A quick notice about privacy (Re: Our efforts to combat spam)

We sure do have a lot of rules and guidelines threads - find them all here, and please make sure you've read them! Also, community-wide announcements (that aren't major ZDoom News) go here as well.
User avatar
Rachael
Posts: 13368
Joined: Tue Jan 13, 2004 1:31 pm
Preferred Pronouns: She/Her

A quick notice about privacy (Re: Our efforts to combat spam)

Post by Rachael »

In the interest of transparency - this site is now sharing certain user information to third parties for the primary purpose of combating spam. We have deemed that the benefits these tools convey outweigh the potential costs, but some people may feel otherwise and may wish to stop using this site in light of this disclosure - and that is purely up to you, we cannot make that decision for you - we are only giving you the facts about what we share, what we know about how this information can be used and is potentially used, and what you can do to protect yourself.

If you disagree with these data sharing policies, it is advised that you cease usage of the ZDoom forum, or take additional steps to protect yourself.


IP Addresses are shared to StopForumSpam.com

This is facilitated by the use of this phpBB extension, which monitors both user registrations and posts.

The purpose of this data sharing is to capture known spammer robots, in order to prevent them from being able to register or use this website. The third party in question stores this information for the purposes of tracking known spammers; most spammers do not focus on one particular site and this site allows participating forums to act as a global honeypot to catch them. When a spammer passes by too many websites too quickly, they are flagged by that website which causes them to appear multiple times as the same unique person across several websites - when such a match is found they are blacklisted from registering on participating websites for a period of time.

Previously, Usernames and Emails were sent along with the query, but that has since been stopped, now. Only IP addresses are checked.


Your IP address is sent to spamcop.net and spamhaus.org

Same as above, your IP address is sent for verification to these services in order to offer a second and third opinion about the safety of your IP address with regard to how you use it. This is done via DNSBL which is an anonymous lookup via the forum's DNS provider, and little other data is sent to these services other than our hosting location (meaning, they know you visited a site hosted by Linode, but not exactly which one).


Your IP address is sent to Google for the ReCaptcha v3 anti spambot verification task

Google is a known data tracker monolith, and a nefarious one at that - they use this data for the sole purpose of advertising, and offers many "free" services (at the cost of your privacy) in order to make this possible. Unfortunately, in this case, the benefits definitely outweighed the costs for us, and many of us use Google on a daily basis and find it inavoidable due to the number of important services that they offer. You will have to refer to Google's own privacy policy to find out how your information is being used and if you agree with it. Here is a link to it (Keep in mind the link is a first-hand documentation/disclosure, and is therefore subject to self-favorable bias - this is only what they are willing to tell you or they feel they are obligated by law to disclose)


Your IP address, along with referral URL (the page you are visiting from), is sent to third-party hosts to serve images, and will also be sent with links that you click.

This is an important and often overlooked one. Every [img] tag carries a request directly to your browser (which you can block) to reference a third party host to serve images, and also third-party links for downloads. The sites these can point to can be anything, and some can even be nefarious.


Protecting yourself

To protect yourself from IP address tracking, you may consider the uMatrix browser extension for your current browser, and adding uBlock Origin certainly wouldn't hurt. Keep in mind that using these addons to blacklist Google will always cause all ReCaptcha anti-spambot verifications to always fail, which means you will be unable to use this site. If you are really paranoid, you can get a VPN, but be wary as not all VPN providers are trustworthy. Furthermore, many VPN's get abused and will be blacklisted by the services above, so your mileage will definitely vary.

To protect yourself from email address tracking, you can register with a service such as Mailinator or Yahoo, both of whom allow you to create temporary email addresses for the purpose of forum communication. Important Note! Email addresses *must* be accurate and kept up to date in order for account recovery actions to work. If you lose access to your email, you likely will eventually lose access to your account as well. Please keep this in mind when using temporary email addresses.

Your username is also how you identify yourself. If you use the same username across multiple sites, keep in mind that people will have the ability to cross-reference you with the things you have said in the past elsewhere, or even here. By default, any post made on this site is public to everyone to see, unless you are part of special developer groups which allow for private subcommunity coordination. These public posts will appear on search engines, including Google, or Bing, which also use this data for their own purposes, as well. To protect yourself from this, always be mindful of what you share online - anywhere, whether here or elsewhere.

You are always allowed, within reason, to request a username change from us - to do so simply contact the moderator group. Keep in mind that any posts that have referenced your old username will not retroactively update with the username change and will continue to carry your old username, including posts by other people.
User avatar
Graf Zahl
Lead GZDoom+Raze Developer
Lead GZDoom+Raze Developer
Posts: 48834
Joined: Sat Jul 19, 2003 10:19 am
Location: Germany

Re: A quick notice about privacy (Re: Our efforts to combat spam)

Post by Graf Zahl »

I'll be blunt here:

Sending user names along with email addresses to such a service without any previous consent given is an absolute no-go. I will immediately log out of this forum after this post and surely not come back as long as such a policy is in place.

