DragonPrime - LoGD Resource Community

Game Administration, Installation and Configuration => Game Administration Chat => Topic started by: Nightborn on December 26, 2017, 04:42:11 AM



Title: GDPR Privacy in the EU (and those who accept EU players) - Issues with Lotgd
Post by: Nightborn on December 26, 2017, 04:42:11 AM
Hi folks,

this small big bonker will hit us all: https://www.eugdpr.org/

It's about a users rights regarding the personal data we store. That "personal" is relatively broad, in Lotgd it hinges up on IP, email and ID (cookie) if I am not missing anything.

If you have a US server and say "baah, it's EU, not my turf", you're only safe if you *actively block people from the EU to register/play* ... so I guess not.

Facebook and all the other big ones have updated or are updating their services to reflect the following (main) points:
* Users have transparent view on what is saved
* Users may excert their right "to forget" (aka complete and irreversible deletion of their private data)
* Servers are only allowed to save personal data on a "minimum needed" basis
* Servers may not use any personal data for other services or offers they provide without a optional (aka not required for the main service) data privacy agreement

There is a lot more to it, but it does apply to "free services" and I think Lotgd servers are not "purely personal" as we allow any users to register.

You *could* circumvent this if you disable registering and only play with friends.
But alas, also a No.

So...what is needed for Lotgd to be able to work with that regulation after the deadline in May 2018 (after that you may be reported to a local authority which will issue fines, *big* fines)?

I so far have isolated:
* you need to provide users a download of "all personal data", which implies petitions and mails (in them they could have issued personal data) as well as bio stuff. Anything they may have entered personal data.
* you need to make transparent what you keep and how long
* you need to remove upong request (automatically, not a long manual process) all personal data (for backups: you need a script that deletes any "forget me!"-guys directly after. else you violate the agreement)
  (this is particularly interesting for the char restorer, for which you'd need an optional agreement to keep or you have to delete those after expiration too, making it useless)

Footnote:
I am in charge of this at my company, this is why I wanted to let you know. It's not trivial.


Title: Re: GDPR Privacy in the EU (and those who accept EU players) - Issues with Lotgd
Post by: Anharat on December 26, 2017, 12:20:23 PM
Had this topic at work as well, but did not get into it yet.  Thanks a lot for sharing those "isolated" information and I hope you keep this updated.


Title: Re: GDPR Privacy in the EU (and those who accept EU players) - Issues with Lotgd
Post by: Stephen.Kise on December 26, 2017, 05:03:46 PM
Wouldn't the simple solution to this be:
* Require consent for any user on the creation screen, to notify players that their email, IP, and cookies are analyzed for operation of the server.
* Place information about that consent in the logged-in section of the game (Since they need to be able to view their rights again at any time).
* Access to all data for that account (mail to and from a certain user, a user's petition data, and character/preference data) upon request.
* Delete email, ipaddress, uniqueid, mail, petitions and other personal data from character restore sheets, or delete the entire sheet itself if requested.

If the user does not agree to all terms, you should just delete the account and not allow the player to join. My only concern about the topic is transferring data, and the right of erasure. If a player says "Forget me" you have to delete all character, mail, and petition backups of an account from every backup. That, or I am just not understanding the language on that site. This is particularly nasty if you have a backup system in place for both files and SQL data that run daily.


Title: Re: GDPR Privacy in the EU (and those who accept EU players) - Issues with Lotgd
Post by: TGTarheel on December 26, 2017, 09:03:42 PM
Would this apply ONLY to EU users registering after this takes effect, or would it also be retroactive to existing EU users?

If so, could anyone develop a module that would handle this...so that user info could be completely deleted on request?

I am not sure how you handle this...


Title: Re: GDPR Privacy in the EU (and those who accept EU players) - Issues with Lotgd
Post by: Stephen.Kise on December 26, 2017, 10:57:32 PM
Would this apply ONLY to EU users registering after this takes effect, or would it also be retroactive to existing EU users?

If so, could anyone develop a module that would handle this...so that user info could be completely deleted on request?

I am not sure how you handle this...

It would be more than likely an update or fork of the current character restore module, since that is what handles most storage on most servers. That would only require a few more hooks, theoretically, and would not be much of a change to the module. However, I would have to look into the language of the GDPR more to be 100% certain.


