Bradford Mint
-
Posts
297 -
Joined
-
Last visited
Content Type
Forums
Blogs
Knowledge Base
Posts posted by Bradford Mint
-
-
21 hours ago, belindacarson said:
This is why I was asking if anyone had already made such a request.................
Ok Belinda so you are hereby nominated as the guinea pig!
You could start by making a forum post, or one on Twitter for giggles. I'm sure they'd not spot it. If you do choose to submit a support ticket (or just an email), their next course of action will be to request from you, such evidence (and only sufficient) in order to identify you as a natural person.
This is where it gets potentially interesting because if someone has signed up as a basic user, has no payment info on file, or any other documented identity information, it's pretty difficult to bind "bobjonessexyavatar" to a natural person and there the request would end.
Thus the natural person making the request would need to be making a request on the basis that they could actually be identified.
Further, an earlier response from Kyrah was accurate, the information that LL has is going to be what we give them. The bigger question that Lindal asked though would be interesting to find out, which is how they consider avatar information and whether it's data about the natural person and if so is chat log included?
Finally, out of pure coincidence, as I was typing this, the following arrived in my email:-
GDPR: Your Actual Questions Answered - no presentation, open mic Q&A (It's a session hosted by BrightTalk, just in case the link doesn't post or work)
-
13 hours ago, Kyrah Abattoir said:
I must have missed an episode there, wasn't this a topic to get some free USB sticks?
No, the topic still says "GDPR requests". If a request is made to an organisation for such data that could not be sent via post and where they have not thought ahead and provided a publicly accessible portal, their options are limited in how they supply that information, one of them being USB sticks.
In the case of a handful of organisations that have earned my venom, then absolutely, GDPR provides a vehicle to waste their time. The particular organisations that I refer to are ones with whom they have chosen to destroy any good will and are far from a normal supplier/customer relationship and many orders of magnitude beyond just being an unhappy customer, however, the specifics are irrelevant here.
Given that this was already stated much earlier, I strongly suspect anyone else reading my musings could have come to the conclusion that my question "Fancy some free USB sticks?" would have been somewhat tongue in cheek.
I wholeheartedly apologise for not being blindingly obvious in my prose but rest assured, I shall continue in just the same way.
-
1 hour ago, Wulfie Reanimator said:
The challenge here is that all of your employees must be made aware of GDPR so that they can recognize when a request is being made. "Handling it accordingly" can mean "bringing the request up the chain so someone can actually fulfill the request." If they fail to recognize the GDPR request, they'll ignore it without telling anybody, which is an illegal outcome.
It does not imply that all of your employees must be able to access that personal data. That's just a security breach begging to happen.
Correct and that's why I originally said I think this part is ridiculous. It doesn't help anyone to have such vague processes.
-
1 hour ago, Rhonda Huntress said:
I did find this about fees.
3. Dealing with excessive requests
You cannot ordinarily charge a fee for complying with a DSAR – the £10 fee under the DPA 1998 has been scrapped. However, if a DSAR is “manifestly unfounded or excessive” you are able to:
- charge a “reasonable” fee to comply with the DSAR; or
- refuse to deal with the request at all (GDPR Article 12(5)).
So who gets to say the request is unfounded? And just how much is reasonable?
Yup and if you ask a car park operator who captures your car in the street and you have that data removed but then they keep capturing it because you drive down that street regularly, why should a data subject who has no contact with them, only be permitted to check ONCE and thereafter have to pay?
-
1 hour ago, Kyrah Abattoir said:
You know it almost seems like some of the people in this topic want to use the GDPR just as a way to be annoying and a waste of time for businesses...
No I don't think there's any need to be obtuse and say "some people", you can direct it straight to me, that's no problem and yes, when some companies play fast and loose with rules, they earn the response.
-
1
-
-
4 minutes ago, Mollymews said:
the waiter will handle it accordingly by referring you the diner to reception. The receptionist will handle it accordingly by referring you to their supervisor
Nope, not how it works. I did ask if you've gone through this process or not?
