GDPR and Boards.ie post removal policy **update linked in OP 24/5/18**

Bob24

Trojan wrote: »

On the one-way hash thing, I think that you'd have a very difficult time arguing that that is personally identifiable.

For example you could argue that if you have the hash function, the list of all the hash entries boards has, and a list of all registration email addresses from another popular Irish website you could use these email addresses to easily de-anonymise a good part of board's list (because if you try all email addresses from the other website it is likely that many will overlap with boards' hash list and will therefore become personally identifiable again from that hash list).

Just one exemple of what comes to mind.

kippy

Hurrache wrote: »

Ok, I was wondering alright if they were hashed. Interesting to see if that's adequate for GDPR though as email addresses are still held in some form, albeit in a hash table. Data privacy campaigners will push the law to see how far it's reach is.


Cheers for the explanation.

We will be back to pen and paper this time next year and meeting in pubs for the craic again.

Permabear

This post has been deleted.

Trojan

Bob24 wrote: »

For example you could argue that if you have the hash function, the list of all the hash entries boards has, and a list of all registration email addresses from another popular Irish website you could use these email addresses to easily de-anonymise a good part of board's list (because if you try all email addresses from the other website it is likely that many will overlap with boards' hash list and will therefore become personally identifiable again from that hash list).

Just one exemple of what comes to mind.

Yes, you could argue that.

However, the word "reasonable" is in the text of the regulation

kippy

Permabear wrote: »

This post had been deleted.

This is completely unworkable however if taken to its limits. Threads will need posts belonging to the poster as well as any references to that poster and/or posts quoted from.deleted. how much sense would a thread make then, let alone the practicalities of deleting not just the posts from that poster but the quoted posts and any reference to that poster?

As I said, when legal clarity is obtained via the courts in the next few months and that legal clarity puts the onus on sites like boards to implement the law as above boards and other sites like it may as well shut down.

Bob24

Trojan wrote: »

Yes, you could argue that.

However, the word "reasonable" is in the text of the regulation

That is why I said it is open to interpretation. Can you say it is definitly unreasonable to expect that with a high enough probablility at some point could be a data breach with another Irish website which will publically reveal that list of email addresses and easily allow boards to deanonymise their list as I explained?

And again that is just one scenario.

Bob24

Permabear wrote: »

This post had been deleted.

I think those are two separate issues which each need an answer. Both could individually lead to identifying someone.

Nody

Bob24 wrote: »

That is why I said it is open to interpretation. Can you say it is definitly unreasonable to expect that with a high enough probablility at some point could be a data breach with another Irish website which will publically reveal that list of email addresses and easily allow boards to deanonymise their list as I explained?

And again that is just one scenario.

Your scenario is very flawed; it's like saying well how can you be sure an alcohol store does not have someone breaking in there stealing booze and then selling it to kids and hence breaking the law? Taking two crimes to generate a third crime as the bar for reasonableness is an impossible high bar to use.

Bob24

Nody wrote: »

Your scenario is very flawed; it's like saying well how can you be sure an alcohol store does not have someone breaking in there stealing booze and then selling it to kids and hence breaking the law? Taking two crimes to generate a third crime as the bar for reasonableness is an impossible high bar to use.

Your comparison is not valid because GDPR imposess data protection standards on data controllers to cater for these situations, and you are probably underestimating how easy it can be to partially de-anonimise lists of hashed emails (as I said data breaches are one scenario to obtain what you need, but you could also use marketing lists, web crawlers to collect email addresses, or simply algorithms designed makes guesses based on common names and patterns).

See a piece from Princeton researchers including one who is now a privacy engineer at Mozilla on the exact topic of hashed emails de-anonimision, with a note on GDPR at the end: https://freedom-to-tinker.com/2018/04/09/four-cents-to-deanonymize-companies-reverse-hashed-email-addresses/

(I was not aware of these but they even mention companies which will de-anonymise lists of hashed email addresses for a few cents per address using a combination of these methods and apparently with a very high success rate)

Hurrache

kippy wrote: »

This is completely unworkable however if taken to its limits. Threads will need posts belonging to the poster as well as any references to that poster and/or posts quoted from.deleted. how much sense would a thread make then, let alone the practicalities of deleting not just the posts from that poster but the quoted posts and any reference to that poster?

As I said, when legal clarity is obtained via the courts in the next few months and that legal clarity puts the onus on sites like boards to implement the law as above boards and other sites like it may as well shut down.

It's not that unworkable at all, and it's already been mentioned in this thread that other sites have had functionality like this a while. You could throw together a simple script within a day to do it, depending on the storage format, that can be executed over and be over with the only parameter change being the user id.

And even if it was completely unworkable, it's no excuse if the law says otherwise.

