Tuuba Forums / The GDPR compliancy post no one asked for

Re: The GDPR compliancy post no one asked for

dummy@example.com (fittan) — Sat, 26 May 2018 22:32:27 +0000

please remove my steam hours played in dota 2

Re: The GDPR compliancy post no one asked for

dummy@example.com (tupsu) — Sat, 26 May 2018 10:44:11 +0000

1) we're not really the people hosting it which should prevent liability - embeds are, as you said, embeds and they link back to the original site
2) everyone and their mother is becoming compliant in general, so unless someone decides their favourite website for webhosting is sketchiest-website-ever.tld I don't think there'll be huge issues
3) if this happens to be wrong I'm sure we'll start hearing of takedowns and complaints soon
4) the required legislation hasn't even been applied in a number of member states yet, again giving us more time to sort things out if it becomes necessary

in general I am almost certain most of the kerfuffle is coming from people misunderstanding the reach and demands of GDPR, and as time naturally passes things will become clearer

please note that no one on tuuba forums is a legal expert and any information given here is not to be taken as legal counsel, it's mostly pieced together by me and my interactions with a local governing body

post approved/co-signed by ippe

Re: The GDPR compliancy post no one asked for

dummy@example.com (Granger) — Sat, 26 May 2018 01:48:26 +0000

How will you handle media embeds, since a lot of the forums i visit are forbidding them now because they're afraid they'll be liable for the host of said media misusing personal data gained from the client needing to pull the media from the host? (usually just IP). + dont want to shell out for storage capacity to allow users to upload their own media nor want to impledement a mirror accomplishing essentially the same.

The GDPR compliancy post no one asked for

dummy@example.com (IppE) — Fri, 25 May 2018 13:25:53 +0000

No, we're not changing our privacy policies, because they're nonexistent and what we do is already compliant with GDPR, but just to be safe, here's a rundown of what information we store about the users on this forum and what it's used for.

▼database entry for users

+------------------+---------------------+------+-----+---------+----------------+
| Field            | Type                | Null | Key | Default | Extra          |
+------------------+---------------------+------+-----+---------+----------------+
| id               | int(10) unsigned    | NO   | PRI | NULL    | auto_increment |
| group_id         | int(10) unsigned    | NO   |     | 3       |                |
| username         | varchar(200)        | NO   | UNI |         |                |
| password         | varchar(128)        | NO   |     |         |                |
| email            | varchar(80)         | NO   |     |         |                |
| title            | varchar(50)         | YES  |     | NULL    |                |
| realname         | varchar(40)         | YES  |     | NULL    |                |
| url              | varchar(100)        | YES  |     | NULL    |                |
| steam            | varchar(30)         | YES  |     | NULL    |                |
| youtube          | varchar(80)         | YES  |     | NULL    |                |
| twitter          | varchar(15)         | YES  |     | NULL    |                |
| discord          | varchar(80)         | YES  |     | NULL    |                |
| mal              | varchar(16)         | YES  |     | NULL    |                |
| location         | varchar(30)         | YES  |     | NULL    |                |
| signature        | mediumtext          | YES  |     | NULL    |                |
| disp_topics      | tinyint(3) unsigned | YES  |     | NULL    |                |
| disp_posts       | tinyint(3) unsigned | YES  |     | NULL    |                |
| email_setting    | tinyint(1)          | NO   |     | 1       |                |
| notify_with_post | tinyint(1)          | NO   |     | 0       |                |
| notify_pm_full   | tinyint(1)          | NO   |     | 0       |                |
| auto_notify      | tinyint(1)          | NO   |     | 0       |                |
| show_smilies     | tinyint(1)          | NO   |     | 1       |                |
| show_img         | tinyint(1)          | NO   |     | 1       |                |
| show_img_sig     | tinyint(1)          | NO   |     | 1       |                |
| show_avatars     | tinyint(1)          | NO   |     | 1       |                |
| show_sig         | tinyint(1)          | NO   |     | 1       |                |
| timezone         | float               | NO   |     | 0       |                |
| dst              | tinyint(1)          | NO   |     | 0       |                |
| time_format      | tinyint(1)          | NO   |     | 0       |                |
| date_format      | tinyint(1)          | NO   |     | 0       |                |
| language         | varchar(25)         | NO   |     | English |                |
| style            | varchar(25)         | NO   |     | Air     |                |
| num_posts        | int(10) unsigned    | NO   |     | 0       |                |
| num_pms          | int(10) unsigned    | NO   |     | 0       |                |
| last_post        | int(10) unsigned    | YES  |     | NULL    |                |
| last_search      | int(10) unsigned    | YES  |     | NULL    |                |
| last_email_sent  | int(10) unsigned    | YES  |     | NULL    |                |
| last_report_sent | int(10) unsigned    | YES  |     | NULL    |                |
| registered       | int(10) unsigned    | NO   | MUL | 0       |                |
| registration_ip  | varchar(39)         | NO   |     | 0.0.0.0 |                |
| last_visit       | int(10) unsigned    | NO   |     | 0       |                |
| admin_note       | varchar(30)         | YES  |     | NULL    |                |
| activate_string  | varchar(128)        | YES  |     | NULL    |                |
| activate_key     | varchar(8)          | YES  |     | NULL    |                |
| use_pm           | tinyint(1)          | NO   |     | 1       |                |
| notify_pm        | tinyint(1)          | NO   |     | 1       |                |
+------------------+---------------------+------+-----+---------+----------------+

Most of the values are forum settings, and the ones considered "personal information" by GDPR are username, password, email and the registration ip address, out of which only usernames are public to other users. Passwords are stored as SHA512 hashes so we don't know what they are, but do still keep general good password practises in mind. Possible upgrade to bcrypt password hashing in the future is a thing, but no promises. In addition, the IP address is logged for each post you make.

We do not share any of the information that the forum software itself doesn't display by default to 3rd parties, nor do we think it would be ethical to do so. If you wish to have a copy of the user information we've stored about you, or have all of your user information removed, pm me (IppE) or zertap. (Please note that removing user information means deleting your account.)