• GDPR and BBSes

    From MeaTLoTioN@21:1/158 to All on Tue Oct 6 21:33:25 2020
    Hey y'all,

    So I just had a new user log into my BBS, and left me some really interesting feedback, of which I actually think is awesome.

    The question that I can't answer and wish I could, is this;
    As I (as do most other BBSes do) collect certain data from users, such as IP addresses, email addresses, names, phone numbers, etc etc (assuming that real info is given), does this fall under some GDPR regulation of which we as
    sysops need to put notices upon login to say something about?

    My very limited understanding of GDPR is that companies and organisations
    need to make sure they handle data appropriately, and allow the persons whom give personal data the rights set out in said regulation, however a BBS for almost all of them, are just hobbies, without any business use or intent.

    Does a personal website fall under the same category if you capture the IP addresses of visitors, etc.


    It's an interesting thought, and one that I am sure someone in here will be qualified to answer, so I'm asking it here because ... well y'all run BBSes
    so it _could_ affect y'all too.

    Thanks in advance to your responses, I can't wait to hear y'alls thoughts on this and to get a definite qualified answer to this question.

    With blessing and fondest regards.

    ---
    |14Best regards,
    |11Ch|03rist|11ia|15n |11a|03ka |11Me|03aTLoT|11io|15N

    |07── |08[|10eml|08] |15ml@erb.pw |07── |08[|10web|08] |15www.erb.pw |07───┐ |07── |08[|09fsx|08] |1521:1/158 |07── |08[|11tqw|08] |151337:1/101 |07┬──┘ |07── |08[|12rtn|08] |1580:774/81 |07─┬ |08[|14fdn|08] |152:250/5 |07───┘
    |07── |08[|10ark|08] |1510:104/2 |07─┘

    --- Mystic BBS v1.12 A47 2020/09/27 (Linux/64)
    * Origin: thE qUAntUm wOrmhOlE, rAmsgAtE, uK. bbs.erb.pw (21:1/158)
  • From Charles Pierson@21:4/111 to MeaTLoTioN on Tue Oct 6 18:00:15 2020
    Thus spake MeaTLoTioN:
    Hey y'all,



    The question that I can't answer and wish I could, is this;
    As I (as do most other BBSes do) collect certain data from users, such as IP
    addresses, email addresses, names, phone numbers, etc etc (assuming that real
    info is given), does this fall under some GDPR regulation of which we as sysops need to put notices upon login to say something about?

    My very limited understanding of GDPR is that companies and organisations need to make sure they handle data appropriately, and allow the persons whom
    give personal data the rights set out in said regulation, however a BBS for almost all of them, are just hobbies, without any business use or intent.

    Does a personal website fall under the same category if you capture the IP addresses of visitors, etc.


    It's an interesting thought, and one that I am sure someone in here will be qualified to answer, so I'm asking it here because ... well y'all run BBSes so it _could_ affect y'all too.

    Thanks in advance to your responses, I can't wait to hear y'alls thoughts on
    this and to get a definite qualified answer to this question.

    Honestly, I could see it going either way.

    One section seems to say you must be engaged in "economic activity". So that would be a no, unless you run a commercial BBS, or so I would think.

    However, another part shows that it applies if you are engaged in offering "goods and services" regardless of a payment being required. Which a BBS could be seen as doing, with message bases, door games and file areas.

    While personally, I wouldn't see it being applicable, it's a hobby, and full contact information isn't regularly required to join a BBS anymore in my experience. I'm certain some scumbag lawyer could make the case for it though.








    So let it be written, So let it be done.
    --- AfterShock/Android 1.6.7
    * Origin: HOUSTON, TX (21:4/111)
  • From Arelor@21:2/138 to MeaTLoTioN on Tue Oct 6 20:24:53 2020
    Re: GDPR and BBSes
    By: MeaTLoTioN to All on Tue Oct 06 2020 05:33 pm

    The question that I can't answer and wish I could, is this;
    As I (as do most other BBSes do) collect certain data from users, such as IP addresses, email addresses, names, phone numbers, etc etc (assuming that rea info is given), does this fall under some GDPR regulation of which we as sysops need to put notices upon login to say something about?

    If you are managing personal data you are subjected to these regulations. It does not matter whether it is a hobby or a multimegabuck corporation.

    That said, individual EU member states are implementing their GDPR laws in different ways.

    I am familiar with the Spanish way since I deal with Spanish customers. Long story short:

    * You show each user or customer the Terms of Service with a list of the data you are storing.
    * If they request you to delete their data, you do, unless you are forced to store such data in order to meet other obligations (believe me, this one is hell).
    * You need to report any data breaches you face to authorities.
    * You need a periodical third party audit.
    * Unless you can take shelter in an exception (there are lots) you need a risk assesment report for the data you are managing.
    * If your operation is "data focused" or "data intensive" (not well defined terms in the reglament) you need to hire a lawyer to work as a data protection delegate. That means you either have a lawyer in payroll or as an external colsuntant.
    * You most likely need an official document that explains which data you are managing, how you are managing it, which people has access to the information and so on.

    TL;DR: Hobbie services are impossible in Europe unless you ignore the law.


    --
    gopher://gopher.operationalsecurity.es
    --- SBBSecho 3.11-Linux
    * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)
  • From Arelor@21:2/138 to Charles Pierson on Tue Oct 6 20:28:36 2020
    Re: GDPR and BBSes
    By: Charles Pierson to MeaTLoTioN on Tue Oct 06 2020 02:00 pm

    Honestly, I could see it going either way.

    One section seems to say you must be engaged in "economic activity". So that would be a no, unless you run a commercial BBS, or so I would think.

    However, another part shows that it applies if you are engaged in offering "goods and services" regardless of a payment being required. Which a BBS co be seen as doing, with message bases, door games and file areas.

    While personally, I wouldn't see it being applicable, it's a hobby, and full contact information isn't regularly required to join a BBS anymore in my experience. I'm certain some scumbag lawyer could make the case for it thoug

    Different countries implement it differently.

    Here in Spain, if you have the name and the phone number of your uncles in a notebook you have an "archive with identifying personal information". It doesn't matter whether you are making money out of it or not.

    It is unlikelñy you will be prosecuted for having an unregistered "archive" but in theory they could do in many cases.


    --
    gopher://gopher.operationalsecurity.es
    --- SBBSecho 3.11-Linux
    * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)
  • From MeaTLoTioN@21:1/158 to Arelor on Wed Oct 7 03:34:38 2020
    On 06 Oct 2020, Arelor said the following...

    TL;DR: Hobbie services are impossible in Europe unless you ignore the
    law.

    An interesting observation.
    Does this mean that we sysops _should_ have disclaimers stating this and that?

    ---
    |14Best regards,
    |11Ch|03rist|11ia|15n |11a|03ka |11Me|03aTLoT|11io|15N

    |07── |08[|10eml|08] |15ml@erb.pw |07── |08[|10web|08] |15www.erb.pw |07───┐ |07── |08[|09fsx|08] |1521:1/158 |07── |08[|11tqw|08] |151337:1/101 |07┬──┘ |07── |08[|12rtn|08] |1580:774/81 |07─┬ |08[|14fdn|08] |152:250/5 |07───┘
    |07── |08[|10ark|08] |1510:104/2 |07─┘

    --- Mystic BBS v1.12 A47 2020/09/27 (Linux/64)
    * Origin: thE qUAntUm wOrmhOlE, rAmsgAtE, uK. bbs.erb.pw (21:1/158)
  • From Oli@21:3/102 to MeaTLoTioN on Wed Oct 7 14:27:25 2020
    MeaTLoTioN wrote (2020-10-06):

    On 06 Oct 2020, Arelor said the following...

    TL;DR: Hobbie services are impossible in Europe unless you ignore
    the law.

    An interesting observation.
    Does this mean that we sysops _should_ have disclaimers stating this and that?

    The problem is that FSXNet and most other FTNs and sysops don't care about the GDPR at all. So you have to explain what happens to messages posted by the user. I'm not even sure if FTNs can ever be GDPR compatible in practice.

    Just showing a disclaimer is often not enough to make a service GDPR compliant. You also should not ask for personal data that is not needed for providing the service as a requirement to login. Things like birth date, location / address, phone number, gender, full name cannot be verified anyway and are mostly useless. If you don't store these you don't have the responsibility to keep them secure and private.

    I think the two most important things I would like to see as a user:

    1. The ability to completely delete my account with all my data (and that it gets automatically purged after some time of inactivity, like 6 to 24 month).

    2. The information/disclaimer that messages I post in Fidonet or some other FTN are public on the web, archived forever by unknown people and cannot be deleted from the internet.

    ---
    * Origin: (21:3/102)
  • From alterego@21:2/116 to Oli on Thu Oct 8 03:13:37 2020
    Re: GDPR and BBSes
    By: Oli to MeaTLoTioN on Wed Oct 07 2020 10:27 am

    Hey Oli,

    1. The ability to completely delete my account with all my data (and that it gets automatically purged after some time of inactivity,
    like 6 to 24 month).

    When you connect to a remote BBS, what is "your" data? (Apart from your name / address, etc) IE: Do the files you upload, the messages you post (both a local message bases and networked ones) count as "your" data?

    I dont think the files do - but what if in the ZIP archive there was a file_id.diz that had your details in it?

    If a Sysop posted a message along the lines of "we dont follow the GDPR, so if you dont want your personal information stored here, dont register" - would it be valid?

    ...δεσ∩

    ... When people are free to do as they please, they usually imitate each other --- SBBSecho 3.11-Linux
    * Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)
  • From MeaTLoTioN@21:1/158 to alterego on Wed Oct 7 17:41:21 2020
    I dont think the files do - but what if in the ZIP archive there was a file_id.diz that had your details in it?

    This would be true specifically of the nodelists and infopacks that contain systems names and addresses in to reach...

    ---
    |14Best regards,
    |11Ch|03rist|11ia|15n |11a|03ka |11Me|03aTLoT|11io|15N

    |07── |08[|10eml|08] |15ml@erb.pw |07── |08[|10web|08] |15www.erb.pw |07───┐ |07── |08[|09fsx|08] |1521:1/158 |07── |08[|11tqw|08] |151337:1/101 |07┬──┘ |07── |08[|12rtn|08] |1580:774/81 |07─┬ |08[|14fdn|08] |152:250/5 |07───┘
    |07── |08[|10ark|08] |1510:104/2 |07─┘

    --- Mystic BBS v1.12 A47 2020/09/27 (Linux/64)
    * Origin: thE qUAntUm wOrmhOlE, rAmsgAtE, uK. bbs.erb.pw (21:1/158)
  • From Oli@21:3/102 to alterego on Wed Oct 7 19:46:55 2020
    alterego wrote (2020-10-07):


    When you connect to a remote BBS, what is "your" data? (Apart from your name / address, etc) IE: Do the files you upload, the messages you post (both a local message bases and networked ones) count as "your" data?

    I dont think the files do - but what if in the ZIP archive there was a file_id.diz that had your details in it?


    An upload of new version of Minimus BBS 4.01 wouldn't count. I think messages would count as personal data most of the time.

    If a Sysop posted a message along the lines of "we dont follow the GDPR,
    so if you dont want your personal information stored here, dont register"
    - would it be valid?

    I don't think so. You cannot opt out of the GDPR.

    I still don't know how the GDPR can be applied to federated systems. It's simpler with walled gardens like facebook or web forums. At least you would need some informed consent that it's impossible to get back control of posted messages. IMHO FTNs are incompatible with the GDPR, on the other side the GDPR might be incompatible with other laws or not apply fully. It would be strange if an amateur communication network would become illegal, because of the GDPR.

