Privacy from third party sites

[CaedemSanguis]

Well, to give you a recent example. To create a list of people supporting the healer strike, and to show exactly how "casual" those are. In an attempt to shame them into silence.

Well, it’s a usefull information in the debate ? Yet still, healers are boring in either casual/hard content

[Rehayem]

I've always found it weird how these websites are automatically opt-in. At least they could've used "anonymous" to hide people who haven't willingly added their character to the website?

[KisaiTenshi]

I've always found it weird how these websites are automatically opt-in. At least they could've used "anonymous" to hide people who haven't willingly added their character to the website?

Then they wouldn't be valuable to advertise RMT trash on it. Right next to ads for Final Fantasy XIV expansions. I wonder if they realize it.

Square Enix could break it so easily just by changing one thing in the netcode but who knows if that's even on their radar.

[Kaurhz]

I've always found it weird how these websites are automatically opt-in. At least they could've used "anonymous" to hide people who haven't willingly added their character to the website?

This is how it should be. I know I went on a small rant yesterday about it (how opt-out isn't really an ideal thing to do in this design), but ideally the whole process should be an opt-in rather than an opt-out, just because there is a stigma in some spheres, and even in general where if you're opting-out of something that is public information (by design, albeit poor design), then it typically only leaves some people to speculate or assume you "Have something to hide".

At least, I personally think that the system being an opt-in by default would reduce this. I did mull on it yesterday a little and it isn't really great that opt-out is the design when there's API support for extracting data.

[aiqa]

This is how it should be. I know I went on a small rant yesterday about it (how opt-out isn't really an ideal thing to do in this design), but ideally the whole process should be an opt-in rather than an opt-out, just because there is a stigma in some spheres, and even in general where if you're opting-out of something that is public information (by design, albeit poor design), then it typically only leaves some people to speculate or assume you "Have something to hide".

At least, I personally think that the system being an opt-in by default would reduce this. I did mull on it yesterday a little and it isn't really great that opt-out is the design when there's API support for extracting data.

Since there isn't a good reasons for the data collection, opt-out is also against EU law. GPDR sets requirements for processing personal data. FFlogs and tomestone are most likely to small to ever get into problems with that, but it's still not a great look.

[Minali]

Since there isn't a good reasons for the data collection, opt-out is also against EU law. GPDR sets requirements for processing personal data. FFlogs and tomestone are most likely to small to ever get into problems with that, but it's still not a great look.

Indeed. I doubt any court would bother with a small fan project for an online game, at least not as long as irl home addresses or actual phone numbers etc. stay out of it at least. However, these laws exist for good reason and it wouldn't hurt if programmers would take a minute to consider these reasons, and if they really want to do a thing that would be straight up illegal if they'd be a huge media company and not just a small group of passionable volunteers. Not because of possible legal repercussions, just because maybe all these politicians and privacy advocates who created these laws in a lengthy process were on to something good.

[CaedemSanguis]

Since there isn't a good reasons for the data collection, opt-out is also against EU law. GPDR sets requirements for processing personal data. FFlogs and tomestone are most likely to small to ever get into problems with that, but it's still not a great look.

Your ingame char is not a «*personal data*»

[aiqa]

Your ingame char is not a «*personal data*»

To preempt a response like that is exactly why I provided the link to the definitions. If you read the definition it explicity includes "online identifier".

Well, it’s a usefull information in the debate ? Yet still, healers are boring in either casual/hard content

Moving goalposts a bit there? First you question why someone would ever look at logs outside of joining a pf/statics. And call everyone that thinks otherwise paranoid. Then there is an example that had nothing to do with joining a pf/static, and is clearly against FF terms of service, and then it's "useful in the debate" (which it isn't).

[Minali]

Your ingame char is not a «*personal data*»

Article 4 GDPR - Defintion:
(1) personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

(source: https://gdpr-info.eu/art-4-gdpr/ )

I'm not a lawyer but "online identifier" sounds about accurate.

[Kaurhz]

Since there isn't a good reasons for the data collection, opt-out is also against EU law. GPDR sets requirements for processing personal data. FFlogs and tomestone are most likely to small to ever get into problems with that, but it's still not a great look.

I don't think GDPR applies in this circumstance.

Firstly because it is reference to an identifiable natural person, and whilst I am a person, nothing about my logs, or anything would attach the data to me as a 'natural person'. From Square Enix' perspective this may be true in that they hold information that would directly tie my character/account to identifiable details, but nothing about my logs does this.

Equally in the case as with GDPR it is not strictly about the data itself but how that data is processed as to whether it would violate GDPR.

It isn't that they are too small for anyone to care, because they absolutely would, it's just the fact that it's not really clear cut