Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
IP address (if static) is a potentially identifying piece of data (in GDPR's words: "online identifier"). Also, it's data that could be used in profiling user's actions.
GDPR not only says whether or not you should collect users' data. It also specifies that, if you collect it, you must keep it for the shortest period of time possible. And that period of time is to be defined. AND there must be a predefined set of people who can access that data.
This applies to IP addresses as well. Not everybody in the company should be able to see access.log files. And once no longer needed, the access.log must be rotated and eventually removed, along with my IP.
Applies to webapps, DNS servers and other systems that want to be GDPR-compliant
ref: https://fieldfisher.com/en/... -
The issue here is not the IP address itself.
It is the data connected to it. because you usualy couple the username, and other info with the IP.
whats more annoying - if everyone keeps the IP (dynamic means you are static for x time, with your ISP mapping it to your account) - then you can track the IP across the sites you visit.
The actual problem is Mobile Apps. look at the mobile ad aggragators, and how they bundle 15+ ad sdks that track you using your ad id. Those fuckers collect even your current battery percent... -
Btw ip Adresse also gives away your country and sometimes city.
And then theres Google tracking routers with android phones. They know all the time exactly where you are beacuse they know ecactly where every router is.
Imo theres not enough laws on this.
If its used only to measure daily usage of something AND stored as a hash, its ok for me atleast. -
Because it is technically possible to identify who had that IP at that time. It doesn't matter that you cannot find it out without the provider's help, and it doesn't matter that you'd need to pass legal hurdles before the provider would tell you.
All that matters is that there is a technical path.
Since many people failed to understand that, the lawmakers had the wisdom to include the IP address right in the text as example so that this discussion is moot and even people who still don't understand that will have to comply even without understanding. -
Seems like you've completely misunderstood GDPR. IANAL, but when a user gives you personal information as they ask you to provide them a service, you can use that information to provide the said service.
If someone reserves a table at a restaurant with their name, you can store the name so you know who is the reservation for. But you shouldn't keep a log of all visitors ever – instead, you destroy the information once it's no longer needed to provide the service. IP addresses work just the same way. That simple. -
@C0D4 law enforcement doesn't care if dynamic or static, its an ip Adress, coming from ISP y. Go to them and ask for subcriber Details hold by ISP(actual address, last Name, first Name).
With that info, go talk to them. -
@max19931 law enforcement isn't the issue.
And Ad tracking site will store the IP address along with other collected data (browser fingerprinting, device details, the list goes on) to build a profile, that profile can be then tapped into other ad trackers and social media platforms to form a more detailed view of a single user. So yes an "IP" is a piece of information, the general fool doesn't care about, but it's small part of a bigger problem, especially if it's static or doesn't bounce often, -
@LotsOfCaffeine CDNs make page loads faster, nothing wrong with that principle. Just need to pick a CDN that isn't also an ad network, search engine, social platform, browser vendor, ML lab and the W3C's pimp.
And also, maybe, is located outside the five eyes and/or has a warrant canary or clear and legally binding no-logging policy. -
GDPR is one of the most retarded laws anyways, and people still don't understand that all their beloved "free" services are gonna cost more in the future because
1. Ads simply don't work as good if you can't target them with orwellian scripts
2. Trying to achieve GDPR compliance will cost a fortune which in the end the consumer pays
3. GDPR compliance is hard to get right, so companies WILL fail, they WILL get fined and they WILL pass that cost on to their customers. -
@NotJeckel they claim it also applies if you have EU customers. Ofc enforcement might be complicated (not where i live though, as switzerland couldn't possibly crawl farther up the EU's ass without actually being a member than it already did)
-
@LotsOfCaffeine they don't NEED it, they want it. And it should be their fucking right in exchange for a free service. If you don't like that install pihole.
