Txp cookies, visitor logging, and GDPR stuff in general

Destry · 2018-04-18 11:16:22

Bloke wrote #311182:

This sort of thing would be definitely applicable in the user documentation.

Cool. Throw it in the docs if you want. I’ll give it a look over later. I have a garage to sort first.

Maybe we should just tweak what we have in the pophelp to mention personal identification, continue to mention the GDPR by acronym there as an example, add a bit about consent and leave it at that.

Sounds reasonable. Your call.

Destry · 2018-04-18 11:21:27

I’m still wondering about Txp, cache plugins, and eTags, btw. Can’t believe that’s back on my page 9 (of 13) already. Quite a thread.

Destry · 2018-04-18 12:30:03

Following up with my suggestion to dig deeper about a site’s cred to be able talk about the GDPR…

I had another look at the EU GDPR Compliant site, where we had the insightful breakdown of what constitutes personal data, and they don’t talk about themselves much there. But they are on LI (as well as a whole lot of other recent new consulting business in GDPR), and that’s what they seem to be about — consulting on the GDPR in a UK context. Their Knowledge Base is handy.

For example, one thing that seems confirmed there is that this really is about business sites (all sizes), not personal sites. Still, expressing your understanding of the situation by saying what you don’t do to people is probably going to be good practice for all websites eventually.

Anyway, I’d trust what they are saying more than I’d trust your average blogger. A lawyer would be more trusting but might give you less information for free, and probably not speak in plain language. Comparing information among sources is never a bad idea. Helps you see where something might be amiss. Make sure the actual Regulations are one of the things you’re comparing. ;)

michaelkpate · 2018-04-18 14:04:30

Many media outlets have been quick to leap on the fact that the maximum fine for non-compliance is €20,000,000 or 4% of global annual turnover, whichever is higher. However in the haste to report this, many commentators have forgotten to clarify that this is the maximum fine… In summary, organisations can significantly reduce the likelihood of receiving a maximum fine by establishing a culture that promotes information security best practices and an ethos centred on protecting personal information. – GDPR – Understanding Penalties, Fines and Liabilities

Yesterday, in the US, our Supreme Court struck down a law because they found it unconstitutionally vague. I feel for anyone that is going to be found to have not established “a culture that promotes information security best practices” and “an ethos centered on protecting personal information” to the satisfaction of an EU Employee.

colak · 2018-04-18 14:39:28

As much as I hate the direction the EU is going – the US is still leading the way.

In the final pages of the bill—meant only to appropriate future government spending—lawmakers snuck in a separate piece of legislation that made no mention of funds, salaries, or budget cuts. Instead, this final, tacked-on piece of legislation will erode privacy protections around the globe.

This bill is the CLOUD Act. It was never reviewed or marked up by any committee in either the House or the Senate. It never received a hearing. It was robbed of a stand-alone floor vote because Congressional leadership decided, behind closed doors, to attach this un-vetted, unrelated data bill to the $1.3 trillion government spending bill.

… the CLOUD Act is a far-reaching, privacy-upending piece of legislation that will:

Enable foreign police to collect and wiretap people’s communications from U.S. companies, without obtaining a U.S. warrant.

Allow foreign nations to demand personal data stored in the United States, without prior review by a judge.

Allow the U.S. president to enter “executive agreements” that empower police in foreign nations that have weaker privacy laws than the United States to seize data in the United States while ignoring U.S. privacy laws.

Allow foreign police to collect someone’s data without notifying them about it.

Empower U.S. police to grab any data, regardless if it’s a U.S. person’s or not, no matter where it is stored.

www.eff.org/deeplinks/2018/03/responsibility-deflected-cloud-act-passes

Bloke · 2018-04-18 14:57:16

Yay, privacy invasion Top Trumps (nothing to do with the current US figurehead wotsit).

Pass the popcorn.

Destry · 2018-04-18 15:00:26

Destry wrote #310802:

For what it’s worth. I’m not using any special code or elements to popup display my legal “compliance” notes, whatever kind. It’s all going directly into the footer of the site. In fact, that’s what the site footer of my site is for, “legal” notes.

That’s no longer true. The notes got too long to warrant a persistent footer position. I now have a dedicated page. And the site is no longer a single page. :{

Destry · 2018-04-18 15:19:42

colak wrote #311188:

www.eff.org/deeplinks/2018/03/responsibility-deflected-cloud-act-passes

That was the very link I was looking for when I made this comment earlier on. That was how I learned about the status of it.

It’s a vile law, and far worse than anything the GDPR is meant to be. Turnip administration. What do you expect.

If GDPR can put big tech in check and slam ad-brokers at the same time (and I think it will to some degree), then it’s not entirely bad in my book. But I said that before. Ignore me. Irrelevant and unproductive rehashing.

michaelkpate · 2018-04-18 15:38:27

Destry wrote #311191:

If GDPR can put big tech in check and slam ad-brokers at the same time (and I think it will to some degree I’m anxiously waiting to see), then it’s not entirely bad in my book. But I said that before. Ignore me. Irrelevant and unproductive rehashing.

Here is what I find frustrating about this whole thing.

Russia’s internet watchdog has blocked an estimated 16m IP addresses in a massive operation against the banned Telegram messaging app that could set a new precedent for Russian online censorship. – Russia blocks millions of IP addresses in battle against Telegram app

About 40 million Iranians – almost half of the country’s population – are estimated to be on Telegram, which has also appealed to older generations previously unfamiliar with the use of such social media platforms. In addition to one-to-one or group messaging, it allows users to broadcast posts to large audiences with its channel function. Khamenei’s office announced on Wednesday that it was shutting down the ayatollah’s Telegram channel in order to safeguard national interests and end what it said was Telegram’s monopoly on the country’s social media. The announcement also signalled that a nationwide ban on the app was imminent. – Iran prepares to block messaging service Telegram

Russia and Iran are both angry that Telegram won’t decrypt messages for them. Of course, they aren’t alone in feeling this way.

