Stories
Slash Boxes
Comments

SoylentNews is people

posted by mrpg on Tuesday May 14 2019, @10:00AM   Printer-friendly
from the ohoh dept.

Europe is bracing itself for a big shake-up in how we pay for things online, which will have significant consequences for businesses across the region. Similar to how GDPR hugely impacted how millions of organizations handle personal data when it was enforced last year, Strong Customer Authentication (or SCA) will have profound implications for how businesses handle online transactions and how we pay for things in our everyday lives when it is enforced on September 14.

SCA will require an extra layer of authentication for online payments. Where a card number and address once sufficed, customers will now be required to include at least two of the following three factors to do anything as simple as order a taxi or pay for a music streaming service. Something they know (like a password or PIN), something they own (like a token or smartphone), and something they are (like a fingerprint or biometric facial features).

https://thenextweb.com/podium/2019/05/10/your-business-passed-the-gdpr-challenge-but-sca-is-next/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by canopic jug on Tuesday May 14 2019, @12:20PM (15 children)

    by canopic jug (3949) Subscriber Badge on Tuesday May 14 2019, @12:20PM (#843373) Journal

    I'd say once it's published it is published. I expect that one of the site's pages explain that rather well and that acceptance of that is part of the cost of participating on the site.

    Anyway, thanks for keeping SN running smoothly. I got curious enough to download the source a while back and saw how large and complex it is. So it takes quite a bit of skill as well as effort and will.

    --
    Money is not free speech. Elections should not be auctions.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 5, Insightful) by ledow on Tuesday May 14 2019, @03:15PM (14 children)

    by ledow (5567) on Tuesday May 14 2019, @03:15PM (#843440) Homepage

    You're not going to avoid this.

    GDPR is the start and affects anything you do that touches Europe. Soon the US will follow suit.

    The right to be forgotten is a perfectly valid right, and as others point out, you just overwrite data, not remove it. "[[[[[This comment has been removed because the original user filed a redaction request]]]]]".

    Search and replace on the database, by userid, problem solved.

    It's not a difficult problem at all. It doesn't hide anything that people have a desperate need to hide. It's a courtesy to your users. And it really doesn't take much to implement even on a system never designed with that in mind.

    One day you won't get a choice. Imagine, for instance, something like the DVDCSS key that everyone posted everywhere as a hoax. Imagine getting cease-and-desists for people who do that on your site, deliberately troll information that courts have deemed shouldn't be public. It happens every day and Facebook et al can't keep up, for things like people published alleged paedophile addresses, etc.

    If your site doesn't facilitate redaction and removal of old pages, comments, pages, etc. today then you're going to need it tomorrow. Best to design it in. It's really not that hard. Whereas working out the SQL to cull their comments without breaking everything, on a whim, overnight, under threat of legal compliance from someone with jurisdiction over you... that's not going to be easy.

    And if you can do it for one comment, you can do it for all over their comments. And if you can do it when ordered, you can do it on request of that person themselves. And if you draw a line anywhere, but a law requires you not to, then you have a LOT of expensive justification ahead of you ("Oh, so you could take your mate John's comment off when he accidentally called his boss an idiot, but you're refusing to comply with a legal request to redact my client's comment history?".

    Get used to data privacy, including privacy of your historical data. It doesn't take much to do. It's inevitably only going to get worse (just wait until you're served with a writ to provide *all* information you store on a person... where if you fail to "reasonably" provide all the data you ever could, that you could be found in contempt of that order...). And if your system isn't designed with it in mind from day one, it's only going to get worse for you when you have to do it later.

    • (Score: 1, Informative) by Anonymous Coward on Tuesday May 14 2019, @09:45PM (1 child)

      by Anonymous Coward on Tuesday May 14 2019, @09:45PM (#843608)

      and are you going to extract all your backups and redact the user's data and then re-compress them 24/7 every time someone wants to be "forgotten"? you're just a bootlicking, authoritarian state socialist.

      • (Score: 4, Touché) by ledow on Wednesday May 15 2019, @07:31AM

        by ledow (5567) on Wednesday May 15 2019, @07:31AM (#843723) Homepage

        I'm a Brit.

        We have GDPR.

        I work in IT.

        What's on public display is a very different question to what's in an encrypted historical record, and you seem to miss that you are merely a custodian of other people's data, only with their permission. Data protection has always been held in high regard in the EU and, in case you missed it, an ENTIRE CONTINENT complies, across 20+ language barriers, a greater combined population than the US, and an ancient legal system which you borrowed as the basis of your own.

