[heroes] NNTP questions
Is there any interest in resurrecting the NNTP access to the forums? Anyone else asking for it? I was a news server admin in the distant past (1992-99), and have a little time to devote to scraping the rust off my admin skills. What sort of resources were used? Is there an image of the old server? Was it stock INN, or customized? Was the gateway built in house? Any doc/info on this particular setup available? I'm not sure of the demand/effort requirements for the service, but I'd like to look into it. -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
George Baltz wrote:
Is there any interest in resurrecting the NNTP access to the forums?
Hi George Yes, we are trying to set something up.
Anyone else asking for it?
I have heard it mentioned that we have an active community on nttp, it would be a pity cutting them off.
What sort of resources were used? Is there an image of the old server? Was it stock INN, or customized?
It was/is Novell Typhoon. That's all I know.
Was the gateway built in house? Any doc/info on this particular setup available?
Pretty much what I've been asking too :-)
I'm not sure of the demand/effort requirements for the service, but I'd like to look into it.
Carlos is trying to get inn running, I'm sure your experience will come in very handy. He'll probably pick on this thread. -- Per Jessen, Zürich (27.1°C) Member, openSUSE Heroes -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
On 19/06/2019 16.01, Per Jessen wrote:
George Baltz wrote:
Is there any interest in resurrecting the NNTP access to the forums?
Hi George
Yes, we are trying to set something up.
Anyone else asking for it?
I have heard it mentioned that we have an active community on nttp, it would be a pity cutting them off.
What sort of resources were used? Is there an image of the old server? Was it stock INN, or customized?
It was/is Novell Typhoon. That's all I know.
Was the gateway built in house? Any doc/info on this particular setup available?
Pretty much what I've been asking too :-)
Jim is the person to ask about the gateway. I suspect the code lives at the web forum side.
I'm not sure of the demand/effort requirements for the service, but I'd like to look into it.
Carlos is trying to get inn running, I'm sure your experience will come in very handy. He'll probably pick on this thread.
Yep, here I am. So far what I have done is download the message database, slowly, to a virtual machine at home using leafnode. I did it past week, and today again because yesterday an automatic process deleted all old messages. So I have a copy. I will do a tgz of it. Just about 4.5GB, not much, for the opensuse.org structure only. And then I have another virtual machine, at home, in which I intend to practice with inn. I have to say that I have no experience with inn. I only have available time to help. So yes, certainly help to set it up would be very nice. Or directly doing it :-) Besides that, without a machine of some sort at opensuse.org nothing much can be done... I tried yesterday to post to the nntp/forum server a status followup message, but it was rejected, no idea why. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On Wed, 19 Jun 2019 19:35:30 +0200 "Carlos E. R." <robin.listas@telefonica.net> wrote:
On 19/06/2019 16.01, Per Jessen wrote:
George Baltz wrote:
Is there any interest in resurrecting the NNTP access to the forums?
Hi George
Yes, we are trying to set something up.
Anyone else asking for it?
I have heard it mentioned that we have an active community on nttp, it would be a pity cutting them off.
What sort of resources were used? Is there an image of the old server? Was it stock INN, or customized?
It was/is Novell Typhoon. That's all I know.
Was the gateway built in house? Any doc/info on this particular setup available?
Pretty much what I've been asking too :-)
Jim is the person to ask about the gateway. I suspect the code lives at the web forum side.
I'm not sure of the demand/effort requirements for the service, but I'd like to look into it.
Carlos is trying to get inn running, I'm sure your experience will come in very handy. He'll probably pick on this thread.
Yep, here I am.
So far what I have done is download the message database, slowly, to a virtual machine at home using leafnode. I did it past week, and today again because yesterday an automatic process deleted all old messages. So I have a copy. I will do a tgz of it. Just about 4.5GB, not much, for the opensuse.org structure only.
And then I have another virtual machine, at home, in which I intend to practice with inn.