I have, numerous times.
More fun to be had when the organisation points you to their form to fill in, the form itself must state on it that there's no requirement to use the form.
Been there done that, got a wardrobe of t shirts.
-
It doesn't, that's the fun part!
Here's the take on this from the UK Information Commissioner's Office, the dept responsible for enforcing GDPR, as enacted by "Data Protection Act 2018". I hope that we can agree that their opinion trumps yours?
It's made quite clear:-
"How do we recognise a request?
The GDPR does not specify how to make a valid request. Therefore, an individual can make a subject access request to you verbally or in writing. It can also be made to any part of your organisation (including by social media) and does not have to be to a specific person or contact point.
A request does not have to include the phrase 'subject access request' or Article 15 of the GDPR, as long as it is clear that the individual is asking for their own personal data.
This presents a challenge as any of your employees could receive a valid request. However, you have a legal responsibility to identify that an individual has made a request to you and handle it accordingly."
-
1 minute ago, Mollymews said:
the regulation is here: https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1568475755000&uri=CELEX:32016R0679
I know
-
Top tip: read the rest of the articles before arriving at the wrong conclusion.
-
46 minutes ago, Lindal Kidd said:
Really!? This could be interesting...would this mean that if I asked LL for "all data" on me, they'd have to include their chat and IM logs?
Of course, I'm not in the EU, so GDPR doesn't apply to me. But I mean, if I was?
GDPR only applies to natural persons, I wouldn't expect an avatar chat log to be considered as data, however, some people want to believe it's aggregate data that can be related to a natural person but this is only the case IF you're LL with access to the databases.
Probably one for a legal challenge to interpret accordingly.
I'm not going to ask LL though, I don't harbour hateful tendencies in their direction. Those are where my requests go and usually in a deliberately obtuse way to cause the maximum disruptive effort. Example, a UK parking company that basically operates a racket, complete scum.
In the UK, a person can expect to be captured on at least 30 CCTV systems PER DAY. That's not cameras, that's systems.
If only everyone would submit data requests for CCTV from car parks infected by such companies, they'd go out of business dealing with the requests instead of having capacity to issue tickets in the way that do.
One claimed, "we only have number plate ANPR, it's not CCTV". Then in the results of the request produced a bunch of full colour pictures of various cars that I own, including a data breach by including other subjects than me, yielding knowledge of that person's whereabouts at the time.
If nothing else, by removing the previous £10 cost of accessing data, it allows for some entertainment.
-
You misunderstand the GDPR wording and don't seem to have made any requests?
It doesn't state that the first person you ask has to be the person who responds, only that the data subject may position the request to anyone. It is not acceptable under GDPR to only respond by instructing the data subject to a specific entity, not to use a particular form, regardless of how the organisation processes the request internally.
In your example, the waiter would need to inform an appropriate person internally who may follow up.
It's quite simple, the articles defining GDPR are easy enough to read.
-
GDPR places no specific requirement on the data subject as to how the request is made.
LL may *ask* you to fill in a support ticket but it's equally valid to make a verbal request (for example) to any employee at any level. Nor does any specific phase need to be used. It is a requirement that employees are suitably trained to recognise requests for a subjects data and act accordingly.
Frankly, in my view, this is the most ridiculously unworkable methodology created but that's how it is.
However, if you have a particular loathing for an organisation, it's definitely a route rich in entertainment.
GDPR has certainly enabled some benefits. Banks try to charge for old statement reissue. No problem, ask for all your data. Bingo, old statement data.
Fancy some free USB sticks? No problem, just make some requests to include CCTV footage. I highly recommend doing this at airports you may visit, I like to think of it as job creation for CCTV footage review operators as well as keep their identification skills fresh.
What can I say but "Thanks Heathrow airport!"
-
18 hours ago, chardonay Babii said:
Assuming data encryption makes data theft impossible as stated what happens in the event of the following..
Just to be pedantic, data encryption doesn't make data theft impossible. The data is in two forms, either at rest or in motion.
