Tresorit is where all my stuff goes. Except photos from my phone, for that I use iCloud backup (not Photo sync - the encrypted full device backup)
My priorities for a solution for this was 1) Privacy 2) Security mostly in terms og availability (reliability) 3) works across the platforms the family uses, 4) do not want to spend any time managing the solution and 5) long term solution
I generally do not trust cloud services so Google Drive, Dropbox et al are not even in the discussion. Tresorit is an exception due to e2e encryption and company location (EU).
Tresorit is ridiculously expensive, and I pay for more iCloud storage. I have just accepted that if I want the priorities above (and esp. not having to managing it myself) I would have to pay for a quality product.
Proton (mail and drive) I would also trust for the same reasons I do Tresorit, and I think it’s less expensive, but it wasn’t around when I picked Tresorit
Edit: a big part of why Tresorit (and iCloud) solves the problem is actually not due to Tresorit, but being disciplined about sticking to only using one product. Sometimes that means not doing something I want if it’s not compatible with Tresorit, or accepting a more involved manual process. Like, MS Office documents I don’t use 365 and the Office storage (one drive), but the offline version of and a folder on disk synced to Tresorit.
You could start be removing all tracking code from your site and code sharing with 3rd parties.
Boom, compliant (in that part) and not even a need for a consent form in the first place.
The you may add a feature to track and share with 3rds, but opt in. The you need the consent but can get it in a privacy friendly way.
Oh, but you “cannot” do this because the ads won’t work and you’ll loose profit? What you dont seem to realise is that this decision is already made for you by EU: with GDPR the eu made the decision that privacy is more important than your profit. You just have to face facts and stop trying to figure a way around it. Yes that means rethinking business models, but I would wager that had people known fully how they were tracked and profiled, they would not have done business with you in the first place thus your ad/tracking based business model was only valid through deception.
I honestly have no idea what you're talking about, which tracking code you want me to remove and in which of my websites you saw ads. I was never part of a company that had an ad/tracking-based business model, and in fact all my work in Zaraz is around making third-party online more transparent and permissions based so that scripts don't just run uncontrollably and that it would be possible to completely block their access to cookies, network etc. Your comment looks like you just came up with a fantasy story and replied to it instead... I mean, me losing profit because my ads won't work? what?
Yep, the thing you wrote about IAB made me think Zaraz did something it doesnt. My bad. My comment was intended for people writing (and using) those horrible consent dialogs.
Edit: why you need to care about demands from IAB I dont know, but you probably have a reason
And knowing what problems should NOT be solved (by tech). Not everything needs a tech solution. There may be many reasons for something not needing a tech solution. The only way you’ll get to learn if a problem needs a tech solution is the use soft skills to talk to not-tech people (often “the business”). Note the not-tech people might think they need tech, or new tech, so you’ll have to figure out by talking to them what the correct thing to do is.
I don’t know how many $$$ I’ve saved companies (as a developer or architect) by challenging them on _if_ they really need shiny new tech thing to solve their problems. Can it be done manually/using existing tools within acceptable time/effort? Can we simply accept not solving the problem? Can we wait with solving the problem?
The thing is, it’s always a tradeoff. If you choose to go do a tech solution to a problem, you are spending resources (people’s time, people’s energy, budget, enduser goodwill, your own focus and bandwidth, etc). And if you are spending resources solving a problem using tech, that did not need to be solved using tech, that means you have less resources to work on other problems that really do need tech solutions.
In general for the “mindset” part of your question I would say learn to figure out the tradeoffs in every decision you make yourself or decision you provide an opinion for. Everything is a tradeoff; doing A means not doing B. You always need to know what tradeoffs are for anything you do.
Edit: Also, always build the simplest possible solution that does not prevent you from improving on it later.
Financial markets/stock markets are pretty regulated. From what I hear there is quite a bit of stocks being traded. Trading even seems to increase over the years.
Yes, I agree completely . This has alwaysbeen my main use of diagrams.
Have you ever used it for purely analytical purposes, and gained something you couldn’t have otherwise?
The readme links to another blog which explains the use case in more detail, but this quote sums it up I think “In a world where everyone's own website is its own OAuth server, it's obviously not practical to have an app developer register API keys at each.”
So, I build some app for Wordpress sites and self-hosters want to use my app against their WP site that they also made into an IDP. Then we get the issue of the app needing to be (pre)registered with the IDP, and set client_id and client_secret in its config.
Okay. I get that. But why on earth are we assuming that a self-hoster who can setup her own IDP cannot also create this app registration herself, and add a client_id/secret to a configfile before starting my app?
> why on earth are we assuming that a self-hoster who can setup her own IDP cannot also create this app registration herself, and add a client_id/secret to a configfile before starting my app?
Excellent question, and it gets into the meat of why I made this in the first place. obligator is the first piece of the puzzle I'm trying to solve to make self-hosting as easy and secure as running an app on your phone. In that world users cannot be expected to pre-register OAuth2 applications. But above and beyond that, registration creates friction that I feel is unnecessary and doesn't add enough additional security (and as mentioned can even reduce security when implemented poorly) for me to want to bother with it myself, so I built a server that doesn't require it.
IANAL but this is clearly not even close to being legal under GDPR. Especially those collecting article 9 stuff (biometrics, genetics, sexual orientation, race, etc).
I think its just a matter of time before someone buys a new car that does this and takes the manufacturer to the EU courts. The argument that concent is given when you buy/use the car will not hold up for one second.
Car manufactors will have to allow you to use the car without collecting anything.
I think you are correct about the article. But I still think a lot of cars on the EU market collects (top much) information. But thats just a guess for sure
Well, you are wrong if OP is based in the EU. Every member state has DPA - Data Protection Authorities that citizens can contact and/or report companies that are voilating. They have the authority to investigate and hand out fines(1), which in GDPR can be rather significant.
That is precisely the point. "Hey guys how can I take down Facebook?" Well you need proof of wrongdoing first, and don't have any. How is writing yet more emails in different words going to help?
I think you totally missed the point. Let me rephrase it: as per the EU legislation, I got a popup in WhatsApp that was saying that I have a right to object to their data collection. I followed those links and got the e-mail above.
They are essentially telling me: "You need to put the right words in your e-mail if you want us to take you seriously, but we are counting on the fact that you don't, and therefore we work around your right to object".
Hence my question here. If somebody found a way to send the right words to WhatsApp and shared them, I could send the exact same e-mail. Or differently, if we could find a "good e-mail" to send and WhatsApp still refused to acknowledge it, then EU-based users could complain to the EU and possibly get the law with them.
One of the roles of the DPA is to investigate and collect formal prof of wrongdoing. So no, you do not need proof og wrongdoing, you just need enough to get the DPA to investigate. For example, a fundamental priciple of gdpr is that of data minimization; a data controller must do whatever they can do minimize the data they collect and process. Another fundamental right is the right of access, meaning the right to get told all the data a data controller is collecting and processing about tje subject.
Say WhatsApp list the data they collect, and say that list is very long. Then I dont think it would be difficult to argue [to the DPA] that WhatsApp is breaking the principle of minimization. Perhaps enough to start an investigation.
There are a bit more to it than that, lile ligitimate interests etc, but on the other hand gdpr has many more priciples and fundamental rights for companies to break
Just visited two nights this summer (from Denmark), and I must say it is a very nice place to visit either for a daytrip or weekend getaway. The Hven distrillery is worth a visit either for the resturant it self or for the tour of the distillery tour combined with a dinner!
I went with my wife several years ago and it is just the absolute coziest place to rent a tandem bike and ride around the island. A memory that will stay with me for a long time
