DragonPrime - LoGD Resource Community
Welcome Guest
  • Good morning, Guest.
    Please log in, or register.
  • April 26, 2018, 10:15:38 AM
Home Forums News Downloads Login Register Advanced Search
* * *
DragonPrime Menu
Login
 
 
Resource Pages
Search

Pages: [1] 2 3   Go Down
  Print  
Author Topic: GDPR Privacy in the EU (and those who accept EU players) - Issues with Lotgd  (Read 2524 times)
0 Members and 1 Guest are viewing this topic.
Nightborn
Captain of the Guard
***
Offline Offline

Posts: 211


View Profile WWW
« on: December 26, 2017, 04:42:11 AM »

Hi folks,

this small big bonker will hit us all: https://www.eugdpr.org/

It's about a users rights regarding the personal data we store. That "personal" is relatively broad, in Lotgd it hinges up on IP, email and ID (cookie) if I am not missing anything.

If you have a US server and say "baah, it's EU, not my turf", you're only safe if you *actively block people from the EU to register/play* ... so I guess not.

Facebook and all the other big ones have updated or are updating their services to reflect the following (main) points:
* Users have transparent view on what is saved
* Users may excert their right "to forget" (aka complete and irreversible deletion of their private data)
* Servers are only allowed to save personal data on a "minimum needed" basis
* Servers may not use any personal data for other services or offers they provide without a optional (aka not required for the main service) data privacy agreement

There is a lot more to it, but it does apply to "free services" and I think Lotgd servers are not "purely personal" as we allow any users to register.

You *could* circumvent this if you disable registering and only play with friends.
But alas, also a No.

So...what is needed for Lotgd to be able to work with that regulation after the deadline in May 2018 (after that you may be reported to a local authority which will issue fines, *big* fines)?

I so far have isolated:
* you need to provide users a download of "all personal data", which implies petitions and mails (in them they could have issued personal data) as well as bio stuff. Anything they may have entered personal data.
* you need to make transparent what you keep and how long
* you need to remove upong request (automatically, not a long manual process) all personal data (for backups: you need a script that deletes any "forget me!"-guys directly after. else you violate the agreement)
  (this is particularly interesting for the char restorer, for which you'd need an optional agreement to keep or you have to delete those after expiration too, making it useless)

Footnote:
I am in charge of this at my company, this is why I wanted to let you know. It's not trivial.
Logged
Anharat
Codemeister
****
Offline Offline

Posts: 270



View Profile
« Reply #1 on: December 26, 2017, 12:20:23 PM »

Had this topic at work as well, but did not get into it yet.  Thanks a lot for sharing those "isolated" information and I hope you keep this updated.
Logged
Stephen.Kise
Codemeister
****
Offline Offline

Posts: 390


So meme'd up.


View Profile
« Reply #2 on: December 26, 2017, 05:03:46 PM »

Wouldn't the simple solution to this be:
* Require consent for any user on the creation screen, to notify players that their email, IP, and cookies are analyzed for operation of the server.
* Place information about that consent in the logged-in section of the game (Since they need to be able to view their rights again at any time).
* Access to all data for that account (mail to and from a certain user, a user's petition data, and character/preference data) upon request.
* Delete email, ipaddress, uniqueid, mail, petitions and other personal data from character restore sheets, or delete the entire sheet itself if requested.

If the user does not agree to all terms, you should just delete the account and not allow the player to join. My only concern about the topic is transferring data, and the right of erasure. If a player says "Forget me" you have to delete all character, mail, and petition backups of an account from every backup. That, or I am just not understanding the language on that site. This is particularly nasty if you have a backup system in place for both files and SQL data that run daily.
Logged

Slowly progressing fork with PHP 7 support: https://github.com/stephenKise/Legend-of-the-Green-Dragon
Cheap VPS Hosting (10$ credit!): https://m.do.co/c/acde75b086c5
TGTarheel
Codemeister
****
Offline Offline

Posts: 398


View Profile
« Reply #3 on: December 26, 2017, 09:03:42 PM »

Would this apply ONLY to EU users registering after this takes effect, or would it also be retroactive to existing EU users?

If so, could anyone develop a module that would handle this...so that user info could be completely deleted on request?

I am not sure how you handle this...
Logged
Stephen.Kise
Codemeister
****
Offline Offline

Posts: 390


So meme'd up.


View Profile
« Reply #4 on: December 26, 2017, 10:57:32 PM »

Would this apply ONLY to EU users registering after this takes effect, or would it also be retroactive to existing EU users?

If so, could anyone develop a module that would handle this...so that user info could be completely deleted on request?

I am not sure how you handle this...