In the case of encrypted data which is sitting on a disk which is not being powered, then it's at rest and generally pretty secure (depending on the security of the key), however, that won't be the case with a database which is being accessed all the time.
In this case, the data will be accessed and a running process will have a copy of the block cipher key in memory and the data when it is decrypted will be in a clear text state in memory.
The general concern is for a "database" being physically stolen where it is considered that the data is secure due to the attacker not having knowledge of the key. However, the astute attacker isn't interested in trying to brute force the encryption, that's not feasible but rather the attack is to either obtain the data in a decrypted state, i.e. while it's in that state in memory, although this is also largely pointless because the attackers view would only be of that portion of data presently being accessed.
So, the attacker is really interested in getting hold of a copy of that block cipher key while it's in memory. With that and the static database then they're good to go.
It would also be expected that the database is not necessarily entirely encrypted with the same key but in blocks, however each key is derived in some way from the previous one thus overall knowledge of this is where the fun happens.
Anyway, the above does require an advanced attack.
I'm still more curious as to whether LL will be storing the PII which is being submitted because once the user has been validated, the only thing they need to keep is the status which indicates as much. Will they be storing PII in the form of government documents which have been scanned and if so why? Overall, i'm not really fussed one way or another, just curious.
-
1
-
-
16 hours ago, Scylla Rhiadra said:
Is there an actual consensus among those knowledgeable about such things that this is indeed so? I'm not challenging your statement, but rather asking if you know yourself, or have seen others who are in a position to know, that these are in fact "state of the art" protections?
Well there's not really going to be much in there that's not pretty much industry standard, that is to say there's a database of our data, enciphered with an appropriate symmetric cryptographic algorithm (Likely AES256), where the key is protected by an asymmetric key pair of a modern algorithm (probably an elliptic curve), where the private key was generated in an HSM (Hardware Security Module), where the HSM may or may not be FIPS-140-2 (or now possibly even level 3) validated. All of this is pretty run of the mill for military, government, financial services.
Access to the data centre itself should be mandating multifactor authentication and likewise they mention logical system access via multifactor tokens and also a large part of the overall security will be implemented not only by technical constraints but also by policy and procedure. Again, all standard operating practice for this sort of scenario.
So just to throw some darts at the board...
"Our engineers created a new “personal information vault” project. This vault uses modern algorithms to encrypt sensitive information in a way that would require both enormous computing power and an enormous amount of memory for an attacker to crack… if they could even get a copy of the encrypted data."
We're using standard AES256 cipher for block encryption and Elliptic Curve cipher for the Asymmetric key. Private key marked as non exportable and held in an HSM.
"And all of this new encryption is wrapped around the encryption we already used - encryption which was the industry standard at the time."
Yeah, that's the "We already encrypted the database with standard ciphers such as AES256 but in SL we only stored the key in software".
"These are entire new layers using encryption technologies which didn’t exist when Second Life was new. "
Well hmm... https://en.wikipedia.org/wiki/Elliptic-curve_cryptography
History
The use of elliptic curves in cryptography was suggested independently by Neal Koblitz[7] and Victor S. Miller[8] in 1985. Elliptic curve cryptography algorithms entered wide use in 2004 to 2005.
"Even after all of these changes, the old protection remains in place at the bottom of that stack. Figuratively speaking, we locked the old vault inside a bigger, stronger vault. We chose an approach where we didn’t need to decrypt information in order to enhance your protection. "
This is consistent in my mind as to "vault within a vault" being an encrypted database with a better protection for the block cipher key. No need to decrypt what was already there, just provide stronger key protection, the symmetric block cipher key remained the same.
