-
Polarian
> hardware upgrades include a proper UPS you were running a server without UPS? ↺
-
praskovia
Polarian: what is wrong with that(?
-
Polarian
> Polarian: what is wrong with that(? If you are running a server, a UPS is a requirement ↺
-
Menel
Don't tell the server police please. But I don't
-
Polarian
you wouldn't be GDPR compliant without it as data could easily be lost with a power outage
-
Polarian
> Don't tell the server police please. But I don't wait what? ↺
-
Menel
GDPR is like a magic word, justify everything, 🙂
-
Menel
Jep ups free Since 15 yesrs, and still living
-
Polarian
> GDPR is like a magic word, justify everything, 🙂 nah its that person who keeps following you and you can't escape, constantly trying to get you when you trip 😮💨 ↺
-
Menel
I doubt the GDPR says anything about UPS. It's really not that bad. People are a bit too afraid of it. Some profit from it sounding like it would be impossible to comply
-
Polarian
> I doubt the GDPR says anything about UPS. It's really not that bad. People are a bit too afraid of it. > Some profit from it sounding like it would be impossible to comply if you lose data you have broken GDPR ↺
-
Polarian
if a server loses power suddenly data will be lost as the kernel hasn't synced the data to disk
-
Polarian
this also causes corruption
-
Menel
Well. People and companies loose data all the time. And no, I'm not required to do magic to have everything
-
Menel
And also I have a modern file system not corrupting on a bit power loss
-
Menel
GDPR myths
-
worlio.com
» [16:13:33] <Polarian> you wouldn't be GDPR compliant without it as data could easily be lost with a power outage Imagine operating in Europe. I couldn't.
-
worlio.com
USA! USA! USA!
-
Polarian
> And also I have a modern file system not corrupting on a bit power loss what? ↺
-
Polarian
you can't slap a software layer on hardware and say "I'm now immune to data loss"
-
Menel
worlio.com: these are myths... It's just nothing that exists in reality and nobody requires that
-
Polarian
>> [16:13:33] <Polarian> you wouldn't be GDPR compliant without it as data could easily be lost with a power outage > Imagine operating in Europe. I couldn't. I can. ↺
-
worlio.com
» [16:29:04] <Menel> And also I have a modern file system not corrupting on a bit power loss Most modern file systems don't corrupt on power loss. I don't know why lacking a UPS is suddenly grounds for power loss.
-
Menel
As I said. People just say GDPR and people just believe it
-
Polarian
>> [16:29:04] <Menel> And also I have a modern file system not corrupting on a bit power loss > Most modern file systems don't corrupt on power loss. I don't know why lacking a UPS is suddenly grounds for power loss. what will provide power if you lose power,? ↺
-
Polarian
> As I said. People just say GDPR and people just believe it untrue ↺
-
Polarian
the legislation is evil when it comes to the implications
-
Polarian
the same reason I won't run a public xmpp server
-
worlio.com
» [16:31:09] <Polarian> >> [16:29:04] <Menel> And also I have a modern file system not corrupting on a bit power loss » > Most modern file systems don't corrupt on power loss. I don't know why lacking a UPS is suddenly grounds for power loss. » what will provide power if you lose power,? Nothing. You turn it back on when you get power and everything is fine.
-
Menel
Well show me the Court rulings on these cases. Otherwise I don't believe anything
-
Polarian
>> [16:31:09] <Polarian> >> [16:29:04] <Menel> And also I have a modern file system not corrupting on a bit power loss >> what will provide power if you lose power,? > Nothing. You turn it back on when you get power and everything is fine. say you have data in memory, if ac is lost before or during this being written to disk, ITS GONE! ↺
-
Polarian
> Well show me the Court rulings on these cases. Otherwise I don't believe anything you want to roll the dice? ↺
-
praskovia
Why would data loss matter in the context of gdpr?
-
worlio.com
And? What is bad about that? Perhaps an issue for stability or reliability to the user, but nothing to do with GDPR.
-
Menel
I do, zi think you're too afraid there✎ -
Menel
I do, I think you're too afraid there ✏
-
Polarian
> Why would data loss matter in the context of gdpr? there is a clause on data integrity... data must not be lost of damaged while being stored... ↺
-
worlio.com
Host in the USA. GDPR is a european regulation.
