Hey y'all,

So I just had a new user log into my BBS, and left me some really interesting feedback, of which I actually think is awesome.

The question that I can't answer and wish I could, is this;
As I (as do most other BBSes do) collect certain data from users, such as IP addresses, email addresses, names, phone numbers, etc etc (assuming that real info is given), does this fall under some GDPR regulation of which we as
sysops need to put notices upon login to say something about?

My very limited understanding of GDPR is that companies and organisations
need to make sure they handle data appropriately, and allow the persons whom give personal data the rights set out in said regulation, however a BBS for almost all of them, are just hobbies, without any business use or intent.

Does a personal website fall under the same category if you capture the IP addresses of visitors, etc.


It's an interesting thought, and one that I am sure someone in here will be qualified to answer, so I'm asking it here because ... well y'all run BBSes
so it _could_ affect y'all too.

Thanks in advance to your responses, I can't wait to hear y'alls thoughts on this and to get a definite qualified answer to this question.

With blessing and fondest regards.

---
|14Best regards,
|11Ch|03rist|11ia|15n |11a|03ka |11Me|03aTLoT|11io|15N

|07ÄÄ |08[|10eml|08] |15ml@erb.pw |07ÄÄ |08[|10web|08] |15www.erb.pw |07ÄÄÄ¿ |07ÄÄ |08[|09fsx|08] |1521:1/158 |07ÄÄ |08[|11tqw|08] |151337:1/101 |07ÂÄÄÙ |07ÄÄ |08[|12rtn|08] |1580:774/81 |07ÄÂ |08[|14fdn|08] |152:250/5 |07ÄÄÄÙ
|07ÄÄ |08[|10ark|08] |1510:104/2 |07ÄÙ

--- Mystic BBS v1.12 A47 2020/09/27 (Linux/64)
* Origin: thE qUAntUm wOrmhOlE, rAmsgAtE, uK. bbs.erb.pw (21:1/158)

111
Thus spake MeaTLoTioN:

Hey y'all,

The question that I can't answer and wish I could, is this;
As I (as do most other BBSes do) collect certain data from users, such as IP
addresses, email addresses, names, phone numbers, etc etc (assuming that real
info is given), does this fall under some GDPR regulation of which we as sysops need to put notices upon login to say something about?

My very limited understanding of GDPR is that companies and organisations need to make sure they handle data appropriately, and allow the persons whom
give personal data the rights set out in said regulation, however a BBS for almost all of them, are just hobbies, without any business use or intent.

Does a personal website fall under the same category if you capture the IP addresses of visitors, etc.

It's an interesting thought, and one that I am sure someone in here will be qualified to answer, so I'm asking it here because ... well y'all run BBSes so it _could_ affect y'all too.

Thanks in advance to your responses, I can't wait to hear y'alls thoughts on
this and to get a definite qualified answer to this question.

Honestly, I could see it going either way.

One section seems to say you must be engaged in "economic activity". So that would be a no, unless you run a commercial BBS, or so I would think.

However, another part shows that it applies if you are engaged in offering "goods and services" regardless of a payment being required. Which a BBS could
























































































































be seen as doing, with message bases, door games and file areas.

While personally, I wouldn't see it being applicable, it's a hobby, and full contact information isn't regularly required to join a BBS anymore in my experience. I'm certain some scumbag lawyer could make the case for it though.








So let it be written, So let it be done.
--- AfterShock/Android 1.6.7
* Origin: HOUSTON, TX (21:4/111)

136
Re: GDPR and BBSes
By: MeaTLoTioN to All on Tue Oct 06 2020 05:33 pm

The question that I can't answer and wish I could, is this;
As I (as do most other BBSes do) collect certain data from users, such as IP addresses, email addresses, names, phone numbers, etc etc (assuming that rea info is given), does this fall under some GDPR regulation of which we as sysops need to put notices upon login to say something about?

If you are managing personal data you are subjected to these regulations. It does not matter whether it is a hobby or a multimegabuck corporation.

That said, individual EU member states are implementing their GDPR laws in different ways.

I am familiar with the Spanish way since I deal with Spanish customers. Long story short:

* You show each user or customer the Terms of Service with a list of the data you are storing.
* If they request you to delete their data, you do, unless you are forced to store such data in order to meet other obligations (believe me, this one is hell).
* You need to report any data breaches you face to authorities.
* You need a periodical third party audit.
* Unless you can take shelter in an exception (there are lots) you need a risk assesment report for the data you are managing.
* If your operation is "data focused" or "data intensive" (not well defined terms in the reglament) you need to hire a lawyer to work as a data protection delegate. That means you either have a lawyer in payroll or as an external colsuntant.
* You most likely need an official document that explains which data you are managing, how you are managing it, which people has access to the information and so on.

TL;DR: Hobbie services are impossible in Europe unless you ignore the law.


--
gopher://gopher.operationalsecurity.es
--- SBBSecho 3.11-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)

136
Re: GDPR and BBSes
By: Charles Pierson to MeaTLoTioN on Tue Oct 06 2020 02:00 pm

Honestly, I could see it going either way.

One section seems to say you must be engaged in "economic activity". So that would be a no, unless you run a commercial BBS, or so I would think.

However, another part shows that it applies if you are engaged in offering "goods and services" regardless of a payment being required. Which a BBS co be seen as doing, with message bases, door games and file areas.

While personally, I wouldn't see it being applicable, it's a hobby, and full contact information isn't regularly required to join a BBS anymore in my experience. I'm certain some scumbag lawyer could make the case for it thoug

Different countries implement it differently.

Here in Spain, if you have the name and the phone number of your uncles in a notebook you have an "archive with identifying personal information". It doesn't matter whether you are making money out of it or not.

It is unlikelñy you will be prosecuted for having an unregistered "archive" but in theory they could do in many cases.


--
gopher://gopher.operationalsecurity.es
--- SBBSecho 3.11-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)

On 06 Oct 2020, Arelor said the following...

TL;DR: Hobbie services are impossible in Europe unless you ignore the
law.

An interesting observation.
Does this mean that we sysops _should_ have disclaimers stating this and that?

---
|14Best regards,
|11Ch|03rist|11ia|15n |11a|03ka |11Me|03aTLoT|11io|15N

|07ÄÄ |08[|10eml|08] |15ml@erb.pw |07ÄÄ |08[|10web|08] |15www.erb.pw |07ÄÄÄ¿ |07ÄÄ |08[|09fsx|08] |1521:1/158 |07ÄÄ |08[|11tqw|08] |151337:1/101 |07ÂÄÄÙ |07ÄÄ |08[|12rtn|08] |1580:774/81 |07ÄÂ |08[|14fdn|08] |152:250/5 |07ÄÄÄÙ
|07ÄÄ |08[|10ark|08] |1510:104/2 |07ÄÙ

--- Mystic BBS v1.12 A47 2020/09/27 (Linux/64)
* Origin: thE qUAntUm wOrmhOlE, rAmsgAtE, uK. bbs.erb.pw (21:1/158)

MeaTLoTioN wrote (2020-10-06):

On 06 Oct 2020, Arelor said the following...

TL;DR: Hobbie services are impossible in Europe unless you ignore
the law.

An interesting observation.
Does this mean that we sysops _should_ have disclaimers stating this and that?

The problem is that FSXNet and most other FTNs and sysops don't care about the GDPR at all. So you have to explain what happens to messages posted by the user. I'm not even sure if FTNs can ever be GDPR compatible in practice.

Just showing a disclaimer is often not enough to make a service GDPR compliant.
























































































































You also should not ask for personal data that is not needed for providing the service as a requirement to login. Things like birth date, location / address, phone number, gender, full name cannot be verified anyway and are mostly useless. If you don't store these you don't have the responsibility to keep them secure and private.

I think the two most important things I would like to see as a user:

1. The ability to completely delete my account with all my data (and that it gets automatically purged after some time of inactivity, like 6 to 24 month).

2. The information/disclaimer that messages I post in Fidonet or some other FTN
























































































































are public on the web, archived forever by unknown people and cannot be deleted
























































































































from the internet.

