View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
5103Composrcorepublic2022-11-30 23:302022-12-01 01:47
ReporterPDStig Assigned ToGuest  
PrioritynormalSeverityfeature 
Status newResolutionopen 
Summary5103: Make rules acceptance page a step in all forms of log-in
DescriptionAccording to the Facebook docs:

"Be aware that this is a trade-off: allowing quick log in, but limiting your ability to control sign-ups. Facebook login differs from normal Composr joining in the following ways:
 - Rule acceptance will not happen (so make sure you link to your rules somewhere); Facebook login is generally designed as one-click, so extra steps are the antithesis of this"

"Rules" for some sites could be a legally-binding Terms of Service. Physically requiring the user to read and agree to them before proceeding will strengthen the legality of the ToS contract between the website and the member (opposed to simply linking to them but still allowing the member to join without reading / accepting them).

A stronger argument: Now that we are trying to be GDPR-compliant, it is critical that we require users accept the Privacy Policy for GDPR compliance; a site can say "we made sure all our members are aware of what happens with their data".

Therefore, I think the rules / privacy page *must* be read/accepted by *all* new members regardless how they sign up.
TagsType: Legal compliance / Privacy
Attach Tags
Time estimation (hours)3
Sponsorship open

Sponsor

Date Added Member Amount Sponsored

Relationships

Search Commits
related to 478 Not AssignedGuest Forced profile completion 
related to 3590 ResolvedPDStig Legals re-agreement 

Activities

Chris Graham

2022-12-01 00:28

administrator   ~7763

If this is implemented, it probably would make sense to do so with the "forced profile completion" system (478) that is currently used for httpauth logins and others, and in coordination with a new system of tracking when users have accepted rules (3590).

i.e. The user logs in, the system sees they haven't agreed to the rules yet, so forces them to agree as a part of the forced profile completion screen.

PDStig

2022-12-01 01:47

administrator   ~7766

I think that's reasonable. It is also a good way to have a digital record of their agreement.

Add Note

View Status
Note
Upload Files
Maximum size: 32,768 KiB

Attach files by dragging & dropping, selecting or pasting them.
You are not logged in You are not logged in. This means you will not get any e-mail notifications. And if you reply, we will not know for sure you are the original poster of the issue.

Issue History

Date Modified Username Field Change
2022-11-30 23:30 PDStig New Issue
2022-11-30 23:31 PDStig Description Updated
2022-11-30 23:32 PDStig Description Updated
2022-12-01 00:23 Chris Graham Time estimation (hours) => 3
2022-12-01 00:25 Chris Graham Relationship added related to 478
2022-12-01 00:26 Chris Graham Relationship added related to 3590
2022-12-01 00:27 Chris Graham Category General => core
2022-12-01 00:28 Chris Graham Note Added: 0007763
2022-12-01 00:28 Chris Graham Tag Attached: Type: Legal compliance / Privacy
2022-12-01 01:47 PDStig Note Added: 0007766