-
praskovia
Also most people here run their servers without any SLA to their users so who cares if a UPS is used or not
-
worlio.com
There you go, no need to be crazy about "data integrity".
-
Polarian
> Host in the USA. GDPR is a european regulation. I wouldn't put my data in America if you paid me to ↺
-
worlio.com
Why not?
-
Polarian
> Also most people here run their servers without any SLA to their users so who cares if a UPS is used or not its not about SLA ↺
-
Polarian
its about data integrity
-
Polarian
when a user asks for a copy of their data you can't say "oops we lost it"
-
worlio.com
You see, America isn't insane like that.
-
worlio.com
It's insane in other ways that are manageable.
-
Menel
Europe isn't either. This is a misunderstanding on the law on Polarians side. But whatever. I'm to sleep
-
worlio.com
I generally find it hard to believe that lost data is against the GDPR. If you don't have the data and it no longer exists, what is the problem?
-
worlio.com
» [16:35:28] <Menel> This is a misunderstanding on the law on Polarians side. Which is often the case.
-
Polarian
> Europe isn't either. This is a misunderstanding on the law on Polarians side. But whatever. I'm to sleep Misunderstanding? ↺
-
worlio.com
Lets drop this as it's off topic.
-
Polarian
https://www.gov.uk/data-protection
-
unix.dog
Ch2, Article 5, 1f: Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’). Question for a lawyer as to how much is “appropriate technical or organizational measures.” Is a UPS the minimum or is just having a redundant filesystem enough?
-
Polarian
> handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage
-
Polarian
ah unix.dog was faster
-
worlio.com
I imagine defining "unathorised or unlawful" would mean under intention, not from accident.
-
unix.dog
did you read the part where it says “against accidental loss, destruction, or damage"
-
worlio.com
Are you really gonna get beat by the GDPR if say your entire datacenter gets burned to the ground?
-
worlio.com
unix.dog: No because I really don't care to because I'm American.
-
unix.dog
> Are you really gonna get beat by the GDPR if say your entire datacenter gets burned to the ground? but yeah, it’s my personal opinion that it is not that deep and if someone wants to go after you they will go after you anyway
-
Polarian
> Are you really gonna get beat by the GDPR if say your entire datacenter gets burned to the ground? YES ↺
-
Polarian
they would
-
worlio.com
Polarian: Then that proves hosting a server in America is like several times better than in Europe.
-
worlio.com
And that I will never host anything in Europe.
-
worlio.com
There are way too many insane regulations in Europe that make the task harder than it should be.
-
Polarian
let's not compare countries here...
-
Polarian
its meant to be productive not "haha shit law*
-
worlio.com
You're the one being off topic./✎ -
worlio.com
You're the one being off topic. ✏
-
worlio.com
I was productive. Anyone with atleast an inkling of sanity shouldn't be hosting in Europe.
-
worlio.com
Will make your life a trillion times easier.
-
Kris
if you can't or don't want to fulfil these very minimal standards, you should not be hosting a public service. and if you are not hosting a public service, then the GDPR doesn't apply.
-
worlio.com
European data regulation and Internet standards are far from minimal. GDPR is only a fraction of the problems, and I'm only just now hearing about how ridiculous it is. I can freely delete user data older than a day without any issues and without any legal requirement to share that deleted user data with the user. If you even so dare suffer server troubles in Europe, it seems it won't be the only trouble you'll face.
-
Kris
well, good to know which server to warn people against 🤷♂️️
-
Polarian
> if you can't or don't want to fulfil these very minimal standards, you should not be hosting a public service. and if you are not hosting a public service, then the GDPR doesn't apply. +1 ↺
-
Polarian
> European data regulation and Internet standards are far from minimal. GDPR is only a fraction of the problems, and I'm only just now hearing about how ridiculous it is. I can freely delete user data older than a day without any issues and without any legal requirement to share that deleted user data with the user. If you even so dare suffer server troubles in Europe, it seems it won't be the only trouble you'll face. I am not for legislation to force, but what you just said makes me worried if worlio.com was a public server... you NEVER even joke about abusing your power as a provider... NEVER... ↺
-
worlio.com
It is a public server.
