How does the course-swapping site work? Is there some part that requires users to enter their credentials (email, password) on a web site that is not operated by the university? Is there some part that saves an access token or a refresh token in other place than the web browser?
Is some OAuth2 authentication flow involved so that the university has registered the application and assigned a client id and return URI?
I think the university might have valid security concerns if the application somehow accesses student accounts without valid OAuth2 authorization flow (or equivalent).
Entering login credentials for university on a third-party site is probably forbidden by terms of service for the university site.
I would like to know more about those insurances, have they bought new ones? If so, are those really going to cover anything at all they would like to be covered? If there has been negligence, breach of duty or breach of trust in the past, why would a new insurance cover those?
And remember - the people asking for estimates want the estimates right now. I could give you an amazingly accurate estimate of how long a software project will take - it just might take me longer to produce the estimate than it will to produce the software.
I didn't sign a work contract because it was written in English and there was no translation available, especially since it contained a non-standard clause related to intellectual property rights. All communication before signing the contract had been in my native language.
In the 3.9 release notes it says "Aliases to Abstract Base Classes in the collections module, like collections.Mapping alias to collections.abc.Mapping, are kept for one last release for backward compatibility. They will be removed from Python 3.10" but the 3.10 release notes don't really mention it. Apparently it's been emitting a DeprecationWarning since Python 3.3 (2012), but still... I like to have things "just work" even if I return to them after 5 or 10 years.
Google provides two alternatives for age verification, a credit card payment and sending an electronic copy of a valid government issued ID.
This explanation seems to be quite terse, "If you use a credit card, any temporary authorization will be fully refunded. If you use an ID, Google will delete the image after verifying your age."
Both methods would require me to provide them (or some other entity) new personal data. In the case of credit card payment, credit card number (and thus what bank I am using, maybe also what kind of card I have) and my home address.
My government issued ID has also other information like a photo of me, my signature, social security number, all my given names and card number. I wonder if they would accept an electronic copy that would have all those covered.
2-step verification can be turned on by going to https://myaccount.google.com/ and selecting security and then "Signing in to Google". The "2-step verification" finally leads to the point where phone number is asked for enabling SMS based verification. Only after enabling SMS based verification it is possible to enable Authenticator App (TOTP) or some other options.
At least I couldn't find other way to enable TOTP i.e. first SMS.
I'm assuming you are a consumer since consumer protection organisations were mentioned.
I would start by sending a GDPR subject data request for any personal data they have. There is a definite time limit for the response time. In case of inaccurate data, then there is right to rectification.
If there is no appropriate receipt for the 1200 EUR charge showing value added taxes charged I would ask for the receipt. Some tax agency might be interested if there is no such receipt.
Is some OAuth2 authentication flow involved so that the university has registered the application and assigned a client id and return URI?
I think the university might have valid security concerns if the application somehow accesses student accounts without valid OAuth2 authorization flow (or equivalent).
Entering login credentials for university on a third-party site is probably forbidden by terms of service for the university site.
reply