You can sign up to get a daily email of our articles, see the Mailing List page!

Steps we're taking as a site for GDPR compliance

Posted by , | Views: 13,877

As we're sure many of you know, a big new privacy and data protection thing is coming into force next month from the EU, called the EU General Data Protection Regulation (GDPR).

Any website that takes any information from anyone in the EU, has to comply with it, or face huge fines. Naturally, we want to ensure we're complying.

Here's a few steps we've already done

  • All YouTube embeds in comments/forum posts now use YouTube's enhanced privacy mode, which doesn't load a single cookie until you hit play.
  • All future articles with a YouTube embed will also use YouTube's enhanced privacy mode, we're working to update all older articles with a script soon.
  • We recently (read: finally) added the ability for you to delete your own individual comments. Was on the todo list for a long time, sorry it took so long. This will be rolled out to the forum too ASAP.
  • If you wish to completely remove your account (not "hidden"—just completely gone), there's an option to do so in your User Control Panel now.
  • All new users PC Info is now opt-in to the Monthly User Statistics, this can be changed any time with a new checkbox labelled "Include your PC details in our Monthly User Statistics?" at the top of the User Control Panel page for PC Info. Not a big change, but it means now you can display your PC Info without being in the survey. For people who have it checked and leave it for a long time, data is eventually cut out of the monthly survey that we consider stale anyway, so it wouldn't be included when it gets too old. To be clear on our user survey: no user identifiable information is included for the survey output, no user id, no username or anything—just the answers.
  • We've removed the Twitter embed in the right sidebar, so that Twitter cookies and tracking does not touch our website at all. To be clear, the Twitter handle @gamingonlinux still exists, just the embed for it on our site is gone.
  • The registration page now includes links to our Ethics and Privacy policy pages (can be found any time in the site's footer).
  • This was done a long time ago, but as a reminder, if you wish your profile to be private, you can do so by setting it in the User Control Panel Privacy page. We've decided that going forward, all new users profiles will be private by default. We're eventually going to add more specific details of what you wish to show on your profile page instead of private or public. Luckily, we don't actually store or show a lot of information anyway.
  • We've removed the ability for users to set an avatar from a URL. While we're sure our security was tight on that to ensure they 100% are linking to an image, it's just not worth the hassle if somehow a script slipped past it and stored a cookie on your PC. You can still pick an avatar from the gallery (which we will expand) or upload an avatar directly.
  • When a submitted article is approved, we're making sure to wipe the email and IP that it was submitted from. They're only stored to block spammers (based on IP) and to email you if it's accepted or denied. Denied articles are completely removed.

Other misc updates:

  • Notifications older than six months are now being wiped, to help keep our database lean and mean. To be honest, if you haven't visited in six months it's likely any notifications are pointless.
  • We removed the GamingOnLinux Facebook Group embed from the right sidebar on the homepage, this was unrelated to GDPR. We just didn't like their data handling with the recent stuff in the news. To be clear, the GOL Facebook Group still exists, just the embed for it on our site is gone.
  • We now included a standard message in all articles, at the bottom to notify you that certain links will be affiliate links. So no editor can forget (read: me, I'm forgetful).

You can find more about GDPR here.

Personally, while testing our site using uBlock Origin in Chrome, I don't see a single notification about anything blocked, so that's good. Since we have no adverts, no outside statistics tracking or anything (we don't even use Google Analytics like most sites do) there should be nothing to be concerned about.

If you feel there's something we should be doing that we're not to help protect your privacy and data, do let us know any time.

Ps. You can follow random progress on gitlab here.

Article taken from GamingOnLinux.com.
43 Likes, Who?
We do often include affiliate links to earn us some pennies. We are currently affiliated with GOG, Humble Store and Paradox Interactive. See more information here.
About the author -
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly came back to check on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly.
See more from me
The comments on this article are closed.
68 comments
Page: «7/7
  Go to:

Liam Dawe 23 April 2018 at 5:46 am UTC
Made lots of progress on this, for those who care. Here's the just of it:

  • All 9K+ articles have all their YouTube videos switched over to the YouTube no cookie URL. I'm waiting to see how Google handle the GDPR deadline, before I force site visitors to click something before they can see them. I'm hoping google add some form of notice, that once you click a video you get cookies - it's their damn job to do so.

  • I've also improved our user deletion tool, so it will remove article likes a user made if a user removes their account. It wouldn't show anyway since their account would be gone, but it cleans it all up and adjusts the total likes for an article properly.

  • We also now remove unactivated users 10 days after they register if not activated.

  • Remove the IP of someone who hasn't logged in for 3 months, after that long we really have no need for it. They can't login if banned anyway. Also set their profile to private, they may forget about it.