So, if this is how you combat spam, count me out.
User avatar
Rachael
Posts: 13368
Joined: Tue Jan 13, 2004 1:31 pm
Preferred Pronouns: She/Her

Re: A quick notice about privacy (Re: Our efforts to combat spam)

Post by Rachael »

After thinking about it - you're right - I was not thinking fully about the implications of the emails being sent - as much as I want to protect legitimate users, I do not want to harm them in the process (which would make the entire point of it moot, anyhow). I did, however, think that the site would be safe for this kind of information - but then after your post I realized I am not the one who should be making that decision on behalf of everyone else. So - usernames and emails are no longer sent on posts - only IP's.
User avatar
KynikossDragonn
Posts: 272
Joined: Sat Dec 12, 2020 10:59 am
Preferred Pronouns: He/Him
Operating System Version (Optional): Void Linux
Graphics Processor: Intel (Modern GZDoom)
Location: Independence, KS, USA

Re: A quick notice about privacy (Re: Our efforts to combat spam)

Post by KynikossDragonn »

I honestly don't care if people cross-reference my username, at that point I hope they enjoy what ends up coming up!

The only thing I'm worried about with anti-spam is false positives or over aggressive blanketing of IP ranges. I so far haven't managed to get my account banned at VOGONS, but I'd get really disappointed if stuff like that starts happening because someone decides the entire IP range of my ISP is a "bad actor".
Professor Hastig
Posts: 152
Joined: Mon Jan 09, 2023 2:02 am
Graphics Processor: nVidia (Modern GZDoom)

Re: A quick notice about privacy (Re: Our efforts to combat spam)

Post by Professor Hastig »

KynikossDragonn wrote: Tue Feb 21, 2023 9:44 pm I honestly don't care if people cross-reference my username, at that point I hope they enjoy what ends up coming up!
The user name is not the problem, the email address is. I use different user names in different communities to make it harder to track me, but I am forced to use the same emails in different places so I am naturally very protective of my email addresses because they are a far stronger tool for tracking me across websites - and passing this info to a third party without first giving consent is seriously crossing an unacceptable boundary.

Good to see that saner heads prevailed, this might actually have killed this forum.
There's also the legal side of this whole matter. At my daytime job I am also responsible for ensuring that my company's website complies with the GDPR and some of the things we need to do for that may seem ridiculously inane compared to forwarding an email address without having been given consent first.

I also have my doubts that tracking user names and email addresses is even going to help against the spammers. These people surely will use services that allow them to generate a large number of throwaway mail addresses and synthesized user names to get around such filter services.
User avatar
Graf Zahl
Lead GZDoom+Raze Developer
Lead GZDoom+Raze Developer
Posts: 48834
Joined: Sat Jul 19, 2003 10:19 am
Location: Germany

Re: A quick notice about privacy (Re: Our efforts to combat spam)

Post by Graf Zahl »

Rachael wrote: Tue Feb 21, 2023 4:11 pm After thinking about it - you're right - I was not thinking fully about the implications of the emails being sent - as much as I want to protect legitimate users, I do not want to harm them in the process (which would make the entire point of it moot, anyhow). I did, however, think that the site would be safe for this kind of information - but then after your post I realized I am not the one who should be making that decision on behalf of everyone else. So - usernames and emails are no longer sent on posts - only IP's.


Thank you.
User avatar
Kinsie
Posts: 7392
Joined: Fri Oct 22, 2004 9:22 am
Graphics Processor: nVidia with Vulkan support
Location: MAP33

Re: A quick notice about privacy (Re: Our efforts to combat spam)

Post by Kinsie »

Rachael wrote: Tue Feb 21, 2023 4:11 pm After thinking about it - you're right - I was not thinking fully about the implications of the emails being sent - as much as I want to protect legitimate users, I do not want to harm them in the process (which would make the entire point of it moot, anyhow). I did, however, think that the site would be safe for this kind of information - but then after your post I realized I am not the one who should be making that decision on behalf of everyone else. So - usernames and emails are no longer sent on posts - only IP's.
Based off this sentence...
Rachael wrote: Tue Feb 21, 2023 12:44 pm Previously, Usernames and Emails were sent along with the query, but that has since been stopped, now. Only IP addresses are checked.
...the violation of privacy that Graf is concerned about has already happened. So, thanks for that.

Springing these changes (on such a sensitive subject as user privacy) without so much as a day's advance warning - or really, any warning at all outside of the screen-length "IMPORTANT THREADS" list that everyone's trained themselves to scroll past when they hit the forum index - strikes me as poorly thought through at best, and questionably legal at worst.

EDIT: In addition, none of these changes are reflected in the Privacy Policy link at the bottom of the page.
yum13241
Posts: 720
Joined: Mon May 10, 2021 8:08 pm
Preferred Pronouns: He/Him
Operating System Version (Optional): EndeavorOS (basically Arch)
Graphics Processor: Intel with Vulkan/Metal Support

Re: A quick notice about privacy (Re: Our efforts to combat spam)

Post by yum13241 »

I am inclined to agree with Kinsie here.

The Privacy Policy seems like it's just copypasta for every phpBB forum.
The Privacy Policy wrote:
Spoiler:



So I don't think Rachael or Randi wrote it anyhow. Either way, doing stuff like this is NEVER a good idea.


Man, BBCode requires A LOT more characters than Markdown does LMAO.

Return to “Rules and Forum Announcements”