    ---
    * Origin: (21:3/102)
  • From Arelor@21:2/138 to alterego on Wed Oct 7 13:57:29 2020
    Re: GDPR and BBSes
    By: alterego to Oli on Wed Oct 07 2020 11:13 pm

    When you connect to a remote BBS, what is "your" data? (Apart from your name address, etc) IE: Do the files you upload, the messages you post (both a loc message bases and networked ones) count as "your" data?

    I dont think the files do - but what if in the ZIP archive there was a file_id.diz that had your details in it?

    If a Sysop posted a message along the lines of "we dont follow the GDPR, so you dont want your personal information stored here, dont register" - would be valid?

    "Your data" is any information that may identify you as far as data confidentiality laws go.

    However, messages etc may be covered by other laws. For example, if I post a short story I may invoke Berna "copyright powers" to mess with you because you are hosting a literary piece I authored. SInce you don't have an army of lawyers you donñ t have a Terms of Service that reads slong the lines "You grant us the right to hold and publish your messages for XXXX days by signing up to the service".

    If you don't want to deal with the GDPR your only safe bet is to enforce a ban against European users and connections. The GDPR itself says services out of the EU are prosecutable for GDPR violations. Of course international law does not work that way - try going to China and filling a GDPR claim - but you cannot just boot a service and say "We are not GDPR compliant, take us or leave us" as far as GDPR is concerned.

    I think all this just comes to show what a frigging mess these laws are.

    --
    gopher://gopher.operationalsecurity.es
    --- SBBSecho 3.11-Linux
    * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)
  • From Atreyu@21:1/176 to Meatlotion on Wed Oct 7 20:13:30 2020
    On 06 Oct 20 17:33:25, Meatlotion said the following to All:

    As I (as do most other BBSes do) collect certain data from users, such as IP addresses, email addresses, names, phone numbers, etc etc (assuming that rea info is given), does this fall under some GDPR regulation of which we as sysops need to put notices upon login to say something about?

    A BBS is a non-commercial enterprise so the various provisions of the GDPR do not apply. You likely do not employ hundreds of people nor do you have an IT department, a "privacy officer" or data controller as set forth in the
    GDPR.

    Someone who calls a BBS and creates an account does so knowing that
    these are amateur systems ran on someone's computer. The contents of a BBS are in most cases not searchable by the Internet so privacy really comes down to the account itself. Many BBS callers don't give their real info... I don't.

    Likewise for an FTN. An FTN is not a commercial network. A Sysop makes the decision to join and be listed in an FTN otherwise you would not be in a nodelist that in some cases is Internet-searchable. So a great majority of
    the GDPR does not apply in that case either.

    Common sense stuff really...

    Atreyu

    --- Renegade vY2Ka2
    * Origin: Joey, do you like movies about gladiators? (21:1/176)
  • From Adept@21:2/108 to Arelor on Thu Oct 8 00:31:10 2020
    I think all this just comes to show what a frigging mess these laws are.

    I like the GDPR for a site of any size, mostly because I'd really rather
    never have tailored ads or tracking that surveils me across the internet.

    But, yeah, on the fringes it doesn't make a whole lot of sense. It does seem like a, "You must be gaining revenue from advertising" would be helpful, or _some_ sort of carveout for non-commercial, generally on-the-level situations.

    Or basically something where you're not expected to follow it if you're
    making too little revenue to be able to afford a lawyer to hold your hand through complying with the process.

    --- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
    * Origin: Storm BBS (21:2/108)
  • From Arelor@21:2/138 to Adept on Wed Oct 7 22:02:37 2020
    Re: Re: GDPR and BBSes
    By: Adept to Arelor on Wed Oct 07 2020 08:31 pm

    I think all this just comes to show what a frigging mess these laws are

    I like the GDPR for a site of any size, mostly because I'd really rather never have tailored ads or tracking that surveils me across the internet.

    Honestly, as far as I know, most users are being offered a ToS box with a big "I accept the ToS and cookies of this site", which they click. Then they get all the tailored ads and data collection just the same way they used to do before cookie laws and GDPR.

    Meanwhile some clinics are expected to hire a data protection delegate in order to fill the paperwork, for storing clinical documents which are kept in safes, assigned to a single doctor each, and never leave the facility - ie just like before GPDR, but having to keep an extra lawyer in the whole deal.

    Seriously, if they want to show me they are concerned for privacy, they should make it so I can use an Android phone and trust it is not running a shitload of telemetry services. Forcing Google to have more lawyers is just sugarcoating manure.


    --
    gopher://gopher.operationalsecurity.es
    --- SBBSecho 3.11-Linux
    * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)
  • From alterego@21:2/116 to Oli on Thu Oct 8 15:21:30 2020
    Re: GDPR and BBSes
    By: Oli to alterego on Wed Oct 07 2020 03:46 pm

    If a Sysop posted a message along the lines of "we dont follow the GDPR,
    so if you dont want your personal information stored here, dont register"
    - would it be valid?

    I don't think so. You cannot opt out of the GDPR.
    I still don't know how the GDPR can be applied to federated systems. It's simpler with walled gardens like facebook or web forums. At least you would need some informed consent that it's impossible to get back control of posted messages. IMHO FTNs

    Yeah, I think that was where I was going.

    So if there was a message at registration that said something along the lines of "your data is shared within the FTN network to an unlimited number of unknown systems and cannot be redacted - so you sign up accepting that your data cannot be removed at your request to be 'forgotten'".

    That would work right?

    Its a curious law with good intention but in some respects impracticle implementation it seems. When I google search (or any search engine for that matter) and find my name (eg a nodelist), who is responsible for it being removed - google/search engine(s) and/or "x" number of systems that have the nodelist publicly available (that the "y" search engines indexed).

    ...δεσ∩

    ... Tag line thievery's fun ...On to the next Geraldo!
    --- SBBSecho 3.11-Linux
    * Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)
  • From Captain Obvious@21:1/157 to Oli on Thu Oct 8 00:59:55 2020
    On 07 Oct 2020, Oli said the following...

    1. The ability to completely delete my account with all my data (and
    that it gets automatically purged after some time of inactivity, like 6
    to 24 month).

    I have that on mine.

    2. The information/disclaimer that messages I post in Fidonet or some other FTN are public on the web, archived forever by unknown people and cannot be deleted from the internet.

    Would be a good idea. May add that to my new user letter.

    -=>Richard Miles<=-
    -=>Captain Obvious<=-
    -=>bbs.shadowscope.com<=-

    --- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
    * Origin: * Shadowscope BBS * (21:1/157)
  • From MeaTLoTioN@21:1/158 to Atreyu on Thu Oct 8 13:53:52 2020
    A BBS is a non-commercial enterprise so the various provisions of the
    GDPR do not apply. You likely do not employ hundreds of people nor do
    you have an IT department, a "privacy officer" or data controller as set forth in the GDPR.

    No I don't employ anyone to run my BBS or do anything with it, lol.. but what
    I have been reading on government websites about GDPR, it looks like even personal websites have to think about GDPR, so from what I read a BBS being a non-commercial enterprise or not, would still be required by law to abide by certain GDPR regulations?

    Someone who calls a BBS and creates an account does so knowing that
    these are amateur systems ran on someone's computer. The contents of a
    BBS are in most cases not searchable by the Internet so privacy really comes down to the account itself. Many BBS callers don't give their real info... I don't.

    Yes this is also something that I thought about too, which is one of many reasons why the original question confuses me because I don't see any black
    and white, um... I mean clearly defined right or wrong path.

    Likewise for an FTN. An FTN is not a commercial network. A Sysop makes
    the decision to join and be listed in an FTN otherwise you would not be
    in a nodelist that in some cases is Internet-searchable. So a great majority of the GDPR does not apply in that case either.

    Exactly, by the very nature of BBSes and their FTN's, some data has to be spread out beyond the original system from whence it came.

    So far from the replies about this the one definitive thing I can pull out of it is to just ignore it because by definition of functionality a BBS would
    have to be exempt from any GDPR regulations... this is quite probably the
    wrong way to look at it, but it's all I can come up with right now.

    I'm still looking for the "right" answer, if that even exists. I might have a chat with someone from my work who would deal with such a thing, to see if
    they can offer any clarity to this.


    Thanks for your thoughts and opinions, keep 'em coming.

    ---
    |14Best regards,
    |11Ch|03rist|11ia|15n |11a|03ka |11Me|03aTLoT|11io|15N

    |07── |08[|10eml|08] |15ml@erb.pw |07── |08[|10web|08] |15www.erb.pw |07───┐ |07── |08[|09fsx|08] |1521:1/158 |07── |08[|11tqw|08] |151337:1/101 |07┬──┘ |07── |08[|12rtn|08] |1580:774/81 |07─┬ |08[|14fdn|08] |152:250/5 |07───┘
    |07── |08[|10ark|08] |1510:104/2 |07─┘

    --- Mystic BBS v1.12 A47 2020/09/27 (Linux/64)
    * Origin: thE qUAntUm wOrmhOlE, rAmsgAtE, uK. bbs.erb.pw (21:1/158)
  • From Apam@21:1/182 to Meatlotion on Thu Oct 8 23:31:12 2020
    RE: Re: GDPR and BBSes
    BY: MeaTLoTioN(21:1/158)


    No I don't employ anyone to run my BBS or do anything with it, lol.. but what
    I have been reading on government websites about GDPR, it looks like
    even
    personal websites have to think about GDPR, so from what I read a BBS
    being a
    non-commercial enterprise or not, would still be required by law to
    abide by
    certain GDPR regulations?

    I don't really follow the current events, but I thought the UK left the EU? Or is that still to happen?

    Andrew


    --- WWIV 5.5.0.3247
    * Origin: The Barbed Hook - barbedhook.ddns.net:2323 (21:1/182)
  • From Mindsurfer@21:3/119 to MeaTLoTioN on Tue Oct 6 23:48:48 2020
    So I just had a new user log into my BBS, and left me some really interesting feedback, of which I actually think is awesome.

    what was his feedback to you regarding GDPR?

    i can't give you a qualified answer there, but i think it would be
    necessary to inform about what data you store and for how long and that
    you can delete his account data from your BBS.

    Maybe some more information about Telnet and that it does not encrypt and
    that ssh does encrypt his login data.

    and an extra policy about using the fidonet compatible networks.

    I think if you use all todays laws and regulations you cant even open up
    a BBS at all anymore. But i am not a lawyer.

    Mindsurfer

    --- MagickaBBS v0.15alpha (Linux/armv7l)
    * Origin: FuNToPia telnet://funtopia.ddnss.eu:2023 (21:3/119)
  • From Mindsurfer@21:3/119 to MeaTLoTioN on Thu Oct 8 15:48:42 2020
    I'm still looking for the "right" answer, if that even exists. I
    might have a chat with someone from my work who would deal with
    such a thing, to see if they can offer any clarity to this.

    Let us know what he says. I am afraid you would need a lawyer to get the
    right answers and one of those answers could be. you can't run a BBS
    legally nowadays.

    Just look at the signup process. it is not encrypted. But thats one
    importand thing with the GDPR. You would have to create a temporary login
    and ask the user to come back with SSH for data encryption. BBSs are just
    from a different time in technology and law. But i think there is no
    exception for "old" systems in the GDPR.

    Mindsurfer

    --- MagickaBBS v0.15alpha (Linux/armv7l)
    * Origin: FuNToPia telnet://funtopia.ddnss.eu:2023 (21:3/119)
  • From MeaTLoTioN@21:1/158 to Apam on Thu Oct 8 15:22:32 2020
    I don't really follow the current events, but I thought the UK left the EU? Or is that still to happen?

    We are "leaving", which means by the end of December this year, we will have left the EU.

    According to the government website on GDPR, we will still generally be under UK GDPR regs, just not EU regs going forward. What that realistically means
    for GDPR I don't know, I really don't know enough about GDPR in general.