I have to say that I have no experience with inn. I only have available time to help. So yes, certainly help to set it up would be very nice. Or directly doing it :-)
Besides that, without a machine of some sort at opensuse.org nothing much can be done...
I tried yesterday to post to the nntp/forum server a status followup message, but it was rejected, no idea why.
Hi Just a word of caution, please use the information for your testing, sure, but any importing will need to be done via vB as the data you have is not compliant with GDPR. -- Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890) Tumbleweed 20190617 | GNOME Shell 3.32.2 | 5.1.7-1-default Intel DQ77MK MB | i5-3470S X4 @ 3.60 GHz | Intel Ivybridge HD 2500 up 1 day 3:05, 2 users, load average: 1.03, 1.10, 0.75 -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
On 19/06/2019 19.59, Malcolm wrote:
On Wed, 19 Jun 2019 19:35:30 +0200 "Carlos E. R." <> wrote:
Hi Just a word of caution, please use the information for your testing, sure, but any importing will need to be done via vB as the data you have is not compliant with GDPR.
Oh. Please expand on that, I don't understand. What is vB? Why is it not compliant? It is a public server and the messages were posted by people that knew the posts were going to be published. There are no read access controls. You mean that we have to create the nntp server empty of messages, ignore all the existing messages? It is certainly easier to do. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
Carlos E. R. wrote:
On 19/06/2019 19.59, Malcolm wrote:
On Wed, 19 Jun 2019 19:35:30 +0200 "Carlos E. R." <> wrote:
Hi Just a word of caution, please use the information for your testing, sure, but any importing will need to be done via vB as the data you have is not compliant with GDPR.
Oh. Please expand on that, I don't understand. What is vB?
The forums software - vBulletin. -- Per Jessen, Zürich (24.8°C) Member, openSUSE Heroes -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
On 19/06/2019 20.26, Per Jessen wrote:
Carlos E. R. wrote:
On 19/06/2019 19.59, Malcolm wrote:
On Wed, 19 Jun 2019 19:35:30 +0200 "Carlos E. R." <> wrote:
Hi Just a word of caution, please use the information for your testing, sure, but any importing will need to be done via vB as the data you have is not compliant with GDPR.
Oh. Please expand on that, I don't understand. What is vB?
The forums software - vBulletin.
Opps! :-) -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On Wed, 19 Jun 2019 20:06:19 +0200 "Carlos E. R." <robin.listas@telefonica.net> wrote:
On 19/06/2019 19.59, Malcolm wrote:
On Wed, 19 Jun 2019 19:35:30 +0200 "Carlos E. R." <> wrote:
Hi Just a word of caution, please use the information for your testing, sure, but any importing will need to be done via vB as the data you have is not compliant with GDPR.
Oh. Please expand on that, I don't understand. What is vB? Hi vB is an abbreviation of vBulliten (the forum software) ;)
Why is it not compliant? It is a public server and the messages were posted by people that knew the posts were going to be published. There are no read access controls.
Users have asked under GDPR for their information to be deleted, so in vB their signatures are emptied and all of their posts are set to 'Guest'. Since the gateway has run, these posts are on the nntp side and still contain that information they asked to be deleted....
You mean that we have to create the nntp server empty of messages, ignore all the existing messages? It is certainly easier to do.
Yes, that would be my suggestion, just the structure, get the gateway working to vB (or what ever forum software is going to be used going forward) and populate, this will also pull in the ones requested to be removed as 'Guest'. The ongoing challenge as I see it will be how to remove references and signatures on the nntp side, but changed on the forum side.... Then there are the Forum staff spam tools as well for canceling messages so they are deleted on the nntp side. -- Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890) Tumbleweed 20190617 | GNOME Shell 3.32.2 | 5.1.7-1-default Intel DQ77MK MB | i5-3470S X4 @ 3.60 GHz | Intel Ivybridge HD 2500 up 1 day 3:34, 2 users, load average: 0.23, 0.35, 0.56 -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
On 19/06/2019 20.35, Malcolm wrote:
On Wed, 19 Jun 2019 20:06:19 +0200 "Carlos E. R." <> wrote:
On 19/06/2019 19.59, Malcolm wrote:
On Wed, 19 Jun 2019 19:35:30 +0200 "Carlos E. R." <> wrote:
Hi Just a word of caution, please use the information for your testing, sure, but any importing will need to be done via vB as the data you have is not compliant with GDPR.
