New GDPR (General Data Protection Regulation) and phpBB

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Suggested Hosts
enter a valid email
Registered User
Posts: 322
Joined: Mon May 30, 2016 4:50 pm
Location: VIE
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by enter a valid email »

Do Europeans have to comply with COPPA?
Well here we have theoretically some competitive.
In Austria by Law Children under 14 are not permit to do any Contract there own. Thereticaly the could not ever buy Ice Cream with there pocket money. :lol: So the must ask an Adult to sight the (Online) Contract for them. And what I know this is build into every PHPbb Forum with the Default installation.
I’d be more concerned about CCTV, Traffic cams and webcams.
The are not permit to record "Public Ground" like the Street, Road, Park,.. and when the Record your own Private property the must be Encrypt and Delete the footage after 3 Days by law!
You can cover your Webcam and Traffic Cams are crap currently Quality.
Not many
Tell that the Cable Provider! The IP change maybe once a Year.
But how many ISP's have?
Well that change in Austria to!
Points taken but I still think people are panicking for nothing.
Now we can enforce some rights like not to be filmed in Public.

User avatar
david63
Registered User
Posts: 17247
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Name: David Wood
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by david63 »

KYPREO wrote:
Sat Feb 01, 2020 10:57 am
Say, for example, a board administrator sold user data to a data analytics company
That would be illegal under GDPR unless you specifically informed the users that you were doing it. Data can only be used for the purpose for which it was obtained.
enter a valid email wrote:
Sat Feb 01, 2020 10:58 am
Tell that the Cable Provider! The IP change maybe once a Year.
Unless you restart your router
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored

KYPREO
Registered User
Posts: 312
Joined: Fri Feb 02, 2018 9:56 am
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by KYPREO »

david63 wrote:
Sat Feb 01, 2020 11:15 am
KYPREO wrote:
Sat Feb 01, 2020 10:57 am
Say, for example, a board administrator sold user data to a data analytics company
That would be illegal under GDPR unless you specifically informed the users that you were doing it. Data can only be used for the purpose for which it was obtained.
Thats my exact point. There is a real potential for misuse of an IP address to identify and build a data set for individual users, and this is the very issue to which GDPR protection of IP addresses is directed. In Australia, there is nothing stopping me from selling user data.
phpBB user since 2002
www.AusRotary.com

enter a valid email
Registered User
Posts: 322
Joined: Mon May 30, 2016 4:50 pm
Location: VIE
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by enter a valid email »

Unless you restart your router
Nope here your IP will be the same even you restart the Router, Gateway,..

User avatar
david63
Registered User
Posts: 17247
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Name: David Wood
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by david63 »

For all those who claim that an IP address is vital personal data please tell me what you can find out about me from my current IP address which is 109.155.91.15
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored

User avatar
HiFiKabin
Community Team Member
Community Team Member
Posts: 4433
Joined: Wed May 14, 2014 9:10 am
Location: Swearing at the PC, UK
Name: James
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by HiFiKabin »

IIRC with DSL Virgin Cable the ip didn't change on reboot, unlike the ASDL via Openreach. It may well be the same in other countries.

User avatar
HiFiKabin
Community Team Member
Community Team Member
Posts: 4433
Joined: Wed May 14, 2014 9:10 am
Location: Swearing at the PC, UK
Name: James
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by HiFiKabin »

david63 wrote:
Sat Feb 01, 2020 1:17 pm
For all those who claim that an IP address is vital personal data please tell me what you can find out about me from my current IP address which is 109.155.91.15
That you live in a nice part of the world.

KYPREO
Registered User
Posts: 312
Joined: Fri Feb 02, 2018 9:56 am
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by KYPREO »

david63 wrote:
Sat Feb 01, 2020 1:17 pm
For all those who claim that an IP address is vital personal data please tell me what you can find out about me from my current IP address which is 109.155.91.15
It's "personally identifiable information" not personal data. If i have data from multiple sources (say like Google), then little pieces of information connected with that IP can together build a detailed profile coupled to your identity. Little bit of social engineering adds to that profile already.

Just from your IP and post, without admin privileges, your name is David, you were born in 1963, you are accessing the Internet through BT in London, UK, and you are interested in phpBB and coding. If I'm the forum admin, i also have your DOB and email address. Say a data set has the same IP address from another service you used, then perhaps now they have your full name, something you recently purchased, your search history and so on and so forth for every data record for that IP.

Big Data.
Last edited by KYPREO on Sat Feb 01, 2020 1:58 pm, edited 1 time in total.
phpBB user since 2002
www.AusRotary.com

heinrich_k
Registered User
Posts: 220
Joined: Fri Jul 17, 2009 11:40 am

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by heinrich_k »

david63 wrote:
Sat Feb 01, 2020 8:43 am
I reiterate the point - it is the board owner's responsibility and if a particular software package does not meet their requirements then do not use it and find one that does. It really is that simple.
No, it is not.

