Updated Terms Notice & Privacy Policy

[FinalFan]

3 hours ago, Lisias said:

Language barrier on the bitting. =/

Arguments, when right, doesn't change anything. By arguing about the colour of the skies, you don't change the fact it is blue due the scattering from nitrogen and oxygen. Things will just go as it should do.

But arguments, when wrong and prevalent, will eventually triggers a series of mislead actions. See that "Flat Earth" hysteria.

In a way or another, the argument itself is not the problem. It's the people listening to the argument that causes trouble.

Yeah. Almost it. I think you miss some minor points, but essentially, that's it.

What is missing from your conclusions is: you can thrust people, it's companies that should not be thrusted. As a sad (and expensive) example, we have Apple. Since Job's death, my experience on MacOS had gone down the tubes. Epically. Jobs was the one that was keeping Apple on rails.

It's the same on every company. 

About accusations, it's possible to accuse a innocent man for a true crime. If the crime wasn't committed yet, it's even easier to get away with that.

Yes, once the company has all the agreements they need, sooner or later it will monetize it for sure. And this is not necessarily a bad thing, because we only have their services available due exactly this fact. It's a bad thing when such monetizing hurts us, the customers. 

So, when "accusing" a company of something that it might do in the future, ideally we take some cautions to prevent that the people that are part of the company today doesn't get burnt in the process. We would be probably harming the very people that would help us to fix the situation.

For clarification, I was able to understand the phrase itself, but I wasn't sure at the time what it had to do with the topic, which also made me less certain about my (correct) interpretation of your words. 

I think we can agree that, when saying "hey, you are asking us to agree to give you power that could easily be abused, and probably will be by someone at some point", it is better to NOT say "you are personally planning to abuse these powers" without evidence. 

[sarbian]

5 hours ago, hbk314 said:

That information isn't personal information.

My IP is. 

And sorry but I consider the exact time where I log in and out of a game a private information that should not be collected in an offline game. 

[hbk314]

2 minutes ago, sarbian said:

My IP is. 

And sorry but I consider the exact time where I log in and out of a game a private information that should not be collected in an offline game. 

Whether your IP is or not is debatable. Generally, an IP by itself without other identifying information isn't considered personal information. I've seen it stated both ways as far as GDPR goes. Some say it is in all cases while others say it may be personal information. I guess we'll have to see how courts rule on it. But as far as Take2 goes, both Unity and Red Shell don't collect your IP any more, although that may not be totally in effect yet. I haven't checked yet.

You considering log in/out times to be private information doesn't make it legally protected. I think it's perfectly understandable that a gaming company would want to know how much playtime their game is getting.

[sarbian]

6 minutes ago, hbk314 said:

You considering log in/out times to be private information doesn't make it legally protected. I think it's perfectly understandable that a gaming company would want to know how much playtime their game is getting.

So all those site that recently started to ask my explicit consent about tracker do it because they suddenly has a change of heart ? And Unity rushing an asset to make the collection optional is also because they woke up one morning and had a revelation ?

I dont say it s not understandable. I say they should ask first. And I said they have too but clearly not everyone agree on that (and the mod decided to bury an unrelated thread here).

[hbk314]

1 minute ago, sarbian said:

So all those site that recently started to ask my explicit consent about tracker do it because they suddenly has a change of heart ? And Unity rushing an asset to make the collection optional is also because they woke up one morning and had a revelation ?

I dont say it s not understandable. I say they should ask first. And I said they have too but clearly not everyone agree on that (and the mod decided to bury an unrelated thread here).

I don't even know what you're try to say here. Anonymous gameplay data isn't personal information.

[Lisias]

50 minutes ago, sarbian said:

So all those site that recently started to ask my explicit consent about tracker do it because they suddenly has a change of heart ? And Unity rushing an asset to make the collection optional is also because they woke up one morning and had a revelation ?

Uninformed people jumping into unfounded conclusions due misguided information.

They are asking you to track you due EU regulations over cookies, being cookies the only reliable (but not bullet proof, so it's not admissible as evidence on a court of law) of tracking someone on the Net.

 

[Lisias]

3 hours ago, sarbian said:

My IP is. 

Your IP is not your property. It was leased to you by your ISP. Whoever, the IP your ISP leased to you is not their property neither. ICANN assigns IP Range Blocks (google for IANA too) to third parties, and the leasing are cascaded until it reaches to you.

So, in order to identify you, one need to get the IP, get the UTC time this IP was used, identify all the chain of responsibility of such IP, until your current ISP and ask him who was using it at that specific time.

However, your ISP doesn't have the means to be absolutely and beyond doubt sure that you were using that IP at that time. The IP is assigned to a MAC (Medium Access Control) number that identifies your Modem (being it Cable, Satellite, optic fiber, whatever), but since such numbers are not strictly controlled by any authority, it's easy as hell to forfeit it (in fact, such "forfeit" is common practice on some home routers).