        Tell me how a "authoritarian state socialist" is defending the right for you to have your data deleted, corrected, and what's stored on you revealed, from all government databases, historically, and in perpetuity, as well as ordinary commercial websites, and those run by Joe Bloggs who's hoarding all your data on his personal blog and selling it to others.

    • (Score: 2) by edIII on Tuesday May 14 2019, @11:47PM (9 children)

      by edIII (791) on Tuesday May 14 2019, @11:47PM (#843643)

      Sorry man, but fuck that. I understand why TMB is philosophically against it. If somebody wanted to delete the information associated with the account, like username, hashed password, email address, and settings, that should be okay.

      However, this site does not allow you to either edit or delete comments. They are what they are, and they will stay that way forever. If you don't like something you said, then you should've thought of that when you said it. There are some posts I would like to take back, but I fully understand why that will never happen.

      We don't even get rid OF SPAM. If we're not going to fight SPAM and AC bullshit with deletions, then why the heck would we ever let a signed in user delete anything? SN isn't collecting private data to sell to others, it doesn't advertise or track us (except for some temporary PiWIK dev stuff that was consensual), etc.

      I'm with TMB. Just block California. On that note, I want to start using the TOR onion service but don't know the address. Worst case scenario, we can go completely underground and disallow all direct access to the site. If needed, I would help with a few bucks to move us to a different country where that hasn't happened yet.

      The right to be forgotten shouldn't be applied to many types of forum sites, SN especially. Specifically, there should be an exception carved out for certain types of forum comments. I'm sure the White Nationalists would love to be able to erase their hate, and not rightfully suffer for it, but I have very little sympathy in helping Nazi's receive cover.

      --
      Technically, lunchtime is at any moment. It's just a wave function.
      • (Score: 2) by ledow on Wednesday May 15 2019, @07:42AM (8 children)

        by ledow (5567) on Wednesday May 15 2019, @07:42AM (#843726) Homepage

        Soylent does delete spam. They have banned users and removed their comments. Thus the facility exists. It may not be on a GUI but try arguing that to a judge... this is exactly my point. The first time you get a proper legal request, you can cry to mommy about how it's absolutely impossible if you like... then someone will point to a post where the editors did *just that*. And then you're in for contempt of court as well as failing to comply. Or you can craft a small bodge-script that works for now, and start plumbing in features to allow this facility in the future.

        Though users do not get an edit button, the database is plain-text. Replacing the contents of any one comment is a literal single SQL statement (well-crafted, yes, but one line). Replacing the contents of every comment of a given userid is probably the same line but with a larger SELECT.

        The philosophy of free speech and historical record is an entirely other matter. But if you don't want your site brought by under legal writs, if you don't want it to be spammed to oblivion by people posting, say, links to the worst kinds of illegal content, then you have to have the facility to delete or overwrite. You can do that manually, which may well be how it's being done now. But the problem will only ever get worse. Adapt or be swamped in problems when it does start getting common.

        Suggesting that a bog-standard tech forum based on open-source code that you and I can read and find a way to "delete" comments is somehow more protected than, say, a Google search for illegal content, the Internet Archive, or major press associations (all of whom will also have to comply, and all of whom already have those facilities and use them every day) is so far past ridiculous that it really cuts into your credibility.

        I don't care about the if's and but's. I'm saying if you run a website with public comments, you need moderation tools. If you don't have convenient moderation tools, your time is going to be tied up on administration (i.e. paperwork-like administration) and legal hassle rather than just "Oh, what a pain... run comment delete tool on those auto-bot-troll-posting-porn".

        P.S. If you think either Soylent or Slash ever avoid removing comments, I can only tell you that you're wrong. If you think they are above the law, or can even afford a lawyer to fight, you're wrong. And if it's likely to happen more in the future for all kinds of reasons, then getting tools to do this automatically rather than spending time trying to comply manually (and messing up because you forget a step) is the techy/open-source way.

        • (Score: 2) by The Mighty Buzzard on Wednesday May 15 2019, @10:36AM (6 children)

          Soylent does delete spam.

          No, Soylent did delete spam. Once. When we were first starting out and someone scripted an assload of comments on every story over a couple weeks old. Those got deleted. Only those.

          They have banned users and removed their comments.

          You are incorrect.

          Thus the facility exists.

