Ryan6578
commented
4 years ago Hi Eldinnie,
Thanks for your concerns. I spoke to you privately on Discord about this, but just wanted to reflect that discussion here as well.
I never saw it, because it is not shown in onLoad, only in onPlayerConnect (which is not triggered for the host or players already present at the table).
I can make it print onLoad so that it's more clear for the host and any other players already in the game.
Furthermore, according to the GDPR, it's not allowed to collect and store data tracable to a person without their explicit consent. You already send and store steam ID's of players opening the table, or connecting to the table before they could've even seen a warning, let alone consent to the data collection. and a steam id is tracable to a person.
No data is ever stored unless a player sits at the table. Before then, they should have seen the disclaimer. If they choose not to sit, none of their data will ever be recorded. Sitting at the table implies consent to such data collection. I'll update the disclaimer verbiage to be more clear about this.
Now you have this site https://ryan6578.com/codenames/stats/privacy/ that has some info. Although it's pretty unclear, and also not true. We employ the use of TLS encryption for all data transit. you can;t from TTS. I can just acces your api from anywhere to check if I'm blacklisted for example.
The data is sent via TLS (so all data is encrypted in transit), but that API endpoint is a public endpoint. Given TTS'/Steam's current architecture, I wouldn't be able to require authorization to access this endpoint, hence why it has to be public. I'm only able to verify so much about games and their validity.
It's also completey invalidated by: Ryan6578.com reserves the right to change this policy at any time.
This is usually a standard practice in legal documentation. It allows the issuer to be able to make changes in future should circumstances change. The date changes were made is also reflected at the top for the sake of transparency.
Talking about blacklisting. It's very unclear how a person would become blacklisted, it's not done from the same code.
Only I am able to add users to the blacklist, and blacklisted users are people who have joined my games and troll by throwing items off the table and ruining the game for others. I don't allow personal vendettas to be reflected in the blacklist.
Let me know if there's anything else you'd like me to clarify!
Thanks, Ryan
Hi,
I was looking through your code. And I found this disclaimer. https://github.com/Ryan6578/TTS-Codenames/blob/d9d2218512f0e03ff24d5ae01f44b35b7848412d/src/Global.-1.ttslua#L21-L37 I never saw it, because it is not shown in onLoad, only in onPlayerConnect (which is not triggered for the host or players already present at the table).
Furthermore, according to the GDPR, it's not allowed to collect and store data tracable to a person without their explicit consent. You already send and store steam ID's of players opening the table, or connecting to the table before they could've even seen a warning, let alone consent to the data collection. and a steam id is tracable to a person.
Now you have this site https://ryan6578.com/codenames/stats/privacy/ that has some info. Although it's pretty unclear, and also not true.
We employ the use of TLS encryption for all data transit.you can;t from TTS. I can just acces your api from anywhere to check if I'm blacklisted for example. It's also completey invalidated by:Ryan6578.com reserves the right to change this policy at any time.Talking about blacklisting. It's very unclear how a person would become blacklisted, it's not done from the same code.All in all you seem to be on thin Ice regarding the data collection you perform and I would suggest implementing an opt-in where users do not automatically get tracked.