Official Everybody Edits Forums

Do you think I could just leave this part blank and it'd be okay? We're just going to replace the whole thing with a header image anyway, right?

You are not logged in.

#26 2018-05-28 03:59:52

mrjawapa
Corn Man 🌽
From: Ohio, USA
Joined: 2015-02-15
Posts: 5,840
Website

Re: ATTN: Xeno - General Data Protection Regulation and EE

Welp... I'm suing you diff.


Discord: jawp#5123

Offline

#27 2018-05-28 08:10:55

den3107
Member
From: Netherlands
Joined: 2015-04-24
Posts: 1,025

Re: ATTN: Xeno - General Data Protection Regulation and EE

Different55 wrote:

Oh right backups I almost forgot about those.

that's a whole other can of worms. As far as I'm aware I physically can't selectively delete stuff from the backups. I can scrub your stuff from the active database but the backups hang around for a lot longer.

Honestly the worst part about GDPR...
I assume there's no way to reupload backups?
Otherwise you could do the super tedious task of downloading the backup, deploying it on a local server, remove the single user, package it again (assuming backups are packaged), and reupload.

Offline

#28 2018-05-28 09:07:01

Helvi
Member
Joined: 2015-04-06
Posts: 1,132

Re: ATTN: Xeno - General Data Protection Regulation and EE

Lively discussion. I like it.
To quote something: https://gdpr-info.eu/art-4-gdpr/

personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;


Hi.

Offline

#29 2018-05-28 09:38:24

Zumza
Member
From: root
Joined: 2015-02-17
Posts: 4,656

Re: ATTN: Xeno - General Data Protection Regulation and EE

Different55 wrote:

Oh right backups I almost forgot about those.

that's a whole other can of worms. As far as I'm aware I physically can't selectively delete stuff from the backups. I can scrub your stuff from the active database but the backups hang around for a lot longer.

The law doesn't specify any time-stamp for you to meet the request. In fact it gives you a leverage in cases of "available technology and the cost of implementation". Therefore it's ok to remove it only from the deploy database and then remove them from the backups as you seem fit. As long as you inform the users that these backups exists, and that it will take a longer period of time to effectively erase everything, it's fine.


Everybody edits, but some edit more than others

Offline

Wooted by:

#30 2018-05-28 14:40:38

Different55
Forum Admin
Joined: 2015-02-07
Posts: 16,575

Re: ATTN: Xeno - General Data Protection Regulation and EE

den3107 wrote:
Different55 wrote:

Oh right backups I almost forgot about those.

that's a whole other can of worms. As far as I'm aware I physically can't selectively delete stuff from the backups. I can scrub your stuff from the active database but the backups hang around for a lot longer.

Honestly the worst part about GDPR...
I assume there's no way to reupload backups?
Otherwise you could do the super tedious task of downloading the backup, deploying it on a local server, remove the single user, package it again (assuming backups are packaged), and reupload.

Strictly speaking yes that's possible, but there isn't just one monolithic **BACKUP** for me to deploy, modify, repackage, and replace. There's over 2 dozen backups of each type, for a 100% full scrub I'd have to touch 2 types, the forum database backups and the forum file backups (for the avatars).

Zumza wrote:
Different55 wrote:

Oh right backups I almost forgot about those.

that's a whole other can of worms. As far as I'm aware I physically can't selectively delete stuff from the backups. I can scrub your stuff from the active database but the backups hang around for a lot longer.

The law doesn't specify any time-stamp for you to meet the request. In fact it gives you a leverage in cases of "available technology and the cost of implementation". Therefore it's ok to remove it only from the deploy database and then remove them from the backups as you seem fit. As long as you inform the users that these backups exists, and that it will take a longer period of time to effectively erase everything, it's fine.

Thank goodness the GDPR gets more well designed the more I see of it.


"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto

Offline

#31 2018-05-28 16:03:13

Enurp
Formerly ThuggishPrune
From: Ohio
Joined: 2015-06-20
Posts: 459

Re: ATTN: Xeno - General Data Protection Regulation and EE

Different55 wrote:

Oh right backups I almost forgot about those.

that's a whole other can of worms. As far as I'm aware I physically can't selectively delete stuff from the backups. I can scrub your stuff from the active database but the backups hang around for a lot longer.

