Europe is bracing itself for a big shake-up in how we pay for things online, which will have significant consequences for businesses across the region. Similar to how GDPR hugely impacted how millions of organizations handle personal data when it was enforced last year, Strong Customer Authentication (or SCA) will have profound implications for how businesses handle online transactions and how we pay for things in our everyday lives when it is enforced on September 14.
SCA will require an extra layer of authentication for online payments. Where a card number and address once sufficed, customers will now be required to include at least two of the following three factors to do anything as simple as order a taxi or pay for a music streaming service. Something they know (like a password or PIN), something they own (like a token or smartphone), and something they are (like a fingerprint or biometric facial features).
https://thenextweb.com/podium/2019/05/10/your-business-passed-the-gdpr-challenge-but-sca-is-next/
(Score: 2, Informative) by Anonymous Coward on Tuesday May 14 2019, @10:13AM (23 children)
This has already been implemented with things like Visa-secure, where they send you an authentication PIN. Also, all banks now require use of OTP for transaction authorization. one-time-pads are not longer sufficient. I've had to use OTP for bank authorizations since at least a year.
Yes, this might be funny for Americans that can't even do direct transfers from their bank accounts, but whatever. They live in dark ages with cheques and stuff.
(Score: 1, Informative) by Anonymous Coward on Tuesday May 14 2019, @10:17AM (20 children)
Also, cash you know, it still works. No authentication needed.
(Score: 2) by The Mighty Buzzard on Tuesday May 14 2019, @10:41AM (8 children)
Yup. That's what I use exclusively unless I have to buy something online. For that I use prepaid cards from Wal-Mart.
My rights don't end where your fear begins.
(Score: 1) by Chocolate on Tuesday May 14 2019, @11:06AM (7 children)
I had been using those cards for ages but now they are clamping down on them cause some people are using them to funnel funds overseas which the local authies don't like
Bastards.
For while now this has really been good, well, I suppose not the cost of buying a temp card but then it works out cheaper than the cost of an actual card so long as only a few are used but now it is a right pain in the rear and the temp card is so much better than a real card with no info behind it and if it is jacked they don't get much.
One of my cards was jacked by some middle man place that processes porn services that whacked on $40 charges taking up $80 but that's all and it was eventually refunded, new card!, but I still don't like using an actual credit card online
Bit-choco-coin anyone?
(Score: 2) by The Mighty Buzzard on Tuesday May 14 2019, @11:18AM (6 children)
Only put what you need on it for the purchase you're making then throw it away. Buy another card for the next purchase.
My rights don't end where your fear begins.
(Score: 0) by Anonymous Coward on Tuesday May 14 2019, @11:53AM (2 children)
Wondering if EU retailers will come up with something like this to skirt SCA requirements.
And I'm impressed at the quote from the devils dictionary in your .sig
(Score: 2) by quietus on Tuesday May 14 2019, @05:07PM
There's a trend to accept a customer's order without him/having to pay directly. All of my online business purchases -- except for those from the single US website -- go like this: order, than pay after reception through ATM (I'm not into online banking, though that's a hard push these days too).
Making an online purchase with credit card has required an OTP [bank provided device] for years now.
(Score: 2) by The Mighty Buzzard on Wednesday May 15 2019, @10:10AM
Cheers. I'm a big fan in general. I'd have preferred his definition of responsibility but it's too long for a sig.
My rights don't end where your fear begins.
(Score: 1) by Chocolate on Tuesday May 14 2019, @12:17PM (2 children)
I be liking the cut of ya jib there matey
I do recall seeing the cards when first they came out being a way to give money to others for gifts la la la but for ages never thought to use them for online stuff so now after they clamp down I needed to do better so instead of buying those gift ones I go for the travel cards at the bank which needs a bank account and doesn't work always for some sites and stuff but hey it's good enough. Expires every year but some banks have them for free so long as you have any account I think they try to get extra data which fails transactions but they never tell you why it fails it just errors out whereas those gift cards always work and there's no personal data behind them. Stripe dudes are awesome but paypal sucks
Bit-choco-coin anyone?
(Score: 5, Interesting) by Immerman on Tuesday May 14 2019, @01:58PM (1 child)
Honestly, I never understood the point of "gift cards" - they're no more personal than cash, just a bit less convenient to use, and almost certain to be used for things the recipient values less than what they could have bought with the more widely usable cash (even non-business-specific "cash cards" are less widely accepted than cash). Not to mention giving a middle-man a cut.
All of which strikes me as the exact opposite of the best qualities of a good gift: personal, and well considered enough to enrich the recipient more than it impoverishes the giver.
Then again I shouldn't be surprised, given how dedicated our culture has become to consumerism, whose guiding principle seems to be to manipulate people into buying things despite the fact that they generally cost far more than they enrich the customer's life.
