Version 0.16.47

Information about releases and roadmap.
User avatar
disentius
Filter Inserter
Filter Inserter
Posts: 694
Joined: Fri May 12, 2017 3:17 pm
Contact:

Re: Version 0.16.47

Post by disentius »

GDPR has a goal.
Give more rights to individuals about the collection, status, and access to their personal data as these are collected by companies and government agencies
Are you collecting personal data of EU members?
Then these rules apply. (GDPR art 5)
lightly shortened for clarity
Personal data shall be:
- processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);

- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; (‘purpose limitation’);

- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimization’);

- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);

- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; (‘storage limitation’);

- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (‘integrity and confidentiality’).
Bob's Mum ONLY would have to ask her employees , if the law in his country does not require that the school collects this data for the purpose of paying the employees, or for school insurance, for instance.
As data collector, you have to write down what data you collect, and why. this is a one time thing, and you do not have to ask permission for data you are required to collect by law in your country. You DO have to inform your clients, pupils, website visitors, etc WHICH data you collect, and for what purpose.
My apologies to all experts beforehand, but i had to correct some wrong statements by bobingabout
Now, GAMETIME!:)

User avatar
Gergely
Filter Inserter
Filter Inserter
Posts: 595
Joined: Sun Apr 10, 2016 8:31 pm
Contact:

Re: Version 0.16.47

Post by Gergely »

disentius wrote: Personal data shall be:
- processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);

- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; (‘purpose limitation’);
Sure that's reasonable.
disentius wrote: - adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimization’);

- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
It starts not making sense.
disentius wrote: - kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; (‘storage limitation’);
Why?
disentius wrote: - processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (‘integrity and confidentiality’).
This one makes no sense. How can data cause destruction? How can data cause accidental loss?!
disentius wrote:As data collector, you have to write down what data you collect, and why. this is a one time thing, and you do not have to ask permission for data you are required to collect by law in your country. You DO have to inform your clients, pupils, website visitors, etc WHICH data you collect, and for what purpose.
Again, why?
Last edited by Gergely on Mon Jun 11, 2018 6:28 pm, edited 1 time in total.

User avatar
Oktokolo
Filter Inserter
Filter Inserter
Posts: 883
Joined: Wed Jul 12, 2017 5:45 pm
Contact:

Re: Version 0.16.47

Post by Oktokolo »

bobingabout wrote:On that note, you're already breaking the law right here, because the forums haven't asked me if it is okay to store cookies yet. (Like, 90% of websites I have visited on or since the 25th of may have asked if it is okay to store cookies, as per the GDPR compliance)
The session cookie is a technical requirement for providing a user-account-based forum. You don't have to ask for permission to store the session-cookie. But if you store the user's IP in the session on your server to detect session highjacking attempts, you probably would have to ask for that as state of the art is to hash such data with a session-specific nonce/salt to avoid storing the IP.

User avatar
Light
Filter Inserter
Filter Inserter
Posts: 678
Joined: Mon Oct 10, 2016 6:19 pm
Contact:

Re: Version 0.16.47

Post by Light »

SuperSandro2000 wrote:And GDPR should in theory inform companies before they are being sued so that they can change stuff to meet GDPR.
Have you not also received 30+ emails from companies stating they are changing their policies to comply with the GDPR over the past month? Enough advanced warning was given so companies had plenty of time to get themselves ready before it took effect.

If you're suggesting the government should slap them on the wrist before a lawsuit then that's incredibly disturbing for a dozen reasons, none of which end well for the people.
Gergely wrote:
disentius wrote: - processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (‘integrity and confidentiality’).
This one makes no sense. How can data cause destruction? How can data cause accidental loss?!
Never heard of identity theft?

Some companies may keep minimal records, but I've worked on databases which contain so much information about its users that identity theft is an absolute joke to pull off.

Mobius1
Fast Inserter
Fast Inserter
Posts: 191
Joined: Thu Feb 09, 2017 12:05 am
Contact:

Re: Version 0.16.47

Post by Mobius1 »

wow, just... wow.
When the changelog has major desync fixes, it has only 1 page of discussion, when it just remove 1 line of information on the error report, it has 3 pages.

I don't understand why a system path is such a big deal for ppl since the connection is protected on both sides by 256 encryption AES which is way easier to discover your computer's access info via malicious email than to crack the communication encryption only to discover your user's folder info...

