New EU data laws started today and complaints have already been made against Google and Facebook.

[Christophe Corazza]

5 minutes ago, GDRRiley said:

mods can get you location or IP which will then allow them to know where you are logged in from

 

I highly doubt that the mods are that evil

[Cole5]

Is that why everyone has been emailing my span filter? Jeesh suck it up and do ads like a respectable site, Like pornhub!

[LAwLz]

This day has been amazing.

• Google, Facebook and other companies getting some well deserved shit (hopefully Microsoft is next too).
• Ghostery apparently sending out their email blast with regular recipients rather than hidden ones (so everyone that got a mail, also saw the email address of 499 other users).
• Yeelight, some smart light bulb company/app apparently won't work anymore because they relied so heavily on harvesting user data.
• GreenManGaming "accidentally" put the subject of their email blast as "Order Confirmed".
• Here is Oath (TechCrunch and Engadget) fucking up extremely badly by sharing private data with well over 100 different third parties, all of which were enabled by default and requires the user to go into multiple submenus to find and disable.
• Razer apparently has to disable a bunch of their older software because it is not compliant with GDPR. Cool to know that your mouse/keyboard driver has been collecting a bunch of personal information about you.

[Fetzie]

5 hours ago, Mihle said:

They only really need the number of visitors to get add money right?

I would assume that they want to be able to sell data about which articles you read, how long you spent reading them, where you're from etc. to third parties, and would now need explicit permission from the user to do so instead of doing it silently in the background.

[Christophe Corazza]

9 minutes ago, LAwLz said:

This day has been amazing.

• Google, Facebook and other companies getting some well deserved shit (hopefully Microsoft is next too).
• Ghostery apparently sending out their email blast with regular recipients rather than hidden ones (so everyone that got a mail, also saw the email address of 499 other users).
• Yeelight, some smart light bulb company/app apparently won't work anymore because they relied so heavily on harvesting user data.
• GreenManGaming "accidentally" put the subject of their email blast as "Order Confirmed".
• Here is Oath (TechCrunch and Engadget) fucking up extremely badly by sharing private data with well over 100 different third parties, all of which were enabled by default and requires the user to go into multiple submenus to find and disable.
• Razer apparently has to disable a bunch of their older software because it is not compliant with GDPR. Cool to know that your mouse/keyboard driver has been collecting a bunch of personal information about you.

 

Now you’re really noticing how intens some companies were/are at gathering your personal information.

[ramencupofjoy]

hewwo thewe!! OwO
we've updated ouwr pwaivacy powwocy UwU
pwease don't weave us!!

[Dabombinable]

8 hours ago, NMS said:

The fact that you have to agree to receive spam emails to use something is fucked up.

It's funny when messages from legit companies get flagged as spam by gmail due to the content of the message.

[Linus_torvalds]

Why they do not make complaints to microsoft? Windows 10 is privacy nightmare! I do not give a fuck anyway I do not use google and MS and apple anyway

[asus killer]

the thing that got me the most was an email from a company, that i send my CV more than 10/15 years ago and never ever had any interaction with them, asking me by email to accept them keeping my data.

I'm sure we had some laws prior to this new EU law that you could only keep data for a certain period, this is too long to have that amount of personal data on someone, i would never agree to this. A CV is something really personal, they have more information on me than any website.

 

I'm totally for this new law. There was a lot of abuse.

[blu4]

59 minutes ago, mate_mate91 said:

Why they do not make complaints to microsoft? Windows 10 is privacy nightmare! I do not give a fuck anyway I do not use google and MS and apple anyway

I belive that as of 1703 (correct me if I'm wrong) Microsoft changed how your data is collected when setting up a device. Not sure how much control that gives you but GDPR will force MS to tell you exactly what's getting collected. I am curious.

[Linus_torvalds]

2 hours ago, blu4 said:

I belive that as of 1703 (correct me if I'm wrong) Microsoft changed how your data is collected when setting up a device. Not sure how much control that gives you but GDPR will force MS to tell you exactly what's getting collected. I am curious.

I have read somewhere rumor about microsoft releasing special edition windows 10 for EU users. Hope that's what will happen. I wanna see windows 10 free from spyware, keylogger and other staff. It probebly will work much better on HDDs. Current version kills HDDs after boot. Load goes 100% after boot and stays there for 5-10 minutes. Until you have ssd it's not usable after boot for ~10 minutes.

[Sniperfox47]

On 2018-05-25 at 11:06 PM, huilun02 said:

Even LTT showed me the "share info or gtfo" digital gate as I logged in today

Did you read it? What actually upset you about it? The summary was "we collect the bare minimum info we need for our service to function."

 

For you to use a public forum you kind of need some basic identifier for the public forum... And GDPR allows companies to require the information that their service literally required to function such as requiring an email or account token as an account identifier, and an IP address as a session tracker which is what LTT is collecting. For the web to function you kind of need to provide your public IP address to the web service >.>

 

I strongly agree that many companies take it too far, but some people lately are freaking out about companies that collect information to do the actual job you're asking them to do...

