Tuuba Time: 2019-11-14 06:15:41 | Local Time: 2019-11-14 04:15:41

You are not logged in.

^ #1 2018-05-25 13:25:53

IppE
Complaints Department
From: Funland
Registered: 2015-10-19
Posts: 2,294
Website

The GDPR compliancy post no one asked for

No, we're not changing our privacy policies, because they're nonexistent and what we do is already compliant with GDPR, but just to be safe, here's a rundown of what information we store about the users on this forum and what it's used for.

database entry for users
+------------------+---------------------+------+-----+---------+----------------+
| Field            | Type                | Null | Key | Default | Extra          |
+------------------+---------------------+------+-----+---------+----------------+
| id               | int(10) unsigned    | NO   | PRI | NULL    | auto_increment |
| group_id         | int(10) unsigned    | NO   |     | 3       |                |
| username         | varchar(200)        | NO   | UNI |         |                |
| password         | varchar(128)        | NO   |     |         |                |
| email            | varchar(80)         | NO   |     |         |                |
| title            | varchar(50)         | YES  |     | NULL    |                |
| realname         | varchar(40)         | YES  |     | NULL    |                |
| url              | varchar(100)        | YES  |     | NULL    |                |
| steam            | varchar(30)         | YES  |     | NULL    |                |
| youtube          | varchar(80)         | YES  |     | NULL    |                |
| twitter          | varchar(15)         | YES  |     | NULL    |                |
| discord          | varchar(80)         | YES  |     | NULL    |                |
| mal              | varchar(16)         | YES  |     | NULL    |                |
| location         | varchar(30)         | YES  |     | NULL    |                |
| signature        | mediumtext          | YES  |     | NULL    |                |
| disp_topics      | tinyint(3) unsigned | YES  |     | NULL    |                |
| disp_posts       | tinyint(3) unsigned | YES  |     | NULL    |                |
| email_setting    | tinyint(1)          | NO   |     | 1       |                |
| notify_with_post | tinyint(1)          | NO   |     | 0       |                |
| notify_pm_full   | tinyint(1)          | NO   |     | 0       |                |
| auto_notify      | tinyint(1)          | NO   |     | 0       |                |
| show_smilies     | tinyint(1)          | NO   |     | 1       |                |
| show_img         | tinyint(1)          | NO   |     | 1       |                |
| show_img_sig     | tinyint(1)          | NO   |     | 1       |                |
| show_avatars     | tinyint(1)          | NO   |     | 1       |                |
| show_sig         | tinyint(1)          | NO   |     | 1       |                |
| timezone         | float               | NO   |     | 0       |                |
| dst              | tinyint(1)          | NO   |     | 0       |                |
| time_format      | tinyint(1)          | NO   |     | 0       |                |
| date_format      | tinyint(1)          | NO   |     | 0       |                |
| language         | varchar(25)         | NO   |     | English |                |
| style            | varchar(25)         | NO   |     | Air     |                |
| num_posts        | int(10) unsigned    | NO   |     | 0       |                |
| num_pms          | int(10) unsigned    | NO   |     | 0       |                |
| last_post        | int(10) unsigned    | YES  |     | NULL    |                |
| last_search      | int(10) unsigned    | YES  |     | NULL    |                |
| last_email_sent  | int(10) unsigned    | YES  |     | NULL    |                |
| last_report_sent | int(10) unsigned    | YES  |     | NULL    |                |
| registered       | int(10) unsigned    | NO   | MUL | 0       |                |
| registration_ip  | varchar(39)         | NO   |     | 0.0.0.0 |                |
| last_visit       | int(10) unsigned    | NO   |     | 0       |                |
| admin_note       | varchar(30)         | YES  |     | NULL    |                |
| activate_string  | varchar(128)        | YES  |     | NULL    |                |
| activate_key     | varchar(8)          | YES  |     | NULL    |                |
| use_pm           | tinyint(1)          | NO   |     | 1       |                |
| notify_pm        | tinyint(1)          | NO   |     | 1       |                |
+------------------+---------------------+------+-----+---------+----------------+

Most of the values are forum settings, and the ones considered "personal information" by GDPR are username, password, email and the registration ip address, out of which only usernames are public to other users. Passwords are stored as SHA512 hashes so we don't know what they are, but do still keep general good password practises in mind. Possible upgrade to bcrypt password hashing in the future is a thing, but no promises. In addition, the IP address is logged for each post you make.

We do not share any of the information that the forum software itself doesn't display by default to 3rd parties, nor do we think it would be ethical to do so. If you wish to have a copy of the user information we've stored about you, or have all of your user information removed, pm me (IppE) or zertap. (Please note that removing user information means deleting your account.)

Offline

^ #2 2018-05-26 01:48:26

Granger
Cash Money
From: Germany, Kebabland
Registered: 2015-10-20
Posts: 967
Website

Re: The GDPR compliancy post no one asked for

How will you handle media embeds, since a lot of the forums i visit are forbidding them now because they're afraid they'll be liable for the host of said media misusing personal data gained from the client needing to pull the media from the host? (usually just IP). + dont want to shell out for storage capacity to allow users to upload their own media nor want to impledement a mirror accomplishing essentially the same.


Life is like a box of chocolates. But theres no candies in there for you.

Offline

^ #3 2018-05-26 10:44:11

tupsu
Sales Manager
From: south finland
Registered: 2016-05-19
Posts: 1,296
Website

Re: The GDPR compliancy post no one asked for

1) we're not really the people hosting it which should prevent liability - embeds are, as you said, embeds and they link back to the original site
2) everyone and their mother is becoming compliant in general, so unless someone decides their favourite website for webhosting is sketchiest-website-ever.tld I don't think there'll be huge issues
3) if this happens to be wrong I'm sure we'll start hearing of takedowns and complaints soon
4) the required legislation hasn't even been applied in a number of member states yet, again giving us more time to sort things out if it becomes necessary

in general I am almost certain most of the kerfuffle is coming from people misunderstanding the reach and demands of GDPR, and as time naturally passes things will become clearer

please note that no one on tuuba forums is a legal expert and any information given here is not to be taken as legal counsel, it's mostly pieced together by me and my interactions with a local governing body

post approved/co-signed by ippe


(´・ω・`)

Offline

^ #4 2018-05-26 22:32:27

fittan
nup.pw/rPApJe.webm
From: irc://
Registered: 2015-10-30
Posts: 1,531
Website

Re: The GDPR compliancy post no one asked for

please remove my steam hours played in dota 2



fittan.gif

Offline

Board footer

Cookie policy

Powered by Maki (r138/git:c447f31)

mascot