This evening has had a sad surprise for me.
-
@argv_minus_one @fuchsiii @malwareminigun Yep, that's exactly what I am saying.
-
This evening has had a sad surprise for me.
Now, I am calling for #openSUSE to revert the recently imposed project-wide ban on young people:
(Update: Thanks for the overwhelming reactions! Please also consider https://toot.teckids.org/@nik/116550879189375534 .)
@nik Lunacy does not begin to describe this lunacy which is mad and bad and dumb. Not sure which is worse to be honest. Any under age user that stops using the site as a result of the tripe warning is likely not going to be into Linux because that requires a f%^& you watch me do it anyway mentality and frankly is it so stupid it is a non rule and makes stupid people look clever in comparison.
-
This evening has had a sad surprise for me.
Now, I am calling for #openSUSE to revert the recently imposed project-wide ban on young people:
(Update: Thanks for the overwhelming reactions! Please also consider https://toot.teckids.org/@nik/116550879189375534 .)
-
This evening has had a sad surprise for me.
Now, I am calling for #openSUSE to revert the recently imposed project-wide ban on young people:
(Update: Thanks for the overwhelming reactions! Please also consider https://toot.teckids.org/@nik/116550879189375534 .)
The sooner young people learn to ignore nonsensical bullshit regulations the better.
-
This evening has had a sad surprise for me.
Now, I am calling for #openSUSE to revert the recently imposed project-wide ban on young people:
(Update: Thanks for the overwhelming reactions! Please also consider https://toot.teckids.org/@nik/116550879189375534 .)
@nik truly putting the Open in OpenSUSE
-
@argv_minus_one @fuchsiii @malwareminigun Yep, that's exactly what I am saying.
@nik@toot.teckids.org @argv_minus_one@mastodon.sdf.org @fuchsiii@oxytodon.com @malwareminigun@infosec.exchange Do you have any source to back it up? I'm curious what the law says here.
-
The sooner young people learn to ignore nonsensical bullshit regulations the better.
@srslypascal No. We teach young people to co-design the rules in our community in a way they can voluntarily accept them.
-
@malwareminigun @nik Typical article 8 German GDPR problem. You need explicit parental permission to handle (note the “handle”, not just “save”) PII of ppl under 16 (and the IP address hitting Apache/NGINX counts as a PII, therefore every website is technically 16+ until someone wants to fight this in court).
@fuchsiii if this was true, I'm sure there would be a truck load of lawyers trying to make some money out of it. Maybe there are, but I never heard of it. @malwareminigun @nik
-
@fuchsiii if this was true, I'm sure there would be a truck load of lawyers trying to make some money out of it. Maybe there are, but I never heard of it. @malwareminigun @nik
The explanation is a bit too complex for a Mastodon thread.
Generally, I prefer the person who first put up a claim to prove it. It's also easier to prove something exists than the contrary.
So, @fuchsiii claims there were a law restricting the handling of information from people under 16 years. Show me the law.
Everything else will fall into place from there I think, we can clarify the misconception then.
-
The explanation is a bit too complex for a Mastodon thread.
Generally, I prefer the person who first put up a claim to prove it. It's also easier to prove something exists than the contrary.
So, @fuchsiii claims there were a law restricting the handling of information from people under 16 years. Show me the law.
Everything else will fall into place from there I think, we can clarify the misconception then.
@nik 13-16: parental approval required. If we are lenient and say processing an IP address is not sufficient to be PII, the storing of the mail address on account creation sure is. There is an exception for services primarily target children (which has higher policing requirements anyway). I would rly love to be proven otherwise, yes this is very problematic, but its what I read here. @kleisli @malwareminigun
-
@nik 13-16: parental approval required. If we are lenient and say processing an IP address is not sufficient to be PII, the storing of the mail address on account creation sure is. There is an exception for services primarily target children (which has higher policing requirements anyway). I would rly love to be proven otherwise, yes this is very problematic, but its what I read here. @kleisli @malwareminigun
@fuchsiii @kleisli @malwareminigun
The headline solves your misconception: It is explicitly about **consent** given by a minor.
Consent by the subject is one of six rules allowing data processing. The others include technical or legal requirement. GDPR allows a lot of things without explicit consent, and AFAIAC, I never was in a situation where any consent was even necessary at all.
You cannot collect consent for targeted ad campaigns from minors. But you can certainly handle IP addresses.
-
This evening has had a sad surprise for me.
Now, I am calling for #openSUSE to revert the recently imposed project-wide ban on young people:
(Update: Thanks for the overwhelming reactions! Please also consider https://toot.teckids.org/@nik/116550879189375534 .)
@nik danke dir, Nik
-
@fuchsiii @kleisli @malwareminigun
The headline solves your misconception: It is explicitly about **consent** given by a minor.
Consent by the subject is one of six rules allowing data processing. The others include technical or legal requirement. GDPR allows a lot of things without explicit consent, and AFAIAC, I never was in a situation where any consent was even necessary at all.
