I would wait for a warrant, indeed, but while they were getting one, I'd be getting their data ready, to avoid any hassle. I have a kid to feed, so I can't really risk jail time to harbor a criminal.
In a private post, I will explain what I mean by getting their data ready.

at least in the US there really needs to be an official warrant. Some people think they can just call you on the phone and demand information, and despite getting seriously pissed when you tell them to go kick rocks - you gotta have some backbone hopefully that's usually the case with admins.

Try to avoid disclaimers. It doesn't hold much ground in courts. Rather cite the clauses that protects you specifically. It is safer that way in the long run.

Yes, but you could consider hosting your server under a different jurisdiction all together. There are a number of good hosting/VPS providers in other parts of the world. Places that have strong freedom of speech, and privacy protection clauses in their laws. Norway, Iceland, even Sweden, Switzerland, etc.

Yes, and you could also consider hosting your server in, say, Iceland, while living in South Korea. Why not, we live in a "globalized" world after all, no?

The statement makes sense. What would be the best place to display it? Would it be part of a future git pull (as part of the Help section?), or should I create the page and manually link it - following @Thomas Willingham 's suggestions.

I have a local atty. friend who is on diaspora, but I don't know any on ~friendica , yet. Just one local chiropractor, and I don't think that's of much use in these matters.

Is there an attorney in the house?

I wonder if Diaspora Inc. has an attorney on retainer? What with all the $$ they keep taking in with donations and all, and having a corporation set up, they would have to, no? But, most D* sites don't have this kind of feature, a well spelled-out ToS and Privacy Policy.

I was wondering if admins could force expiration of posts. This is a user configured parameter, now. I have mine set to expire after 180 days, anything not filed/starred or in my personal notes. But in the interest of conserving storage space, I could see forcing that site wide as a potentially viable option.
Then, really, what takes up space is uploaded media (mostly photos, I suppose, since we don't allow video or music uploads, just links), and those don't expire.
I mean, I pay for storage. I have 20gb here, but I'm already using almost half. (because my own art site with lotso images, various tarballs for software I wrote, and other such crap are all over the server, too).

A disclaimer wouldn't cover me here, but as I said, we have a plausible deniability loop hole. There are 196 different answers to the question, and we just have to find the one that suits us best with our local laws.

How would you hand over your data? Well, you'd post to Lazy Admin and ask for help, to make the groups busier. Then you could follow the instructions, get it wrong and "corrupt" your database, and only have a backup 30 days old which means everyone's posts have expired, oh, damn.

How would I even hand over one user's data to authorities? Export it from the db somehow? Would/could I end up having to surrender the whole db? (probably I'd have to ask a lawyer?)

Well, here, for instance, the RIAA and the MIAA are trying to get ISPs and sites like FB, etc. to assume responsibility for, and police, stuff that users do using their services, which is sheer bullshite, of course, but that's how they nabbed Kim Dotcom, and why the keep going after thepiratebay, etc.
ACLU and other lawyers fight shite like that, but without a strong ToS to ensure user responsibility for their own content, i.e., force the user to expressly assume responsibility for their own stuff, it's easier to go after a site owner.
It's like at the roller rink where I skate. They make you sign a waiver that they are not responsible if you injure yourself, that you skate at your own risk. Without that, they'd get sued left and right, and no insurance agency would insure them, etc. With that, they have a legal protection if you are injured on their property, unless, of course, negligence on their part can be firmly established. But if you run over some kid and crack your head on the rink falling, it's your own damned fault.

I added a link to /register by editing view/register.tpl (stash,pull,pop).

My ToS is linked from both, the impressum/friendica page and the help page. My Register Text posts the url (Welcome! Be Free! By registering you agree to our ToS and Privacy Policy https://free-haven.org/tos ), but it's not a link, just the text of the url, since that field doesn't allow html or bbcode.

I'm throwing out these caveats about admin liability, because I think it's important, not only as an admin, myself, but to attract other potential admins/site hosts.
Sure, we want to attract users and ensure them that their data is safe, secure, private, but we also have allow admins (ourselves) to protect ourselves from potential liability from user abuse, technical error, floods, haxor intrusions, hardware failure, force majeure, raining cats and dogs, orc infestations, and crossing the beams.
While I hadn't thought must about the matter until now, I do realize that as a host of a site where others can play in privacy, that in some instances, unless I am clear in protecting myself, I could be held liable for losing someone's data or for illegal materials posted here, so I make it clear: the user is responsible for their own stuff. Free-Haven is a free service, and comes with no guarantee (like al GPL software, no guarantee even of usability), etc.

