[hnbad]

Doxxing refers to private individuals not companies and organizations.

In Germany for example every commercial website (which is defined very broadly and applies to most websites) is by law required to have an imprint listing the person/org responsible for the website and how to contact them (an e-mail address is not good enoguh). This means you can go to any German business website and get the full address, EU VAT ID and registration number of that company.

Under the GDPR more broadly (which also affects foreign companies offering services to EU residents) every company is required by law to have a privacy policy and that policy must include whom to contact for concerns and requests regarding personal data of the user/visitor and who (which legal entity) processes and stores the data.

This is the opposite of doxxing. It protects private individuals by making transparent to them who they are interfacing with and who holds their data. This is necessary for informed consent.

Sidenote: the website/app's cookie notice is pointless as it's using the same "redirect to google.com if user says no" logic porn sites used to do (do they still do this?) for age checks. The app also works without accepting the terms, so either it can work without accepting them or (more likely) it doesn't actually wait for the user's consent. Either way it doesn't do anything and doesn't comply with any privacy laws I'm aware of that would require it.

[dontupvoteme]

Call it sitedoxxing then or urldoxxing.

It's the same attack, to deanonymize, to hunt people down from the internet because you don't like what they say or do.

Germany is the only country in the world with that Impresseum policy because of it's highly leagalistic Prussian background, and you would find that many in the hacking community (e.g. CCC) take huge issue with it

[hnbad]

The hacking community takes issue with it because it is overly broad and applies to sites any reasonable person would consider personal and non-commercial. The infamous precedent were early 2000s era personal homepages with banner ads on them to pay for the hosting. The presence of ads made them commercial and thus subject to the Impressumspflicht.

The CCC has a strong anarchist tendency unlike the US tech bubble which has a more libertarian (i.e. free enterprise) streak. They absolutely do not want companies to hide from accountability, which completely abolishing the Impressumspflicht would do.

Also note how I said the GDPR also requires transparency with regard to who processes and stores your data. This doesn't translate to the same requirements that exist for an Impressum but for companies and registered organizations it's enough to make them identifiable and recognizable, especially in combination with the Transparency Register, which is also part of EU law.

[dontupvoteme]

Fair enough, I'm just very aware of the doxx culture we live in and the insanity of the modern internet.

You're right legally, but obviously the GDPR is not fully followed -- Big Corpos just ignore it and pay the fine, and small companies can skirt it.

I don't understand your overall point about "data" though. Do you mean for free usage when people accept cookies from their logging, or just for customers of the API since you make an account?

In any case it looks like the FAQ now links to the parent company, but I could have imagined it just being a guy who didn't want to get doxxed or wanted to stay private.

I think being able to make a website or tool or thing and say "hey check this out" and stay anonymous is a key part of the internet, and frankly I don't mind if they make a small amount of money on the side. I know this is probably Ketzerei in Germany but in Anglo countries it's sometimes notoriously hard to track down corporate structure to people and such.

Germany is definitely incredibly pro copyright though so that probably plays a role.

[hnbad]

> I don't understand your overall point about "data" though.

Data about you is your data. The GDPR defines it as such. As long as data can be traced back to you, even through pseudonymization, it remains your data. This includes anything from IP logs to what you did in the app. If it's tracked, that generates data, the data is tied to you, so it's your data. Given that the app invites you to upload pictures, which themselves could be other people's data, it's very relevant to know who is storing, transferring and processing it and for what purposes.

> Germany is definitely incredibly pro copyright though so that probably plays a role.

Sure, to some degree. I'd also like to believe that we have a heightened cultural awareness of the dangers of governments and corporations having access to personal information when things go south. The biggest civil control mechanism of the East German government was what at the time would have been considered an excessive amount of data collection about anyone even remotely suspicious of being critical of the state (and anyone affiliated with them). And prior to that the NSDAP used intricate record keeping to identify "Jews" and suspected enemies of the state. It doesn't matter if it's a corporation that has the data or the government because fascism doesn't make this distinction. So the only way to protect data is to have full transparency over who has it and why.