alles vollkommen irrelevant im sinne der ursprünglichen aussage:

dass das Fediverse iwie gegen die dsgvo verstößt.

kein einziges argument deinerseits wie genau hier ein Verstoß vorliergen soll.

immer noch nichts an greifbarer kritik.

nur vollkommen wertlose behauptungen über die richtigkeit, aber absolut keine konkrete aussage.

woe GENAU verletzt dad Fediverse in irgendeiner weise die dsgvo?

welche daten sind konkret problematisch?

die ursprünglich genannten Beispiele sind laut deinem eigenen Zitat vom Gesetzestext Blödsinn.

also was sonst soll hier problematisch sein?

ad tracking is COMPLETELY irrelevant to the original argument of the Fediverse being in violation of EU regulations.

it’s just another deflection to distract from the complete and utter lack of concrete evidence of any foul play on the Fediverse protocols’ side.

what manipulation?

junge, du:

• verstehst das Gesetz falsch.
• bekommst eine Erklärung.
• ignorierst die Erklärung.
• behauptest die Erklärung ist falsch, ohne sagen zu können WARUM die falsch sein soll.
• steigerst dich rein in sinnlose haarspaltereien die abeolut nichts zur sache tun.
• verstehst die fachbegriffe nicht ansatzweise.
• weigerst dich die fachbegriffe nachzuschlagen, wenn du sie schon nicht verstehst.

…und dann hast du noch die Dreistigkeit zu behaupten hier wird irgendetwas manipuliert???

nein junge!

die leute durchschauen einfach nur, dass du offensichtlich keine Ahnung hast!

deswegen kommen downvotes: du erzählst blödsinn!

LMAO

I’m in the EU and PII definitely IS “a thing” here, because most IT professionals need to communicate in english at least some of the time and the US is the biggest market for software in the western hemisphere.

because of that most software companies from the US (like, say, Microsoft, Apple, and Google) use the term, which is why it is widespread over here as well.

and since translation errors are suuuper common in technical documentation from said companies, or there straight up isn’t any in non-english, most professionals read a lot of US-english documentation. which obviously uses PII instead of PD.

the specifics differ, yes, and the areas use slightly different terms (PII vs personal data), and yet those terms are, in fact, synonymous.

(and also: it is common courtesy on the internet to use the terms more people are familiar with if the terms are, for all practical purposes, interchangeable.)

do you need an explanation for what a synonym is too?

jfc, i don’t mean to be rude here, but how is it possible that this needs explaining??

just about ALL of this is common freaking sense???

that they certainly did! lol

slight mistranslation: apparently, the proper english term is “personally identifiable information” or “PII”.

my work environment is german speaking. didn’t bother looking up the translation, since it’s perfectly understandable and clearly communicates the right idea either way.

anyone that in any capacity handles data - like, say, sys admins (hint, hint) - knows this term.

it’s not a surprise that it doesn’t show up in an article called “GDPR for dummies”, since the people familiar with the term won’t get much use out of that site.

it’s also an IT-term, not afaik a legal term, used as a kind of short hand for (extra) sensitive data.

(the site being “commercial” is also irrelevant. the information content is important. since you haven’t been able to decipher the legal text, i figured linking a more easily digestible site would be more convenient.)

as to “who taught me that”…i couldn’t say. it’s part of my job to stay up to date on legislation related to my job, same as for anyone else. we’ve had countless meetings about how to handle this sort of data internally, with consultants, and with other departments. we have, as we are required to by law, a data security officer (i think that’s the translation) that regularly sends updates, information, and requests/demands as to how to handle PII. like i said: it’s a big thing^tm in IT in general. it’s a topic that can easily fill a university lecture and then some. and it was a significant part of my certification process.

also, fun fact! if you type “personally identifiable data” into a search engine, the literally first result explains all of this and more!

isn’t that fantastic?? :D

P.S.: i specifically told you:

look up the parts you aren’t sure about.

soooo…you’re not very good at finding information that isn’t presented to you, evidently. maybe work on that a bit? just a suggestion…

alright, so, you DID copy the relevant legalise, yes, but you quite obviously didn’t read it carefully enough.

everything in your quote says what i said, and disproves what you said.

that’s just a fact and is why you are being downvoted: you said something nonsensical.

here’s how:

For the purposes of this Regulation:

self explanatory; no issues here.

‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’);

here’s our first issue: “natural person” is a legal term and means an actual, real life person.

a username (and therefore a user in general) is NOT a “natural person” in the eyes of the law.

your user account has no rights in the eyes of the law. you, the person reading, does. but those are two different things in law terms.

also “relating to an identified or identifiable natural person” does NOT mean “any data related to your user account”. it ONLY refers to data that can be used to identify you, the natural person.

i think this is where most of your confusion comes from:

if the data cannot be used to identify you, then it is not protected by the GDPR.

it’s that simple, really.

also important: this is about data, specifically.

so comments you make also are not covered by GDPR, because the GDPR only deals with systems data and personally identifiable information.

so your votes, for example, are NOT covered, because they can’t be used to identify a natural person.

in fact, nothing that the Fediverse platform sends anywhere falls under GDPR (afaik).

anything identifiable you put on the platform, you’ve put their yourself, and the GDPR doesn’t protect you from posting a picture of your own SSN. it doesn’t protect from doing dumb things, it only protects information you didn’t provide voluntarily.

an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier […]

here is where i think the rest of your confusion lies:

it’s ONLY personally identifiable data, if, you know, it can identify you (the natural person)!

in layman’s terms that means this law ONLY applies, if your username can be used to easily acquire your real name. and ONLY then.

your IP address is not enough to identify a natural person precisely.

if you haven’t put your real name in your account description (which this law also doesn’t protect against, since that is voluntary on the users part), there is no way to correlate your username with your real name.

therefore the law doesn’t apply here.

[…] or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

this part pretty much just says that healthcare data, religion related data, club memberships, etc., are also personally identifiable information and therefore sensitive data.

mostly this means that using aggregate data to uniquely identify an individual is illegal.

so, for example, if some company has your age, general area, your gender, and your address, then it would be trivial to uniquely identify you, therefore that combination of data is also protected and classified as “sensitive information” which has to be handled in specific ways by law. (the details here aren’t important for the discussion, but it’s things like only store it encrypted, only locally/with certified providers, etc.; just a bunch technical details)

it’s also important to note that there are TONS of exceptions to the GDPR (which has made lots of privacy advocates very grumpy), so even IF data is personally identifiable, it may still be legal to process that data, of it falls under one of those exceptions and is clearly laid out in the privacy statement on the website.

now, if you can explain exactly where I’m wrong I’ll gladly admit to my shortcomings, but just going “nuh-uh! you’re wrong!” without any explanation is just plain rude.

read the text you copied carefully.

look up the parts you aren’t sure about.

understand what it is you are copy/pasting.

and then make a judgement on what i said.

here’s a handy summary of the GDPR in easy to understand language for you.

please read that carefully before posting more comments about the GDPR…

cheers,

a tired IT drone.

yes, that is also true!

i didn’t want to make the topic more confusing by including that kind of information as well…

for the average user it’s probably enough to know roughly what is covered.

technically, if you have a database with a direct connection between username and real name, then that would also be covered and would fall under “sensitive data”.

ANYTHING that directly correlates your real identity to any data is personal data.

(the rest I’m guessing you’ll already know, but for everyone else:)

for example: a UUID correlated with your fingerprint in a database would also fall under it.

even though it’s not your name (and kinda difficult to make an identification just by fingerprint if your prints aren’t otherwise in a system). just because it CAN be used to directly identify a natural person.

the primary intent of the GDPR is not really to protect people online (although it does that too, that’s secondary), but rather to protect sensitive information about people, especially in a state administration context. so: healthcare, employment, religion, and so on…

it also happens protects those things online!

but mostly it’s about preventing institutional abuse, state violence, unnecessary surveillance, discrimination, harassment, etc.

there’s reeeeally good reasons for the term “sensitive data”! ;)

Removed by mod

no, that’s wrong.

hi, i work in the EU, and the GDPR and related legislation is a big thing we regularly have to consider in our work.

“personal data” is NOT “anything connected to your username”.

“personal data” (more correctly, and usually, called PID; Personally Identifiable Data) is data that can be used to identify you, the natural person, not your online persona.

that means: your Social Security Number, your Passport Info, your Drivers License, your Date of Birth in combination with your Birth-Name/Real Name, your Home Address, your religious affiliation, your gender, your sex, your fingerprints, your DNA, etc.

anything that can be used to clearly identify you in real life.

so, for example, if a company requires your phone number and passport to register, they are not allowed to give that to any third party, without the users explicit consent. “Mr. Karl Marx, born 05. May, 1818 in Trier is our customer and here is his passport, phone number, home address, and all the associated data we have on him” <-- this is NOT ok under the GDPR.

on the other hand “OGcommunist1818 posted {seize the means of production today, comrades!}, at 10:30 am, CET, on server 127.0.0.1, which was sent to 10.0.0.1, 10.0.0.2, and 10.0.0.3, into their respective local storage” <-- this is perfectly fine under the GDPR, because none of that is clearly tied to the natural person: “Karl Marx, born 05. May in Trier”, even if it really was Karl that posted that, and even if we can guess from the username that it was probably Karl that posted that comment.

sending comments you make, your votes, your posts, etc., to another server is completely fine by the EUs data protection laws for 2 reasons:

• 1: it’s not personally identifying data in the first place
• 2: you agreed to this information being sent {wherever} when you made your account, so you gave your consent to your data being used in this way.

