose, which we don't know because you are (illegally) not providing that information, say to train AI models, this requires explicit opt-in, not opt-out.
  • As a reminder, consent and compliance is not retroactive. If data is gathered without necessary legal basis, this data must be deleted and can not be further retained or used. This also applies to processing data later for a purpose for which it was not originally gathered.

Note that the cachix "privacy policy" too appears to lack any of the legally required information in the legally required specificity. I highly urge you to correct this too.

@trm109 trm109 mentioned this pull request Feb 15, 2025
Closed
@NotAFile
Copy link

On a broader note, I should note that gdpr requires that you have processes in place to ensure compliance that are in proportion with the sensitivity of the data you are processing. The fact that you are doing something as invasive as uploading people's private files apparently without even a cursory review of the regulatory requirements and privacy considerations, ones which are law in the country you are based no less, is alone a serious deficiency.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sandydoo sandydoo Awaiting requested review from sandydoo

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@domenkozar @NotAFile