-
worlio.com
Never once have I joked about abusing powers. I don't know what you're on about.
-
Polarian
> I can freely delete user data older than a day without any issues and without any legal requirement to share that deleted user data with the user. If you even so dare suffer server troubles in Europe, it seems it won't be the only trouble you'll face.
-
worlio.com
Where is the joke and abuse of power?
-
Polarian
you are entrusted with a responsibility which obviously you aren't capable
-
worlio.com
I am perfectly capable.
-
Polarian
> Where is the joke and abuse of power? so you weren't joking? you would just delete data without informing the user? ↺
-
Polarian
Thats even more concerning
-
worlio.com
All logs on my server are deleted after 7 days. I imagine GDPR would not have such a small limit.
-
Polarian
> All logs on my server are deleted after 7 days. I imagine GDPR would not have such a small limit. GDPR doesn't prevent or force deletion of logs ↺
-
worlio.com
It does contain user data, does it not?
-
Polarian
only that they are kept secure
-
Polarian
> It does contain user data, does it not? there's get outs with it ↺
-
worlio.com
That was an example. The fact you cannot tell the different is a further demonstration of your character.
-
Polarian
its useful information used against potential security threats...
-
Polarian
thus you can justify storing it
-
praskovia
Why store it unless you're actually going to analyze it?
-
worlio.com
^^^
-
praskovia
You should just purge it after a week
-
praskovia
Even purge mam after a reasonable period
-
praskovia
And http uploads
-
praskovia
You're not their file storage clpud
-
Polarian
they are all good consideration✎ -
Polarian
they are all good considerations ✏
-
Polarian
but the issue has been lost
-
worlio.com
My server also purged MAM and Http Uploads after a week too. Is that a violation of the GDPR?
-
Polarian
data legally needs to be kept without damage or destruction unless requested
-
praskovia
Bs
-
Polarian
> My server also purged MAM and Http Uploads after a week too. Is that a violation of the GDPR? no because the user acknowledges this ↺
-
worlio.com
GDPR further proves Europe has no care for the privacy and security of its online users.
-
Polarian
> GDPR further proves Europe has no care for the privacy and security of its online users. instead of making this into an argument of nationalism and patriotism, let's keep it on point ↺
-
worlio.com
It is on point.
-
Polarian
the point was... data must be kept with integrity by law by UK/EU GDPR
-
worlio.com
Yes, and my point is that it is ridiculous.
-
Polarian
disproving Menel's comment on it
-
Polarian
> Yes, and my point is that it is ridiculous. well keep your point to yourself ↺
-
worlio.com
Okay, then keep yours too.
-
Polarian
no because mine is productive to the conversation and to other providers who must ensure these laws
-
Polarian
your point of "fuck Europe" is NOT helpful
-
worlio.com
It is.
-
praskovia
You don't even need full logs, just let your siem parse out special events
-
worlio.com
Clearly the GDPR is against the privacy and security of users, requiring data retention.
-
Polarian
worlio.com: please take your political views elsewhere
-
worlio.com
This isn't political.
-
worlio.com
Otherwise, you may also take your political views elsewhere and we can cease this off topic conversation continued on by the man who often complains about off topic conversations.
-
Kris
the GDPR doesn't require data retention, it requires data to be sufficiently protected against accidential loss etc.
-
worlio.com
And if data is lost, why is that a problem?
-
Kris
because the data isn't yours, it belongs to the users
-
worlio.com
That is ridiculous.
-
Kris
no it is not. But for example if you write in your terms of service that the data is automatically deleted after 7 days, that is perfectly fine with the GDPR
-
worlio.com
This is not how it works in the US and for many reasons I can think of✎ -
worlio.com
This is not how it works in the US and for many reasons I can think of. ✏
-
praskovia
worlio.com: USA has requirements that some data be kept for 7 years
-
Kris
yes, because the US regulation is significantly worse for user privacy
-
worlio.com
praskovia: Source?