 

On 2018-05-25 at 6:42 AM, Qwickshot said:

~snip~

What was the complaint about the Android OS? Android itself doesn't collect any user information outside of the setup process and doesn't innately have any kind of telemetry or anything so I'm curious what the complaint is. It even requires apps to manually request permission for any potentially identifying user data such as IMEI, contacts, files, etc...

 

Or is the complaint about Google Play Services and not Android itself? I thought recent versions of that had also been updated to be GDPR compliant?

 

[SlowMixit]

20 hours ago, Sniperfox47 said:

Did you read it? What actually upset you about it? The summary was "we collect the bare minimum info we need for our service to function."

 

 

LTT is not GDPR compliant because user must have ablity to disable ANY tracking.

IP address is now personally identifiable information and if user so chooses user must have ability to disable IP tracking because it is personally identifiable information.

Login tracking can be made by other means like cookies.

[MattMatt]

I think this is very interesting because so many sites, including LTT have simply addressed the problem by having you accept a bunch of conditions or you can't use the service.  The original article suggests that this is not allowed so i wonder what LTT will do, unless it only applies if data is being sold on...?

 

Makes sense to me that it shouldn't be allowed, otherwise what's the point in the new law in the first place. The point of it is to give users more control, telling them that they must consent to a long list of terms and conditions or jog on isn't right.

[SlowMixit]

On 26.5.2018 at 2:36 AM, GDRRiley said:

mods can get you location or IP which will then allow them to know where you are logged in from, i'm almost certain you logged into it a work at least once. 

Unless mods are employees of LTT they by GDPR should not have access to any data regarding user except their public content (username, posts) that everyone can see.

 

Just now, MattMatt said:

I think this is very interesting because so many sites, including LTT have simply addressed the problem by having you accept a bunch of conditions or you can't use the service.  The original article suggests that this is not allowed so i wonder what LTT will do, unless it only applies if data is being sold on...?

 

Makes sense to me that it shouldn't be allowed, otherwise what's the point in the new law in the first place. The point of it is to give users more control, telling them that they must consent to a long list of terms and conditions or jog on isn't right.

 

GDPR makes it clear that is not allowed, that alone makes LTT not GDPR compliant.

[Sniperfox47]

10 minutes ago, SlowMixit said:

 

LTT is not GDPR compliant because user must have ablity to disable ANY tracking.

IP address is now personally identifiable information and if user so chooses user must have ability to disable IP tracking because it is personally identifiable information.

Login tracking can be made by other means like cookies.

...HTTP traffic can't function without knowing the IP of the recipient... It's literally how TCP and the IP protocol work... If you don't know an address how can you send a message to that address? Your HTTP server is going to track the IP of your users because that's literally the only way to reply to their messages...

 

I really don't get how people can be so oblivious to how tech works. The internet isn't some magic box that can work without knowing anything about the world.

 

And what do you mean? Cookies are how it remembers your login session. You still need some kind of account identifier of some kind...

[SlowMixit]

They can handle the information, they cannot store without consent.

[Sniperfox47]

10 minutes ago, MattMatt said:

I think this is very interesting because so many sites, including LTT have simply addressed the problem by having you accept a bunch of conditions or you can't use the service.  The original article suggests that this is not allowed so i wonder what LTT will do, unless it only applies if data is being sold on...?

 

Makes sense to me that it shouldn't be allowed, otherwise what's the point in the new law in the first place. The point of it is to give users more control, telling them that they must consent to a long list of terms and conditions or jog on isn't right.

The law allows them to require you to consent to things neccessary for the functioning of the service you're entering the service for. An example of this is collecting the IP address to facilitate data transfers on the internet, or requiring a login identifier such as email. It doesn't allow them to give that information to a third party without consent, or collect data identifiers without your consent.

 

As a more tangible example: A phone app that turns on the flashlight could require you to provide it the camera permission in order to function. That's a necessary part of it's function. But it can't collect data from your camera and send it to third parties without your express consent, and it can't require you to provide that consent to function.

[SlowMixit]

4 minutes ago, Sniperfox47 said:

...HTTP traffic can't function without knowing the IP of the recipient... It's literally how TCP and the IP protocol work... If you don't know an address how can you send a message to that address? Your HTTP server is going to track the IP of your users because that's literally the only way to reply to their messages...

 

I really don't get how people can be so oblivious to how tech works. The internet isn't some magic box that can work without knowing anything about the world.

 

And what do you mean? Cookies are how it remembers your login session. You still need some kind of account identifier of some kind...

They can handle the information, they cannot store without consent.

Cookies : Store session id, login time, no IP and or no other personally identifiable information needed. Its simple enough.

[Sniperfox47]

1 minute ago, SlowMixit said:

They can handle the information, they cannot store without consent.

Cookies : Store session id, login time, no IP and or no other personally identifiable information needed. Its simple enough.