Oh. Please expand on that, I don't understand. What is vB? Hi vB is an abbreviation of vBulliten (the forum software) ;)
Oops. Should have known. :-)
Why is it not compliant? It is a public server and the messages were posted by people that knew the posts were going to be published. There are no read access controls.
Users have asked under GDPR for their information to be deleted, so in vB their signatures are emptied and all of their posts are set to 'Guest'. Since the gateway has run, these posts are on the nntp side and still contain that information they asked to be deleted....
Oh :-o
You mean that we have to create the nntp server empty of messages, ignore all the existing messages? It is certainly easier to do.
Yes, that would be my suggestion, just the structure, get the gateway working to vB (or what ever forum software is going to be used going forward) and populate, this will also pull in the ones requested to be removed as 'Guest'.
I think the first step would be to get the structure (I think that the nntp side has some groups that were removed or renamed later, so better get the actual list from the web side and possibly change names if needed, now that there is a chance. Set up some test group and verify that it works, independently. Possibly add authentication? Then add the GW, test it on test group, then populate the rest.
The ongoing challenge as I see it will be how to remove references and signatures on the nntp side, but changed on the forum side....
As long as the posts are copied from the web side, they will be correct, no?
Then there are the Forum staff spam tools as well for canceling messages so they are deleted on the nntp side.
Ah, messages that are deleted later. Yes, inn can do that. If the interface is standard, they should work. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
Malcolm wrote:
Users have asked under GDPR for their information to be deleted, so in vB their signatures are emptied and all of their posts are set to 'Guest'. Since the gateway has run, these posts are on the nntp side and still contain that information they asked to be deleted....
I am certainly no expert, but as long as the information stored cannot be linked to any specific individual, it ought to be okay? (as far as I have understood). If anyone sends in a copy of their identity card, how are posts linked to that identity? (containing only name & address). Recently, there was an excellent asrticle in c't, where they tested the responses to GDPR requests across 30 companies. I don't think there were any mailing lists or forums or email archives mentioned.
Yes, that would be my suggestion, just the structure, get the gateway working to vB (or what ever forum software is going to be used going forward) and populate, this will also pull in the ones requested to be removed as 'Guest'.
The bi-dir interface also works on existing postings? I thought/assumed it only worked on incoming postings. Hmm.
The ongoing challenge as I see it will be how to remove references and signatures on the nntp side, but changed on the forum side....
Yes, I too foresee some continued GDPR discussions. -- Per Jessen, Zürich (24.0°C) Member, openSUSE Heroes -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
Per Jessen wrote:
Malcolm wrote:
Users have asked under GDPR for their information to be deleted, so in vB their signatures are emptied and all of their posts are set to 'Guest'. Since the gateway has run, these posts are on the nntp side and still contain that information they asked to be deleted....
I am certainly no expert, but as long as the information stored cannot be linked to any specific individual, it ought to be okay? (as far as I have understood).
FWIW - my wife occasionally and indirectly deals with the implementation of GDPR regulations (in banking). She is adamant that - a) anyone asking for any action (deletion/information) under the GDPR regulations _must_ provide proof of identity. b) that proof must be sufficient to establish a unique link to the information requested. For emails or forum postings, I suggest that is virtually impossible. I have seen a number of such requests wrt our mailing lists too, and I have sofar refused to do anything. No one has provided any proof of identity. -- Per Jessen, Zürich (23.1°C) Member, openSUSE Heroes -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
On 19/06/2019 21.15, Per Jessen wrote:
Per Jessen wrote:
Malcolm wrote:
Users have asked under GDPR for their information to be deleted, so in vB their signatures are emptied and all of their posts are set to 'Guest'. Since the gateway has run, these posts are on the nntp side and still contain that information they asked to be deleted....