My VERY jewish lawyers will be in contact with you shortly.

Offline

Wooted by:

#32 2018-05-28 17:12:38

Tomahawk
Forum Mod
From: UK
Joined: 2015-02-18
Posts: 2,847

Re: ATTN: Xeno - General Data Protection Regulation and EE

I feel like people are playing devil’s advocate just for the sake of it - nobody actually cares whether EE of all things complies with the GDPR.

In EE’s case it sounds like a huge faff that benefits nobody. Whoopee, I could ask to get my data deleted - as if I couldn’t anyway - but now I can pretend that I’ll go to the trouble of reporting Megalamb if he refuses.

Likewise I could probably list all the data that EE and the forums have on me, but I want the right to ask for a copy - why? In case I forget my own email address? For the lols of wasting a mod’s time?

This ain’t Facebook calculating your weaknesses to 10 decimal places. Nothing changes.


One bot to rule them all, one bot to find them. One bot to bring them all... and with this cliché blind them.

Offline

Wooted by: (3)

#33 2018-05-28 18:02:22, last edited by LukeM (2018-05-28 18:02:35)

LukeM
Member
From: England
Joined: 2016-06-03
Posts: 3,009
Website

Re: ATTN: Xeno - General Data Protection Regulation and EE

Tomahawk wrote:

I feel like people are playing devil’s advocate just for the sake of it - nobody actually cares whether EE of all things complies with the GDPR.

In EE’s case it sounds like a huge faff that benefits nobody. Whoopee, I could ask to get my data deleted - as if I couldn’t anyway - but now I can pretend that I’ll go to the trouble of reporting Megalamb if he refuses.

For me at least its not that I would do anything like that, its that other people technically could. It'd be pretty stupid if the devs were fined some large amount or if something happened to EE because they couldn't be bothered to comply with the regulations...

Offline

#34 2018-05-28 18:23:08

mrjawapa
Corn Man 🌽
From: Ohio, USA
Joined: 2015-02-15
Posts: 5,840
Website

Re: ATTN: Xeno - General Data Protection Regulation and EE

LukeM wrote:

if something happened to EE because they couldn't be bothered to comply with the regulations...

There are bigger fish to fry


Discord: jawp#5123

Offline

#35 2018-05-28 18:23:23

Zumza
Member
From: root
Joined: 2015-02-17
Posts: 4,656

Re: ATTN: Xeno - General Data Protection Regulation and EE

GDPR abstracted is just a package of rights users have. And I see nothing wrong in informing people of their rights.

If someone would "go to the trouble of reporting" EE, they would have other, stronger means, than the GDPR, given on how many administrative mistakes EE had. Most of us are part of this community for years and, I believe, no one would consider to harm it.

The GDPR became a meme of it's own due to the fact that this days, all of us(European users at least) had their mail spammed with the new privacy policies of the websites we're subscribed to.


Everybody edits, but some edit more than others

Offline

Wooted by:

#36 2018-05-28 18:36:08

LukeM
Member
From: England
Joined: 2016-06-03
Posts: 3,009
Website

Re: ATTN: Xeno - General Data Protection Regulation and EE

mrjawapa wrote:
LukeM wrote:

if something happened to EE because they couldn't be bothered to comply with the regulations...

There are bigger fish to fry

Zumza wrote:

Most of us are part of this community for years and, I believe, no one would consider to harm it.

All it takes is one person and some serious damage can be done to EE, sure its unlikely, but would you really want to risk it?
Especially considering the fairly regular attacks on the lobby or whatever, if EE doesn't comply with the regulations then thats an easy target...

Offline

#37 2018-05-28 19:09:05

Xenonetix
Past Owner
From: Moving on with my life
Joined: 2015-03-07
Posts: 899
Website

Re: ATTN: Xeno - General Data Protection Regulation and EE

Working on the other stuff as well, but at least got this in place now:

Hidden text

Xenonetix-2.png

Offline

#38 2018-05-28 20:41:13

Helvi
Member
Joined: 2015-04-06
Posts: 1,132

Re: ATTN: Xeno - General Data Protection Regulation and EE

You're a quick worker, Xeno :-) You have my gratitude.