U.S. agencies like the FBI argue that companies should be required to hold the key to unlock encrypted communications when the government has a warrant. The U.S. isn’t alone: a bill in the United Kingdom would legally obligate companies to help the government unlock encrypted information and stop them from using end-to-end encryption used by services like iMessage and WhatsApp where only the people sending and receiving messages can read them. – Encrypted messages: Does the government need a way in?

Basically what the Governments are saying is “We don’t want Evil Corporations to exploit your privacy. So you need to give us the power to crush them while learning all your secrets so we can protect you.”

And to make my frustration clear: It makes it much harder for Democratic-Elected Governments to tell Other Governments to do better when they are doing the exact same things.

colak · 2018-04-18 18:10:09

michaelkpate wrote #311193:

Here is what I find frustrating about this whole thing..

Russia and Iran are both angry that Telegram won’t decrypt messages for them. Of course, they aren’t alone in feeling this way.

Basically what the Governments are saying is “We don’t want Evil Corporations to exploit your privacy. So you need to give us the power to crush them while learning all your secrets so we can protect you.”

And to make my frustration clear: It makes it much harder for Democratic-Elected Governments to tell Other Governments to do better when they are doing the exact same things.

I agree with you so the questions to ask here are:

who else is having those keys
if the CLOUD act actually makes it illegal in the States for the company not to give them…

And as a side note:) Snowden’s take on the subject.

michaelkpate · 2018-04-18 21:41:25

colak wrote #311197:

if the CLOUD act actually makes it illegal in the States for the company not to give them…

For anyone who hasn’t follow the story behind the CLOUD Act, first, a brief story from 2010.

Back in those days, Blackberry users had all their e-mail and messaging stored on either their own or Blackberry’s servers. Most countries didn’t care but one in particular did.

BlackBerry maker and Saudi mobile firms are testing three servers to send communications and data through Saudi Arabia before Canada to address Riyadh’s concerns over security, a Saudi official said on Sunday. Pressed by security authorities, the Saudi telecom regulator has given the kingdom’s three mobile carriers until Monday to fulfill unspecified requirements before it proceeds with a threat to shut down the BlackBerry’s Messenger. The ban was meant to be enacted on Friday and would have affected some 700,000 users in the kingdom. If satisfied the three servers would grant it suitable access to BlackBerry data and communications, the regulator would allow all BlackBerry services to continue normally. – BlackBerry in bid to address Saudi security concerns

And then not longer after everyone stopped using BBM so that became a moot point.

Now a quick note on the US: Back in 1986, The Stored Communications Act which updated the Federal WireTap Law of 1968. The theory was that people checking and deleting their e-mail regularly on Compuserve or MCI Mail would be safe but if you let it build up the government could go in read it. That still made a certain amount of logic when everyone started using POP3 but not after we started getting IMAP and larger limits in general. Personally, I never delete e-mail anymore. But the law has never been updated.

In 2013, A Judge in New York ordered Microsoft to turn over all information and stored e-mail in an account. Microsoft came back and said the information was in Ireland and basically told them to go get an Irish Judge to issue a warrant. The Investigators said we don’t need an Irish Warrant, you are an American Company and have to do what we say.

They fought it out in court and Microsoft won the first round.

The case got all the way to the Supreme Court but before the ruling was issued the CLOUD Act became law and Microsoft gave up. The Court dismissed the case on Tuesday.

Under the CLOUD Act, companies must provide information properly requested by law enforcement “regardless of whether such communication, record, or other information is located within or outside of the United States.” – Supreme Court dismisses warrant case against Microsoft after CLOUD Act renders it moot

And there was also the part Destry posted about warrants, which at least used to be Google Policy.

So just like Kingdom of Saudi Arabia in 2010, The United States has made the world… safer?

Destry · 2018-04-19 14:00:38

This is useful for France, from a lawyer firm. It’s an easy way to look at how the national law differs from base EU Reg.

GDPR tracker for France

Textpattern CMS

Textpattern CMS support forum

#121 2018-04-18 11:16:22

Re: Txp cookies, visitor logging, and GDPR stuff in general

Bloke wrote #311182:

#122 2018-04-18 11:21:27

Re: Txp cookies, visitor logging, and GDPR stuff in general

#123 2018-04-18 12:30:03

Re: Txp cookies, visitor logging, and GDPR stuff in general

#124 2018-04-18 14:04:30

Re: Txp cookies, visitor logging, and GDPR stuff in general

#125 2018-04-18 14:39:28

Re: Txp cookies, visitor logging, and GDPR stuff in general

#126 2018-04-18 14:57:16

Re: Txp cookies, visitor logging, and GDPR stuff in general

#127 2018-04-18 15:00:26

Re: Txp cookies, visitor logging, and GDPR stuff in general

Destry wrote #310802:

#128 2018-04-18 15:19:42

Re: Txp cookies, visitor logging, and GDPR stuff in general

colak wrote #311188:

#129 2018-04-18 15:38:27

Re: Txp cookies, visitor logging, and GDPR stuff in general

Destry wrote #311191:

#130 2018-04-18 18:10:09

Re: Txp cookies, visitor logging, and GDPR stuff in general

michaelkpate wrote #311193:

#131 2018-04-18 21:41:25

Re: Txp cookies, visitor logging, and GDPR stuff in general

colak wrote #311197:

#132 2018-04-19 14:00:38

Re: Txp cookies, visitor logging, and GDPR stuff in general

Board footer