Sorry for posting here, I did not find an issue tracker for issue tracker!
I am able to store the comment I wrote.
Get following messages when clicking Post Comment:
Submitting Comment ...
Invalid response received from GitHub.
FireFox on Debian Linux
Logout and login from GitHub again, still same behaviour!
So that it does not get lost here the reply I wrote:
You wrote:
within the gdpr you have to inform the user anyway about the session cookie, adding the language cookie as technical cookie isn't much extra effort.
For my understanding a session cookie is not needed for public visitors which just surf and read the content and are not logged in for contributing in any way.
Therefore I would suggest that in an upcoming release there is a global option to disable the creation of any cookie for public visitors of the Joomla! website.
Having no cookies at all means, we do not need to inform end users about it. It would be good enough to state in the privacy policy that there is no data collected and that there are no cookies stored for public visitors.
Of course, if a user then registers, he needs to get informed about cookies. Even then he should have the option to accept technical cookies only or to not accept any cookies at all. The last option would force him to validate again and again for every page he is accessing since he is not known to the system.
Tell me if I am wrong.
The argument that I am able to implement anything with my own code is polemic.
Yes. I can implement anything myself, I could even program my own content management system, but
Labels |
Removed:
?
|
Labels |
Added:
No Code Attached Yet
|
if you are able to create a pr please make a concept how it should work (step by step) and share it with us. If it's conceptional good and possible maintainers will discuss it and give you feedback if we would merge such a pr. (that way would solve you time creating a PR which is not accepted).
Beside that the issue tracker is not broken, the old issue has been locked by robert.
@ReLater wrote:
It's sufficient to state in the privacy policy that you're site stores session cookies. session cookies do not require consent. These cookies are needed by Joomla at some places even if a user is NOT logged in (just by the way). A technical requirement.
I do understand that Joomla! is using session cookies. But I do not see that it is a technical requirement. I do not see that it is impossiple to program a website in a way that it might be viewed without sessions and cookies. Any simple webserver is able to show pages without session cookies.
To make it clear: I understand that Joomla is using sessions (and session cookies to identify users) as a core feature. This means Joomla! is processing personal data. But that it works like this is a desicion of the developers. It does not mean that it cannot be done without.
The GDPR (in German DSGVO) applies whenever personal data is processed for someone called the controller (in German "Verantwortlicher") (article 4 §7) living in the Europe Union or if a website is aiming at European people (it does not matter if it is paid for or not).
If you read the GDPR Recital 32 Conditions for Consent (in German DSGVO Erwägungsgrund 32 Einwilligung) it says:
Consent should be given by a clear affirmative act ...
This could include ticking a box when visiting an internet website ...
Silence, pre-ticked boxes or inactivity should not therefore constitute consent.
This means, that if the end user is not actively confirming that he accepts that he is identified through a session, it is not allowed to do so. And that concludes that Joomla! is violating European law, beause Joomla! starts the session and sets a cookie before the end user has a chance to accept or deny it!
GDPR Article 83 §5 states that:
Administrative fines shall ... be given to the following:
Infringements of the following provisions shall ...
be subject to administrative fines up to 20 000 000 EUR ...
the basic principles for processing, including conditions for consent
Sorry I do not know what a pr is and I also do not know what a PR is.
Can you please explain what you want me to explain step by step? If I can, I certainly will. Thanks.
You wrote:
Beside that the issue tracker is not broken, the old issue has been locked by robert.
Robert wrote, that he wants to lock it for one person, not for everyone. And after that there was no comment form visible. Two days later the comment form is visible again, but after long writing, trying to submit gives a error message without hint what happened.
sorry I think I mixed up 2 comment from 2 different persons, I thought you can write php code.
About the session cookie, there is so much discussion which I don't do anymore because if you ask 3 lawyers you get 5 answers. So until due EUGH says what's fact everything else is talk between blind people.
Never the less I would really like to see joomla without session cookie (at some point I already wrote a proof of concept which does 0 database queries, means no session loading). But to be honest it's not so easy, most of the extensions (core and 3rd party) depend on a "user object" which maybe empty but they require it and maybe safe information in the session store. It's hard to detect if it's really needed.
So if some one find all the caveats and remove the user session for public access I'm full in favor for it.
The only thing worse than a joomla user talking about node is a joomla user talking about the law.
@HLeithner
No problem, I learned so many languages PHP is just not one of them.
There is enough I can do to help. Even without coding. :-)
Well its simply reading the document. Just 99 articles and only the first half is important for this discussion. Lucky that it is not eaten as hot as cooked. (Gives some time to discuss and work on it)
If anybody is interested, this GDPR version is easy to read, switch between German and English and has links to the original papers.
Having no session and no cookies (meaning no personal data at all) would not only simplify the privacy statement but also all the provisions about documenting, processing and handling of personal data.
If a user identifies himself, then create the session cookie and a real session without the public flag, as Joomla! is used to.
Of cause no other cookies.
moving in a better place
Status | New | ⇒ | Closed |
Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2022-11-10 19:57:02 |
Closed_By | ⇒ | alikon |
Concerning the second part: Why again? Everything is said.
It's sufficient to state in the privacy policy that you're site stores session cookies. session cookies do not require consent. These cookies are needed by Joomla at some places even if a user is NOT logged in (just by the way). A technical requirement.
You do NOT need to state in the privacy policy what your site does NOT do.
Therefore my question: You have a privacy policy. You like to have a new setting in Joomla just to avoid 1 additional standard sentence or paragraph in the privacy policy????
I think that that would be a stupid idea! What comes next?
By the way: There is already a setting "Track Session Metadata" in Joomla configuration. This reduces stored session data to a minimum.