    ---
    |14Best regards,
    |11Ch|03rist|11ia|15n |11a|03ka |11Me|03aTLoT|11io|15N

    |07── |08[|10eml|08] |15ml@erb.pw |07── |08[|10web|08] |15www.erb.pw |07───┐ |07── |08[|09fsx|08] |1521:1/158 |07── |08[|11tqw|08] |151337:1/101 |07┬──┘ |07── |08[|12rtn|08] |1580:774/81 |07─┬ |08[|14fdn|08] |152:250/5 |07───┘
    |07── |08[|10ark|08] |1510:104/2 |07─┘

    --- Mystic BBS v1.12 A47 2020/09/27 (Linux/64)
    * Origin: thE qUAntUm wOrmhOlE, rAmsgAtE, uK. bbs.erb.pw (21:1/158)
  • From MeaTLoTioN@21:1/158 to Mindsurfer on Thu Oct 8 15:36:27 2020
    On 06 Oct 2020, Mindsurfer said the following...

    what was his feedback to you regarding GDPR?

    "The new account process was a bit much, things like sex, birth date,
    location, e-mail address etc. should really not be necessary to create an account. In fact in light of GDPR you might not even want to collect any of such information as it increases your liability should the data for whatever reasons become compromised."

    I responded with this;

    "I appreciate this feedback, the reasons I have kept that in is so that I can find out, for example;

    * ratio between men and woman using my BBS

    * the birthdate is useful to know the age of someone so you can tell whether
    they're new to the scene or an old hat revisiting and remembering times of
    old

    * the location is nice to know because we can see where everyone is from and
    how far and wide the BBS scene is reaching, who is visiting your BBS and
    from where

    * the email address is important because if you forget your password you
    will get a reset code sent to the registered email address."


    As for GDPR; this is a BBS, not an organisation, or company so I am not sure that it qualifies to be required to follow said regulation.

    This is what the EU has to say about GDPR and who has to make sure they're handling data right.

    "GDPR is a regulation that requires businesses to protect the personal data
    and privacy of EU citizens for transactions that occur within EU member
    states. And non-compliance could cost companies dearly."

    That one sentence alone surely exempts this BBS and almost all others world wide. Unless the BBS is run by a business for it's business use, GDPR is irrelevant, no?

    You have raised a good point though, and now I am curious about it. I will
    have to go do some searching."


    This user hasn't yet logged back in so I don't know if they've seen my reply.

    I also don't know whether I should think more carefully about the data I ask upon registration, I mean it's all optional, and you don't have to fill it in with actual real info, most people don't anyway. Should I care whether a new user is 15 or 50? Should I care that they are a man or woman? Should I care that they're calling in from Margate or Mexico?

    I do care, not for anything underhanded but because I want to get to know each person who joins and connects. I respond to every feedback I get, and sometimes if they call back I can get to know that person better.

    ---
    |14Best regards,
    |11Ch|03rist|11ia|15n |11a|03ka |11Me|03aTLoT|11io|15N

    |07── |08[|10eml|08] |15ml@erb.pw |07── |08[|10web|08] |15www.erb.pw |07───┐ |07── |08[|09fsx|08] |1521:1/158 |07── |08[|11tqw|08] |151337:1/101 |07┬──┘ |07── |08[|12rtn|08] |1580:774/81 |07─┬ |08[|14fdn|08] |152:250/5 |07───┘
    |07── |08[|10ark|08] |1510:104/2 |07─┘

    --- Mystic BBS v1.12 A47 2020/09/27 (Linux/64)
    * Origin: thE qUAntUm wOrmhOlE, rAmsgAtE, uK. bbs.erb.pw (21:1/158)
  • From MeaTLoTioN@21:1/158 to Mindsurfer on Thu Oct 8 16:22:03 2020
    On 08 Oct 2020, Mindsurfer said the following...

    Let us know what he says. I am afraid you would need a lawyer to get the right answers and one of those answers could be. you can't run a BBS legally nowadays.

    Just look at the signup process. it is not encrypted. But thats one importand thing with the GDPR. You would have to create a temporary login and ask the user to come back with SSH for data encryption. BBSs are just from a different time in technology and law. But i think there is no exception for "old" systems in the GDPR.

    OK so I have had an answer from the guy at work who deals with this daily,
    and I explain exactly why I am asking, what I do etc, and this is his reply;

    "The material scope Art 2 (C) may be a weak argument in this case. Albeit you may be able to state this pursuit is purely personal. However, you are processing PII information and a lot of GDPR is about risk. E.G. is there a risk to the rights and freedoms of the data subjects on a large scale.

    To cover yourself you can simply outline what happens to the data subject information when they sign up for the board and have a check box that state the data subject consents to your terms and conditions. This will demonstrate clear affirmative action. If you store any PII information try and also ensure it can't be compromised by having technical and operational measures in place such as encryption.

    If anyone asks what happens to their data you need to be transparent and we usually do this by having a privacy statement. What these look like are outlined in Art 13/14 of GDPR.

    These are simple measures your can take to cover yourself in case anyone tries to get cute with you."


    Interesting to know, so where does this leave us as SysOp's? Are we legally obliged nowadays to post said disclaimer prior to the user registering and/or entering the BBS?

    What are your thoughts to this new piece of information?

    ---
    |14Best regards,
    |11Ch|03rist|11ia|15n |11a|03ka |11Me|03aTLoT|11io|15N

    |07── |08[|10eml|08] |15ml@erb.pw |07── |08[|10web|08] |15www.erb.pw |07───┐ |07── |08[|09fsx|08] |1521:1/158 |07── |08[|11tqw|08] |151337:1/101 |07┬──┘ |07── |08[|12rtn|08] |1580:774/81 |07─┬ |08[|14fdn|08] |152:250/5 |07───┘
    |07── |08[|10ark|08] |1510:104/2 |07─┘

    --- Mystic BBS v1.12 A47 2020/09/27 (Linux/64)
    * Origin: thE qUAntUm wOrmhOlE, rAmsgAtE, uK. bbs.erb.pw (21:1/158)
  • From Warpslide@21:3/110 to All on Thu Oct 8 12:24:53 2020
    Re: GDPR and BBSes
    By: Captain Obvious to Oli on Wed Oct 07 2020 08:59 pm


    1. The ability to completely delete my account with all my data (and
    that it gets automatically purged after some time of inactivity,
    like 6 to 24 month).

    I have that on mine.

    There's a mod for Mystic available on Agency called dm-suicidev3.zip that allows a user to delete their own account.

    Thier account will be maked as "DELETED" and then will get permanently removed the next time you run PackUserBase in mutil.

    Jay

    ... Shout out to the people who ask what the opposite of "in" is
    --- SBBSecho 3.11-Linux
    * Origin: Northern Realms (21:3/110)
  • From Atreyu@21:1/176 to Meatlotion on Thu Oct 8 13:01:04 2020
    On 08 Oct 20 09:53:52, Meatlotion said the following to Atreyu:

    I'm still looking for the "right" answer, if that even exists. I might have chat with someone from my work who would deal with such a thing, to see if they can offer any clarity to this.

    Keep in mind something... what would happen if you didn't give a shit.

    Its a lot like running a BBS as a teenager in the early 90's and some jackass threatens to "sue you" because you did something or told them to F off or whatever. My response at the time was, "go ahead". Spend the time, effort and money on a lawyer. I'll wait patiently. Never heard from that user again.

    The court system has far better things to worry about than some silly BBS
    ran by some silly hobbyist thats not even a for-profit operation in violation of some law that would likely need the testimony of a data expert to even have it explained to a judge.... "Tradewars? Should the SEC get involved?"

    The court systems simply do not make examples of BBS's anymore like they used to in the aftermath days of Wargames where any mention of hacking was good
    for headlines. Unless you dabble in kiddie porn or have a treasure trove of pirated goodies up for download, authority figures do not care about your BBS.

    You have nothing to worry about; at worst you'll get an inquisitive letter, at best you'll be happily entertained here by everyone else with chicken-little theories about the men in black dramatically bursting through your door.

    Atreyu

    --- Renegade vY2Ka2
    * Origin: Joey, do you like movies about gladiators? (21:1/176)
  • From Ogg@21:4/106.21 to MeaTLoTioN on Thu Oct 8 13:27:00 2020
    Hello Meatlotion!

    ** On Thursday 08.10.20 - 12:22, MeaTLoTioN wrote to Mindsurfer:

    OK so I have had an answer from the guy at work who deals
    with this daily, and I explain exactly why I am asking,
    what I do etc, and this is his reply;

    "The material scope Art 2 (C) may be a weak argument in
    this case. Albeit you may be able to state this pursuit
    is purely personal. However, you are processing PII
    information and a lot of GDPR is about risk. E.G. is
    there a risk to the rights and freedoms of the data
    subjects on a large scale.

    What is PII? Personal Identification Info? Is the info that
    someone keys in truly personal if the visitor/user can lie
    about it? Why should a BBS be opbligated to "secure" fake
    information beyond what is required for a simple verification
    at login and to read some messages? Sounds to me that the
    GDPR applies to corporations/businesses where "true"
    information is the issue.

    If BBSes would fall under GDPR regulations, then why don't
    regular people who store and record CID (Caller ID) on their
    phones?

    The GDPR succeeds in obfuscating things so much that we have
    to wonder how BBSes fit in. It's a sad commentary. The folks
    who wrote the GDPR probably do not even know what a BBS is.

    Thanks for sharing the comments from the guy at your work.
    Even he is so unsure that he suggests broad disclosure
    statements to be placed on a BBS.

    Why wouldn't a simple statement:

    "You have reached a personal/private system. The info you
    provide is solely used for login verification purposes and
    statistics. Enter at your own risk. YOUR choice. The data on
    this system is ephemeral and there are no guarantees of
    backup."


    If anyone asks what happens to their data you need to be
    transparent and we usually do this by having a privacy
    statement. What these look like are outlined in Art 13/14
    of GDPR.

    I'll have to look at those Art numbers. But I think for BBS
    purposes this is overkill.


    These are simple measures your can take to cover yourself
    in case anyone tries to get cute with you."

    See? He's not sure.. so the idea is to post disclamers to
    describe what your system is NOT.


    What are your thoughts to this new piece of information?

    There you have it. This is an interesting topic. But I think
    for BBSes there is panic for no reason.


    --- OpenXP 5.0.46
    * Origin: (} Pointy McPointFace (21:4/106.21)
  • From Arelor@21:2/138 to MeaTLoTioN on Thu Oct 8 14:07:27 2020
    Re: Re: GDPR and BBSes
    By: MeaTLoTioN to Mindsurfer on Thu Oct 08 2020 11:36 am

    "GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. And non-compliance could cost companies dearly."

    That sentence includes businesses but does not exclude anything. This means, some other part of the document could demand you to follow the regulations despite you not being a business.

    Seriously, you ought to check with your _local_ implementation of the law. Haven't you got a Data Protection Agency? You don't have to comply with the European law as much as you have to comply with local regulations, so take care to read the regulations that apply to your jurisdiction (which ouight to be shaped as to follow GDPR or be more strict than GDPR).

    --
    gopher://gopher.operationalsecurity.es
    --- SBBSecho 3.11-Linux
    * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)
  • From Gamgee@21:2/138 to Ogg on Thu Oct 8 14:08:00 2020
    Ogg wrote to MeaTLoTioN <=-

    What are your thoughts to this new piece of information?

    There you have it. This is an interesting topic. But I think
    for BBSes there is panic for no reason.

    Panic? LOL

    I don't think so. I could not give a rat's ass about this GDPR,
    nor could nearly anyone else in the USA. Let the Euro-commies
    fret about it all they want. We don't care.


