XSF Discussion - 2018-05-17

jonasw, for you! https://shop.spreadshirt.com/imfreedom/

That's super cool

so vintage tech t-shirts <3

For more motivation

Link Mauve, I’ll take the ruffle shirt, thanks

Wow is their logo mostly commas now?

hah

and a flying rat as mascott

Hey board, I am sorry, I am in a long meeting, I won't be able to join our weekly

nyco, noted, thanks

o/

Martin's not here, I think?

ralphm?

I guess it's just you and me, MattJ

MattJ, is there anything you want to discuss, our shall we skip this week?

Is there anyone else that was waiting for a board meeting to bring something up?

Here

(sorry, was distracted a moment)

I'm fine with skipping

okay - until the next time, then.

adieu

What is everyone else’s GDPR plan?

Hide

After burying all the data in the back yard

I can't believe this thing got accepted

haha

Step 1: Don't be a company. Step 2: ??? Step 3: PROFI.. wait no

I’ve decide to just just block the EU

Thanks for encouraging our internal market.

The need for a data protection officer who is basically a lawyer killed it for me

what if they use proxy and then sue you for storing their data?

Nah you can still get the source and compile it

im just not distributing it directly myself in the app store

This really shouldn't be an issue for client authors. Except mobile push cloud notifications...

Yup push

and crash logging

But regardless the burden is on you to prove you are compliant to regulators

thus the DPO

it's the first time I'm happy I don't live in the EU

i spend a lot of time in europe

Well I don't think there's a requirement to have a DPO for a push service.

I believe there is, yes. You are processing data and the token can be combined with other info to uniquely identify a user so it is PII

also you need to set up a register and document data processing and retention policies etc

mrdoctorwho, depends on your perspective. As a user, isn't GDPR great?

For me personally I felt it was safest to just let people compile it it they want it and block EU users from push

MattJ: depends. Time will tell if those ad tracking firms will go out of business

They won’t because they can afford to meet the letter of the law

Thus far I haven't experienced any differences from a user's perspective

Anu: it's complicated

If you have the money and development resources, its totally doable

They'd have to ask for consent

And that essentially breaks their business model

the two biggest advertisers are google and facebook

Both will be fine

Only if you are a costumer of them. And consented to them tracking you

But yes those companies will have fewer issues than the traditional ad companies

daniel, actually, I’ve seen quite a few spamy things which asked for consent

Anu: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN#d1e3732-1-1

jonasw: sure they can try. But I don't think a lot of people will klick yes

Anu: I would've thought neither (a) nor (b) nor (c) applies.

funny thing, ive works with mobile advertisers they were already doing things that were illegal the US. I dont think a eu law change with modify that

daniel, exactly

Anu, we’re preparing to attack both Google and Facebook (and a few other ones), see https://gafam.laquadrature.net/ (use a translator if you don’t read French).

I'm loving it from a users perspective, all the companies that can't be bothered to even try to protect user data or that were selling it and don't want to admit it are shutting down or putting up notices about how itm'

I spend time in France, im familiar with gafam (a term ive never seen used outside btw)

…it's no 'onger available in the EU

*sigh* stupid phone keyboard.

Anu: is https://monal.im/blog/gdpr-removing-monal-from-the-eu/ your plan?

yup

That's... unfortunate.

At least until things clear up, id rather not get in trouble while in europe

I was just going to recomment Monal to my iOSy family members.

sorry :(

I dont know what chat secure will do, ive asked chris

Hes going to have to deal with the same issues

Everybody is going to.

yup

MattJ: yes and no, I mainly agree with daniel

He might have more resources than me since I think he’s funded by something

We should add that to our next GDPR meeting. pep., winfried: Cloud-Notify / Push servers are sufficiently on-topic

Anu: I'm not convinced he has a regular project funding

ah

Anu: ChatSecure development has slowed down in the last year or so, from what I can see.

on iOS. And I'm not sure anything at all is happening on Android. They wanted to migrate to the Conversations code base.

What sucks about GDPR is I am prepping the next monal version with OMEMO and push

he either used to or still has. i'm not really sure. i think it ran out at the end of last year ✏

both on iOS and mac

Mac will have the binary on the website outside of the App Store so people could just grab it there and there isn’t a push requirement

Hah I should put text there asking EU users to not download it like in the old days where you could download the US version of netscape with better encryption or the international one

Anu: is there a specific reason for you pulling out, or just lack of time to ensure overall compliance?

lack of financial means to ensure compliance on a regular basis.

Its hard to do with a non commercial, free app

GDPR is designed for institutions that can afford it. I dont know how everyone else will deal with it

Somehow we will.

BigCorps are paying millions to consultants to ensure compliance.

Yes, I do it as my day job

Anu, yea if you don't target EU citizens you don't need to comply with the GDPR so I'd just do that 'EU users must not download this'

well no

Its anything that MAY be used by a EU natural person

no it's not, looking for link...

https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/application-regulation/who-does-data-protection-law-apply_en

Provided your company doesn't specifically target its services at individuals in the EU, it is not subject to the rules of the GDPR.

i think we are in agreement on that part, thats why im removing it from EU app store

Anu: will it also be auto-uninstalled from EU iPhones? :P

Nah since people can also just side load it if they want it

I thought you need XCode and what not to sideload an ipa

there are a few ways to do it. Most of my users are enterprise users

They can deal with it

@Ge0rG, how do you plan on handling GDPR with yax.im?

Anu: I'll extend the data processing policy according to what we figure out in the XSF GDPR meetings, and will hope nobody sues me.

GDPR comes into effect next week, going down to the wire :)

Yeah.

Do we know if federation is legal anymore

Email isn't going to go away.

Anu: we don't *know* anything. We only make informed speculations

s/informed/uninformed/

jonasw: only speaking for yourself

also, this creates a loop leading to unununununununununinformed

(and more)

Haha

while (regex.matches()) do { regex.apply() }

infinite loop of jonasw

> Ge0rG> We should add that to our next GDPR meeting. pep., winfried: Cloud-Notify / Push servers are sufficiently on-topic Gotcha

i would say xep-0080 and anything else that deals with lat/long

Anu: I don't see how that's principally different from user content

true