Opened 5 years ago

Last modified 3 years ago

#1909 new task

API: Write Terms of Service/Use

Reported by: planetcruiser Owned by: planetcruiser
Priority: major Milestone: unassigned
Component: FrameWork Keywords:
Cc:

Description (last modified by planetcruiser)

To encourage people to use the API responsibly we need to publish a TOS/TOU document and make people tick a checkbox before using the API.

Contents:

  • No mass scraping
  • No publishing of private data
  • No mirroring of information that is not published by you
  • Access only allowed via FLOSS clients (optional)
  • No commercial use
  • No spamming

Related:

Change History (4)

comment:1 follow-up: Changed 5 years ago by pablobd

this API-TOS will be under (and must comply) with BW ToU and privacy policy
http://www.bewelcome.org/terms
http://www.bewelcome.org/privacy
I'm specially worried about privacy policy and commercial use, FLOSS clients might be a good way to prevent this
Issuing an api key should be a very strict and reviewed process, e.g. show us your source code before you get the key

comment:2 in reply to: ↑ 1 Changed 5 years ago by planetcruiser

  • Description modified (diff)
  • Status changed from new to accepted

Replying to pablobd:

this API-TOS will be under (and must comply) with BW ToU and privacy policy
http://www.bewelcome.org/terms
http://www.bewelcome.org/privacy

sure. want to help with writing this?

I'm specially worried about privacy policy and commercial use, FLOSS clients might be a good way to prevent this

i am not sure if we will be completely safe from people using the api on closed source clients, but we should at least include it in the terms. after all a large percentage of people are surfing our site with proprietary software like safari, IE and opera. also google chrome is not fully open source, only chromium is.

Issuing an api key should be a very strict and reviewed process, e.g. show us your source code before you get the key

i don't think keys should be so restricted. we don't have the resources to review applications and also we should not panic about it. again, using the api is just a more structured way of looking at the very same data that people are handling already when viewing the site with their browsers. in other words: with scraping, which we don't forbid as far as i know, the same things the api offers can be done already.

the way i implemented this now is that users can generate their own api key on a special page within rox, stating their intended use and accepting the terms of usage. see #1898. hits to each api key are counted and if we spot abuse we simply lock a key.

to keep api usage closer within the community, we *could* only allow api key generation by people that have at least one positive comment by someone that already has one positive comment. but i'd say let's not kill developer fun with too many preemptive measures.

comment:3 Changed 4 years ago by planetcruiser

this ticket is assigned to me, but i won't have time to work on it. feel free to take and coordinate.

comment:4 Changed 3 years ago by shevek

  • Status changed from accepted to new
Note: See TracTickets for help on using tickets.