Hi.

Offline

Wooted by:

#39 2018-05-28 21:11:26

Cyral
Member
From: United States
Joined: 2015-02-15
Posts: 2,269

Re: ATTN: Xeno - General Data Protection Regulation and EE

Tomahawk wrote:

I feel like people are playing devil’s advocate just for the sake of it - nobody actually cares whether EE of all things complies with the GDPR.

In EE’s case it sounds like a huge faff that benefits nobody. Whoopee, I could ask to get my data deleted - as if I couldn’t anyway - but now I can pretend that I’ll go to the trouble of reporting Megalamb if he refuses.

Likewise I could probably list all the data that EE and the forums have on me, but I want the right to ask for a copy - why? In case I forget my own email address? For the lols of wasting a mod’s time?

This ain’t Facebook calculating your weaknesses to 10 decimal places. Nothing changes.

In my experience with the GDPR, a good aspect of it is bringing awareness of good practices for handling personal data. I would agree that likely nobody really cares since EE is just a simple game that already collects very little information, but that makes compliance easy and the GDPR will make companies think twice about collecting data they don't need or wouldn't feel comfortable asking. (e.g. what if player.io or any companies that EE uses internally were to use our data in a way we didn't consent to) Since EE is actually based in the England there isn't much of a "I don't care about GDPR" defense if anything were to happen like some U.S. companies are doing. EE is likely doing everything right and the GDPR will just provide more reason for good data security practices.

Xenonetix wrote:

Working on the other stuff as well, but at least got this in place now:

I am not 100% sure but I think that things like session/login cookies (where there is an obvious legitimate interest) do not need a cookie warning. Different story if they are used for tracking though. I expected EE to only use cookies for saving the session but there are actually a ton of cookies so I guess it actually is needed (but why are there so many)?


Player Since 2011. I used to make bots and stuff.

Offline

#40 2018-05-28 21:14:33

Zumza
Member
From: root
Joined: 2015-02-17
Posts: 4,656

Re: ATTN: Xeno - General Data Protection Regulation and EE

Xenonetix wrote:

Working on the other stuff as well, but at least got this in place now:

Helvi wrote:

You're a quick worker, Xeno :-) You have my gratitude.

Please don't confuse the European Cookie Law and GDPR with each other, they're not the same.

The cookie consent information should had been displayed since the EU Cookie Law got into action, May 2012.

Also, the disagree button should replace the persistent cookie EE stores with a session cookie, or you could remove it completely.


Everybody edits, but some edit more than others

Offline

#41 2018-05-28 22:15:26

XxAtillaxX
Member
Joined: 2015-11-28
Posts: 4,202

Re: ATTN: Xeno - General Data Protection Regulation and EE

It's not required for Everybody Edits to request consent or display a disclaimer in accordance with the EU cookie law, as Everybody Edits does not use cookies for tracking purposes. If you're referring to CFUID that's a separate entity entirely and likely wouldn't fall within the scope, especially given Cloudflare operates within the European Union and has an extensive privacy policy.

The GDPR serves as an excellent example of poor law decision making. I've heard that it's manifested upon good intentions but to me it seems pretty superficial given the deals the commission continues to make with corporations like Microsoft, while rejecting wholly independent, non-profit and privacy respecting alternatives.

It's not very well thought out and has potentially disastrous implications for small businesses across the world. To which, many of those small businesses are affected disproportionately given there aren't any provisions included for reimbursements of the financial losses inevitably incurred through setting up infrastructure to systematically wipe information in compliance with the privacy regulations.

It's disappointing since there's every reason to target the hundreds of large multi-national corporations whose revenue models are near exclusively predicated upon collecting and selling consumer information and launching targeted advertising campaigns with said information, instead of small businesses. You can see them explicitly listed on the opt-out lists presented to EU individuals from businesses who attempt to be in accordance with the GDPR rather than blacklisting.