But yeah, it does seem they would at least be convenient for online purchases that you don't want added to a bank's customer information database.
(Score: 1) by Chocolate on Friday May 17 2019, @05:32AM
Maybe bank notes could come with unique identification like credit cards that could be used like a credit card number is today.
The only problem is how to get your change.
Although, if the user enters the bank note ID into the merchant system, the merchant system creates a receipt with a key, the user goes to a bank to hand in the note along with the key, the bank matches the note to the transaction ID, gives the person change, takes a cut, credits the merchant and everyone is happy.
Bit-choco-coin anyone?
(Score: 0) by Anonymous Coward on Tuesday May 14 2019, @11:09AM (3 children)
ummm jus so we okay here how does you spend cash online?
(Score: 2) by The Mighty Buzzard on Tuesday May 14 2019, @11:19AM (1 child)
You go to Wal-Mart, pay cash for a prepaid card in the exact amount you need, use it, and throw it away.
My rights don't end where your fear begins.
(Score: 1) by Chocolate on Tuesday May 14 2019, @12:21PM
'Merica, land of the free, home of the anonymous phone, anonymous card, we should be so lucky to have as such
Can see why people go there :)
Bit-choco-coin anyone?
(Score: 3, Funny) by MostCynical on Tuesday May 14 2019, @11:22AM
he puts it into a slot between the monitor and keyboard.
nothing ordered ever arrives...
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 0) by Anonymous Coward on Tuesday May 14 2019, @02:46PM
Cash in many places is in itself considered to be authentication
(Score: 2) by ledow on Tuesday May 14 2019, @02:59PM (5 children)
Good luck paying your gas bill in cash.
Or electric.
Council tax, etc. you might be able to, but you'll have to go there each month to do so or pay in a lump sum.
Fuel for your car, sure.
Car insurance? That sounds tricky.
Weekly shopping, okay.
Your internet connection, probably not.
Your mobile phone, maybe, but only if you want to manually top it up each time and hand over your phone number to do so (which kind of defeats the point?)
Any online service whatsoever? Nope.
Paying for a holiday, possibly.
In case you haven't noticed, cash is a pain to use nowadays. And I see no reason why you'd want a method without authentication. When your cash is nicked, you mis-count, or someone finds it, you have absolutely no control over what it's used for. You are effectively "running as root" all the time. One slip and you lose everything and it's almost impossible to get it back.
It's 2019. I work a full working week. Life's too short to piss about handling cash, which is recordless. When I don't get the goods/services I request, I have a record of everything, can back my money out of the transaction, file disputes, etc. With cash, you're just stuffed. And you'll almost NEVER get refunded in cash. If you're concerned about mistakes, then hedge your bets over several providers and never lump all your money in one. And that one certainly shouldn't be cash.
Unless you live literally hand-to-mouth, cash-only, in a cash-business, and have relatively low demands on your money while having all the time in the world to mess about, and a desire to cover your tracks in a way that puts up every red flag I can think of, not to mention tax evasion (either you're declaring the amount you earned and paying tax on it, or you're not - either way, you're creating a record of your activity that will arouse suspicion and which you're required to back up with receipts and evidence, or your breaking the law) then it's time to get into the 21st Century.
(Score: -1, Flamebait) by Anonymous Coward on Tuesday May 14 2019, @04:42PM (1 child)
You completely misunderstand the issue.
It's not that cash is inherently better than any other medium of exchange (well, aside from barter), it's that the evil socialists of the deep state are going to great lengths to identify and locate every single white male.
Because they hate America and want to destroy it. They will do this by pinpointing the location of each white male (via their credit card purchases and cell phones), kneecapping [wikipedia.org] each one and then forcing them to watch the invading Muslim hordes (hidden under the skirts of every Guatemalan woman trying to get "asylum" in the US), rape their wives, daughters and sisters. But that's not even the worst part, as those big, beautiful darkie cocks will make every woman understand what they've been missing all these years.
The deep state (despite, as those who've defined it don't make clear, contains mostly white men) hates white men and is doing everything it can to harm the US, its economy (despite the fact that they live there) and destroy the paradise of freedom that has existed in the US since 1565.
We must only use cash and never take the same route home twice, or the next thing you know (this is scheduled for the week after next), every white man will have holes in their knees and images of their women sucking big, beautiful, hard, glistening, throbbing darkie cock burned into their brains for the rest of their short-ass lives.
That's why people use cash. If you don't use cash, you hate America and are a pig racist who hates white men! But don't worry, the big, hard darkie Muslim cocks are coming for you too!
(Score: 0) by Anonymous Coward on Friday May 17 2019, @05:35AM
Good description of what happened to India. Which is why they now have a muslim problem.