I am certainly no expert, but as long as the information stored cannot be linked to any specific individual, it ought to be okay? (as far as I have understood).
FWIW - my wife occasionally and indirectly deals with the implementation of GDPR regulations (in banking). She is adamant that -
a) anyone asking for any action (deletion/information) under the GDPR regulations _must_ provide proof of identity.
b) that proof must be sufficient to establish a unique link to the information requested.
For emails or forum postings, I suggest that is virtually impossible. I have seen a number of such requests wrt our mailing lists too, and I have sofar refused to do anything. No one has provided any proof of identity.
Wouldn't "I'm the owner of that email address" be enough? :-? -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
Carlos E. R. wrote:
On 19/06/2019 21.15, Per Jessen wrote:
Per Jessen wrote:
Malcolm wrote:
Users have asked under GDPR for their information to be deleted, so in vB their signatures are emptied and all of their posts are set to 'Guest'. Since the gateway has run, these posts are on the nntp side and still contain that information they asked to be deleted....
I am certainly no expert, but as long as the information stored cannot be linked to any specific individual, it ought to be okay? (as far as I have understood).
FWIW - my wife occasionally and indirectly deals with the implementation of GDPR regulations (in banking). She is adamant that -
a) anyone asking for any action (deletion/information) under the GDPR regulations _must_ provide proof of identity.
b) that proof must be sufficient to establish a unique link to the information requested.
For emails or forum postings, I suggest that is virtually impossible. I have seen a number of such requests wrt our mailing lists too, and I have sofar refused to do anything. No one has provided any proof of identity.
Wouldn't "I'm the owner of that email address" be enough? :-?
IANAL, but I don't think that is sufficient. For starters, it is not proof of identity. The important question is - can your person be uniquely linked to that email address, by way of what we have stored? In comparison - last weekend, I went on-line and bought something from a department store. I obviously left my name and address and I paid by creditcard. That place will now have information that is quite clearly linked to my person. If you send me a copy of your id card, there is no way I can unequivocally link that to anything in our forums or mailing lists. -- Per Jessen, Zürich (18.4°C) Member, openSUSE Heroes -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
Gesendet: Donnerstag, 20. Juni 2019 um 12:53 Uhr Von: "Per Jessen" <per@opensuse.org> An: heroes@opensuse.org Betreff: Re: [heroes] NNTP questions / GDPR / DSVGO
Carlos E. R. wrote:
On 19/06/2019 21.15, Per Jessen wrote:
Per Jessen wrote:
Malcolm wrote:
Users have asked under GDPR for their information to be deleted, so in vB their signatures are emptied and all of their posts are set to 'Guest'. Since the gateway has run, these posts are on the nntp side and still contain that information they asked to be deleted....
I am certainly no expert, but as long as the information stored cannot be linked to any specific individual, it ought to be okay? (as far as I have understood).
FWIW - my wife occasionally and indirectly deals with the implementation of GDPR regulations (in banking). She is adamant that -
a) anyone asking for any action (deletion/information) under the GDPR regulations _must_ provide proof of identity.
b) that proof must be sufficient to establish a unique link to the information requested.
For emails or forum postings, I suggest that is virtually impossible. I have seen a number of such requests wrt our mailing lists too, and I have sofar refused to do anything. No one has provided any proof of identity.
Wouldn't "I'm the owner of that email address" be enough? :-?
IANAL, but I don't think that is sufficient. For starters, it is not proof of identity.
The important question is - can your person be uniquely linked to that email address, by way of what we have stored?