    ... Post may contain information unsuitable for overly sensitive persons.
    === MultiMail/Linux v0.52
    --- SBBSecho 3.11-Linux
    * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)
  • From Arelor@21:2/138 to MeaTLoTioN on Thu Oct 8 14:09:53 2020
    Re: Re: GDPR and BBSes
    By: MeaTLoTioN to Mindsurfer on Thu Oct 08 2020 11:36 am

    "The new account process was a bit much, things like sex, birth date, location, e-mail address etc. should really not be necessary to create an account. In fact in light of GDPR you might not even want to collect any of such information as it increases your liability should the data for whatever reasons become compromised."

    I responded with this;

    "I appreciate this feedback, the reasons I have kept that in is so that I ca find out, for example;

    As a rule of thumb you don't want to host information that is not needed for your service to function.

    Being curious about the nature of your users is a weak justification to store data.

    Also, you have to apply data protection laws to people who is outside your jurisdiction too. A Chinesse person logging into your BBS is supposed to have the same data protection laws applied to him

    --
    gopher://gopher.operationalsecurity.es
    --- SBBSecho 3.11-Linux
    * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)
  • From Arelor@21:2/138 to Ogg on Thu Oct 8 14:14:03 2020
    Re: GDPR and BBSes
    By: Ogg to MeaTLoTioN on Thu Oct 08 2020 09:27 am

    If BBSes would fall under GDPR regulations, then why don't
    regular people who store and record CID (Caller ID) on their
    phones?

    According to Spanish law, your contact addressbook is an archive of personal identifying information for all effects.

    Welcome to Spain.

    Sorry, I think it is spelled S-Pain nowadays.

    Please, drag me out of this rotting place.


    --
    gopher://gopher.operationalsecurity.es
    --- SBBSecho 3.11-Linux
    * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)
  • From Arelor@21:2/138 to Gamgee on Thu Oct 8 14:18:03 2020
    Re: Re: GDPR and BBSes
    By: Gamgee to Ogg on Thu Oct 08 2020 10:08 am

    Ogg wrote to MeaTLoTioN <=-

    What are your thoughts to this new piece of information?

    There you have it. This is an interesting topic. But I think
    for BBSes there is panic for no reason.

    Panic? LOL

    I don't think so. I could not give a rat's ass about this GDPR,
    nor could nearly anyone else in the USA. Let the Euro-commies
    fret about it all they want. We don't care.


    ... Post may contain information unsuitable for overly sensitive persons.

    I am as far from an Euro-commie as it can get, but if you don't at least *pretend* you care for cookie laws and similar rubbish, you'll be tattooing a target in your ass for the real Euro-commies to kick.

    --
    gopher://gopher.operationalsecurity.es
    --- SBBSecho 3.11-Linux
    * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)
  • From echicken to MeaTLoTioN on Thu Oct 8 15:21:50 2020
    Re: Re: GDPR and BBSes
    By: MeaTLoTioN to Mindsurfer on Thu Oct 08 2020 11:36:27

    "The new account process was a bit much, things like sex, birth date, location, e-mail address etc. should really not be necessary to create an

    "Sex" and "birth date" are a bit invasive, if compared with what other online services ask for. Many just want username and email address; users are unaccustomed to being asked for more than that.

    That said, some people just want something to be mad about and have adopted "privacy" as their cause. It's a good choice; if you become a stickler for it, you'll see violations literally everywhere. You'll never want for outrage.

    I once had somebody get upset about the "security issues" of me asking for: alias, email address, real-sounding fake name, and location. Of these, only "location" was truly unnecessary. And yes, I said "real-sounding fake name", which was just for FidoNet's sake.

    * ratio between men and woman using my BBS

    When you bring gender into the mix, you invite a whole new species of outrage. :)

    * the birthdate is useful to know the age of someone so you can tell whether
    they're new to the scene or an old hat revisiting and remembering times of old

    When you put questions like these (sex, birth date) into a signup process, many people will assume it's *required* and that you're violating their privacy.

    It might be better to create an optional survey that users can fill out, decoupled from registration,
    maybe even anonymized or optionally anonymous. In a survey, you could ask more pointed questions about their motivations for calling your BBS, and their history with this medium, etc. It's a softer approach to gathering demographic info.

    * the location is nice to know because we can see where everyone is from and
    how far and wide the BBS scene is reaching, who is visiting your BBS and from where

    They're giving you this information just by connecting, so you could skip the question and do a geo-IP lookup. Not accurate if they're using a VPN or whatever, but they could also just lie when answering the question.

    I do care, not for anything underhanded but because I want to get to know each
    person who joins and connects. I respond to every feedback I get, and sometimes
    if they call back I can get to know that person better.

    I think the best way to get to know them is through conversation. We're just brains interacting over the internet. Personal details and physical matters will come up in discussion as they become relevant and as each party feels comfortable sharing.

    Having said all of the above, I have not looked at my newuser process in a long time, and I may even have a lot of questions enabled for testing purposes which I don't actually care about the answers to.

    As for GDPR; this is a BBS, not an organisation, or company so I am not sure
    that it qualifies to be required to follow said regulation.

    I doubt if there's much to worry about. If a BBS operator is ever officially challenged on this point, it's unlikely to begin with a big-money lawsuit or a steep fine. You're much more likely to receive a warning and a strongly-worded letter. (Especially for those of us outside the EU.)

    ---
    echicken
    electronic chicken bbs - bbs.electronicchicken.com
  • From Warpslide@21:3/110 to Arelor on Thu Oct 8 21:33:19 2020
    Re: Re: GDPR and BBSes
    By: Arelor to MeaTLoTioN on Thu Oct 08 2020 10:09 am


    As a rule of thumb you don't want to host information that is not needed for your service to function.

    Exactly. On my board I ask for Handle, Real Name & Email address.

    The only reason I ask for real name is for Fidonet. Email addresses is for account validation. Other than that, I don't care your gender or how old you are.

    I'd rather not know. And if my board were to get "hacked" there's as little information as possible for the attacker to get their mitts on.

    Jay

    ... How much money does a pirate pay for corn? A buccaneer
    --- SBBSecho 3.11-Linux
    * Origin: Northern Realms (21:3/110)
  • From Adept@21:2/108 to Arelor on Fri Oct 9 01:58:36 2020
    Honestly, as far as I know, most users are being offered a ToS box with
    a big "I accept the ToS and cookies of this site", which they click.
    Then they get all the tailored ads and data collection just the same way they used to do before cookie laws and GDPR.

    I think that's how Facebook works (and Facebook is facing billions in
    deserved fines over the GDPR (the fines are deserved regardless of the GDPR,
    or if this particular aspect is what they get fined for)), but since arriving in the EU, I've noticed that most sites pop it up, I click on "more settings" or some other way of phrasing that (or in German, where I'm occasionally clicking semi-randomly), and it has several options on cookies, with the base functional ones turned on without an option, and all the other sorts of
    cookies turned off by default.

    It doesn't seem entirely universal, but it's common enough that I've gotten used to it.

    --- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
    * Origin: Storm BBS (21:2/108)
  • From Captain Obvious@21:1/157 to MeaTLoTioN on Thu Oct 8 22:40:50 2020
    On 08 Oct 2020, MeaTLoTioN said the following...

    "The new account process was a bit much, things like sex, birth date, location, e-mail address etc. should really not be necessary to create an account. In fact in light of GDPR you might not even want to collect any of such information as it increases your liability should the data for whatever reasons become compromised."

    I tend to agree but not because of privacy reasons. The sign up and log in process for most BBSes is a drag. It takes forever to get into some boards.
    A large percentage of the info that's asked for is useless now. Phone number and data number? Really? I ask for name, alias and email address and want to streamline the sign-in process to be as painless as possible. Was asking for location but I no longer do. If someone wants it on their profile they can
    add the information later from the settings editor.

    -=>Richard Miles<=-
    -=>Captain Obvious<=-
    -=>bbs.shadowscope.com<=-

    --- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
    * Origin: * Shadowscope BBS * (21:1/157)
  • From Captain Obvious@21:1/157 to Warpslide on Thu Oct 8 22:45:29 2020
    On 08 Oct 2020, Warpslide said the following...

    There's a mod for Mystic available on Agency called dm-suicidev3.zip that allows a user to delete their own account.

    That's what I use. I've been meaning to edit the mpl to change the screens
    and title as in today's world it's a bit insensitive but I haven't gotten around to it.

    -=>Richard Miles<=-
    -=>Captain Obvious<=-
    -=>bbs.shadowscope.com<=-

    --- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
    * Origin: * Shadowscope BBS * (21:1/157)
  • From Ogg@21:4/106.21 to Arelor on Thu Oct 8 22:36:00 2020
    Hello Arelor!

    ** On Thursday 08.10.20 - 10:14, Arelor wrote to Ogg:

    If BBSes would fall under GDPR regulations, then why don't
    regular people who store and record CID (Caller ID) on
    their phones?

    According to Spanish law, your contact addressbook is an
    archive of personal identifying information for all
    effects.

    That's incredible. Since when does a gov't suggest that your
    address book is their address book?

    There is nothing illegal about being stupid. You could
    stupidly delete the address book by accident if bullied. ;)

    It would seem to me that if one were to be forced to disclose
    said contents of such address book, then the very nature of
    disclosing would be in contradiction to the very regulations
    that insist that it should be "protected".


    Welcome to Spain.

    Sorry, I think it is spelled S-Pain nowadays.

    :)


    Please, drag me out of this rotting place.

    Where would you go?


    --- OpenXP 5.0.46
    * Origin: (} Pointy McPointFace (21:4/106.21)
  • From Ogg@21:4/106.21 to Arelor on Thu Oct 8 22:50:00 2020
    Hello Arelor!

    ** On Thursday 08.10.20 - 10:18, Arelor wrote to Gamgee:

    Panic? LOL

    I don't think so. I could not give a rat's ass about this
    GDPR, nor could nearly anyone else in the USA. Let the
    Euro-commies fret about it all they want. We don't care.

    I am as far from an Euro-commie as it can get, but if you
    don't at least *pretend* you care for cookie laws and
    similar rubbish, you'll be tattooing a target in your ass
    for the real Euro-commies to kick.

    Nah.. Simple disclaimer:

    "Welcome to ### BBS and to the 80s. This system is designed to
    provide the same communications experience in the 80s. No
    guarantees are made to the permanence of data provided by you
    or the system, just like in the 80s. We operate with
    equipment from the 80s. You are responsible for data
    submitted. There is no obligation to answer the introduction
    questions. Those answers are your participation in a survey.
    Thank you!"


    --- OpenXP 5.0.46
    * Origin: (} Pointy McPointFace (21:4/106.21)
  • From Ogg@21:4/106.21 to echicken on Thu Oct 8 22:54:00 2020
    Hello echicken!

    ** On Thursday 08.10.20 - 11:21, echicken wrote to MeaTLoTioN:

    As for GDPR; this is a BBS, not an organisation, or
    company so I am not sure that it qualifies to be
    required to follow said regulation.

    I doubt if there's much to worry about. If a BBS operator
    is ever officially challenged on this point, it's unlikely
    to begin with a big-money lawsuit or a steep fine. You're
    much more likely to receive a warning and a strongly-
    worded letter. (Especially for those of us outside the
    EU.)

    Yup. Much ado about nothing.



    --- OpenXP 5.0.46
    * Origin: (} Pointy McPointFace (21:4/106.21)
  • From MeaTLoTioN@21:1/158 to echicken on Fri Oct 9 04:38:11 2020
    On 08 Oct 2020, echicken said the following...

    It might be better to create an optional survey that users can fill out, decoupled from registration,

    I have taken on board the suggestions and thoughts of you and others, and
    have decided to remove the need to ask for anything but "alias", "real-name" and "email" upon registration.

    As you said, the "real name" is a "requirement" for Fidonet, however it
    doesn't have to be a real "real name" just as long as it looks real-enough, right? =)

    It's still a very interesting topic I find, and I'm eager to make the BBS a better experience for anyone wishing to connect, so I have streamlined that signup process to reflect this.