(Score: 1, Informative) by Anonymous Coward on Tuesday May 14 2019, @09:40PM
" And I see no reason why you'd want a method without authentication."
that's b/c you're not free. You're a slave.
(Score: 0) by Anonymous Coward on Wednesday May 15 2019, @04:55AM
You act as if there's something wrong with not wanting to be tracked 24/7 by governments and mega-corporations. No, privacy is more important than ever in the age of mass surveillance, not less. You have chosen to surrender completely to the surveillance state, which makes you part of the problem.
(Score: 3, Informative) by The Mighty Buzzard on Wednesday May 15 2019, @10:22AM
I pay all of my bills in cash and in person every month, thanks. Twice a month I spend an hour in the morning driving around town and exchanging cash for receipts. It's even enjoyable if it's not raining for the getting out of the house aspect and the socializing so that you're not a faceless ledger entry aspect.
My rights don't end where your fear begins.
(Score: 3, Interesting) by bradley13 on Tuesday May 14 2019, @11:19AM
Transaction security is a good thing. If you want anonymity, that's a different issue. However, non-anonymous online transactions need reasonable security. The good old days of the number on a credit card being sufficient? That just cannot work, because those numbers are too easily compromised.
If you want anonymous transactions online, you will have to find a seller who accepts Monero, or some other cryptocurrency that supports anonymity. For normal transactions.
Everyone is somebody else's weirdo.
(Score: 2) by hendrikboom on Friday May 24 2019, @10:46AM
What's OTP? I gather that isn't "One-time Pad" because you say one-time pads are no longer sufficient.
(Score: 0) by Anonymous Coward on Tuesday May 14 2019, @10:22AM (1 child)
This is a requirement for payment service providers, not something that every web shop will need to tackle themselves. As far as I'm aware every European bank already complies.
(Score: 0) by Anonymous Coward on Tuesday May 14 2019, @11:46AM
The requirement for the public is to refuse to hand over biometric information.
(Score: 5, Interesting) by Chocolate on Tuesday May 14 2019, @10:56AM
If your customers cannot buy then they will go elsewhere.
Not too long ago I went to a local store's website to buy some items. The shopping cart worked, the items were added, shipping calculated, total presented, so we are all okay and ready to go for a sale. No problems I will just pull out my trusty credit card, yes, it's a fairly standard card, expiry date, CCV, and yes we are good to go. Click the submit button so they get my money, some courier gets business and I get stuff. Denied! It popped up a screen asking for my date of birth. I closed the browser.
I know about hackers what they can do and how they can collect info. So I tried a different browser. Same thing. After accepting my credit card information it asked for my date of birth. So I closed the browser. I know what hacking attempts would look like. This was looked like one to me. Even if it was not I would never give out personal information like that. They don't need that level of detail just to sell me stuff.
I called the shop a while later to tell them I couldn't buy stuff through their website. They didn't seem to care that their online credit card payments did not work or even that it wanted my date of birth. Eventually they found my order in their system but refused to complete it over the phone because it came through their website. I should go back online and pay through their website they said.
I considered calling them back to ask them how many sales they could afford to lose but I guess they just don't care. Maybe when their orders dwindle down to nothing? Who knows. A local store had the same stuff for about the same price.
If this is in any way shape or form the pattern of what is to come then perhaps the time of the credit card system is over.
Bit-choco-coin anyone?
(Score: 4, Interesting) by The Mighty Buzzard on Tuesday May 14 2019, @11:31AM (36 children)
SCA doesn't particularly concern me. We don't do any of our own payment processing around here. What does concern me is California's upcoming (the first of next year) data privacy law. It's fairly likely we're going to have to firewall all California IP addresses. Not because we have any issue with disclosing what we little information we collect and not because we use it for anything but necessary site functionality. Because there's a bit in there that says you have to make allowances for people to delete their accounts and related info. We don't have that functionality in the site, if we did it manually it would break every last story page that the person had ever commented on, I won't have time to code that functionality into the site before the deadline, and I'm pretty sure I'm opposed to handing out a "right to be forgotten" button even if all of the above weren't an issue. Expect a Meta story discussion on this before summer's over.
My rights don't end where your fear begins.
(Score: 2) by canopic jug on Tuesday May 14 2019, @12:20PM (15 children)
I'd say once it's published it is published. I expect that one of the site's pages explain that rather well and that acceptance of that is part of the cost of participating on the site.
Anyway, thanks for keeping SN running smoothly. I got curious enough to download the source a while back and saw how large and complex it is. So it takes quite a bit of skill as well as effort and will.
Money is not free speech. Elections should not be auctions.
(Score: 5, Insightful) by ledow on Tuesday May 14 2019, @03:15PM (14 children)
You're not going to avoid this.
