You can sign up to get a daily email of our articles, see the Mailing List page!
Support us on Patreon to keep GamingOnLinux alive. This ensures we have no timed articles and no paywalls. Just good, fresh content! Alternatively, you can donate through Paypal!

Steps we're taking as a site for GDPR compliance

Posted by , | Views: 8,170

As we're sure many of you know, a big new privacy and data protection thing is coming into force next month from the EU, called the EU General Data Protection Regulation (GDPR).

Any website that takes any information from anyone in the EU, has to comply with it, or face huge fines. Naturally, we want to ensure we're complying.

Here's a few steps we've already done

  • All YouTube embeds in comments/forum posts now use YouTube's enhanced privacy mode, which doesn't load a single cookie until you hit play.
  • All future articles with a YouTube embed will also use YouTube's enhanced privacy mode, we're working to update all older articles with a script soon.
  • We recently (read: finally) added the ability for you to delete your own individual comments. Was on the todo list for a long time, sorry it took so long. This will be rolled out to the forum too ASAP.
  • If you wish to completely remove your account (not "hidden"—just completely gone), there's an option to do so in your User Control Panel now.
  • All new users PC Info is now opt-in to the Monthly User Statistics, this can be changed any time with a new checkbox labelled "Include your PC details in our Monthly User Statistics?" at the top of the User Control Panel page for PC Info. Not a big change, but it means now you can display your PC Info without being in the survey. For people who have it checked and leave it for a long time, data is eventually cut out of the monthly survey that we consider stale anyway, so it wouldn't be included when it gets too old. To be clear on our user survey: no user identifiable information is included for the survey output, no user id, no username or anything—just the answers.
  • We've removed the Twitter embed in the right sidebar, so that Twitter cookies and tracking does not touch our website at all. To be clear, the Twitter handle @gamingonlinux still exists, just the embed for it on our site is gone.
  • The registration page now includes links to our Ethics and Privacy policy pages (can be found any time in the site's footer).
  • This was done a long time ago, but as a reminder, if you wish your profile to be private, you can do so by setting it in the User Control Panel Privacy page. We've decided that going forward, all new users profiles will be private by default. We're eventually going to add more specific details of what you wish to show on your profile page instead of private or public. Luckily, we don't actually store or show a lot of information anyway.
  • We've removed the ability for users to set an avatar from a URL. While we're sure our security was tight on that to ensure they 100% are linking to an image, it's just not worth the hassle if somehow a script slipped past it and stored a cookie on your PC. You can still pick an avatar from the gallery (which we will expand) or upload an avatar directly.
  • When a submitted article is approved, we're making sure to wipe the email and IP that it was submitted from. They're only stored to block spammers (based on IP) and to email you if it's accepted or denied. Denied articles are completely removed.

Other misc updates:

  • Notifications older than six months are now being wiped, to help keep our database lean and mean. To be honest, if you haven't visited in six months it's likely any notifications are pointless.
  • We removed the GamingOnLinux Facebook Group embed from the right sidebar on the homepage, this was unrelated to GDPR. We just didn't like their data handling with the recent stuff in the news. To be clear, the GOL Facebook Group still exists, just the embed for it on our site is gone.
  • We now included a standard message in all articles, at the bottom to notify you that certain links will be affiliate links. So no editor can forget (read: me, I'm forgetful).

You can find more about GDPR here.

Personally, while testing our site using uBlock Origin in Chrome, I don't see a single notification about anything blocked, so that's good. Since we have no adverts, no outside statistics tracking or anything (we don't even use Google Analytics like most sites do) there should be nothing to be concerned about.

If you feel there's something we should be doing that we're not to help protect your privacy and data, do let us know any time.

Ps. You can follow random progress on gitlab here.

44 Likes, Who?
We do often include affiliate links to earn us some pennies. We are currently affiliated with GOG and Humble Store. See more information here.
69 comments
Page: 1/7»
  Go to:

Patola 20 April 2018 at 12:50 pm UTC
We've removed the Twitter embed in the right sidebar, so that Twitter cookies and tracking does not touch our website at all. To be clear, the Twitter handle @gamingonlinux still exists, just the embed for it on our site is gone.

This part was necessary? Just grabbing this line from twitter and then rendering it in the page (without any twitter cookies, of course) wouldn't be enough?

Anyway, this law seems a huge burden for webmasters...


Last edited by Patola at 20 April 2018 at 12:51 pm UTC
Shmerl 20 April 2018 at 12:50 pm UTC
QuotePersonally, while testing our site using uBlock Origin in Chrome, I don't see a single notification about anything blocked, so that's good.
Fanboy’s Social Blocking List​​​​​ for uBlock Origin (used in Firefox) is blocking the "Like" button on comments for some reason.

It's because of this filter template:

##.likebutton


Last edited by Shmerl at 20 April 2018 at 1:00 pm UTC. Edited 7 times.
liamdawe 20 April 2018 at 12:56 pm UTC
PatolaWe've removed the Twitter embed in the right sidebar, so that Twitter cookies and tracking does not touch our website at all. To be clear, the Twitter handle @gamingonlinux still exists, just the embed for it on our site is gone.