The UK, as well as Everybody Edits by extension, would be far better off without being in the European Union on this front. It's disappointing as well that there's a referendum set for negotiations over trade policy when there's policies like these that matter just as strongly.


signature.png
*u stinky*

Offline

#42 2018-05-29 05:05:27, last edited by ByteArray (2018-05-29 05:05:44)

ByteArray
Member
From: United States
Joined: 2015-02-17
Posts: 158

Re: ATTN: Xeno - General Data Protection Regulation and EE

Xenon asked me to update the cookie policy as well as the notification on the site, and I've just gotten that done. He hasn't had a chance to look at it for himself yet though, so it may need some tweaks.

But basically, the cookies currently used on the site come from Cloudflare and Twitter. Any other ones you may have would seem to be from an older version of the site.


former lead-dev on EE/EEU, 2018—2020
(aka Criobite, Joshua Stone, TechnoWolf99, & LightWolf)

Offline

Wooted by: (4)

#43 2018-05-29 10:26:14

Zumza
Member
From: root
Joined: 2015-02-17
Posts: 4,656

Re: ATTN: Xeno - General Data Protection Regulation and EE

XxAtillaxX wrote:

It has potentially disastrous implications for small businesses across the world. To which, many of those small businesses are affected disproportionately given there aren't any provisions included for reimbursements of the financial losses inevitably incurred through setting up infrastructure to systematically wipe information in compliance with the privacy regulations.

It's disappointing since there's every reason to target the hundreds of large multi-national corporations whose revenue models are near exclusively predicated upon collecting and selling consumer information and launching targeted advertising campaigns with said information, instead of small businesses. You can see them explicitly listed on the opt-out lists presented to EU individuals from businesses who attempt to be in accordance with the GDPR rather than blacklisting.

I agree. But the fact is that any company, wherever from, has to follow these laws if their services are available to Europeans.


XxAtillaxX wrote:

It's not required for Everybody Edits to request consent or display a disclaimer in accordance with the EU cookie law, as Everybody Edits does not use cookies for tracking purposes.

The EU Cookie Law clearly defines two types of cookies: session-cookies stored in-memory, which are erased when an user closes the app, and persistent-cookies, stored on disk.
If you use session cookies, you don't have to request consent, but for persistent cookies you have.

EE is storing local shared objects on our computers, majorly to handle authentication and to track our world history. This is not a session cookie that's erased after you close the application.

Any technology that stores information within a user’s web browser or anywhere else on their device, must be disclosed and receive approval.

The website everybodyedits.com doesn't store any cookie of it's own. The flash game does. The client it self, should also contain a disclosure.

But this changes, as I said before, are related to the EU Cookie Law, and should had been made since 2012, they're not the same with the GDPR.


Everybody edits, but some edit more than others

Offline

Wooted by:

#44 2018-05-29 13:29:29

ByteArray
Member
From: United States
Joined: 2015-02-17
Posts: 158

Re: ATTN: Xeno - General Data Protection Regulation and EE

Zumza wrote:

The EU Cookie Law clearly defines two types of cookies: session-cookies stored in-memory, which are erased when an user closes the app, and persistent-cookies, stored on disk.
If you use session cookies, you don't have to request consent, but for persistent cookies you have.

EE is storing local shared objects on our computers, majorly to handle authentication and to track our world history. This is not a session cookie that's erased after you close the application.

Flash's local shared objects are purely client-side, unlike cookies which can be read by the server. That means they can't be used for tracking purposes the same way that cookies are.

The objects stored by EE are used to keep you logged in, save your preferences locally, and to keep a local list of recently joined worlds (that isn't sent to the server). We do not use them to track the activities of players. //forums.everybodyedits.com/img/smilies/smile


former lead-dev on EE/EEU, 2018—2020
(aka Criobite, Joshua Stone, TechnoWolf99, & LightWolf)

Offline

Wooted by:

#45 2018-05-29 13:38:36

mutantdevle
Moderation Team
From: Hell
Joined: 2015-03-31
Posts: 3,848
Website

Re: ATTN: Xeno - General Data Protection Regulation and EE

ByteArray wrote:
Zumza wrote:

The EU Cookie Law clearly defines two types of cookies: session-cookies stored in-memory, which are erased when an user closes the app, and persistent-cookies, stored on disk.
If you use session cookies, you don't have to request consent, but for persistent cookies you have.