GDPR is the start and affects anything you do that touches Europe. Soon the US will follow suit.
The right to be forgotten is a perfectly valid right, and as others point out, you just overwrite data, not remove it. "[[[[[This comment has been removed because the original user filed a redaction request]]]]]".
Search and replace on the database, by userid, problem solved.
It's not a difficult problem at all. It doesn't hide anything that people have a desperate need to hide. It's a courtesy to your users. And it really doesn't take much to implement even on a system never designed with that in mind.
One day you won't get a choice. Imagine, for instance, something like the DVDCSS key that everyone posted everywhere as a hoax. Imagine getting cease-and-desists for people who do that on your site, deliberately troll information that courts have deemed shouldn't be public. It happens every day and Facebook et al can't keep up, for things like people published alleged paedophile addresses, etc.
If your site doesn't facilitate redaction and removal of old pages, comments, pages, etc. today then you're going to need it tomorrow. Best to design it in. It's really not that hard. Whereas working out the SQL to cull their comments without breaking everything, on a whim, overnight, under threat of legal compliance from someone with jurisdiction over you... that's not going to be easy.
And if you can do it for one comment, you can do it for all over their comments. And if you can do it when ordered, you can do it on request of that person themselves. And if you draw a line anywhere, but a law requires you not to, then you have a LOT of expensive justification ahead of you ("Oh, so you could take your mate John's comment off when he accidentally called his boss an idiot, but you're refusing to comply with a legal request to redact my client's comment history?".
Get used to data privacy, including privacy of your historical data. It doesn't take much to do. It's inevitably only going to get worse (just wait until you're served with a writ to provide *all* information you store on a person... where if you fail to "reasonably" provide all the data you ever could, that you could be found in contempt of that order...). And if your system isn't designed with it in mind from day one, it's only going to get worse for you when you have to do it later.
(Score: 1, Informative) by Anonymous Coward on Tuesday May 14 2019, @09:45PM (1 child)
and are you going to extract all your backups and redact the user's data and then re-compress them 24/7 every time someone wants to be "forgotten"? you're just a bootlicking, authoritarian state socialist.
(Score: 4, Touché) by ledow on Wednesday May 15 2019, @07:31AM
I'm a Brit.
We have GDPR.
I work in IT.
What's on public display is a very different question to what's in an encrypted historical record, and you seem to miss that you are merely a custodian of other people's data, only with their permission. Data protection has always been held in high regard in the EU and, in case you missed it, an ENTIRE CONTINENT complies, across 20+ language barriers, a greater combined population than the US, and an ancient legal system which you borrowed as the basis of your own.
Tell me how a "authoritarian state socialist" is defending the right for you to have your data deleted, corrected, and what's stored on you revealed, from all government databases, historically, and in perpetuity, as well as ordinary commercial websites, and those run by Joe Bloggs who's hoarding all your data on his personal blog and selling it to others.
(Score: 2) by edIII on Tuesday May 14 2019, @11:47PM (9 children)
Sorry man, but fuck that. I understand why TMB is philosophically against it. If somebody wanted to delete the information associated with the account, like username, hashed password, email address, and settings, that should be okay.
However, this site does not allow you to either edit or delete comments. They are what they are, and they will stay that way forever. If you don't like something you said, then you should've thought of that when you said it. There are some posts I would like to take back, but I fully understand why that will never happen.
We don't even get rid OF SPAM. If we're not going to fight SPAM and AC bullshit with deletions, then why the heck would we ever let a signed in user delete anything? SN isn't collecting private data to sell to others, it doesn't advertise or track us (except for some temporary PiWIK dev stuff that was consensual), etc.
I'm with TMB. Just block California. On that note, I want to start using the TOR onion service but don't know the address. Worst case scenario, we can go completely underground and disallow all direct access to the site. If needed, I would help with a few bucks to move us to a different country where that hasn't happened yet.
The right to be forgotten shouldn't be applied to many types of forum sites, SN especially. Specifically, there should be an exception carved out for certain types of forum comments. I'm sure the White Nationalists would love to be able to erase their hate, and not rightfully suffer for it, but I have very little sympathy in helping Nazi's receive cover.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 2) by ledow on Wednesday May 15 2019, @07:42AM (8 children)
Soylent does delete spam. They have banned users and removed their comments. Thus the facility exists. It may not be on a GUI but try arguing that to a judge... this is exactly my point. The first time you get a proper legal request, you can cry to mommy about how it's absolutely impossible if you like... then someone will point to a post where the editors did *just that*. And then you're in for contempt of court as well as failing to comply. Or you can craft a small bodge-script that works for now, and start plumbing in features to allow this facility in the future.
