This evening has had a sad surprise for me.
-
@malwareminigun @nik Typical article 8 German GDPR problem. You need explicit parental permission to handle (note the “handle”, not just “save”) PII of ppl under 16 (and the IP address hitting Apache/NGINX counts as a PII, therefore every website is technically 16+ until someone wants to fight this in court).
@malwareminigun @nik is an IP address PII if it's NAT'ed? Surely not since numerous individuals could have that IP:port pair over a period of time. Would IPv6 count if not-NAT'ed? While it certainly can be used to get to a specific machine an IP with MAC address embedded (from SLAAC) hardly identifies the person on it's own. IANAL so I'm trying to be sensible, I accept that legal garbage might not be!
-
@malwareminigun @nik is an IP address PII if it's NAT'ed? Surely not since numerous individuals could have that IP:port pair over a period of time. Would IPv6 count if not-NAT'ed? While it certainly can be used to get to a specific machine an IP with MAC address embedded (from SLAAC) hardly identifies the person on it's own. IANAL so I'm trying to be sensible, I accept that legal garbage might not be!
@fionasboots IP addresses according to GDPR a definitively PII, static or not. That your ISP can link it to your person is enough. But according to @nik what I quoted only counts for data collection that needs consent, which this use apparently does not. @malwareminigun
-
@malwareminigun @nik is an IP address PII if it's NAT'ed? Surely not since numerous individuals could have that IP:port pair over a period of time. Would IPv6 count if not-NAT'ed? While it certainly can be used to get to a specific machine an IP with MAC address embedded (from SLAAC) hardly identifies the person on it's own. IANAL so I'm trying to be sensible, I accept that legal garbage might not be!
@fionasboots lets wait for the answer from openSUSE legal team, I'm getting more confused by the hour about this. I still think they had some good reason to write this ToS, I just don't know anymore what it could be. (And right now I would let them being confused about the legal situation count as an answer) @malwareminigun @nik
-
@malwareminigun @nik is an IP address PII if it's NAT'ed? Surely not since numerous individuals could have that IP:port pair over a period of time. Would IPv6 count if not-NAT'ed? While it certainly can be used to get to a specific machine an IP with MAC address embedded (from SLAAC) hardly identifies the person on it's own. IANAL so I'm trying to be sensible, I accept that legal garbage might not be!
@fionasboots I had the question about IP addressees at a mandatory work GDPR training certification test. (very boring) @malwareminigun @nik
-
@argv_minus_one @nik @fuchsiii @malwareminigun GDPR Article 6(1)(b): Processing shall be lawful […] if […] processing is necessary […] in order to take steps at the request of the data subject […].
GDPR Article 8(1)(1): Where point (a) of Article 6(1) applies, in relation to the offer of information society services directly to a child, the processing of the personal data of a child shall be lawful where the child is at least [13 to] 16 years old.
Age restrictions do not apply under 6(1)(b).
-
@argv_minus_one @nik @fuchsiii @malwareminigun GDPR Article 6(1)(b): Processing shall be lawful […] if […] processing is necessary […] in order to take steps at the request of the data subject […].
GDPR Article 8(1)(1): Where point (a) of Article 6(1) applies, in relation to the offer of information society services directly to a child, the processing of the personal data of a child shall be lawful where the child is at least [13 to] 16 years old.
Age restrictions do not apply under 6(1)(b).
@argv_minus_one @nik @fuchsiii @malwareminigun GDPR Recital 38 is not directly relevant, but is common-sense advice (and worth reading).
You should also be aware that bases other than 6(1)(a) ("consent") are very narrow, and 6(1)(a) is the hardest basis to obtain: the loopholes that most companies use don't actually exist, and those companies are breaking the law.
If you're not doing bad stuff, though – where "hoarding people's secrets" counts as bad stuff – GDPR nearly always says it's fine.
-
@argv_minus_one @fuchsiii @malwareminigun Yep, that's exactly what I am saying.
@nik @argv_minus_one @fuchsiii @malwareminigun I boosted because this is important but if you want to engage with people you could try being a little less rude.
-
@nik @argv_minus_one @fuchsiii @malwareminigun I boosted because this is important but if you want to engage with people you could try being a little less rude.
Blocked for unwarranted tone-policing.