    Thanks all for the advice and suggestions, very much appreciated.

    ---
    |14Best regards,
    |11Ch|03rist|11ia|15n |11a|03ka |11Me|03aTLoT|11io|15N

    |07── |08[|10eml|08] |15ml@erb.pw |07── |08[|10web|08] |15www.erb.pw |07───┐ |07── |08[|09fsx|08] |1521:1/158 |07── |08[|11tqw|08] |151337:1/101 |07┬──┘ |07── |08[|12rtn|08] |1580:774/81 |07─┬ |08[|14fdn|08] |152:250/5 |07───┘
    |07── |08[|10ark|08] |1510:104/2 |07─┘

    --- Mystic BBS v1.12 A47 2020/09/27 (Linux/64)
    * Origin: thE qUAntUm wOrmhOlE, rAmsgAtE, uK. bbs.erb.pw (21:1/158)
  • From Gamgee@21:2/138 to Arelor on Thu Oct 8 22:36:00 2020
    Arelor wrote to Gamgee <=-

    There you have it. This is an interesting topic. But I think
    for BBSes there is panic for no reason.

    Panic? LOL

    I don't think so. I could not give a rat's ass about this GDPR,
    nor could nearly anyone else in the USA. Let the Euro-commies
    fret about it all they want. We don't care.

    I am as far from an Euro-commie as it can get, but if you don't
    at least *pretend* you care for cookie laws and similar rubbish,
    you'll be tattooing a target in your ass for the real
    Euro-commies to kick.

    Understood, and that's gotta suck. Perhaps you should become a
    (legal) immigrant to the USA. ;-)



    ... Pros are those who do their jobs well, even when they don't feel like it. === MultiMail/Linux v0.52
    --- SBBSecho 3.11-Linux
    * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)
  • From Oli@21:3/102 to alterego on Fri Oct 9 14:18:11 2020
    alterego wrote (2020-10-08):

    Yeah, I think that was where I was going.

    So if there was a message at registration that said something along the lines of "your data is shared within the FTN network to an unlimited
    number of unknown systems and cannot be redacted - so you sign up
    accepting that your data cannot be removed at your request to be 'forgotten'".

    That would work right?

    I'm not sure. Not informing the user would be clearly a problem. But I also doubt that the right to be "forgotten" can be easily negotiated.

    I would argue that participating in an FTN is about keeping this communication technology and BBSing alive and it's impossible to do this without distributing the nodelist and mails with all the consequences. I don't know if that would have any legal relevance.

    Its a curious law with good intention but in some respects impracticle implementation it seems. When I google search (or any search engine for that matter) and find my name (eg a nodelist), who is responsible for it being removed - google/search engine(s) and/or "x" number of systems that have the nodelist publicly available (that the "y" search engines
    indexed).

    Avon asked for my personal data on joining the network. For me a user he is responsible for anything that happens to my personal data, especially for things that I didn't give consent for. (theoretica

    I think I also can ask google to remove search results about me and sites that archive a nodelist with my name/location/ip/domain/phone to remove that file (or etnry).

    Obviously the GDPR was created because of the Facebooks and Googles and all the businesses that use their services and track users, collect data and sell it. It's a bit puzzling for things that are not a business, but also not "household use".

    I'm still curious if and how BBSing and FTNs are compatible with the GDPR or if for some (unknown) reason the GDPR does not apply fully.

    ---
    * Origin: (21:3/102)
  • From Arelor@21:2/138 to Ogg on Fri Oct 9 08:22:38 2020
    Re: GDPR and BBSes
    By: Ogg to Arelor on Thu Oct 08 2020 06:36 pm

    Where would you go?

    Somewhere with open ranges where my horses could be happy, I guess.

    --
    gopher://gopher.operationalsecurity.es
    --- SBBSecho 3.11-Linux
    * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)
  • From Arelor@21:2/138 to Gamgee on Fri Oct 9 08:25:51 2020
    Re: Re: GDPR and BBSes
    By: Gamgee to Arelor on Thu Oct 08 2020 06:36 pm

    I am as far from an Euro-commie as it can get, but if you don't
    at least *pretend* you care for cookie laws and similar rubbish,
    you'll be tattooing a target in your ass for the real
    Euro-commies to kick.

    Understood, and that's gotta suck. Perhaps you should become a
    (legal) immigrant to the USA. ;-)

    I am still banging my head against a wall because I rejected a job offer from a 'murican company back in the day.

    Maybe I could get a green card since I have contracts with Linux News Media and (soon) other American publishers, but taking my horse there would be sorta troublesome.

    --
    gopher://gopher.operationalsecurity.es
    --- SBBSecho 3.11-Linux
    * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)
  • From Joacim Melin@21:2/130 to Ogg on Fri Oct 9 16:04:43 2020
    A quick GDPR primer:

    Information that can be used to identify you (name, address, email address, phone number, personal identification number, photos of you) are included in GDPR as "personal information".

    It can be argued that a BBS can be view upon as a private club and as such a BBS is exempt from GDPR since you are allowed to store any of the information listed above without consent from the user/member.



    --- NiKom v2.5.0
    * Origin: Delta City (deltacity.se, Vallentuna, Sweden) (21:2/130.0)
  • From Joacim Melin@21:2/130 to Gamgee on Fri Oct 9 16:12:13 2020
    Ogg wrote to MeaTLoTioN <=-

    What are your thoughts to this new piece of information?

    There you have it. This is an interesting topic. But I think
    for BBSes there is panic for no reason.

    Panic? LOL

    I don't think so. I could not give a rat's ass about this GDPR,
    nor could nearly anyone else in the USA. Let the Euro-commies
    fret about it all they want. We don't care.

    Nor do we euro-commies care about the US-fascist Cloud act law which means we will (hopefully) soon be rid of Facebook and some other american cloud providers, hurting the US "uhconomy" even more. Ah yes - glorious times ahead.


    --- NiKom v2.5.0
    * Origin: Delta City (deltacity.se, Vallentuna, Sweden) (21:2/130.0)
  • From Joacim Melin@21:2/130 to Ogg on Fri Oct 9 16:15:36 2020
    Hello Arelor!

    ** On Thursday 08.10.20 - 10:14, Arelor wrote to Ogg:

    If BBSes would fall under GDPR regulations, then why don't
    regular people who store and record CID (Caller ID) on
    their phones?

    According to Spanish law, your contact addressbook is an
    archive of personal identifying information for all
    effects.

    That's incredible. Since when does a gov't suggest that your
    address book is their address book?

    There is nothing illegal about being stupid. You could
    stupidly delete the address book by accident if bullied. ;)

    It would seem to me that if one were to be forced to disclose
    said contents of such address book, then the very nature of
    disclosing would be in contradiction to the very regulations
    that insist that it should be "protected".


    Welcome to Spain.

    Sorry, I think it is spelled S-Pain nowadays.

    :)


    Please, drag me out of this rotting place.

    Where would you go?

    Your own personal phone records in your phone is *NOT* subject to GDPR regulations since you are a private person. GDPR was designed to protect individuals from having their identity and personal information misused by corporations for fraud or other kinds of attempts to use it for their own personal benefit (hello Facebook, Google, et al).

    For fucks sake - read up on this stuff. It's not hard.


    --- NiKom v2.5.0
    * Origin: Delta City (deltacity.se, Vallentuna, Sweden) (21:2/130.0)
  • From Arelor@21:2/138 to Joacim Melin on Fri Oct 9 10:06:51 2020
    Re: Re: GDPR and BBSes
    By: Joacim Melin to Ogg on Fri Oct 09 2020 12:15 pm

    Your own personal phone records in your phone is *NOT* subject to GDPR regulations since you are a private person. GDPR was designed to protect individuals from having their identity and personal information misused by corporations for fraud or other kinds of attempts to use it for their own personal benefit (hello Facebook, Google, et al).

    For fucks sake - read up on this stuff. It's not hard.

    Maybe according to GDPR, but GDPR is the framework on which local regulations are built.

    As such, local regulations can be as retarded as they want within the margins allowed by European regulations.

    --
    gopher://gopher.operationalsecurity.es
    --- SBBSecho 3.11-Linux
    * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)
  • From alterego@21:2/116 to Joacim Melin on Sat Oct 10 03:01:48 2020
    Re: Re: GDPR and BBSes
    By: Joacim Melin to Ogg on Fri Oct 09 2020 12:04 pm

    It can be argued that a BBS can be view upon as a private club and as such a BBS is exempt from GDPR since you are allowed to store
    any of the information listed above without consent from the user/member.

    Wow really? Private clubs can get and keep that info that way? Can they use it for marketing purposes etc?

    ...δεσ∩

    ... If only I could be respected without having to be respectable.
    --- SBBSecho 3.11-Linux
    * Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)
  • From Ogg@21:4/106.21 to Joacim Melin on Fri Oct 9 12:08:00 2020
    Hello Joacim!

    ** On Friday 09.10.20 - 12:15, Joacim Melin wrote to Ogg:


    For fucks sake - read up on this stuff. It's not hard.


    Naaah. No thanks. I've got enough other things to deal with
    than engaging google with a new acronym that I might find
    here. I'll just leave the topicroom instead. You can be the
    pundit of this GDPR-thing all you want.


    --- OpenXP 5.0.46
    * Origin: (} Pointy McPointFace (21:4/106.21)
  • From Gamgee@21:2/138 to Arelor on Fri Oct 9 11:59:00 2020
    Arelor wrote to Gamgee <=-

    Re: Re: GDPR and BBSes
    By: Gamgee to Arelor on Thu Oct 08 2020 06:36 pm

    I am as far from an Euro-commie as it can get, but if you don't
    at least *pretend* you care for cookie laws and similar rubbish,
    you'll be tattooing a target in your ass for the real
    Euro-commies to kick.

    Understood, and that's gotta suck. Perhaps you should become a
    (legal) immigrant to the USA. ;-)

    I am still banging my head against a wall because I rejected a
    job offer from a 'murican company back in the day.

    Well, there are new jobs opening every day... :-)

    Maybe I could get a green card since I have contracts with Linux
    News Media and (soon) other American publishers, but taking my
    horse there would be sorta troublesome.

    Probably a little troublesome, but do-able.



    ... Forbidden fruit is responsible for many a bad jam.
    === MultiMail/Linux v0.52
    --- SBBSecho 3.11-Linux
    * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)
  • From Oli@21:3/102 to Atreyu on Fri Oct 9 19:33:24 2020
    Atreyu wrote (2020-10-08):

    Keep in mind something... what would happen if you didn't give a shit.

    I will keep that in mind for any rules (policies) in fidonet. why should anyone give a shit about anything?

    ---
    * Origin: (21:3/102)
  • From Atreyu@21:1/176 to Oli on Fri Oct 9 13:52:41 2020
    On 09 Oct 20 15:33:24, Oli said the following to Atreyu:

    Keep in mind something... what would happen if you didn't give a shit.

    I will keep that in mind for any rules (policies) in fidonet. why should anyone give a shit about anything?

    LOL, we're back to your Fidonet jealousy again are we...

    My daughter has some tampons ready for your next little emotional meltdown.

    Atreyu

    --- Renegade vY2Ka2
    * Origin: Joey, do you like movies about gladiators? (21:1/176)
  • From Arelor@21:2/138 to Gamgee on Fri Oct 9 14:20:05 2020
    Re: Re: GDPR and BBSes
    By: Gamgee to Arelor on Fri Oct 09 2020 07:59 am

    Maybe I could get a green card since I have contracts with Linux
    News Media and (soon) other American publishers, but taking my
    horse there would be sorta troublesome.

    Probably a little troublesome, but do-able.

    Getting the greencard, or moving with the horses? :-P

    One of them seems to be an Arabian cross. I bet the TSA would not let her in without a throughful background check and many questions.

    "So, are you an spy for the arabs?"

