Security Questions - Printable Version +- MNF Club Forums (https://www.mnfclub.com/forum) +-- Forum: Forums (https://www.mnfclub.com/forum/forumdisplay.php?fid=1) +--- Forum: Feedback, Miscellaneous & Help (https://www.mnfclub.com/forum/forumdisplay.php?fid=4) +--- Thread: Security Questions (/showthread.php?tid=1748) Pages:
1
2
|
RE: Security Questions - Amberlicious - 07-25-2018 How difficult would it be to simply add a Google Captcha to the registration form?? All those manual questions are relatively easy for bots to bypass. Add a Google reCaptcha2 and you stop 99% of fake accounts. For those who don't know what I'm talking about this is the 'I'm not a robot' checkbox that then takes you to things like 'Select all squares with street signs or car or busses or store fronts; and so forth Just to follow up I found this: https://docs.mybb.com/1.8/administration/spam/ From the official documentation of the forum (link above): "CAPTCHA Images for Registration & Posting In Admin CP > Configuration > General Configuration, a visual CAPTCHA challenge can be configured from a variety of options.
RE: Security Questions - Emmie - 07-25-2018 I will definbitely take a look at the recaptcha option, it is built into the forum as an option. The main issue would be that google will collect information via that, which means we'd have to do a whole concent thing for legal reasons, especially for EU particiapants thanks to the GDPR. And I am NOT qualified to deal with the legal aspects of that. I'll still bring it up with the devs though, and see if they are working out the kinks in the game, perhaps they can do that for the forum as well. RE: Security Questions - Amberlicious - 07-25-2018 Hi Emmie, will all due respect, Google can see anything we post here anyway and this has noting to do with GDPR. A captcha is a basic thing without any legal implications. It is not that we are using a Google platform or tool to collect and keep people's information and payment details. This is just a free public forum. I'm only pressing for this, because I know it is a very easy and simple feature to implement that will free a lot of time for all the mods to focus on their job which is to "moderate" de forum and not to search and delete bot users and spamming messages. Obviously I don't know how much control of the forum you and the forum mods have, but this implementation doesn't require any development at all. I'm happy to be contacted by the "devs" to discuss the possibilities on this and other features in tech lingo if it would be beneficial. RE: Security Questions - Alexa_Darkness - 07-25-2018 (07-25-2018, 11:12 AM)Amberlicious Wrote: Hi Emmie, will all due respect, Google can see anything we post here anyway and this has noting to do with GDPR. A captcha is a basic thing without any legal implications. It is not that we are using a Google platform or tool to collect and keep people's information and payment details. This is just a free public forum. In response to Amberlicious… these are the Google & Bing search results.. And even Emmie is mentioned RE: Security Questions - Emmie - 07-25-2018 I will just quote google themselves. "You acknowledge and understand that the reCAPTCHA API works by collecting hardware and software information, such as device and application data, and sending these data to Google for analysis. The information collected in connection with your use of the service will be used for improving reCAPTCHA and for general security purposes. It will not be used for personalized advertising by Google. Pursuant to Section 3(d) of the Google APIs Terms of Service, you agree that if you use the APIs that it is your responsibility to provide any necessary notices or consents for the collection and sharing of this data with Google. For users in the European Union, you and your API Client(s) must comply with the EU User Consent Policy currently located at http://www.google.com/about/company/user-consent-policy.html." And "EU user consent policy If your agreement with Google incorporates this policy, or you otherwise use a Google product that incorporates this policy, you must ensure that certain disclosures are given to, and consents obtained from, end users in the European Economic Area. If you fail to comply with this policy, we may limit or suspend your use of the Google product and/or terminate your agreement. Properties under your control For Google products used on any site, app or other property that is under your control, or that of your affiliate or your client, the following duties apply for end users in the European Economic Area. You must obtain end users’ legally valid consent to: the use of cookies or other local storage where legally required; and the collection, sharing, and use of personal data for personalization of ads. When seeking consent you must: retain records of consent given by end users; and provide end users with clear instructions for revocation of consent. You must clearly identify each party that may collect, receive, or use end users’ personal data as a consequence of your use of a Google product. You must also provide end users with prominent and easily accessible information about that party’s use of end users’ personal data. Properties under a third party's control If personal data of end users of a third party property is shared with Google due to your use of, or integration with, a Google product, then you must use commercially reasonable efforts to ensure the operator of the third party property complies with the above duties. A third party property is a site, app or other property that is not under your, your affiliate's or your client's control and whose operator is not already using a Google product that incorporates this policy." And the reason it looks like this is because of the GDPR, that much I know. What I don't know is exactly what would be expected of us when we implement it and to what extent. Which is why I prefer the devs to make the choice on it. I'm no expert for sure, but that's also why I don't wanna dive into things before I know what it entails. RE: Security Questions - Amberlicious - 07-25-2018 Ok, I bow in respect of your dedication and great level of compliance. But I think my point still stands. We are not talking about the game login, but of a public forum that does not collect any form of payment whatsoever. The search engines results are just obvious it is a public forum open to all including Google. The Forum isn't restricted to members only and will show in any search. As per the GDPR, I stand corrected and agree with Emmie in letting the owners of the game decide what to do. Just for my clarification, are the devs and the owners the same people?? To me devs are that: tech developers that code the game and owners are responsible for policy, marketing, lawyers and profit. RE: Security Questions - Amberlicious - 07-26-2018 Sorry to double post, but I got a little curious to know if Google reCaptcha is GDPR compliant or not. A simple google search (hic) with "Is Google reCaptcha GDPR compliant?" doesn't result much. I have also used my Google dev login to search in the big G documentations and found absolutely no direct mention of GDPR. This is a big deal as Google collects information from each and every public search in its public engine and lets not get started with gmail and other products. After some further searches and a lot of reading I found this discussion: https://law.stackexchange.com/questions/27908/gdpr-recaptcha-with-users-consent The whole link is interesting, but this answer stands out: Quote:Quote:“From your perspective you should not worry about asking permission to use reCaptcha as it is not you who is processing the data it is google and any GDPR compliance falls on them.“ I just hope that whoever has the power to make decision on this and other issues like payment, doesn't simple take the easy way out and put it on the bill of the mods who are actually volunteers and doing a great job out of their own kindness. RE: Security Questions - Emmie - 07-26-2018 Right, there are two developers for MNF, Vadim and Serega. They started this thing together, so there's no publisher or such. And I have forwarded the recaptcha registration page to Vadim. I'll let him have a look at it, and see what he thinks. As far as implementing recaptcha into our own registering process goes, it looks quite easy. But I am hesistant to do it when my knowledge of it is so limited. On a side note, I went on several different sites that use recaptcha, and I didn't even get to see a single word of a privacy policy or such. So might be I'm worried for nothing, but better safe than sorry in this situation. RE: Security Questions - Amberlicious - 07-26-2018 Hi Emmie Thanks very much for explaining the structure of MnF and I now wonder who is the ActionScript guru - In the old days of Flash i use to develop websites in ActionScript too - it was fun! You are absolutely right and I agree with you 100%. This isn't any of us call to make. If something goes wrong from the legal perspective, they are responsible for it and not us. It is their call to make. Technically, it is dead easy to install it and I'm more than happy to help you if you need any. RE: Security Questions - Emmie - 07-26-2018 More in-depth on the developers of MNF Club, Serega is the one that does most, if not all animations and art. And Vadim is in charge of all things related to the servers. I don't wanna say for sure, but that's how I've understood it from talking with Vadim. One of these days, I'll ask him some more, and perhaps be able to share a more accurate picture of who deals with what. |