Privacy & Data Protection

ecksor

Originally posted by amp
You want all images hosted on boards. I take it this means that I would have to upload them to boards.ie myself. I currently upload my images to IOL.

I asked about my last suggestion. In fact, the last two suggested compromises (one of which was due to MarcusGarvey) didn't interfere with you hosting your images on IOL.

If you're not claiming to do this the for the majority of users, you must be claiming to do it for "the user who does care". You support his concerns yet you do not support my concerns. Is that users opinion more important than mine?

No, but I don't accept that one user doesn't have a valid complaint just because the majority disagrees. Since two suggested approaches support your concerns, I don't see why you feel that they are not being listened to.

Ignoring and/or turning off signatures are both flawed solutions btw. One happens after the fact, and both assume that the offending bug is visible and in the signature.

But surely that's a small price to pay to stop the disruption a far larger minority would have to pay for one persons ignorance and paranioa?

Again, which disruption are you talking about?

This is not about one person's ignorance or paranoia. As I've said, this is a valid issue, and if you don't recognise that then that's up to you.

GuanYin

No, but I don't accept that one user doesn't have a valid complaint just because the majority disagrees. Since two suggested approaches support your concerns, I don't see why you feel that they are not being listened to.

Ignoring and/or turning off signatures are both flawed solutions btw. One happens after the fact, and both assume that the offending bug is visible and in the signature.

Could be wrong here, but I think the point is tha most users don't care either way, so it doesn't matter to the majority if this is blocked or not.

However there are a minority of people who do feel quite strongly about the issue.

so, who do you go with on this matter, those majority who don't care (either way), or a few who do?

ecksor

If we block depending upon each users' individual preferences as set in a control panel option, then the minority are kept happy and the majority continue on as normal.

sceptre

Originally posted by ecksor
If we block depending upon each users' individual preferences as set in a control panel option, then the minority are kept happy and the majority continue on as normal.

Sounds like a lot of work for whoever codes it but seems like a solution that'll keep everyone happy. For the little it's worth, thumbs up to that.

(I'm one of the "couldn't really care either way" types)

MarcusGarvey

Sounds like a good plan, but hard work. Fair play.

amp

I'm confused about a couple of things here, maybe some of these questions have already been answered. If so, I apologise:

So each user can nominate wherever they want to host their pictures then. How will that work? Who decides what is a legimate external server and what isn't? What if I change my hosting from IOL to another provider? Do I have to resubmit my nomination? If I do resubmit my nominated server will this be validated automatically or will it require an admin to check the server first? What if there are no Admins available at the time to process it? Is it not a disruption to have to wait until they do?

Is there anything stopping a user from putting up an ip gathering picture on what would have been previously listed as a legitimate server? If another user puts up an ip gathering pic on a server that I also host pictures on, what if that server is blocked? Would that not disrupt me? If www.server.ie/~user is listed, are further folders like www.server.ie/~user/etc automatically listed or would I have to manually define all subfolders. Is that a disruption if I do? If I have my own personal webserver will I have to declare that I will not host ip gathering pictures? If an unlisted external server gives me permission to leech pictures from them will I have to submit this each time? Disruption?

DeVore

Actually it sounds like a lot of extra strain on the database. For each user access we will need to do a database look up to see if they want to see external images or not and then alter the html we send them to exclude the links to external images?

That sounds like a LOT more work for the server (and the reason why we dont serve personalised navigation, which would come far higher on my list of "nice to haves").

Technically if this could be done without impact on performance I'd agree. I suspect it cant be.

Also, the suggestion has changed so I'll reiterate it here again (with Ecksors consent) because its considerably different from the original.

1. If you dont want this option on (and it would be off by default) you will see and use Boards EXACTLY AS YOU DO NOW. Linking to external images (hosted wherever) would be the same and what you see in threads would be the same. No change

2. If, on the other hand, you DO turn this option on you will see no images from foreign servers and you will be all safe from the boogeyman.

(ok the last bit is my addition )

Is that a fair summary Ecksor?