Unless you are effectively paying for a fixed IP, chances are that every time you reboot your modem you will get a new IP. I already was leased about 3 or 4 different IPs only this year (I track it, as I need this info in order to update the DynDNS I implemented myself for my site), and since I (try) to account every IP it were leased to me, as I need this info for controlling the logs on my secure access (so I do not get false positives for valid access I did before my IP changed), I know that since I started my DynDNS, I had about a dozen different IPs already,

So... NO. Your IP is not personal information.

Edited May 27, 2018 by Lisias
(sigh). yeah. more typos.

[sarbian]

57 minutes ago, Frybert said:

You realize simply posting on this forum collects and allows to be tracked your IP address? Not trying to diminish your other concerns but it seems a bit odd to complain about your IP when every single post you make has your IP attached to it.

Yes I know that. I mentioned it in an other post and I work in IT. I perfectly know that Squad know my IP. As an ex Squad employee they also know my real name, address and bank accounts. 

But I don't talk about the forum. I talk about the game and participation in the forum is not mandatory to play the game so those 2 are separated.

57 minutes ago, Lisias said:

Your IP is not our property. It was leased to you by your ISP

The IP block ownership has little to do with the fact that an IP is considered a private information. The EU consider it so. Feel free to copy paste your "Europe is not the world" argument from the other thread when you reply.

Also I am sorry to inform you that in some county fixed IP is the norm. It is the case for my ISP.

[Lisias]

21 minutes ago, sarbian said:

Yes I know that. I mentioned it in an other post and I work in IT. I perfectly know that Squad know my IP. As an ex Squad employee they also know my real name, address and bank accounts. 

Calm down, dude! You are almost paranoid! (I am paranoid, I know what I'm talking). :-)

You bought KSP, right? By the Internet? Using a Credit Card? So, yeah. They know your full name and bank account linked to your credit card. :-) As well as the full name and the bank account of every single other KSP (legal) user. Including me. Bought it on Steam? Read the TOS - you authorized Steam to share this information to their associates. They also probably know how many licenses I bough, and whom I give it/them as gift. 

If you have a domain registered into your name and by any lack of luck you somehow associated your real name or the email you used to log in here to that domain (over a post on some other forum, on a commit on github, whatever), they can whois your domain and get yet some more data. As well as mine. I suggest doing `whois chateauversailles.fr` to see what info the `.fr` registar provides to everyone that asks for it.

Your privacy concerns are legit, but somewhat misguided.

[Lisias]

34 minutes ago, sarbian said:

The IP block ownership has little to do with the fact that an IP is considered a private information. The EU consider it so. Feel free to copy paste your "Europe is not the world" argument from the other thread when you reply.

So... Yeah... You have some ground on you claim. My knowledge of the current status quo leads me to the conclusion that the information posted on the link you provided are inaccurate or simplified too much in order to be used as is. Granted, I think I posted something from the same site myself.

IP address is not personal data on UK, and they still are (for while, at least), member of EU. I also found that IP address can be personal information on certain circumstances on Europe. This last links appears to corroborate my thesis about the link you provided.

44 minutes ago, sarbian said:

Also I am sorry to inform you that in some county fixed IP is the norm. It is the case for my ISP.

So I advise you to restrict yourself to French hosted sites or to contract a VPN service.

 

[sarbian]

lol. I am perfectly calm.

I know what I put in my whois. You are not the only person around who know how the net works. 

I never say I want to hide my identity. You can easily find my real name in my mods licence and my address would take a few more minute on the not. That's a choice I made willingly.

The game suddenly changing its behavior and not honoring anymore its own privacy option remove the player consent. And as far asI know someone who bought KSP 1.0 on steam and who does not have forum account never had to accept the new TOS/EULA. I don't remember having to validate a new EULA when launching the game (I may be wrong here, feel free to enlighten me)

[Lisias]

Even by managing to somehow purse your cause on a Court of Law on USA, UK and others, there's Asia, Russia, Africa and some other Countries that European Courts simply can't reach. They can still track you, and sell back such information to anyone willing to pay.

Edited May 27, 2018 by Lisias

[LoSBoL]

56 minutes ago, sarbian said:

Yes I know that. I mentioned it in an other post and I work in IT. I perfectly know that Squad know my IP. As an ex Squad employee they also know my real name, address and bank accounts. 

But I don't talk about the forum. I talk about the game and participation in the forum is not mandatory to play the game so those 2 are separated.

The IP block ownership has little to do with the fact that an IP is considered a private information. The EU consider it so. Feel free to copy paste your "Europe is not the world" argument from the other thread when you reply.

Also I am sorry to inform you that in some county fixed IP is the norm. It is the case for my ISP.