Trojan

Hurrache wrote: »

So who in this thread do you accuse of "suddenly" becoming interested just because they see it as an invite to troll, or are posting just to have a pop ar boards?

Well now, it wouldn't be right for me to name names, now would it?

But in fairness, I think that based on 20 years of being a member here - over half as an admin - that my troll-dar isn't too badly uncalibrated, is it?

Hurrache wrote: »

Do you not think boards.ie are able to engage users here themselves, which in fairness, they have done, without you leaping to their defence?

Oh, they're welcome to do just that. But they're far too professional to call it like they see it.

mirrorwall14

This is very interesting to read as it’s somehing I’ve done in the past after my first baby, closing accounts and opening a new one as changing a username wouldn’t prevent someone from identifying me using the different forums I post in. I love using boards but the nature of it means that eventually enough information (from the questions asked, answers given and forums posted in) is built up to make people identifiable

kippy

Hurrache wrote: »

It's not that unworkable at all, and it's already been mentioned in this thread that other sites have had functionality like this a while. You could throw together a simple script within a day to do it, depending on the storage format, that can be executed over and be over with the only parameter change being the user id.

And even if it was completely unworkable, it's no excuse if the law says otherwise.

My user name is 'storage'. I want all posts, quoted posts and references to my username in posts deleted.Please also delete all PMs from in boxes of users from or to me and where my name is referenced.
Go script that, and then tell me how any threads with my username, posts from me or quoted posts from me will look and of any unintended consequences......
Then go and do the same from any replicas or backups of the site data.

I don't think people appreciate the full impact of some of this stuff if taken to the limit. There are whole threads that will make absolutely no sense. As I said boards may as well shut down and we'll meet in the pub for a chat instead.

Same scenario for any other usernames that also fit the bill......
There are some great areas like this that need to be addressed and it'll take a court case or three to bring some clarity.

Hurrache

Trojan wrote: »

But in fairness, I think that based on 20 years of being a member here - over half as an admin - that my troll-dar isn't too badly uncalibrated, is it?

I'm here almost 20 years myself, if we're getting into dick swinging and smarm territory.

You obviously know the routine then on what to do if you think people are here for trolling purposes.

@kippy, It can be done without going anywhere near the extreme of thinking about closing the site instead. It's what the DBAs and devs get paid for. Other sites have had this feature before GDPR came into the picture.

beauf

Even apart from GDPR. A conversation about GDPR eventually becomes one of data retention and security.

If you get hacked and peoples information from 10 years ago from PM's goes online. Questions will be asked why the hell you are keeping information you don't need for 10yrs.

Every where should be having a parallel project on data retention beside GDPR.

kippy

Hurrache wrote: »

I'm here almost 20 years myself, if we're getting into dick swinging and smarm territory.

You obviously know the routine then on what to do if you think people are here for trolling purposes.

@kippy, It can be done without going anywhere near the extreme of thinking about closing the site instead. It's what the DBAs and devs get paid for. Other sites have had this feature before GDPR came into the picture.

You have obviously not read my post or example given.

beauf

kippy wrote: »

...I don't think people appreciate the full impact of some of this stuff if taken to the limit. There are whole threads that will make absolutely no sense. As I said boards may as well shut down and we'll meet in the pub for a chat instead.....

Its a database. you can run stats on how much a deletion will effect threads. Or even how often those threads have been accessed in the last 3yrs. If an old thread has not been accessed or accessed a couple of times why keep it.

Its like digital hoarding.

kippy

beauf wrote: »

Its a database. you can run stats on how much a deletion will effect threads. Or even how often those threads have been accessed in the last 3yrs. If an old thread has not been accessed or accessed a couple of times why keep it.

Its like digital hoarding.

My username is 'storage'.
Discuss.

BowSideChamp

kippy wrote: »

My username is 'storage'.
Discuss.

Your IP address is recorded everytime you post something and will identify you.

kippy

BowSideChamp wrote: »

Your IP address is recorded everytime you post something and will identify you.

Not sure the relevance.
Hypothetical scenario.
My username is storage. I want all threads and PMS where my name is mentioned deleted. I also want all references to me removed from any and all backups.
What would the impact be on this thread alone?

This thread alone wouldn't see any posts deleted but what about references to my username?

Beasty

kippy wrote: »

Not sure the relevance.
Hypothetical scenario.
My username is storage. I want all threads and PMS where my name is mentioned deleted. I also want all references to me removed from any and all backups.
What would the impact be on this thread alone?

This thread alone wouldn't see any posts deleted but what about references to my username?

Unless your real name is storage that in itself would not identify you. Just to add one thing. We see a number of regular re-reg trolls. In some cases I think we could seek prosecution for some of their posts. However despite the tools we have available in my time as an Admin I have never seen a single one if those individuals real life IDs identified

Now I know I have posted plenty of info that when aggregated could quite easily identify me. Do I care? No - there is nothing I have ever posted on this site that I would not be prepared to openly stand behind

For many users these rules are important and I am sure the site will observe their rights under the legislation. It has always been made clear that the site does not want to get into avoidable legal disputes.