I am liable for what gets posted on my site.

What I do have though, is plausible deniability, in which case, I can't be prosecuted. If you post privately and I can't see your post, then I'm not responsible for it until somebody brings it to my attention. I was told to remove the bits that kept saying "of course, we will never view your private posts" to strongly insinuate this to people though.

The law may vary since we're several thousand miles apart, and in entirely different continents though.

Oh, that field, "Register Text" just adds a single line to the top of ../register
and, I've now experimented and found that it does not accept either html or bbcode.
I think it should be a full text entry field, and accept either html or bbcode.

My feeling is, people can do whatever they want on here, so long as they aren't molesting children or conspiring to hurt anyone.
Just, I refuse to assume any liability for their use of the site, either for loss of data, leakage of data, legal action, or anything else. The user must hold the site, the admin (me), the host, blah blah harmless and assume all responsibility for their actions and posts.
Also,I'm not spying on them, but I do encourage users to report abuse.
Abuse, to me, is pretty specific. Either they have to be routinely harrassing other users, or be posting stuff related to the abuse or exploitation of children. Pretty well anything else goes, including commercial use of the platform, so long as it is not spamming people, although, I wonder if we shouldn't include something about the abuse of the platform to spam other sites, now we have all these connectors.
I mean, if Wordpress.com contacts me and says a user is abusing their platform, by posting from my site, and can prove it, of course, I suppose I should kick that user off, or something. There's something we need to consider. What is our liability in such a case?
I don't think we, personally, can get in much trouble, but I do think we'd be expected to anything possible at our end to prevent abuse of another site that's emanating from our own (i.e., tthrough the use of a connector).

I tried putting stuff there before, and couldn't find it anywhere, so not sure what it does.

There is a field in Admin->Site for "Register Text". Can I add a link in there to my ToS? Will it accept html? Or should I just put the url?
I think this should be a larger field, like a full text entry box.
Being able to write html to it (if not already possible) would be a plus.
Then I could add a whole registration message:

Welcome to Free-haven.org! have fun, be free, blah blah, read our ToS and Privacy Policy, and don't forget to send birthday money to Tony via paypal at tony@myemailaddress on or about Feb. 6. blah blah...

You'll get a conflict if doc/Home.md is updated, but it rarely is - the last time any documentation was updated was when I did like three or four weeks ago. It's two months or so since Home.md was touched.

It's boot.php that's a pain in the arse. I've got to edit that every single day.

Another option would be to add it as an addon and claim the yourdomain.com/tos link.

Okay, well I added the link in doc/Home.md, but my page is still ../mod/tos.php

And won't I still have a conflict for having modified doc/Home.md ? (nothing stash/pull/pop won't manage, just I try to keep such conflicts to a minimum, for my own sanity).

Hmmm probs with frndk.de at the moment - so @Vasudeva Kamath ,

hippy bird day two ewes.

Oh, is that how it should work? I made it in /mod/.

I think y'all should have a look a my ToS. Your feedback would be most welcome.

The documentation doesn't get updated much, Tony.

Stick it in doc/ then add a link from Home.md and you hardly ever have to worry about merge conflicts.

I'd like to add a link to my ToS in the help or info page. I know I can do that, but haven't at the moment, to avoid stashpullstashblah, but, as mentioned, if this were made a plugin, that, imho, would/should/could be part thereof, of course, as well as a link on the registration page, with, even, possibly, a radiobox to check for acceptance prior to enabling the submit button.
We need, indeed, to make users aware of how we respect their privacy, of course, and we also need to protect ourselves from any possible abuse, which is something nobody seems to have given much thought, yet.

I added a disclaimer indicating that I assume no responsibility for the user's actions on the site, the materials they post, etc., and, including the security of their data. That by using the site, the user assume responsibility for their own materials, their own privacy settings, the security of their password, blah blah blah (only more in legalese...working with lawyers and translating contracts has it's advantages, but also makes me paranoid).

Mike is now friends with Arto

Here, I made a tos page: https://free-haven.org/tos

I have terms and a privacy policy worded by actual lawyers (though it will only comply with Bulgarian law). It won't be perfect, but it's very much in the spirit of Friendica. If you hang on until I get a chance to pick it up at some point this weekend (it's at my office, but I haven't had a chance to get there all week), we can use that as the basis.