---
* Origin: (21:3/102)

136
Re: GDPR and BBSes
By: Oli to MeaTLoTioN on Wed Oct 07 2020 10:27 am

Hey Oli,

1. The ability to completely delete my account with all my data (and that

it gets automatically purged after some time of inactivity,

like 6 to 24 month).

When you connect to a remote BBS, what is "your" data? (Apart from your name / address, etc) IE: Do the files you upload, the messages you post (both a local message bases and networked ones) count as "your" data?

I dont think the files do - but what if in the ZIP archive there was a file_id.diz that had your details in it?

If a Sysop posted a message along the lines of "we dont follow the GDPR, so if you dont want your personal information stored here, dont register" - would it be valid?

...ëîåï

... When people are free to do as they please, they usually imitate each other --- SBBSecho 3.11-Linux
* Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

I dont think the files do - but what if in the ZIP archive there was a file_id.diz that had your details in it?

This would be true specifically of the nodelists and infopacks that contain systems names and addresses in to reach...

---
|14Best regards,
|11Ch|03rist|11ia|15n |11a|03ka |11Me|03aTLoT|11io|15N

|07ÄÄ |08[|10eml|08] |15ml@erb.pw |07ÄÄ |08[|10web|08] |15www.erb.pw |07ÄÄÄ¿ |07ÄÄ |08[|09fsx|08] |1521:1/158 |07ÄÄ |08[|11tqw|08] |151337:1/101 |07ÂÄÄÙ |07ÄÄ |08[|12rtn|08] |1580:774/81 |07ÄÂ |08[|14fdn|08] |152:250/5 |07ÄÄÄÙ
|07ÄÄ |08[|10ark|08] |1510:104/2 |07ÄÙ

--- Mystic BBS v1.12 A47 2020/09/27 (Linux/64)
* Origin: thE qUAntUm wOrmhOlE, rAmsgAtE, uK. bbs.erb.pw (21:1/158)

alterego wrote (2020-10-07):

When you connect to a remote BBS, what is "your" data? (Apart from your name / address, etc) IE: Do the files you upload, the messages you post (both a local message bases and networked ones) count as "your" data?

I dont think the files do - but what if in the ZIP archive there was a file_id.diz that had your details in it?

An upload of new version of Minimus BBS 4.01 wouldn't count. I think messages would count as personal data most of the time.

If a Sysop posted a message along the lines of "we dont follow the GDPR,
so if you dont want your personal information stored here, dont register"
- would it be valid?

I don't think so. You cannot opt out of the GDPR.

I still don't know how the GDPR can be applied to federated systems. It's simpler with walled gardens like facebook or web forums. At least you would need some informed consent that it's impossible to get back control of posted messages. IMHO FTNs are incompatible with the GDPR, on the other side the GDPR might be incompatible with other laws or not apply fully. It would be strange if an amateur communication network would become illegal, because of the GDPR.

---
* Origin: (21:3/102)

136
Re: GDPR and BBSes
By: alterego to Oli on Wed Oct 07 2020 11:13 pm

When you connect to a remote BBS, what is "your" data? (Apart from your name address, etc) IE: Do the files you upload, the messages you post (both a loc message bases and networked ones) count as "your" data?

I dont think the files do - but what if in the ZIP archive there was a file_id.diz that had your details in it?

If a Sysop posted a message along the lines of "we dont follow the GDPR, so you dont want your personal information stored here, dont register" - would be valid?

"Your data" is any information that may identify you as far as data confidentiality laws go.

However, messages etc may be covered by other laws. For example, if I post a short story I may invoke Berna "copyright powers" to mess with you because you are hosting a literary piece I authored. SInce you don't have an army of lawyers you donñ t have a Terms of Service that reads slong the lines "You grant us the right to hold and publish your messages for XXXX days by signing up to the service".

If you don't want to deal with the GDPR your only safe bet is to enforce a ban against European users and connections. The GDPR itself says services out of the EU are prosecutable for GDPR violations. Of course international law does not work that way - try going to China and filling a GDPR claim - but you cannot just boot a service and say "We are not GDPR compliant, take us or leave us" as far as GDPR is concerned.

I think all this just comes to show what a frigging mess these laws are.

--
gopher://gopher.operationalsecurity.es
--- SBBSecho 3.11-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)

On 06 Oct 20 17:33:25, Meatlotion said the following to All:

As I (as do most other BBSes do) collect certain data from users, such as IP addresses, email addresses, names, phone numbers, etc etc (assuming that rea info is given), does this fall under some GDPR regulation of which we as sysops need to put notices upon login to say something about?

A BBS is a non-commercial enterprise so the various provisions of the GDPR do not apply. You likely do not employ hundreds of people nor do you have an IT department, a "privacy officer" or data controller as set forth in the
GDPR.

Someone who calls a BBS and creates an account does so knowing that
these are amateur systems ran on someone's computer. The contents of a BBS are in most cases not searchable by the Internet so privacy really comes down to the account itself. Many BBS callers don't give their real info... I don't.

Likewise for an FTN. An FTN is not a commercial network. A Sysop makes the decision to join and be listed in an FTN otherwise you would not be in a nodelist that in some cases is Internet-searchable. So a great majority of
the GDPR does not apply in that case either.

Common sense stuff really...

Atreyu

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (21:1/176)

136

I think all this just comes to show what a frigging mess these laws are.

I like the GDPR for a site of any size, mostly because I'd really rather
never have tailored ads or tracking that surveils me across the internet.

But, yeah, on the fringes it doesn't make a whole lot of sense. It does seem like a, "You must be gaining revenue from advertising" would be helpful, or _some_ sort of carveout for non-commercial, generally on-the-level situations.

Or basically something where you're not expected to follow it if you're
making too little revenue to be able to afford a lawyer to hold your hand through complying with the process.

--- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
* Origin: Storm BBS (21:2/108)

136
Re: Re: GDPR and BBSes
By: Adept to Arelor on Wed Oct 07 2020 08:31 pm

I think all this just comes to show what a frigging mess these laws are

I like the GDPR for a site of any size, mostly because I'd really rather never have tailored ads or tracking that surveils me across the internet.

Honestly, as far as I know, most users are being offered a ToS box with a big "I accept the ToS and cookies of this site", which they click. Then they get all the tailored ads and data collection just the same way they used to do before cookie laws and GDPR.

Meanwhile some clinics are expected to hire a data protection delegate in order to fill the paperwork, for storing clinical documents which are kept in safes, assigned to a single doctor each, and never leave the facility - ie just like before GPDR, but having to keep an extra lawyer in the whole deal.

Seriously, if they want to show me they are concerned for privacy, they should make it so I can use an Android phone and trust it is not running a shitload of telemetry services. Forcing Google to have more lawyers is just sugarcoating manure.


--
gopher://gopher.operationalsecurity.es
--- SBBSecho 3.11-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)

136
Re: GDPR and BBSes
By: Oli to alterego on Wed Oct 07 2020 03:46 pm

If a Sysop posted a message along the lines of "we dont follow the GDPR,
so if you dont want your personal information stored here, dont register"
- would it be valid?

I don't think so. You cannot opt out of the GDPR.
I still don't know how the GDPR can be applied to federated systems. It's

simpler with walled gardens like facebook or web forums. At least you would need some informed consent that it's impossible to get back control of posted messages. IMHO FTNs

Yeah, I think that was where I was going.

So if there was a message at registration that said something along the lines of "your data is shared within the FTN network to an unlimited number of unknown systems and cannot be redacted - so you sign up accepting that your data cannot be removed at your request to be 'forgotten'".

That would work right?

Its a curious law with good intention but in some respects impracticle implementation it seems. When I google search (or any search engine for that matter) and find my name (eg a nodelist), who is responsible for it being removed - google/search engine(s) and/or "x" number of systems that have the nodelist publicly available (that the "y" search engines indexed).

...ëîåï

... Tag line thievery's fun ...On to the next Geraldo!
--- SBBSecho 3.11-Linux
* Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

On 07 Oct 2020, Oli said the following...

1. The ability to completely delete my account with all my data (and
that it gets automatically purged after some time of inactivity, like 6
to 24 month).