"There is another key part of this project: Our storage mechanisms for sensitive customer information are now isolated from Second Life. The information isn’t stored at the same physical location anymore, and hasn’t been for a while. But the difference is more than physical. "
Means "We had to buy a bigger USB stick to throw it across the room"
"Second Life’s servers do not have direct access to Tilia information that isn’t required for daily Second Life usage. Even developers who have worked at the company for a dozen years - developers who have full access to every last Second Life server - do not have access to the servers that store and protect the most sensitive information. A policy of least privilege means fewer opportunities for mistakes. "
Did those developers EVER have full access to our data and if so why? That should never have been a requirement. Even in the case of development, that should be on a development environment without live data, the live data shouldn't ever be accessible - period!
"This means that compromising one database inside of Tilia is insufficient to decrypt and correlate sensitive data without compromising a different service."
A segmented architecture, multiple databases, each with its own symmetric key, protected by own key pair thus would require compromise of multiple keys/systems, yes normal stuff here.
"We have deployed numerous commercial products which help monitor for access, abuse, or data copying attempts for data that is made available to Tillia employees. This means that even an attacker with all employee access credentials, access to employee multifactor authentication tokens, and all Tilia access permissions would still face some challenges in avoiding early detection. "
We've installed Splunk because it's free! Joking aside, they've deployed one or more SIEMs (Security Information and Event Management software) and some IDS (Intrusion Detection System) software to monitor along with probably some agent based software to monitor PC behaviour and possibly thrown in some CASB (Cloud Access Security Broker) software just for fun.
What I haven't seen is any mention of how they'd handle the situation where a family member or two is kidnapped and the attackers have set up a live feed of the electric drill being held to the eyeball of the staff members youngest child. Which when the prize is rich enough is the upgraded version of:-
Overall, what Soft Linden describes and what I believe (I also believe in aliens), is distilable to pretty much standard good operating practice for the service being operated.
There are also existing services which allow a user to scan government documents, take a selfie, have that validated and a confidence factor returned to the calling service. No data is stored, there's no need once the ID result is validated. I'd be curious to know why LL hasn't gone down this route.
I note that Soft Linden didn't explicity call out blockchain anywhere but they may or may not be playing with that too, because some people feel it's trendy!
All of the above is based upon supposition and interpretation of the end user facing blurb posted below and I have no further insight other than the ability to read and interpret based upon experience.
-
3
-
2
-
-
5 minutes ago, Alyona Su said:
With regard to personal, private information about you being sold, Facebook, as horrid as it may be, is tame as compared to another. You should never, ever read and try to understand the Terms of Service with anything Google. Or, at least, only do so after preparing yourself by pre-checking into hospital so they will have the defibrillator charged and ready to go.
Anyone who uses Google Chrome has no business whatsoever being concerned in any way about privacy.
Google is my backup, should I develop Alzheimer's.
-
6
-
-
On 7/4/2019 at 6:53 AM, Jilroxy Bonetto said:
- Have you ever thought about the fact, that UK is about to leave the EU? (Brexit)
If this happens, it is very likely, that the UK will have their own regulations outside the GDPR etc. -
Absolutely nothing will change due to Brexit.
Each EU member state implements the EU Directives in local legislation. The UK implemented GDPR when it enacted the Data Protection Act 2018.
In other words, the essence of GDPR is already and will remain UK legislation.
What LL has failed to do, is describe in plain English and not legalese, the privacy terms it would seem. This is a requirement of GDPR compliance.
-
1 minute ago, TempestKittie said:
There is no way they are getting any form of ID other than my credit card to tie to my second life account..
Just take a second to think about what it actually means. They will be storing said information...
They will, so they'll probably just not even bother to thank you for your interest in the service, sad to see you go etc. You won't get that but if you want to be able to perform the services that they require verification for, you won't be able to use those or SL at all if compliant with the new TOS is enforced pre login.
LL says "Bye"
-
1 hour ago, Chocosis said:
While I can understand the need for photographic government ID for the purposes of Tilia and complying with US law...you've specified that countries outside of the US will require government-given photographic identification.
I'm in the UK. The government doesn't give out photographic identification. The DVLA gives out driving licenses, which are photographic, but not valid under these terms as it's not quite the full government, it's a separated arm of it. Please consider this for creators in other countries, as I don't know the details of Liechtenstein's government, or Sweden, or wherever.