-
worlio.com
Kris: I'd also love to see your reasonsing for this.
-
Kris
privacy advocates in the US are litterally asking for a GDPR like law
-
worlio.com
And to clarify, I'm meaning as a operator hosting a public server.
-
worlio.com
I don't care what privacy advocates want in the US. I'm asking for what exists right now.
-
Kris
sorry, I don't know what else to tell you, but you seem highly mis-informed about the GDPR.
-
worlio.com
If I am highly misinformed about the GDPR, you have failed to inform me of anything.
-
worlio.com
I did not care an ounce about the GDPR until it was mentioned and talked about here. All I know about the GDPR is what the people for it here have said about it.
-
Polarian
worlio.com: it seems your server is like a 14 year old school project, which is concerning
-
Polarian
if you haven't got the capabilities to secure user data, you shouldn't be entrusted with it
-
ukko
no need for personal attacks
-
worlio.com
I have the capabilities but it should not be my complete responsibility to do so.
-
Polarian
> no need for personal attacks apologies ↺
-
ukko
I mean are you out here with HA servers on redundant drives with dual sas cables & backplanes and redundant power supplies and redundant uplinks?
-
worlio.com
You shouldn't be entrusting services with your own user data if you do not feel they are adequate.
-
Polarian
> I mean are you out here with HA servers on redundant drives with dual sas cables & backplanes and redundant power supplies and redundant uplinks? no... but I'm not a public provider... but I do have a UPS, and I do have integrity in mind... ↺
-
ukko
a UPS is not necessary, some areas have very very reliable power
-
worlio.com
» [17:45:05] <Kris> yes, because the US regulation is significantly worse for user privacy I've been informed of something coming up in the EU legislation called Chat Control that completely contradicts this statement. I've only read a small portion so far and it is absolutely insane. You cannot claim the US is significantly worse for user privacy when you have this being pushed.
-
Polarian
> a UPS is not necessary, some areas have very very reliable power oh right... I put my laptop into a very secure bag, I don't need full disk encryption ↺
-
Polarian
>> [17:45:05] <Kris> yes, because the US regulation is significantly worse for user privacy > I've been informed of something coming up in the EU legislation called Chat Control that completely contradicts this statement. I've only read a small portion so far and it is absolutely insane. You cannot claim the US is significantly worse for user privacy when you have this being pushed. US have similar ideas ↺
-
Kris
chat control is entirely unrelated from the GDPR or even running a server, as it is solely client side. And it is anyways not law yet and might never be.✎ -
worlio.com
Polarian: No they don't.
-
Polarian
this is way too political
-
Kris
chat control is entirely unrelated to the GDPR or even running a server, as it is solely client side. And it is anyways not law yet and might never be. ✏
-
Polarian
I'm done, solution don't use worlio.com
-
Polarian
wake up one morning to your account deleted
-
worlio.com
You aren't even aware of my ToS and Privacy Policy.
-
Polarian
> You aren't even aware of my ToS and Privacy Policy. according to you it doesn't matter... if you delete data that's ok ↺
-
worlio.com
Polarian: Are you just going to over-exaggerate and insult my services because I operate them better than you ever could?
-
worlio.com
Because I don't delete real users on a whim, and I don't protect user data because my laws require me to, and I don't keep logs for a long time because I have to.
-
Polarian
> Polarian: Are you just going to over-exaggerate and insult my services because I operate them better than you ever could? Whether you can run it or not is not up for debate, your attitude for user data is concerning, I would rather use any big company than trust you with my data... ↺
-
worlio.com
I do it because I actually give a damn about my users, their security, and their privacy.
-
Polarian
at least they don't brag about how they can delete data with the click of their fingers
-
worlio.com
I never bragged.
-
worlio.com
Infact, I don't do it with a click of a button.
-
worlio.com
You know what I do? A big investigation on if that user has broken ToS and depending on the severity, they'll be notified.
-
worlio.com
I'm not going to email every spammer using a temporary email addresses "because it is the right thing to do".✎ -
worlio.com
I'm not going to email every spammer using temporary email addresses "because it is the right thing to do". ✏
-
Polarian
imma reiterate the point that has been lost... GDPR DOES require data integrity by law... and thus if you are in the EU or UK and handling other peoples data, redundant storage, backups and UPS is *MANDATORY*
-
worlio.com
And requiring that at all is ridiculous.
