Warband Matchmaking Client 2.0.2 (WBMM)
- 主题发起人 KaneMaB
- 开始时间
正在查看此主题的用户
- 状态
"EUs have such big egos even antarctica would sink if it tried to hold." - wise words from a na
Gotha 说:
Gotha 说:
Gotha 说:
marry meGotha 说:
There was no time delay between the change in privacy policy in the client and the gathering of the hardware hash. The update added both the updated privacy policy with a new "agree" checkbox as well as the hash checking.
We are not obliged to share that we gather this bit of information under any privacy laws either. As Orion correctly pointed out, the information is not personally identifiable. We added it to our privacy policy anyway as we like to be transparent about all the information we gather and why we gather it.
We don't mind the sanity checks/questions and so on, so please don't feel reluctant to post them or send me a pm about them.
@Fietta, we'll get back to you about the testing procedure.
We are not obliged to share that we gather this bit of information under any privacy laws either. As Orion correctly pointed out, the information is not personally identifiable. We added it to our privacy policy anyway as we like to be transparent about all the information we gather and why we gather it.
We don't mind the sanity checks/questions and so on, so please don't feel reluctant to post them or send me a pm about them.
@Fietta, we'll get back to you about the testing procedure.
rip
[quote author=GDPR Definitions]‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;[/quote]All of these are things that must be attributed to a person, not to a person's configuration of PC hardware. It is (probably) true that a unique human-readable identifier is attributed to each individual who runs the client (i.e. user numbers 1, 2, ... , N, much like on this forum) but this is an identifier generated by the system to refer internally to a client, not external information that the user provides to the client. Hardware IDs generated by the system are created using external information that is gathered from the client, but they are a hash generated from non-identifiable data and are affiliated with the previously mentioned internally generated user ID. The only real question about user privacy at this point is the format of any user generated ID that is not the hardware ID hash. Specifically, are user IDs generated or collected from the user's display name, or are they arbitrary numerical identifiers? I haven't used the system so I don't know if users are allowed to change their display names at will, but if so then that would lead me to believe that users are in fact given a name-independent identifier. If that is the case, then users have an arbitrary identifier and a hashed hardware ID which are affiliated, but neither is considered personal data under GDPR unless they are further affiliated with external data collected by the program. See the following definition:Aeronwen 说:
https://gdpr-info.eu/art-4-gdpr/
All of these are things that must be attributed to a person, not to a person's configuration of PC hardware. It is (probably) true that a unique human-readable identifier is attributed to each individual who runs the client (i.e. user numbers 1, 2, ... , N, much like on this forum) but this is an identifier generated by the system to refer internally to a client, not external information that the user provides to the client. Hardware IDs generated by the system are created using external information that is gathered from the client, but they are a hash generated from non-identifiable data and are affiliated with the previously mentioned internally generated user ID. The only real question about user privacy at this point is the format of any user generated ID that is not the hardware ID hash. Specifically, are user IDs generated or collected from the user's display name, or are they arbitrary numerical identifiers? I haven't used the system so I don't know if users are allowed to change their display names at will, but if so then that would lead me to believe that users are in fact given a name-independent identifier. If that is the case, then users have an arbitrary identifier and a hashed hardware ID which are affiliated, but neither is considered personal data under GDPR unless they are further affiliated with external data collected by the program. See the following definition:Orion 说:
https://gdpr-info.eu/art-4-gdpr/
[/quote]
So you are saying that the data collected by WBMM for the specific reason of identifying the individual is not data that will identify the individual?
from the actual EC site
You are saying that specific PC identifation data is less personally identifying than an IP address?
You missed the part where an arbitrarily assigned number for internal use and a hashed ID generated from a given hardware configuration aren't personally identifiable. This information is not used--and in fact, cannot be used--to identify or obtain any real-world identifiable information about the person.