          You are again incorrect. The one instance of deletion was done from the mysql command line. And it broke things that were a huge pain to fix. Calling it a legitimate option is akin to calling opening your car door with explosives when your child locked themselves inside of it with your keys an option.

          --
          My rights don't end where your fear begins.
          • (Score: 1) by Chocolate on Friday May 17 2019, @05:38AM (5 children)

            by Chocolate (8044) on Friday May 17 2019, @05:38AM (#844619) Journal

            Please stop giving stupid people ideas.
            Mythbusters is a TV show not a manual for next weekend's entertainment.

            --
            Bit-choco-coin anyone?
            • (Score: 2) by The Mighty Buzzard on Friday May 17 2019, @10:46AM (4 children)

              Speak for yourself. I'm still trying to convince The Roomie's dad to let me take care of all the red cedar trees (they're a plague in OK because of how much water they'll suck up) on his place with Tannerite [tannerite.com]. It'd be fast, easy, and a lot more fun than having to cut off half a dozen limbs each before you took the chainsaw to several dozen trees.

              --
              My rights don't end where your fear begins.
              • (Score: 1) by Chocolate on Friday May 17 2019, @10:57AM (1 child)

                by Chocolate (8044) on Friday May 17 2019, @10:57AM (#844661) Journal

                The Original Binary Exploding Rifle Target

                Tannerite® is here to serve you.

                You are planning on attaching targets on the trees so you can shoot them to death?

                --
                Bit-choco-coin anyone?
                • (Score: 2) by The Mighty Buzzard on Saturday May 25 2019, @01:29AM

                  It doesn't come as targets, it comes as a kit you mix together and put on your existing targets. Or, if you're a silly-assed country boy who likes explosions, around the trunk of a cedar tree that you don't want to be there anymore. Or in a jar inside a broken clothes dryer that you've drug out into the field.

                  --
                  My rights don't end where your fear begins.
              • (Score: 2) by hendrikboom on Friday May 24 2019, @10:58AM (1 child)

                by hendrikboom (1125) Subscriber Badge on Friday May 24 2019, @10:58AM (#847010) Homepage Journal

                What is a binary exploding rifle target?

                • (Score: 2) by The Mighty Buzzard on Saturday May 25 2019, @01:25AM

                  It's a binary explosive that you can buy at sporting goods stores (as a kit with the two components you have to mix yourself ) that's set off by physical shock like shooting it with a bullet; blasting caps would probably also work. You can use it for whatever you like but while the product is legal not all potential uses are.

                  --
                  My rights don't end where your fear begins.
        • (Score: 2) by edIII on Wednesday May 15 2019, @07:08PM

          by edIII (791) on Wednesday May 15 2019, @07:08PM (#843930)

          Soylent does delete spam. They have banned users and removed their comments. Thus the facility exists. It may not be on a GUI but try arguing that to a judge... this is exactly my point. The first time you get a proper legal request, you can cry to mommy about how it's absolutely impossible if you like... then someone will point to a post where the editors did *just that*. And then you're in for contempt of court as well as failing to comply. Or you can craft a small bodge-script that works for now, and start plumbing in features to allow this facility in the future.

          You're incorrect, and TMB corrected you properly. Also, ease up a bit on the crying to mommy. Nobody is saying it is impossible, but if you LISTEN, you would hear just how difficult it was. You think you're the only one that knows SQL and how to manage data structures?

          Obviously it can be designed, and is technically possible. Others have pointed out the super obvious too; If you need those data rows for system integrity, you can modify them, not delete them. If we had an ID that used to belong to somebody, it's easy to overwrite their information. Maybe even easier to just use the AC ID, assuming there is a dedicated ID for AC.

          This isn't a technical discussion, but a philosophical one....

          The philosophy of free speech and historical record is an entirely other matter. But if you don't want your site brought by under legal writs, if you don't want it to be spammed to oblivion by people posting, say, links to the worst kinds of illegal content, then you have to have the facility to delete or overwrite. You can do that manually, which may well be how it's being done now. But the problem will only ever get worse. Adapt or be swamped in problems when it does start getting common.

          A law is not inherently correct. No, we do NOT need the ability to erase posts. This isn't a file sharing site, nor it is intended to be. Illegal content? You mean unpopular speech and attempts to suppress said speech and control the "narrative"? No. You will be held accountable for what you say in the public view, and it isn't in the interests of the public to allow people to scrub history because they made mistakes.