I have that on mine.

2. The information/disclaimer that messages I post in Fidonet or some other FTN are public on the web, archived forever by unknown people and cannot be deleted from the internet.

Would be a good idea. May add that to my new user letter.

-=>Richard Miles<=-
-=>Captain Obvious<=-
-=>bbs.shadowscope.com<=-

--- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
* Origin: * Shadowscope BBS * (21:1/157)

A BBS is a non-commercial enterprise so the various provisions of the
GDPR do not apply. You likely do not employ hundreds of people nor do
you have an IT department, a "privacy officer" or data controller as set forth in the GDPR.

No I don't employ anyone to run my BBS or do anything with it, lol.. but what
I have been reading on government websites about GDPR, it looks like even personal websites have to think about GDPR, so from what I read a BBS being a non-commercial enterprise or not, would still be required by law to abide by certain GDPR regulations?

Someone who calls a BBS and creates an account does so knowing that
these are amateur systems ran on someone's computer. The contents of a
BBS are in most cases not searchable by the Internet so privacy really comes down to the account itself. Many BBS callers don't give their real info... I don't.

Yes this is also something that I thought about too, which is one of many reasons why the original question confuses me because I don't see any black
and white, um... I mean clearly defined right or wrong path.

Likewise for an FTN. An FTN is not a commercial network. A Sysop makes
the decision to join and be listed in an FTN otherwise you would not be
in a nodelist that in some cases is Internet-searchable. So a great majority of the GDPR does not apply in that case either.

Exactly, by the very nature of BBSes and their FTN's, some data has to be spread out beyond the original system from whence it came.

So far from the replies about this the one definitive thing I can pull out of it is to just ignore it because by definition of functionality a BBS would
have to be exempt from any GDPR regulations... this is quite probably the
wrong way to look at it, but it's all I can come up with right now.

I'm still looking for the "right" answer, if that even exists. I might have a chat with someone from my work who would deal with such a thing, to see if
they can offer any clarity to this.


Thanks for your thoughts and opinions, keep 'em coming.

---
|14Best regards,
|11Ch|03rist|11ia|15n |11a|03ka |11Me|03aTLoT|11io|15N

|07ÄÄ |08[|10eml|08] |15ml@erb.pw |07ÄÄ |08[|10web|08] |15www.erb.pw |07ÄÄÄ¿ |07ÄÄ |08[|09fsx|08] |1521:1/158 |07ÄÄ |08[|11tqw|08] |151337:1/101 |07ÂÄÄÙ |07ÄÄ |08[|12rtn|08] |1580:774/81 |07ÄÂ |08[|14fdn|08] |152:250/5 |07ÄÄÄÙ
|07ÄÄ |08[|10ark|08] |1510:104/2 |07ÄÙ

--- Mystic BBS v1.12 A47 2020/09/27 (Linux/64)
* Origin: thE qUAntUm wOrmhOlE, rAmsgAtE, uK. bbs.erb.pw (21:1/158)

RE: Re: GDPR and BBSes
BY: MeaTLoTioN(21:1/158)

No I don't employ anyone to run my BBS or do anything with it, lol.. but what
I have been reading on government websites about GDPR, it looks like
even
personal websites have to think about GDPR, so from what I read a BBS
being a
non-commercial enterprise or not, would still be required by law to
abide by
certain GDPR regulations?

I don't really follow the current events, but I thought the UK left the EU? Or is that still to happen?

Andrew


--- WWIV 5.5.0.3247
* Origin: The Barbed Hook - barbedhook.ddns.net:2323 (21:1/182)

So I just had a new user log into my BBS, and left me some really interesting feedback, of which I actually think is awesome.

what was his feedback to you regarding GDPR?

i can't give you a qualified answer there, but i think it would be
necessary to inform about what data you store and for how long and that
you can delete his account data from your BBS.

Maybe some more information about Telnet and that it does not encrypt and
that ssh does encrypt his login data.

and an extra policy about using the fidonet compatible networks.

I think if you use all todays laws and regulations you cant even open up
a BBS at all anymore. But i am not a lawyer.

Mindsurfer

--- MagickaBBS v0.15alpha (Linux/armv7l)
* Origin: FuNToPia telnet://funtopia.ddnss.eu:2023 (21:3/119)

I'm still looking for the "right" answer, if that even exists. I
might have a chat with someone from my work who would deal with
such a thing, to see if they can offer any clarity to this.

Let us know what he says. I am afraid you would need a lawyer to get the
right answers and one of those answers could be. you can't run a BBS
legally nowadays.

Just look at the signup process. it is not encrypted. But thats one
importand thing with the GDPR. You would have to create a temporary login
and ask the user to come back with SSH for data encryption. BBSs are just
from a different time in technology and law. But i think there is no
exception for "old" systems in the GDPR.

Mindsurfer

--- MagickaBBS v0.15alpha (Linux/armv7l)
* Origin: FuNToPia telnet://funtopia.ddnss.eu:2023 (21:3/119)

I don't really follow the current events, but I thought the UK left the EU? Or is that still to happen?

We are "leaving", which means by the end of December this year, we will have left the EU.

According to the government website on GDPR, we will still generally be under UK GDPR regs, just not EU regs going forward. What that realistically means
for GDPR I don't know, I really don't know enough about GDPR in general.

---
|14Best regards,
|11Ch|03rist|11ia|15n |11a|03ka |11Me|03aTLoT|11io|15N

|07ÄÄ |08[|10eml|08] |15ml@erb.pw |07ÄÄ |08[|10web|08] |15www.erb.pw |07ÄÄÄ¿ |07ÄÄ |08[|09fsx|08] |1521:1/158 |07ÄÄ |08[|11tqw|08] |151337:1/101 |07ÂÄÄÙ |07ÄÄ |08[|12rtn|08] |1580:774/81 |07ÄÂ |08[|14fdn|08] |152:250/5 |07ÄÄÄÙ
|07ÄÄ |08[|10ark|08] |1510:104/2 |07ÄÙ

--- Mystic BBS v1.12 A47 2020/09/27 (Linux/64)
* Origin: thE qUAntUm wOrmhOlE, rAmsgAtE, uK. bbs.erb.pw (21:1/158)

On 06 Oct 2020, Mindsurfer said the following...

what was his feedback to you regarding GDPR?

"The new account process was a bit much, things like sex, birth date,
location, e-mail address etc. should really not be necessary to create an account. In fact in light of GDPR you might not even want to collect any of such information as it increases your liability should the data for whatever reasons become compromised."

I responded with this;

"I appreciate this feedback, the reasons I have kept that in is so that I can find out, for example;

* ratio between men and woman using my BBS

* the birthdate is useful to know the age of someone so you can tell whether
they're new to the scene or an old hat revisiting and remembering times of
old

* the location is nice to know because we can see where everyone is from and
how far and wide the BBS scene is reaching, who is visiting your BBS and
from where

* the email address is important because if you forget your password you
will get a reset code sent to the registered email address."


As for GDPR; this is a BBS, not an organisation, or company so I am not sure that it qualifies to be required to follow said regulation.

This is what the EU has to say about GDPR and who has to make sure they're handling data right.

"GDPR is a regulation that requires businesses to protect the personal data
and privacy of EU citizens for transactions that occur within EU member
states. And non-compliance could cost companies dearly."

That one sentence alone surely exempts this BBS and almost all others world wide. Unless the BBS is run by a business for it's business use, GDPR is irrelevant, no?

You have raised a good point though, and now I am curious about it. I will
have to go do some searching."


This user hasn't yet logged back in so I don't know if they've seen my reply.

I also don't know whether I should think more carefully about the data I ask upon registration, I mean it's all optional, and you don't have to fill it in with actual real info, most people don't anyway. Should I care whether a new user is 15 or 50? Should I care that they are a man or woman? Should I care that they're calling in from Margate or Mexico?

I do care, not for anything underhanded but because I want to get to know each person who joins and connects. I respond to every feedback I get, and sometimes if they call back I can get to know that person better.