Though users do not get an edit button, the database is plain-text. Replacing the contents of any one comment is a literal single SQL statement (well-crafted, yes, but one line). Replacing the contents of every comment of a given userid is probably the same line but with a larger SELECT.
The philosophy of free speech and historical record is an entirely other matter. But if you don't want your site brought by under legal writs, if you don't want it to be spammed to oblivion by people posting, say, links to the worst kinds of illegal content, then you have to have the facility to delete or overwrite. You can do that manually, which may well be how it's being done now. But the problem will only ever get worse. Adapt or be swamped in problems when it does start getting common.
Suggesting that a bog-standard tech forum based on open-source code that you and I can read and find a way to "delete" comments is somehow more protected than, say, a Google search for illegal content, the Internet Archive, or major press associations (all of whom will also have to comply, and all of whom already have those facilities and use them every day) is so far past ridiculous that it really cuts into your credibility.
I don't care about the if's and but's. I'm saying if you run a website with public comments, you need moderation tools. If you don't have convenient moderation tools, your time is going to be tied up on administration (i.e. paperwork-like administration) and legal hassle rather than just "Oh, what a pain... run comment delete tool on those auto-bot-troll-posting-porn".
P.S. If you think either Soylent or Slash ever avoid removing comments, I can only tell you that you're wrong. If you think they are above the law, or can even afford a lawyer to fight, you're wrong. And if it's likely to happen more in the future for all kinds of reasons, then getting tools to do this automatically rather than spending time trying to comply manually (and messing up because you forget a step) is the techy/open-source way.
(Score: 2) by The Mighty Buzzard on Wednesday May 15 2019, @10:36AM (6 children)
No, Soylent did delete spam. Once. When we were first starting out and someone scripted an assload of comments on every story over a couple weeks old. Those got deleted. Only those.
You are incorrect.
You are again incorrect. The one instance of deletion was done from the mysql command line. And it broke things that were a huge pain to fix. Calling it a legitimate option is akin to calling opening your car door with explosives when your child locked themselves inside of it with your keys an option.
My rights don't end where your fear begins.
(Score: 1) by Chocolate on Friday May 17 2019, @05:38AM (5 children)
Please stop giving stupid people ideas.
Mythbusters is a TV show not a manual for next weekend's entertainment.
Bit-choco-coin anyone?
(Score: 2) by The Mighty Buzzard on Friday May 17 2019, @10:46AM (4 children)
Speak for yourself. I'm still trying to convince The Roomie's dad to let me take care of all the red cedar trees (they're a plague in OK because of how much water they'll suck up) on his place with Tannerite [tannerite.com]. It'd be fast, easy, and a lot more fun than having to cut off half a dozen limbs each before you took the chainsaw to several dozen trees.
My rights don't end where your fear begins.
(Score: 1) by Chocolate on Friday May 17 2019, @10:57AM (1 child)
You are planning on attaching targets on the trees so you can shoot them to death?
Bit-choco-coin anyone?
(Score: 2) by The Mighty Buzzard on Saturday May 25 2019, @01:29AM
It doesn't come as targets, it comes as a kit you mix together and put on your existing targets. Or, if you're a silly-assed country boy who likes explosions, around the trunk of a cedar tree that you don't want to be there anymore. Or in a jar inside a broken clothes dryer that you've drug out into the field.
My rights don't end where your fear begins.
(Score: 2) by hendrikboom on Friday May 24 2019, @10:58AM (1 child)
What is a binary exploding rifle target?
(Score: 2) by The Mighty Buzzard on Saturday May 25 2019, @01:25AM
It's a binary explosive that you can buy at sporting goods stores (as a kit with the two components you have to mix yourself ) that's set off by physical shock like shooting it with a bullet; blasting caps would probably also work. You can use it for whatever you like but while the product is legal not all potential uses are.
My rights don't end where your fear begins.
(Score: 2) by edIII on Wednesday May 15 2019, @07:08PM
You're incorrect, and TMB corrected you properly. Also, ease up a bit on the crying to mommy. Nobody is saying it is impossible, but if you LISTEN, you would hear just how difficult it was. You think you're the only one that knows SQL and how to manage data structures?
Obviously it can be designed, and is technically possible. Others have pointed out the super obvious too; If you need those data rows for system integrity, you can modify them, not delete them. If we had an ID that used to belong to somebody, it's easy to overwrite their information. Maybe even easier to just use the AC ID, assuming there is a dedicated ID for AC.
This isn't a technical discussion, but a philosophical one....
A law is not inherently correct. No, we do NOT need the ability to erase posts. This isn't a file sharing site, nor it is intended to be. Illegal content? You mean unpopular speech and attempts to suppress said speech and control the "narrative"? No. You will be held accountable for what you say in the public view, and it isn't in the interests of the public to allow people to scrub history because they made mistakes.
