I initially reported this way back when the privacy features were first introduced, and I was told it was by design that users did not have to login to create a request.

The GDPR says that the DPO (or business owner, if the business is too small to warrant a DPO) must also accept requests by email or snail mail which solves this problem.

In the 3+ years I've been using my own GDPR compliance software I have received three emails asking for data deletion (all three had logins and logged into the site to delete their accounts) and served several hundreds automated requests on a user based of approximately 35,000 active users. This tells you the relative frequency of each mode of interaction.

Instead of doing that which is perfectly GDPR compliant, Joomla is allowing anyone and their dog to request actions be taken against the personally identifiable information of an unrelated party, thus potentially violating the GDPR. Sure, it requires the victim to confirm the request. However, the victim can be easily tricked by a spoofed email or some other social engineering method.

The most important problem I see is if someone is fooled into accepting a request to delete their user account. The business owner is legally required to honour this request and upon doing so is legally required to act as if the victim had never been a client of his business. I can see a massive issue for the victim and the business owner in this case. The victim has paid for a service they cannot get. The business owner is legally forbidden from providing this service or giving a refund. Should the victim make a chargeback request the business owner cannot defend themselves because any information they could use is legally off-limits. In the end of the day the business owner is shafted with a chargeback fee, the former client is pissed off and says nasty things about the business owner when it's neither party's fault.

Someone didn't think this one through at all. Sheesh!

One answer I got thrown repeatedly is that it's NOT A GDPR SOLUTION- it's a "suite of privacy based features"...

So, it's a privacy toolkit which violates privacy laws. Got it.

Good thing that this morning I told Davide we should implement a workaround as a EDIT: OKAY I WILL NOT TELL YOU WHERE feature instead of bothering to fix it in the core...

can i suggest to tell @tampe125 to do a pr in the core instead ?
?
there was some discussion on that in the 2018....
nothing that cannot be improved in 2021

@PhilETaylor can you please share the link for that old discussion....

Wow. No wonder Joomla users dont get to have nice things without paying for them. When you selectively quote comments completely out of context you do your opinion a disservice. Just as when you ignore the comment

"I'm reopening this as it is a valid issue to keep on the books and continue looking for ways to improve upon."

But you chose to ignore that and close it.

Don't bother including me in any comments. I've had enough of contributing my time voluntarily when others just see it as an opportunity to make money. Bye

Brian.

When you selectively quote comments

I was mobile, actually in the Butterfly House of a Zoo, and the GitHub app will not let me select the url as there is no url its an app, so I chose to screenshot. I have since learned that you can get a url from the Share menu button, I was unaware of this before.

The quotes, make perfect sense, in context and out of the context. You have not been mis-represented at all. You are just pissed because you have been correctly and accurately quoted again. and your words have come back to haunt you.

The quotes state that com_privacy is not a GDPR compliant solution. This was the point I was making, and was in context and relevant to the previous comment from Nic and myself.

you do your opinion a disservice

Its not my opinion. They are your words not mine. Anyone could search for the words in GitHub and find the context which is #22720 where you repeatedly assert "your opinion"

But you chose to ignore that and close it.

Fact: It was reopened and then reclosed by @mbabker - The "valid issue" was nothing to do with not having to login to submit requests, it was to do with "The IP address and the user agent of the browser is left in the body of the consents"

it was finally closed on 10th Feb 2019, along with many other threads you abused me in - as is my right as the issue starter - after I filed a CoC Report about your continued abuse. I believe that was against upheld against you - until you threatened the project with legal threats because they were about to publish a blog post about suspending you from the project to make the point that abuse of contributors would not be tolerated. As always, you and your friends in the inner circle threatened the project to the point they backed down and you were allowed, after your ban, to return with nothing made public.

No wonder Joomla users dont get to have nice things without paying for them

But you are Joomla's number one contributor - apparently - so that means the things you contribute are worthless and not nice right?

I've had enough of contributing my time voluntarily when others just see it as an opportunity to make money. Bye

Please Brian, never "contribute" again to Joomla.

This would make a lot of people very very happy and would actually be the best thing for this project. It's time.

You like to slag off people who work hard making a living, you slag off newbies discussing ccks in discussion, yet you are the person who has made 100% of their income from your "Joomla Co-Founder" status, travelling the world as "Mr Joomla" and who spends most of his time abusing those new people who come to contribute their time and comments to this project. So yes, please, never contribute ever again to this project. Please make many people happy.

