Posts by Doctor Syntax

Re: Not sure I understand

"That is the predicament ICANN are in. Their contract stipulates the registrars must provide contact details of the owner. EU law now forbids that."

They have, as I understand it, a contract with the US authorities that stipulates they impose conditions on registrars. Those conditions, when imposed on EU customers contradict the new EU law. So they can impose the terms on the registrars as per their contract but as the terms are contrary to EU law. At the point where the contract chain hits EU law the term becomes unenforceable.

I can understand that the US authorities with their concepts of global jurisdiction might not like this. However, if they want to keep the Privacy Figleaf in place they need to think very, very carefully about the wisdom of trying to enforce their own contract with ICANN. A graceful way round it would be for them to revise the ICANN contract with words to the effect of "where allowed by local law" slotted in.

At some point the US does need to get off its high horse. Ultimately ICANN's only power is that it runs the root DNS. Would it really be impossible for the ROTW to get together, clone that root and regard the clone as authoritative? And if they did so the US would simply have to follow.

Re: @Doctor

"Secondly, you can't refuse the service if the checkbox isn't ticked."

Why not? There's plenty of businesses where if you don't sign their contract they won't do business with you, what's different in this case?

From the ICO's site:

Consent under the GDPR must be a freely given, specific, informed and unambiguous indication of the individual’s wishes. There must be some form of clear affirmative action – or in other words, a positive opt-in – consent cannot be inferred from silence, pre-ticked boxes or inactivity. Consent must also be separate from other terms and conditions, and you will need to provide simple ways for people to withdraw consent.

I doubt refusing to provide the service if consent isn't given constitutes "freely". Also not "separate from other T&Cs" - again you can sign the contract but refuse consent. I think anyone trying to make consent a condition for providing a service will find themselves answering to the ICO or equivalent in other jurisdictions.

"Not generally speaking - always (I can't think of a single situation where it doesn't)"

If I'd said "always" some smartarse would come up with an exception. But, like you, I can't think of one.

Re: Not sure I understand

"What your registrar is doing is GDPR compliant, but against ICANN rules."

And the latter are unenforceable.

So probably EU-based registrars could have an opt-in tickbox, but if you opt out then they still have to manage your domain but with a private registry entry.

And they couldn't pre-tick the box either.

"Why not, when someone is registering a domain, have a clearly seen notice, notifying the person registering the domain of the following?"

You can but you'd be lining yourself up for a big fine.

"Would it be possible for registrars to make it "opt-in" for making the info public at least in the EU? Or is that option illegal under the new rules?"

It is.

Re: @Doctor

It all boils down to consent. So what would be easier than to add a checkbox in the domain registration process: "I give consent to add my details to the ICANN database"

Firstly, you can't pre-tick the checkbox. Secondly, you can't refuse the service if the checkox isn't ticked. So, although consent would allow the user details to be published, ICANN can't assume that it will be given and that they can enforce that term.

"What worries me though is the potential single point of failure issues and also the possible function creep, if it's not tightly regulated. That's already happened with PPS numbers (equivalent or Social Security / National Insurance) where all of a sudden they're needed for everything from school registration to applying to University etc etc"

That seems to be a problem with the US SSN which is regularly part of the PII lost in data breaches.

"In the UK Sir Humphry would spend six months obscuring the problem."

It would, however, be Sir Humphrey, and not Jim Hacker, who'd be in favour of the ID card in the first place. Hacker would realise it could lose him an election. Sir H would, of course, not have to carry such a demeaning object himself; he'd excuse graduates of both Universities.

Re: Is there any chance

"You do have to identify yourself at times, soon so much easier with that passport of the right and only colour. driving perhaps with some identification too."

What we don't like is the idea of some jobs-worth coming up to us and demanding our identification. It doesn't sit well with our ideas of the assumption of innocence etc. The easiest way to stop that is to ensure that there is no such item that the jobs-worth could demand.

Re: The Azure Edge of Chrome

Rule 3 : there is no Rule 3. Also bring your presentation on OHP acetates and have an OHP projector and spare bulb in the boot of your car. 35mm slides and projector as additional backup for the seriously paranoid and/or experienced.

Re: Chirp

"The PM might have something to say about that."

She's an expert on leadership now?

Re: Twitter should stick to the T&C and ban the orange twerp.

"They will ban you for small idiotic things."