In comparison - last weekend, I went on-line and bought something from a department store. I obviously left my name and address and I paid by creditcard. That place will now have information that is quite clearly linked to my person.
If you send me a copy of your id card, there is no way I can unequivocally link that to anything in our forums or mailing lists.
-- Per Jessen, Zürich (18.4°C) Member, openSUSE Heroes
We have such problems with GDPR/ DSGVO at our university now, too. That is more crazy than you can believe. We are a Faculty of Computer Science and all data should be anonymously after the leaving of or students. We are using gitlab for student projects and different online forms to register for our units. Every gitlab commit contains the email address by the Contributor. That should not be identifiable in the future because of the GDPR. We have been surprised... We are looking at other universities after their solutions. That is the same case with "removing personal data" after leaving the community. I think about any possibility to encrypt personal data with an additional script, that the system can know the data and users can see only encypted email addresses. The GDPR makes all difficult... Best regards, Sarah -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
On 6/20/19 2:55 PM, Sarah-Julia Kriesch wrote:
We have such problems with GDPR/ DSGVO at our university now, too. That is more crazy than you can believe. We are a Faculty of Computer Science and all data should be anonymously after the leaving of or students. We are using gitlab for student projects and different online forms to register for our units. Every gitlab commit contains the email address by the Contributor. That should not be identifiable in the future because of the GDPR. We have been surprised... Sarah, thanks for bringing this up.
For quite a while I'm concerned about VCS commit histories: You never know who is going to draw which conclusions from it. E.g. your next potential employer could look into those histories and think you might not be fit into the organization because all your public commits were done late in the evening or at night. Just an example. Microsoft bought Linkedin. Microsoft bought github. Think about it. Ciao, Michael.
Gesendet: Donnerstag, 20. Juni 2019 um 15:05 Uhr Von: "Michael Ströder" <michael@stroeder.com> An: Kein Empfänger Cc: heroes@opensuse.org Betreff: Re: [heroes] NNTP questions / GDPR / DSVGO
On 6/20/19 2:55 PM, Sarah-Julia Kriesch wrote:
We have such problems with GDPR/ DSGVO at our university now, too. That is more crazy than you can believe. We are a Faculty of Computer Science and all data should be anonymously after the leaving of or students. We are using gitlab for student projects and different online forms to register for our units. Every gitlab commit contains the email address by the Contributor. That should not be identifiable in the future because of the GDPR. We have been surprised... Sarah, thanks for bringing this up.
For quite a while I'm concerned about VCS commit histories: You never know who is going to draw which conclusions from it. E.g. your next potential employer could look into those histories and think you might not be fit into the organization because all your public commits were done late in the evening or at night. Just an example.
And the same applies to emails on mailing lists and in forums...
Microsoft bought Linkedin. Microsoft bought github. Think about it.
Ciao, Michael.
Therefore, we have to figure out any solution for openSUSE, too. Best regards, Sarah P.S. One professor has asked another professor at our neighbour university. He laughed about that and had the opinion, that would not be possible. -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
On 6/20/19 3:18 PM, Sarah-Julia Kriesch wrote:
"Michael Ströder" <michael@stroeder.com> wrote:
For quite a while I'm concerned about VCS commit histories: You never know who is going to draw which conclusions from it. E.g. your next potential employer could look into those histories and think you might not be fit into the organization because all your public commits were done late in the evening or at night. Just an example.
And the same applies to emails on mailing lists and in forums...
Yepp.
Therefore, we have to figure out any solution for openSUSE, too.