EE is storing local shared objects on our computers, majorly to handle authentication and to track our world history. This is not a session cookie that's erased after you close the application.

Flash's local shared objects are purely client-side, unlike cookies which can be read by the server. That means they can't be used for tracking purposes the same way that cookies are.

The objects stored by EE are used to keep you logged in, save your preferences locally, and to keep a local list of recently joined worlds (that isn't sent to the server). We do not use them to track the activities of players. //forums.everybodyedits.com/img/smilies/smile

But that's exactly what you'd say if you were tracking me :thonking:


kMMA0S6.png dxGW6FY.png

Offline

Wooted by: (3)

#46 2018-05-29 15:54:52, last edited by Zumza (2018-05-29 15:59:57)

Zumza
Member
From: root
Joined: 2015-02-17
Posts: 4,656

Re: ATTN: Xeno - General Data Protection Regulation and EE

ByteArray wrote:
Zumza wrote:

The EU Cookie Law clearly defines two types of cookies: session-cookies stored in-memory, which are erased when an user closes the app, and persistent-cookies, stored on disk.
If you use session cookies, you don't have to request consent, but for persistent cookies you have.

EE is storing local shared objects on our computers, majorly to handle authentication and to track our world history. This is not a session cookie that's erased after you close the application.

Any technology that stores information within a user’s web browser or anywhere else on their device, must be disclosed and receive approval.

Flash's local shared objects are purely client-side, unlike cookies which can be read by the server. That means they can't be used for tracking purposes the same way that cookies are.

Zumza wrote:

Any technology that stores information within a user’s web browser or anywhere else on their device, must be disclosed and receive approval

The EU Cookie law specifies that you have to disclose and receive consent for whatever you store on user's devices, regardless for what that storage it's used.

Technically you already received approval because by default the Flash Plugin asks. But you have to specify in your policies what you store. And this policies have to be available in the client. The client already has a link for that. The only thing that is needed, is to inform better what you store and for what reasons.


Everybody edits, but some edit more than others

Offline

#47 2018-05-29 16:04:35

Different55
Forum Admin
Joined: 2015-02-07
Posts: 16,575

Re: ATTN: Xeno - General Data Protection Regulation and EE

XxAtillaxX wrote:

It's not required for Everybody Edits to request consent or display a disclaimer in accordance with the EU cookie law, as Everybody Edits does not use cookies for tracking purposes. If you're referring to CFUID that's a separate entity entirely and likely wouldn't fall within the scope, especially given Cloudflare operates within the European Union and has an extensive privacy policy.

The GDPR serves as an excellent example of poor law decision making. I've heard that it's manifested upon good intentions but to me it seems pretty superficial given the deals the commission continues to make with corporations like Microsoft, while rejecting wholly independent, non-profit and privacy respecting alternatives.

It's not very well thought out and has potentially disastrous implications for small businesses across the world. To which, many of those small businesses are affected disproportionately given there aren't any provisions included for reimbursements of the financial losses inevitably incurred through setting up infrastructure to systematically wipe information in compliance with the privacy regulations.

It's disappointing since there's every reason to target the hundreds of large multi-national corporations whose revenue models are near exclusively predicated upon collecting and selling consumer information and launching targeted advertising campaigns with said information, instead of small businesses. You can see them explicitly listed on the opt-out lists presented to EU individuals from businesses who attempt to be in accordance with the GDPR rather than blacklisting.

The UK, as well as Everybody Edits by extension, would be far better off without being in the European Union on this front. It's disappointing as well that there's a referendum set for negotiations over trade policy when there's policies like these that matter just as strongly.

It's a pain, no doubt, but it's an improvement. It's worth a little change and a little headache in the short term.


"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto

Offline

Wooted by:

#48 2018-05-29 21:44:52

XxAtillaxX
Member
Joined: 2015-11-28
Posts: 4,202

Re: ATTN: Xeno - General Data Protection Regulation and EE

Zumza wrote:
ByteArray wrote:
Zumza wrote:

The EU Cookie Law clearly defines two types of cookies: session-cookies stored in-memory, which are erased when an user closes the app, and persistent-cookies, stored on disk.
If you use session cookies, you don't have to request consent, but for persistent cookies you have.