It would be more than likely an update or fork of the current character restore module, since that is what handles most storage on most servers. That would only require a few more hooks, theoretically, and would not be much of a change to the module. However, I would have to look into the language of the GDPR more to be 100% certain.
Logged

Slowly progressing fork with PHP 7 support: https://github.com/stephenKise/Legend-of-the-Green-Dragon
Cheap VPS Hosting (10$ credit!): https://m.do.co/c/acde75b086c5
Nightborn
Captain of the Guard
***
Offline Offline

Posts: 211


View Profile WWW
« Reply #5 on: December 27, 2017, 12:31:11 AM »

All to my current knowledge:

@
Quote
Would this apply ONLY to EU users registering after this takes effect, or would it also be retroactive to existing EU users?

Retroactive, to all after May 25th.

@
Quote
If a player says "Forget me" you have to delete all character, mail, and petition backups of an account from every backup. That, or I am just not understanding the language on that site. This is particularly nasty if you have a backup system in place for both files and SQL data that run daily.
The standing there is "if you have such a backup, you have to automatically(!) make sure all please-forget-me-people are erased after restoral and before putting data live or for analysis".
That should be done in a process, as backup restorals are in 99% manual actions and not automatic ones.
I think a script will suffice that deletes all data based on acctid (which you may log, because the ID holds no personal data. you may not hold email adresses of people who wanted to be forgotten).

I am writing a module that handles the "give me my data" (=puts mails,petitions,village chats etc. in a text file for download) and the erase-me-please which also will store a list of acctids and the date when it was requested. Upon that, you could base a script that deletes any forget-me upon a database restoral.
It would also check the charrestore guys and delete files there. But, alas, that would also need to be in a script if you have a file backup.
Logged
Nightborn
Captain of the Guard
***
Offline Offline

Posts: 211


View Profile WWW
« Reply #6 on: December 27, 2017, 09:20:05 AM »

I think I have the charrestore ready now.

Issue is the stored email, but a hash serves as well for people to claim ownership. You can restore the char and then manually replace the mail if the token matches.

* replaced emailaddress with a sha512 hash (varchar128 in the db is exactly right)
* added a salt as setting (FILL BEFORE HASHING!)
* added a mail notification when a char is deleted/expires and is stored.
* added a convert function for legacy stuff. it will convert all your old chars and put the hash in

DISCLAIMER:
Somebody with an untouched 1.1.2 dp edition could edit it please, I think I built a few things in (replaceemail?) in core that don't exist.
I have also changed some stuff in the charrestore (I believe I added the mail search in the first place).
Please BACKUP and then TEST.
Logged
TGTarheel
Codemeister
****
Offline Offline

Posts: 398


View Profile
« Reply #7 on: December 27, 2017, 12:08:47 PM »

All to my current knowledge:

@
Quote
Would this apply ONLY to EU users registering after this takes effect, or would it also be retroactive to existing EU users?

Retroactive, to all after May 25th.

@
Quote
If a player says "Forget me" you have to delete all character, mail, and petition backups of an account from every backup. That, or I am just not understanding the language on that site. This is particularly nasty if you have a backup system in place for both files and SQL data that run daily.
The standing there is "if you have such a backup, you have to automatically(!) make sure all please-forget-me-people are erased after restoral and before putting data live or for analysis".
That should be done in a process, as backup restorals are in 99% manual actions and not automatic ones.
I think a script will suffice that deletes all data based on acctid (which you may log, because the ID holds no personal data. you may not hold email adresses of people who wanted to be forgotten).

I am writing a module that handles the "give me my data" (=puts mails,petitions,village chats etc. in a text file for download) and the erase-me-please which also will store a list of acctids and the date when it was requested. Upon that, you could base a script that deletes any forget-me upon a database restoral.
It would also check the charrestore guys and delete files there. But, alas, that would also need to be in a script if you have a file backup.

Excellent.

Meanwhile, one could comply with such requests by manually erasing it from the database...right??
Logged
Nightborn
Captain of the Guard
***
Offline Offline

Posts: 211


View Profile WWW
« Reply #8 on: December 27, 2017, 12:12:50 PM »

It states there he procedure must be "automatically" if I remember correctly.
So... no.
You have to have it in the software.

If you save the data one moment longer than necessary, you're technically breaking the regulation (hence I did put that into the module)
Logged
TGTarheel
Codemeister
****
Offline Offline

Posts: 398


View Profile
« Reply #9 on: December 27, 2017, 04:25:09 PM »

It states there he procedure must be "automatically" if I remember correctly.
So... no.
You have to have it in the software.

If you save the data one moment longer than necessary, you're technically breaking the regulation (hence I did put that into the module)

Well, then.  Until and if I could get that working...is there a way to have EU players either state that they do not wish to invoke that right...at least till I get it working...or would I need to not accept new players from EU?

