Adam BarnettNov 11, 2022

Infosec.Exchange has a wiki (courtesy of @jerry)!
It lives at https://wiki.infosec.exchange and it can be better with your help!

We have the beginning of an FAQ, which aims to to cover all of those "how do I..." questions which come up from time to time in a setting like this: https://wiki.infosec.exchange/faq/start

No need to sign up to view pages. Editor rights are granted on request: https://wiki.infosec.exchange/about/wiki

Show threadReeterNov 11, 2022

@dreadpir8robots @jerry thanks, it's very valuable.

As an Infosec/Mastodon instance, do you think it would be useful to have explanations about how you manage to deal with GPDR with Mastodon (if I am not wrong, there is a lot to do on the admin side about it, and it seems most instance administrators are not fully aware of it)

=> This could be of some help for them, what do you think ?

#RGPD #GPDR #FAQ

Show threadJerry 🦙💝🦙Nov 11, 2022
@Reeter @dreadpir8robots that isn’t a bad idea
Show threadAdam BarnettNov 11, 2022
@jerry @Reeter I wonder if we have anyone who is knowledgeable about c GDPR. I know just enough to know that it is hard-hitting and not something to take lightly but that’s about it. There are several Mastodon GitHub issues on the subject, and most of them end up covered to a GH Discussion which is a sign that the conversation went on and on and on.
Show threadReeter

@dreadpir8robots @jerry yes I also saw that in another thread. Some issues were kicked out without any implementations, that's why I assumed that the GPDR compliance is expected to be dealt with by admins

I guess Mastodon by itself is not GPDR compliant and need something on top of Mastodon for that...

Nov 11, 2022 at 10:16pmWeb
Show threadReeterNov 11, 2022

@dreadpir8robots @jerry actually, all this comes from this message from @aeris, that raises some of the issues that Mastodon may have with the GPDR and that would need to be fixed by any instance administrators, as long as the instance has multiple users ..

https://social.imirhil.fr/@aeris/109316559706610326

aeris 🏳️‍🌈 (@[email protected])

Je vais rigoler à moitié, mais on est d’accord que toutes les instances Mastodon non mono-utilisateur ont un registre de traitement, une privacy policy, un DPO pour les plus grosses, un SIEM sur les outils de modération, et savent que le champ « note » dans les profils utilisateurs est non conforme RGPD ? Entre autre bien sûr… #JDÇJDR

Mastodon
Show threadAdam BarnettNov 12, 2022
@Reeter @jerry @aeris Je ne suis pas bilangue mais je crois que je comprend le pluspart. I think I agree. It’s surely true that the Mastodon devs can’t make instances GDPR-compliant, but they could certainly provide tools to help with compliance. SIEM for moderation? A Data Protection Officer (at a certain size)? This is indeed a thorny issue.
Show threadReeterNov 12, 2022
@dreadpir8robots @jerry @aeris (sorry I was tired last night and I copy the link without translating it... )
Yeah that totally are tough issues to deal with. With the twitter migration, as more and more users will come, #GPDR compliance will become more and more looked at.
That was le point of my initial question. I was thinking that perhaps infosec community would a good one to initiate that kind of work.
Show threadAdam BarnettNov 12, 2022
@Reeter @jerry @aeris I agree but with the caveat that most people (definitely including me) aren’t qualified to give advice on GDPR. There might be a need to pay a lawyer at some point unless someone is willing to put their skills to the test as a qualified volunteer.
Show threadaeris 🏳️‍🌈Nov 12, 2022
@dreadpir8robots @Reeter @jerry My trouble is not really having mastodon compliant, but the behaviour of core dev on this subject, showing they don't care at all about it.
Show threadaeris 🏳️‍🌈Nov 12, 2022
@dreadpir8robots @Reeter @jerry Trouble is Gargron saying IP is not PII, or instances not exchanging PIIs but image & toot. Saying not profit org not covered by GDPR. Or using false legitimate interest to undercover real GDPR violation.
Show threadaeris 🏳️‍🌈Nov 12, 2022
@dreadpir8robots @Reeter @jerry Exactly the same troubles and fights around GDPR compliance we have with GAFAM will come back with Mastodon…