-
Kris
it is not mandatory in these specific technical systems, but yes those are good suggestions to be in complicance with the required data-integrity.
-
worlio.com
And you continue to state the US is worse for user privacy.
-
Kris
because it is
-
worlio.com
It isn't,.✎ -
worlio.com
It isn't. ✏
-
Kris
you seem to misunderstand what data-integrity means
-
Polarian
The point is being lost, this isn't about privacy this is about complying with data integrity laws, which is covered within the GDPR in both the EU and UK
-
worlio.com
And being forced to keep your users data is ridiculous.✎ -
worlio.com
And being forced to keep your users' data is ridiculous. ✏
-
Kris
you are not forced to keep user data
-
worlio.com
You've told me a million ways you are with GDPR.
-
Kris
you are required to keep data that belongs to other people sufficiently safe from accidential loss
-
Polarian
> You've told me a million ways you are with GDPR. No, you are forced to keep their data safe, both security wise, and ensuring it does not get damaged or destroyed ↺
-
worlio.com
» [18:18:33] <Kris> you are required to keep data that belongs to other people sufficiently safe from accidential loss Data that is stored on a server should not belong directly to the user, it should be stored with permission by the server without warranty.
-
Polarian
It should only be destroyed when requested by the end user, or in accordance with your privacy policy
-
Polarian
data should never be deleted without warning
-
Polarian
> » [18:18:33] <Kris> you are required to keep data that belongs to other people sufficiently safe from accidential loss > Data that is stored on a server should not belong directly to the user, it should be stored with permission by the server without warranty. at this point you are just trolling... ↺
-
Kris
you can't own personal data of other people.
-
Kris
it's a legal impossibility
-
worlio.com
So are we suddenly talking about "personal data"?
-
Polarian
XMPP is personal data
-
worlio.com
Because personal data is a whole 'nother story.
-
Polarian
No..
-
Polarian
Everything you process as a chat provider on XMPP is personal
-
Polarian
*everything*
-
worlio.com
» [18:19:19] <Polarian> at this point you are just trolling... I could've easily said the same about you but I'm giving you the benefit of the doubt.
-
worlio.com
» [18:20:02] <Polarian> Everything you process as a chat provider on XMPP is personal This could be argued.
-
Polarian
how can it be argued
-
worlio.com
» [18:08:13] <Kris> chat control is entirely unrelated to the GDPR or even running a server, as it is solely client side. And it is anyways not law yet and might never be. I'm late to this but Chat Control says otherwise, mentioning several times the requirement for "services" to search contents of personal information.
-
Polarian
you are storing messages between users conversations, who they talk to... how is that *not* personal?
-
worlio.com
» [18:23:00] <Polarian> how can it be argued I'm taking in a public room right now. Is this chat personal?
-
Polarian
it can personally identify them
-
Polarian
it can incriminate them
-
Kris
> » [18:08:13] <Kris> chat control is entirely unrelated to the GDPR or even running a server, as it is solely client side. And it is anyways not law yet and might never be. > I'm late to this but Chat Control says otherwise, mentioning several times the requirement for "services" to search contents of personal information. this refers to service providers that provide clients to users. it has absolutely nothing to do with servers ↺
-
worlio.com
And you think that is a good thing to keep that data for the user?
-
worlio.com
» [18:23:54] <Kris> > » [18:08:13] <Kris> chat control is entirely unrelated to the GDPR or even running a server, as it is solely client side. And it is anyways not law yet and might never be. » > I'm late to this but Chat Control says otherwise, mentioning several times the requirement for "services" to search contents of personal information. » this refers to service providers that provide clients to users. it has absolutely nothing to do with servers "Services that are likely to be used for illegal material or for child grooming are obliged to search the content of personal communication and stored data (chat control) without suspicion and indiscriminately"
-
Polarian
> » [18:23:00] <Polarian> how can it be argued > I'm taking in a public room right now. Is this chat personal? By joining the room you agree that the information is public, you give permission for it to be shared... (no different to clicking "I agree for my data to be shared with third parties" box on websites) ↺
-
Polarian
> And you think that is a good thing to keep that data for the user? Yes... ↺
-
Polarian
to some extent
-
worlio.com
Not for the user, but to be REQUIRED BY LAW to keep it?