EE is storing local shared objects on our computers, majorly to handle authentication and to track our world history. This is not a session cookie that's erased after you close the application.

Any technology that stores information within a user’s web browser or anywhere else on their device, must be disclosed and receive approval.

Flash's local shared objects are purely client-side, unlike cookies which can be read by the server. That means they can't be used for tracking purposes the same way that cookies are.

Zumza wrote:

Any technology that stores information within a user’s web browser or anywhere else on their device, must be disclosed and receive approval

The EU Cookie law specifies that you have to disclose and receive consent for whatever you store on user's devices, regardless for what that storage it's used.

Technically you already received approval because by default the Flash Plugin asks. But you have to specify in your policies what you store. And this policies have to be available in the client. The client already has a link for that. The only thing that is needed, is to inform better what you store and for what reasons.

Not quite.

The ePrivacy directive – more specifically Article 5(3) – requires prior informed consent for storage or for access to information stored on a user's terminal equipment. In other words, you must ask users if they agree to most cookies and similar technologies (e.g. web beacons, Flash cookies, etc.) before the site starts to use them.

For consent to be valid, it must be informed, specific, freely given and must constitute a real indication of the individual's wishes.

However, some cookies are exempt from this requirement. Consent is not required if the cookie is:

    used for the sole purpose of carrying out the transmission of a communication, and
    strictly necessary in order for the provider of an information society service explicitly required by the user to provide that service.

Cookies clearly exempt from consent according to the EU advisory body on data protection- WP29pdf include:

    user‑input cookies (session-id) such as first‑party cookies to keep track of the user's input when filling online forms, shopping carts, etc., for the duration of a session or persistent cookies limited to a few hours in some cases
    authentication cookies, to identify the user once he has logged in, for the duration of a session
    user‑centric security cookies, used to detect authentication abuses, for a limited persistent duration
    multimedia content player cookies, used to store technical data to play back video or audio content, for the duration of a session
    load‑balancing cookies, for the duration of session
    user‑interface customisation cookies such as language or font preferences, for the duration of a session (or slightly longer)
    third‑party social plug‑in content‑sharing cookies, for logged‑in members of a social network.

If you play the game, the Flash cookies are created; that's implied consent which is covered under the law as well.


signature.png
*u stinky*

Offline

#49 2018-05-29 22:01:17, last edited by Zumza (2018-05-29 22:06:10)

Zumza
Member
From: root
Joined: 2015-02-17
Posts: 4,656

Re: ATTN: Xeno - General Data Protection Regulation and EE

XxAtillaxX wrote:

requires prior informed consent for storage or for access to information stored on a user's terminal equipment.

For consent to be valid, it must be informed, specific, freely given and must constitute a real indication of the individual's wishes.

If you play the game, the Flash cookies are created; that's implied consent which is covered under the law as well.

Implied consent is only available for session cookies.

There are messages like "By proceeding using our service you agree to our policy" for a reason. Storing flash cookies(which are a form of persistent cookies) without notifying the users, and without their knowledge they exist, is exactly the opposite of what the law says.


Everybody edits, but some edit more than others

Offline

#50 2018-05-29 23:43:14

XxAtillaxX
Member
Joined: 2015-11-28
Posts: 4,202

Re: ATTN: Xeno - General Data Protection Regulation and EE

Zumza wrote:

There are messages like "By proceeding using our service you agree to our policy" for a reason.

Implied consent is not only available for session cookies. Where do you get that from?
Just because the messages exist doesn't mean there's a necessity for it. It's simpler just to add a disclaimer than seek legal counsel over whether it's appropriate to do so.


signature.png
*u stinky*

Offline

Zumza1528119798708723

Board footer

Powered by FluxBB

[ Started around 1732961763.3724 - Generated in 0.373 seconds, 12 queries executed - Memory usage: 1.96 MiB (Peak: 2.3 MiB) ]