So it Twitter and Facebook, but they still must comply with EU laws if they serve EU customers.
So, where are those "federal anti-spam guidelines" that supposedely require to keep user's information indefinetely and prevent the website from ever deleting user account, even when user requested account to be removed.
Something tells me that no such guidelenes exists.
If such guidelines really do exists then put the link, otherwise we all think you just made it all up.
I'll defer to Dani for quoting chapter and verse of the laws.
But since we're now demanding things, I'd like to know what part of the information we keep rustles your jimmies so much. Looking at the terms of service (noting also that you don't have to register to read the TOS) you'll find this clause:
To comply with federal anti-spam guidelines, DaniWeb stores the registration email address, current email address, all IP addresses used to register with and post, date of registration, and date last visited of all members as confirmation and proof of opt-in status.
Now let's make a happy little list of the pieces of information so that you can more easily explain exactly how each one is objectionable:
- Registration email address
- Current email address
- All IP addresses used to register and post
- Date of registration
- Date of last visit
For the record, you can change your current email address from your profile edit page. The registration email must be valid to complete registration, but it's otherwise unused and serves only as proof that you requested an activation email.
I just asked for a link for these so-called federal guidelines. I googled but could not find any guidelines that require to keep user's registration data forever.
I don't need to change my email address since I will never ever check it again, it was just a one-time address I used just to register. I always use throwaway emails to register on forums. You can keep sending me emails if you want to waste your server resources.
I just asked for a link for these so-called federal guidelines.
That's fine, and to ensure that you get exactly what you asked for, I'm leaving the answer to the person who has all of the specifics.
I also asked for something reasonable: an explanation of exactly what bothers you so much about our policy.
So it Twitter and Facebook, but they still must comply with EU laws if they serve EU customers.
This is not true at all. DaniWeb is a NY-based company and therefore only needs to comply with US laws. For example, China has a lot of national censorship laws and DaniWeb gets a lot of traffic from China. That doesn't mean that we are required to obey all of Chinese laws and regulations. DaniWeb gets a small handful of traffic from North Korea too. Does that mean that we are required to obey all North Korean laws?!?!?
It's not like we're doing business with China or a country in the EU. If I were a brick-and-mortar store in America and I was expanding to set up shop and do business in the UK, then, yes, I would have to adhere that part of my company to comply with foreign laws. But email correspondence or signing up on a free site does not constitute "doing business" with the site ... there's no exchange of money for products or services outside of the US.
Now also keep in mind that the email you linked to mentions the EU requiring the ability to remove accounts as something that has not yet been voted on and, IF it even passes at all, it wouldn't go into effect for at least a year.
All that being said, I honestly dare you to find just one large-sized company that permanently and completely erases all records of a particular user from their database upon request. As mentioned earlier in this thread, it is currently on the todo list to offer the ability to soft-delete member accounts (meaning they will be deleted for all intents and purposes but of course will still remain archived in our database). But as far as permanently and completely deleting all traces, I can think of at least a handful of (non-technical) reasons off the top of my head why it would be entirely implausable to do so.
- Member registers. Member violates DaniWeb rules. Member gets banned. Member requests we remove everything related to their account from the database. Member re-registers with the exact same email address since there is no longer a record associating that email address with being banned. Cycle continues infinitely. FAIL.
- Member posts something incredibly illegal on DaniWeb and then requests that we remove everything related to their account from the database. DaniWeb is subpoenad by court to provide IP address of the computer the post originated from. FAIL. (Feel free to google about national and commercial data retention, especially as it applies to Internet activity.)
- Given the extreme amount of email that we send out regularly, we are being constantly monitored by all the big ISPs (AOL, Yahoo!, GMail, etc). Each time their heuristics determines that a "more-than-average" amount of email from daniwebmail.com is being flagged as spam (This typically happens every few months), they email us with a very random selection of email addresses we sent mail to over the past X days/weeks, and we have 48 hours to respond back to them with WHY we emailed each user (to the detail of "We emailed user firstname.lastname@example.org because they registered with IP address XXX at this time, on this date, and they activated their account from IP address YYY at this time, on this date.) If we don't provide them with all of the information that they are looking for, then they blacklist us from emailing anyone again. (Had near-brutal run-ins with @aol.com and @yahoo.com in the past related to this). If we respond with "Sorry but that user asked us to delete everything about them" then that is FAIL.