Our data protection/privacy laws are mostly concerned with data being sent WITHOUT user consent (through sale to third parties, data dumps, data leaks, hacks, etc.), they do not protect you from sharing your personal info with strangers of your own volition.

so, no, the EU does not forbid the fediverse and there certainly are no laws to support that notion.

Arthmoor is far from the worst the elder scrolls (and specifically the skyrim) modding community has to offer, lol

he’s one of the most famous weirdos, but there’s waaaaaaay worse among some of the most widely used mods’ authors.

the best example is probably Boris, the maintainer of ENB (a shader extension/injector), who is a famously fascist russian.

then there’s all the anti-woke modders (which mostly get banned from most platforms within hours/days). these aren’t that bad in the grand scheme, but they regularly cause huge shitstorms and hilarious modding sprees that can be best described as “extra, super gay” in protest.

ETA: one kinda famous incident was some guy modding out a SINGLE reference to a (probably, implied only) gay couple of dead skeletons. they’re not even really characters, they’re just set pieces lying around, but this dude thought “absolutely not!” and posted a patch that removed that like, single text line in a diary, from the game. suuuuper petty, borderline insane. anyway, nexus community, understandably threw a fit, nexus staff was super on board and went nuclear on the dude’s account, and a bunch of mods in the theme of “EVERYONE in skyrim is now super gay” sprung up on the front page of the skyrim nexus. so that was pretty funny!

but yeah…there’s regularly gross ass bigots around…'cause, you know…viking-themed fantasy land…

have i mentioned the frequent self-takedowns of mods in protest? yeah, that also used to be a big thing on the skyrim nexus…have fun trying to mod when some of the core frameworks just dissapear overnight just because someone was mildly offended by some bullshit…except like once or twice, when they actually kinda had a point…

at least with minecraft most of the mods, and as far as i know all of the big ones, are open source. skyrim’s are often closed source, so for a bunch of the core frameworks the community is built around there just isn’t an easy replacement. if the modders got mad, things used to just…break.

and then there’s the pedos…yeah. some folks keep trying to lewd the kids in skyrim…also get banned pretty much immediately, but like…you know.

sooooo…yeah…minecraft drama is suuuper tame by comparison!

it’s intense for the people involved, sure, but big picture wise it’s childs’ play…skyrim drama hits different.

requiring third party services is still problematic; i seriously do not trust any third party services to handle data as critical as ID.

having that leaked isn’t like having your passwords or nudes leaked…it can seriously ruin entire lives!

I’d honestly rather have the government directly involved than some fuck-off “we’re in it for the money”, “how cheap can we go before we start leaking” company…

that said, i completely agree with the rest of what you said!

only i think that age restrictions is the wrong solution for the problem at hand, because it doesn’t actually solve the problem.

the problem isn’t (just) “kids have access to social media too early”, the problem is “social media has become manipulative cesspool designed to brainwash entire populations”!

age verification doesn’t solve issues like election interference, rising violence, privacy violations, misinformation, disinformation, etc, etc.

what does solve most, if not all, of those problems is properly regulating social media companies!

and it starts with forcing those companies to have open source, verified algorithms, to prevent them from being able to claim “they’re committed to X”, while blatantly ignoring any and all regulation.

the real problem is that just about nobody actually knows how exactly the massive social media platforms serve content, and how little control users have over their own algorithms.

solve that problem, and kids can be online just fine again! just like you and i were!

it is possible to return to a better internet, but that requires actually solving the root of the problem(s) at hand, instead of getting distracted with things like age verification, which, again, is just mass surveillance by a different name.

problem here is as follows:

how would you verify the age of someone without government id?

the answer very simple: you can’t.

there is no (reliable) way to verify ID without government involvement, period.

“but it’s the companies responsibility!”

well, how are they going to verify anyone’s age?

that’s right! by checking some form of government ID (passport, drivers license, etc.)

how would they know wether an ID is legit or not? by comparing to a government database.

so it’s the government checking either way.

theoretically you could implement a hash-based system that’s secure by comparing only hashed values against a government API without ever actually saving user information anywhere, similar to how “login with google/apple/facebook” and so forth work, but i doubt there’s any government willing to spend the cash on such a system.

because that would actually work and could be made in privacy respecting way.

but because surveillance is the goal of any government trying to implement bullshit like this, it won’t ever be done this way…

remember: it’s always mass surveillance. never about “the kids”, or “the crime”, or whatever straw-man-of-the-week they pull out their ass at any given time.

also in the books!

the expanse is probably the most faithful reproduction of a book series ever.

especially considering it’s like, what?, 5 books they made into the series?

it’s almost a 1:1 translation into a different medium, which is hella impressive!

they cut some stuff here and there (more and more as the series goes on, for obvious reasons) but seriously, damn near everything about the main story is there!

there’s really good reasons for the fans demanding more of it after Netflix stopped production

i mean it’s a mathematical certainty that FPTP systems will eventually result in only 2 parties.

so it really is not up to the voters…