It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
high rated
avatar
gogtrial34987: "Privacy by default" isn't just something meaningless that people shout. It's a specifically meaningful term from the GDPR, which will be required for everything for all EU citizens, come May 25th:

The things gog intends to publish on the profile page, such as your "activity" and your "active friends" are both personal data for the purposes of the GDPR.
avatar
Taro94: As BKGaming has pointed out, no personal information is going to be made available to public. That's what I mean by saying that people are overreacting drastically.

Feel free to present evidence to the contrary, but I'm pretty sure your "active friends" and "activity" are not regarded as personal data for the purposes of the GDPR
Maybe not for GDPR, but for me anything about me is personal and private unless I decide otherwise. Even if it's something as meaningless as my games library. To steal a line from the trailer I linked previously - "it's not that I have something to hide. I just have nothing I want you to see."

You seem to fail to grasp that for those of us who "overreact" it's the principle of the thing that matters, not some misinterpreted life-shattering consequences we fear in this particular instance. And that's because privacy everywhere is being eroded by one "unimportant" instance after another.
Post edited April 20, 2018 by Breja
high rated
avatar
Taro94: Feel free to present evidence to the contrary, but I'm pretty sure your "active friends" and "activity" are not regarded as personal data for the purposes of the GDPR (I admit I'm not wholy knowledgable on this subject, but I'm skeptical about the idea of GOG not being aware of what is and what is not allowed to be displayed without explicit user's consent).
I am (mostly) knowledgeable about this subject. One of the things about the GDPR that is little understood by people who haven't been freaking out about it (or cheering it) for the last two years, is how broadly it defines "personal data".

If a bit of data can be used to identify an individual in any way (or to distinguish between individuals) - even if only through the use of other data sets, then that's personal data.

I don't know if you're aware of this, but back in 2006 netflix released an "anonymized" dataset of movie ratings, as part of a contest for building a better recommendation engine. Researchers were able to "de-anonymize" a scarily large amount of the users in that dataset by combining it with publicly available imdb data. The broad definition in the GDPR is particularly tailored to protect against that type of data-leakage.
low rated
avatar
gogtrial34987: The things gog intends to publish on the profile page, such as your "activity" and your "active friends" are both personal data for the purposes of the GDPR.
No it's not. GOG even makes it clear what "Personal Information" entails and "activity" and your "active friends" do not personally identify you. I think a lot of people are misinterpreting what GDPR is actually saying. It's seems to me it's more geared to protecting actual information that can identify you, so actual personal information.
high rated
avatar
gogtrial34987: The things gog intends to publish on the profile page, such as your "activity" and your "active friends" are both personal data for the purposes of the GDPR.
avatar
BKGaming: GOG even makes it clear what "Personal Information" entails
GOG doesn't get to define that under the GDPR.
avatar
BKGaming: and "activity" and your "active friends" do not personally identify you.
They do. See my reply directly above.
low rated
avatar
gogtrial34987: They do. See my reply directly above.
Okay so let's take a look at what you posted:

avatar
gogtrial34987: If a bit of data can be used to identify an individual in any way (or to distinguish between individuals) - even if only through the use of other data sets, then that's personal data.
They keyword here is "IF". So unless you can prove that by using "activity" and "active friends" you can identify any random GOG user that you have never met, then you will be hard pressed to prove that this information can be classified as "personal information" or "personal data" (and I very much doubt you will be able to do that).

I mean if the standard is "anyone can claim certain data is personal" then that is really bad. I mean we don't "own" our accounts so at what point did it become "personal data" vs "data owned by GOG". Even uploading an avatar gives GOG limited rights to it. I would assume to file a complaint or for an entity take action under GDPR you would actually have to prove said company violated personal information and that the information can help identify said users.
Post edited April 19, 2018 by BKGaming
high rated
avatar
BKGaming: They keyword here is "IF". So unless you can prove that by using "activity" and "active friends" you can identify any random GOG user that you have never met
I use a unique username on this site, but I'm friends with users X, Y and Z which use the same username here, and on social network alpha, where I'm also friends with them, and use my regular (user)name. Out of all the people in the world, I'm the only one who's friends with X, Y and Z, on any network.
When GOG publishes, on my profile (or on their profiles) that we're friends, that de-anonymizes me.