I didn't say that, so none of what you said there means anything with regards to my credibility. Again, you're not the only database programmer, and this isn't a technical issue. Go chat up TMB about the issues with the current data structures though. There ARE issues with THIS site and its code base that currently preclude the easy use of the "DELETE" in an SQL statement. If you have any skill at all with databases, and don't wish to damage *your* credibility, than you of course recognize that there could be issues deleting rows that are referenced elsewhere. I don't know anything about the data structures (ask TMB), but I generously code in foreign key constraints that are configured to reject DELETE statements when the ID is in use anywhere else.
You're confused and TMB corrected you.
There is a difference between moderation tools (the tech), and the reasons to have it (the philosophy). I don't believe people have a right to be forgotten with respect to their public statements. Deleting those is akin to rewriting history. Do you believe it should be okay, or the right-to-be-forgotten should be extended, to video based interviews with people making public statements? It's just a file attachment or a link in a database and surely easy to moderate, but should we?
The answer is a resounding NO. It will instantly be abused by those in power to "scrub" their images clean of anything undesirable, and then to further control that image. What about 3rd party sites like archival sites. Do they have to remove their archives of my comments on SN?
I view this as no different than somebody attempting to forcibly modify the public record for their benefit. I do not support the right for your public comments to be deleted, and it isn't in the best interests of society. Legal exceptions must be made for public forums to protect their integrity, and they are very much different than for-profit companies that profit of your information, provide private spaces for information, or offer SaaS.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 2) by darkfeline on Wednesday May 15 2019, @04:56AM
> The right to be forgotten is a perfectly valid right
Not really, no. Does Hitler have a right to be forgotten? Does a criminal have a right to be forgotten? Do you have a right to go into everyone else's brain and erase any memory they have of you, or prevent people from talking or writing about what they remember about you?
There never was any "right to be forgotten". What there was, was a lack of rapid information propagation like there is today. If you move a few towns over, chances are they won't have heard of you fucking the pony. But there never was any right that people couldn't spread rumors if they found your pony fucking amusing.
What has to happen is that society needs to come to terms with the fact that rapid information propagation means we can't take some things for granted any more. Fake news is one symptom of this. Realizing that people are inherently stupid and there will be artifacts of their stupidity on the Web is one thing that society is going to have to learn.
Join the SDF Public Access UNIX System today!
(Score: 3, Interesting) by The Mighty Buzzard on Wednesday May 15 2019, @12:02PM
I wouldn't put money on that if I were you.
You may have noticed that we have slightly differing opinions on what is and what is not right over here and that we don't tend to care much what Europe wants or doesn't want. That's the prerogative of any sovereign nation and should go without saying if that nation also happens to be a superpower.
Oh? You lot can mandate that newspapers go around with a marker and black out every copy of an inadvisable letter to the editor that you wrote, can you? Your comments here are not personal data. They are a record of what you have chosen to say publicly. The right to speak comes with the responsibility to live with what you've said.
How's that choice removal working out as far as shutting down The Pirate Bay? You always have a choice. Sometimes that choice is between bending your knee or making a Boston-harbor-sized cup of tea.
My rights don't end where your fear begins.
(Score: 0) by Anonymous Coward on Tuesday May 14 2019, @12:47PM (10 children)
You should have built in process to randomly kill any story. That is the right to be forgotten too. There is always the way back machine to get saved snapshot.
The other choice is write over the related information. So an account is deleted.... write X or a -1 in to every column other than the key. Does not break a any links and makes the information gone. Again this could be a feature to site, and make it a right to be forgotten in user configuration. pick a seed, and period like between 5 to 20 yrs. Then for each items, > period, pick a random number if >1/2 write the X. So slowly over time the items just age out.
(Score: 2) by janrinok on Tuesday May 14 2019, @06:04PM (9 children)
You could argue that you have the right to 'kill' a story that you have submitted but, as you should be quoting source material it doesn't matter, as long as your name is removed as the submitter. The source material can remain and the comments associated with the story should still make sense. Renaming your account as 'Forgotten-$NEXTNUMBER' should be easy enough to do I suppose and should account for most times that your ID appears. And who uses their real name here anyway? Deleting whatever email address you have given us is also a good idea - but we will undoubtedly discuss this in greater detail as a community before we implement any changes.
But to 'kill' a complete story because of your comments to that story? No way. Everybody else has a right to discuss it and have their comments published if they wish. You don't need to have a say in deleting what other people's opinions and comments say.
(Score: 0) by Anonymous Coward on Tuesday May 14 2019, @07:59PM
I'm not particularly fond of the right to be forgotten. I get it if it is someone else who publish information about you, sound fair, but otherwise I subscribe to "think before you act" and "face the consequences of your actions".