I suspect many more will adopt a similar position to my own

Bob24

kippy wrote: »

Not sure the relevance.
Hypothetical scenario.
My username is storage. I want all threads and PMS where my name is mentioned deleted. I also want all references to me removed from any and all backups.
What would the impact be on this thread alone?

This thread alone wouldn't see any posts deleted but what about references to my username?

Backups should be treated as a separate (and important) problem which is not specific to this situation and applies to pretty much every system/organisation (essentially the generic question which applies to everyone is whether you need to propagate deletions to backups and if yes how to do it).

On the rest, what is important to keep in mind is that GDPR is not only about finding fixes for existing issues, but also about altering the way systems and processes are designed to prevent these issues from happening in the first place ("privacy by design").

On this, one trivial exemple would be reject any account name which is a word present in the English or Irish dictionary and will therefore be hard to single-out. Of course this is not going to fix everything but it is an exemple of mesure which can be considered to address this type of problem (and an easy one to implement, other would require more complex redesign work and this is why plenty of time was allowed between the publication of the final regulation and its enactment so that organisations had time to identify issues and make these changes).

Permabear

This post has been deleted.

beauf

kippy wrote: »

My username is 'storage'.
Discuss.

?

Your only point seems to be it will be ruin threads. When it's very likely it will only effect threads that aren't been accessed anymore.

Boards used to be able to delete your old posts. With no limits. They turned it off after some people deleted all their old posts.

Beasty

Permabear wrote: »

This post had been deleted.

Maybe you did not read the whole of my post? I indicated I would expect their rights to be observed.

StupidLikeAFox

kippy wrote: »

Not sure the relevance.
Hypothetical scenario.
My username is storage. I want all threads and PMS where my name is mentioned deleted. I also want all references to me removed from any and all backups.
What would the impact be on this thread alone?

This thread alone wouldn't see any posts deleted but what about references to my username?

In your scenario it is not the username that identifies you, it is your posting history as a whole.

So if you close down this account, a script could run to find out all the threads you posted on.
Then it could anonymise your username on each thread - so on this thread it would change your username to "Deleted-Mr Jones" and on another thread it would be "Deleted-Mr Smith" etc. Each individual thread would still be readable and have a flow, but your posting history would be deleted so nobody could piece together who you are.

Would be very simple to change the username where you posted or were quoted, if it was mentioned in the body of a post it's probably trickier but how often does that happen really? Certainly not enough to piece together your entire posting history

Permabear

This post has been deleted.

Franz Von Peppercorn

StupidLikeAFox wrote: »

In your scenario it is not the username that identifies you, it is your posting history as a whole.

So if you close down this account, a script could run to find out all the threads you posted on.
Then it could anonymise your username on each thread - so on this thread it would change your username to "Deleted-Mr Jones" and on another thread it would be "Deleted-Mr Smith" etc. Each individual thread would still be readable and have a flow, but your posting history would be deleted so nobody could piece together who you are.

Would be very simple to change the username where you posted or were quoted, if it was mentioned in the body of a post it's probably trickier but how often does that happen really? Certainly not enough to piece together your entire posting history

The problem is the quotes reference the name and a number and it’s in the text.

So the text of this post contains your username. The quote is

[ quote = “StupidLikeAFox ; xxxxxxxxxx ]

Number is probably the post number.

More sophisticated software would reference the username by id and allow the render to display the name. Then one change would suffice.

I also think that new names per thread would probably be relatively involved. Replacing the user name with “closed account” is easy enough globally.

Bob24

Permabear wrote: »

This post had been deleted.

Yes I feel the same way. And while I have no doubt board's management team takes GDRP seriously and intends to comply, *some* replies from mods/admins here give the impression they see GDPR has something which can/should be dodged and have very minimal impact on the way the site operates (and which can be sorted by a few emails from a lawyer).

I understand those are their own views and not the one of boards (and I imagine boards will share with them what the position is on this issue shortly), but IMO they are making a mistake thinking that way.

Bob24

Franz Von Peppercorn wrote: »

The problem is the quotes reference the name and a number and it’s in the text.

So the text of this post contains your username. The quote is

[ quote = “StupidLikeAFox ; xxxxxxxxxx ]

Number is probably the post number.

More sophisticated software would reference the username by id and allow the render to display the name. Then one change would suffice.

I also think that new names per thread would probably be relatively involved. Replacing the user name with “closed account” is easy enough globally.

Yes that is an obvious change: changing the quoting system so that the quoted user ID is not a free field and is instead a system populated internal identifier which can at any time be replaced by a generic "Closed Account" user.