Comment by smcin

1 day ago

You say "forge" and stuff like "collectively built in the open"? Do you consider the repos "public", "private" or what?

You have a very short privacy policy [https://tangled.sh/privacy], but no guarantees of AI-bot-scraping protection. What if anything is your users' expectation of privacy of their repos against third parties, including malicious ones? Really you need to set that out clearly in your privacy policy.

2 comments

smcin

Reply
icy  1 day ago

Not sure I understand your first comment. Repositories are currently public only since we’re built on the AT Protocol, which doesn’t yet have private data (in the works!).

Thanks for the feedback re: the privacy policy. It’s still actively being improved and we take a lot of effort to protect against AI scrapers. I’ll update the policy verbiage to include that.

  • smcin  1 day ago

    You were suggesting GitHub users migrate to your forge, and historically, one of GitHub's big features was private repos. And at least historically, Github private repos claimed to provide protections against unauthorized access/scrapers.

    But AT Protocol can't.

    So currently, you're only suitable for non-commercial users. (Can you name any commercial org using Tangled.sh on source code?)

    Does AT Protocol have any rough milestone (date?) for private data?

    > we take a lot of effort to protect against AI scrapers.

    Sorry that's not stating a guarantee of anything, it's an unquantifiable aspiration. I asked what you guarantee your users. IP access logs? Alerts? Response times? Blocks? IP whitelisting?