Title: Re: GDPR Privacy in the EU (and those who accept EU players) - Issues with Lotgd
Post by: Nightborn on December 27, 2017, 12:31:11 AM
All to my current knowledge:

@
Quote
Would this apply ONLY to EU users registering after this takes effect, or would it also be retroactive to existing EU users?

Retroactive, to all after May 25th.

@
Quote
If a player says "Forget me" you have to delete all character, mail, and petition backups of an account from every backup. That, or I am just not understanding the language on that site. This is particularly nasty if you have a backup system in place for both files and SQL data that run daily.
The standing there is "if you have such a backup, you have to automatically(!) make sure all please-forget-me-people are erased after restoral and before putting data live or for analysis".
That should be done in a process, as backup restorals are in 99% manual actions and not automatic ones.
I think a script will suffice that deletes all data based on acctid (which you may log, because the ID holds no personal data. you may not hold email adresses of people who wanted to be forgotten).

I am writing a module that handles the "give me my data" (=puts mails,petitions,village chats etc. in a text file for download) and the erase-me-please which also will store a list of acctids and the date when it was requested. Upon that, you could base a script that deletes any forget-me upon a database restoral.
It would also check the charrestore guys and delete files there. But, alas, that would also need to be in a script if you have a file backup.


Title: Re: GDPR Privacy in the EU (and those who accept EU players) - Issues with Lotgd
Post by: Nightborn on December 27, 2017, 09:20:05 AM
I think I have the charrestore ready now.

Issue is the stored email, but a hash serves as well for people to claim ownership. You can restore the char and then manually replace the mail if the token matches.

* replaced emailaddress with a sha512 hash (varchar128 in the db is exactly right)
* added a salt as setting (FILL BEFORE HASHING!)
* added a mail notification when a char is deleted/expires and is stored.
* added a convert function for legacy stuff. it will convert all your old chars and put the hash in

DISCLAIMER:
Somebody with an untouched 1.1.2 dp edition could edit it please, I think I built a few things in (replaceemail?) in core that don't exist.
I have also changed some stuff in the charrestore (I believe I added the mail search in the first place).
Please BACKUP and then TEST.


Title: Re: GDPR Privacy in the EU (and those who accept EU players) - Issues with Lotgd
Post by: TGTarheel on December 27, 2017, 12:08:47 PM
All to my current knowledge:

@
Quote
Would this apply ONLY to EU users registering after this takes effect, or would it also be retroactive to existing EU users?

Retroactive, to all after May 25th.

@
Quote
If a player says "Forget me" you have to delete all character, mail, and petition backups of an account from every backup. That, or I am just not understanding the language on that site. This is particularly nasty if you have a backup system in place for both files and SQL data that run daily.
The standing there is "if you have such a backup, you have to automatically(!) make sure all please-forget-me-people are erased after restoral and before putting data live or for analysis".
That should be done in a process, as backup restorals are in 99% manual actions and not automatic ones.
I think a script will suffice that deletes all data based on acctid (which you may log, because the ID holds no personal data. you may not hold email adresses of people who wanted to be forgotten).

I am writing a module that handles the "give me my data" (=puts mails,petitions,village chats etc. in a text file for download) and the erase-me-please which also will store a list of acctids and the date when it was requested. Upon that, you could base a script that deletes any forget-me upon a database restoral.
It would also check the charrestore guys and delete files there. But, alas, that would also need to be in a script if you have a file backup.

Excellent.

Meanwhile, one could comply with such requests by manually erasing it from the database...right??


Title: Re: GDPR Privacy in the EU (and those who accept EU players) - Issues with Lotgd
Post by: Nightborn on December 27, 2017, 12:12:50 PM
It states there he procedure must be "automatically" if I remember correctly.
So... no.
You have to have it in the software.

If you save the data one moment longer than necessary, you're technically breaking the regulation (hence I did put that into the module)


Title: Re: GDPR Privacy in the EU (and those who accept EU players) - Issues with Lotgd
Post by: TGTarheel on December 27, 2017, 04:25:09 PM
It states there he procedure must be "automatically" if I remember correctly.
So... no.
You have to have it in the software.

If you save the data one moment longer than necessary, you're technically breaking the regulation (hence I did put that into the module)

Well, then.  Until and if I could get that working...is there a way to have EU players either state that they do not wish to invoke that right...at least till I get it working...or would I need to not accept new players from EU?

I sorta doubt the EU cops would be real huge in going after a two-bit game operator that doesn't have a pot to pee in and is in America anyway, but, all the same, the law is the law, and I need to know how I can comply...I am assuming your moduie, Nightborn....won't work with 1.1.0 that I am running?