  • We now only pull in google recaptcha JS in the files that need it (register, contact us, submit article) nowhere else.

  • Users PC Info they submit for our monthly survey is auto-wiped after 2 years, both preventing stale data and personal data anyone forgets about.

  • I also fixed up the full-article RSS feed for YouTube videos, iframes don't seem to work, so we're pulling in the high quality thumbnail with a link to the video - better than seeing a blank space.


Working on having the user deletion tool fuzzy usernames in quotes if a user deletes their account so:
liamdawetest
Becomes
Guesttest

For YouTube, additionally I'm waiting to see what Google do by the GDPR deadline. I really don't want to force 100% of our users through some JS script that forces you to accept something on our end, before you can even click the video. It's Google's job to ensure you're properly informed, I hope they add a proper notice. It's good they offer the no cookie version, but it's not enough. Same for reCAPTCHA.

I'm not sitting on my hands though, I have code waiting and W.I.P to not show a video unless people accept cookies in a banner on our site just in case.


Last edited by Liam Dawe on 23 April 2018 at 5:49 am UTC
Tiedemann 23 April 2018 at 6:44 pm UTC
View PC info
  • Supporter
After watching a few hours of videos on youtube and having a 2 hour meeting at work where some of it was explained I still don't have a clue as to how to produce the needed documentation for what we have. I work in a municipality though so we can't just focus on the GDPR, and even though I personally don't handle more than a fraction of the data we have (system admin kinda role, it's complicated), I still love the whole thing.
Not because it is a lot of work but because a lot of my colleagues are acting like a bunch of ignorant FB users who now have to think about what personal information actually is. It's the need to know/nice to know and consent part of it that makes ppl actually have to care about other peoples data, not only as an employee but also as a private citizen.

I understand why this is a lot of work for small business and sites and I don't envy them
DrMcCoy 23 April 2018 at 6:59 pm UTC
TiedemannAfter watching a few hours of videos on youtube and having a 2 hour meeting at work where some of it was explained I still don't have a clue as to how to produce the needed documentation for what we have.

No offence, but the final approval of the GDPR was in April 2016, so you had two years of time to inform yourself about this. The text was final in April 2016 and, like everything EU, public. Especially if you work in a muncipality, as part of the government, the information should have been passed down long ago.

And it's not just you. All this rushing, from multiple (most?) orgs in the month before it goes live, after two years of forewarning, feels...not good.
Tiedemann 23 April 2018 at 7:19 pm UTC
View PC info
  • Supporter
DrMcCoy
TiedemannAfter watching a few hours of videos on youtube and having a 2 hour meeting at work where some of it was explained I still don't have a clue as to how to produce the needed documentation for what we have.

No offence, but the final approval of the GDPR was in April 2016, so you had two years of time to inform yourself about this. The text was final in April 2016 and, like everything EU, public. Especially if you work in a muncipality, as part of the government, the information should have been passed down long ago.

And it's not just you. All this rushing, from multiple (most?) orgs in the month before it goes live, after two years of forewarning, feels...not good.

Yeah, but that would mean the ppl at the top would have to listen, and they usually don't unless they're own ass is on fire. It's kinda sad that you have to scare them with the price tag of not complying before they take it seriously.
Hori 28 April 2018 at 7:11 am UTC
Am I really the only one who likes data protection laws?
tuubi 28 April 2018 at 7:22 am UTC
View PC info
  • Supporter
HoriAm I really the only one who likes data protection laws?
No, and you're not even the only one who didn't read the thread.
Hori 28 April 2018 at 9:07 pm UTC
tuubi
HoriAm I really the only one who likes data protection laws?
No, and you're not even the only one who didn't read the thread.
tuubi
HoriAm I really the only one who likes data protection laws?
No, and you're not even the only one who didn't read the thread.
I've read the article, but the comments only a few random ones, and the ones I happened to read were against it, dunno.
TheSHEEEP 29 April 2018 at 9:11 am UTC
View PC info
  • Supporter
Hori
tuubi
HoriAm I really the only one who likes data protection laws?
No, and you're not even the only one who didn't read the thread.
I've read the article, but the comments only a few random ones, and the ones I happened to read were against it, dunno.
Most people are against stuff that imposes mild inconveniences on them ;)
  Go to:
While you're here, please consider supporting GamingOnLinux on Patreon, Liberapay or Paypal. We have no adverts, no paywalls, no timed exclusive articles. Just good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
Livestreams & Videos
Community Livestreams
  • Build Up: „Hive Time“
  • Date:
See more!
Popular this week
View by Category
Contact
Latest Comments
Latest Forum Posts