-
@nik @argv_minus_one @fuchsiii @malwareminigun I boosted because this is important but if you want to engage with people you could try being a little less rude.
@not3ottersinacoat @nik @argv_minus_one @malwareminigun The best explanation of someone who knows a bit more about GDPR stuff than I do: https://fosstodon.org/@wizzwizz4/116550568863635746
-
@nik @argv_minus_one @fuchsiii @malwareminigun I boosted because this is important but if you want to engage with people you could try being a little less rude.
@not3ottersinacoat @nik @argv_minus_one @malwareminigun (for the record)
-
@nik I’m guessing they don’t want the liability of COPA and similar Acts.
@malwareminigun @nik It’s the opposite. Part of the reason tech companies are lobbying for age verification laws is to get themselves out from under COPPA
-
This evening has had a sad surprise for me.
Now, I am calling for #openSUSE to revert the recently imposed project-wide ban on young people:
(Update: Thanks for the overwhelming reactions! Please also consider https://toot.teckids.org/@nik/116550879189375534 .)
I am surprised about the interest in this issue. Thanks!
Please consider two things:
* Communicate to the openSUSE project directly that, and why, you oppose. You could respond on the mailing list I linked.
* If you can, become a sponsor of @Teckids on Liberapay or through some other means, so we can handle such cases and help other projects with our experience in a more coordinated and less stressful way: https://liberapay.com/Teckids/Thanks!
-
-
This evening has had a sad surprise for me.
Now, I am calling for #openSUSE to revert the recently imposed project-wide ban on young people:
(Update: Thanks for the overwhelming reactions! Please also consider https://toot.teckids.org/@nik/116550879189375534 .)
@nik SuSE is driving towards slop addiction anyway. Better for kids to experiment with Gentoo or NetBSD, or maybe projects that maintain a good track record without having a strong no-slop policy like FreeBSD, Slackware, OpenBSD, Debian, etc. (Although if they get into Slackware, keep them away from IRC, or at least Libera. ##slackware on Libera.chat today is like #freebsd on Freenode was a decade ago, in some respects, and maybe worse in others.)
Having been a young hacker in the early 80s, I can lend you some comfort. People can and will become lifelong free software advocates and contributors without a community, and this includes community driven by a corporate project.
Also, look at it this way: If OpenSuSE wants to drive themselves to extinction, what better way than erasing their mindshare amongst the young?
All that aside, I'm not at all against people telling them how foolish this move is.
-
@nik SuSE is driving towards slop addiction anyway. Better for kids to experiment with Gentoo or NetBSD, or maybe projects that maintain a good track record without having a strong no-slop policy like FreeBSD, Slackware, OpenBSD, Debian, etc. (Although if they get into Slackware, keep them away from IRC, or at least Libera. ##slackware on Libera.chat today is like #freebsd on Freenode was a decade ago, in some respects, and maybe worse in others.)
Having been a young hacker in the early 80s, I can lend you some comfort. People can and will become lifelong free software advocates and contributors without a community, and this includes community driven by a corporate project.
Also, look at it this way: If OpenSuSE wants to drive themselves to extinction, what better way than erasing their mindshare amongst the young?
All that aside, I'm not at all against people telling them how foolish this move is.
-
@richlv @nik My primary reason for believing this isn't something that was published, but that's okay, as there are other sources:
SUSE Refines, Releases Open-Source LLM to Fuel Community Collaboration
Today, SUSE has released a new fine-tuned version of the language model, Cavil-Qwen3-4B, as open source on openSUSE’s Hugging Face in order to make legal com...
openSUSE News (news.opensuse.org)
There are a number of pieces out there talking about SUSE chasing "AI" as well, and remember that OpenSuSE is quite heavy driven by SUSE the same way Fedora is driven by Red Hat. It's not complete in either case but it's substantial. (Canonical doesn't drive Debian quite so much, but it's developers are still influential activists inside of Debian.)
-
@fionasboots IP addresses according to GDPR a definitively PII, static or not. That your ISP can link it to your person is enough. But according to @nik what I quoted only counts for data collection that needs consent, which this use apparently does not. @malwareminigun
@fuchsiii @fionasboots @nik @malwareminigun But the ISP for a landline doesn't link the IP to a kid.
On the other hand, the mobile phone network operator... -
R relay@relay.infosec.exchange shared this topic