(Score: 2) by edIII on Tuesday May 14 2019, @11:52PM (7 children)
Which is exactly how this new "right" will be abused. In all of the situations I've heard this discussed, it's been related to libel. Which means, it's really about the rich and powerful being able to suppress information.
Nobody has the right to be forgotten in the real world. If they did, Trump would've already sued to make us all forget the previous few decades of his inept bullshit.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 3, Interesting) by ledow on Wednesday May 15 2019, @07:52AM (6 children)
If you call me, say, a paedophile, that's libellous. I would sue. I'm not rich, nor powerful.
If you go and do such things to people without cause, fact or stating that it's an opinion (*cough* Elon Musk *cough*), it's a court case to decide if they are true or not. In the meantime I may well ask you to remove it, which a prudent person might well do to avoid a lawsuit, or to avoid worsening an existing lawsuit. If you can't edit a comment, how are you going to do that - by asking the website to do that for you.
Once the outcome of a case is established, do you expect the person to just leave that libel on the site? The poster, or website, will be court-ordered to remove it.
Thus the facility needs to exist anyway. Once it does, it's literally just a matter of moving the button from the admin panel to the individual user profile to make everyone be able to use it voluntarily if they wish.
The value of even a year-old Slashdot/Soylent comment is absolutely minimal.
(Score: 2) by The Mighty Buzzard on Wednesday May 15 2019, @10:59AM (2 children)
Thankfully we are not subject to the UK's absurd libel laws here.
If by minimal you mean priceless, we agree. A user's comments are a true and exact history of what they have said. Hiding history is foolish at best but far more commonly it is actively malevolent.
My rights don't end where your fear begins.
(Score: 2) by quietus on Wednesday May 15 2019, @06:03PM (1 child)
A young, female teacher is being accused of sexually inappropriate behaviour by the parents of a 7 year old pupil of hers. The parents go to the police to file charges, but also ask other parents whether they've noticed something with their children -- on social media. The next morning a mob stands ready at the school gate; the teacher, who had no idea about the complaint (neither had the school leadership), needs to be evacuated by the police.
Journalists dive onto the case: it seems multiple pupils of her had similar complaints, an open-and-shut case of a paedophile predator -- but for added thrills, a female one, young and quite attractive herself. Her name and face gets plastered all over the media, both offline and online; her address and telephone numbers get exposed; she needs to go in hiding against death threats.
Two weeks later, the police investigation finally gets wrapped up: nothing had happened -- the specks of blood on the little girls vagina had a natural, and only a natural, cause; the other so-called victims were a case of mass hysteria.
That young teacher now works as a career counselor; she'll probably never get a job as teacher ever again -- no school risks hiring her, in case a parent goes researching on the internet.
(Score: 2) by The Mighty Buzzard on Wednesday May 15 2019, @10:16PM
The answer to which is more speech not less. As it always is.
My rights don't end where your fear begins.
(Score: 2) by edIII on Wednesday May 15 2019, @07:23PM (2 children)
Nope. I would leave the libel up and ADD a disclaimer comment with links to the public record and court case. That is in YOUR best interests too as the victim. Anybody hearing the libel and searches for it would find the comment, but then also find all of the links in the legal disclaimer that allow them to review the public record for itself.
I realize now that you're in the UK, and fundamentally fucked with regards to those laws. Not uprising that the rich and powerful in the UK want a heavy weapon to wield to control information. In any case, SN isn't a UK company or organization, and we're not subject to your ridiculous libel laws or their philosophies.
In the US, that libel comment would become part of the public record. Increasingly, these are coming online as searchable databases, IIRC. I can go down to a government building in Las Vegas, and review whatever I want. When the court case is concluded, those records are not destroyed. In a sense, they were made indelible through a legal Streisand effect. With everything coming online, and information anywhere at your fingertips, it's not unreasonable for the libelous comment on SN to have hyperlinks to the court case and public record added in a disclaimer. The distinction between finding it in the public record, and SN, is a meaningless one. We both know that it would be in many more places than that, and attempt to police information everywhere is simply a non-starter. Authoritarians have it out to be able to do exactly that, but you would find it easier to remove a drop of water that fell into the ocean.
Since it is addition, AND it is a good faith attempt to correct the libel, it shouldn't be an unreasonable method for the "moderation" you desire.
What we're never going to do, buddy, is allow you to delete anything you've ever said on this site.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 2) by The Mighty Buzzard on Wednesday May 15 2019, @10:37PM (1 child)
We did once, actually. The first time MDC posted his SSN, we replaced the comment text with [REDACTED] or some such thinking it was a passing moment of insanity. We left every time after that up because it obviously wasn't. Passing that is.