Keep in mind this is done to PROTECT YOU, NOT US! Believe me, there is NO ADVANTAGE to us to store gigs worth of useless information in our database about users who don't even use our site and are opted-out from receiving any email from us. But, because of our size, we are under scrutiny to make sure that everyone we have ever emailed did, at one point in time, register on DaniWeb. The laws are in place to protect users from sites like DaniWeb buying email lists and then mass-mailing everyone on the lists, and then using the excuse "Sorry, but they asked us to permanently delete all traces of their information and that's why we don't know why we emailed them" if we are called out on it.
Edited by Dani
What about european law that requires to delete all user data upon request?
You mean the proposed law that might come into effect next year but only if all EU countries agree to it? Hardly a done deal, and hardly relevant to DaniWeb in any case...
All IP addresses used to register and post
They all make sense to me except for keeping track of the IP address for every single post. Why would provng you aren't spamming require that you keep track of the IP from every single post? I have thousands of them. Keeping track of the registration IP and possibly the IP of the LAST post would seem sufficient. Do you need to retain my IP address from a post three years ago giving advice on debugging a Hello World program? And is that for anti-spam purposes or for another reason?
Perhaps point 2 answers that question? It's not for anti-spamming purposes? You can get in trouble for getting subpoenaed to provide something, having it, and refusing to provide it, but if you don't even HAVE the IP addresses, how can you get in trouble for not complying with the subpoena? If you didn't store the IPs of every post, no one could accuse you of selling the IPs to the previously mentioned dishonest mass mailing outfits.
Member posts something incredibly illegal on DaniWeb and then requests that we remove everything related to their account from the database. DaniWeb is subpoenad by court to provide IP address of the computer the post originated from. FAIL. (Feel free to google about national and commercial data retention, especially as it applies to Internet activity.)
Edited by VernonDozier
Perhaps point 2 answers that question?
That would be my guess. But that information is also incredibly useful in dealing with spammers and other less savory types. I can't imagine how difficult those spam attacks under vBulletin would have been without that feature.
Perhaps point 2 answers that question? It's not for anti-spamming purposes? You can get in trouble for getting subpoenaed to provide something, having it, and refusing to provide it, but if you don't even HAVE the IP addresses, how can you get in trouble for not complying with the subpoena?
It's been a very long time, but I am pretty sure that there is some regulation somewhere up the chain (if not the government then the hosting company, etc) that requires us to have some identifiable information (aka IP address) of content submitted and posted on our site. I know that all forum and blogging systems store IP addresses of each post as a non-configurable behavior.
can i delete the question which i asked previously
We have a firm policy of not deleting content unless it violates our rules. I can sometimes delete your question as long as it has not received any replies. Deleting a thread once it has received replies is an insult to the people who took the time to answer.
As far as I know, if you want to preserve content and not leave holes in the conversations, you can just obscure the details of the poster and keep the contents of the post without the username and without the email address. I don't see what makes it so complicated. It has been established on several sites that there is no need to physically delete an account to comply with GDPR, all you have to do is scramble the details so that it can't be linked to a person. That's not rocket science. I haven't looked at the profile to see if allows changing the email address, but if it does, and if the site administration is refusing to delete people's accounts, people can just switch the address to a throwaway and then delete it, effectively locking themselves out. Nowadays many email providers have an option to create temporary email addresses that can be closed down indepently if they start receiving spam. They also show the user who leaked the address. The only problem is it actually requires going out of your way to remember which dummy you used with which site, so people would generally use them only if they're suspecting the site to be leaking the address to spammers.
Her post aimed at criticizing Google for encouraging search result monopoly and replacing DaniWeb with StackOverflow.
Dani Horowitz elaborate what she meant by Google linking to stackoverflow who is linking to the answerers on DaniWeb.