qwertychouskie
commented
6 years ago Also check the whole "Donators" list in the credits and how that might be affected.
Open Arthur-D opened 6 years ago
qwertychouskie
commented
6 years ago Also check the whole "Donators" list in the credits and how that might be affected.
Wuzzy2
commented
5 years ago This is possibly relevant:
If you tick on the checkbox “Connect to the Internet”, a checkbox appears with the text “Collect hardware statistics”, which is ticked ON by default. There is no indication that this checkbox will appear, and enables itself automatically. The only warning is at the very first start of STK, but this text can be easily forgotten.
This is opt-out, i.e. wrong.
This checkbox should be OFF by default after you enable Internet access.
qwertychouskie
commented
5 years ago Also of concern, STK uses 3rd-party STUN servers, and each probably has their own TOS and Privacy Policy. Should we just host our own on our servers using e.g. STUNTMAN?
hiker
commented
5 years ago STK should be all opt-in-only, i.e. all internet and hw stats option default to off, and user needs to opt-in (after #3748 is merged). Note that I left chat enabled by default, since imho the user actively opts-in by typing a message and pressing return.
I've updated our privacy policy to include details about the use of stun servers, and the handling of donators (also added to the donation page).
I think we still need to update the wiki page, and how it uses cookies (though we have a section about cookies in the privacy policy). This outstanding work seems not to be directly required for the next release, so postponing this till later.
MinIsMin
commented
5 years ago Also you really need to mention the usage of piwik on supertuxkart.net and request consent as the current usage clearly violates GDPR.
See https://matomo.org/blog/2018/04/how-to-make-matomo-gdpr-compliant-in-12-steps/ for more info.
And a link to the privacy page in the footer would be good.
Benau
commented
4 years ago piwik is no longer used now 
We should make sure we are GDPR-compliant, as that should help us avoid legal repercussions or at the very least drama resulting from not following them as best as we can.
Our current Terms of Service and Privacy Policy were written a while ago and it would in any case be prudent to look at them again in time for any wider release of networked multiplayer.
[ ] Make sure our terms and privacy policy is as easy to find and as clear as possible.
[ ] Find out exactly what data we are and will be collecting on people having an account on addons.supertuxkart.net, people simply playing the game and people visiting or using our websites. This may include things like the wiki accounts on the main site, or other things not originally envisioned when we wrote our current terms and privacy policy.
[ ] Try as best as we can to make sure we cover the relevant sections of the GDPR. Especially important as it relates to giving explicit consent, us being able to prove we have such consent, withdrawal of consent, and people under the age of 16 since we need explicit consent by his or her parents.