---
|14Best regards,
|11Ch|03rist|11ia|15n |11a|03ka |11Me|03aTLoT|11io|15N

|07ÄÄ |08[|10eml|08] |15ml@erb.pw |07ÄÄ |08[|10web|08] |15www.erb.pw |07ÄÄÄ¿ |07ÄÄ |08[|09fsx|08] |1521:1/158 |07ÄÄ |08[|11tqw|08] |151337:1/101 |07ÂÄÄÙ |07ÄÄ |08[|12rtn|08] |1580:774/81 |07ÄÂ |08[|14fdn|08] |152:250/5 |07ÄÄÄÙ
|07ÄÄ |08[|10ark|08] |1510:104/2 |07ÄÙ

--- Mystic BBS v1.12 A47 2020/09/27 (Linux/64)
* Origin: thE qUAntUm wOrmhOlE, rAmsgAtE, uK. bbs.erb.pw (21:1/158)

On 08 Oct 2020, Mindsurfer said the following...

Let us know what he says. I am afraid you would need a lawyer to get the right answers and one of those answers could be. you can't run a BBS legally nowadays.

Just look at the signup process. it is not encrypted. But thats one importand thing with the GDPR. You would have to create a temporary login and ask the user to come back with SSH for data encryption. BBSs are just from a different time in technology and law. But i think there is no exception for "old" systems in the GDPR.

OK so I have had an answer from the guy at work who deals with this daily,
and I explain exactly why I am asking, what I do etc, and this is his reply;

"The material scope Art 2 (C) may be a weak argument in this case. Albeit you may be able to state this pursuit is purely personal. However, you are processing PII information and a lot of GDPR is about risk. E.G. is there a risk to the rights and freedoms of the data subjects on a large scale.

To cover yourself you can simply outline what happens to the data subject information when they sign up for the board and have a check box that state the data subject consents to your terms and conditions. This will demonstrate clear affirmative action. If you store any PII information try and also ensure it can't be compromised by having technical and operational measures in place such as encryption.

If anyone asks what happens to their data you need to be transparent and we usually do this by having a privacy statement. What these look like are outlined in Art 13/14 of GDPR.

These are simple measures your can take to cover yourself in case anyone tries to get cute with you."


Interesting to know, so where does this leave us as SysOp's? Are we legally obliged nowadays to post said disclaimer prior to the user registering and/or entering the BBS?

What are your thoughts to this new piece of information?

---
|14Best regards,
|11Ch|03rist|11ia|15n |11a|03ka |11Me|03aTLoT|11io|15N

|07ÄÄ |08[|10eml|08] |15ml@erb.pw |07ÄÄ |08[|10web|08] |15www.erb.pw |07ÄÄÄ¿ |07ÄÄ |08[|09fsx|08] |1521:1/158 |07ÄÄ |08[|11tqw|08] |151337:1/101 |07ÂÄÄÙ |07ÄÄ |08[|12rtn|08] |1580:774/81 |07ÄÂ |08[|14fdn|08] |152:250/5 |07ÄÄÄÙ
|07ÄÄ |08[|10ark|08] |1510:104/2 |07ÄÙ

--- Mystic BBS v1.12 A47 2020/09/27 (Linux/64)
* Origin: thE qUAntUm wOrmhOlE, rAmsgAtE, uK. bbs.erb.pw (21:1/158)

Re: GDPR and BBSes
By: Captain Obvious to Oli on Wed Oct 07 2020 08:59 pm

1. The ability to completely delete my account with all my data (and
that it gets automatically purged after some time of inactivity,
like 6 to 24 month).

I have that on mine.

There's a mod for Mystic available on Agency called dm-suicidev3.zip that allows a user to delete their own account.

Thier account will be maked as "DELETED" and then will get permanently removed the next time you run PackUserBase in mutil.

Jay

... Shout out to the people who ask what the opposite of "in" is
--- SBBSecho 3.11-Linux
* Origin: Northern Realms (21:3/110)

On 08 Oct 20 09:53:52, Meatlotion said the following to Atreyu:

I'm still looking for the "right" answer, if that even exists. I might have chat with someone from my work who would deal with such a thing, to see if they can offer any clarity to this.

Keep in mind something... what would happen if you didn't give a shit.

Its a lot like running a BBS as a teenager in the early 90's and some jackass threatens to "sue you" because you did something or told them to F off or whatever. My response at the time was, "go ahead". Spend the time, effort and money on a lawyer. I'll wait patiently. Never heard from that user again.

The court system has far better things to worry about than some silly BBS
ran by some silly hobbyist thats not even a for-profit operation in violation of some law that would likely need the testimony of a data expert to even have it explained to a judge.... "Tradewars? Should the SEC get involved?"

The court systems simply do not make examples of BBS's anymore like they used to in the aftermath days of Wargames where any mention of hacking was good
for headlines. Unless you dabble in kiddie porn or have a treasure trove of pirated goodies up for download, authority figures do not care about your BBS.

You have nothing to worry about; at worst you'll get an inquisitive letter, at best you'll be happily entertained here by everyone else with chicken-little theories about the men in black dramatically bursting through your door.

Atreyu

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (21:1/176)

136
Re: Re: GDPR and BBSes
By: MeaTLoTioN to Mindsurfer on Thu Oct 08 2020 11:36 am

"GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. And non-compliance could cost companies dearly."

That sentence includes businesses but does not exclude anything. This means, some other part of the document could demand you to follow the regulations despite you not being a business.

Seriously, you ought to check with your _local_ implementation of the law. Haven't you got a Data Protection Agency? You don't have to comply with the European law as much as you have to comply with local regulations, so take care to read the regulations that apply to your jurisdiction (which ouight to be shaped as to follow GDPR or be more strict than GDPR).

--
gopher://gopher.operationalsecurity.es
--- SBBSecho 3.11-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)

136

Ogg wrote to MeaTLoTioN <=-

What are your thoughts to this new piece of information?

There you have it. This is an interesting topic. But I think
for BBSes there is panic for no reason.

Panic? LOL

I don't think so. I could not give a rat's ass about this GDPR,
nor could nearly anyone else in the USA. Let the Euro-commies
fret about it all they want. We don't care.


... Post may contain information unsuitable for overly sensitive persons.
=== MultiMail/Linux v0.52
--- SBBSecho 3.11-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)

136
Re: Re: GDPR and BBSes
By: MeaTLoTioN to Mindsurfer on Thu Oct 08 2020 11:36 am

"The new account process was a bit much, things like sex, birth date, location, e-mail address etc. should really not be necessary to create an account. In fact in light of GDPR you might not even want to collect any of such information as it increases your liability should the data for whatever reasons become compromised."

I responded with this;

"I appreciate this feedback, the reasons I have kept that in is so that I ca find out, for example;

As a rule of thumb you don't want to host information that is not needed for your service to function.

Being curious about the nature of your users is a weak justification to store data.

Also, you have to apply data protection laws to people who is outside your jurisdiction too. A Chinesse person logging into your BBS is supposed to have the same data protection laws applied to him

--
gopher://gopher.operationalsecurity.es
--- SBBSecho 3.11-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)

136
Re: GDPR and BBSes
By: Ogg to MeaTLoTioN on Thu Oct 08 2020 09:27 am

If BBSes would fall under GDPR regulations, then why don't
regular people who store and record CID (Caller ID) on their
phones?

According to Spanish law, your contact addressbook is an archive of personal identifying information for all effects.

Welcome to Spain.

Sorry, I think it is spelled S-Pain nowadays.

Please, drag me out of this rotting place.


--
gopher://gopher.operationalsecurity.es
--- SBBSecho 3.11-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)

136
Re: Re: GDPR and BBSes
By: Gamgee to Ogg on Thu Oct 08 2020 10:08 am

Ogg wrote to MeaTLoTioN <=-

What are your thoughts to this new piece of information?

There you have it. This is an interesting topic. But I think
for BBSes there is panic for no reason.

Panic? LOL

I don't think so. I could not give a rat's ass about this GDPR,
nor could nearly anyone else in the USA. Let the Euro-commies
fret about it all they want. We don't care.

... Post may contain information unsuitable for overly sensitive persons.

