Hello Peter, All, Just have added link to privacy policy to register dialog (available at upcoming build, will update demo ASAP)
Would appreciate is *Native English Speaker* can help with English privacy statement I'll try to create one based on this [1], but I would strongly prefer to get help with this task @Daniel, maybe you can help? According to restoration of deleted user, I'll try to invent something .... (don't like the idea of adding additional "purged" flag) [1] https://help.github.com/articles/github-privacy-statement/ On Thu, Apr 26, 2018 at 7:12 PM, Peter Dähn <[email protected]> wrote: > Hi Maxim, > > I've tested the current state. Seems to be done so far. One little thing I > hope... When I choose a purged user I have the possibility (button) to > restore that account. Db will be set deleted false... Doesn't make sense, I > think. > > Purge themselves is a way to disagree (I didn't see it till now...), I > think. But a few more clicks are needed to get to that point... But I think > this is ok as long as nobody complain about it. This function need to be > described in the privacy policy. I hope thats it... > > Almost all done? Maybe someone else could also test this. > > Do you mean the a sample privacy policy here? *"And maybe you can provide > sample "personal data agreement" text?"* > > I think at least for english... This is a task for a native speaker... In > UK they also need to be compliant with GDPR. Maybe someone from there could > provide some text. > > Greetings Peter > > > Am 26.04.2018 um 12:04 schrieb Maxim Solodovnik: > > As per current implementation users can purge themselves > This can't be undone .... > > Is this "a way to disagree" ? > > On Thu, Apr 26, 2018 at 2:35 PM, Peter Dähn <[email protected]> wrote: > >> Hi Maxim, >> >> I will test it during the day.... >> >> Yes you are right... This need to be done during registration. checkbox >> and link to the privacy policy that need to be placed somewhere. >> >> Agreement for data processing need to be double opt-in. Most likely via >> E-Mail. I think an e-mail template that could be changed easily is the most >> flexible way. >> >> And there should a way to disagree further data-processing. "The way to >> disagree need to be as easy as the way to agree"... My understanding: that >> would be our "soft delete"... If this is used, there should be a way for >> the user to reactivate this account. E.g. check registration e-mail and if >> it is soft deleted the registration confirm e-mail could have the option to >> reactivate the old account or generate a new one >> >> Back later, when I've tested current build >> Greetings Peter >> >> >> >> Am 26.04.2018 um 08:09 schrieb Maxim Solodovnik: >> >> All your comments should be addressed in latest build available >> >> Could you please re-check? >> >> This question was not answered ..... >> >> Additional question: >> "Registration-Dialog need to have a button/step to agree the data >> processing. And to this belongs a button to disagree." >> >> I guess user should be able to register only if he/she agree to data >> processing >> Registration should be impossible if user disagree >> So I guess having following controls at registration dialog would be >> sufficient: >> >> 1) "I agree my data will be processed" checkbox >> 2) "display agreement" button >> >> would it be OK? >> >> On Wed, Apr 25, 2018 at 6:16 PM, Maxim Solodovnik <[email protected]> >> wrote: >> >>> These errors seems to be caused by code changes after testing :( >>> I'll double-check it >>> >>> IP addresses are cleaned up by periodic job. >>> Will also add clean by purge >>> Thanks for checking! >>> >>> WBR, Maxim >>> (from mobile, sorry for the typos) >>> >>> On Wed, Apr 25, 2018, 17:33 Peter Dähn <[email protected]> wrote: >>> >>>> Hi