I recently got this mail, asking about #GDPR practices for #qutebrowser, a donation-funded #opensource project with the organisational side run by me alone. I was on the brink of asking a (expensive?) lawyer for advice, given the mildly threatening wording at the end. [1/4] 
Can you guess what it is? It seemed weird, my bet was on either someone looking for someone to sue, or on very aggressive marketing for some GDPR solution. Gladly I found a post mentioning a very similar email on Reddit, so I ignored it. But what is it, after all? [2/4]
Before I answer that question: Don't get me wrong, I think the #GDPR is great! But for a donation-funded and very small project, from someone not living in the EU, which wants to take privacy very seriously, this is stressful! [3/4]
Well, let me solve this riddle: It was a study run by @Princeton: privacystudy.cs.princeton.edu. Apparently nobody thought this would be a problem‽ Their review board "determined that our study does not constitute human subjects research". Whoa. What's the job of a review board? [4/4]
• • •
Missing some Tweet in this thread? You can try to
force a refresh
