It's Foss Terms of Service


#1

Hi , I joined It’s Foss community because I like to read the information from It’s Foss on Linux/Ubuntu issues and the clear way of explaining actions to be taken.
Now, before I surrender to the investigations of NSA, CIA and FBI , I was curious to know where the servers of It’s Foss are located, which laws are applicable and what policy IT’s Foss has on allowing these agencies to view, copy the communities’ members content.

So I decided to have a view at the Terms of Service (ToS).

After some line’s I was surprised, disappointed and started to worry on this. The ToS does look, like a copy/paste of (another?) an ISP cy. With in dozens of places the term “company_short_name”. So this could be filled in later with any companies names and basically means we are “signing a blanco cheque” ?

Before, I want to involve myself in contributing to this It’s Foss community, I have to wait till the ToS properly has filled the empty spots and it becomes clear who is controlling it.

I have following open questions that are not clear

  • will It’s Foss be the name of the company that will govern the ToS?
  • in your ToS you write that the Law of California is applicable, so I assume this is the state Law and not the States Federal Laws?
  • where are the servers of It’s Foss located and do they fall under the USA jurisdiction? ; as this will allow NSA etc to view and copy all and everything we contribute in the community
  • will It’s Foss have thorough encryption on the contents on their servers? Under your privacy tab , you explain to protect our information but you do not specify whether it is encrypted and who has the keys? Under privacy you state that according the Law our information will be made available , when requested. A 3rd Party can have our information, to assist you,but they can not forward the info; so no Cambridge analytica possible.
  • will It’s Foss establish the “Canary” option, like other web-critical organizations have, [ show the Canary as long the USA does not subpoena It’s Foss and remove the Canary when it does , as a warning]
  • Will I have the option to remove my content from the It’s Foss servers, when I want it? This should not only be the removing of content from the visible part of It’s Foss servers but a thorough complete removal of my contributions?
  • HTTPS or not? My connection to your It’s Foss community shows https in the url, however in your ToS art. 5 2nd alinea, you write the HTTPS will only be available as add-on on a paid service?
  • Under art 5 Payments, I expected to find an article that It’s Foss is offering a free service of its community forum with basic forum features. However nothing is mentioned. I can understand that not the basic but only advance additional features could be used for bringing money to you.

Please highlight some of my worries, questions for me , and maybe other interested users.


#2

Hi,

I use Digital Ocean’s cloud server located in London to host It’s FOSS Community.

The ToS you saw was the standard ToS supplied by Discourse Forum (the open source software this forum uses).

I am not a lawyer and have almost no legal knowledge about these terms of service but I’ll try to answer your questions:

  • will It’s Foss be the name of the company that will govern the ToS?

It’s FOSS is a project under the newly formed company chmod777 Media Tech (OPC) Pvt Ltd, registered in India.

  • in your ToS you write that the Law of California is applicable, so I assume this is the state Law and not the States Federal Laws?

Since the company is registered in India, I am presuming it should follow Indian laws.

  • where are the servers of It’s Foss located and do they fall under the USA jurisdiction? ; as this will allow NSA etc to view and copy all and everything we contribute in the community

It uses Digital Ocean cloud platform and the data center is in London.

  • will It’s Foss have thorough encryption on the contents on their servers? Under your privacy tab , you explain to protect our information but you do not specify whether it is encrypted and who has the keys? Under privacy you state that according the Law our information will be made available , when requested. A 3rd Party can have our information, to assist you,but they can not forward the info; so no Cambridge analytica possible.

We have HTTPS enabled on the website so all your traffic coming to us is encrypted. At the moment, I am the only one who has access to the ssh keys to maintain the server. I don’t know if Digital Ocean people can access the servers or not. That would a violation for sure. The user credentials are stored as per the security standards by Discourse.

  • will It’s Foss establish the “Canary” option, like other web-critical organizations have, [ show the Canary as long the USA does not subpoena It’s Foss and remove the Canary when it does , as a warning]
    I am not sure of this term. I don’t think we fall under US jurisdiction.

  • Will I have the option to remove my content from the It’s Foss servers, when I want it? This should not only be the removing of content from the visible part of It’s Foss servers but a thorough complete removal of my contributions?

You can ask us to delete your account and your posts completely. This has to be done by an admin.

  • HTTPS or not? My connection to your It’s Foss community shows https in the url, however in your ToS art. 5 2nd alinea, you write the HTTPS will only be available as add-on on a paid service?

That’s the problem with a standard ToS. No paid option actually. We have HTTPS enabled by default, for free.

  • Under art 5 Payments, I expected to find an article that It’s Foss is offering a free service of its community forum with basic forum features. However nothing is mentioned. I can understand that not the basic but only advance additional features could be used for bringing money to you.

It’s a free platform, free service and I try to help people in my free time. I don’t have any monetization plans with the community, at least not in near future. The community is for discussion not making money.

I know that standard ToS confused you. So I have to edit that long legal document. Thanks for bringing it to my notice.


#3

Thanks for this, to be honest as it was you I just accepted them on trust as in my experience you are a good trustworthy person


#4

thanks a lot for taking your precious time to give an detailed reply.
I am very Happy that your servers are in London, not that GSHQ is so much better than NSA,but the British privacy protections are far better than the worst privacy protection America has.
HTTPS confirmation is very good.
Would be good that users credentials are stored encrypted , which imho is the minimal standard these days, with alll the Hacks goingon,
Think some update of ToS would improve it, and I wish you success with this It’s Foss communnity,


#5

The passwords are encrypted: https://github.com/discourse/discourse/blob/9ce66038647bc4ff63167fe9c74857a01acc0875/docs/SECURITY.md

I’ll update the ToS later :slight_smile:


#6
  • Will I have the option to remove my content from the It’s Foss servers, when I want it? This should not only be the removing of content from the visible part of It’s Foss servers but a thorough complete removal of my contributions?

You can ask us to delete your account and your posts completely. This has to be done by an admin.

When I first started GNU/Linux way back, oh 6 months ago this question was posed to on Manjaro Forum. If I remember correctly the only problem with deleting a users posts was (surprise) empty blocks in a thread which is obviously confusing. Seems like the solution the admins there gave was to delete account and all references to user name. I don’t know, seems to be nit-picking to me, personally.


#7

Cute, cute, cute. Do you think they actually care about laws? :rofl:

If they want something, they take it. Especially when it is prohibited by law, because they feel cool like that.