Earlier this year the E.U. brought in G.D.P.R., an important new law on internet data protection. This affected so many people – not just the people who got paid to implement it, but as we all know, every time anyone uses the world wide web, they are hassled by “Agree” buttons, almost endlessly in my experience.
This seems to be a step backwards to me. If you always click Deny, then your internet experience will be limited, and if you always click Allow, then what’s the point in having it? People don’t have time to read the rules over and over again, right? Once you’ve decided which you’re going to click, Agree or Deny, a few times, it just becomes automatic and in your “muscle memory” (or whatever the brain’s equivalent of muscle memory is).
With this website, I have to be careful regarding data protection of course, but although I have spent some time thinking about it and researching it, I am only one man and I don’t have an expert understanding of law. I have decided to not take much action so far, other than a few basic steps as recommended to me by my WordPress console and emails.
So why is it important anyway? Well, a number of people have registered on this website, so I have their email addresses on a remote database.
Does the owner of this website have the users’ passwords?
No, I don’t have the passwords, but I do have access to the hashes. It’s difficult to retrieve passwords from a hash, although would be easier for common passwords that can be found in a hacking dictionary (i.e. a big text file list of common passwords). I haven’t made any attempt to do this and I won’t, but if there were to be a security leak of the database then a hacker may do, and also in theory some employees of my web space provider might have access to these hashes.
But you don’t use https?
The databases themselves can only be accessed using network encryption, I believe. This website does not have https, though, so any password sent over the web could IN THEORY be intercepted, however this would be a hard job requiring skills and effort, not something for a casual script kiddie would be doing, I believe. The only real problem that could arise from this would be if a user was to reuse their password from another site, which is a bad habit – and in my opinion the real security threats from doing this lie in other places than a http login page (for example, someone looking over one’s shoulder as they type their password, or installing a keylogger on a PC in an internet cafe – these are more realistic risks). There is very little available of value in my databases themselves, mainly just a list of email addresses.
GDPR places an emphasis on active consent and the “death of passive consent”, meaning that users must actively agree to their data being shared. In this regard, I consider that this website complies, because I am the only one who has access to the database of email addresses and hashes (again, I do not have access to the passwords), so I am not sharing anything, and it is kept secure by my webspace provider’s security, they are a large company, and by the user’s act of submitting his or her own email, he or she is clearly intending that this website has their email address (and if they upload a profile picture etc, that too).
If you are at all concerned:
Please contact me immediately, I am happy to delete your account. Please remember, this is a HOBBY website, and I make NO money from it, in fact I pay a modest amount regularly to keep it running. And many thanks to all the readers, users, commenters and contributors.
If you would like to make a contribution to this website in the form of an article, do contact me, it can be anything – music reviews, advice about health, anything under the rainbow. I will gladly accept submissions from anywhere worldwide, in the English language (or about your own language but in English, I love learning about foreign languages!), and as long as they are reasonable I will put them on the website. It could just be a simple text file or a Word document that you email me – see the existing articles for an idea of the blog posts.