lol-lol's comments

Legitimate interest is so wrongly understood. You can only use it if your business is not able to function without some PI and for nothing else. For example if you are having an online store, it is perfectly ok to require name and address as you cant deliver goods to the customer without it. The phone number is already fishy (if you already have another mean to communicate). Using 3rd party by default that is doing monitoring/tracking is a no go, you cant put it under the legitimate interest. And you cant force user to give you a consent by denying access as this is violating that it has to be given free. You will get a consent this way but it will be invalidated in case someone complains to ICO and then you have troubles. And I have talked to our ICO in person. And Google already got a complain. So did facebook and instagram and whatsapp.

I think that persons that were saying that analytics is ok didnt read THIS: "Article 29 Working Party, Opinion 6/2014 on the notion of legitimate interest of the data controller under Article 7" page 25. (http://ec.europa.eu/justice/article-29/documentation/opinion...): "However this does not mean that controllers would be able to rely on article 7(f) to unduly monitor..."

You can thank me later ;)

or if you want, just board: https://mikrotik.com/products/group/routerboard

Anyway their routers are cheap and very capable, but the administration is NOT (!WARNING!) for normal users. You will need to know a lot about networking.

I hope we are past "I have nothing to hide" in 2018.

What they are doing is direct violation of GDPR and a really bad idea. There was a complaint filled this morning agains Google, Facebook, Whatsapp and Instagram doing something similar but to lesser extent.

https://noyb.eu

I just cant understand why is everyone trying to push all its intelectual power into trying to workaround GDPR instead of trying to comply, for most website it is trivial as they are in breach of GDPR just becoase they collect the data they dont need.

Sometimes how you do it is far more interesting than what you do (but it might be a tad more complex to understand).

https://web.archive.org/web/20110205151357/http://www.rootki...

> "merged in its own permuted body and rebuilt the host."

Actually it was even more sophisticated, it not only merged its permutated body into the host, but rather rearanged the host in a way to merge chunks of its body between the chunks of host original code, using jmp instructions to keep the code flow, where entry point was inserted on random. If he would further armored it by additional polymorphism layers for each chunk this would make it even algorythmicaly impossible to detect (on the other side, even now, no one can claim it can detect all the permutations, while the disinfection is limited to "delete infected files"). This was work of art (I was a malware analyst), todays malware is a joke compared to what z0mbie was doing (even if I could argue that there is lot to do on windows, infecting MBR and owning the Windows by serving them the calls to yourself is still (maybe I am outdated?) something to be seen. I would really love to shake his hand even if we were on oposite sides :)

http://dsr.segfault.es/stuff/website-mirrors/29A/

And mirror of z0mbie (mistfall author) site http://z0mbie.daemonlab.org/

I am really interested what happened with z0mbie... he just vanished at some point...

What I am seeing lately with malware is increasing decline in sophistication, today malware is lame compared to the malware created around 2000. I would think that level of low level knowledge is rapidly dropping. When there were still real file infectors, there were some serious nasty technologies involved (btw, todays ransomware is a very old concept (http://virus.wikidot.com/onehalf) but it was used to prevent virus removal instead of making money).

https://www.linkedin.com/pulse/nightmare-letter-subject-acce...

Bottom line, DONT store/sell/mangle with personal data of your users unless you are able to fulfill this. I was thinking a bit about having an online store:

- make login as it is on Hacker News, you dont need email

- once user has selected and payed the goods, request sending address and contact (phone/email/whatever)

- ship it, print the requested / store into cold store (it is not that hard, you do it for bitcoins, right?), delete everything except username and password (and maybe the attached goods) from server

The described process will pass the GDPR Nightmare Letter in 10 minutes (to write a general reply) that you sent to everyone requesting.

This is what traditional "physical" stores do, not the large chains, the traditional, one employee, family store. And it works.

For everything else require consent, including tracking, but think very hard if you need anything else as it will complicate your business progressively.

I really dont understand all the fuss about the GDPR, if you explain (and prove) this to ICO, I would really like to see who will punish you for that.

There are lots of developers that stayed as backend engineers as they couldnt stand javascript (as a language and its integration with DOM), they stepped over the beginner phase with their development skills while javascript forced them to write BASIC (LOGO) level code. On the top of it, there were always some junior engineers that barely started to develop and were playing smart and bragging how cool the javascript is. There is a lot of rage stored in those circles and there are lots of excelent developers (I can tell you that 90% of top developers (not 25 years old kids, people that are able to write runtime compilers and OSes if given enought time) I know never wanted to work in javascript). Different reasons but I can tell you that most of them would say "I dont like java, but javascript is humiliating".

Now the webasm is comming, I am preparing to bet that the frameworks will start to pop out in year or something after DOM is supported and they will overrun javascript in shortest possible time, just to prove the point - it sucks big time. QT is beeing prepared, all the "real" languages are starting to prepare to support compiling into webasm... the traditionally backend languages (that... you wouldnt believe... backend engineers know very well) are now having a chance to shine in browser that was restricted for them due to javascript monopoly.

I wouldnt take the javascript future as really bright, in best case it will be used in same way as today shell scripts are (this is what they meant that webassembly is not replacement for javascript). To glue some parts of "system" (read as: browser) together.

And quite frankly, this is step that should be done 10 years back. It would save world a lot of trouble.

And have fun: https://s3.amazonaws.com/mozilla-games/ZenGarden/EpicZenGard...

Cookie can have one single value and that is opt-in:false. Nobody will ever say you are tracking them. If you put into it some guid, it will raise suspicions.

GDPR is otherwise quite simple, handle my data as you would handle yours. I bet you would be quite compliant with just this fact.

Anyway, go and block EU, this will create a bunch of EU companies serving what otherwise you would, but to the whole world + 500 milions EU cityzens. No one will cry about "your" service but someone will earn instead of you. Fine with me.

(Not to mention a hell of a lot less clickbait sites, nothing anyone will cry about - or actually probably it is good for them to be cut off. It would be just perfect if Facebook and Google would block the EU too - it would be a pain for a year, after that we would have our alternatives - GDPR enabled and probably working better. And additional, benefit: 90% of javascript so-called developers would go out of business as they are unable to function without copy/pasting from the web.)

Cheers.