User avatar
Oktokolo
Filter Inserter
Filter Inserter
Posts: 883
Joined: Wed Jul 12, 2017 5:45 pm
Contact:

Re: Version 0.16.47

Post by Oktokolo »

Mobius1 wrote:wow, just... wow.
When the changelog has major desync fixes, it has only 1 page of discussion, when it just remove 1 line of information on the error report, it has 3 pages.
Well, a rather complete data protection law is a new concept and therefore interesting to discuss - while desyncs are just the old stuff we already talked about back then, where we used a null modem cable or the IPX/SPX protocol for multiplayer games.

ratchetfreak
Filter Inserter
Filter Inserter
Posts: 950
Joined: Sat May 23, 2015 12:10 pm
Contact:

Re: Version 0.16.47

Post by ratchetfreak »

Mobius1 wrote:wow, just... wow.
When the changelog has major desync fixes, it has only 1 page of discussion, when it just remove 1 line of information on the error report, it has 3 pages.

I don't understand why a system path is such a big deal for ppl since the connection is protected on both sides by 256 encryption AES which is way easier to discover your computer's access info via malicious email than to crack the communication encryption only to discover your user's folder info...
That connection is only to the factorio server once there it was decrypted and stored plaintext. That database can be hacked or someone malicious can get a job there and copy and sell the data.

In fact I believe that GDPR is to limit the damage in that case and make the company doing the gathering partly responsible for the damage incurred, people cannot abuse or sell data that isn't gathered and stored.

The installation path very likely contains some variation of the user's true name, when installed in the user directory (like steam will do).

kovarex
Factorio Staff
Factorio Staff
Posts: 8078
Joined: Wed Feb 06, 2013 12:00 am
Contact:

Re: Version 0.16.47

Post by kovarex »

ratchetfreak wrote:
Mobius1 wrote:wow, just... wow.
When the changelog has major desync fixes, it has only 1 page of discussion, when it just remove 1 line of information on the error report, it has 3 pages.

I don't understand why a system path is such a big deal for ppl since the connection is protected on both sides by 256 encryption AES which is way easier to discover your computer's access info via malicious email than to crack the communication encryption only to discover your user's folder info...
That connection is only to the factorio server once there it was decrypted and stored plaintext. That database can be hacked or someone malicious can get a job there and copy and sell the data.

In fact I believe that GDPR is to limit the damage in that case and make the company doing the gathering partly responsible for the damage incurred, people cannot abuse or sell data that isn't gathered and stored.

The installation path very likely contains some variation of the user's true name, when installed in the user directory (like steam will do).
Sell the data? Really? Are you aware, that only logs of crashes are there? And since Factorio starts to be quite stable, only tens out of tens of thousands of people ever get a log uploaded? I'm not an expert on this, but I would guess that having dozens of random windows usernames, or random IP addresses from random multiplayer games has value close to zero on a market. Just to explain, that this was done just to fight legal bullshit, not to fix anything even remotely problematic.
It actually creates an problem, as it is quite useful to have some idea whether the 10 crashes are from one guy or not, which is now even harder to guess.

ratchetfreak
Filter Inserter
Filter Inserter
Posts: 950
Joined: Sat May 23, 2015 12:10 pm
Contact:

Re: Version 0.16.47

Post by ratchetfreak »

kovarex wrote: Sell the data? Really? Are you aware, that only logs of crashes are there? And since Factorio starts to be quite stable, only tens out of tens of thousands of people ever get a log uploaded? I'm not an expert on this, but I would guess that having dozens of random windows usernames, or random IP addresses from random multiplayer games has value close to zero on a market. Just to explain, that this was done just to fight legal bullshit, not to fix anything even remotely problematic.
It actually creates an problem, as it is quite useful to have some idea whether the 10 crashes are from one guy or not, which is now even harder to guess.
I'm kinda playing devils advocate here, trying to exposit what I believe the stance of the law makers were when they drafted that law. They don't really care about the small fry but need to make it inclusive enough to ensure that the big guys cannot abuse the loopholes.

Also data like that gets valuable when cross correlated to other data, being able to pinpoint that a certain user on the internet plays factorio isn't all that valuable sure (unless you are trying to target them for ads to your own game that caters to the same tastes), but there are other applications that signify a more juicy target or have a lot more crash reports (like a browser for example).

youdoomt
Long Handed Inserter
Long Handed Inserter
Posts: 63
Joined: Mon Apr 04, 2016 5:58 pm
Contact:

Re: Version 0.16.47

Post by youdoomt »

kovarex wrote:It actually creates an problem, as it is quite useful to have some idea whether the 10 crashes are from one guy or not, which is now even harder to guess.
In that case you have a legal explanation to obtain some kind of identification data, though you're still stuck behind the automatic checked mark, unless, I'm guessing, you make some sort of terms people have to agree with to be able to play.

Or maybe you can anonymize the identification data by hashing the user path/some ID thing, but this can't be truly anonymous(but very close), and then again would this be in acceptance with the GDPR?

kovarex
Factorio Staff
Factorio Staff
Posts: 8078
Joined: Wed Feb 06, 2013 12:00 am
Contact:

Re: Version 0.16.47

Post by kovarex »

I was thinking of this:
Every installation of Factorio would generate random string, and this string would be included in the log. Every time you install, the string would be different and there would be no way for us to know who is it related to.
But if we saw 10 different crashes with the same random string, we would know it is the same user, we could even automatically sort the crashes by it, so we would know how many crashes/unique users had the problem.