I am NOT ready for an upgrade yet.


Title: Re: GDPR Privacy in the EU (and those who accept EU players) - Issues with Lotgd
Post by: Stephen.Kise on December 28, 2017, 09:36:03 AM
It states there he procedure must be "automatically" if I remember correctly.
So... no.
You have to have it in the software.

If you save the data one moment longer than necessary, you're technically breaking the regulation (hence I did put that into the module)

Well, then.  Until and if I could get that working...is there a way to have EU players either state that they do not wish to invoke that right...at least till I get it working...or would I need to not accept new players from EU?

I sorta doubt the EU cops would be real huge in going after a two-bit game operator that doesn't have a pot to pee in and is in America anyway, but, all the same, the law is the law, and I need to know how I can comply...I am assuming your moduie, Nightborn....won't work with 1.1.0 that I am running?

I am NOT ready for an upgrade yet.

The regulation will probably not be policed heavily here in the US, but if there is a leak of data and the source is discovered to have come from your server, then they would have an issue. This regulation is to make server owners more aware of the risks that they put people in when the source of their application is not secure. So no, you will not have an agent knocking on your door come April 2018, but it is just a lot safer to follow regulation and comply with the laws that protect us. I know it is frustrating for you in this instance - it's even a tad bit annoying for me - but it needs done. Perhaps you could create a backup of your character restore module, replace it with this, and test it out for 1.1.0. If there are any issues with NightBorn's character restore on 1.1.0, you could post here and a solution will be found quickly.


Title: Re: GDPR Privacy in the EU (and those who accept EU players) - Issues with Lotgd
Post by: Nightborn on December 29, 2017, 03:33:36 AM
Stephen.Kise did explain the issue well.

Quote
Well, then.  Until and if I could get that working...is there a way to have EU players either state that they do not wish to invoke that right...at least till I get it working...or would I need to not accept new players from EU?

You would need to block the EU completely on IP basis. So yes, it would affect current players. There is no legacy clause.

Quote
I sorta doubt the EU cops would be real huge in going after a two-bit game operator that doesn't have a pot to pee in and is in America anyway, but, all the same, the law is the law, and I need to know how I can comply...I am assuming your moduie, Nightborn....won't work with 1.1.0 that I am running?
Not out of the box, I would assume. I think a few things are only needed in my edited version, so you'd need to strip that out.
Assembly required.

Quote
I am NOT ready for an upgrade yet.
The GDPR was finalized and went "live" in 2016. Most people (like me) wait(ed) the 2 years grace period until it had the fines live.

It doesn't matter if you're ready, technically except for an IP block, this is coming.
It also affects any form of service (forums, wikis, etc) you provide where people can make accounts.
I horribly saw in my forum birthdays are also saved (because, why not). So I have to fix that too. Either just disallow or I have to manually clean up.

Not that funnily also DP itself is affected. :P I believe Talisman does backups (or their hoster), so you need the "forget me" function.
in SMF, to my knowledge, there is no such thing yet out-of-the-box.


Title: Re: GDPR Privacy in the EU (and those who accept EU players) - Issues with Lotgd
Post by: TGTarheel on December 31, 2017, 03:07:57 AM
So what things would be needed for 1.1.0 in your edited version, do you think, Nightborn?  What parts currently would not work, then let me see if I can use my minimal coding skills to work around it?


Title: Re: GDPR Privacy in the EU (and those who accept EU players) - Issues with Lotgd
Post by: Nightborn on December 31, 2017, 03:30:55 AM
Run it on a test server and see what pops up :)
I think minor changes in the sql statements really.


Title: Re: GDPR Privacy in the EU (and those who accept EU players) - Issues with Lotgd
Post by: TGTarheel on December 31, 2017, 05:18:57 AM
Run it on a test server and see what pops up :)
I think minor changes in the sql statements really.

I wish I had a test server....


Title: Re: GDPR Privacy in the EU (and those who accept EU players) - Issues with Lotgd
Post by: Nightborn on December 31, 2017, 07:36:39 AM
First thing:
Setup a test server.
(Like I told in the other thread, with xampp or another suite).
Virtualbox is free and you need the knowledge to run a decent lotgd site.
I know, a lot of trouble... but... you're a service provider now =)

@"right to be forgotten"

I think the best way is to use stored procedures.
They can trigger automatically if needed and will be carried in the database directly.
I will use a new table "accounts_never_restore" to reflect the account ids.


