Sakurai/poke
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update privacy policy

Browse Source
This commit is contained in:
ashley 2025-09-16 23:41:49 +02:00
parent e917a7c59e
commit 0a99e81171
1 changed files with 147 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

187
html/priv.ejs
View File

@ -4,9 +4,8 @@
Copyright (C) 2021-2025 Poke (https://codeberg.org/ashley/poke)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
it under the terms of the GNU General Public License, version 3 of the License,
or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
@ -55,12 +54,13 @@
font-size: 0.95em;
}
@font-face {
src: url("https://p.poketube.fun/https://cdn.glitch.global/43b6691a-c8db-41d4-921c-8cf6aa0d9108/robotoflex.ttf?v=16683434286881");
font-family: "PokeTube Flex";
font-style: normal;
font-stretch: 1% 800%;
font-display: swap;
}
src: url("https://p.poketube.fun/https://cdn.glitch.global/43b6691a-c8db-41d4-921c-8cf6aa0d9108/robotoflex.ttf?v=16683434286881");
font-family: "PokeTube Flex";
font-style: normal;
font-stretch: 1% 800%;
font-display: swap;
}
/* ===== Document Layout ===== */
.shell {
max-width: 1200px;
@ -76,7 +76,6 @@
border-bottom: 1px solid #222;
width: 100%;
}
/* Make header content truly full-width on mobile while keeping desktop centered */
.site-row {
display: flex; align-items: center; justify-content: space-between;
gap: 16px;
@ -159,8 +158,8 @@
html { font-size: 17px; }
.brand img { width: 7.2em; transform: none; }
.doc { grid-template-columns: 1fr; }
nav.toc { display: none; } /* hide sidebar TOC on mobile */
.mobile-toc { display: block; } /* show mobile TOC instead */
nav.toc { display: none; }
.mobile-toc { display: block; }
article.paper { padding: 20px; }
.doc-title { font-size: 1.6rem; }
.grid-2 { grid-template-columns: 1fr; }
@ -236,7 +235,6 @@
}
.search-row button:hover { background: #161616; border-color: #2a2a2a; }
.search-hint { margin-top: 6px; color: #a9a9a9; font-size: .925rem; }
/* prevent overlapping on iOS safe areas */
@supports (padding: max(0px)) {
.search-fab { right: max(20px, env(safe-area-inset-right)); bottom: max(24px, env(safe-area-inset-bottom)); }
.search-panel { right: max(20px, env(safe-area-inset-right)); bottom: max(72px, calc(env(safe-area-inset-bottom) + 48px)); }
@ -257,6 +255,68 @@
a { color: #0645ad; }
}
/* ===== Update Box (What's New) ===== */
.update-box {
position: relative;
margin: 14px 0 22px 0;
padding: 14px 14px 14px 48px;
border-radius: 14px;
background:
radial-gradient(900px 400px at 10% 0%, #0b1220 0%, rgba(11,18,32,0) 70%),
linear-gradient(180deg, #0b1117, #0a0f14);
border: 1px solid #152234;
box-shadow:
0 0 0 1px rgba(125, 211, 252, 0.06) inset,
0 14px 40px rgba(0,0,0,.35);
}
.update-box::before {
content: "★";
position: absolute;
left: 14px; top: 12px;
font-size: 1.1rem;
color: #7dd3fc;
filter: drop-shadow(0 0 6px rgba(125,211,252,.25));
}
.update-box h3 {
margin: 0 0 8px 0;
font-size: 1.05rem;
color: #e9f7ff;
letter-spacing: .2px;
}
.update-box .when {
display: inline-block;
margin-left: 8px;
padding: 2px 8px;
border-radius: 999px;
font-size: .85rem;
color: #cfe8ff;
background: #0c1b27;
border: 1px solid #193347;
}
.update-box ul {
margin: 8px 0 0 20px;
}
.update-actions {
margin-top: 10px;
display: flex; gap: 8px; flex-wrap: wrap;
}
.update-actions a,
.update-actions button {
appearance: none;
border: 1px solid #234a61;
background: #0d1d28;
color: #cfe8ff;
padding: 6px 10px;
border-radius: 10px;
cursor: pointer;
font-size: .92rem;
}
.update-actions a:hover,
.update-actions button:hover {
background: #0f2432;
border-color: #2d5d7a;
}
.update-box[hidden] { display: none !important; }
</style>
</head>
<body>
@ -346,10 +406,33 @@
</p>
<div class="meta-row" aria-label="Document metadata">
<span class="meta">Instance: <span class="mono">poketube.fun</span></span>
<span class="meta">Version date: <time datetime="2025-09-11">September 11, 2025</time></span>
<span class="meta">Version date: <time datetime="2025-09-17">September 17, 2025</time></span>
</div>
</header>
<!-- What's New / Privacy Update -->
<section id="whats-new" class="update-box" aria-labelledby="whats-new-heading" role="region">
<h3 id="whats-new-heading">
Whats New — Policy Update
<span class="when">September 17, 2025</span>
</h3>
<p style="margin-top:6px">
We clarified how third-party requests work Highlights: !