Prospective board owners aren't lawyers, or IT specialists, security experts or web designers for that matter.

If one is to install a board software like phpBB, one can reasonably expect that it is reasonably up-to-date on current security and and programming practices. And the community that creates the software should probably have an interest in providing a reasonably safe and secure software, too.
KYPREO wrote:
Sat Feb 01, 2020 9:13 am
Strictly speaking, with the way Google Analytics works, no information is actually handled by the board or "given" to Google.
Strictly speaking, this is correct, yet it was the board sending the command to the client's browser to execute the JavaScript function that started google analytics (and pointed to a google server to download it). And while there are several browser add-ons to block this, one can't expect board visitors to be that tech-savy that they understand the implications of google analytics.

And while I have not been up to date what information a board admin can get from his google analytics page nowadays, I'm also not really sure what google themselves do with the data, or what happens if they change there terms of service, or why they dropped "don't be evil" as company motto. Fact is, by starting the java script functions your board tells the clients who visit it to grab code and execute it from google, providing information in the process. And if you use the phpBB standard privacy policy for your visitors, you tell them you wouldn't do that.
Mick wrote:
Sat Feb 01, 2020 9:17 am
I still don’t understand why people are so concerned about IP addresses, no really useful ‘personal’ information, addresses and such, is available from them. I’d be more concerned about CCTV, Traffic cams and webcams.
You are right. You and I probably can't even backtrace an IP to a person, but just to an ISP. The government can, however. But, we trust that prosecutors will only in case of a crime force ISPs to release that info, with a judge signing off on it, right? We are sure, that all we do is legal, and will be legal in the future, right? Then there is google, Facebook and what not. They get the same IP on all the pages you visit, along with Browser fingerprints. They can, by the sheer number of data-points, recognise you, without the need of your ISPs records. And any board admin who uses google analytics helps them in collecting that data.

Personally, I thing that my Apache logs, or phpBB logs are reasonably safe and and they contain IP-addresses of visitors. I don't share them. However, GDPR, an executive order, contains the phrase "for example IP addresses" in regards to personal data (I full text searched the German document awhile back). So, without a number of court rulings on that part, I is the general assumption by data protection yeomen that IP addresses aren't to be stored, if not necessary, and are viewed as personal data. How I could give someone all entries I stored for his IP address from my Apache logs, if I have no idea who he or she is, remains oblivious to me. But the text of the GDPR doesn't give technical advice on how to adhere to it....
KYPREO wrote:
Sat Feb 01, 2020 10:57 am
Moreover, GDPR compliance is a real issue for administrators within the jurisdiction of the EU. Your opinion on the merits of GDPR or the value of an IP address is frankly irrelevant to the real question of whether this affects GDPR compliance. To trivialise and dismiss genuinely held concerns about GDPR compliance is somewhat unfair, to say the least.
Agreed. :!:
david63 wrote:
Sat Feb 01, 2020 1:17 pm
For all those who claim that an IP address is vital personal data please tell me what you can find out about me from my current IP address which is 109.155.91.15
It appears to be an IP of the British Telecom, but I'm not a specialist. But as was pointed out, the danger isn't of me or any board admin knowing your IP. The reason it was explicitly stated in the GDPR was due to Big Data analysis by tech companies. But the GDPR is written, so that it affects anyone and nobody will sue for unfair impairment. For that is what the EU feared would happen, if the rules were written to only apply to tech giants. So, while Austia doesn't enforce the rules for the web boards of small clubs (like local rabbit breeders, or something) all other natural or legal entities in the EU have to. And that is within their IT and outside.
KYPREO wrote:
Sat Feb 01, 2020 10:57 am
Say, for example, a board administrator sold user data to a data analytics..
Google analytics is selling. For, well you get a analysis of the data of your page and they get the data to use. It is a trade of goods for a service.
Also, storing the IP addresses or other old information is under GDPR a risky tactic. If your server is ever breached, and you realise it, you have to contact your government-appointed data protection yeoman. In Germany that would be the office of the Landesdatenschutzbeauftragten. If they think you data collection was unnecessary (for you shall only store necessary information), then they may fine you. If the data is later found on the web, by people like the Mozilla Monitoring service and similar organisations, the government-appointed data protection yeoman may still fine you.

