Apply neutral language framing across documentation and code comments#767
Draft
jwrosewell wants to merge 2 commits into
Draft
Apply neutral language framing across documentation and code comments#767jwrosewell wants to merge 2 commits into
jwrosewell wants to merge 2 commits into
Conversation
The documentation and code comments carried framing that presented privacy as a property of the technology itself. Examples include "privacy-preserving" identifiers, "built-in GDPR compliance", "privacy-first" design choices, and text that treated one consent framework as the assumed default. Wording of that kind overstates what software can promise, understates the role of the deployer, and asks the reader to accept a policy position in order to accept a technical description. This change rewrites that material around four propositions: 1. Privacy is a spectrum, not a binary. Jurisdictions, publishers, and use cases sit at different points on it. 2. Technology should be neutral. The software provides mechanisms and does not enact a policy on the deployer's behalf. 3. Deployers decide based on their laws and their policy. They bring their own legal counsel, jurisdictions, and business model. The software's job is to let them implement that posture cleanly. 4. Trust comes from flexibility that is respected, not from constraint. What changed: - Documentation: loaded terms are replaced with factual descriptions of behavior. Compliance capability claims become descriptions of the consent signals read (TCF v2 format, GPP, US Privacy, GPC) and the configuration the publisher controls. TCF is described as one framework among others, and "TCF v2 format" is used when the encoded string schema is meant. - Code comments and string literals receive the same treatment, covering the ec module, integration modules, auction types, settings, and TOML comments. Client TLS and H2 values are named for what they are (probabilistic identifier, JA4 string, H2 SETTINGS string). Third-party SDK function names are unchanged. - Statements that no longer matched the code are corrected. The architecture page claimed user data is never persisted while EC identity state is persisted in KV stores. The edge cookie page described x-ts-ec as an inbound transport when it is a response header. The placeholder secret causes a settings load failure rather than a logged warning. Consent gating is built in per jurisdiction, and configuration tunes jurisdiction lists, GPC interpretation, and conflict resolution. - An audit worksheet and a followups plan under docs/superpowers/plans record the findings, the rewrites, and the items deferred to a code cycle (behavior questions and symbol renames that are out of scope for a wording change). No runtime behavior changes. Code edits are limited to comments, doc comments, and test assertion message strings.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Background
Privacy is a spectrum, not a binary. Trusted Server is technology, and it is neutral on policy. Different deployers operate under different laws and run different policies, and it is the deployer who decides how to configure the stack accordingly. Trusted Server's role is to give deployers the flexibility to make those choices and to respect those choices when made, rather than to limit them in the deployer's name. This change updates documentation and code comments to reflect that framing.
Wording such as "privacy-preserving" identifiers, "built-in GDPR compliance", and "privacy-first" design presents privacy as a property of the technology itself. That overstates what software can promise, understates the role of the deployer, and asks the reader to accept a policy position in order to accept a technical description.
What changed
x-ts-ecas an inbound transport when it is a response header. The placeholder secret causes a settings load failure rather than a logged warning. Consent gating is built in per jurisdiction, with configuration tuning jurisdiction lists, GPC interpretation, and conflict resolution.Scope
No runtime behavior changes. Code edits are limited to comments, doc comments, and test assertion message strings.
An audit worksheet and a followups plan under
docs/superpowers/plans/record the findings, the rewrites, and the items intentionally deferred to a separate code cycle (behavior questions and symbol renames that are out of scope for a wording change).