I am as far from an Euro-commie as it can get, but if you don't at least *pretend* you care for cookie laws and similar rubbish, you'll be tattooing a target in your ass for the real Euro-commies to kick.

--
gopher://gopher.operationalsecurity.es
--- SBBSecho 3.11-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)

Re: Re: GDPR and BBSes
By: MeaTLoTioN to Mindsurfer on Thu Oct 08 2020 11:36:27

"The new account process was a bit much, things like sex, birth date, location, e-mail address etc. should really not be necessary to create an

"Sex" and "birth date" are a bit invasive, if compared with what other online services ask for. Many just want username and email address; users are unaccustomed to being asked for more than that.

That said, some people just want something to be mad about and have adopted "privacy" as their cause. It's a good choice; if you become a stickler for it, you'll see violations literally everywhere. You'll never want for outrage.

I once had somebody get upset about the "security issues" of me asking for: alias, email address, real-sounding fake name, and location. Of these, only "location" was truly unnecessary. And yes, I said "real-sounding fake name", which was just for FidoNet's sake.

* ratio between men and woman using my BBS

When you bring gender into the mix, you invite a whole new species of outrage. :)

* the birthdate is useful to know the age of someone so you can tell

whether

they're new to the scene or an old hat revisiting and remembering times of old

When you put questions like these (sex, birth date) into a signup process, many






















































































































people will assume it's *required* and that you're violating their privacy.

It might be better to create an optional survey that users can fill out, decoupled from registration,
maybe even anonymized or optionally anonymous. In a survey, you could ask more pointed questions about their motivations for calling your BBS, and their history with this medium, etc. It's a softer approach to gathering demographic info.

* the location is nice to know because we can see where everyone is from

and

how far and wide the BBS scene is reaching, who is visiting your BBS and from where

They're giving you this information just by connecting, so you could skip the question and do a geo-IP lookup. Not accurate if they're using a VPN or whatever, but they could also just lie when answering the question.

I do care, not for anything underhanded but because I want to get to know

each

person who joins and connects. I respond to every feedback I get, and

sometimes

if they call back I can get to know that person better.

I think the best way to get to know them is through conversation. We're just brains interacting over the internet. Personal details and physical matters will come up in discussion as they become relevant and as each party feels comfortable sharing.

Having said all of the above, I have not looked at my newuser process in a long






















































































































time, and I may even have a lot of questions enabled for testing purposes which






















































































































I don't actually care about the answers to.

As for GDPR; this is a BBS, not an organisation, or company so I am not

sure

that it qualifies to be required to follow said regulation.

I doubt if there's much to worry about. If a BBS operator is ever officially challenged on this point, it's unlikely to begin with a big-money lawsuit or a steep fine. You're much more likely to receive a warning and a strongly-worded letter. (Especially for those of us outside the EU.)

---
echicken
electronic chicken bbs - bbs.electronicchicken.com
* Origin: electronic chicken bbs - bbs.electronicchicken.com (21:1/164)

Re: Re: GDPR and BBSes
By: Arelor to MeaTLoTioN on Thu Oct 08 2020 10:09 am

As a rule of thumb you don't want to host information that is not needed for your service to function.

Exactly. On my board I ask for Handle, Real Name & Email address.

The only reason I ask for real name is for Fidonet. Email addresses is for account validation. Other than that, I don't care your gender or how old you are.

I'd rather not know. And if my board were to get "hacked" there's as little information as possible for the attacker to get their mitts on.

Jay

... How much money does a pirate pay for corn? A buccaneer
--- SBBSecho 3.11-Linux
* Origin: Northern Realms (21:3/110)

136

Honestly, as far as I know, most users are being offered a ToS box with
a big "I accept the ToS and cookies of this site", which they click.
Then they get all the tailored ads and data collection just the same way they used to do before cookie laws and GDPR.

I think that's how Facebook works (and Facebook is facing billions in
deserved fines over the GDPR (the fines are deserved regardless of the GDPR,
or if this particular aspect is what they get fined for)), but since arriving in the EU, I've noticed that most sites pop it up, I click on "more settings" or some other way of phrasing that (or in German, where I'm occasionally clicking semi-randomly), and it has several options on cookies, with the base functional ones turned on without an option, and all the other sorts of
cookies turned off by default.

It doesn't seem entirely universal, but it's common enough that I've gotten used to it.

--- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
* Origin: Storm BBS (21:2/108)

On 08 Oct 2020, MeaTLoTioN said the following...

"The new account process was a bit much, things like sex, birth date, location, e-mail address etc. should really not be necessary to create an account. In fact in light of GDPR you might not even want to collect any of such information as it increases your liability should the data for whatever reasons become compromised."

I tend to agree but not because of privacy reasons. The sign up and log in process for most BBSes is a drag. It takes forever to get into some boards.
A large percentage of the info that's asked for is useless now. Phone number and data number? Really? I ask for name, alias and email address and want to streamline the sign-in process to be as painless as possible. Was asking for location but I no longer do. If someone wants it on their profile they can
add the information later from the settings editor.

-=>Richard Miles<=-
-=>Captain Obvious<=-
-=>bbs.shadowscope.com<=-

--- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
* Origin: * Shadowscope BBS * (21:1/157)

On 08 Oct 2020, Warpslide said the following...

There's a mod for Mystic available on Agency called dm-suicidev3.zip that allows a user to delete their own account.

That's what I use. I've been meaning to edit the mpl to change the screens
and title as in today's world it's a bit insensitive but I haven't gotten around to it.

-=>Richard Miles<=-
-=>Captain Obvious<=-
-=>bbs.shadowscope.com<=-

--- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
* Origin: * Shadowscope BBS * (21:1/157)

On 08 Oct 2020, echicken said the following...

It might be better to create an optional survey that users can fill out, decoupled from registration,

I have taken on board the suggestions and thoughts of you and others, and
have decided to remove the need to ask for anything but "alias", "real-name" and "email" upon registration.

As you said, the "real name" is a "requirement" for Fidonet, however it
doesn't have to be a real "real name" just as long as it looks real-enough, right? =)

It's still a very interesting topic I find, and I'm eager to make the BBS a better experience for anyone wishing to connect, so I have streamlined that signup process to reflect this.


Thanks all for the advice and suggestions, very much appreciated.

---
|14Best regards,
|11Ch|03rist|11ia|15n |11a|03ka |11Me|03aTLoT|11io|15N

|07ÄÄ |08[|10eml|08] |15ml@erb.pw |07ÄÄ |08[|10web|08] |15www.erb.pw |07ÄÄÄ¿ |07ÄÄ |08[|09fsx|08] |1521:1/158 |07ÄÄ |08[|11tqw|08] |151337:1/101 |07ÂÄÄÙ |07ÄÄ |08[|12rtn|08] |1580:774/81 |07ÄÂ |08[|14fdn|08] |152:250/5 |07ÄÄÄÙ
|07ÄÄ |08[|10ark|08] |1510:104/2 |07ÄÙ

--- Mystic BBS v1.12 A47 2020/09/27 (Linux/64)
* Origin: thE qUAntUm wOrmhOlE, rAmsgAtE, uK. bbs.erb.pw (21:1/158)

136

Arelor wrote to Gamgee <=-

There you have it. This is an interesting topic. But I think
for BBSes there is panic for no reason.

Panic? LOL

I don't think so. I could not give a rat's ass about this GDPR,
nor could nearly anyone else in the USA. Let the Euro-commies
fret about it all they want. We don't care.

I am as far from an Euro-commie as it can get, but if you don't
at least *pretend* you care for cookie laws and similar rubbish,
you'll be tattooing a target in your ass for the real
Euro-commies to kick.

Understood, and that's gotta suck. Perhaps you should become a
(legal) immigrant to the USA. ;-)



... Pros are those who do their jobs well, even when they don't feel like it. === MultiMail/Linux v0.52
--- SBBSecho 3.11-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)

alterego wrote (2020-10-08):

Yeah, I think that was where I was going.

So if there was a message at registration that said something along the lines of "your data is shared within the FTN network to an unlimited
number of unknown systems and cannot be redacted - so you sign up
accepting that your data cannot be removed at your request to be 'forgotten'".