There were many legal intrepretations if an IP address could be defined as Personal Identifiable information, even in Europe. But even if they were, according to the GDPR it now is so that settles it to my opinion.
I would like to see KSP get the heck into accordance, also concerning the unique user id forementioned earlier by you. 

Not so much because I feel privatelly invaded, because I really don't care if Take2 or KSP knows when 'someone' starts the game or how long it's being played, but because every implication KSP could or would be considered 'spyware' should be avoided at all cost. I'd also like to see the opt-in for game analytics return for that reason, even if it is 'just' game analytics.

So I can only applaud you for making the effort in making this notion (not the exact right word I'm looking for, but I can't think of the right one at the moment). I do wander if you don't have any other means making this point directly to SQUAD to 'fix', as an ex SQUAD employee to speed things up.

Edited May 27, 2018 by LoSBoL

[sarbian]

10 minutes ago, Lisias said:

If by managing to somehow purse your cause on a Court of Law on USA, UK and others, there's Asia, Russia, Africa and some other Countries that European Courts simply can't reach. They can still track you, and sell back such information to anyone willing to pay.

I will agree that I have a hard time understanding how the GDPR could actually claim juridiction in a foreign country. However plenty of US(+others) site clearly think they could be subject to sanction and made changes. And if they did it then it is most likely because their lawyers think they could be hit somehow.

 

15 minutes ago, Lisias said:

IP address is not personal data on UK, and they still are (for while, at least), member of EU.

Well not anymore. The R of GDPR stand for Regulation and those do not need to be transcribed in local law. UK is still a EU member for at least 9 month so since last Friday an IP address is now a personal data.

Edited May 27, 2018 by sarbian

[Lisias]

1 minute ago, sarbian said:

The game suddenly changing its behavior and not honoring anymore its own privacy option remove the player consent. And as far asI know someone who bought KSP 1.0 on steam and who does not have forum account never had to accept the new TOS/EULA. I don't remember having to validate a new EULA when launching the game (I may be wrong here, feel free to enlighten me)

But such Steam user had validated the Steam EULA, and the Steam EULA allows sharing such information with partners, TT2/Squad  being one of them.

Since KSP 1.0 doesn't have such "tracking mechanisms", there's no point on using it on the argument. But by downloading the newest version from Steam, you are obliged by the terms of the new version.

I agree that ideally such terms should be stated on the product's first loading, making it cristal clear that by using the product you automatically accept the terms. However, since Microsoft managed to get away with that Stunt about agreeing with a EULA by opening an envelope while the EULA itself was inside that envelope... (sigh).

It's enough to say that publishing the EULA/TOS by the time of the software publishing is enough.

[sarbian]

4 minutes ago, Lisias said:

But by downloading the newest version from Steam, you are obliged by the terms of the new version.

So you think that if I get you to agree to EULA v1 I can then change the term to whatever I want in v2 without informing you and it is still binding ? I would love to see that in a court. (I would love to see any EULA in court).

Edited May 27, 2018 by sarbian

[Lisias]

16 minutes ago, sarbian said:

I will agree that I have a hard time understanding how the GDPR could actually claim juridiction in a foreign country. However plenty of US(+others) site clearly think they could be subject to sanction and made changes. And if they did it then it is most likely because their lawyers think they could be hit somehow.

Uninformed people jumping into unfounded conclusions due misguided information. :-) Caution when mentioning USA - they are Common Law, you are living under the Civil (Roman) Law.

Lots and lots of differences. Never do what they do on your country just because they did.

Edited May 27, 2018 by Lisias
typos. but you already knew that...

[LoSBoL]

11 minutes ago, Lisias said:

But such Steam user had validated the Steam EULA, and the Steam EULA allows sharing such information with partners, TT2/Squad  being one of them.

This is indeed the case, also, people on Steam, like me, did get prompted of the update to the Take2 Privacy Policy, EULA and Terms of use when the 1.4 hit Steam, and needed to accept, I don't actually recall if it was before updating to 1.4, or when first booting 1.4

Edited May 27, 2018 by LoSBoL

[Lisias]

12 minutes ago, sarbian said:

So you thing that if I get you to agree to EULA v1 I can then change the term to whatever I want in v2 without informing you and it is still binding ? I would love to see that in a court. (I would love to see any EULA in court).

I would love too. But that's the trick: since you have allegedly given implicit consent on the matter, it's up to you to start things - and pay for it.

Frankly, you would had more chances on winning the cause on Common Law countries. In mine, where the Civil Law rules, there's a Law about "Mass Contracts", and EULAs are considered a "Mass Contract" here. So, or I find something on the EULA that it's obviously against the Law (and then I can claim such clausule is "Null and Void"), or I have to acquiesce. Just like that.