There are plenty of guidelines and process requirements in the GDPR, that phpBB probably should adhere to. Like not storing more information, than necessary. A concept that makes sure, personal information is deleted completely. Right now, if a user account in deleted, any posts, that were quoted in someone else's quotes would remain. There aren't, to my knowledge, any court rulings if that is acceptable under GFPR, or not.
Last edited by heinrich_k on Sat Feb 01, 2020 2:02 pm, edited 1 time in total.

enter a valid email
Registered User
Posts: 322
Joined: Mon May 30, 2016 4:50 pm
Location: VIE
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by enter a valid email »

david63 wrote:
Sat Feb 01, 2020 1:17 pm
For all those who claim that an IP address is vital personal data please tell me what you can find out about me from my current IP address which is 109.155.91.15
Your Skype Account is: david.wood63
Your Phone No is maybe: 01795521581
And Mobile: 07742612411

You might Visit the Church of Saint Peter and St Paul.

You had a problem with XP Home and maybe Married to Sheila Wood.

User avatar
John connor
Registered User
Posts: 2462
Joined: Fri Nov 14, 2014 5:14 pm
Location: U S Of A
Name: Aaron
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by John connor »

Mick wrote:
Sat Feb 01, 2020 9:17 am
I still don’t understand why people are so concerned about IP addresses, no really useful ‘personal’ information, addresses and such, is available from them. I’d be more concerned about CCTV, Traffic cams and webcams.
Or the use of a smart device, its telemetry, GPS and uncanny ability to append one's location to every picture you take with said smart device. I went to Flickr and found loads of people's pictures with their locations.

IP addresses and GDPR? HA!

User avatar
John connor
Registered User
Posts: 2462
Joined: Fri Nov 14, 2014 5:14 pm
Location: U S Of A
Name: Aaron
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by John connor »

david63 wrote:
Sat Feb 01, 2020 9:29 am
But how many ISP's have?
Many in fact. On my sites I see a practical 50/50 split between users who have an IPv4 and a IPv6 address. Comcast being the biggest.

User avatar
david63
Registered User
Posts: 17247
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Name: David Wood
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by david63 »

KYPREO wrote:
Sat Feb 01, 2020 1:50 pm
you were born in 1963
Wrong
enter a valid email wrote:
Sat Feb 01, 2020 1:59 pm
Your Skype Account is: david.wood63
Your Phone No is maybe: 01795521581
And Mobile: 07742612411

You might Visit the Church of Saint Peter and St Paul.

You had a problem with XP Home and maybe Married to Sheila Wood.
All but one are wrong
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored

User avatar
John connor
Registered User
Posts: 2462
Joined: Fri Nov 14, 2014 5:14 pm
Location: U S Of A
Name: Aaron
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by John connor »

david63 wrote:
Sat Feb 01, 2020 1:17 pm
For all those who claim that an IP address is vital personal data please tell me what you can find out about me from my current IP address which is xxx.xxx.91.15
Give me about 45 minutes and I'll Nmap it for any open ports that can be pried open.

That's the scenario from a hacker preservative. If you have a vulnerable router it can and will be turned into a zombie bot net, and I've seen my fair share of bot net zombie residential routers from legit ISPs try to connect to my website's.

Best not share your IP to the public if at all possible unless you are connecting to legit websites and can trust their server security.

Do IPs connect one to their home address and all that crap? No, not to the average Joe. But to a law enforcement agency they can subpoena the ISP with that IP and get your address.

But I'll one up you. Here's my IP address. 198.10.15.28 :lol:

User avatar
John connor
Registered User
Posts: 2462
Joined: Fri Nov 14, 2014 5:14 pm
Location: U S Of A
Name: Aaron
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by John connor »

John connor wrote:
Sat Feb 01, 2020 2:30 pm
david63 wrote:
Sat Feb 01, 2020 1:17 pm
For all those who claim that an IP address is vital personal data please tell me what you can find out about me from my current IP address which is xxx.xxx.91.15
Give me about 45 minutes and I'll Nmap it for any open ports that can be pried open.

That's the scenario from a hacker preservative. If you have a vulnerable router it can and will be turned into a zombie bot net, and I've seen my fair share of bot net zombie residential routers from legit ISPs try to connect to my website's.

Best not share your IP to the public if at all possible unless you are connecting to legit websites and can trust their server security.

Do IPs connect one to their home address and all that crap? No, not to the average Joe. But to a law enforcement agency they can subpoena the ISP with that IP and get your address.

But I'll one up you. Here's my IP address. 198.10.15.28 :lol:

enter a valid email wrote:
Sat Feb 01, 2020 1:04 pm
Unless you restart your router
Nope here your IP will be the same even you restart the Router, Gateway,..
Wrong! I can change my WAN IP at any time and have done that many, many times. All you do use use the MAC address clone feature, change the last part of the MAC address and reboot the modem, not the router. Presto, you now have a new IP. That's if your ISP allows this or at least works this way.

Post Reply

Return to “phpBB Discussion”