We also politely asked someone, I forget who, to not post lots of copyrighted material they didn't hold the copyright on to their journal. They were using it as a scratch pad or some such and happily switched to a another pad that didn't leave us legally liable for anything.
Which is to say, there are things we'll redact. Doxxing and DMCA claims, for instance. We're not in the business of giving anyone's mouth a do-over though. So much so that nobody on staff has even thought of suggesting admins have a web interface for editing comments. It's all by-hand, CLI MySQL if it actually needs doing. Which is a pain, character escaping arbitrary English prose correctly the first time.
My rights don't end where your fear begins.
(Score: 2) by edIII on Wednesday May 15 2019, @11:07PM
Thank you for the correction. It seems to be an acceptable middle ground.
I appreciate that philosophy.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 0) by Anonymous Coward on Tuesday May 14 2019, @03:04PM (1 child)
Can you give priority to deleting Anonymous Coward? I think the Five Eyes are after me.
(Score: 1) by Chocolate on Friday May 17 2019, @05:41AM
They could be!!! You never know!!!
Give us your real name, date of birth, residential address, phone number, and the names of your parents so we can check everywhere to make sure your data is secure!
Bit-choco-coin anyone?
(Score: 3, Interesting) by HiThere on Tuesday May 14 2019, @04:41PM (1 child)
Actually, I think the easy approach would be to convert all their references to "by anonymous coward", since that's a legitimate user without any personally identifying information. This would mean you would need to delete their account to handle future events. But would you need to do that before they asked you to delete information?
Just make it a general capability, and you won't need to firewall anything, or worry about where a tor post comes from. The problem is you'd want to be able to prevent people from causing others accounts to be deleted. That could get tricky.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 2) by The Mighty Buzzard on Wednesday May 15 2019, @11:07AM
Killing all existing cookies and not allowing anyone from a California address to log in again would probably be better. That could be done in the load balancer if you're coming from a California address range without the rehash code ever needing to deal with an unhashed IP address (beyond hashing it in the first place, of course). Save those ideas up for the Meta story though. This is mostly just notification that there's going to be one.
My rights don't end where your fear begins.
(Score: 0) by Anonymous Coward on Tuesday May 14 2019, @05:31PM (2 children)
It doesn't have to. At the risk of being a double-talking rules-lawyer, "Delete" doesn't necessarily mean to delete.
As an example, I could imagine you create a new account "Anonymous Deleted," and whenever anybody deletes their account you just change all their comments to be associated to that ID instead. Admittedly it is more complicated than that for many reasons, but I don't see this as necessarily being impossible to implement.
Whether the (work+risk)/reward ratio is worth it, though, is another question... as noted by your added personal opinion, among other things.
Speaking as a privacy-conscious anonymous coward, though, I for one do appreciate it when places give the ability to delete data.
(Score: 2) by The Mighty Buzzard on Wednesday May 15 2019, @11:13AM (1 child)
Yes, that would be exceedingly easy to implement. And it would make the value of the affected conversations pretty much nonexistent.
Being able to delete data that you've made public isn't a privacy issue, it's a rewriting history issue. I appreciate the hell out of privacy but this isn't about privacy.
My rights don't end where your fear begins.
(Score: 0) by Anonymous Coward on Friday May 17 2019, @05:43AM
Wait. Hold on. Are you saying that everything I have posted here is publicly visible?
Noooooooooooooo
(Score: 4, Informative) by NotSanguine on Tuesday May 14 2019, @05:37PM (1 child)
An excellent point. I was unaware that the new California law (it is this law [wikipedia.org], right?) required deletion of comments or the "right to be forgotten."
Now that I've read the text, it's clear that Soylent News doesn't collect the sorts of information covered under the law [wikipedia.org]:
IIUC (and please correct me if I'm wrong), IP addresses are not logged by the system, just hashes of such IP addresses, and those are purged on a rolling schedule.
What's more, the law has specific requirements as to which entities are covered:
I didn't realize that Soylent News met any of those thresholds. If we do, SN is really profitable! And if that's true, you should definitely get paid for all your hard work Buzzard.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 3, Informative) by The Mighty Buzzard on Wednesday May 15 2019, @11:25AM
We do have unique personal identifiers and email addresses stored. The unique personal identifier is just an auto-incrementing bigint column but it technically fits the definition. The email address is stored but doesn't have to be true.
Sweet! I'm all about not doing things. I can even not do things in my sleep. It's going to eventually become an issue again but the one requirement we're likely to ever hit, 50K or more consumers having info here, almost certainly isn't going to happen before I'm back to having plenty of free time.
My rights don't end where your fear begins.
(Score: 1, Funny) by Anonymous Coward on Tuesday May 14 2019, @12:38PM
The study of Strong Customer Authentication or SCAtology.