The same will go for a significant number of other users. Not for any random user (but that's a modifier which you came up with, and which isn't in the law), but definitely for many random users.
avatar
ShadowOwl: I have been waiting a long time for this update. The ability to hide specific games in one's profile would have been much appreciated though.
Well, you can already hide games. I presume these games will also be hidden from your public profile.
low rated
avatar
gogtrial34987: I use a unique username on this site, but I'm friends with users X, Y and Z which use the same username here, and on social network alpha, where I'm also friends with them, and use my regular (user)name. Out of all the people in the world, I'm the only one who's friends with X, Y and Z, on any network.
When GOG publishes, on my profile (or on their profiles) that we're friends, that de-anonymizes me.
This isn't a very practical example. Being friends with x, y, z does not guarantee or even prove that are both the same user on GOG and social media alpha when using different (user)names. Furthermore the social network alpha would also have to display friends by default. It is also a very extreme case example, that probably is not a real world applicable to any accounts on GOG.

And as I said above one does not own their GOG account (they may own certain data provided to GOG like an email address) so at what point does it become "personal data" and not "GOG's data"?

And besides that apparently GDPR will be enforced on a country by country basis from what I am reading. So country A may use a more broad reading of the law than country B. There seems to be a lot of disagreement of how well the law can even be enforced.

And Poland, where GOG resides, has already expressed possibly enforcing the law differently then how it is written and even possibly giving exemptions to certain things: https://iapp.org/news/a/polands-proposed-gdpr-exemptions-spark-outrage/

And as Taro94 said "I'm skeptical about the idea of GOG not being aware of what is and what is not allowed to be displayed without explicit user's consent". GOG has many lawyers and a legal department for this very reason.

Worst case scenario, GOG could just use geolocation data to set the profile default as private for EU users and public for NA users, etc. That should make them compliant.
Post edited April 20, 2018 by BKGaming
high rated
My only gripes is with the default settings. It should be fully private and people then can open up as far as they want.
high rated
avatar
BKGaming: This isn't a very practical example. Being friends with x, y, z does not guarantee or even prove that are both the same user on GOG and social media alpha when using different (user)names. Furthermore the social network alpha would also have to display friends by default. It is also a very extreme case example, that probably is not a real world applicable to any accounts on GOG.
You severely underestimate just how realistic this is, and how significant (thus trustworthy) the results of attempting to match such interpersonal networks.

avatar
BKGaming: Worst case scenario, GOG could just use geolocation data to set the profile default as private for EU users and public for NA users. That should make them compliant.
That would indeed be an acceptable solution (modulo EU-citizens who happened to be out of the region, but who'd still enjoy GDPR protection).
high rated
avatar
thomq: I don't want maximum privacy. Privacy is not a right. That's just double-speak.

Privacy is the baseline. Privacy is the line drawn in the sand that a person dares to cross as an individual. Privacy is not an action, is not the effort.
An excellent observation. I could not agree more.

avatar
BKGaming: I'll probably be criticized for this, but I'm just being honest. I fail to see how this is giving personal information by default? Personal information would be your real name, email, or home address. Anything that can allow one to identify who you are in real life. As far as I am aware, GOG has not stated any of this info will be visible on profile pages.

Your GOG account name or account activity or even game list is not personal information and as I said before these are public accounts.
You fail to see because you do not apparently understand how far past are we in terms of technological capacity for identifying individual users with seemingly innocuous data (also, hardware/software fingerprinting methods).


12.3 If you don't agree to those changes (regardless of whether you email us), then unfortunately we must ask you to cease using GOG services. We're sorry we have to say that, but we hope you'll appreciate that for GOG services to work properly we need to have everyone using it under the same rules instead of different people having different rules. That's why we encourage you to get in contact if you have queries.
avatar
BKGaming: Do people actually read these?
I do. I argued against the way GOG's modification of Privacy Policy was phrased long before it came into effect, with the usual result. Not least because of quite a few people with the "but GOG would never do anything wrong with your data anyway" mentality.