Title: Re: GDPR Privacy in the EU (and those who accept EU players) - Issues with Lotgd
Post by: TGTarheel on December 31, 2017, 12:22:55 PM
Just as an aside to this....would removing the Character Restorer....also solve the problem to then be in compliance with the new EU law??


Title: Re: GDPR Privacy in the EU (and those who accept EU players) - Issues with Lotgd
Post by: Aeolus on December 31, 2017, 05:43:27 PM
Just as an aside to this....would removing the Character Restorer....also solve the problem to then be in compliance with the new EU law??

For this particular module, yes, as long as you uninstall the module and delete any existing restore files.

It does not, however, mean that you no longer have to update your core with the required changes to be compliant as well. (> inb4 we know you hate core updates.)


Title: Re: GDPR Privacy in the EU (and those who accept EU players) - Issues with Lotgd
Post by: TGTarheel on December 31, 2017, 10:26:24 PM
Just as an aside to this....would removing the Character Restorer....also solve the problem to then be in compliance with the new EU law??

For this particular module, yes, as long as you uninstall the module and delete any existing restore files.

It does not, however, mean that you no longer have to update your core with the required changes to be compliant as well. (> inb4 we know you hate core updates.)

What required changes?  This is what I am trying to learn.  Don't feel like having someone knock on my door, LOL.


Title: Re: GDPR Privacy in the EU (and those who accept EU players) - Issues with Lotgd
Post by: Nightborn on January 01, 2018, 09:04:26 AM
You need to i.e. have the function to "forget" a user and remove the mail address from you db - this does lotgd if you allow (which you now must) user deletion by user.

BUT

You then have to have the "right to forget"-stuff, which means you need to have (this is my theory and solution) a list of account-ids of those who did that.
IF you have server backups / database backups (which is strongly recommended) you have to have a function to filter the ones out that said "forget me".

I solved this with mysql triggers for now (check a table accounts_never_restore and then delete all accounts with those IDs if they exist).
I still need the function for the user to trigger this. Point is: if somebody throws a fit and hits the button... that's it. No recovery. Gone. Forever.
A lot of users want a restoral after fits. :D


Title: Re: GDPR Privacy in the EU (and those who accept EU players) - Issues with Lotgd
Post by: TGTarheel on January 01, 2018, 09:53:05 AM
You need to i.e. have the function to "forget" a user and remove the mail address from you db - this does lotgd if you allow (which you now must) user deletion by user.

BUT

You then have to have the "right to forget"-stuff, which means you need to have (this is my theory and solution) a list of account-ids of those who did that.
IF you have server backups / database backups (which is strongly recommended) you have to have a function to filter the ones out that said "forget me".

I solved this with mysql triggers for now (check a table accounts_never_restore and then delete all accounts with those IDs if they exist).
I still need the function for the user to trigger this. Point is: if somebody throws a fit and hits the button... that's it. No recovery. Gone. Forever.
A lot of users want a restoral after fits. :D
Then you could have a warning pop up when someone hits the button....similar to how you can back out one time if you choose the wrong specialty after a DK, right?

Have the first push of the button bring up the warning....and then have a back up and a proceed button.

Where all in the data base is the account info stored?

It would seem to me that character deletion, coupled with not making them retreivable by way of the character restorer...would work.  Is there something else I am missing?


Title: Re: GDPR Privacy in the EU (and those who accept EU players) - Issues with Lotgd
Post by: TGTarheel on January 01, 2018, 01:54:16 PM
OK, so I downloaded VirtualBox on my machine, but i am honest, i do not know what exactly to do with it...

I have never worked with stuff like this before.  Can anyone help me just get an LOTGD 1.1.2 set up on this thing?


Title: Re: GDPR Privacy in the EU (and those who accept EU players) - Issues with Lotgd
Post by: Nightborn on January 04, 2018, 10:54:39 AM
@account deletion
yes, you need to have something so it will be wiped when you restore stuff from a backup.
or you never do backups... well, that solves it too.

@virtualbox
very very lengthy thing if you do this the first time.
there are guides:
http://www.thelinuxdaily.com/2010/02/how-to-setup-a-pre-built-virtualbox-guest-image-tutorialguide/
i.e.