Maxim, >>>> >>>> first test... >>>> >>>> purge confirmation dialogue should be different from delete... >>>> >>>> >>>> >>>> maybe "Do you really want to purge this item? This can't be undone!" >>>> Something like that... >>>> >>>> After purge I got an 500 internal error page... >>>> >>>> openmeetings.log: >>>> >>>> *ERROR 04-25 12:05:13.708 o.a.w.DefaultExceptionMapper:170 >>>> [nio-5080-exec-3] - Unexpected error occurred* >>>> *java.lang.NullPointerException: zoneId* >>>> * at java.util.Objects.requireNonNull(Objects.java:228)* >>>> * at java.time.ZoneId.of(ZoneId.java:311)* >>>> * at >>>> org.apache.openmeetings.util.CalendarHelper.getZoneId(CalendarHelper.java:30)* >>>> * at >>>> org.apache.openmeetings.util.CalendarHelper.getZoneDateTime(CalendarHelper.java:43)* >>>> * at >>>> org.apache.openmeetings.util.CalendarHelper.getDate(CalendarHelper.java:47)* >>>> * at org.apache.openmeetings.web.co >>>> <http://org.apache.openmeetings.web.co>mmon.GeneralUserForm.updateModelObject(GeneralUserForm.java:173)* >>>> * at org.apache.openmeetings.web.ad >>>> <http://org.apache.openmeetings.web.ad>min.users.UserForm.onModelChanged(UserForm.java:198)* >>>> * at org.apache.wicket.Component.mo >>>> <http://org.apache.wicket.Component.mo>delChanged(Component.java:2143)* >>>> * at org.apache.wicket.Component.se >>>> <http://org.apache.wicket.Component.se>tDefaultModelObject(Component.java:3026)* >>>> * at >>>> org.apache.wicket.IGenericComponent.setModelObject(IGenericComponent.java:81)* >>>> * at org.apache.openmeetings.web.ad >>>> <http://org.apache.openmeetings.web.ad>min.users.UserForm.updateForm(UserForm.java:266)* >>>> * at org.apache.openmeetings.web.ad >>>> <http://org.apache.openmeetings.web.ad>min.users.UserForm.purgeUser(UserForm.java:240)* >>>> * at org.apache.openmeetings.web.ad >>>> <http://org.apache.openmeetings.web.ad>min.users.UserForm.onPurgeSubmit(UserForm.java:214)* >>>> * at org.apache.openmeetings.web.ad >>>> <http://org.apache.openmeetings.web.ad>min.AdminBaseForm$1.onPurgeSubmit(AdminBaseForm.java:75)* >>>> * at org.apache.openmeetings.web.co >>>> <http://org.apache.openmeetings.web.co>mmon.FormActionsPanel$3.onSubmit(FormActionsPanel.java:93)* >>>> * at org.apache.openmeetings.web.co >>>> <http://org.apache.openmeetings.web.co>mmon.ConfirmableAjaxBorder.lambda$new$5f39bb3f$1(ConfirmableAjaxBorder.java:74)* >>>> * at org.apache.openmeetings.web.co >>>> <http://org.apache.openmeetings.web.co>mmon.ConfirmableAjaxBorder$ConfirmableBorderDialog.onSubmit(ConfirmableAjaxBorder.java:196)* >>>> * at >>>> com.googlecode.wicket.jquery.ui.widget.dialog.AbstractFormDialog$DialogFormSubmitter.onSubmit(AbstractFormDialog.java:294)* >>>> * at >>>> org.apache.wicket.markup.html.form.Form.delegateSubmit(Form.java:1268)* >>>> * at org.apache.wicket.markup.html.form.Form.process(Form.java:963)* >>>> * at >>>> org.apache.wicket.markup.html.form.Form.onFormSubmitted(Form.java:787)* >>>> * at >>>> com.googlecode.wicket.jquery.ui.widget.dialog.AbstractFormDialog.internalOnClick(AbstractFormDialog.java:215)* >>>> * at >>>> com.googlecode.wicket.jquery.ui.widget.dialog.AbstractDialog$1.onClick(AbstractDialog.java:413)* >>>> * at >>>> com.googlecode.wicket.jquery.ui.widget.dialog.DialogBehavior.onAjax(DialogBehavior.java:188)* >>>> * at com.googlecode.wicket.jquery.core.ajax.JQueryAjaxBehavior.re >>>> <http://ore.ajax.JQueryAjaxBehavior.re>spond(JQueryAjaxBehavior.java:173)* >>>> * at >>>> org.apache.wicket.ajax.AbstractDefaultAjaxBehavior.onRequest(AbstractDefaultAjaxBehavior.java:598)* >>>> * at >>>> org.apache.wicket.core.request.handler.ListenerRequestHandler.internalInvoke(ListenerRequestHandler.java:306)* >>>> * at >>>> org.apache.wicket.core.request.handler.ListenerRequestHandler.invoke(ListenerRequestHandler.java:280)* >>>> * at >>>> org.apache.wicket.core.request.handler.ListenerRequestHandler.invokeListener(ListenerRequestHandler.java:222)* >>>> * at >>>> org.apache.wicket.core.request.handler.ListenerRequestHandler.respond(ListenerRequestHandler.java:208)* >>>> * at >>>> org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:912)* >>>> * at >>>> org.apache.wicket.request.RequestHandlerExecutor.execute(RequestHandlerExecutor.java:65)* >>>> * at >>>> org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:283)* >>>> * at >>>> org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:253)* >>>> * at >>>> org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:221)* >>>> * at org.apache.wicket.protocol.ws >>>> <http://org.apache.wicket.protocol.ws>.AbstractUpgradeFilter.processRequestCycle(AbstractUpgradeFilter.java:70)* >>>> * at >>>> org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:204)* >>>> * at >>>> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:286)* >>>> * at >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)* >>>> * at >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)* >>>> * at >>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)* >>>> * at >>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)* >>>> * at >>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:611)* >>>> * at >>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)* >>>> * at >>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)* >>>> * at >>>> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:651)* >>>> * at >>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)* >>>> * at >>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)* >>>> * at >>>> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:407)* >>>> * at >>>> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)* >>>> * at >>>> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:754)* >>>> * at org.apache.tomcat.util.net >>>> <http://org.apache.tomcat.util.net>.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1376)* >>>> * at org.apache.tomcat.util.net >>>> <http://org.apache.tomcat.util.net>.SocketProcessorBase.run(SocketProcessorBase.java:49)* >>>> * at >>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)* >>>> * at >>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)* >>>> * at >>>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)* >>>> * at java.lang.Thread.run(Thread.java:745)* >>>> >>>> this error is also shown after choosing a purged user. Set time_zone >>>> manually in db fixed it. >>>> time_zone seems to be deleted while purging and then it causes the >>>> error. >>>> >>>> om_user-table will be handled correctly. >>>> conference_log preserves the ip-address >>>> address-table preserves the address >>>> chat-table preserves from_name >>>> >>>> Did I miss something? >>>> >>>> >>>> Am 25.04.2018 um 09:00 schrieb Peter Dähn: >>>> >>>> Good morning Maxim, >>>> >>>> I was alone in the office these days... unfortunatly there were no time >>>> left... But I red right in the moment the RUNNING.txt... all a bit >>>> different... ;-) >>>> >>>> I'm going to text it now... give me a bit time... ;-) >>>> >>>> Am 25.04.2018 um 04:41 schrieb Maxim Solodovnik: >>>> >>>> Good morning Peter :) >>>> >>>> were you able to take a look at this issue? >>>> >>>> On Mon, Apr 23, 2018 at 2:37 PM, Peter Dähn <[email protected]> >>>> <[email protected]> wrote: >>>> >>>> Hi Maxim, >>>> >>>> I will have a look right now. >>>> >>>> Greetings Peter >>>> >>>> >>>> Am 21.04.2018 um 18:17 schrieb Maxim Solodovnik: >>>> >>>> Hello Peter, >>>> >>>> this is partially implemented >>>> Could you please test current implementation using latest nightly >>>> build? >>>> >>>> And maybe you can provide sample "personal data agreement" text? >>>> >>>> On Wed, Apr 11, 2018 at 6:38 PM, Peter Dähn <[email protected]> >>>> <[email