A) Handling data *is* storing data

B) That's not at all what the GDPR is about and people seem to be totally missing the point of this and applying it to all kinds of situations where it doesn't apply. Have you read the legislation or any of the fact sheets? I've had to ensure that our software met GDPR requirements and so far everything I've read, from the legislation itself to all the white papers on it, has lead me to believe that everyone else is going massively overboard and all our services were already compliant.

C) Your suggestion of never storing IPs is absolutely asinine. Internet servers literally cannot function without having a backlog of the IP addresses and access rates of those IP addresses. Between DDOS mitigation, request interrupts, multicast, and many other things Apache or whatever other server you're using is going to store a list because without that list it literally can't do it's job.

 

Also I just want to point out that your IP address isn't personally identifiable anyways... It's not in any way sensitive personal information so you don't need explicit consent to collect it, just unambiguous consent. And that's even if it can be considered personal information in the first place, since one IP address typically applies to large swaths of people (i.e. NAT).

[LAwLz]

17 minutes ago, Sniperfox47 said:

Also I just want to point out that your IP address isn't personally identifiable anyways... It's not in any way sensitive personal information so you don't need explicit consent to collect it, just unambiguous consent. And that's even if it can be considered personal information in the first place, since one IP address typically applies to large swaths of people (i.e. NAT).

IP addresses are defined as personal data.

If this forum allows moderators to view the IP address of users then this forum is sharing personal data with third parties and the forum must either argue that the service can not function without it, or give EU users a choice to have their IP hidden.

 

The definition of personal data is quite simple.

ANYTHING which has a legal mean of tracking you down, either directly or indirectly, is classified as personal data.

[asus killer]

3 minutes ago, LAwLz said:

IP addresses are defined as personal data.

If this forum allows moderators to view the IP address of users then this forum is sharing personal data with third parties and the forum must either argue that the service can not function without it, or give EU users a choice to have their IP hidden.

 

The definition of personal data is quite simple.

ANYTHING which has a legal mean of tracking you down, either directly or indirectly, is classified as personal data.

i was writing the same thing when i got the notification from your reply. IP adresses are personal data. The GDPR states that IP addresses should be considered personal data as it enters the scope of ‘online identifiers’ so they have to follow the GDPR rules as any other personal data.

[LAwLz]

1 minute ago, asus killer said:

i was writing the same thing when i got the notification from your reply. IP adresses are personal data. The GDPR states that IP addresses should be considered personal data as it enters the scope of ‘online identifiers’ so they have to follow the GDPR rules as any other personal data.

It was actually classified as personal data under the EU data protection law (which was the old directive, before GDPR). IP addresses has been classified as personal data since 1995, so it's nothing new.

Quote

(a) 'personal data' shall mean any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;

 

Here is a court case where someone sued a website for recording his IP address without consent, and he won.

Here is the verdict:

Quote

1. Article 2(a) of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data must be interpreted as meaning that a dynamic IP address registered by an online media services provider when a person accesses a website that the provider makes accessible to the public constitutes personal data within the meaning of that provision, in relation to that provider, where the latter has the legal means which enable it to identify the data subject with additional data which the internet service provider has about that person.

 

2. Article 7(f) of Directive 95/46 must be interpreted as precluding the legislation of a Member State, pursuant to which an online media services provider may collect and use personal data relating to a user of those services, without his consent, only in so far as that the collection and use of that data are necessary to facilitate and charge for the specific use of those services by that user, even though the objective aiming to ensure the general operability of those services may justify the use of those data after a consultation period of those websites.

 

 

@Sniperfox47

What's important to note is that there is a very big difference between using an IP address to track a connection state for things like network routing purpose, and sharing the IP address with third parties willy-nilly.

The former is necessary for the website to work (and is therefore OK by GDPR), while the latter is not.

[Sniperfox47]

Just now, LAwLz said:

 

@Sniperfox47

What's important to note is that there is a very big difference between using an IP address to track a connection state for things like network routing purpose, and sharing the IP address with third parties willy-nilly.

The former is necessary for the website to work (and is therefore OK by GDPR), while the latter is not.

I don't disagree with you in the slightest and am sorry if I gave the impression otherwise. The content you quoted was my rebutal of an individual who was trying to argue that collecting an IP address was not acceptable under GDPR under any circumstances.

 

I was merely trying to get across the point that there's a difference between sensitive and non-sensitive Personal Data and how they're handled under the GDPR. My wording probably could have been better though.

[asus killer]

If you just have a list of IP adresses it may seem harmless, but if a company like PornHub accidentally shares a list of IP addresses that see midget porn. Someone else may use it to link with other data they have and know exactly who the midget porn lovers are. 

Forgetting about GDPR for a moment, i would always argue that IP addresses are identifiable. You may use it for the most harmless of uses, you still could never leak it.

Back to GDPR i don't know this specifically and not going to google it now, but if you leak a list of IP's you should have to notify, it should be in the GDPR.