New GPDR (General Data Protection Regulation) and phpBB

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Suggested Hosts
Post Reply
tojag
Registered User
Posts: 57
Joined: Thu Aug 07, 2014 8:00 am

New GPDR (General Data Protection Regulation) and phpBB

Post by tojag » Sat Apr 22, 2017 8:20 pm

As you know for the year in the EU will be the GPDR (20.05.2018).
https://en.wikipedia.org/wiki/General_D ... Regulation

Is phpBB fully compatible with GPDR? For example, the protection of correspondence of PM.
Is it sufficient to secure the site by ssl?
Will it be able to keep posts after user opt out of the forum?
Will it be able to show publicly the time of posting posts or user logins?
etc.
Regards

User avatar
AmigoJack
Registered User
Posts: 4950
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: New GPDR (General Data Protection Regulation) and phpBB

Post by AmigoJack » Mon Apr 24, 2017 8:35 am

tojag wrote:
Sat Apr 22, 2017 8:20 pm
GPDR
You seem to mean GDPR.
For years I have already seen BDSG being misspelled, too.
tojag wrote:
Sat Apr 22, 2017 8:20 pm
Is phpBB fully compatible with GPDR?
Except of being able to import user data: yes.
tojag wrote:
Sat Apr 22, 2017 8:20 pm
protection of correspondence of PM
Yes: by design phpBB will show PMs only to its senders and recipients, never to unrelated users.
tojag wrote:
Sat Apr 22, 2017 8:20 pm
Is it sufficient to secure the site by ssl?
If by that you mean HTTPS: no, never - securing the network transport is unbound to securing a software.
tojag wrote:
Sat Apr 22, 2017 8:20 pm
Will it be able to keep posts after user opt out of the forum?
phpBB has this option already, as well as having the option to erase all posts related to an account. See the manual 3.5.7.5: Prune users.
tojag wrote:
Sat Apr 22, 2017 8:20 pm
Will it be able to show publicly the time of posting posts or user logins?
phpBB never did this to guests, but members can always see other member's posts, their post count and their last activity time - like yours.
tojag wrote:
Sat Apr 22, 2017 8:20 pm
etc.
GDPR is aimed at helping consumers or named people, whereas bulletin boards like phpBB nowhere store names, only pseudonyms. Those few installations which aggregate all the data for further purposes can only do this based on IP addresses and e-mail addresses. Effectively encrypting posts would result in not being able to search the board anymore. Exporting your own data is easy - just search your own posts.

After all, GDPR can only target legal persons using a software, not the software or its developers themselves.
The worst thing about censorship is ███████████

tojag
Registered User
Posts: 57
Joined: Thu Aug 07, 2014 8:00 am

Re: New GPDR (General Data Protection Regulation) and phpBB

Post by tojag » Fri May 12, 2017 8:21 am

Thanks for Your reply.
tojag wrote: ↑
Sat Apr 22, 2017 9:20 pm
Will it be able to keep posts after user opt out of the forum?
AmigoJack wrote:phpBB has this option already, as well as having the option to erase all posts related to an account. See the manual 3.5.7.5: Prune users.
Yes, I known it, but can I keep these posts in data base or have to erase it thogether with user account? What is GPDR compatible?
AmigoJack wrote:GDPR is aimed at helping consumers or named people, whereas bulletin boards like phpBB nowhere store names, only pseudonyms.
GPDR requires that you do not use the nickname/pseudonym of the user who closed the account. I would like to change the authors of such posts to "Anonymous". I think I have thousands of posts from closed accounts (my forum has over 500 000 posts), where the user name has remained unchanged. Do I have to use SQL commands directly in the database? How do I find out there posts unrelated to any active account?

Regards

User avatar
AmigoJack
Registered User
Posts: 4950
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: New GPDR (General Data Protection Regulation) and phpBB

Post by AmigoJack » Fri May 12, 2017 8:50 am

tojag wrote:
Fri May 12, 2017 8:21 am
can I keep these posts in data base or have to erase it thogether with user account?
Yes. No. Read again: those are options, both is possible.
tojag wrote:
Fri May 12, 2017 8:21 am
What is GPDR compatible?
Both, as the user can choose.
tojag wrote:
Fri May 12, 2017 8:21 am
change the authors of such posts to "Anonymous"
That's not yet possible - you could delete an account and retain the posts, which means the posts will only have a textual username and no author ID anymore - afterwards you'd have to do i.e. this:

Code: Select all

UPDATE phpbb_posts 
   SET post_username= '' 
 WHERE post_username='name of deleted account';
tojag wrote:
Fri May 12, 2017 8:21 am
How do I find out there posts unrelated to any active account?
If by that you mean to find all posts that are not associated to any account (anymore), then run:

Code: Select all

SELECT post_id, poster_id, post_username 
  FROM phpbb_posts 
 WHERE poster_id= 1 OR post_username<> '';
The worst thing about censorship is ███████████

tojag
Registered User
Posts: 57
Joined: Thu Aug 07, 2014 8:00 am

Re: New GPDR (General Data Protection Regulation) and phpBB

Post by tojag » Fri Aug 18, 2017 12:05 pm

Thanks for the answer. It's very useful.

User avatar
AmigoJack
Registered User
Posts: 4950
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: New GPDR (General Data Protection Regulation) and phpBB

Post by AmigoJack » Mon Aug 21, 2017 6:52 am

Which one?
The worst thing about censorship is ███████████

tojag
Registered User
Posts: 57
Joined: Thu Aug 07, 2014 8:00 am

Re: New GPDR (General Data Protection Regulation) and phpBB

Post by tojag » Mon Aug 21, 2017 7:40 pm

Code to change user name. I'm not a phpbb specialist. Thanks.

Jacob23
Registered User
Posts: 10
Joined: Fri Nov 18, 2011 4:58 am

Re: New GPDR (General Data Protection Regulation) and phpBB

Post by Jacob23 » Tue Aug 22, 2017 1:15 am

AmigoJack wrote:
Fri May 12, 2017 8:50 am
tojag wrote:
Fri May 12, 2017 8:21 am
change the authors of such posts to "Anonymous"
That's not yet possible - you could delete an account and retain the posts, which means the posts will only have a textual username and no author ID anymore
You can change the username to "JamesBond006" and then delete the account. The next one would be 007, of course. And so on.

Post Reply

Return to “phpBB Discussion”

Who is online

Users browsing this forum: andares, bigjoe11a, Noxwizard, Xerographica and 22 guests

cron