That would work right?

I'm not sure. Not informing the user would be clearly a problem. But I also doubt that the right to be "forgotten" can be easily negotiated.

I would argue that participating in an FTN is about keeping this communication technology and BBSing alive and it's impossible to do this without distributing






















































































































the nodelist and mails with all the consequences. I don't know if that would have any legal relevance.

Its a curious law with good intention but in some respects impracticle implementation it seems. When I google search (or any search engine for that matter) and find my name (eg a nodelist), who is responsible for it being removed - google/search engine(s) and/or "x" number of systems that have the nodelist publicly available (that the "y" search engines
indexed).

Avon asked for my personal data on joining the network. For me a user he is responsible for anything that happens to my personal data, especially for things that I didn't give consent for. (theoretica

I think I also can ask google to remove search results about me and sites that archive a nodelist with my name/location/ip/domain/phone to remove that file (or etnry).

Obviously the GDPR was created because of the Facebooks and Googles and all the






















































































































businesses that use their services and track users, collect data and sell it. It's a bit puzzling for things that are not a business, but also not "household






















































































































use".

I'm still curious if and how BBSing and FTNs are compatible with the GDPR or if






















































































































for some (unknown) reason the GDPR does not apply fully.

---
* Origin: (21:3/102)

136
Re: GDPR and BBSes
By: Ogg to Arelor on Thu Oct 08 2020 06:36 pm

Where would you go?

Somewhere with open ranges where my horses could be happy, I guess.

--
gopher://gopher.operationalsecurity.es
--- SBBSecho 3.11-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)

136
Re: Re: GDPR and BBSes
By: Gamgee to Arelor on Thu Oct 08 2020 06:36 pm

I am as far from an Euro-commie as it can get, but if you don't
at least *pretend* you care for cookie laws and similar rubbish,
you'll be tattooing a target in your ass for the real
Euro-commies to kick.

Understood, and that's gotta suck. Perhaps you should become a
(legal) immigrant to the USA. ;-)

I am still banging my head against a wall because I rejected a job offer from a 'murican company back in the day.

Maybe I could get a green card since I have contracts with Linux News Media and (soon) other American publishers, but taking my horse there would be sorta troublesome.

--
gopher://gopher.operationalsecurity.es
--- SBBSecho 3.11-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)

136
A quick GDPR primer:

Information that can be used to identify you (name, address, email address, phone number, personal identification number, photos of you) are included in GDPR as "personal information".

It can be argued that a BBS can be view upon as a private club and as such a BBS is exempt from GDPR since you are allowed to store any of the information listed above without consent from the user/member.



--- NiKom v2.5.0
* Origin: Delta City (deltacity.se, Vallentuna, Sweden) (21:2/130.0)

136

Ogg wrote to MeaTLoTioN <=-

What are your thoughts to this new piece of information?

There you have it. This is an interesting topic. But I think
for BBSes there is panic for no reason.

Panic? LOL

I don't think so. I could not give a rat's ass about this GDPR,
nor could nearly anyone else in the USA. Let the Euro-commies
fret about it all they want. We don't care.

Nor do we euro-commies care about the US-fascist Cloud act law which means we will (hopefully) soon be rid of Facebook and some other american cloud providers, hurting the US "uhconomy" even more. Ah yes - glorious times ahead.


--- NiKom v2.5.0
* Origin: Delta City (deltacity.se, Vallentuna, Sweden) (21:2/130.0)

136

Hello Arelor!

** On Thursday 08.10.20 - 10:14, Arelor wrote to Ogg:

If BBSes would fall under GDPR regulations, then why don't
regular people who store and record CID (Caller ID) on
their phones?

According to Spanish law, your contact addressbook is an
archive of personal identifying information for all
effects.

That's incredible. Since when does a gov't suggest that your
address book is their address book?

There is nothing illegal about being stupid. You could
stupidly delete the address book by accident if bullied. ;)

It would seem to me that if one were to be forced to disclose
said contents of such address book, then the very nature of
disclosing would be in contradiction to the very regulations
that insist that it should be "protected".

Welcome to Spain.

Sorry, I think it is spelled S-Pain nowadays.

:)

Please, drag me out of this rotting place.

Where would you go?

Your own personal phone records in your phone is *NOT* subject to GDPR regulations since you are a private person. GDPR was designed to protect individuals from having their identity and personal information misused by corporations for fraud or other kinds of attempts to use it for their own personal benefit (hello Facebook, Google, et al).

For fucks sake - read up on this stuff. It's not hard.


--- NiKom v2.5.0
* Origin: Delta City (deltacity.se, Vallentuna, Sweden) (21:2/130.0)

136
Re: Re: GDPR and BBSes
By: Joacim Melin to Ogg on Fri Oct 09 2020 12:15 pm

Your own personal phone records in your phone is *NOT* subject to GDPR regulations since you are a private person. GDPR was designed to protect individuals from having their identity and personal information misused by corporations for fraud or other kinds of attempts to use it for their own personal benefit (hello Facebook, Google, et al).

For fucks sake - read up on this stuff. It's not hard.

Maybe according to GDPR, but GDPR is the framework on which local regulations are built.

As such, local regulations can be as retarded as they want within the margins allowed by European regulations.

--
gopher://gopher.operationalsecurity.es
--- SBBSecho 3.11-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)

Re: Re: GDPR and BBSes
By: Joacim Melin to Ogg on Fri Oct 09 2020 12:04 pm

It can be argued that a BBS can be view upon as a private club and as such

a BBS is exempt from GDPR since you are allowed to store

any of the information listed above without consent from the user/member.

Wow really? Private clubs can get and keep that info that way? Can they use it for marketing purposes etc?

...ëîåï

... If only I could be respected without having to be respectable.
--- SBBSecho 3.11-Linux
* Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

136

Arelor wrote to Gamgee <=-

Re: Re: GDPR and BBSes
By: Gamgee to Arelor on Thu Oct 08 2020 06:36 pm

I am as far from an Euro-commie as it can get, but if you don't
at least *pretend* you care for cookie laws and similar rubbish,
you'll be tattooing a target in your ass for the real
Euro-commies to kick.

Understood, and that's gotta suck. Perhaps you should become a
(legal) immigrant to the USA. ;-)

I am still banging my head against a wall because I rejected a
job offer from a 'murican company back in the day.

Well, there are new jobs opening every day... :-)

Maybe I could get a green card since I have contracts with Linux
News Media and (soon) other American publishers, but taking my
horse there would be sorta troublesome.

Probably a little troublesome, but do-able.



... Forbidden fruit is responsible for many a bad jam.
=== MultiMail/Linux v0.52
--- SBBSecho 3.11-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)

Atreyu wrote (2020-10-08):

Keep in mind something... what would happen if you didn't give a shit.

I will keep that in mind for any rules (policies) in fidonet. why should anyone





















































































































give a shit about anything?

---
* Origin: (21:3/102)

On 09 Oct 20 15:33:24, Oli said the following to Atreyu:

Keep in mind something... what would happen if you didn't give a shit.

I will keep that in mind for any rules (policies) in fidonet. why should anyone give a shit about anything?

LOL, we're back to your Fidonet jealousy again are we...

My daughter has some tampons ready for your next little emotional meltdown.

Atreyu

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (21:1/176)

136
Re: Re: GDPR and BBSes
By: Gamgee to Arelor on Fri Oct 09 2020 07:59 am

Maybe I could get a green card since I have contracts with Linux
News Media and (soon) other American publishers, but taking my
horse there would be sorta troublesome.

Probably a little troublesome, but do-able.

Getting the greencard, or moving with the horses? :-P

One of them seems to be an Arabian cross. I bet the TSA would not let her in without a throughful background check and many questions.

"So, are you an spy for the arabs?"

--
gopher://gopher.operationalsecurity.es
--- SBBSecho 3.11-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)

Getting the greencard, or moving with the horses? :-P

Isn't that the same thing? :)

One of them seems to be an Arabian cross. I bet the TSA would not let her in without a throughful background check and many questions.

"So, are you an spy for the arabs?"