The continued accusations, threats, bullying and blatant abuse from "Toxic Teflon Teeman" has to end!

Millions of people make money from Joomla - you included - yet you only attack a few people who DO contribute - problem is - in your own sick world - only your contributions apparently count.

I contributed a lot to com_privacy as can be evidenced by a simple GitHub search. including security issues #22638 which again you sought to slag off an entire security team over.

Your opinion is not always right. Agree or disagree - you just dont care about anyone else's opinion except your own.

Over and out.

@brianteeman EXCUSE ME?! Are you SERIOUSLY saying that I only care to make money out of Joomla? Are you kidding me?!

Let's begin with the fact that I have contributed to this project since 2009. I don't have a massive commit history like you, I'll give you that. However, you may have noticed that I am tackling the hard problems that nobody wants or knows how to tackle. I even contributed my backend framework to Joomla only for a PLT member to unilaterally decide I am not allowed to maintain it anymore and put my entire livelihood in jeopardy. You may have forgotten that I had to fork my own framework back in 2013 to make sure I still have a company to make a living, right about the same time I was hit hard by capital controls which threatened to put me out of business. I haven't forgotten that. And I STILL contributed to Joomla after that. So don't you EVER dare tell me that I am only interesting in making money off Joomla when Joomla itself has done its damnedest to put me out of business and I am STILL. CONTRIBUTING. TO. THIS. PROJECT. Your adding insult to injury is way too much, especially because you of all people should know better!

You may have noticed that I have just spent 80% of my last 10 days contributing a revamped Joomla Update extraction and fixing the issues which caused failed updates from 3 to 4 and even wrote the most detailed troubleshooting guide for updates instead of letting wrong and idiotic “advice” being peddled on the forum. Not only do I NOT receive any payment for that, not only I am taking time off the software people actually pay me to maintain, I am in actual fact making sure that nobody will know it has anything at all to do with me if lest they go through the Git commit log.

A big motivation for writing the Joomla Update PR is that it felt MORALLY WRONG for Joomla to include a file with my company's copyright as a vital part to its updater. So I put in the massive time commitment to rewrite this from scratch, in a way that Open Source Matters, Inc can claim copyright per the terms of the Joomla Contributors Agreement I signed all those years ago.

I have NEVER peddled my contributions to Joomla as a valid reason for people to pay me anything. In fact, I have always said that you only ever need to pay me for my Professional software if and only if you actually find value in the additional features over the free version and/or you want support from me (I'd love to give everything away for free but I need to support my family). My business site mentions absolutely nothing about my contributions to Joomla (except for mostly private tickets when I'm asked point blank what do I know about how a feature I contributed actually works). I don't use my involvement with Joomla to attract clients. My blog makes a passing reference that I am a frequent contributor, not sparing more than 5 words for it. Would you like to tell us what your business site and your blog's about page reads? Right. You should hire Brian because he's the Joomla co-founder and the first person to do Joomla training. And you have the nerve to talk about people who make allegedly money off Joomla... This would be funny if it wasn't such a pathetic attempt at gaslighting.

Regarding this issue, we bumped into it while working on our own site, trying to upgrade it to Joomla 4 and discontinue our DataCompliance extension because it's competing with a core feature and it just doesn't feel right. We can't tell people to use the core and have us hypocritically use an extension we wrote instead of the nearly identical core feature. Speaking of which, my DataCompliance extension predates com_privacy by well over six months and @mbabker copied most everything I did in DataCompliance for com_privacy, down to using the term “domains”, the same plugin events concept for exporting and removing data and the same code I was using for a captive login. Do note that the captive login is a code pattern that before I wrote LoginGuard nobody had ever done. Not only that, the PLT members were telling me that it is impossible to do in Joomla. I got tired of that stupid spiel and wrote the code which proved it perfectly possible, very easy and then Joomla copied it. You're welcome for my opening your eyes and giving you the code to copy which, by the way, is licensed GPLv3 while your software is licensed GPLv2 and you were not allowed to copy it. I could raise a stink about that but I chose not to because, well, I'm neither a dick nor am I here to make money off Joomla. I'm happy that Joomla users get to enjoy the product of my R&D even without attribution.

