We do often include affiliate links to earn us some pennies. See more here.

Steps we're taking as a site for GDPR compliance

By - | Views: 27,940

As we're sure many of you know, a big new privacy and data protection thing is coming into force next month from the EU, called the EU General Data Protection Regulation (GDPR).

Any website that takes any information from anyone in the EU, has to comply with it, or face huge fines. Naturally, we want to ensure we're complying.

Here's a few steps we've already done

  • All YouTube embeds in comments/forum posts now use YouTube's enhanced privacy mode, which doesn't load a single cookie until you hit play.
  • All future articles with a YouTube embed will also use YouTube's enhanced privacy mode, we're working to update all older articles with a script soon.
  • We recently (read: finally) added the ability for you to delete your own individual comments. Was on the todo list for a long time, sorry it took so long. This will be rolled out to the forum too ASAP.
  • If you wish to completely remove your account (not "hidden"—just completely gone), there's an option to do so in your User Control Panel now.
  • All new users PC Info is now opt-in to the Monthly User Statistics, this can be changed any time with a new checkbox labelled "Include your PC details in our Monthly User Statistics?" at the top of the User Control Panel page for PC Info. Not a big change, but it means now you can display your PC Info without being in the survey. For people who have it checked and leave it for a long time, data is eventually cut out of the monthly survey that we consider stale anyway, so it wouldn't be included when it gets too old. To be clear on our user survey: no user identifiable information is included for the survey output, no user id, no username or anything—just the answers.
  • We've removed the Twitter embed in the right sidebar, so that Twitter cookies and tracking does not touch our website at all. To be clear, the Twitter handle @gamingonlinux still exists, just the embed for it on our site is gone.
  • The registration page now includes links to our Ethics and Privacy policy pages (can be found any time in the site's footer).
  • This was done a long time ago, but as a reminder, if you wish your profile to be private, you can do so by setting it in the User Control Panel Privacy page. We've decided that going forward, all new users profiles will be private by default. We're eventually going to add more specific details of what you wish to show on your profile page instead of private or public. Luckily, we don't actually store or show a lot of information anyway.
  • We've removed the ability for users to set an avatar from a URL. While we're sure our security was tight on that to ensure they 100% are linking to an image, it's just not worth the hassle if somehow a script slipped past it and stored a cookie on your PC. You can still pick an avatar from the gallery (which we will expand) or upload an avatar directly.
  • When a submitted article is approved, we're making sure to wipe the email and IP that it was submitted from. They're only stored to block spammers (based on IP) and to email you if it's accepted or denied. Denied articles are completely removed.

Other misc updates:

  • Notifications older than six months are now being wiped, to help keep our database lean and mean. To be honest, if you haven't visited in six months it's likely any notifications are pointless.
  • We removed the GamingOnLinux Facebook Group embed from the right sidebar on the homepage, this was unrelated to GDPR. We just didn't like their data handling with the recent stuff in the news. To be clear, the GOL Facebook Group still exists, just the embed for it on our site is gone.
  • We now included a standard message in all articles, at the bottom to notify you that certain links will be affiliate links. So no editor can forget (read: me, I'm forgetful).

You can find more about GDPR here.

Personally, while testing our site using uBlock Origin in Chrome, I don't see a single notification about anything blocked, so that's good. Since we have no adverts, no outside statistics tracking or anything (we don't even use Google Analytics like most sites do) there should be nothing to be concerned about.

If you feel there's something we should be doing that we're not to help protect your privacy and data, do let us know any time.

Ps. You can follow random progress on gitlab here.

Article taken from GamingOnLinux.com.
Tags: Site Info
40 Likes
About the author -
author picture
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly came back to check on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly. Find me on Mastodon.
See more from me
The comments on this article are closed.
63 comments
Page: «2/7»
  Go to:

EagleDelta Apr 20, 2018
While I applaud the EU for actually doing something about privacy, some of these measures in GDPR show that they don't understand how technology works. There are simply some forms of data that cannot be removed or hidden without breaking applications or websites. Database backups come to mind with the right to remove all data from all time. That's simply not financially feasible for many companies.

Think about this, a company is required by a non-EU state to keep certain data from all records of visitors that logged into a site in the last 24 months. An EU citizen requests all their data to be removed, that would include not just their data, but any data that links to them (including backups). As many backups are not stateful pieces of data you can just open and delete data from, a company/org now has to have enough money to pay for the processing power to:

  • Delete a user's data (not a big deal)

  • Delete links to that user in other user's data (a bit more difficult, depending on how those links exist)

  • Delete all history of that user. This last one is incredibly difficult as it requires the ability to restore/open every backup from the entire history since that user was created, delete their data, then save NEW backups.... all without losing service.



