Warband Matchmaking Client 2.0.2 (WBMM)

Users who are viewing this thread

Total: 2 (members: 0, guests: 2)
Status
Not open for further replies.
We can only identify someone by hardware hash since we already know the (person, hardware_hash) connection. If you already know the person, you do not need the hardware_hash as well to build a profile, nor does the hardware_hash provide additional information.

Orion gave quite a clear explanation on why an IP address is personal data, yet a hardware ID isn't. Knowing someone's IP address gives you a relatively easy way to find someone's location, while knowledge of the hardware id does not point to the physical pc. The only way you can find out which pc a hardware id belongs to is by hacking as many computers as possible and hoping you get lucky.
 
Who gave a student named Miracle, Admin Rights? He gave several players perm ban
I, Fddd, and someone else in the match.

Maybe someone deserved a ban for an hour, but definitely not all.
 
Watly said:
We can only identify someone by hardware hash since we already know the (person, hardware_hash) connection. If you already know the person, you do not need the hardware_hash as well to build a profile, nor does the hardware_hash provide additional information.

Orion gave quite a clear explanation on why an IP address is personal data, yet a hardware ID isn't. Knowing someone's IP address gives you a relatively easy way to find someone's location, while knowledge of the hardware id does not point to the physical pc. The only way you can find out which pc a hardware id belongs to is by hacking as many computers as possible and hoping you get lucky.
Click to expand...

Article 4(5) of GDPR defines pseudonymization as: "‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;".
By using pseudonymization methods, you separate all the identifiers so that nobody can link them to a specific person. However, GDPR makes it clear that pseudonymous data is still considered personal data if the data controller or other party is able to reverse the process of pseudonymisation (which I assume is the case for WBMM).

Edit: Just wanted to add, that I don't see a problem with collecting the hardware id as long as you add that information to WBMM's privacy policy and the user is informed about it prior to installation of WBMM.
 
imemine said:
Watly said:
We can only identify someone by hardware hash since we already know the (person, hardware_hash) connection. If you already know the person, you do not need the hardware_hash as well to build a profile, nor does the hardware_hash provide additional information.

Orion gave quite a clear explanation on why an IP address is personal data, yet a hardware ID isn't. Knowing someone's IP address gives you a relatively easy way to find someone's location, while knowledge of the hardware id does not point to the physical pc. The only way you can find out which pc a hardware id belongs to is by hacking as many computers as possible and hoping you get lucky.
Click to expand...

Article 4(5) of GDPR defines pseudonymization as: "‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;".
By using pseudonymization methods, you separate all the identifiers so that nobody can link them to a specific person. However, GDPR makes it clear that pseudonymous data is still considered personal data if the data controller or other party is able to reverse the process of pseudonymisation (which I assume is the case for WBMM).

Edit: Just wanted to add, that I don't see a problem with collecting the hardware id as long as you add that information to WBMM's privacy policy and the user is informed about it prior to installation of WBMM.
Click to expand...

Just to clarify, we add all our data to the privacy policy just to be on the safe side. This discussion is entirely hypothetical and out of my own interest to better understand the GDPR and other privacy laws.

That said, I agree that pseudonymization of data is not a free card to gather personal data. However, the rule above only applies to data that was personal in the first place. The stance I've made are that hardware IDs is not personally identifiable.
 
It only is when it is associated with other personal data. On its own, the hardware ID is not personal data. If you don't store encryption keys or generate decryption keys, never decrypt the hashed ID, and only associate it directly with arbitrary account identifiers, then it may even be considered anonymized.
 
The legality of the project is a concern of mine as a moderator, 'cause I can't let the WBMM team engage in illegal data collection activities on the forum. :razz: The fact that the thread is still open should tell you what the moderation thinks of the current situation.

That said, it is beneficial for privacy concerns of users and potential users to be brought forward and discussed, so that we can all achieve a better understanding of what data is being collected, how it is used, and how safe it is.
 
If prohibition taught us anything its that if you banned matchmaking we would just make illegal matchmaking clients in our bathtubs.
 
Me, coming into the thread after that:
W1tt4Ej.gif


Have fun sitting in the corner for a while, Thunder.
 
Stop disingenuously spinning the narrative that a short list of hardware components is personally identifiable. It is not
Click to expand...

Yes it is. The best privacy focused browser Tor disgarees with your statement.

RmBxFRt.png


This is what happens when you download the Tor browser and maximize it to fullscreen for the first time.

If they say that something as small and minor as Monitor Resolution can help personally identify someone, then I don't see how a list of your entire computer specs is not.

And with the current state of the gaming PC market, where everyone has a custom built gaming PC, it makes the job of identifying you much easier.

Theorethically, if I were an evil government and I wanted to kill someone whose's computer specs are an I7 7700k, GTX1070ti, then if you wanted to confirm that the person you are about to execute is correct, then you only need to check the computer specs to see if you have got the correct person, and ignore that guy with an I5, Ryzen, or Vega.

 
I don't, I signed up to this foum using my personal email, and I don't use a VPN. I only took offense against Orion's statement that computer specs are not personally identifiable, which it absolutely is.
 
Lolbash said:
I don't, I signed up to this foum using my personal email, and I don't use a VPN. I only took offense against Orion's statement that computer specs are not personally identifiable, which it absolutely is.
Click to expand...
It isn't, because even a custom-built PC is not necessarily unique. Your hypothetical example is flawed, and the Tor argument is as well. Both require more information than what you claim. My primary monitor is 1920x1080, so go on, find out more about me with that.
 
Status
Not open for further replies.

Similar threads

troechka33
Matchmaking mmr does not work
Replies
4
Views
295
MP_Erik
MP_Erik
itsWilliam
Mercenaries Reforged PLAYTEST - 10th January
Replies
1
Views
422
Nergigantus
Nergigantus
Mr.Drake
Make warband free to save it @Dejan
Replies
3
Views
619
Vetrogor
Vetrogor
Back
Top Bottom