P.S. One professor has asked another professor at our neighbour university. He laughed about that and had the opinion, that would not be possible. If people leave an organization and all links from the data to their
Yes, thus it should be taken to the board. Actually Richard asked me at oSC 2019 whether to establish an Open Source project IAM based on pseudonyms. Well, interesting but lots of work. personal data are dropped this is heavy work but possible. But then the links are gone and can never be used anymore (e.g. no meaningful git blame or similar). Ciao, Michael. -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
On 6/19/19 9:15 PM, Per Jessen wrote:
Per Jessen wrote:
Malcolm wrote:
Users have asked under GDPR for their information to be deleted, so in vB their signatures are emptied and all of their posts are set to 'Guest'. Since the gateway has run, these posts are on the nntp side and still contain that information they asked to be deleted....
I am certainly no expert, but as long as the information stored cannot be linked to any specific individual, it ought to be okay? (as far as I have understood).
FWIW - my wife occasionally and indirectly deals with the implementation of GDPR regulations (in banking). She is adamant that -
a) anyone asking for any action (deletion/information) under the GDPR regulations _must_ provide proof of identity.
b) that proof must be sufficient to establish a unique link to the information requested.
For emails or forum postings, I suggest that is virtually impossible.
This is your personal opinion. And I can fully understand why you're arguing that way.
I have seen a number of such requests wrt our mailing lists too, and I have sofar refused to do anything. No one has provided any proof of identity.
Personally I don't know it better but I have some doubts: With this approach you're effectively preventing that someone makes use of his/her rights defined in GDPR. This seems to work for now because none of the users was eager enough to take this to court. (German saying: "Wo kein Kläger da kein Richter.) But it might also produce complex conflict situations: Forged sender addresses can easily be used for really nasty spam or weird false messages. So the real owner of an e-mail address might have a vital and legitimate interest a forged message to be removed. If you prevent this correction/deletion by saying nobody can prove the identity the e-mail address owner could take the legal entity running the lists to court. It's not unlikely that a judge would argue that because there's also no real identity proof when accepting a message sent to the list it is sufficient as identity proof to simply check whether an e-mail challenge is correctly answered. I'm not a lawyer. These are just my personal thoughts. For now we all don't know for sure. Conclusion: Ask your lawyer. Ciao, Michael.
Michael Strc3b6der wrote:
FWIW - my wife occasionally and indirectly deals with the implementation of GDPR regulations (in banking). She is adamant that -
a) anyone asking for any action (deletion/information) under the GDPR regulations _must_ provide proof of identity.
b) that proof must be sufficient to establish a unique link to the information requested.
For emails or forum postings, I suggest that is virtually impossible.
This is your personal opinion. And I can fully understand why you're arguing that way.
I have seen a number of such requests wrt our mailing lists too, and I have sofar refused to do anything. No one has provided any proof of identity.
Personally I don't know it better but I have some doubts:
With this approach you're effectively preventing that someone makes use of his/her rights defined in GDPR. This seems to work for now because none of the users was eager enough to take this to court. (German saying: "Wo kein Kläger da kein Richter.)
But it might also produce complex conflict situations: Forged sender addresses can easily be used for really nasty spam or weird false messages. So the real owner of an e-mail address might have a vital and legitimate interest a forged message to be removed. If you prevent this correction/deletion by saying nobody can prove the identity the e-mail address owner could take the legal entity running the lists to court.
Yes, there are all kinds of complexities. The legal entity is of course SUSE GmbH. Although I manage the mailing lists, I am under no legal obligation by SUSE, nor have I received any instructions from SUSE regarding the GDPR. Another couple of reasons for not wanting to touch the whole thing.
It's not unlikely that a judge would argue that because there's also no real identity proof when accepting a message sent to the list it is sufficient as identity proof to simply check whether an e-mail challenge is correctly answered.
I have also been wondering about that.
I'm not a lawyer. These are just my personal thoughts. For now we all don't know for sure. Conclusion: Ask your lawyer.
