XKCD leak follow-up

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Scam Warning
Post Reply
User avatar
Marek Muc
Registered User
Posts: 70
Joined: Tue Sep 04, 2018 2:59 pm
Location: Warsaw, Poland
Contact:

XKCD leak follow-up

Post by Marek Muc »

Does anyone know whether XKCD suffered any legal repercussions due to his board's database leak? I tried to google any new info but could not find anything. To me, it's not that important how this exactly happened, as it can happen probably in many ways, but whether he suffered any legal action given rather limited data logged there.

BTW this forum is still offline so maybe it's time to remove it from the showcase at phpbb.com?
Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 26812
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Re: XKCD leak follow-up

Post by Paul »

You should ask XKCD, as we have are no involved party here directly, so we have no idea :)
Knock knock
Race condition
Who's there?

My BlogMy Photosmy phpBB Extensionscustom phpBB work & Development
User avatar
Marek Muc
Registered User
Posts: 70
Joined: Tue Sep 04, 2018 2:59 pm
Location: Warsaw, Poland
Contact:

Re: XKCD leak follow-up

Post by Marek Muc »

Well I have no connection with him and I suppose a cold e-mail won't do the trick (especially that he does not seem to welcome e-mails at his website)
I thought that maybe he shared this info publicly o quasi-publicly (some conference etc.) and someone will be able to share it here. I think this would be of some interest to fellow board owners :)
Random American
Registered User
Posts: 105
Joined: Sat Aug 10, 2019 4:45 am
Location: Somewhere in the Southern USA.

Re: XKCD leak follow-up

Post by Random American »

As a user you agree to any information you have entered to being stored in a database. While this information will not be disclosed to any third party without your consent, neither “[Site Name]” nor phpBB shall be held responsible for any hacking attempt that may lead to the data being compromised.
Wouldn't this section of the user agreement apply in cases like this? Forgive my ignorance if I'm wrong.
We need universal health care now!
Thank you to all who help fight the pandemic.
User avatar
Marek Muc
Registered User
Posts: 70
Joined: Tue Sep 04, 2018 2:59 pm
Location: Warsaw, Poland
Contact:

Re: XKCD leak follow-up

Post by Marek Muc »

Personally I don't think this has any effect if a board owner is by law responsible for data security (a user agreement cannot override law). For example, the personal data processed by 'a natural person in the course of a purely personal or household activity' is scoped out of GDPR. So the key question is whether a board owner is legally responsible for data processing and the answer may depend on whether this is purely personal activity or for-profit activity.

Disclosure: I'm not a lawyer :)
Random American
Registered User
Posts: 105
Joined: Sat Aug 10, 2019 4:45 am
Location: Somewhere in the Southern USA.

Re: XKCD leak follow-up

Post by Random American »

Neither am I. I should have thought about that to be honest. Even my country has statutes other than COPPA that can apply to commercial sites, which probably includes boards. https://legal.thomsonreuters.com/en/ins ... ted-online

I was thinking of the Average Joe who just happens to have a non-profit board.
We need universal health care now!
Thank you to all who help fight the pandemic.
User avatar
Marek Muc
Registered User
Posts: 70
Joined: Tue Sep 04, 2018 2:59 pm
Location: Warsaw, Poland
Contact:

Re: XKCD leak follow-up

Post by Marek Muc »

I guess an average Joe with a non-profit board should be safe from lawsuit, especially given that phpBB keeps email addresses and IPs only. IMHO it would be even safer if we skipped IPs (see here) as these are specifically stated to be personal data under GDPR.

The XKCD case would be a great example as this was a large board. Since we didn't hear about any legal trouble of XKCD, maybe we can assume that there were none ;)
User avatar
thecoalman
Community Team Member
Community Team Member
Posts: 4059
Joined: Wed Dec 22, 2004 3:52 am
Location: Pennsylvania, U.S.A.
Contact:

Re: XKCD leak follow-up

Post by thecoalman »

I would presume that site is entirely based in US both physically and financially, GDPR would not apply.
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”

Attributed - Thomas Edison
User avatar
Marek Muc
Registered User
Posts: 70
Joined: Tue Sep 04, 2018 2:59 pm
Location: Warsaw, Poland
Contact:

Re: XKCD leak follow-up

Post by Marek Muc »

Well my question was meant to be at a more general level, I guess there are some data protection laws in US as well. I'm referring to GDPR by EU only because I'm most familiar with it.

Edit: I now think I should have been even more general with my question:

Does anyone know a board owner who suffered any legal repercussions due to his board's database leak?
User avatar
thecoalman
Community Team Member
Community Team Member
Posts: 4059
Joined: Wed Dec 22, 2004 3:52 am
Location: Pennsylvania, U.S.A.
Contact:

Re: XKCD leak follow-up

Post by thecoalman »

Generally speaking in the US most sites using phpBB would fly under the radar of data protection laws. If you are engaged in financial, health and specifically with web sites collecting data from children that's when data protection laws start applying. There are some other state and local laws that may apply but only for companies in those localities.
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”

Attributed - Thomas Edison
Random American
Registered User
Posts: 105
Joined: Sat Aug 10, 2019 4:45 am
Location: Somewhere in the Southern USA.

Re: XKCD leak follow-up

Post by Random American »

Marek Muc wrote:
Fri Sep 11, 2020 8:47 am
Well my question was meant to be at a more general level, I guess there are some data protection laws in US as well. I'm referring to GDPR by EU only because I'm most familiar with it.

Edit: I now think I should have been even more general with my question:

Does anyone know a board owner who suffered any legal repercussions due to his board's database leak?
For a noncommercial board, probably not, though even if so, I don't think it would have much publicity.
We need universal health care now!
Thank you to all who help fight the pandemic.
Post Reply

Return to “phpBB Discussion”