</p>
<ul>
<li><strong>Translate page:</strong> Requests are <em>proxied via our backend</em>; your browser does not contact SimplyTranslate.org or Google directly. We pass only <code>from</code>, <code>to</code>, and <code>text</code> to the upstream. See code references in the section.</li>
<li><strong>Weather pages:</strong> <em>Open-Meteo</em> forecasts are always proxied by our backend. <em>Nominatim</em> geocoding is direct when JavaScript is enabled, and proxied during server-side rendering (no-JS). Source links are provided for both flows.</li>
<li><strong>Third-party policy text:</strong> Clearer wording that their privacy terms apply only to those specific requests (direct or proxied). Poke still adds <em>no trackers</em>.</li>
</ul>
<div class="update-actions" aria-label="Update actions">
<a href="#weather" aria-label="Jump to Weather section">Review weather changes</a>
<a href="#translate" aria-label="Jump to Translate section">Review translate changes</a>
<button type="button" id="dismissUpdate" aria-label="Dismiss this update notice">
Dismiss
</button>
</div>
</section>
<!-- Overview / Preamble -->
<section id="overview" aria-labelledby="preamble-heading">
<h2 id="preamble-heading" class="section">Preamble</h2>
@ -461,17 +544,30 @@
<li>
<strong>Geocoding / place lookup:</strong>
<a href="https://nominatim.openstreetmap.org/" rel="noopener" target="_blank">nominatim.openstreetmap.org</a>
(OpenStreetMap Nominatim).
Privacy: <a href="https://osmfoundation.org/wiki/Privacy_Policy" rel="noopener" target="_blank">OSMF Privacy Policy</a>.
(OpenStreetMap Nominatim).
Privacy: <a href="https://osmfoundation.org/wiki/Privacy_Policy" rel="noopener" target="_blank">OSMF Privacy Policy</a>.
<br>
How it works:
<ul>
<li>If JavaScript is <strong>enabled</strong>: your browser talks directly to Nominatim (no proxy involved). ( <a href="https://codeberg.org/ashley/poke/src/branch/main/html/weather.ejs#L581"> see source </a> )</li>
<li>If JavaScript is <strong>disabled</strong> (server-side rendering): the request is proxied through Pokes backend
(<a href="https://codeberg.org/ashley/poke/src/branch/main/src/libpoketube/init/pages-static.js#L71" target="_blank" rel="noopener">pages-static.js</a>).</li>
</ul>
</li>
<li>
<strong>Forecast data:</strong>
<a href="https://open-meteo.com/" rel="noopener" target="_blank">open-meteo.com</a>.
Privacy: <a href="https://open-meteo.com/en/terms#privacy" rel="noopener" target="_blank">Open-Meteo Terms &amp; Privacy</a>.
<a href="https://open-meteo.com/" rel="noopener" target="_blank">open-meteo.com</a>.
Privacy: <a href="https://open-meteo.com/en/terms#privacy" rel="noopener" target="_blank">Open-Meteo Terms &amp; Privacy</a>.
<br>
Forecast queries are always <strong>proxied through Pokes backend</strong>, so your browser never connects to Open-Meteo directly.
Only the necessary query parameters (latitude, longitude, units, etc.) are forwarded by the server.
see the source for this
<a href="https://codeberg.org/ashley/poke/src/branch/main/src/libpoketube/init/pages-api.js#L108" target="_blank" rel="noopener">here.</a>.