    --
    gopher://gopher.operationalsecurity.es
    --- SBBSecho 3.11-Linux
    * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)
  • From Spectre@21:3/101 to Arelor on Sat Oct 10 09:09:00 2020
    Getting the greencard, or moving with the horses? :-P

    Isn't that the same thing? :)

    One of them seems to be an Arabian cross. I bet the TSA would not let her in without a throughful background check and many questions.

    "So, are you an spy for the arabs?"

    Or, "Is that horse a Musi extremist?"

    Spec


    *** THE READER V4.50 [freeware]
    --- SuperBBS v1.17-3 (Eval)
    * Origin: Scrawled in haste at The Lower Planes (21:3/101)
  • From Charles Pierson@21:4/111 to Spectre on Fri Oct 9 18:00:36 2020
    Thus spake Spectre:
    Getting the greencard, or moving with the horses? :-P

    Isn't that the same thing? :)

    One of them seems to be an Arabian cross. I bet the TSA would not let her
    in without a throughful background check and many questions.

    "So, are you an spy for the arabs?"

    Or, "Is that horse a Musi extremist?"

    A horse is a horse, of course, of course......



    So let it be written, So let it be done.
    --- AfterShock/Android 1.6.7
    * Origin: HOUSTON, TX (21:4/111)
  • From Ogg@21:4/106.21 to Arelor on Fri Oct 9 22:12:00 2020
    Hello Arelor!

    ** On Friday 09.10.20 - 10:20, Arelor wrote to Gamgee:

    One of them seems to be an Arabian cross. I bet the TSA
    would not let her in without a throughful background check
    and many questions.

    "So, are you an spy for the arabs?"


    Taking horses with you could be tricky. Stress on the horses.
    And then there is the concern to take them back if the work
    doesn't pan out. It may not be be too cheap to board them for
    a little while until you find something cheaper.

    I have 3 cats. And THEY keep me grounded close to home. I
    can't imagine all the details that transporting horses would
    entail. The new job would better be worth it.


    --- OpenXP 5.0.46
    * Origin: (} Pointy McPointFace (21:4/106.21)
  • From Gamgee@21:2/138 to Arelor on Sat Oct 10 00:50:00 2020
    Arelor wrote to Gamgee <=-

    Re: Re: GDPR and BBSes
    By: Gamgee to Arelor on Fri Oct 09 2020 07:59 am

    Maybe I could get a green card since I have contracts with Linux
    News Media and (soon) other American publishers, but taking my
    horse there would be sorta troublesome.

    Probably a little troublesome, but do-able.

    Getting the greencard, or moving with the horses? :-P

    Haha, the horses. The greencard may be tough these days too,
    though. :-)

    One of them seems to be an Arabian cross. I bet the TSA would not
    let her in without a throughful background check and many
    questions.

    "So, are you an spy for the arabs?"

    LOL, it might be a Trojan Horse!



    ... All the easy problems have been solved.
    === MultiMail/Linux v0.52
    --- SBBSecho 3.11-Linux
    * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)
  • From Arelor@21:2/138 to Spectre on Sat Oct 10 09:44:55 2020
    Re: Re: GDPR and BBSes
    By: Spectre to Arelor on Sat Oct 10 2020 05:09 am

    "So, are you an spy for the arabs?"

    Or, "Is that horse a Musi extremist?"

    Spec

    Nobody has seen her eat bacon, so that casts reasonable suspicion against her.

    --
    gopher://gopher.operationalsecurity.es
    --- SBBSecho 3.11-Linux
    * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)
  • From Adept@21:2/108 to Atreyu on Sat Oct 10 16:21:00 2020
    Keep in mind something... what would happen if you didn't give a shit.

    Your points are solid, though I imagine that some of us actively want to
    follow regulations to the best of our abilities.

    Mind you, if this the GDPR were inherently a stupid pursuit, I suppose I
    might feel differently if it weren't -- e.g., my opinion on pirating copyrighted works over 28 years old, where I affirmatively believe that
    people are morally in the right to copy anything they want.

    But the GDPR is _attempting_ to make data collection more transparent, and
    more consumer focused than the trash heap we currently have.

    Mind you, what I'd like to stop is any organization sharing my information around -- I dislike having random websites pop up with my name and previous
    ten addresses, or having yet another politician asking for handouts because I made the mistake of donating money a decade or two ago.

    And BBSs, by and large, don't do that. It really is just one or two people, never sharing the data.

    But it wouldn't be a bad thing to state that you have no intent of anything particularly more nefarious than getting to know a stranger.

    Regardless, this isn't disagreement, just a further thought.

    --- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
    * Origin: Storm BBS (21:2/108)
  • From Adept@21:2/108 to Arelor on Sat Oct 10 21:10:06 2020
    Sorry, I think it is spelled S-Pain nowadays.

    Please, drag me out of this rotting place.

    I wonder if it's just a common thing for people to think that about their own countries.

    Well, aside from New Zealand, which everyone agrees is pretty great, just
    kind of in the middle of nowhere.

    But I'm getting questions about why I'd choose to live in Germany, especially
    a random smaller city.

    --- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
    * Origin: Storm BBS (21:2/108)
  • From Gamgee@21:2/138 to Adept on Sat Oct 10 16:58:00 2020
    Adept wrote to Arelor <=-

    Sorry, I think it is spelled S-Pain nowadays.
    Please, drag me out of this rotting place.

    I wonder if it's just a common thing for people to think that
    about their own countries.

    Nobody I know thinks that about our country (USA). I'd have to
    guess that holds true for nearly all US citizens.

    But I'm getting questions about why I'd choose to live in
    Germany, especially a random smaller city.

    As I recall, you recently moved there from the USA... Don't you
    think it would be rather normal for folks to ask why you wanted to
    do that? I think it's a perfectly natural thing to ask. <SHRUG>



    ... All hope abandon, ye who enter messages here.
    === MultiMail/Linux v0.52
    --- SBBSecho 3.11-Linux
    * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)
  • From Phoobar@21:2/147 to Adept on Sat Oct 10 14:53:54 2020
    But I'm getting questions about why I'd choose to live in Germany, especially a random smaller city.

    I would love to live there as well. My only question is do you have a large enough trunk to let me ride in for the trip? ;)

    --- Mystic BBS v1.12 A47 2020/09/12 (Windows/32)
    * Origin: ACME BBS-0118 999 881 999 119 725 3 (21:2/147)
  • From Arelor@21:2/138 to Adept on Sat Oct 10 17:59:55 2020
    Re: Re: GDPR and BBSes
    By: Adept to Arelor on Sat Oct 10 2020 05:10 pm

    But I'm getting questions about why I'd choose to live in Germany, especiall a random smaller city.

    Random smaller cities for the win.

    Lots of people told me I was a loser for living in a Peacebringer forsaken village, and that I should be in Madrid instead where the jobs and services and parties are.

    Then COVID struck and those were all locked up in tiny cubiclesque appartments 30 m^2 big, while I had miles of lonely forest to use as mine. Who is the loser now? HAHAHAHAHAHAHAHA

    --
    gopher://gopher.operationalsecurity.es
    --- SBBSecho 3.11-Linux
    * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)
  • From Spectre@21:3/101 to Arelor on Sun Oct 11 12:55:00 2020
    Nobody has seen her eat bacon, so that casts reasonable suspicion

    That leaves it wide open, she could also be a jewish extremist... :P

    Spec


    --- SuperBBS v1.17-3 (Eval)
    * Origin: (21:3/101)
  • From Adept@21:2/108 to Gamgee on Sun Oct 11 15:30:28 2020
    Please, drag me out of this rotting place.
    Nobody I know thinks that about our country (USA). I'd have to
    guess that holds true for nearly all US citizens.

    Huh. I know several people who are actively trying to figure out how to leave the US, a couple who already have, and a fair amount who'd consider it if it were an option.

    But clearly we have different bubbles, and yours evidently thinks more of the US than mine does.

    As I recall, you recently moved there from the USA... Don't you
    think it would be rather normal for folks to ask why you wanted to
    do that? I think it's a perfectly natural thing to ask. <SHRUG>

    Oh, yeah, that aspect is totally normal -- I was trying to get at the aspect that they're asking it in a, "That makes no sense to me" context, especially since I'm not in a fancy international city like, oh, Munich or Berlin.

    But I didn't especially move away from the US (though that played a part); I wanted to live in a culture where the language was different, even if most of the people look like me. And this is also where the opportunity was. Moving
    to a random smaller city in Germany is significantly more interesting than moving to a random smaller city in the US.

    But who knows what I'll want to consider in a couple of years?

    --- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
    * Origin: Storm BBS (21:2/108)
  • From Adept@21:2/108 to Phoobar on Sun Oct 11 15:33:21 2020
    But I'm getting questions about why I'd choose to live in Germany, especially a random smaller city.

    I would love to live there as well. My only question is do you have a large enough trunk to let me ride in for the trip? ;)

    There was certainly enough room on my plane flight, though I was already a comical mess when checking my luggage in at the airport.

    Maybe I'll make a business trip to the US, and we can get you fitted for a suitcase. You're paying whatever overweight fee there is, though, as I assume you're over 23kg.

    --- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
    * Origin: Storm BBS (21:2/108)
  • From Charles Pierson@21:4/111 to Adept on Sun Oct 11 12:04:53 2020
    Thus spake Adept:


    Oh, yeah, that aspect is totally normal -- I was trying to get at the aspect
    that they're asking it in a, "That makes no sense to me" context, especially
    since I'm not in a fancy international city like, oh, Munich or Berlin.

    I loved the smaller cities when I was in Germany. Of course it was a different time. I was there when the Berlin Wall came down and reunification happened. And I was in the military, so a different situation. The only cities I ever went to were Stutgartt and Nuremburg. I was roughly half way between them. I much preferred the small towns to them, which probably is strange, considering I have lived in one of the largest cities in the US for most of my life.

    But I didn't especially move away from the US (though that played a part); I
    wanted to live in a culture where the language was different, even if most of
    the people look like me. And this is also where the opportunity was. Moving to a random smaller city in Germany is significantly more interesting than moving to a random smaller city in the US.

    I thought a lot about moving back there after I got out of the Army. I just never got the courage to do it. My sister, she got the opportunity years later to go first as an exchange student, then later as part of an internship, then again while getting her law degree. Apparently, she's braver than I am, her specialty is in international business law, and after time working in several countries, she's living and raising a family in Hamburg.

    My closest thought of moving lately was my wife and I briefly considering moving to my mom's hometown in Southeast Kansas. Unfortunately, my wife is a true southern girl, and does not do snow.


    So let it be written, So let it be done.
    --- AfterShock/Android 1.6.7
    * Origin: HOUSTON, TX (21:4/111)
  • From Adept@21:2/108 to Charles Pierson on Sun Oct 11 17:49:48 2020
    situation. The only cities I ever went to were Stutgartt and Nuremburg.
    I was roughly half way between them. I much preferred the small towns
    to them, which probably is strange, considering I have lived in one of
    the largest cities in the US for most of my life.

    That makes sense. I think I'd be fine living in a lot of different places, though some level of "city" seems required, just because it's hard to do particularly much if there aren't enough people around to support something.

    just never got the courage to do it. My sister, she got the opportunity years later to go first as an exchange student, then later as part of an internship, then again while getting her law degree. Apparently, she's braver than I am, her specialty is in international business law, and

    I do find the bravery aspect kind of interesting -- I don't consider myself particularly brave, and this time moving was less frightening - I'm scared of
    a variety of different things, but they're largely known unknowns (e.g., when will my German fail me? Can I get up enough energy/will power to find a place to live, or deal with the variety of things I need to deal with?) rather than something more amorphous, like, "Will Germany have the things I need in daily life?", "Will I be able to handle basic interactions?", "How will I get a job?", and so on.