There's also the whole thing where giving Tilia the (what should be) very private information that is your unique identifier as a citizen of your country is a very bad idea. You claim that it is encrypted and secure, but not of how. Sure, the trick to keeping things encrypted is to not tell people how, but I'd like to know at least if you're not just keeping these extremely important documents underneath one layer of probably already cracked security. The US is the exception to this example, since you're using your social security number for...everything. Which is really, really bad. Over here, only three parties should ever get your personal identification number. The government (who gave it to you in the first place, as well as the DWP for tax and benefits purposes), your current employer (if you have one), and you. That's it. Otherwise, that number stays hidden, since anyone with it can fully steal your whole identity. This is why we don't use that number for everything, like the US does. (Though to expand on the UK identity theft, they've gotten a lot better at multiple forms of ID these days, so it's a lot safer in the rare case that you do have that number stolen.)
The point is, your Tilia lawyers will need to check on which forms of photographic ID are valid in what countries. I know that international law is real messy and vague, but it's worth doing. It'll streamline the process for consumers, and won't be so much hassle when trying to identify some Bolivian school club ID as "government-issued".
You may also want to reword your news post, as it took me reading this whole thread to understand that the ID was only needed if you cashed out any USD. The news post is vague, and feels as if everyone needs to send in ID. @Leannyn said the same thing not too long ago in this very thread. Fix that, or this thread will get a lot bigger than 12 pages.
For the FAQ, or tl;dr:
- What form of security will our documents be kept under?
- Will this apply to people who only buy L$? (i know this has been answered in the thread already, but it may as well be in the FAQ too)
- What will you do for countries whose governments do not give out photographic identification?
- Do these changes mean no more fees when buying L$?
- Will Tilia work directly with banks, instead of with PayPal, as using PayPal is an issue for many European and Asian users?
- Are you supplying sufficient support to the creators, who will likely be the ones most affected by these changes?
I hope you are able to fix this mess.
Nowhere does it mention photographic ID, nor for UK or EU users.
The started requirement is for "government issued ID"
When you recently had the opportunity to vote, some areas were required to take ID. The voting form described what was acceptable in the case of no passport, no driving licence. It's not rocket science.
-
1 minute ago, Tokeya Tank said:
They stated that we won't need to create a new username and password, username I can get, but a password should be salted and hashed and ONLY work for the site that you signed up for it with, since they can't just transfer over the salted and hashed password it stands to reason that to create an entirely new account using my original username and password they would have to have access to my password in plain text.
Nope, as previously stated by someone else, LL could just act as an identity provider. There's no reason to transfer or create anything.
-
16 minutes ago, Fionalein said:
Btw. Tilea needs seperate EU servers for EU customer data to remain GDPR compliant, have fun solving the constraints of international business, LL
Not the case at all.
Edit: Fionalein, adding a laugh reaction doesn't make you any more correct. Data sovereignty and data handling are not the same thing.
-
1
-
-
1 hour ago, Angela Levenque said:
Hello guys!
I want to ask around what is the perfect way to charge an admin about a lawless ban?
Ok seriously, create a JIRA to ask for this as a new feature. That's how things get done around here.
Might have to wait a decade or so and even then it still won't get done but that's the process.
-
3
-
-
Right, that's it!
No Valentine's Day card for you either.
-
3
-
-
6 hours ago, Scylla Rhiadra said:
And to the men who have supported us, a thank you: we need you with us too!
You're welcome, you wouldn't be here without our contribution.
-
Remind me to go and report every other thread that goes off topic. I'll expect all off topic posts to be removed from those too!
Precedent set.
Facebook
Instagram
Twitter
YouTube
Flickr
GDPR requests
in General Discussion Forum
Posted
Probably, dunno, can't remember but in all honesty, I would be surprised if a SAR resulted in anything other than provided RL info but could also include conversations in both written and verbal form (if the call was recorded) with any employees about avatars, where the RL person was identified at the time.
We'll know after Belinda has a go.