Would this be problematic in any way?

This is mainly, because the top of our crash logs is now usually one user with some hardware/system problem doing a lot of crashes.

youdoomt
Long Handed Inserter
Long Handed Inserter
Posts: 63
Joined: Mon Apr 04, 2016 5:58 pm
Contact:

Re: Version 0.16.47

Post by youdoomt »

I think it's a great solution, but I'm still a bit unsure about it, since there is still a connection.

I'll have another look at it and report back, if I find it problematic.

ratchetfreak
Filter Inserter
Filter Inserter
Posts: 950
Joined: Sat May 23, 2015 12:10 pm
Contact:

Re: Version 0.16.47

Post by ratchetfreak »

quoting the actual text: (from https://eur-lex.europa.eu/legal-content ... 001.01.ENG )

(26)The principles of data protection should apply to any information concerning an identified or identifiable natural person. Personal data which have undergone pseudonymisation, which could be attributed to a natural person by the use of additional information should be considered to be information on an identifiable natural person. To determine whether a natural person is identifiable, account should be taken of all the means reasonably likely to be used, such as singling out, either by the controller or by another person to identify the natural person directly or indirectly. To ascertain whether means are reasonably likely to be used to identify the natural person, account should be taken of all objective factors, such as the costs of and the amount of time required for identification, taking into consideration the available technology at the time of the processing and technological developments. The principles of data protection should therefore not apply to anonymous information, namely information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable. This Regulation does not therefore concern the processing of such anonymous information, including for statistical or research purposes.

(28)The application of pseudonymisation to personal data can reduce the risks to the data subjects concerned and help controllers and processors to meet their data-protection obligations. The explicit introduction of ‘pseudonymisation’ in this Regulation is not intended to preclude any other measures of data protection.

(29)In order to create incentives to apply pseudonymisation when processing personal data, measures of pseudonymisation should, whilst allowing general analysis, be possible within the same controller when that controller has taken technical and organisational measures necessary to ensure, for the processing concerned, that this Regulation is implemented, and that additional information for attributing the personal data to a specific data subject is kept separately. The controller processing the personal data should indicate the authorised persons within the same controller.

article 4, definitions

(5)‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
So yes, making a hash of the directory or a generated string and using that to identify crashes from the same install is allowed. The generated number is better when looking from a paranoid viewpoint, because it is linked to the person at exactly 1 location, whereever you end up storing that ID on his computer. Whereas a hash of the directory can be recreated by inserting the first name (or one of the common variations) into a standard install directory template.

youdoomt
Long Handed Inserter
Long Handed Inserter
Posts: 63
Joined: Mon Apr 04, 2016 5:58 pm
Contact:

Re: Version 0.16.47

Post by youdoomt »

The thing that seems problematic is the gathering of the data(automated upload of crashlogs).

so:
Is it legal to automatically, with a pre-checked box, to gather the pseudonymized information?

And so don't they need to inform us of this pseudonymized information?

User avatar
disentius
Filter Inserter
Filter Inserter
Posts: 694
Joined: Fri May 12, 2017 3:17 pm
Contact:

Re: Version 0.16.47

Post by disentius »

@Kovarex: Excellent solution, Removing the link to possible personal info

@youdoomt: Need to inform, yes. Need consent, no.
If Wube anonymizes the logs by
- removing the ip adress (this is one of the gdpr parts lawyers are going to get rich over)
- other possible personal info (Personal here has a well defined meaning: "Any data that can be used to identify a person uniquely)

Explicit consent is not needed, since no personal data is collected. (Metadata is not personal data; another field day for the legalese warriors distinguishing the gray areas)

Wube does have to state in their privacy policy which info they gather, and for what purpose (goal-binding)
They may not use the logfiles for another purpose than stated, e.g. bug hunting.

Sander_Bouwhuis
Filter Inserter
Filter Inserter
Posts: 292
Joined: Mon Dec 07, 2015 10:45 pm
Contact:

Re: Version 0.16.47

Post by Sander_Bouwhuis »

kovarex wrote:I was thinking of this:
Every installation of Factorio would generate random string, and this string would be included in the log. Every time you install, the string would be different and there would be no way for us to know who is it related to.
But if we saw 10 different crashes with the same random string, we would know it is the same user, we could even automatically sort the crashes by it, so we would know how many crashes/unique users had the problem.

Would this be problematic in any way?

