Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Opinion you said?
FUCK this shit. Well not that shit actually, that shit is kind of necessary but the fucking reactions of GDPR.
It's like that: you hash and don't store. What do you have to do? Nothing?
No you have to be transparent. Better build a popup explaining how hashes work, how HTML works, how the users display and computer work, teach 'em programming and marketing and how to survive heat death and THEN!! Then you act legal. -
Hashing counts only if it can't be reversed - but IPv4 is 4 bytes only, so with an SHA-256, I would expect that you can easily reverse it via brute force. The usual solution is to set the last byte to 0 in the logfiles, which still gives you information about the location, but can't be used anymore to identify the user. This way, it isn't personal user data and therefore does not fall under GDPR.
-
@Alice that's a lie. Do you want to say that evey "gender" can be stored in a piece of data? In bits? Biiinnaaaarrryyy?!
I'm kidding -
Pango517yIn short, it's not their data if it's 100% irreversible. If it is reversible or the person can be linked to it (like using a reference or ID number) then this is pseudonymised and still counts as their data.
-
This is hard to answer, because there isn’t a real use-case of this. You still had at some time the data in your system so it still applies, unless the user already sends it hashed then I guess it doesn’t apply. If you need to do this with user data you should get legal advice.
-
SSDD47607yGDPR relate to personally identifiable information and consent.
But regards your question, if it’s hashed and not linked to them in anyway, like some foreign key or an account I’d, then it’s fine.
If it can be linked back to them then it’s not fine. -
@Alice umm me? No lol
@Fast-Nop interesting, IP was just an example tho
@BambuSource that's sooo like literally oppressive
@Pango I would agree
@FilipeRamalho Just a shower thought I had lol, but I do find it to be a tricky question. -
crisz81917yIP address is a personal data but not a sensitive one. It can be stored without much attention
-
@crisz wrong. You need to inform the user that you are doing it, for what purpose, and for how long. You may get away stating that it's needed for system security, but that doesn't imply you can store indefinitely.
-
@Alice for a simple reason: on the internet, everyone's a guy until proven otherwise
-
@succcubbus so Americans should change the way they speak because someone somewhere gets her name confused with that of a male, a name that can either be both. And has made it a central part of her Identity as some sort of oppression against her.
I'm sorry but I've witnessed worse acts of sexism and violence to buy into these identity politics. -
@Krokoklemme I've always thought in the internet everyone is sexless as it is irrelevant to the sharing of ideas, but in English that defaults to male pronouns so that's just a sensitivity I've mostly seen in English speaking people.
God these days you can't make a simple question about hashes and the GDPR without anyone cramming gender politics into it :(
Related Rants
I've seen a lot of buzz around the EU's GDPR and since I don't live there I'm wondering if it applies only if you store personal data and should it count if it's hashed for example?🤔
Let's say you hash a client's IP, it's not technically his data you've irreversibly transformed it into something else, like a computation.
For example let's say he provides you with a number and you multiply it by another and store the result, let's say 2 x 2 = 4, Is the 4 his data or yours?
Also I'm really interested in the general opinion of ranters about article 13.
question
eu policy
opinion