This part was necessary? Just grabbing this line from twitter and then rendering it in the page (without any twitter cookies, of course) wouldn't be enough?

Anyway, this law seems a huge burden for webmasters...
Yes it was needed. Essentially, we (so...me) becomes responsible for any and all data including cookies and tracking while visiting GOL - even if that is not direct from us. Sadly, all embeds from social sites include some form of cookies and such.

And yes, it's a massive burden for webmasters. I'm not against it though, privacy is massively important, just the way the EU is going about it isn't great for smaller sites like us. Even though GOL is hosted in the USA, the law applies to anyone from the EU visiting GOL.

Shmerl
QuotePersonally, while testing our site using uBlock Origin in Chrome, I don't see a single notification about anything blocked, so that's good.
Fanboy’s Social Blocking List​​​​​ for uBlock Origin (used in Firefox) is blocking the "Like" button on comments for some reason.
Probably because it's associated with Facebook (the name, not the function - it's built-in to GOL and uses our database). I imagine if I simply re-named it, that it would work. It's a bit silly though, such a brute force block-rule it seems.


Last edited by liamdawe at 20 April 2018 at 12:57 pm UTC
Shmerl 20 April 2018 at 12:58 pm UTC
liamdaweProbably because it's associated with Facebook (the name, not the function - it's built-in to GOL and uses our database). I imagine if I simply re-named it, that it would work. It's a bit silly though, such a brute force block-rule it seems.

Yeah, it's a bit broad. I posted the filter that's doing it above:

##.likebutton


Last edited by Shmerl at 20 April 2018 at 12:59 pm UTC
pete910 20 April 2018 at 1:02 pm UTC
Hate to be that guy but,

QuoteWe recently (read: finally) added the ability for you to delete your own individual comments. Was on the todo list for a long time, sorry it took so long. This will be rolled out to the forum too ASAP.

Don't actually agree with that tbh.
Patola 20 April 2018 at 1:03 pm UTC
liamdaweAnd yes, it's a massive burden for webmasters. I'm not against it though, privacy is massively important, just the way the EU is going about it isn't great for smaller sites like us. Even though GOL is hosted in the USA, the law applies to anyone from the EU visiting GOL.
What I meant was: couldn't the site just fetch the twitter data, and render it statically in pure text with a link to the twitter entry on twitter? There is impossible to have cookie collected this way if the person does not click the link.
liamdawe 20 April 2018 at 1:06 pm UTC
Patola
liamdaweAnd yes, it's a massive burden for webmasters. I'm not against it though, privacy is massively important, just the way the EU is going about it isn't great for smaller sites like us. Even though GOL is hosted in the USA, the law applies to anyone from the EU visiting GOL.
What I meant was: couldn't the site just fetch the twitter data, and render it statically in pure text with a link to the twitter entry on twitter? There is impossible to have cookie collected this way if the person does not click the link.
That's possible, sure, but it's another thing to do if we want it. Likely just not worth the effort

pete910Hate to be that guy but,

QuoteWe recently (read: finally) added the ability for you to delete your own individual comments. Was on the todo list for a long time, sorry it took so long. This will be rolled out to the forum too ASAP.

Don't actually agree with that tbh.
To be fair, most other sites allow you to do this from what I've seen and allowing users to remove their information is part of this new EU rule, so I do have to follow it.
liamdawe 20 April 2018 at 2:01 pm UTC
Update: I discovered during a personal audit that submitted articles from people not logged in, was storing their IP and email address given to us at the time of submitting once published. I have since purged them and updated our approval code to auto-wipe both when an article is accepted.

Denied articles are completely removed, no issues there.
tuubi 20 April 2018 at 2:07 pm UTC
View PC info
  • Supporter
liamdawe
Patola
liamdaweAnd yes, it's a massive burden for webmasters. I'm not against it though, privacy is massively important, just the way the EU is going about it isn't great for smaller sites like us. Even though GOL is hosted in the USA, the law applies to anyone from the EU visiting GOL.
What I meant was: couldn't the site just fetch the twitter data, and render it statically in pure text with a link to the twitter entry on twitter? There is impossible to have cookie collected this way if the person does not click the link.
That's possible, sure, but it's another thing to do if we want it. Likely just not worth the effort
Custom embed widgets and tweet scraping could very well be against Twitter's terms of service.
Marky 20 April 2018 at 2:11 pm UTC
Thanks for keeping us notified on these details. It's really nice how clean and privacy respecting the site is.
  Go to:
While you're here, please consider supporting GamingOnLinux on Patreon or Liberapay. We have no adverts, no paywalls, no timed exclusive articles. Just good, fresh content. Without your continued support, we simply could not continue!

We also accept Paypal donations and subscriptions! If you already are, thank you!

Due to spam you need to Register and Login to comment.


Or login with...

Livestreams & Videos
Community Livestreams
  • Puzzle Tiles: „The Talos Principle?“
  • Date:
See more!
Popular this week
View by Category
Contact
Latest Comments
Latest Forum Posts