Title: Re: GDPR Privacy in the EU (and those who accept EU players) - Issues with Lotgd
Post by: TGTarheel on January 04, 2018, 11:01:43 PM
@account deletion
yes, you need to have something so it will be wiped when you restore stuff from a backup.
or you never do backups... well, that solves it too.

@virtualbox
very very lengthy thing if you do this the first time.
there are guides:
http://www.thelinuxdaily.com/2010/02/how-to-setup-a-pre-built-virtualbox-guest-image-tutorialguide/
i.e.



Thank you.  This is the sort of guide that actually helps me, printed instructions with pictures that stay still and I can look and read as long as I need.  I hate youtube "tutorials" they always go too fast.

But...this has you setting up a Linux Machine....is it on THIS that you then create an LOTGD server...or how does this part work, actually?

Sincerely never actually did this before, my site was set up by a friend who knows a ton more about computer stuff than I do...LOL

By the way, might be a good idea to split this part of the topic off, as it has nothing to do with the OP.


Title: Re: GDPR Privacy in the EU (and those who accept EU players) - Issues with Lotgd
Post by: Nightborn on January 07, 2018, 02:46:25 PM
Quick response in here:

Mhm, platform overview (I think you're using webspace).

You know:
webserver/webspace <-- FTP to get on it and drop files
database <-- you go to a phpmadmin and import/export, right?
domain <-- you do a setup on a web frontend for that

that's the foundation you will build in a virtualbox. it will provide above, though you may need to install the necessary software and do a bit of configuration.
Most should be installed, but I'll mention the software
webspace <-- install apache2 to provide a webserver, put your files in /var/www/html
database <--- install mysql and phpmyadmin (best as an ubuntu package via APT or if you downloaded a desktop ubuntu, from the desktop, package management)
domain <-- you have none, but you should be able to work on IP basis (virtualbox assigns a net)

Yes, it's a lot if you've never done things like it, but it's really helpful. :D


Title: Re: GDPR Privacy in the EU (and those who accept EU players) - Issues with Lotgd
Post by: TGTarheel on January 09, 2018, 08:16:52 PM
Quick response in here:

Mhm, platform overview (I think you're using webspace).

You know:
webserver/webspace <-- FTP to get on it and drop files
database <-- you go to a phpmadmin and import/export, right?
domain <-- you do a setup on a web frontend for that

that's the foundation you will build in a virtualbox. it will provide above, though you may need to install the necessary software and do a bit of configuration.
Most should be installed, but I'll mention the software
webspace <-- install apache2 to provide a webserver, put your files in /var/www/html
database <--- install mysql and phpmyadmin (best as an ubuntu package via APT or if you downloaded a desktop ubuntu, from the desktop, package management)
domain <-- you have none, but you should be able to work on IP basis (virtualbox assigns a net)

Yes, it's a lot if you've never done things like it, but it's really helpful. :D

I managed to get a test server going in XAMPP.
The problem I had had before with it was that I needed an older version of XAMPP, the one I was trying to use came with PHP 7 and LOTGD 1.1.2 won't work on PHP 7.

So the one I got now has PHP 5.6


Title: Re: GDPR Privacy in the EU (and those who accept EU players) - Issues with Lotgd
Post by: TGTarheel on January 14, 2018, 02:21:19 PM
I think I have the charrestore ready now.

Issue is the stored email, but a hash serves as well for people to claim ownership. You can restore the char and then manually replace the mail if the token matches.

* replaced emailaddress with a sha512 hash (varchar128 in the db is exactly right)
* added a salt as setting (FILL BEFORE HASHING!)
* added a mail notification when a char is deleted/expires and is stored.
* added a convert function for legacy stuff. it will convert all your old chars and put the hash in

DISCLAIMER:
Somebody with an untouched 1.1.2 dp edition could edit it please, I think I built a few things in (replaceemail?) in core that don't exist.
I have also changed some stuff in the charrestore (I believe I added the mail search in the first place).
Please BACKUP and then TEST.


I have an untouched 1.1.2 DP version running now in XAMPP.

I will try it out thoroughly for you...please tell me everything you want tested.

© 2018 DragonPrime - LoGD Resource Community
Email Talisman: talisman -at- gmail.com
&oeXs)2U7=V BmܲV.U e=;p\}eG )Jj} C5EH7ˤH=j } mo|*Ŋw{drV_@IV>/- TFQJ׀̀Ve}l1,V O iNYx͘$e$;
Forums: Powered by SMF 1.1.21 | SMF © 2006-2007, Simple Machines