Personal I'm opposed to it on the grounds of server load but if it ends this pathetic cabaret I'd vote for it. It will give us something to scream at people like Tinky (who will almost certainly stop using Boards.ie before this is implemented because I'm not all huggles)

If we are already pulling a record from the User table then that data can piggy back and we'll have no extra interactions with the database as a result. That might work.

Personally I'm all for catering for the little guy so long as the majority are not affected. If Ecksor wants to do this work (and I know this is like a personal mission with him ) hey, I dont see why he shouldnt. My only concern is the impact of speed and since I doubt many will even use it, thats possibly mitagatable.

DeV.

amp

Also, the suggestion has changed so I'll reiterate it here again (with Ecksors consent) because its considerably different from the original.

1. If you dont want this option on (and it would be off by default) you will see and use Boards EXACTLY AS YOU DO NOW. Linking to external images (hosted wherever) would be the same and what you see in threads would be the same. No change

2. If, on the other hand, you DO turn this option on you will see no images from foreign servers and you will be all safe from the boogeyman.

Ahhhhh *sound of penny dropping*, my apologies ecksor, I obviously didn't understand this new suggestion. I've no objections to the above solution. The choice remains with the user, ignorant paranoid people can turn off external images. You're happy that Tinkys happy. Everybodies a winner. \o/

ecksor

Originally posted by DeVore
Also, the suggestion has changed so I'll reiterate it here again (with Ecksors consent) because its considerably different from the original.

1. If you dont want this option on (and it would be off by default) you will see and use Boards EXACTLY AS YOU DO NOW. Linking to external images (hosted wherever) would be the same and what you see in threads would be the same. No change

2. If, on the other hand, you DO turn this option on you will see no images from foreign servers and you will be all safe from the boogeyman.

(ok the last bit is my addition )

Is that a fair summary Ecksor?

Yes. Any extra load is less likely to be felt by the database than by the front end webserver, but even that shouldn't be too much. A close analogy would be to say that we should restrict each user to having only one image in their signature because the second image's vbcode has to be processed and that's an unacceptable load. What would essentially happen is that every forum would look the same way they do when we disallow embedding images on that forum, so the user would be presented with a hyperlink, which they can click on or ignore as they choose.

If Ecksor wants to do this work (and I know this is like a personal mission with him ) hey, I dont see why he shouldnt. My only concern is the impact of speed and since I doubt many will even use it, thats possibly mitagatable.

In fairness, in the past I've put in lots of time and effort on things that most people don't even notice, because of security issues, or to implement features that appeal to a minority. People don't normally come along bemoaning the fact that I'm pandering to anyone or even notice that I'm doing it, which is how it's supposed to be. When I moved the members space to a new domain to prevent account hijacking, I put in a lot of work to make sure that people didn't have to relink their signatures or posts, and very very few if any people complained because they didn't notice. Job well done in my opinion. I could have and would have adapted the same techniques here to ease in any new schemes.

If I've appeared annoyed on this thread, well, that's because I have been. I hate the security stereotype of not being willing to find a reasonable compromise being thrown at me when the compromises that are suggested aren't being properly considered. And, again, I do appreciate why this might be important to some people, so I feel that some of the dismissive posts and attitudes shown here have been well out of line. For the record, I don't plan to use this feature myself.

No timeframe on when this will happen unfortunately, as usual it will depend on the next free block of time I get. If it can be done in the way I think it can be done, then within the next week is realistic.

ecksor

ignorant paranoid people can turn off external images.

I actually think that if someone is concerned by this, they may be overly paranoid, or they may have very good reason. However, to me it implies a lack of ignorance if anything.

I think this has run its course.

amp

Ok fair enough. lol. I withdraw the word ignorant. And it goes without saying, but I'll say it anyway, that I and others do appreciate the work you and the rest of the Admins put into boards.ie.

With regard to your comments about some suggestions being "out of line", well I suspose I'm probably included in that. I acknowledge that I didn't really understand the compromise and I again apologise. I'll be more careful about my rants in the future.

ecksor

Thanks, I appreciate that.