-
Polarian
You can't take a binary point of view, its not all data or no data... the sweet spot is in the middle, enough data that the end user gets a good experience, not too much data where their privacy is completely violated
-
worlio.com
Polarian, are you european?
-
Polarian
Yes.
-
worlio.com
Then I don't care to discuss this with you further since you seem completely blinded by your own laws and regulations that fully intend to make life difficult for those hosting their own instances, and to completely violate your user privacy and security.
-
Kris
sorry, but you are just highly misinformed. the exact opposite is true
-
worlio.com
I will repeat that don't run my server secure, for user privacy, and reliable because the law requires me to, but because I care.
-
Kris
so why do you complain about a law that just asks others to do the same as you are apparently doing anyways?
-
worlio.com
Because being required to do it by law means the law intends to use it as a way to violate user privacy.
-
Kris
it doesn't
-
Polarian
> Then I don't care to discuss this with you further since you seem completely blinded by your own laws and regulations that fully intend to make life difficult for those hosting their own instances, and to completely violate your user privacy and security. One, I am from UK... thus your complaints about the EU are invalid towards me, secondly, I do not agree with GDPR... so how would I be blinded by it? ↺
-
Polarian
I abide by the laws I live under...
-
Polarian
Thats the way of life...
-
worlio.com
Your laws suck.
-
worlio.com
Simple as.
-
Polarian
Good to know, and how does this help anything?
-
Polarian
it doesn't...
-
worlio.com
Have a good day. I actually have a server to run and I'm not being forced at baton-point.
-
Kris
the GDPR is litterally a law that protects user-privacy from unscrupulous service providers
-
Polarian
> the GDPR is litterally a law that protects user-privacy from unscrupulous service providers I find it too restrictive but its my personal point of view, I am not arguing for or against GDPR, I was pointing out data integrity was important ↺
-
worlio.com
Kris: I no longer care about the GDPR since we clearly cannot agree on it.
-
Polarian
worlio.com would stand up in court and argue "This law is stupid" as they get fined millions for losing data
-
Kris
because you are misinformed about it
-
worlio.com
No, you're misinformed on it.
-
Polarian
So I am genuinely glad you are in US, I wish you luck with your server and I hope you are abiding by US regulations
-
Kris
no you 🙄️
-
Polarian
if not... I wish you luck in court
-
worlio.com
I'm surprised you're defending the EU regulations and "user privacy" when they want servers to scan users personal information. Very user privacy.
-
Kris
they don't
-
worlio.com
Please actually read up on Chat Control rather than lying. The fact that I, an American, am actually reading this and know more than you is absolutely disappointing.
-
Polarian
> they don't well they do... but their point is invalid ↺
-
Kris
and if you mean chat-control, that is about client side scanning and not anywhere close to law yet
-
Polarian
> Please actually read up on Chat Control rather than lying. The fact that I, an American, am actually reading this and know more than you is absolutely disappointing. You are using chat control to invalidate a genuinely point... ↺
-
worlio.com
Kris: It's being pushed to law and it is not client-side.
-
worlio.com
The legislation clearly states this.
-
Kris
sorry, but you are misinformed
-
worlio.com
I'm literally reading the legislation. Is the european government the one misinforming me?
-
worlio.com
Is that the only rebuttle you can muster up because you don't actually know?
-
Polarian
worlio.com, that doesn't matter... how does this change the point of data integrity for server providers within the UK/EU is *mandatory*
-
Kris
apparently you are not able to understand legal texts then
-
worlio.com
Kris: Okay, you are definitely a troll. Polarian is just a confused individual.
-
worlio.com
I'll leave you both to it. Have a good day.
-
Polarian
I must have misread, I thought I was in XMPP service operators, not worlio's moan about EU regulations
-
Polarian
apologies, could someone redirect me to the correct room?