    But evidently others find this behavior to be hard to conceive of. E.g., my parents, neither of whom has been out of the US (well, I forget on Mexico and Canada). But I've moved _so_ much at this point that picking up and going somewhere else feels like the norm, not the exception.

    But I also don't have kids (and am unlikely to acquire them), no longer have any pets, and don't have all that much stuff.

    after time working in several countries, she's living and raising a
    family in Hamburg.

    That seems pretty neat. And Hamburg is decently large. I keep thinking it's close to here, but it's not especially. But Germany isn't a huge country -- especially having lived in California, where I was entertained when someone asked me about Los Angeles and my response was, "I don't know -- I've never been there". 'cause things are not close, and visiting LA would've been like visiting Berlin for me, now.

    Mind you, I've been to Berlin, saw the wall that got taken down while you
    were there, got my piece, etc. And visiting LA would've been reasonable, but being unsettled job wise made the economics difficult at best.

    --- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
    * Origin: Storm BBS (21:2/108)
  • From Charles Pierson@21:4/111 to Adept on Sun Oct 11 13:45:15 2020
    Thus spake Adept:

    just never got the courage to do it. My sister, she got the opportunity
    years later to go first as an exchange student, then later as part of an
    internship, then again while getting her law degree. Apparently, she's
    braver than I am, her specialty is in international business law, and

    I do find the bravery aspect kind of interesting -- I don't consider myself particularly brave, and this time moving was less frightening - I'm scared of a variety of different things, but they're largely known unknowns (e.g., when will my German fail me? Can I get up enough energy/will power to find a
    place to live, or deal with the variety of things I need to deal with?) rather
    than something more amorphous, like, "Will Germany have the things I need in
    daily life?", "Will I be able to handle basic interactions?", "How will I get a
    job?", and so on.

    Perhaps courage or bravery isn't the right concept. Moving across the planet from my family doesn't worry me. Hell, I live across town from several of them and haven't seen them in years. The unknown bothers me a little, but I know enough people that either were former military or their families over there, that the idea wasn't too bad. Language could have been an issue, I understood the dialect pretty well then, but speaking was a separate issue. I tended to mix and match English, German and Spanish.

    after time working in several countries, she's living and raising a
    family in Hamburg.

    That seems pretty neat. And Hamburg is decently large. I keep thinking it's close to here, but it's not especially. But Germany isn't a huge country -- especially having lived in California, where I was entertained when someone asked me about Los Angeles and my response was, "I don't know -- I've never been there". 'cause things are not close, and visiting LA would've been like visiting Berlin for me, now.
    .
    I live in Texas, it's roughly the same size as the UK. I understand the concept.

    So let it be written, So let it be done.
    --- AfterShock/Android 1.6.7
    * Origin: HOUSTON, TX (21:4/111)
  • From Gamgee@21:2/138 to Adept on Sun Oct 11 13:38:00 2020
    Adept wrote to Gamgee <=-

    Please, drag me out of this rotting place.

    Nobody I know thinks that about our country (USA). I'd have to
    guess that holds true for nearly all US citizens.

    Huh. I know several people who are actively trying to figure out
    how to leave the US, a couple who already have, and a fair amount
    who'd consider it if it were an option.

    Okay, so "several"... My statement above still holds. Nearly all
    US citizens are not looking to leave the country.

    But clearly we have different bubbles, and yours evidently thinks
    more of the US than mine does.

    Apparently, yes. Absolutely, even.

    As I recall, you recently moved there from the USA... Don't you
    think it would be rather normal for folks to ask why you wanted to
    do that? I think it's a perfectly natural thing to ask. <SHRUG>

    Oh, yeah, that aspect is totally normal -- I was trying to get at
    the aspect that they're asking it in a, "That makes no sense to
    me" context, especially since I'm not in a fancy international
    city like, oh, Munich or Berlin.

    But I didn't especially move away from the US (though that played
    a part); I wanted to live in a culture where the language was
    different, even if most of the people look like me. And this is
    also where the opportunity was. Moving to a random smaller city
    in Germany is significantly more interesting than moving to a
    random smaller city in the US.

    But who knows what I'll want to consider in a couple of years?

    Yeah, who knows. Maybe you'll miss the USA by then.



    ... All the easy problems have been solved.
    === MultiMail/Linux v0.52
    --- SBBSecho 3.11-Linux
    * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)
  • From Adept@21:2/108 to Gamgee on Sun Oct 11 19:19:16 2020
    Okay, so "several"... My statement above still holds. Nearly all
    US citizens are not looking to leave the country.

    Meh. I agree as a technical aspect, but not in a hopes-and-dreams aspect.

    But I'll leave it at that, since it's borderline political and there's not exactly any reason for me to continue arguing it, especially when:

    But clearly we have different bubbles, and yours evidently thinks more of the US than mine does.
    Apparently, yes. Absolutely, even.

    ...is certainly true.

    Yeah, who knows. Maybe you'll miss the USA by then.

    Eh. I didn't after one year, the last time I came here. I'll always miss friends and loved ones, though, and more money is always tempting.

    But, maybe I'll use my (hopefully gained) permanent residency in Germany to finagle my way into Spain and see what Arelor is complaining about. And work
    on my Spanish skills.

    That sounds like an adventure, too.

    --- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
    * Origin: Storm BBS (21:2/108)
  • From Phoobar@21:2/147 to Adept on Sun Oct 11 14:54:13 2020
    Maybe I'll make a business trip to the US, and we can get you fitted for
    a suitcase. You're paying whatever overweight fee there is, though, as I assume you're over 23kg.

    I believe you may have forgotten at least 1 zero. ;D

    --- Mystic BBS v1.12 A47 2020/09/12 (Windows/32)
    * Origin: ACME BBS-0118 999 881 999 119 725 3 (21:2/147)
  • From Spectre@21:3/101 to Adept on Mon Oct 12 10:43:00 2020
    Please, drag me out of this rotting place.

    Nobody I know thinks that about our country (USA). I'd have to
    guess that holds true for nearly all US citizens.

    Huh. I know several people who are actively trying to figure out how to leave the US, a couple who already have, and a fair amount who'd
    consider it if it were an option.

    Probably just the "current" case of the grass is always greener. In my mind ìprobably one of the biggest drivers for immigration...

    Spec


    *** THE READER V4.50 [freeware]
    --- SuperBBS v1.17-3 (Eval)
    * Origin: Scrawled in haste at The Lower Planes (21:3/101)
  • From Spectre@21:3/101 to Phoobar on Mon Oct 12 11:12:00 2020
    Maybe I'll make a business trip to the US, and we can get you fitted for a suitcase. You're paying whatever overweight fee there is, though, as I assume you're over 23kg.

    I believe you may have forgotten at least 1 zero. ;D

    Ahhh you're one of those really lightweight little people... 0.23 Kg ;)

    Spec


    *** THE READER V4.50 [freeware]
    --- SuperBBS v1.17-3 (Eval)
    * Origin: Scrawled in haste at The Lower Planes (21:3/101)
  • From Spectre@21:3/101 to Adept on Mon Oct 12 10:56:00 2020
    - I'm scared of a variety of different things, but they're largely
    known unknowns (e.g., when will my German fail me? Can I get up
    enough energy/will power to find a place to live, or deal with the
    variety of things I need to deal with?) rather than something

    Those are the easy ones.... unless you're superfluent sprechen sie Deutsch, ìthen you'd have to expect it to fail at some stage. The question will be, ìwhat can I do to overcome it when it does. Most Germans seem to speak some ìlevel of english anyways... so you'd probably get by with a mash.. Actually ìyou're probably more likely to get caught out in some kind of dialect thing, ìI would expect.

    Spec :)


    *** THE READER V4.50 [freeware]
    --- SuperBBS v1.17-3 (Eval)
    * Origin: Scrawled in haste at The Lower Planes (21:3/101)
  • From Paradigms Shifting@21:1/101 to MeaTLoTioN on Tue Oct 13 22:18:25 2020
    Does a personal website fall under the same category if you capture the
    IP addresses of visitors, etc.

    I can't speak for the here and now, but back in the good ole' glory days of BBSing, there were similar concerns and I can describe how I recall them
    being addressed.

    Some BBSes, in their new user application, would have a general terms of use
    / privacy disclaimer -- and depending on what sort of BBS Software it was and how easy it was not mod or not, etc -- sometimes it was just a statement that ended with "and in using this BBS you agree to, blah, blah, etc" and with others, you had either a (y/n) sort of "Do you agree?" type prompt, other
    times it was a light bar that you had to arrow over to the [YES] option.

    Included in these sorts of disclaimers, were matters of privacy. Basically stating that your phone number might be known to the sysop by way of caller
    id. Of course ip addresses came later. That the Sysop can do things such as
    see your password, read your private e-mails, watch your login sessions, etc, etc basically making the point that your privacy is by no means guaranteed.

    These sorts of disclaimers were common back in the day. So I would imagine
    that if a Sysop really wanted to make sure all of their bases were covered, they could create a similar sort of disclaimer and have the user agree to it.

    -:Paradigms Shifting:-

    --- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)
  • From Phoobar@21:2/147 to Spectre on Tue Oct 13 02:07:07 2020
    though, as I assume you're over 23kg.
    I believe you may have forgotten at least 1 zero. ;D
    Ahhh you're one of those really lightweight little people... 0.23 Kg ;)

    Saw that...almost started crying from laughing so hard. Keep heading to the left & you'll be there. ;D

    --- Mystic BBS v1.12 A47 2020/09/12 (Windows/32)
    * Origin: ACME BBS-0118 999 881 999 119 725 3 (21:2/147)
  • From Adept@21:2/108 to Phoobar on Tue Oct 13 23:21:54 2020
    Maybe I'll make a business trip to the US, and we can get you fitted a suitcase. You're paying whatever overweight fee there is, though, a assume you're over 23kg.

    I believe you may have forgotten at least 1 zero. ;D

    Hmm. I would've thought that you'd be under 230kg (if not, no offense meant; that's just an outlier weight), so I'll stand by my answer as being astronomically accurate (that's where I learned that humans are roughly 1
    meter tall, because they're clearly not 10 meters).

    --- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
    * Origin: Storm BBS (21:2/108)
  • From Adept@21:2/108 to Spectre on Tue Oct 13 23:24:30 2020
    Probably just the "current" case of the grass is always greener. In my mind ìprobably one of the biggest drivers for immigration...

    Yeah. I'd assume that's a large part of it.

    But there's also an aspect that there's a variety of experiences that you cannot get without living someplace different, many more of those if it's a foreign country, and more still if it's a foreign language.

    Probably even more if no one spoke your language there, too, but I'm having a hard time imagining that one, as that has to be rough. I can only imagine
    with my occasional German-only interactions that I flub.

    --- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
    * Origin: Storm BBS (21:2/108)
  • From Adept@21:2/108 to Spectre on Tue Oct 13 23:40:04 2020
    Those are the easy ones.... unless you're superfluent sprechen sie Deutsch, ìthen you'd have to expect it to fail at some stage. The question will be, ìwhat can I do to overcome it when it does. Most
    Germans seem to speak some ìlevel of english anyways... so you'd
    probably get by with a mash.. Actually ìyou're probably more likely to
    get caught out in some kind of dialect thing, ìI would expect.

    I did say, "when" for my German failing me.

    And, yeah, normally I fumble through one way or another, or in the case of attempting to open a bank account, call back later.

    The government bits tend to be harder, since they won't speak English, even
    if they know it, for some odd reason. Most other places, yeah, generally someone will explain things in English, especially if I'm clearly lost.

    Though it's been odd, this time, as I was expecting more interactions where Germans just automatically switch to English after hearing me speak, and that hasn't happened, other than when I talk about my German being terrible, or
    ask if they speak English.

    And I don't know if it's more that my memory was incorrect, that it was different situations, or that my German is better. I don't particularly think the last one is true (at least toward the end of my time here, last time), so I'll assume it's a combination of the first two.