I sorta doubt the EU cops would be real huge in going after a two-bit game operator that doesn't have a pot to pee in and is in America anyway, but, all the same, the law is the law, and I need to know how I can comply...I am assuming your moduie, Nightborn....won't work with 1.1.0 that I am running?

I am NOT ready for an upgrade yet.
Logged
Stephen.Kise
Codemeister
****
Offline Offline

Posts: 390


So meme'd up.


View Profile
« Reply #10 on: December 28, 2017, 09:36:03 AM »

It states there he procedure must be "automatically" if I remember correctly.
So... no.
You have to have it in the software.

If you save the data one moment longer than necessary, you're technically breaking the regulation (hence I did put that into the module)

Well, then.  Until and if I could get that working...is there a way to have EU players either state that they do not wish to invoke that right...at least till I get it working...or would I need to not accept new players from EU?

I sorta doubt the EU cops would be real huge in going after a two-bit game operator that doesn't have a pot to pee in and is in America anyway, but, all the same, the law is the law, and I need to know how I can comply...I am assuming your moduie, Nightborn....won't work with 1.1.0 that I am running?

I am NOT ready for an upgrade yet.

The regulation will probably not be policed heavily here in the US, but if there is a leak of data and the source is discovered to have come from your server, then they would have an issue. This regulation is to make server owners more aware of the risks that they put people in when the source of their application is not secure. So no, you will not have an agent knocking on your door come April 2018, but it is just a lot safer to follow regulation and comply with the laws that protect us. I know it is frustrating for you in this instance - it's even a tad bit annoying for me - but it needs done. Perhaps you could create a backup of your character restore module, replace it with this, and test it out for 1.1.0. If there are any issues with NightBorn's character restore on 1.1.0, you could post here and a solution will be found quickly.
Logged

Slowly progressing fork with PHP 7 support: https://github.com/stephenKise/Legend-of-the-Green-Dragon
Cheap VPS Hosting (10$ credit!): https://m.do.co/c/acde75b086c5
Nightborn
Captain of the Guard
***
Offline Offline

Posts: 211


View Profile WWW
« Reply #11 on: December 29, 2017, 03:33:36 AM »

Stephen.Kise did explain the issue well.

Quote
Well, then.  Until and if I could get that working...is there a way to have EU players either state that they do not wish to invoke that right...at least till I get it working...or would I need to not accept new players from EU?

You would need to block the EU completely on IP basis. So yes, it would affect current players. There is no legacy clause.

Quote
I sorta doubt the EU cops would be real huge in going after a two-bit game operator that doesn't have a pot to pee in and is in America anyway, but, all the same, the law is the law, and I need to know how I can comply...I am assuming your moduie, Nightborn....won't work with 1.1.0 that I am running?
Not out of the box, I would assume. I think a few things are only needed in my edited version, so you'd need to strip that out.
Assembly required.

Quote
I am NOT ready for an upgrade yet.
The GDPR was finalized and went "live" in 2016. Most people (like me) wait(ed) the 2 years grace period until it had the fines live.

It doesn't matter if you're ready, technically except for an IP block, this is coming.
It also affects any form of service (forums, wikis, etc) you provide where people can make accounts.
I horribly saw in my forum birthdays are also saved (because, why not). So I have to fix that too. Either just disallow or I have to manually clean up.

Not that funnily also DP itself is affected. Tongue I believe Talisman does backups (or their hoster), so you need the "forget me" function.
in SMF, to my knowledge, there is no such thing yet out-of-the-box.
Logged
TGTarheel
Codemeister
****
Offline Offline

Posts: 398


View Profile
« Reply #12 on: December 31, 2017, 03:07:57 AM »

So what things would be needed for 1.1.0 in your edited version, do you think, Nightborn?  What parts currently would not work, then let me see if I can use my minimal coding skills to work around it?
Logged
Nightborn
Captain of the Guard
***
Offline Offline

Posts: 211


View Profile WWW
« Reply #13 on: December 31, 2017, 03:30:55 AM »

Run it on a test server and see what pops up Smiley
I think minor changes in the sql statements really.
Logged
TGTarheel
Codemeister
****
Offline Offline

Posts: 398


View Profile
« Reply #14 on: December 31, 2017, 05:18:57 AM »

Run it on a test server and see what pops up Smiley
I think minor changes in the sql statements really.

I wish I had a test server....
Logged
Pages: [1] 2 3   Go Up
  Print  
 
Jump to:  


*
DragonPrime Notices
Version 1.1.2 is the current supported version and is available for download.

Support Us
No funds raised yet this year
Your help is greatly appreciated!
Recent Topics
DragonPrime LoGD
Who's Online
31 Guests, 0 Users
Home Forums News Downloads Login Register Advanced Search