</li>
</ul>
<p class="callout">
Poke does not add trackers to these requests. However, when these services are contacted, their respective privacy policies apply to those specific requests.
Poke does not add trackers to these requests. However, when third-party services are contacted (directly or via proxy),
their respective privacy policies apply to those specific requests.
</p>
</section>
@ -479,27 +575,22 @@
<section id="translate" aria-labelledby="translate-heading">
<h2 id="translate-heading" class="section">Translate Page (SimplyTranslate)</h2>
<p>
Our translate page does <strong>not</strong> send data to Google. We use the community-run
<a href="https://simplytranslate.org/" rel="noopener" target="_blank">SimplyTranslate</a> service (a privacy-friendly translation front-end).
SimplyTranslate is a <strong>free software</strong> project: source code at
<a href="https://codeberg.org/ManeraKai/simplytranslate" rel="noopener" target="_blank">codeberg.org/ManeraKai/simplytranslate</a> and its
<a href="https://codeberg.org/ManeraKai/simplytranslate/raw/branch/main/legal_notice.txt" rel="noopener" target="_blank">legal notice</a>.
Our translate page does <strong>not</strong> send your data directly to Google or SimplyTranslate.org from your browser.
Instead, all requests are proxied through our own backend servers.
When you use the page, only the necessary parameters are passed securely on the server side:
<code>from</code> (source language), <code>to</code> (target language), and <code>text</code> (the content you entered).
Your browser never connects to SimplyTranslate.org directly.
</p>
<p>
We dont know whether the text you translate contains personal information or not—thats up to you. Please avoid submitting sensitive personal data to any translation service.
</p>
</section>
<!-- Third parties -->
<section id="third-parties" aria-labelledby="third-heading">
<h2 id="third-heading" class="section">Third-Party Requests &amp; Proxy</h2>
<p>
When Poke needs assets (videos, thumbnails, etc.), we fetch them through our proxy (e.g., <span class="mono">p.poketube.fun</span>).
</p>
<p>
Fonts and other assets are shipped locally where possible. If a third-party endpoint is necessary, we keep it behind the proxy and strip identifying headers.
Components or ideas from the <strong>Invidious</strong> project may also be used:
<a href="https://github.com/iv-org/invidious" rel="noopener" target="_blank">github.com/iv-org/invidious</a>.
We rely on the community-run
<a href="https://simplytranslate.org/" rel="noopener" target="_blank">SimplyTranslate</a> service (a privacy-friendly
translation front-end). SimplyTranslate is a <strong>free software</strong> project: you can see the
<a href="https://codeberg.org/ManeraKai/simplytranslate" rel="noopener" target="_blank">source code</a> and its
<a href="https://codeberg.org/ManeraKai/simplytranslate/raw/branch/main/legal_notice.txt" rel="noopener" target="_blank">legal notice</a>.
Our backend integration is handled in
<a href="https://codeberg.org/ashley/poke/src/branch/main/src/libpoketube/init/pages-static.js#L208" target="_blank" rel="noopener">
Pokes server code
</a>.
</p>
</section>
@ -672,7 +763,7 @@ EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH D
});
closeBtn.addEventListener('click', closePanel);
window.addEventListener('keydown', (e) => {
window.addEventListener('keydown', (e) => {
if (e.key === '/' && !e.metaKey && !e.ctrlKey && !e.altKey) {
e.preventDefault();
if (!panel.classList.contains('active')) openPanel();
@ -682,10 +773,26 @@ EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH D
}
});
form.addEventListener('submit', (e) => {
form.addEventListener('submit', (e) => {
const q = input.value.trim();
if (!q) { e.preventDefault(); return; }
});
// Dismissible privacy update (persists in localStorage)
const updateBox = document.getElementById('whats-new');
const dismissBtn = document.getElementById('dismissUpdate');
const STORAGE_KEY = 'poke_privacy_update_2025_09_17_dismissed';
try {
if (localStorage.getItem(STORAGE_KEY) === '1') {
updateBox && (updateBox.hidden = true);
}
} catch {}
if (dismissBtn && updateBox) {
dismissBtn.addEventListener('click', () => {
updateBox.hidden = true;
try { localStorage.setItem(STORAGE_KEY, '1'); } catch {}
});
}
})();
</script>
</body>