Amen. -- Per Jessen, Zürich (20.8°C) Member, openSUSE Heroes -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
Gesendet: Donnerstag, 20. Juni 2019 um 15:31 Uhr Von: "Per Jessen" <per@opensuse.org> An: heroes@opensuse.org Betreff: Re: [heroes] NNTP questions / GDPR / DSVGO
Michael Strc3b6der wrote:
FWIW - my wife occasionally and indirectly deals with the implementation of GDPR regulations (in banking). She is adamant that -
a) anyone asking for any action (deletion/information) under the GDPR regulations _must_ provide proof of identity.
b) that proof must be sufficient to establish a unique link to the information requested.
For emails or forum postings, I suggest that is virtually impossible.
This is your personal opinion. And I can fully understand why you're arguing that way.
I have seen a number of such requests wrt our mailing lists too, and I have sofar refused to do anything. No one has provided any proof of identity.
Personally I don't know it better but I have some doubts:
With this approach you're effectively preventing that someone makes use of his/her rights defined in GDPR. This seems to work for now because none of the users was eager enough to take this to court. (German saying: "Wo kein Kläger da kein Richter.)
But it might also produce complex conflict situations: Forged sender addresses can easily be used for really nasty spam or weird false messages. So the real owner of an e-mail address might have a vital and legitimate interest a forged message to be removed. If you prevent this correction/deletion by saying nobody can prove the identity the e-mail address owner could take the legal entity running the lists to court.
Yes, there are all kinds of complexities. The legal entity is of course SUSE GmbH. Although I manage the mailing lists, I am under no legal obligation by SUSE, nor have I received any instructions from SUSE regarding the GDPR. Another couple of reasons for not wanting to touch the whole thing.
Should we forward this topic to the openSUSE Board then?
It's not unlikely that a judge would argue that because there's also no real identity proof when accepting a message sent to the list it is sufficient as identity proof to simply check whether an e-mail challenge is correctly answered.
I have also been wondering about that.
I'm not a lawyer. These are just my personal thoughts. For now we all don't know for sure. Conclusion: Ask your lawyer.
Amen.
-- Per Jessen, Zürich (20.8°C) Member, openSUSE Heroes
-- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
-- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
On 6/20/19 3:31 PM, Per Jessen wrote:
Michael Strc3b6der wrote:
But it might also produce complex conflict situations: Forged sender addresses can easily be used for really nasty spam or weird false messages. So the real owner of an e-mail address might have a vital and legitimate interest a forged message to be removed. If you prevent this correction/deletion by saying nobody can prove the identity the e-mail address owner could take the legal entity running the lists to court.
Yes, there are all kinds of complexities.
This means our personal opinion(s) does not matter much.
The legal entity is of course SUSE GmbH.
That's also my understanding.
Although I manage the mailing lists, I am under no legal obligation by SUSE, nor have I received any instructions from SUSE regarding the GDPR. Another couple of reasons for not wanting to touch the whole thing.
My suggestion would be to take this to the openSUSE board.
It's not unlikely that a judge would argue that because there's also no real identity proof when accepting a message sent to the list it is sufficient as identity proof to simply check whether an e-mail challenge is correctly answered.
I have also been wondering about that.
Technically I see no reason why we couldn't setup a challenge-response mechanism via e-mail for the identity proof of an e-mail address before processing GDPR correction/removal requests. Thinking about this a bit more it should be a standard functionality of a mailing list manager software.
I'm not a lawyer. These are just my personal thoughts. For now we all don't know for sure. Conclusion: Ask your lawyer.
Amen.
;-) Ciao, Michael.
On 19/06/2019 20.54, Per Jessen wrote:
Malcolm wrote:
...
Yes, that would be my suggestion, just the structure, get the gateway working to vB (or what ever forum software is going to be used going forward) and populate, this will also pull in the ones requested to be removed as 'Guest'.
The bi-dir interface also works on existing postings? I thought/assumed it only worked on incoming postings. Hmm.
Me too. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
participants (7)
-
Carlos E. R.
-
Carlos E. R.
-
George Baltz
-
Malcolm
-
Michael Ströder
-
Per Jessen
-
Sarah-Julia Kriesch