Page 1 of 1

Is Webdiplomacy GDPR compliant?

Posted: Thu Apr 04, 2019 7:03 am
by Baskineli
Hi,

Is Webdiplomacy GDPR compliant?

Re: Is Webdiplomacy GDPR compliant?

Posted: Thu Apr 04, 2019 1:13 pm
by jmo1121109
The eu couldn’t have done a worse job of demonstrating how small sites can meet their absurd requirements but technically we’re close to whatever their intent was from the best I can tell, however there’s a very real concern they may fine us 4% of our 0 dollars of revenue.

Re: Is Webdiplomacy GDPR compliant?

Posted: Thu Apr 04, 2019 4:59 pm
by jmo1121109
To clarify a little bit about why I think we're compliant. The EU's law requires that we disclose what we track and what information of yours we have. We're open source and link to our code base on every single page. If you want to know how the code works you're welcome to go look or ask questions.

Most sites throw up a "we use cookies" page with the hilarious part being the EU doesn't require anyone explain what a cookie is and I've yet to meet a non technical person who can explain what they are in a coherent way.

So, we use the standard browser file storage interface to hold your session information in a small file on your browser that is updated each time you log in so that every page on the site knows that you are logged on and aren't a guest or someone else just like every other site in existence. But unlike google and snapchat and facebook which use their cookies with partners on millions of sites to make creepy profiles that track your news and shopping interests we don't do that cause we're not evil. We also will ban your account on demand if you live in the EU. We will not delete all of your data, because the EU provides provisions for data needed for site functionality, and our key premise is providing a great cheat free game experience. Which we can't provide or ensure if we delete all our information on you. And since your username is needed to provide a rankings record for everyone else we can't delete that either, though for years we've offered changing your username if it ties back to you in real life in any way you're concerned with. Once banned you will never be contacted and your information will never be provided to anyone else.

We occasionally give universities anonymized data dumps if they sign NDA's that have been used in publications, but that data can never be tied back to any of your PII.

As far as I can tell that's all that's necessary to meet their standards, but the problem is they decided they weren't going to give guidelines to sites in detail because the entire point of their law was to entrap big companies like Facebook and Google so they could fine them billions of dollars a year. If they had a real interest in individual privacy online then they'd mandate fundamental changes to the infrastructure of the internet, but then they'd stop making billions a year fining companies who can't understand their unclear requirements even with the help of skilled lawyers. So we've given it our best guess and my guess is, yes, we're compliant. But if you have specific concerns about your privacy on the site please email [email protected] and we'll be happy to address your concerns as best we can.

Re: Is Webdiplomacy GDPR compliant?

Posted: Fri Apr 05, 2019 9:04 pm
by thdfrance
Cookies are delicious treats that jmo sends all the silver and above donors, right?

Re: Is Webdiplomacy GDPR compliant?

Posted: Fri Apr 05, 2019 10:14 pm
by dargorygel
thdfrance wrote:
Fri Apr 05, 2019 9:04 pm
Cookies are delicious treats that jmo sends all the silver and above donors, right?
Yes... and he delivered mine to me in person because he has skills.

Re: Is Webdiplomacy GDPR compliant?

Posted: Fri Apr 05, 2019 11:01 pm
by flash2015
I am not sure why the GDPR hate. Whilst not perfect it is a great first attempt at trying to give people control of their data. I don't see why I have to give up my privacy choices just because not everyone understands all the technical details. And the current fines against Facebook/Google are very reasonable. We have to stop this "dark pattern" s***.

Anyway, @jmo, it sounds like you pretty much have a privacy policy right there. Why don't you formalize it?

Re: Is Webdiplomacy GDPR compliant?

Posted: Fri Apr 05, 2019 11:29 pm
by jmo1121109
That's a great question. The reason I don't formalize it is because I know nothing about law, we don't have the money to pay for a lawyer and the EU refuses to give simple easy to understand steps that I can take to make the site compliant. Instead they have partner companies who charge hundreds to thousands of dollars to provide products that make your site compliant. So I don't want to be personally responsible for having written a legal policy. I do this side project for fun, unpaid. I will *not* invest my own money getting someone to do legal legwork just because some old people who don't understand how the internet works decided they were going to pass laws on it.

A big problem with the law is it seems to ignore the fact that the internet was made for information sharing. It is not, was not, and probably never will be intended as a place to safely store and communicate private information. The most important rule of cyber security is anything can be hacked by someone with enough time and resources. The goal of most to all cyber security steps is to mitigate the data loss if a hack happens and to make your online platform more secure then everyone else. For a simple comparison, think about the joke where you don't need to outrun a bear, just your slower friend. And the EU laws punish companies who get hacked. That's not a good measure. If China, the US, or Russia decide to hack a private company they don't stand a chance. It would be much better to educate the common person about how to safely use the internet, to require vpn services be made free by ISP's, and to provide other individual user protections instead of asking people to completely wipe data on people which is insane.

All companies using a database will back that database up on a regular basis. Let's say once a week and then they'll take physical tape backups once a month and store those tap backups offsite in a secure facility in case something happens to the server and they need to recover. Now let's say I've been a customer of google music for 10 years and their information on me is in every tape backup for 10 years. It is beyond idiotic to expect any 1 company to pay tens of thousands of dollars to load every tape backup they have for 10 years just to wipe my information off it. Absolutely. Batshit. Insane.

So while sure, GDPR is an attempt to give people control over their data it was made so poorly and results in the EU getting Billions in profit, that I just can't take it as anything other then a money making scheme that makes the life of all small site developers much harder and only encourages us to put up landing pages telling Europeans to go away.

Re: Is Webdiplomacy GDPR compliant?

Posted: Sun Apr 07, 2019 7:36 pm
by kestasjk
Totally agree with jmo; an HTTP set cookie flag is a *request* from the server for a browser to please save a small bit of information for a certain length of time, and until that time repeat it next time you visit the server. All browsers have settings and modes that let you restrict / clear / control cookies, and of course in any “private mode” of a browser cookies aren’t stored.

Except for third party cookies (often blocked by default these days) cookies are from the website you are visiting (and presumably whose services you are enjoying) to personalise your experience, and I see no reason that every website on the planet (especially if not a commercial site) should make you click a nuisance warning stating the obvious fact that the site uses cookies.


The fines against Facebook and Google and [other successful US tech companies widely used and enjoyed in Europe]; I don’t know if they’re right or wrong, but if they were European companies I don’t think they would get nearly as much scrutiny.

Re: Is Webdiplomacy GDPR compliant?

Posted: Mon Apr 08, 2019 3:35 am
by brainbomb
Last I checked it was not a requirement to even own a phone, much less putting facebook on it

Re: Is Webdiplomacy GDPR compliant?

Posted: Tue Apr 09, 2019 4:47 pm
by jmo1121109
But as this was derailed by members wanting to argue politics instead of actual facts, bringing this back to the point and splitting the political posts off into the politics thread for people to continue discussing if they wish. If you have questions email [email protected] for privacy concerns. And on that note, conversation resolved.