Some of you may have heard about the EU laws regarding the GDPR. We already have very strict privacy policy so there may be a layer or more added.

Although jurisdiction is the United States for this server we are making an effort to incorporate some of the basics provided they do not compromise the integrity of OUJS.

  1. First thing you will notice, so far, is that there is a check box saying you consent to the TOS and Privacy Policy. This is already the case for existing users however to humor the EU law on their end we've added it as a mandatory action.

  2. If you are a GitHub user and are using the webhook you must pay us a visit and login to get that flag set on your account then the webhook will work as usual. If you don't pay us a visit the server will currently reject script updates.

It's simple so far... just check the box when logging in (preferably giving those documents a read too which you should have already done in the first place). Once this happens normal webhook operations will resume.

Apologies for any inconvenience including whatever else might be implemented later to participate.

OUJS Admin

Could I suggest truncating the IP addresses sent to Google Analytics? The benefit of this is that you won't need to worry about responding to requests to coax Google to delete data associated with a specific IP address. While you may lose some precision in your geographic statistics, that level of detail may not be particularly relevant/useful anyway.

You just need to add:

ga('set', 'anonymizeIp', true);

immediately before:

ga('send', 'pageview');

See:

Re: @jscher2000:

Could I suggest truncating the IP addresses sent to Google Analytics?
...
See:

That sounds reasonable to me. This is a @sizzle exclusive thing so I'll have to run it by him. I never see that thing. I usually block it everywhere so I didn't even know this existed. Thanks mate! :)

While you may lose some precision in your geographic statistics, that level of detail may not be particularly relevant/useful anyway.

According to the image it's just one octet which again seems reasonable ... I am eventually going to be interested in how that reacts with IPv6 compatibility but that's probably way down the line.

Just a miscellaneous note regarding this discussion topic. One of the goals of the GDPR is "Vulnerability Assessment".

Since my years here that's just about all I've done. Occasionally there is a new feature put in when I can do it. Same goes with other contributors and collaborators.

The GDPR does not specify exact security requirements, but makes it clear that normal and usual security actions MUST be in place to be in compliance.

We are already doing this continually. Target sites in the EU must comply with this themselves. e.g. if there is an exploit exposed on a particular site it is their responsibility to fix it on their site... not ours. It is a good idea for those sites to accept help, sometimes in private if it merits it rather than publicly, to fix their vulnerabilities just as we do.

As we have "preached" many times before the Terms of Service and Privacy Policy are well formed and are the primary governing factor for most of our actions here. As I briefly stated earlier the integrity of OUJS will be maintained and there will not be any level of intimidation for demands accepted by any agent of the GDPR. Most of the time we don't even know who anyone is unless we're explicitly told and usually verified to the best of ability when needed.