This is mainly, because the top of our crash logs is now usually one user with some hardware/system problem doing a lot of crashes.
I think you are mistaken on what data you can have/keep. In this case, you can clearly show it's important for the product to work properly. If you indeed do a randomized string, but throw away the email address (if it was sent like that) and/or IP address (if it was sent like that), you should be ok.
The idea behind the law is that you don't keep tons of data so you can build up a profile while your product/service is not dependent on it. So, a birth date is NOT ok to keep/have, but a (forum) username is ok.

Also, informing is a large part of it too. If you inform users that their username is used in the logs to identify the installation, you probably also can get away with it.

Also, thanks for fixing this thing:
Fixed crash when placing an entity with title while backers list was emptied.

youdoomt
Long Handed Inserter
Long Handed Inserter
Posts: 63
Joined: Mon Apr 04, 2016 5:58 pm
Contact:

Re: Version 0.16.47

Post by youdoomt »

@disentus

If they use the random strings, it can still indirectly be used to identity the pc, which then to identify the user.
So given our difinition:
Article 4 (1) wrote:‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Isn't it an identification number?
Because we can indirectly identify the person via the pc?

Or is this a level of abstraction, were it makes it not 'personal data', since the number only identifies the pc, and not to a person?

If second case is true, wouldn't you be able to get away with stuff, saying you're identifying a thing(pc) and not a person(owner of given pc)?

orzelek
Smart Inserter
Smart Inserter
Posts: 3911
Joined: Fri Apr 03, 2015 10:20 am
Contact:

Re: Version 0.16.47

Post by orzelek »

They way kovarex plans it it would identify installation of Factorio.

I don't think it could be treated as personally identifiable information. It does not identify a person in any way - it identifies that specific installation of the game and nothing else. If you copy it to someone else it still has same identifier and if same person reinstalls it it gains a new one.

Koub
Global Moderator
Global Moderator
Posts: 7175
Joined: Fri May 30, 2014 8:54 am
Contact:

Re: Version 0.16.47

Post by Koub »

youdoomt wrote:Isn't it an identification number?
Because we can indirectly identify the person via the pc?

Or is this a level of abstraction, were it makes it not 'personal data', since the number only identifies the pc, and not to a person?
You'd get a different number every installation. So there would be no way to find the identity of a person with this number : one could reinstall Factorio every day and get a new one each time (on the contrary of personal data, which is supposed to be of value to identify someone.
Koub - Please consider English is not my native language.

User avatar
bobingabout
Smart Inserter
Smart Inserter
Posts: 7351
Joined: Fri May 09, 2014 1:01 pm
Contact:

Re: Version 0.16.47

Post by bobingabout »

kovarex wrote:
ratchetfreak wrote:
Mobius1 wrote:wow, just... wow.
When the changelog has major desync fixes, it has only 1 page of discussion, when it just remove 1 line of information on the error report, it has 3 pages.

I don't understand why a system path is such a big deal for ppl since the connection is protected on both sides by 256 encryption AES which is way easier to discover your computer's access info via malicious email than to crack the communication encryption only to discover your user's folder info...
That connection is only to the factorio server once there it was decrypted and stored plaintext. That database can be hacked or someone malicious can get a job there and copy and sell the data.

In fact I believe that GDPR is to limit the damage in that case and make the company doing the gathering partly responsible for the damage incurred, people cannot abuse or sell data that isn't gathered and stored.

The installation path very likely contains some variation of the user's true name, when installed in the user directory (like steam will do).
Sell the data? Really? Are you aware, that only logs of crashes are there? And since Factorio starts to be quite stable, only tens out of tens of thousands of people ever get a log uploaded? I'm not an expert on this, but I would guess that having dozens of random windows usernames, or random IP addresses from random multiplayer games has value close to zero on a market. Just to explain, that this was done just to fight legal bullshit, not to fix anything even remotely problematic.
It actually creates an problem, as it is quite useful to have some idea whether the 10 crashes are from one guy or not, which is now even harder to guess.
Selling data is a big problem around the world right now. So, he's just highlighting what he thinks is the reason for the law, and not accusing you of doing it.
kovarex wrote:I was thinking of this:
Every installation of Factorio would generate random string, and this string would be included in the log. Every time you install, the string would be different and there would be no way for us to know who is it related to.
But if we saw 10 different crashes with the same random string, we would know it is the same user, we could even automatically sort the crashes by it, so we would know how many crashes/unique users had the problem.

Would this be problematic in any way?

This is mainly, because the top of our crash logs is now usually one user with some hardware/system problem doing a lot of crashes.
That's a tricky one. As long as the key doesn't contain any method to get any "Personal" data back out of it (Name, Email address, IP) then I don't see this should be a problem.
Creator of Bob's mods. Expanding your gameplay since version 0.9.8.
I also have a Patreon.

Post Reply

Return to “Releases”