godotxc.com is using nefarious code

DaveTheCoder · Mon Sep 04, 2023 1:54 am

Note that the web site's owner may be using third-party services for his store, and those services could be adding the stuff you don't like.

megalomaniak · Mon Sep 04, 2023 6:55 am

That's literally what it is but the point to take home here is that without these third party services there couldn't even be a functional store at all.

Karlsson · Mon Sep 04, 2023 7:03 am

megalomaniak wrote: ↑Sun Sep 03, 2023 6:20 pm There are allowances for this in all this sort of legislation.

You're wrong, the GDPR law states that you have to inform the user of any use of user data. You are fully allowed to use any services on your site, as long as you have properly informed all users of it before using it. Everything that is not informed about, is done behind the users back and is nefarious. It must always be an opt-in, not an opt-out, and must be as easy to do either. Not opting in can result in the user not being able to use the site ofcourse, until they opt-in. But by then they are informed.

There's no egregious scale, you can be fined just for storing an ip in your log file without informing the customer, which happened to a few spanish companies that thought they had the right to do so. The fine increases depending on how serious and how long this has been going on.

And the law primarily targets commercial interests like stores or social media, not your own little devsite, but the law still applies for all publicly accessible sites, even government sites have to pay fines.

Meta/Facebook for example have already had to pay several billion euros and change a lot in how they work to protect their users, even though all their services are their own even.

But let's say you have a few LLC's hiding behind some offshore company, just to hurt users by stealing their data. It's a bad thing, even if you get away with it.

Edit, addition; Right now there are companies fined because they make it more difficult to opt-out than to opt-in. There are a lot of companies out there trying to mislead customers, for no apparant reason. It's super easy to list everyone involved with your data, and their purposes. You must also at any time be able to provide all data from all parties to the user that asks for it.

Karlsson · Mon Sep 04, 2023 7:35 am

megalomaniak wrote: ↑Mon Sep 04, 2023 6:55 am That's literally what it is but the point to take home here is that without these third party services there couldn't even be a functional store at all.

It's not illegal to use thirdparty services, just illegal not to inform users about how they use their data and their purpose. It's incredibly easy to inform users and ask them to opt-in/accept that usage.

megalomaniak · Mon Sep 04, 2023 11:38 am

Karlsson wrote: ↑Mon Sep 04, 2023 7:35 am
megalomaniak wrote: ↑Mon Sep 04, 2023 6:55 am That's literally what it is but the point to take home here is that without these third party services there couldn't even be a functional store at all.
It's not illegal to use thirdparty services, just illegal not to inform users about how they use their data and their purpose. It's incredibly easy to inform users and ask them to opt-in/accept that usage.

Right, I misunderstood or misrecalled what you were actually complaining about early on in the topic but there are indeed allowances to not add any opt-ins or outs for minimum vital data gathering and storing in use such as for the payment processing. The ultimate opt-in is the choice to use a service at all after all. But informing that there is that minimal data gathering is mandatory, yes.

Karlsson · Tue Sep 05, 2023 6:36 am

megalomaniak wrote: ↑Mon Sep 04, 2023 11:38 am ...but there are indeed allowances to not add any opt-ins or outs for minimum vital data gathering...

Yes, you are mostly correct about that, it still have to informed about as functional use informing about the usage and purpose. You, as a user, must be able to change your mind and leave the site without any use of anything further than a simple session cookie.

The opt-in always have to be there, but the allowances comes to services that are vital to the functionality and those you can only opt-in to, not opt-out (other than leaving the site without opting in).

Opt-in is never anything you can skip if storing or using any type of data from the user (longer term). You can have a simple webpage, that is not logging ip's, using only a session cookie to keep track of what page you are on, but providing like documentation on some tech and so on without any opt-in. But you can't go further than that involving the visitors data.