protected]> wrote: >>>> >>>> I try... ;-) >>>> >>>> >>>> Am 11.04.2018 um 13:11 schrieb Maxim Solodovnik: >>>> >>>> Will write it as a requirement, will see what can be done here >>>> Thanks a lot for the quick answers! >>>> >>>> On Wed, Apr 11, 2018 at 5:34 PM, Peter Dähn <[email protected]> >>>> <[email protected]> wrote: >>>> >>>> ip-address is now a private date... it have to be at least anonymised >>>> after 7 (maybe 14 days)... ipv4 addresses delete last 8 recommended 16 >>>> bit >>>> (192.168.123.0 or 192.168.0.0) and ipv6 preserve first 48 -8 or better >>>> 16 >>>> Bit (2a00:1234:56:: or 2a00:1234::) Maybe this could be done automated >>>> after >>>> 7 Days? >>>> >>>> Greetings Peter >>>> >>>> Am 11.04.2018 um 09:31 schrieb Maxim Solodovnik: >>>> >>>> According "Hash algorithm" I planned to use random UUID >>>> so All fields will look like this: >>>> "Purged_54cd4426-1c0a-4ab8-bb35-eb6d26da99cf" >>>> >>>> Are you sure IP should be cleaned-up? There will be no chance to >>>> "restore" >>>> who was this user ..... >>>> >>>> On Wed, Apr 11, 2018 at 2:18 PM, Peter Dähn <[email protected]> >>>> <[email protected]> wrote: >>>> >>>> Hi Maxim, >>>> >>>> I think this list is complete and you are right, this is a lot of >>>> stuff. >>>> >>>> The option that you suggest sound much more feasible. From my point of >>>> few this should be enough. >>>> >>>> Hash algorithm need to be state of the art. IP-address in ConferenceLog >>>> need to be cleaned. >>>> >>>> I think this is a good way. >>>> >>>> Btw... is there is a way/setting to anonymize IP-adresses while >>>> logging? >>>> Otherwise I need to write a script to do so. Maybe I need to do it >>>> anyway to >>>> kick out usernames. Logfiles need to be delete after 7 (maybe 14) days >>>> or >>>> they need to be without any userdata. >>>> >>>> Greetings Peter >>>> >>>> >>>> Am 11.04.2018 um 06:43 schrieb Maxim Solodovnik: >>>> >>>> Hello Peter, >>>> >>>> Here is the high level list of what need to done to "hard delete" user >>>> from the system: >>>> >>>> delete user >>>> delete all user contacts (also users, so we might have recursion here) >>>> delete user from all groups >>>> delete user from room moderators >>>> delete all appointments with owner == user >>>> delete all calendars with owner == user >>>> delete all meeting members in appointments where owner != user >>>> delete all Private Messages where user is in to/from fields >>>> delete all UserContact + Requests >>>> delete all invitation sent by this user >>>> delete all private rooms owned by this user >>>> delete all user private files/recordings >>>> delete all chat messages send/received by this user >>>> clean email messages >>>> clean all Polls/answers >>>> >>>> >>>> This list scares me a lot :((( >>>> >>>> So let's discuss the option: "Mark user deleted and clean-up sensitive >>>> information" >>>> >>>> What I would propose: >>>> >>>> In Admin->User area >>>> >>>> display all users (deleted should be "read-only" with restore and purge >>>> options only) >>>> add additional "Purge" button >>>> In case Purge will be selected: >>>> >>>> User will be marked deleted >>>> AsteriskSipUser and Address will be replaced with empty objects >>>> User fields "age, externaluserid, firstname, lastname, login, >>>> pictureuri" >>>> will be replaced with "Purged_some_hash" >>>> User profile picture will be deleted >>>> ChatMessage: fromName will be replaced with "Purged User" >>>> MailMessage: should be purged (some search by email will be required) >>>> >>>> ConferenceLog right now contains userId+UserIp right now, so it is 2 >>>> numbers should it be cleaned up? >>>> >>>> SOAPLogin contains clientURL and doesn't contains userId, so it is >>>> impossible to associate SoapLogin object with particular user >>>> >>>> >>>> Would it be