[Standards] XEP-0363 (HTTP Upload): Privacy Considerations & Deletion

Travis Burtrum travis at burtrum.org
Fri Apr 27 12:59:12 UTC 2018


On 04/27/2018 02:39 AM, Jonas Wielicki wrote:
> On Freitag, 27. April 2018 04:59:25 CEST Travis Burtrum wrote:
>> Many implementations don't even track who uploaded what, isn't that
>> better?  No records, no problems?
> 
> No. It’s not about the association, it’s about the users data (the uploaded 
> files) which must be deletable. At least that’s my understanding of the 
> situation.

Proposed terms of service wording:

When you upload data, it's our data now, not yours.

Does that solve the problem?

If there must be a way to delete, I'd propose servers return a random
'deletion key' that clients can use at some future time, instead of
being forced to record what data belongs to what users.


More information about the Standards mailing list