In any case, we need our site to become operational in Joomla 4 by mid to late October. So of course the only reasonable course of action is a. implement a workaround (which proves that the problem i. does exist and ii. can be dealt with) and b. file an issue here. The first part is necessary because reporting an issue to Joomla is not a guarantee that Joomla will even accept there is an issue (see my issue about the extension updates, a saga which had been going on for 8 years before I had to file a public issue), let alone let us fix it (see more than half of the issues I have filed; I have created private workarounds for each and every one of them because Joomla wouldn't accept the fix).

Even if it's fixed, it's anyone's guess if it will make it to 4.0.x, 4.1.x or be killed off... sorry, I meant “delayed for the next major version” which is a nice way of saying ain't gonna happen in your lifetime (see: the promise to include U2F two factor authentication back in 2013 which was supposed to be revised in 4.0). So, yeah, we MAYBE WILL include the workaround in our paid version of our software because we are also pretty sure that this issue if it's ever fixed it's going to be fixed only in Joomla 4, not Joomla 3 and Joomla 3 is still going to be out and about for another 2 years.

If the Joomla project wants us to fix this issue we will gladly do so which means that I am paying out of my own pocket for Davide's time to write the code and go through the long process until it's RTC. How the hell am I making a profit from that?! It will cost me nearly 500 Euros to fix something in Joomla. If you think that I will make that money back because people will suddenly rush to buy Admin Tools Professional to address this issue that has gone mostly undetected for three years you are out of your mind and I wish the world would work like that; I'd have fifty times more clients and I'd actually be making more than a living.

In any case, I am going to tell Davide to not spend a single minute more on this issue unless we have a guarantee by the production leadership that they DO recognise this as an issue and they WILL merge the fix we will contribute. Otherwise I don't fancy spending hundreds of Euros while having every random person who put his name on a petition tell me that I'm making money off Joomla. Spending money and being accused of magically making money instead? Fuck that shit!

@brianteeman EXCUSE ME?! Are you SERIOUSLY saying that I only care to make money out of Joomla? Are you kidding me?!

No it was all aimed at me - like all his abuse is... repeatedly.

Again one of these annoying and time wasting issues. Again a reason why I don't come daily to GitHub anymore.
1 issue, 1 related and constructive answer.

The rest is just blah-blah and self-congratulation from self-appointed godfathers.Take your private shit and ego to Facebook or somewhere else and stay on topic here like you should on GitHub.

Others just post a "Confirmed", issue related comments and a reference to older threads. Here unreferenced images, advertising for commercial extensions and uninteresting once-upon-a-time-stuff. "Whoo, how awesome I am!".

Take your private shit and ego to Facebook or somewhere else and stay on topic here like you should on GitHub.

Others just post a "Confirmed" and a reference to older threads. Give related input. Here unreferenced images, advertising for commercial extensions and uninteresting once-upon-a-time-stuff. "Whoo, how awesome we are!".
It would be nice if administrators of this portal, would find ways to make this here on Joomla-GitHub again a topic related, constructive exchange and not some babble portal for egomaniacs.

There are no ignore lists here, unfortunately.

It would be nice if administrators of this portal, would find ways to make this here on Joomla-GitHub again a topic related, constructive exchange and not some babble portal for egomaniacs.

Ban Toxic Teflon Teeman from the project - 99% of the crap will disappear overnight.

Sorry! I meant you! @PhilETaylor

Yeah well we all know you hate me too... :) That is well documented here.

@ReLater I am sorry that we reported an issue we found during the development of our site and our extension. If this is what you think of 3PDs reporting the issues they find and willing to spend their own time and money fixing them for everyone then we will stop reporting issues to Joomla and only implement paid workaround so you people don't bitch about us doing work for free.

Yeah well we all know you hate me too... :) That is well documented here.

I hate your endless self-congratulations and this extreme profiling addiction that costs my time and that of others. Nothing more.

I fail to see where Im congratulating myself here? I point the issue opener to a directly relevant thread which documented that it was the Joomla projects aim that the privacy suite was not a GDPR suite, which was in context and a direct reply to his mentioning of the GDPR. I included direct relavant, screenshots of comments from the previous on-topic thread as evidence

Then I get abuse for doing so.

Closing since this is getting useless.

Closing since this is getting useless.

Just like me apparently.

This was passed to me by @mbabker to post, as he cant. (Ignore highlighting thats a mistake)

for those interested only on the issue/topic and possible solutions see #35470
"polemic only" please abstain