    And, hey, who knows how much masks are making a difference on that sort of thing? People can't understand me anyway, even before I began talking through
    a mask.

    --- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
    * Origin: Storm BBS (21:2/108)
  • From Adept@21:2/108 to Spectre on Tue Oct 13 23:58:22 2020
    I believe you may have forgotten at least 1 zero. ;D

    Ahhh you're one of those really lightweight little people... 0.23 Kg ;)

    I should've thought of that. I wonder how many holes they need in their box?

    --- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
    * Origin: Storm BBS (21:2/108)
  • From Charles Pierson@21:4/111 to Adept on Wed Oct 14 00:39:07 2020
    Thus spake Adept:

    Though it's been odd, this time, as I was expecting more interactions where Germans just automatically switch to English after hearing me speak, and that
    hasn't happened, other than when I talk about my German being terrible, or ask if they speak English.

    That's funny. I did generally have most people switch to English with me, likely so I would stop butchering their language. Although there was one elderly Gentleman I spent an interesting couple of hours with at a bar by the Bahnhoff waiting for a train, who was regaling me with a story that I could only assume was about WWII since he mentioned "Eisenhower" several times.

    And I don't know if it's more that my memory was incorrect, that it was different situations, or that my German is better. I don't particularly think
    the last one is true (at least toward the end of my time here, last time), so
    I'll assume it's a combination of the first two.

    I learned fairly quickly that even attempting to speak German would generally result in the conversation switching to English, or a mix of the two. But if there were the stereotype Americans around (How much is that in REAL MONEY) no such luck.

    So let it be written, So let it be done.
    --- AfterShock/Android 1.6.7
    * Origin: HOUSTON, TX (21:4/111)
  • From Arelor@21:2/138 to Charles Pierson on Wed Oct 14 07:01:47 2020
    Re: Re: GDPR and BBSes
    By: Charles Pierson to Adept on Tue Oct 13 2020 08:39 pm

    I learned fairly quickly that even attempting to speak German would general result in the conversation switching to English, or a mix of the two. But i there were the stereotype Americans around (How much is that in REAL MONEY) such luck.

    It is funny, my mother speaks close to perfect German and no English whatsoever, and when she is to Germany, every German tries to switch to ENglish with her.

    --
    gopher://gopher.operationalsecurity.es
    --- SBBSecho 3.11-Linux
    * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)
  • From Charles Pierson@21:4/111 to Arelor on Wed Oct 14 10:51:24 2020
    Thus spake Arelor:

    It is funny, my mother speaks close to perfect German and no English whatsoever, and when she is to Germany, every German tries to switch to ENglish
    with her.

    I think my funniest personal experience was when I got back to Germany after my units deployment in Desert Storm. I'm in the army, obvious military hair cut. I was sitting in the outdoor area of a cafe enjoying the quiet and a beer or three. An older American couple came and sat at a nearby table, the Husband loudly telling his wife about his time near there back during and after WWII. no attempt at all to speak German, so the waitress was ignoring them. So they turn to me and ask if I speak English.
    So let it be written, So let it be done.
    --- AfterShock/Android 1.6.7
    * Origin: HOUSTON, TX (21:4/111)
  • From Adept@21:2/108 to Charles Pierson on Wed Oct 14 23:12:21 2020
    That's funny. I did generally have most people switch to English with
    me, likely so I would stop butchering their language. Although there was

    To be fair, most of the interactions I'm talking about are very short ones. Longer interactions will get switched to English, but really only because I'm struggling to say something or understand something, and I guess I'm not counting those.

    But I haven't had a lot of those interactions outside of work, and people who talk to me are largely aware of my German ability already.

    But it was still kinda fun (if difficult) to attempt to talk to a woman who clearly wasn't the "in" group person while others around would help me when I stumbled on a word or turn of phrase.

    --- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
    * Origin: Storm BBS (21:2/108)
  • From alterego@21:2/116 to Charles Pierson on Thu Oct 15 11:08:45 2020
    Re: Re: GDPR and BBSes
    By: Charles Pierson to Arelor on Wed Oct 14 2020 06:51 am

    I think my funniest personal experience was when I got back to Germany after my units deployment in Desert Storm. I'm in the army, obvious military hair cut. I was sitting in the outdoor area of a cafe enjoying the quiet and a beer or three. An
    older American couple came and sat at a nearby table, the Husband loudly telling his wife about his time near there back during and after WWII. no attempt at all to speak German, so the waitress was ignoring them. So they turn to me and ask if I
    speak English. So let it be written, So let it be done.

    This reminds me of when I was in France in the 90s, working as a waiter in a restaruant.

    It was a quiet day, and an english couple came in, sat down, picked up the menu and struggled to read it. Obviously they conversed in English with each other, helping each other figure out what was on the menu.

    After greeeting them, I came over to take the order, they gave me their order in very bad French, and I responded by asking for specifics (like how would you like your meat cooked, with vegetables or salid, etc) all in French. I could see they were struggling and just agreeing because they had no idea. (I must admit, I was probably making it a little harder, but I was having fun - and my accent wouldnt have helped.)

    Just as I completed taking their order, another English couple came in and sat nearby. I literally just turn around 180 and handed them the menu, greeted them, and said I would be with them in a minute - all in French. To which they asked "Parlez vous anglais"?

    I replied - "Yeah, I do, I'm an Aussie...", and then I spun around to the first english couple and said, "Sorry, I was having some fun, now do you really want your Steak with Ice Cream?".

    We all had a bit of a laugh ...

    ...δεσ∩

    ... I profoundly believe it takes a lot of practice to become a moral slob.
    --- SBBSecho 3.11-Linux
    * Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)
  • From Spectre@21:3/101 to Adept on Wed Oct 14 17:25:00 2020
    I did say, "when" for my German failing me.

    and I answered it will... which amounts to the same thing, in that I'm ìexpecting it to fail, just not sure when. So expecting it to fail you can ìthink about what else you can do when it does in advance :)

    Spec


    *** THE READER V4.50 [freeware]
    --- SuperBBS v1.17-3 (Eval)
    * Origin: Scrawled in haste at The Lower Planes (21:3/101)
  • From Spectre@21:3/101 to Adept on Wed Oct 14 17:26:00 2020
    I should've thought of that. I wonder how many holes they need in their box?

    Two of course... one for each end... ;)

    Spec


    *** THE READER V4.50 [freeware]
    --- SuperBBS v1.17-3 (Eval)
    * Origin: Scrawled in haste at The Lower Planes (21:3/101)
  • From Adept@21:2/108 to Spectre on Mon Oct 19 21:18:52 2020
    and I answered it will... which amounts to the same thing, in that I'm ìexpecting it to fail, just not sure when. So expecting it to fail you
    can ìthink about what else you can do when it does in advance :)

    Yeah. And I do have a few different coping mechanisms.

    E.g., if it seems super important, I'll ask if they speak English, or talk about how bad my German is.

    But less important things (like going shopping, like I did today) where it
    goes poorly in some way, I tend to keep listening, and trying to get
    additional clues from what words I did catch.

    In today's case, they said something to me, and I had no idea what they said, but guessed that they wanted me to unload more. Then eventually figured out that they wanted me to put the entire basket on the counter. And later
    realized that they said "ganz" something, and "ganz" means "complete" or something along that line.

    --- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
    * Origin: Storm BBS (21:2/108)
  • From Spectre@21:3/101 to Adept on Tue Oct 20 12:32:00 2020
    figured out that they wanted me to put the entire basket on the
    counter. And later realized that they said "ganz" something,
    and "ganz" means "complete" or something along that line.

    Hmm ich habe sehen ganz nur "ganz gut". Aber es ist ähnlich alles.

    Spec


    *** THE READER V4.50 [freeware]
    --- SuperBBS v1.17-3 (Eval)
    * Origin: Scrawled in haste at The Lower Planes (21:3/101)
  • From Adept@21:2/108 to Spectre on Wed Oct 21 01:20:04 2020
    Hmm ich habe sehen ganz nur "ganz gut". Aber es ist ähnlich alles.

    Vieleicht sie hat "der ganze Korb" gesagt? Ich weiss nicht.

    --- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
    * Origin: Storm BBS (21:2/108)
  • From Joacim Melin@21:2/130 to alterego on Sat Oct 24 16:39:04 2020
    Re: Re: GDPR and BBSes
    By: Joacim Melin to Ogg on Fri Oct 09 2020 12:04 pm

    It can be argued that a BBS can be view upon as a private club and as suc
    h a BBS is exempt from GDPR since you are allowed to store
    any of the information listed above without consent from the user/member.


    Wow really? Private clubs can get and keep that info that way? Can
    they use it for marketing purposes etc?

    My understanding is that yes: they can. Because you joined a private club out of your own free will you also have to agree to whatever rules or TOS they operate by. Should you leave said club they have to delete your information in a timely manner and also upon request show all, if any, records they have containing information about you.

    It's the same deal when you purchase something from a online retailer and then they send you spam, sorry offers, via email - they are in their full right to do so since you agreed to it when buying things from them. You can of course demand that they stop doing that and some will, but far from all. One of the big points with GDPR was to stop unsolicited spam, sorry offers and "marketing material" being sent to you, based on information harvested elsewhere.


    --- NiKom v2.5.0
    * Origin: Delta City (deltacity.se, Vallentuna, Sweden) (21:2/130.0)
  • From Oli@21:3/102 to Joacim Melin on Sat Oct 24 22:40:47 2020
    Joacim wrote (2020-10-24):

    Wow really? Private clubs can get and keep that info that way? Can
    they use it for marketing purposes etc?

    My understanding is that yes: they can. Because you joined a private club out of your own free will you also have to agree to whatever rules or TOS they operate by. Should you leave said club they have to delete your information in a timely manner and also upon request show all, if any, records they have containing information about you.

    Fidonet or a BBS is neither a private club nor is there an exception for private clubs in the GDPR (AFAIK). "GDPR does not apply to the processing of personal data by a natural person in the exercise of a purely personal or household activity".

    See: https://www.fff-legal.com/the-household-exemption-in-gdpr/

    ---
    * Origin: (21:3/102)
  • From Joacim Melin@21:2/130 to Oli on Sun Oct 25 14:49:26 2020
    Joacim wrote (2020-10-24):

    Wow really? Private clubs can get and keep that info that way? Can
    they use it for marketing purposes etc?

    My understanding is that yes: they can. Because you joined a private club

    out of your own free will you also have to agree to whatever rules or TOS

    they operate by. Should you leave said club they have to delete your
    information in a timely manner and also upon request show all, if any,
    records they have containing information about you.

    Fidonet or a BBS is neither a private club nor is there an exception
    for private clubs in the GDPR (AFAIK). "GDPR does not apply to the processing of personal data by a natural person in the exercise of a
    purely personal or household activity".

    See: https://www.fff-legal.com/the-household-exemption-in-gdpr/

    That's where each country may draw their own conclusions (as someone rightly pointed out earlier). Here in Sweden there is such a clause for private clubs and as a SysOP I can choose who I let into my BBS and who I don't so I would view a BBS as a private club. Fidonet or FSXNet is another matter.


    --- NiKom v2.5.0
    * Origin: Delta City (deltacity.se, Vallentuna, Sweden) (21:2/130.0)
  • From Oli@21:3/102 to Joacim Melin on Sun Oct 25 18:05:20 2020
    Joacim wrote (2020-10-25):

    That's where each country may draw their own conclusions (as someone rightly pointed out earlier). Here in Sweden there is such a clause for private clubs and as a SysOP I can choose who I let into my BBS and who I don't so I would view a BBS as a private club. Fidonet or FSXNet is another matter.

    of course you can operate a BBS without Fidonet and FSXnet access ;)

    ---
    * Origin: (21:3/102)