Or, "Is that horse a Musi extremist?"

Spec


*** THE READER V4.50 [freeware]
--- SuperBBS v1.17-3 (Eval)
* Origin: Scrawled in haste at The Lower Planes (21:3/101)

111
Thus spake Spectre:

Getting the greencard, or moving with the horses? :-P

Isn't that the same thing? :)

One of them seems to be an Arabian cross. I bet the TSA would not let her
in without a throughful background check and many questions.

"So, are you an spy for the arabs?"

Or, "Is that horse a Musi extremist?"

A horse is a horse, of course, of course......



So let it be written, So let it be done.
--- AfterShock/Android 1.6.7
* Origin: HOUSTON, TX (21:4/111)

135

Arelor wrote to Gamgee <=-

Re: Re: GDPR and BBSes
By: Gamgee to Arelor on Fri Oct 09 2020 07:59 am

Maybe I could get a green card since I have contracts with Linux
News Media and (soon) other American publishers, but taking my
horse there would be sorta troublesome.

Probably a little troublesome, but do-able.

Getting the greencard, or moving with the horses? :-P

Haha, the horses. The greencard may be tough these days too,
though. :-)

One of them seems to be an Arabian cross. I bet the TSA would not
let her in without a throughful background check and many
questions.

"So, are you an spy for the arabs?"

LOL, it might be a Trojan Horse!



... All the easy problems have been solved.
=== MultiMail/Linux v0.52
--- SBBSecho 3.11-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)

135
Re: Re: GDPR and BBSes
By: Spectre to Arelor on Sat Oct 10 2020 05:09 am

"So, are you an spy for the arabs?"

Or, "Is that horse a Musi extremist?"

Spec

Nobody has seen her eat bacon, so that casts reasonable suspicion against her.

--
gopher://gopher.operationalsecurity.es
--- SBBSecho 3.11-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)

135

Keep in mind something... what would happen if you didn't give a shit.

Your points are solid, though I imagine that some of us actively want to
follow regulations to the best of our abilities.

Mind you, if this the GDPR were inherently a stupid pursuit, I suppose I
might feel differently if it weren't -- e.g., my opinion on pirating copyrighted works over 28 years old, where I affirmatively believe that
people are morally in the right to copy anything they want.

But the GDPR is _attempting_ to make data collection more transparent, and
more consumer focused than the trash heap we currently have.

Mind you, what I'd like to stop is any organization sharing my information around -- I dislike having random websites pop up with my name and previous
ten addresses, or having yet another politician asking for handouts because I made the mistake of donating money a decade or two ago.

And BBSs, by and large, don't do that. It really is just one or two people, never sharing the data.

But it wouldn't be a bad thing to state that you have no intent of anything particularly more nefarious than getting to know a stranger.

Regardless, this isn't disagreement, just a further thought.

--- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
* Origin: Storm BBS (21:2/108)

135

Sorry, I think it is spelled S-Pain nowadays.

Please, drag me out of this rotting place.

I wonder if it's just a common thing for people to think that about their own countries.

Well, aside from New Zealand, which everyone agrees is pretty great, just
kind of in the middle of nowhere.

But I'm getting questions about why I'd choose to live in Germany, especially
a random smaller city.

--- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
* Origin: Storm BBS (21:2/108)

135

Adept wrote to Arelor <=-

Sorry, I think it is spelled S-Pain nowadays.
Please, drag me out of this rotting place.

I wonder if it's just a common thing for people to think that
about their own countries.

Nobody I know thinks that about our country (USA). I'd have to
guess that holds true for nearly all US citizens.

But I'm getting questions about why I'd choose to live in
Germany, especially a random smaller city.

As I recall, you recently moved there from the USA... Don't you
think it would be rather normal for folks to ask why you wanted to
do that? I think it's a perfectly natural thing to ask. <SHRUG>



... All hope abandon, ye who enter messages here.
=== MultiMail/Linux v0.52
--- SBBSecho 3.11-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)

135

But I'm getting questions about why I'd choose to live in Germany, especially a random smaller city.

I would love to live there as well. My only question is do you have a large enough trunk to let me ride in for the trip? ;)

--- Mystic BBS v1.12 A47 2020/09/12 (Windows/32)
* Origin: ACME BBS-0118 999 881 999 119 725 3 (21:2/147)

135
Re: Re: GDPR and BBSes
By: Adept to Arelor on Sat Oct 10 2020 05:10 pm

But I'm getting questions about why I'd choose to live in Germany, especiall a random smaller city.

Random smaller cities for the win.

Lots of people told me I was a loser for living in a Peacebringer forsaken village, and that I should be in Madrid instead where the jobs and services and parties are.

Then COVID struck and those were all locked up in tiny cubiclesque appartments 30 m^2 big, while I had miles of lonely forest to use as mine. Who is the loser now? HAHAHAHAHAHAHAHA

--
gopher://gopher.operationalsecurity.es
--- SBBSecho 3.11-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)

Nobody has seen her eat bacon, so that casts reasonable suspicion

That leaves it wide open, she could also be a jewish extremist... :P

Spec


--- SuperBBS v1.17-3 (Eval)
* Origin: (21:3/101)

135

Please, drag me out of this rotting place.

Nobody I know thinks that about our country (USA). I'd have to
guess that holds true for nearly all US citizens.

Huh. I know several people who are actively trying to figure out how to leave the US, a couple who already have, and a fair amount who'd consider it if it were an option.

But clearly we have different bubbles, and yours evidently thinks more of the US than mine does.

As I recall, you recently moved there from the USA... Don't you
think it would be rather normal for folks to ask why you wanted to
do that? I think it's a perfectly natural thing to ask. <SHRUG>

Oh, yeah, that aspect is totally normal -- I was trying to get at the aspect that they're asking it in a, "That makes no sense to me" context, especially since I'm not in a fancy international city like, oh, Munich or Berlin.

But I didn't especially move away from the US (though that played a part); I wanted to live in a culture where the language was different, even if most of the people look like me. And this is also where the opportunity was. Moving
to a random smaller city in Germany is significantly more interesting than moving to a random smaller city in the US.

But who knows what I'll want to consider in a couple of years?

--- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
* Origin: Storm BBS (21:2/108)

135

But I'm getting questions about why I'd choose to live in Germany, especially a random smaller city.

I would love to live there as well. My only question is do you have a large enough trunk to let me ride in for the trip? ;)

There was certainly enough room on my plane flight, though I was already a comical mess when checking my luggage in at the airport.

Maybe I'll make a business trip to the US, and we can get you fitted for a suitcase. You're paying whatever overweight fee there is, though, as I assume you're over 23kg.

--- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
* Origin: Storm BBS (21:2/108)

111
Thus spake Adept:

Oh, yeah, that aspect is totally normal -- I was trying to get at the aspect
that they're asking it in a, "That makes no sense to me" context, especially
since I'm not in a fancy international city like, oh, Munich or Berlin.

I loved the smaller cities when I was in Germany. Of course it was a different time. I was there when the Berlin Wall came down and reunification happened. And I was in the military, so a different situation. The only cities I ever went to were Stutgartt and Nuremburg. I was roughly half way between them. I much preferred the small towns to them, which probably is strange, considering I have lived in one of the largest cities in the US for most of my life.

But I didn't especially move away from the US (though that played a part); I
wanted to live in a culture where the language was different, even if most of
the people look like me. And this is also where the opportunity was. Moving to a random smaller city in Germany is significantly more interesting than moving to a random smaller city in the US.

I thought a lot about moving back there after I got out of the Army. I just never got the courage to do it. My sister, she got the opportunity years later



















































































































to go first as an exchange student, then later as part of an internship, then again while getting her law degree. Apparently, she's braver than I am, her specialty is in international business law, and after time working in several countries, she's living and raising a family in Hamburg.

My closest thought of moving lately was my wife and I briefly considering moving to my mom's hometown in Southeast Kansas. Unfortunately, my wife is a true southern girl, and does not do snow.