-
@NotJeckel It applies if you're doing business in the EU, which in the case of a website means that you have EU visitors. The country of origin is one of the details you can deduce from an IP address
-
The main problem with GDPR is that it forbids choosing arbitrarily who can use my service and who can't. I think disclosing what I do with the data my users provide me with is good and should be common sense. But if i view data as some form of payment, if my business for whatever reason doesn't work (as good) without it, or if I simply don't want my analytics to not have the full picture, then i should be able to tell said user to fuck right off. My site, my rules.
It's like saying the restaurant has to serve food even to customers that don't pay. It's just not fair. And i know most privacy advocates don't care about that because they think it only affects the big evil G and F. Well, they're gonna see that like with everything (laws, taxes) it sooner or later mostly affects small businesses and consumers. -
@eval We understand and acknowledge that. We don't want companies to go bankrupt, we want them to make money some other way. The reality is that revenue from targeted ads isn't coming off the price of anything, it's just some extra cash all websites enjoy. You don't get to pay instead and it happens whether the website in question actually needs the money or not, because there's no such thing as a website that can't make use of visitor statistics.
-
@eval The express purpose of the GDPR is to ensure that data is never a form of payment, and it's not something you can just take because you want it. You must have an explicit reason to store data, be clear about how you use it and you must always design your business processes in such a way that users never fully lose control of their data, not even in exchange for services. Data is inalienable from the user.
-
@eval in response to your points:
1. The Brexit campaign showed that overly precise targeting is dangerous. Yes, it's an industry that gets damaged. There are some industries that are simply net negative and should be restricted. There's no evidence that if left alone the advertisement industry would eventually grow into something less harmful, so it's not allowed to grow freely.
2. GDPR compliance isn't difficult if you think about it every step of the way, and once every developer understands the 12-16 key principles it'll be natural. This is like claiming that mandatory seatbelts, airbags and crash testing are bad because the modifications and extra design considerations will eventually be paid by the customers. Also, techincally the only thing you need for GDPR compliance is a phone number where people can ask to delete their data, and indeed a way to delete that data. If you're not abusing the data very few people are actually going to call you. -
Data can't be a commodity because its value is derived from power over a living person. This is the express purpose of the GDPR, not an unintended side effect. You can use the data for various purposes, including for your own benefit, with the simple restriction that the user must always be informed of who has it and able to take it back.
-
@Fast-Nop in what world is letting the client download all the font file(s) required faster than asynchronously loading them from a cdn and swapping?
-
@Fast-Nop bye bye caching though... Which does make sense when every second site uses Roboto. Then again, it's true these 100kB probably won't kill anyone, and in turn you save some tls habdshakes
-
@eval As I already wrote, browsers cache on a per website basis, and that since 2020 already. Means, if site A downloads a Google font, and site B also, the second one will not be fetched from the browser cache.
-
@Fast-Nop true, i overread that before (and didn't know it). Then again, why is that so? Exactly, to prevent tracking. So just another thing going to shit in the name of privacy.
-
@eval Just another feature that tracking abuse made invalid. Btw., for someone who is so against privacy as you are, I'm astonished that you post under a nickname here.
-
@eval i shouldn't need to get a seperate device to filter out all of this bullshit just cause web devs are too lazy or incompetent to serve a fucking file on their servers and instead chose to use a service that infriges on my privacy
-
@Fast-Nop Yeah, their recommended way for using their fonts is a "hack"... 🤡 give me a break
my sites score 100 across the board in lighthouse, I'd ask what your scores are, if you even would know of such a "hacky" tool -
@fullstackclown The site I'm running scores 100 both for desktop and mobile, and that from cheap ass shared hosting. Also, don't rely blindly on what Google says - you may remember their crap recommendation of including "critical" styles right in the page itself.
Doesn't change the fact that if you load so many fonts that you need to do asynchronous hacks which Lighthouse probably doesn't even notice in scoring, you have too much bloat. -
@Fast-Nop i'm not anti privacy in general, i just think "Hausrecht" for site owners is more important. Also, the privacy that is important for me is one that i will never get because of things like "Vorratsdatenspeicherung" by providers.