          Suggesting that a bog-standard tech forum based on open-source code that you and I can read and find a way to "delete" comments is somehow more protected than, say, a Google search for illegal content, the Internet Archive, or major press associations (all of whom will also have to comply, and all of whom already have those facilities and use them every day) is so far past ridiculous that it really cuts into your credibility.

          I didn't say that, so none of what you said there means anything with regards to my credibility. Again, you're not the only database programmer, and this isn't a technical issue. Go chat up TMB about the issues with the current data structures though. There ARE issues with THIS site and its code base that currently preclude the easy use of the "DELETE" in an SQL statement. If you have any skill at all with databases, and don't wish to damage *your* credibility, than you of course recognize that there could be issues deleting rows that are referenced elsewhere. I don't know anything about the data structures (ask TMB), but I generously code in foreign key constraints that are configured to reject DELETE statements when the ID is in use anywhere else.

          P.S. If you think either Soylent or Slash ever avoid removing comments, I can only tell you that you're wrong. If you think they are above the law, or can even afford a lawyer to fight, you're wrong. And if it's likely to happen more in the future for all kinds of reasons, then getting tools to do this automatically rather than spending time trying to comply manually (and messing up because you forget a step) is the techy/open-source way.

          You're confused and TMB corrected you.

          I don't care about the if's and but's. I'm saying if you run a website with public comments, you need moderation tools. If you don't have convenient moderation tools, your time is going to be tied up on administration (i.e. paperwork-like administration) and legal hassle rather than just "Oh, what a pain... run comment delete tool on those auto-bot-troll-posting-porn".

          There is a difference between moderation tools (the tech), and the reasons to have it (the philosophy). I don't believe people have a right to be forgotten with respect to their public statements. Deleting those is akin to rewriting history. Do you believe it should be okay, or the right-to-be-forgotten should be extended, to video based interviews with people making public statements? It's just a file attachment or a link in a database and surely easy to moderate, but should we?

          The answer is a resounding NO. It will instantly be abused by those in power to "scrub" their images clean of anything undesirable, and then to further control that image. What about 3rd party sites like archival sites. Do they have to remove their archives of my comments on SN?

          I view this as no different than somebody attempting to forcibly modify the public record for their benefit. I do not support the right for your public comments to be deleted, and it isn't in the best interests of society. Legal exceptions must be made for public forums to protect their integrity, and they are very much different than for-profit companies that profit of your information, provide private spaces for information, or offer SaaS.

          --
          Technically, lunchtime is at any moment. It's just a wave function.
    • (Score: 2) by darkfeline on Wednesday May 15 2019, @04:56AM

      by darkfeline (1030) on Wednesday May 15 2019, @04:56AM (#843697) Homepage

      > The right to be forgotten is a perfectly valid right

      Not really, no. Does Hitler have a right to be forgotten? Does a criminal have a right to be forgotten? Do you have a right to go into everyone else's brain and erase any memory they have of you, or prevent people from talking or writing about what they remember about you?

      There never was any "right to be forgotten". What there was, was a lack of rapid information propagation like there is today. If you move a few towns over, chances are they won't have heard of you fucking the pony. But there never was any right that people couldn't spread rumors if they found your pony fucking amusing.

      What has to happen is that society needs to come to terms with the fact that rapid information propagation means we can't take some things for granted any more. Fake news is one symptom of this. Realizing that people are inherently stupid and there will be artifacts of their stupidity on the Web is one thing that society is going to have to learn.

      --
      Join the SDF Public Access UNIX System today!
    • (Score: 3, Interesting) by The Mighty Buzzard on Wednesday May 15 2019, @12:02PM

      You're not going to avoid this.

      I wouldn't put money on that if I were you.

      GDPR is the start and affects anything you do that touches Europe. Soon the US will follow suit.

      You may have noticed that we have slightly differing opinions on what is and what is not right over here and that we don't tend to care much what Europe wants or doesn't want. That's the prerogative of any sovereign nation and should go without saying if that nation also happens to be a superpower.

      The right to be forgotten is a perfectly valid right...

      Oh? You lot can mandate that newspapers go around with a marker and black out every copy of an inadvisable letter to the editor that you wrote, can you? Your comments here are not personal data. They are a record of what you have chosen to say publicly. The right to speak comes with the responsibility to live with what you've said.

      One day you won't get a choice.

      How's that choice removal working out as far as shutting down The Pirate Bay? You always have a choice. Sometimes that choice is between bending your knee or making a Boston-harbor-sized cup of tea.

      --
      My rights don't end where your fear begins.