I suggest you research the European Law about such loopholes. You are Civil Law, just like my country.

-----

POSTEDIT: The local term for such "Mass Contract" is "Contrato de Adesão". I don't have the slightest idea about what would be the correct translation to English.

 

Edited May 27, 2018 by Lisias
yeah. typos. X-(

[sarbian]

Thanks. This makes things a lot more clearer. I guess I clicked by pure reflex... 

[Lisias]

17 minutes ago, sarbian said:

so since last Friday an IP address is now a personal data.

Citation needed, please.

[LoSBoL]

9 minutes ago, Lisias said:

Citation needed, please.

A much discussed topic is the IP address. The GDPR states that IP addresses should be considered personal data as it enters the scope of ‘online identifiers’. Of course, in the case of a dynamic IP address – which is changed every time a person connects to a network – there has been some legitimate debate going on as to whether it can truly lead to the identification of a person or not. The conclusion is that the GDPR does consider it as such. The logic behind this decision is relatively simple. The internet service provider (ISP) has a record of the temporary dynamic IP address and knows to whom it has been assigned. A website provider has a record of the web pages accessed by a dynamic IP address (but no other data that would lead to the identification of the person). If the two pieces information would be combined, the website provider could find the identity of the person behind a certain dynamic IP address. However, the chances of this happening are small, as the ISP has to meet certain legal obligations before it can hand the data to a website provider. The conclusion is, all IP addresses should be treated as personal data, in order to be GDPR compliant

Source;

https://eugdprcompliant.com/personal-data/

[Lisias]

1 hour ago, LoSBoL said:

A much discussed topic is the IP address. The GDPR states that IP addresses should be considered personal data as it enters the scope of ‘online identifiers’. Of course, in the case of a dynamic IP address – which is changed every time a person connects to a network – there has been some legitimate debate going on as to whether it can truly lead to the identification of a person or not. The conclusion is that the GDPR does consider it as such. [snip]

Source;

https://eugdprcompliant.com/personal-data/

Insufficient. On the very link you posted: "THE IP ADDRESS (IN SOME CASES)". 

I'm not doubting you. But I need the exact law and text in order to make my own conclusions. It's about the "chain of thrust" - it's not enough to thrust you, I need to thrust the people you thrust in order to accept what you say without double (and sometimes triple) checking.

On the last minutes I considered at least 2 ways to be GDPR "compliant" in appearance and still be able to collect such data.

Worst. I'm considering the effects this will have on the fight for SPAM, SCAM and some other more serious CyberCrimes where the main (when not only) weapon is IP cross checking.

This also explain some changes on some sites - they cannot rely, ostensibly, on IP to stop abuse or they will be GDPR uncomplying. Tons of annoyances in the near future. Hell, without IP tracking, some of my services are inviable as they can't uphold the load caused by the malicious accesses.

I'm afraid I will not ever provide services for europeans, as I would have to increase my expenses and will not be able to be still competitive unless I spread the cost for every other customer I have. (and perhaps this could be the unspoken interest of this?)

As a technician, I'm somewhat appalled that such Regulation has passed in the way it was being painted until the moment. If I was living in Europe, I would probably ban my kids of using Internet and Smartphones, as I just had loose the most efficient (but granted, not fail safe) tool to shield them.

2 hours ago, sarbian said:

Well not anymore. The R of GDPR stand for Regulation and those do not need to be transcribed in local law. UK is still a EU member for at least 9 month so since last Friday an IP address is now a personal data.

I stand corrected. You have way more ground on your arguing that I though. The arguing is not over yet, there're some more lines of research to be done. But yet, I was the one not up to date enough on the matter.

Edited May 28, 2018 by Lisias

[Superfluous J]

1 hour ago, sarbian said:

I will agree that I have a hard time understanding how the GDPR could actually claim juridiction in a foreign country.

I'm curious about this one too. I don't know exactly how the EU would prevent Squad - for example - from selling to EU citizens over the Internet if Squad didn't comply. Is there some master EU router that can block all traffic to kerbalspaceprogram.com? I'm assuming for the moment that Mexico has better things to do than be an EU lackey and actually act on any demands to enforce fines. Maybe they would and that's how it works.

[Lisias]

1 minute ago, 5thHorseman said:

I'm curious about this one too. I don't know exactly how the EU would prevent Squad - for example - from selling to EU citizens over the Internet if Squad didn't comply. Is there some master EU router that can block all traffic to kerbalspaceprogram.com? I'm assuming for the moment that Mexico has better things to do than be an EU lackey and actually act on any demands to enforce fines. Maybe they would and that's how it works.

One doesn't have the power to force other to do what the later doesn't want. But, boy, someones have the power to make that poor guy utterly and deeply regret not doing that.

Once a Regulation passes, the mechanisms to enforce it are authorized - including commercial sanctions.