This evening has had a sad surprise for me.
-
@fuchsiii @malwareminigun This assessment is almost entirely wrong.
What exactly do you mean by “wrong”? Are you saying that that is not what the law actually means?
-
@malwareminigun @nik Typical article 8 German GDPR problem. You need explicit parental permission to handle (note the “handle”, not just “save”) PII of ppl under 16 (and the IP address hitting Apache/NGINX counts as a PII, therefore every website is technically 16+ until someone wants to fight this in court).
And the EU Commission recently had the audacity to claim that, and I quote, “In the EU, you have the space to speak your mind without having to shrink who you are.”
Apparently that flowery little speech doesn't apply to young, eager programmers.
️https://ec.social-network.europa.eu/@EUCommission/116437170867569557
-
What exactly do you mean by “wrong”? Are you saying that that is not what the law actually means?
@argv_minus_one @fuchsiii @malwareminigun Yep, that's exactly what I am saying.
-
@argv_minus_one @fuchsiii @malwareminigun Yep, that's exactly what I am saying.
-
This evening has had a sad surprise for me.
Now, I am calling for #openSUSE to revert the recently imposed project-wide ban on young people:
(Update: Thanks for the overwhelming reactions! Please also consider https://toot.teckids.org/@nik/116550879189375534 .)
@nik Lunacy does not begin to describe this lunacy which is mad and bad and dumb. Not sure which is worse to be honest. Any under age user that stops using the site as a result of the tripe warning is likely not going to be into Linux because that requires a f%^& you watch me do it anyway mentality and frankly is it so stupid it is a non rule and makes stupid people look clever in comparison.
-
This evening has had a sad surprise for me.
Now, I am calling for #openSUSE to revert the recently imposed project-wide ban on young people:
(Update: Thanks for the overwhelming reactions! Please also consider https://toot.teckids.org/@nik/116550879189375534 .)
-
This evening has had a sad surprise for me.
Now, I am calling for #openSUSE to revert the recently imposed project-wide ban on young people:
(Update: Thanks for the overwhelming reactions! Please also consider https://toot.teckids.org/@nik/116550879189375534 .)
The sooner young people learn to ignore nonsensical bullshit regulations the better.
-
This evening has had a sad surprise for me.
Now, I am calling for #openSUSE to revert the recently imposed project-wide ban on young people:
(Update: Thanks for the overwhelming reactions! Please also consider https://toot.teckids.org/@nik/116550879189375534 .)
@nik truly putting the Open in OpenSUSE
-
@argv_minus_one @fuchsiii @malwareminigun Yep, that's exactly what I am saying.
@nik@toot.teckids.org @argv_minus_one@mastodon.sdf.org @fuchsiii@oxytodon.com @malwareminigun@infosec.exchange Do you have any source to back it up? I'm curious what the law says here.
-
The sooner young people learn to ignore nonsensical bullshit regulations the better.
@srslypascal No. We teach young people to co-design the rules in our community in a way they can voluntarily accept them.
-
@malwareminigun @nik Typical article 8 German GDPR problem. You need explicit parental permission to handle (note the “handle”, not just “save”) PII of ppl under 16 (and the IP address hitting Apache/NGINX counts as a PII, therefore every website is technically 16+ until someone wants to fight this in court).
@fuchsiii if this was true, I'm sure there would be a truck load of lawyers trying to make some money out of it. Maybe there are, but I never heard of it. @malwareminigun @nik
-
@fuchsiii if this was true, I'm sure there would be a truck load of lawyers trying to make some money out of it. Maybe there are, but I never heard of it. @malwareminigun @nik
The explanation is a bit too complex for a Mastodon thread.
Generally, I prefer the person who first put up a claim to prove it. It's also easier to prove something exists than the contrary.
So, @fuchsiii claims there were a law restricting the handling of information from people under 16 years. Show me the law.
Everything else will fall into place from there I think, we can clarify the misconception then.
-
The explanation is a bit too complex for a Mastodon thread.
Generally, I prefer the person who first put up a claim to prove it. It's also easier to prove something exists than the contrary.
So, @fuchsiii claims there were a law restricting the handling of information from people under 16 years. Show me the law.
Everything else will fall into place from there I think, we can clarify the misconception then.