Now, I have an issue with the way many companies handle our private data, but there is a certain point at which privacy IS the responsibility of the user in question, NOT the company or service they use. A Public Facebook profile is just that: PUBLIC. Once that information is out there, no amount of data removal will remove it entirely from the internet. It may remove it from Facebook's servers (for example), but any number of other people could have gathered that data easily (without needing any special API keys or access), ESPECIALLY if a user made that data available on a public page.
Liam Dawe Apr 20, 2018
@EagleDelta, completely agree. Luckily, we store very little personal data outside of an email address and an IP. The rest like comments are highly debatable.

Unsure how we will handle the backups situation for when users remove themselves, that certainly is a conundrum.
EagleDelta Apr 20, 2018
Far worse than backups (I just thought about this) is the Right to Erasure in something like Git.

Git being a distributed system used by many FOSS projects and Companies to version source code, simply cannot easily adhere to the right to erasure, if at all.

Simply take a popular project on Github that has been forked over 100 times just on Github (not counting local forks that companies and/or people have). To erase a user from all the history would not only be difficult, but nigh impossible and even then, simply changing git history breaks every copy of that codebase on Github, Gitlab, local git, etc and can be undone by a user simply doing a force push to a new branch.

Not sure how projects, companies, and services will handle data models like Git.


Last edited by EagleDelta on 20 April 2018 at 3:18 pm UTC
Peapoll Apr 20, 2018
Thank you Liam! These updates certainly strengthen the trust in you and your website.
Spoiler, click me
Psst! If you don't support GOL on Liberapay/Patreon/Paypal yet and do have the opportunity, you now have a additional reason to start today.


QuotePersonally, while testing our site using uBlock Origin in Chrome, I don't see a single notification about anything blocked, so that's good.
Testing this page with uMatrix in Firefox there are 6 Google cookies blocked. I assume that it could be linked to the use of Google reCAPTCHA.

<script src='https://www.google.com/recaptcha/api.js'></script>

Edit: uMatrix, not uBlock Origin


Last edited by Peapoll on 20 April 2018 at 4:34 pm UTC
Liam Dawe Apr 20, 2018
Quoting: PeapollThank you Liam! These updates certainly strengthen the trust in you and your website.
Spoiler, click me
Psst! If you don't support GOL on Liberapay/Patreon/Paypal yet and do have the opportunity, you now have a additional reason to start today.


QuotePersonally, while testing our site using uBlock Origin in Chrome, I don't see a single notification about anything blocked, so that's good.
Testing this page with uBlock Origin in Firefox there are 6 Google cookies blocked. I assume that it could be linked to the use of Google reCAPTCHA.

<script src='https://www.google.com/recaptcha/api.js'></script>
Where specifically do you see blocked cookies? What page?
serge Apr 20, 2018
you could have keep the tweeter widget if you ask people through a plugin (eg https://www.primebox.co.uk/projects/jquery-cookiebar/)if they allow cookie or not.

And you put the tweeter script between a if (isset($_COOKIE["cb-enabled"]) && $_COOKIE["cb-enabled"] == "accepted")

if they accept cookie the scritp will launch and the widget is visible, if not the script do not launch so there is no cookie.
beniwtv Apr 20, 2018
Quoting: EagleDeltaDelete all history of that user. This last one is incredibly difficult as it requires the ability to restore/open every backup from the entire history since that user was created, delete their data, then save NEW backups.... all without losing service.

Yes and no - there's no reason backups can't be per-user on the final backup location, and as such easily deletable by user. You are right though that many companies will have to re-think their architecture/backup strategy, which will be a huge amount of work, and cost lots of money.

Too few companies think or have thought about how to delete a user's data once it's not needed anymore. This should have been a concern from the get-go of any company, not just because of new laws today IMHO.
Peapoll Apr 20, 2018
Strange, it's not consistent. It said 6 when I checked, then 8 when I rechecked, and now it says 0. It was on any page.
serge Apr 20, 2018
also for youtube you have to ask people consent for the cookie before they hit the display button.
Liam Dawe Apr 20, 2018
Quoting: sergealso for youtube you have to ask people consent for the cookie before they hit the display button.
Really? Google should be doing that then, frustrating if we are forced to do it for them. Got a link to confirm this?
While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon. Plain Donations: PayPal.

This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
The comments on this article are closed.