Large idiotic things are OK. Size matters.

" there is nobody on the planet other than the utterly deluded who can consider Trump's account to have been operated within the bounds of the rules Twitter set themselves"

That's a statement to reflect on. I'm sure you're right.

Re: Fake news

"Twitter shouldn't have it so a CS employee can unilaterally delete *anyone's* account under any circumstances. There should be something like a two-step process that requires a supervisor's approval."

Maybe a whole lot of them got together to do it and then blamed someone who was leaving.

Re: Chirp

"Well, he is [leader of the free world]. I understand that that upsets you."

I don't acknowledge him as my leader here in the UK so either he isn't my leader or else he is but I'm not free to choose.

Your statement fails.

Re: Musk, the new Jobs?

"Certainly but it does what it says on the tin."

A voice from way back in the depths of time - a Leitz salesman commenting on a rival's microscopes. "Tin. Good quality but tin.".

Re: Dunce Cap tip

" I'd suggest that it doesn't fill a cynical customer with joy to get a call from a random 07... number stating it's my bank and asking for security information."

The really worrying thing is that they'd only persist with this if the majority of customers responded positively.

Re: Dunce Cap tip

"So, better rip the bottom half inch off your cheques every time you write one then... and NEVER ask people to pay you by bank transfer."

No, I think he has a point.

It's one thing to have that information on a cheque, it's another to combine it with a lot of other personal information such as DoB & employers. Someone intercepting the letter without that might be able to fill in the blanks from other sources but why present the whole lot on a plate?

Re: Dunce Cap tip

HSBC used to do something similar when I had a business account with them. They wanted the amount of a recent transaction for me to prove who I was!

I always told them I didn't believe they were who they said they were because I'd made it clear to my bank that I wouldn't accept such calls without a secure means of identifying themselves. If they were calling without such identification then they couldn't be my bank and I wouldn't even confirm if they'd guessed right. It was always followed up by a letter from them essentially saying how miffed they were that they hadn't been able to talk to me to sell me something.

I suppose I could have replied by giving them some random incorrect amount. Their recognition that it was incorrect would serve to identify them but I didn't particular want to take sales calls from them so why bother?

Re: It's not a problem, it's an opportunity

"Do you mean ExpertSexchange?"

Don't sign me up.

Re: Dunce Cap tip

"How come then does the NatWest server know individual letters of my password when it prompts me for a random selection of them at each login?"

Possibly it created hashes for each of the combinations it might ask you and stored those.

Re: freebie USB sticks

"Yes I do carry that thing in my pocket, thanks for asking, although now that you mention it maybe I should consider an alpinist-rated belt clip (and a properly sturdy utility belt to match)."

It all gets out of hand so quickly...

My alternative is https://www.integralmemory.com/product/courier-usb-flash-drive but its an old & slow one. I see they're doing a USB 3 version now so maybe it's time for a change.

Re: freebie USB sticks

"It boggles my mind that it has taken 20 years to design a hole for the usage of putting string , chain , or keyring through that dosent immediately snap off, losing your memory stick."

It's still wrong. It leaves your keyring dangling from the plugged in memory stick. I don't think supporting a heavy keyring was one of the design requirements for USB.

Re: freebie USB sticks

"But it's main failing is the case is so FAT"

Right there is an example of why you shouldn't go all Bob on us. I was trying to work out why its formatting was a failing.

Re: One of these days...

"In other words: you're a lazy fucker who wants other people to pay so you don't have to deal with your own waste."

Because you're too lazy to quote properly it's impossible to be clear to whom you're replying but let's be clear about this:

We pay council taxes for local councils to provide services. One of the services is collection and disposal of waste. (Others include running local libraries and other such facilities.) Increasingly local councils are abnegating the provision of such services.

Re: One of these days...

"It probably costs you more than £2.50 to drive to the council dumping facility."

At which point you'll be turned away because you fail on one of the numerous terms they've come up with to prevent you using the facility for which you've already paid council tax.

Re: "outsource management of its data centres to Big Blue"

"The senior management never learn, or they are in another world. How people with a previous reputation of messing up still keep on getting top positions"

Two possible, and not mutually exclusive, explanations:

1. They move on on the basis of the projected savings of what they did in the last place.

2. People value people who look like themselves so wankers in management appoint more wankers instead of workers.