Privacy is an important feature of Joplin, and this is clear because all non-private features that access the internet can be disabled in settings. For example, auto-updating and geo-location retrieval for note properties.
Ideally I would prefer that all non-private features are disabled by default, or only enabled after prompting the user for permission/approval during installation or first start up.
Would it be worthwhile if I have a go at drafting such a section?
Of course, I’m not a lawyer, so i have little weight in this.
It would also disclose all the non-private features, so the user can disable them if they want. Otherwise they may be oblivious.
It would serve two functions, 1) for users: to let users know what they can expect with Joplin and setup it up according to their desire, and 2) for development: to ensure designs of new features follow the same principles in the future.
I guess legally, there might have to be a disclaimer about the potential of bugs and other unintentional violations?
I completely agree and wouldn’t be using Joplin if that wasn’t the case in my current place in life. What I’m saying is that the license should cover a large chunk of the issues that could arise so this would be more of a thing to add to help with Joplin’s appearance to its users. I’m also stating that my thoughts on this could be totally wrong due to me not being fully versed in laws and whatnot.
I’ve lately started using less software and services these days due to disagreeing with their privacy policies or lack there of.
Unfortunately this is not very good for privacy. Since Joplin is marketed as a privacy conscious app (privacy is always mentioned in combination with Joplin), using a default that ignores your privacy rights is counterproductive. This will come up in reviews at one point. e.g. I would comment on that negatively.
Joplin is good for privacy because it doesn’t track any user. Third party might do but that can all be disabled.
With settings, we need to use the default that will satisfy the majority of users. Truth is, the majority of users doesn’t care that much about privacy (people who do care are vocal about it, but those who don’t we don’t hear from them), however they do care about the app “just working” - i.e. auto-update works, geo-location tracking works.
In any case, you can never satisfy everyone - if we disable these settings, people will ask why auto-update or geo-location doesn’t work; if we enable them, people will complain that it’s a privacy issue.
And I think what mic704b suggested is a good compromise - we document it well, we are open about it. Perhaps later we add some popup dialog that opens the first time the app is launched, etc.
Don’t get me wrong, I really don’t care, because I block any outgoing connections by defauly anyway.
It’s just that I’ve noticed several topics in this forum (and on github) over the past year which all asked for changing the default. I am rather extreme in that regard. I’d turn everything off by default. That’s just a personal preference. I see it like this: Currently more harm can be done by using the app out of the box without reading the documentation, which btw, hasn’t been all to clear that geo and version check were on by default.
As I mentioned before, I don’t care, because I block any outgoing connections. But what about the people that don’t? They use the app and just by doing so, data is transmitted.
It’s kind of lame telling people: hey, you should have read the doc BEFORE using the app.
Once again, this is just my opinion. But this is what it will come to, when we leave it like it is.
Having those things in the documentation is great, but I don’t think we can expect people to read the documentation before using Joplin.
I like the principle by which Android apps now seem to work:
rather than a default being set to attempt to meet what we can only presume to be any user's preference,
all permissions are switched off by default and they are programmatically invoked when they might first be relevant - this then meets the needs (at first potential use of any and all features worthy of a privacy protocol),
and also allows the features to be promoted/ made known to the user, but
not simply switched on or off - which still doesn't actually bring attention to the user that they are available, let alone allowed by default.
I have been sharing notes with others that use Joplin for the past few months and I am upset to see that the geolocation setting has been on by default leaving users to know where I live, where I work, or where I could be just to take notes.
I do see a benefit for a person using Joplin to keep a track of there notes depending where they are but there needs to be an option in the UI where this setting can be managed by the user.