You cannot collect consent for targeted ad campaigns from minors. But you can certainly handle IP addresses.
@nik In that case I'm out of ideas about what the reason could be, their Matomo tracker is according to the Terms of Site configured to anonymize. Maybe Czech law plays a role, as most openSUSE servers seems to be hosted in Prague https://en.opensuse.org/DigitalSovereignty/EU @kleisli @malwareminigun
-
@nik In that case I'm out of ideas about what the reason could be, their Matomo tracker is according to the Terms of Site configured to anonymize. Maybe Czech law plays a role, as most openSUSE servers seems to be hosted in Prague https://en.opensuse.org/DigitalSovereignty/EU @kleisli @malwareminigun
@fuchsiii @kleisli @malwareminigun I think the answer is simply that they didn't care enough to take on the extra work of learning how legal things involving minors work.
Also note that this restriction is in the **terms of use**, not the privacy policy.
-
@nik Lunacy does not begin to describe this lunacy which is mad and bad and dumb. Not sure which is worse to be honest. Any under age user that stops using the site as a result of the tripe warning is likely not going to be into Linux because that requires a f%^& you watch me do it anyway mentality and frankly is it so stupid it is a non rule and makes stupid people look clever in comparison.
@adingbatponder @nik ...or just maybe they should be using Artix instead, or any other distro which rejects age verification. Also, openSUSE rely on systemd, anyone concerned about their privacy should avoid systemd like the plague.
Mind you, we're heading towards an era in which programmers might have to maintain multiple identities, and if you're an underage programmer, you'll have to start out anonymously.
(Someone blocked me for "systemd hate". systemd's founder literally runs his own company geared towards Linux corporate compliance. Years ago, they added /etc/machine-id on top of /var/lib/dbus/machine-id - guess what, Devuan (sysvinit) don't support /etc/machine-id and the dbus version of it is randomized on each boot. Details like this can make a difference to privacy-conscious users.)
-
@adingbatponder @nik ...or just maybe they should be using Artix instead, or any other distro which rejects age verification. Also, openSUSE rely on systemd, anyone concerned about their privacy should avoid systemd like the plague.
Mind you, we're heading towards an era in which programmers might have to maintain multiple identities, and if you're an underage programmer, you'll have to start out anonymously.
(Someone blocked me for "systemd hate". systemd's founder literally runs his own company geared towards Linux corporate compliance. Years ago, they added /etc/machine-id on top of /var/lib/dbus/machine-id - guess what, Devuan (sysvinit) don't support /etc/machine-id and the dbus version of it is randomized on each boot. Details like this can make a difference to privacy-conscious users.)
Please keep your unfounded systemd hate out of this.
-
@malwareminigun @nik Typical article 8 German GDPR problem. You need explicit parental permission to handle (note the “handle”, not just “save”) PII of ppl under 16 (and the IP address hitting Apache/NGINX counts as a PII, therefore every website is technically 16+ until someone wants to fight this in court).
@malwareminigun @nik is an IP address PII if it's NAT'ed? Surely not since numerous individuals could have that IP:port pair over a period of time. Would IPv6 count if not-NAT'ed? While it certainly can be used to get to a specific machine an IP with MAC address embedded (from SLAAC) hardly identifies the person on it's own. IANAL so I'm trying to be sensible, I accept that legal garbage might not be!
-
@malwareminigun @nik is an IP address PII if it's NAT'ed? Surely not since numerous individuals could have that IP:port pair over a period of time. Would IPv6 count if not-NAT'ed? While it certainly can be used to get to a specific machine an IP with MAC address embedded (from SLAAC) hardly identifies the person on it's own. IANAL so I'm trying to be sensible, I accept that legal garbage might not be!
@fionasboots IP addresses according to GDPR a definitively PII, static or not. That your ISP can link it to your person is enough. But according to @nik what I quoted only counts for data collection that needs consent, which this use apparently does not. @malwareminigun
-
@malwareminigun @nik is an IP address PII if it's NAT'ed? Surely not since numerous individuals could have that IP:port pair over a period of time. Would IPv6 count if not-NAT'ed? While it certainly can be used to get to a specific machine an IP with MAC address embedded (from SLAAC) hardly identifies the person on it's own. IANAL so I'm trying to be sensible, I accept that legal garbage might not be!
@fionasboots lets wait for the answer from openSUSE legal team, I'm getting more confused by the hour about this. I still think they had some good reason to write this ToS, I just don't know anymore what it could be. (And right now I would let them being confused about the legal situation count as an answer) @malwareminigun @nik
-
@malwareminigun @nik is an IP address PII if it's NAT'ed? Surely not since numerous individuals could have that IP:port pair over a period of time. Would IPv6 count if not-NAT'ed? While it certainly can be used to get to a specific machine an IP with MAC address embedded (from SLAAC) hardly identifies the person on it's own. IANAL so I'm trying to be sensible, I accept that legal garbage might not be!
@fionasboots I had the question about IP addressees at a mandatory work GDPR training certification test. (very boring) @malwareminigun @nik
