14

What the actual fuck ?! Why are you able to do this? Why WOULD you give the ability to do this?

Comments
  • 2
    If it was pre filled they are violating GDPR if targeting europeans.

    Pre filled consent are by law invalid and prohibited, you have to explicitly check the box for it to be a valid consent.

    They can however require consent to continue, but you still have to manually check the box so they cannot sneak it past.
  • 4
    @Voxera I checked it. Maybe I should have done a red circle around the credentials checkbox ^^
  • 1
    @hypervtechnics Then I guess they have been doing it to sell to make money and now they are just open about it :)

    That was one of the goals of GDPR to require all such practices to e in the open so you can decide if its worth it.
  • 0
    @Voxera they are advertising that they are gdpr compliant xD
  • 1
    @hypervtechnics If they ask permission they are ;)

    At least on some parts.
  • 4
    I think the issue here is the 'send these credentials by email' option not whether it's GDPR compliant.
  • 1
  • 2
    Is there a "print my credentials on a billboard close to the administrator's house" option? If so, leave that unchecked. (Or uncheck it if it's been pre-checked in direct violation of GDPR law 😉 )
  • 2
    @hypervtechnics Yes, that point seemed to be lost on @Voxera
  • 1
    That also suggests to me the passwords are stored as plain text otherwise how could they send them to you 🤔
  • 2
    You could send the credentials before hashing the password?
  • 2
    @korrat Yeah good point, did wonder if that's what they were doing. Still though seems a massive security hole.
  • 3
    @DeadInside actually yes, I missed that one ;)

    Have been swamped with GDPR questions for weeks.
Add Comment