Should probably have two sections. Section one are the rules/guidelines which cooperating sites abide by, and underneath it is a place to display local policy if there are any differences.

Would anybody like to take a shot at a template for a privacy policy and ToS ? Those are most certainly going to be customised for each site but we should provide a cookie cutter template that sites can start with.

I think such a plugin, perhaps, could have a field for editing on our end, like impressum and others, where the admin can set their own policy re: liability, etc., as well.

It could be a plugin. Admins who agree to this statement will install the plugin, and a page will appear listed on site.url/friendica or something with this policy.
Then, this would be listed in installed plugins for any sites listed on the public server list, and, of course, users could find this page on the relevant site. Perhaps with the plugin installed, the new registrants could be directed to this page in their registration e-mail, or while signing up, or something.
Really, most site have you click an "I agree to this ToS" while registering. We could, and perhaps even for our own protection, should have a ToS, where the user is obligated to assume all responsibility for stuff they post, but also informed of our privacy policy, etc. "By registering you assume all responsibility for content posted to your account..blah blah...and here's our promise to you re: privacy..."
Personally, part of the reason I don't open registration is because, indeed, our sites could be used to publish illegal and/or harmful materials. Personally, I couldn't care if dudes want to plan an anarchist revolution (sign me up), but post kiddie pr0n on my site, and I see it, and the FBI or whoever will be at your doorstep in a heartbeat, because I'll call them, myself. Now, I don't monitor what users are posting, and clearly, they have all the same privacy control I do, so I can't even see everything they post, just, I would want it clear: The user is responsible for their own shite. What with RIAA and MIAA trying to hold ISPs responsible for policing privacy, arresting Kim Dotcom for stuff users share, etc., etc., I don't want to incur any responsibility for anything users post. Period. Ever.
But I do want to provide an open but secure and private (sounds contraditory, but it isn't) platform for social networking, communications, etc.

Can I throw GPG in here? I've been thinking about this network of equals that this network is forming.

One of the things that occurs to me is that within the growing friendica 'network' there is an implicit level of trust between admins. In concrete terms this means that AdminA trusts that other Admins of connected instances aren't going to do something deliberately or mailciously on their instance to mess things up for others.

I'd quite like to see something along these lines as a positive statement of our commitment to each other. A useful byproduct of this could be a strong encouragement to participate in the GPG web of trust especially with relation to other admins.

Mike is now friends with Sean McGregor

There is a lot of new functionality which can fall quickly into place after the arrival of this component.

I'm going to leave it with that teaser.

Some may have missed this from another conversation, but I'm using a bit of zot technology to help with the "getting back home from somebody else's profile" problem. Many links to Friendica people that you're not connected to will now carry a "phone home" address with them. If you click the "Home" link on their site it will bring you back to yours.

Caveat: This will only work currently for sites running the latest code. It won't work at all for Diaspora and Facebook, etc.

We already had this feature for authenticated visitors, but this extends it to a lot of unauthenticated profile links. There will be a few missing, but we'll mop up in due time as folks update.

Just release under Creative Commons - Thanks ABC. (That's Australian Broadcast Corporation.) The person talking is Arthur C. Clarke. The date is 1974.

I won't pull then… looks like we'll something in the not-so-far future? hehe.

You're welcome.

Didn't see that link - thanks! Got it.

Hi @Mike, If you just want to download a tar ball of the last revision... This worked for me.

http://bazaar.launchpad.net/~movim/movim/trunk/tarball/157?start_revid=157

When I get home I'll fetch a copy... will reply back here with the link.

^_^

Don't you ever let a chance go by...

Bob Hudson - New Castle Song (1975) by nzoz1975 on YouTube

If one of you has bzr installed and aren't behind a restrictive firewall could I ask for a copy of the most recent movim source (movim.eu) in a tgz file that I can download?

Ahh, I misunderstood you, I thought you meant, it was added (exclamation mark besides the padlock - I thought it's clickable or something) but it won't function as "a group" rather as a filter/auto-select.

I confused myself, having included fb contacts in groups, and the posting to those groups, not expecting my post to go to fb, and then finding that it went there.
I need to organize my contacts better, but it's one of those things you put off, like organizing your sock drawer, or something.

The only way I can use the filter is if:

I go to network tab

Click a particular network

post

Correct.

As I mentioned:

However it isn't a group that you can select within the permissions dialogue because it isn't really a group - it just acts like one

If you want network choices inside the ACL selector you can either file a feature request and wait, or roll up your sleeves and have a go at it.