So let it be written, So let it be done.
--- AfterShock/Android 1.6.7
* Origin: HOUSTON, TX (21:4/111)

135

situation. The only cities I ever went to were Stutgartt and Nuremburg.
I was roughly half way between them. I much preferred the small towns
to them, which probably is strange, considering I have lived in one of
the largest cities in the US for most of my life.

That makes sense. I think I'd be fine living in a lot of different places, though some level of "city" seems required, just because it's hard to do particularly much if there aren't enough people around to support something.

just never got the courage to do it. My sister, she got the opportunity years later to go first as an exchange student, then later as part of an internship, then again while getting her law degree. Apparently, she's braver than I am, her specialty is in international business law, and

I do find the bravery aspect kind of interesting -- I don't consider myself particularly brave, and this time moving was less frightening - I'm scared of
a variety of different things, but they're largely known unknowns (e.g., when will my German fail me? Can I get up enough energy/will power to find a place to live, or deal with the variety of things I need to deal with?) rather than something more amorphous, like, "Will Germany have the things I need in daily life?", "Will I be able to handle basic interactions?", "How will I get a job?", and so on.

But evidently others find this behavior to be hard to conceive of. E.g., my parents, neither of whom has been out of the US (well, I forget on Mexico and Canada). But I've moved _so_ much at this point that picking up and going somewhere else feels like the norm, not the exception.

But I also don't have kids (and am unlikely to acquire them), no longer have any pets, and don't have all that much stuff.

after time working in several countries, she's living and raising a
family in Hamburg.

That seems pretty neat. And Hamburg is decently large. I keep thinking it's close to here, but it's not especially. But Germany isn't a huge country -- especially having lived in California, where I was entertained when someone asked me about Los Angeles and my response was, "I don't know -- I've never been there". 'cause things are not close, and visiting LA would've been like visiting Berlin for me, now.

Mind you, I've been to Berlin, saw the wall that got taken down while you
were there, got my piece, etc. And visiting LA would've been reasonable, but being unsettled job wise made the economics difficult at best.

--- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
* Origin: Storm BBS (21:2/108)

111
Thus spake Adept:

just never got the courage to do it. My sister, she got the opportunity
years later to go first as an exchange student, then later as part of an
internship, then again while getting her law degree. Apparently, she's
braver than I am, her specialty is in international business law, and

I do find the bravery aspect kind of interesting -- I don't consider myself particularly brave, and this time moving was less frightening - I'm scared of a variety of different things, but they're largely known unknowns (e.g., when will my German fail me? Can I get up enough energy/will power to find

a

place to live, or deal with the variety of things I need to deal with?)

rather

than something more amorphous, like, "Will Germany have the things I need

in

daily life?", "Will I be able to handle basic interactions?", "How will I

get a

job?", and so on.

Perhaps courage or bravery isn't the right concept. Moving across the planet from my family doesn't worry me. Hell, I live across town from several of them and haven't seen them in years. The unknown bothers me a little, but I know enough people that either were former military or their families over there, that the idea wasn't too bad. Language could have been an issue, I understood the dialect pretty well then, but speaking was a separate issue. I tended to mix and match English, German and Spanish.

after time working in several countries, she's living and raising a
family in Hamburg.

That seems pretty neat. And Hamburg is decently large. I keep thinking it's close to here, but it's not especially. But Germany isn't a huge country -- especially having lived in California, where I was entertained when someone asked me about Los Angeles and my response was, "I don't know -- I've never been there". 'cause things are not close, and visiting LA would've been like visiting Berlin for me, now.

.
I live in Texas, it's roughly the same size as the UK. I understand the concept.

So let it be written, So let it be done.
--- AfterShock/Android 1.6.7
* Origin: HOUSTON, TX (21:4/111)

135

Adept wrote to Gamgee <=-

Please, drag me out of this rotting place.

Nobody I know thinks that about our country (USA). I'd have to
guess that holds true for nearly all US citizens.

Huh. I know several people who are actively trying to figure out
how to leave the US, a couple who already have, and a fair amount
who'd consider it if it were an option.

Okay, so "several"... My statement above still holds. Nearly all
US citizens are not looking to leave the country.

But clearly we have different bubbles, and yours evidently thinks
more of the US than mine does.

Apparently, yes. Absolutely, even.

As I recall, you recently moved there from the USA... Don't you
think it would be rather normal for folks to ask why you wanted to
do that? I think it's a perfectly natural thing to ask. <SHRUG>

Oh, yeah, that aspect is totally normal -- I was trying to get at
the aspect that they're asking it in a, "That makes no sense to
me" context, especially since I'm not in a fancy international
city like, oh, Munich or Berlin.

But I didn't especially move away from the US (though that played
a part); I wanted to live in a culture where the language was
different, even if most of the people look like me. And this is
also where the opportunity was. Moving to a random smaller city
in Germany is significantly more interesting than moving to a
random smaller city in the US.

But who knows what I'll want to consider in a couple of years?

Yeah, who knows. Maybe you'll miss the USA by then.



... All the easy problems have been solved.
=== MultiMail/Linux v0.52
--- SBBSecho 3.11-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)

135

Okay, so "several"... My statement above still holds. Nearly all
US citizens are not looking to leave the country.

Meh. I agree as a technical aspect, but not in a hopes-and-dreams aspect.

But I'll leave it at that, since it's borderline political and there's not exactly any reason for me to continue arguing it, especially when:

But clearly we have different bubbles, and yours evidently thinks more of the US than mine does.

Apparently, yes. Absolutely, even.

...is certainly true.

Yeah, who knows. Maybe you'll miss the USA by then.

Eh. I didn't after one year, the last time I came here. I'll always miss friends and loved ones, though, and more money is always tempting.

But, maybe I'll use my (hopefully gained) permanent residency in Germany to finagle my way into Spain and see what Arelor is complaining about. And work
on my Spanish skills.

That sounds like an adventure, too.

--- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
* Origin: Storm BBS (21:2/108)

135

Maybe I'll make a business trip to the US, and we can get you fitted for
a suitcase. You're paying whatever overweight fee there is, though, as I assume you're over 23kg.

I believe you may have forgotten at least 1 zero. ;D

--- Mystic BBS v1.12 A47 2020/09/12 (Windows/32)
* Origin: ACME BBS-0118 999 881 999 119 725 3 (21:2/147)

Please, drag me out of this rotting place.

Nobody I know thinks that about our country (USA). I'd have to
guess that holds true for nearly all US citizens.

Huh. I know several people who are actively trying to figure out how to leave the US, a couple who already have, and a fair amount who'd
consider it if it were an option.

Probably just the "current" case of the grass is always greener. In my mind probably one of the biggest drivers for immigration...

Spec


*** THE READER V4.50 [freeware]
--- SuperBBS v1.17-3 (Eval)
* Origin: Scrawled in haste at The Lower Planes (21:3/101)

Maybe I'll make a business trip to the US, and we can get you fitted for a suitcase. You're paying whatever overweight fee there is, though, as I assume you're over 23kg.

I believe you may have forgotten at least 1 zero. ;D

Ahhh you're one of those really lightweight little people... 0.23 Kg ;)

Spec


*** THE READER V4.50 [freeware]
--- SuperBBS v1.17-3 (Eval)
* Origin: Scrawled in haste at The Lower Planes (21:3/101)

- I'm scared of a variety of different things, but they're largely
known unknowns (e.g., when will my German fail me? Can I get up
enough energy/will power to find a place to live, or deal with the
variety of things I need to deal with?) rather than something

Those are the easy ones.... unless you're superfluent sprechen sie Deutsch, then you'd have to expect it to fail at some stage. The question will be, what


















































































































can I do to overcome it when it does. Most Germans seem to speak some level of english anyways... so you'd probably get by with a mash.. Actually you're probably more likely to get caught out in some kind of dialect thing, I would expect.

Spec :)


*** THE READER V4.50 [freeware]
--- SuperBBS v1.17-3 (Eval)
* Origin: Scrawled in haste at The Lower Planes (21:3/101)

Nobody has seen her eat bacon, so that casts reasonable suspicion

That leaves it wide open, she could also be a jewish extremist... :P

Spec


--- SuperBBS v1.17-3 (Eval)
* Origin: (21:3/101)