Please don't insinuate that the reference I provided is not credible. Here's a page on the European Commission website which links to this page, containing the entire text of the GDPR. The content is identical to the source I provided. The bits I quoted, for your convenience:
[quote author=My first GDPR definition quote, from my first source]‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;[/quote]
[quote author=GDPR definition quote from the source linked by the EC site]‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;[/quote]
[quote author=My source]‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;[/quote]
[quote author=EC's linked site]‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;[/quote]
Stop disingenuously spinning the narrative that a short list of hardware components is personally identifiable. It is not, and it's not my job to prove it. You're making the claim that it is, so go on, educate us.
Absolutely. From an IP address that isn't routed through a VPN you can get an approximation of geographical location and the name of that person's ISP. As we know from the definition provided for "personal data," geographic location data is considered personal data and because an IP can be used to attain approximate geographical data it is considered personal data. A list of hardware tells you nothing except what's in their PC. I could tell you what's in my PC with a part list that is more comprehensive than what the matchmaking client uses to generate its hash and you couldn't use that information to find out who or where I am. You couldn't even narrow it down to a reasonable guess for a specific country.Aeronwen 说:
Please don't insinuate that the reference I provided is not credible. Here's a page on the European Commission website which links to this page, containing the entire text of the GDPR. The content is identical to the source I provided. The bits I quoted, for your convenience:
[quote author=My first GDPR definition quote, from my first source]‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;[/quote]
[quote author=GDPR definition quote from the source linked by the EC site]‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;[/quote]
[quote author=My source]‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;[/quote]
[quote author=EC's linked site]‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;[/quote]
Stop disingenuously spinning the narrative that a short list of hardware components is personally identifiable. It is not, and it's not my job to prove it. You're making the claim that it is, so go on, educate us.
[quote author=GDPR definition quote from the source linked by the EC site]‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;[/quote]Orion 说:
[quote author=My source]‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;[/quote]
[quote author=EC's linked site]‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;[/quote]
Stop disingenuously spinning the narrative that a short list of hardware components is personally identifiable. It is not, and it's not my job to prove it. You're making the claim that it is, so go on, educate us.
[/quote]
The WBMM data is identifying and that is how it is being used, the sole stated purpose of collecting is to identify the player in order to prevent them from rejoining when banned. I do not see any need for such hostility or personal attacks.
I have not yet, and do not intend to, 'insinuate' the reference you provided is not credible. I think your interpretation is flawed. Quite why you think identifying the pc a person is using not personally identifying but location data from that pc is is perplexing. How do you interpret 'an identification number' from the quote you give?
It seems this is the use of 'pseudonymise' to which the definition, given in your link, is referring.
No-one is saying that WBMM cannot use data the only that it is subject to GDPR. ie that it can only be used for the purpose stated on collection, that storage is subject to proper safeguards etc.
I personally would not do it. My view is that if a player misbehaves on a server and the ID is banned and then that player comes back on a different ID either they misbehave again and that ID is also banned or they behave and everyone wins - there is no longer any problem.
So you would prefer they keep rejoining on other id's to troll? rather than take an action which actually does work to prevent them from carrying on?
No offence but do you even play WBMM anyway, I've never even seen you play it. Why is this such a big problem? If you do not want them to know what CPU you use xDDDD. Then do not play its as simple as that.
But the people playing it HAVE agreed to the privacy policy and just want to play and have fun. Please don't create drama and problems out of nothing.
No offence but do you even play WBMM anyway, I've never even seen you play it. Why is this such a big problem? If you do not want them to know what CPU you use xDDDD. Then do not play its as simple as that.
But the people playing it HAVE agreed to the privacy policy and just want to play and have fun. Please don't create drama and problems out of nothing.
Apollo~ 说:
Again I am not creating drama, I simply corrected the statement the GDPR does not apply. It does.
Not sure why anyone wants to make a big deal out of that or accuse me of anything. GDPR does mean the data cannot be used but just that certain conditions apply.
But you are right it is not worth my time and trouble to try and convince anyone.
- 状态