I'd rather have my data scraped and analyzed by google or FB instead of the governement, for the simple fact that what they are trying to is make money... And i even get a service in return. And i can choose not to use it if i don't want it. -
@LotsOfCaffeine you already get a free site from them, so don't be entitled. You wouldnt go to a free event/attraction (privately financed), and make demands would you?
-
@eval If the data are with a company, they are also with the government, especially in the US with their NSA gag orders. From there to every other "friendly" government. Or just one judge order away, which is a joke in Germany anyway. The only way to avoid that is not accruing data in the first place, and that's a central pillar of the GPDR: data avoidance. Also, if you want the owner to decide what he wants, then don't offer a public site which is in the public space.
-
@Fast-Nop And i post with a nickname because sadly nowadays people get canceled for small things. I know however that i can be doxxed any minute, and it's a risk im willing to take. And if the owners of this site wanted to scrape the everliving shit out of my data, in return for
- free usage of the site
- free stickers
- free stressball
I would support them on that 100% -
@eval if they chose to arbitrarily invade my privacy, yes I would
Especially for a "service" that is a fucking font download, don't be ridiculous -
@LotsOfCaffeine then don't fucking use it?! And events do invade your privacy. For many concerts for example you agree to be photographed and the image used for promotion. How is that ok and tracking not? Both is invading your privacy for profit.
-
@NotJeckel The EU regulations also apply to a US site that serves EU citizens. What doesn't work is the enforcement - unless you have some EU dependency that can be fined.
-
@NotJeckel Ofc it applies, except that you can argue that a law without enforcement option doesn't apply.
-
-
@NotJeckel The EU position is that the action manifests within the EU domain, either territorially or from citizenship. That is, by reading the website.
That's a somewhat problematic position because governments such as Saudi-Arabia could make similar claims to incriminate all non-Islamic content even if it's hosted e.g. in France by French citizens. However, it would run into the same kind of enforcement problem. -
@NotJeckel There are no rules governing the extent of a state's power. In practice, laws only apply to people the state has practical power over, that is, people with property, contractual obligations or those physically present. To improve this situation, there are agreements between many western countries and organizations such as interpol. Cases not covered by these agreements, and establishment of the agreements themselves, is the purpose of diplomacy. For example, drug dealers selling by mail to Germany from any western country where it's legal would most likely be arrested and tried in a German court.
-
So, the GDPR applies to American websites working in the EU if the EU can convince either the companies or the US to enforce it, possibly by threatening them with a region-wide traffic block. For example, Microsoft is exempt from any and all EU regulations for the next 20 or so years, because all governments run Windows so they have the entire civilized world by the balls. Every once in a while they get a laughably low fine and then continue about their business.
Ghostery just leaked all of their users email addresses in their GDPR compliance email.
Alright... how the FUCK is an IP address considered personal data by GDPR????
Fucking boomers don't even know what an IP is. Guess what, every website you've ever been to has your IP! It's in your router, your fucking ISP's registry, and in every DNS server within 1000 miles of you!
Imagine thinking your IP gives up private information, god, just fuck me, I hate all of it, idiotic fools fumbling around with shit they don't understand.
...WKO making every developer's life a living nightmare because fucking GOOGLE FONTS stores a copy of your IP for their stupid analytics. You know what? Just don't use the internet either, that needs your IP too. In fact, don't pay taxes either, the tax office has a copy of your address, that's pretty personal information if you ask me! Just live in the woods and survive with the wolves.
I already know the future 'resolution' to this one - store fonts locally, resolve this dangerous "issue"... "waaaahhh fullStackClown! the site is slower now!!!"
...an infinite circle of clownshipness continues...
tune in next week as the world continues to approach it's circus fate!
rant
🤡
what's technology
clowntown
gdpr
rage