It's not about capacity. It's about legal protection of the very foundation of modern society (the very reason most Western countries protect privacy of individual voters).

Ultimately, I don't exactly think it's right for GOG to take my money only to tell me "lulz, SOL, git lost, scrub" down the line. Maybe my age is showing, but I'm neither used to nor am willing to accept the idea of one-way contract with any corporation.

You sold me goods under specific conditions, you can at least make some damn effort to maintain such conditions when the changes have nothing to do with your primary business.

And, by the by, on the subject of privacy. That recent FB login implementation?

https://techcrunch.com/2018/04/18/login-with-facebook-data-hijacked-by-javascript-trackers/

The more potential points of failure you introduce to your web site, the more likely it is to be affected by a breach. And Facebook is a huge and juicy target.

avatar
BKGaming: And Poland, where GOG resides, has already expressed possibly enforcing the law differently then how it is written and even possibly giving exemptions to certain things: https://iapp.org/news/a/polands-proposed-gdpr-exemptions-spark-outrage/
I really hope the Polish government gets shut down hard on this by the EU.

This is such a retarded idea I don't even know where to begin. Somebody must have paid well for the potatopoliticians in their pockets.

avatar
BKGaming: Worst case scenario, GOG could just use geolocation data to set the profile default as private for EU users and public for NA users. That should make them compliant.
avatar
gogtrial34987: That would indeed be an acceptable solution (modulo EU-citizens who happened to be out of the region, but who'd still enjoy GDPR protection).
I'd like to have some of that EU privacy too, thank you very much, even if our government is famously the best money (that I don't have enough of) can buy :P

Edit: Also, the guy who people should have been listening to for years but it's not profitable:

http://nymag.com/selectall/2018/04/richard-stallman-rms-on-privacy-data-and-free-software.html

https://www.reddit.com/r/StallmanWasRight/
Post edited April 20, 2018 by Lukaszmik
low rated
avatar
Lukaszmik: You fail to see because you do not apparently understand how far past are we in terms of technological capacity for identifying individual users with seemingly innocuous data (also, hardware/software fingerprinting methods).
Oh I understand the possiblity of doing so, I just don't see how pratical it is with what data we are talking about in this specific case but maybe it's because it's not something I place of high importance on personally.

I'm also probably biased because I do web development and I can see the benifts of having profiles public vs private and why profiles being public is typically the rule not the exception. If I was making some kind of profile system for a web site I would also set the default setting to public, otherwise the feature would be a waste of development time because it probably won't be adopted large scale.

A little dated but still true today:
https://www.uie.com/brainsparks/2011/09/14/do-users-change-their-settings/

avatar
Lukaszmik: You sold me goods under specific conditions, you can at least make some damn effort to maintain such conditions when the changes have nothing to do with your primary business.
GOG is really no different than any other company that sells a service or goods online in this regard. Until somebody takes them to court over it or laws catch up to 2018 it probably won't change.

avatar
Lukaszmik: I really hope the Polish government gets shut down hard on this by the EU.
Poland has already shown they are more than willing to fight the EU on stuff, so who knows.

avatar
Lukaszmik: I'd like to have some of that EU privacy too, thank you very much, even if our government is famously the best money (that I don't have enough of) can buy :P
And what would stop you from changing some settings so you can have said privacy in this case in regards to GOG if they did decide to use geolocation to have different defaults based on location?
Post edited April 20, 2018 by BKGaming
avatar
BKGaming: A little dated but still true today:
https://www.uie.com/brainsparks/2011/09/14/do-users-change-their-settings/
Thank you. This is exactly why I totally understand GOG's decision to make the profiles public by default.

I think the only reasonable middle-ground would be the suggested pop-up window on first login forcing the user to choose their privacy settings.

If the settings defult to full privact, the feature would be close to useless. If it defaults to publicity, people will complain.

This seems like the only reasonable option.
high rated
What I dont't get is why are some people sort of arguing AGAINST privacy?
high rated
avatar
Ziemowiterkens: What I dont't get is why are some people sort of arguing AGAINST privacy?
Because we live in a fucked up dystopia where lack of privacy is becoming the norm and insisting on retaining it an aberration.