@nik 13-16: parental approval required. If we are lenient and say processing an IP address is not sufficient to be PII, the storing of the mail address on account creation sure is. There is an exception for services primarily target children (which has higher policing requirements anyway). I would rly love to be proven otherwise, yes this is very problematic, but its what I read here. @kleisli @malwareminigun
-
@nik 13-16: parental approval required. If we are lenient and say processing an IP address is not sufficient to be PII, the storing of the mail address on account creation sure is. There is an exception for services primarily target children (which has higher policing requirements anyway). I would rly love to be proven otherwise, yes this is very problematic, but its what I read here. @kleisli @malwareminigun
@fuchsiii @kleisli @malwareminigun
The headline solves your misconception: It is explicitly about **consent** given by a minor.
Consent by the subject is one of six rules allowing data processing. The others include technical or legal requirement. GDPR allows a lot of things without explicit consent, and AFAIAC, I never was in a situation where any consent was even necessary at all.
You cannot collect consent for targeted ad campaigns from minors. But you can certainly handle IP addresses.
-
This evening has had a sad surprise for me.
Now, I am calling for #openSUSE to revert the recently imposed project-wide ban on young people:
(Update: Thanks for the overwhelming reactions! Please also consider https://toot.teckids.org/@nik/116550879189375534 .)
@nik danke dir, Nik
-
@fuchsiii @kleisli @malwareminigun
The headline solves your misconception: It is explicitly about **consent** given by a minor.
Consent by the subject is one of six rules allowing data processing. The others include technical or legal requirement. GDPR allows a lot of things without explicit consent, and AFAIAC, I never was in a situation where any consent was even necessary at all.
You cannot collect consent for targeted ad campaigns from minors. But you can certainly handle IP addresses.
@nik In that case I'm out of ideas about what the reason could be, their Matomo tracker is according to the Terms of Site configured to anonymize. Maybe Czech law plays a role, as most openSUSE servers seems to be hosted in Prague https://en.opensuse.org/DigitalSovereignty/EU @kleisli @malwareminigun
-
@nik In that case I'm out of ideas about what the reason could be, their Matomo tracker is according to the Terms of Site configured to anonymize. Maybe Czech law plays a role, as most openSUSE servers seems to be hosted in Prague https://en.opensuse.org/DigitalSovereignty/EU @kleisli @malwareminigun
@fuchsiii @kleisli @malwareminigun I think the answer is simply that they didn't care enough to take on the extra work of learning how legal things involving minors work.
Also note that this restriction is in the **terms of use**, not the privacy policy.
-
@nik Lunacy does not begin to describe this lunacy which is mad and bad and dumb. Not sure which is worse to be honest. Any under age user that stops using the site as a result of the tripe warning is likely not going to be into Linux because that requires a f%^& you watch me do it anyway mentality and frankly is it so stupid it is a non rule and makes stupid people look clever in comparison.
@adingbatponder @nik ...or just maybe they should be using Artix instead, or any other distro which rejects age verification. Also, openSUSE rely on systemd, anyone concerned about their privacy should avoid systemd like the plague.
Mind you, we're heading towards an era in which programmers might have to maintain multiple identities, and if you're an underage programmer, you'll have to start out anonymously.
(Someone blocked me for "systemd hate". systemd's founder literally runs his own company geared towards Linux corporate compliance. Years ago, they added /etc/machine-id on top of /var/lib/dbus/machine-id - guess what, Devuan (sysvinit) don't support /etc/machine-id and the dbus version of it is randomized on each boot. Details like this can make a difference to privacy-conscious users.)
-
@adingbatponder @nik ...or just maybe they should be using Artix instead, or any other distro which rejects age verification. Also, openSUSE rely on systemd, anyone concerned about their privacy should avoid systemd like the plague.
Mind you, we're heading towards an era in which programmers might have to maintain multiple identities, and if you're an underage programmer, you'll have to start out anonymously.
(Someone blocked me for "systemd hate". systemd's founder literally runs his own company geared towards Linux corporate compliance. Years ago, they added /etc/machine-id on top of /var/lib/dbus/machine-id - guess what, Devuan (sysvinit) don't support /etc/machine-id and the dbus version of it is randomized on each boot. Details like this can make a difference to privacy-conscious users.)
Please keep your unfounded systemd hate out of this.
-
@malwareminigun @nik Typical article 8 German GDPR problem. You need explicit parental permission to handle (note the “handle”, not just “save”) PII of ppl under 16 (and the IP address hitting Apache/NGINX counts as a PII, therefore every website is technically 16+ until someone wants to fight this in court).
@malwareminigun @nik is an IP address PII if it's NAT'ed? Surely not since numerous individuals could have that IP:port pair over a period of time. Would IPv6 count if not-NAT'ed? While it certainly can be used to get to a specific machine an IP with MAC address embedded (from SLAAC) hardly identifies the person on it's own. IANAL so I'm trying to be sensible, I accept that legal garbage might not be!