ZENER

I am not requesting that restrictions are put on users. I raised a concern about sigs and the links contained therein. There have been some very intelligent suggestions made here in this forum. That's good - the whole point of it. It's the purpose of a site like boards.ie to give everybody a place to air their views - otherwise how would they be heard. I expressed an opinion and read some very healthy debate on the subject. Some of it makes sense and some comes from people that assume that nobody elses opinion matters !

Others continue to assume that I am stupid and continue to belittle my opinions . . As a technician and service engineer (City & Guilds and DCU) I am perfectly aware how the internet functions. So much so that I raised my concern about sigs containing unknown links. Ecksor has put forward solutions to give all users a sense of being acknowledged. I applaud him for that. Others unfortunately have attacked him for thinking rationally. He appears to be one of the few here raising concerns about security and the responsibility of boards.ie towards that in a balanced way.

Amp, as a computer service engineer, (FAS qualification no less) has a worrying attitude about security considering his responsibility to his clients. I personally like to listen to all sides of an argument before making a decision that would best suit all concerned, its part of my job - which I like to think I do pretty well.

My opinion - in as much as it matters, is that because most of the contributors to this thread object to what I have raised - is that I should bow to the needs of the many and just disable sigs in my cp. This in turn will reduce my enjoyment of this site (some sigs contain amusing/useful links) and deprive me of a sense of security that I should take for granted on an otherwise excellent service. I therefore bow out of this thread having made my arguments, as best I can, and leave it to the mods to decide what is best for everyone on boards

In doing so I reserve the right to raise the subject again in the future when someone uses a sig or link that causes real concern to everyone. Then I can say to you all - I told you so !

With respect to all.

Tinky

DeVore

Its not just me is it? I mean, I'm not the only one who thinks Tinky is living on a different planet am I?

Do you even read the posts in between yours? We've resolved that both can be satisfied. Btw, why are sig-images any different from images linked in the main body of the thread?

*boggle*



DeV.

amp

It's not just you.

ZENER

Quote:
Do you even read the posts in between yours? We've resolved that both can be satisfied. Btw, why are sig-images any different from images linked in the main body of the thread?

Sorry that it appears I have not read your posts. I had started typing my reply before your 2 posts appeared on the thread - I was in work at the time and got called to a job and posted when I got back - which was was abot 30 mins after your posts appeared. BTW the job was on this planet !

Quote:
If we block depending upon each users' individual preferences as set in a control panel option, then the minority are kept happy and the majority continue on as normal.

Sounds reasonable to me.

Quote:
.... and you will be all safe from the boogeyman.

Has anyone actually investigated the sig in question ???? It may appear as just an image on the screen, but the information contained within goes to the site hosting the image the image is generated THERE and sent back to the screen of the viewer. Therefore it's not as simple as objecting to you reflection in a mirror. The privacy statement on the hosting site also does little to promote confidence. Whats to stop that site or any site for that matter tracking you internet usage.

Try this scenario: Parents browse internet with cookies on. Now these parents not being very web savvy and thinking a cookie is a bikky go to a web site hostng questionable material. A tracking cookie is planted on their computer and reports to its originator the browsing habits of the parents. Child sits to use the pc and there on the top of the web page in front of the child is an image and link to a site not suitable for their eyes.

The above may seem far fetched, but I have had plenty of customers with this experience. Now supposing that this cookie came from a site hosting the aforementioned sig !!!!

The opt out idea put forward above would help prevent this happening as long as optout = safe by default.

Tinky

ecksor

Originally posted by tinky
Has anyone actually investigated the sig in question ???? It may appear as just an image on the screen, but the information contained within goes to the site hosting the image the image is generated THERE and sent back to the screen of the viewer.

Right, but as DeVore was getting at, all requests for images send this information, and potentially set cookies etc. Any external image could be doing this. (there aren't many external images around boards that actually try to set a cookie, but there are a few. The other information can be gotten passively).

That particular signature just makes this obvious to the user.

Child sits to use the pc and there on the top of the web page in front of the child is an image and link to a site not suitable for their eyes.

This is a different issue.