enough? >>>> >>>> >>>> On Fri, Apr 6, 2018 at 4:21 PM, Peter Dähn <[email protected]> >>>> <[email protected]> wrote: >>>> >>>> Hi Maxim, >>>> >>>> hard delete as only option would be the easiest way (for the admin). >>>> One >>>> doesn't need to remind "hard delete" at a given time... I think it >>>> need to >>>> be implemented anyway. I thought just the ones that doesn't need to >>>> take >>>> care about these regulation could keep things as they are now... >>>> >>>> Greetings Peter >>>> >>>> >>>> Am 06.04.2018 um 10:09 schrieb Maxim Solodovnik: >>>> >>>> I'm afraid there will be no option to "final delete one record" >>>> It will be: perform total clean-up and hard delete all soft deleted >>>> records >>>> >>>> Or better to perform: hard delete as the only option? >>>> >>>> On Fri, Apr 6, 2018 at 2:44 PM, Peter Dähn <[email protected]> >>>> <[email protected]> wrote: >>>> >>>> Hi Maxim, >>>> >>>> "soft" and "final delete" should be enough I think... >>>> >>>> It just need to be "findable" and described for new admins that >>>> provide the >>>> service in the EU... >>>> >>>> jira in a second... >>>> >>>> Greetings Peter >>>> >>>> >>>> Am 05.04.2018 um 17:47 schrieb Maxim Solodovnik: >>>> >>>> Hello Peter, >>>> >>>> This sounds like lots of new testing :( >>>> Will try to find time and include it in 4.0.3/4.0.4 >>>> >>>> (have very limited time right now :( ) >>>> Will appreciated any help with testing >>>> >>>> Would it be OK to perform "final delete" in clean-up widget? i.e. >>>> delete will be "soft delete", then in if will push "Clean-up" all >>>> soft >>>> deleted data will be hard deleted ... >>>> Or it doesn't worth to have both? only hard delete will be enough? >>>> >>>> On Thu, Apr 5, 2018 at 5:55 PM, Peter Dähn <[email protected]> >>>> <[email protected]> wrote: >>>> >>>> Hey there, >>>> >>>> new privacy regulations will take place on the 25th May 2018 in >>>> Europe. >>>> You >>>> could find informations about it by searching for General Data >>>> Protection >>>> Regulation (EU) 2016/679. >>>> >>>> To use openmeetings after the 25th of May (in Europe) there need >>>> to >>>> be a >>>> few >>>> changes. We use openmeetings integrated. So I will mainly be >>>> focused >>>> on >>>> the >>>> room. >>>> >>>> I have 3 points that are really necessary: >>>> >>>> 1. User deletion: Datasets of users that will be deleted need to >>>> be >>>> remove >>>> from the database, not just marked as deleted. Probably it is >>>> enough >>>> to >>>> hash >>>> those fields. >>>> >>>> I think critical fields are in table: >>>> >>>> om_user -> age, externaluserid, firstname, lastname, >>>> login, >>>> pictureuri (and picture itself) and sip_user_id >>>> >>>> conferencelog -> email, external_user_id, firstname, >>>> lastname, >>>> user_id, userip >>>> >>>> soaplogin -> client_url (contains the ip-address) >>>> >>>> sipusers (here empty so please check) -> >>>> defaultuser, >>>> host, >>>> ipaddr, name >>>> >>>> address -> email, fax, phone >>>> >>>> chat -> from_name >>>> >>>> e-mail_queue (if not empty) -> recipients, replyto >>>> >>>> 2. There need to be a place to place a (customized) privacy >>>> policy. >>>> >>>> 3. Registration-Dialog need to have a button/step to agree the >>>> data >>>> processing. And to this belongs a button to disagree. >>>> >>>> >>>> As far as I can see this need to be done in the first place. I'm >>>> sure >>>> there >>>> are more things to do. Maybe someone can complete it. >>>> >>>> >>>> Greetings Peter >>>> >>>> >>>> >>>> >>>> -- >>>> WBR >>>> Maxim aka solomax >>>> >>>> >>>> >>>> >>>> -- >>>> WBR >>>> Maxim aka solomax >>>> >>>> >>>> >>>> >>>> -- >>>> WBR >>>> Maxim aka solomax >>>> >>>> >>>> >>>> >>>> >>>> >>>> >> >> >> -- >> WBR >> Maxim aka solomax >> >> > > > -- > WBR > Maxim aka solomax > > -- WBR Maxim aka solomax
