Toribash
Original Post
GDPR Compliance.
I think it's slightly troubling that toribash has not become compliant with the EU's General Data Protection Regulations.

Some of the regulations include, but are not limited to:
  1. The right of erasure. All individuals must be granted the "right to be forgotten". All data on an individual must be erased. You have one month to respond to an erasure request.
  2. The right of access. Individuals have the right to access their personal data. You also have a month to respond to such a request.
  3. The right to be informed. You must provide individuals with information including: your purposes for processing their personal data, your retention periods for that personal data, and who it will be shared with.
  4. You must ensure that you have appropriate security measures in place to protect the personal data you hold. which falls nicely in with Dinis' suggestion for HTTPS.
  5. You have a duty to notify the relevant supervisory authority within 72 hours of becoming aware of a breach, and to notify the affected users.

For a more comprehensive guide on GDPR please visit the ICO's website.

Issues I see with these forums becoming compliant:

Seeing that vBulletin version 4.x.x is no longer supported, it is safe to assume that vB3.8.2, the version toribash is currently running, is also unsupported. So my bet is that the easiest way for the forums to become compliant would be updating to vB5.
Further reading: here.
Aimlessly swimming in circumcisions
3 seems more like a statement more than anything, a sticky thread somewhere will probably be the outcome.

Obviously number 4 is more difficult, but the SSL suggestion seems like a good start.

5 should probably have a more efficient system in place, instead of the whole mess with Tbashboii

Considering it's based in Europe, it also doesn't comply with EU data protection laws, more specifically ePrivacy directive's article 5(3) which states that before storing cookies on user's device you're required to receive informed consent. There are currently 29 cookies in use on this webpage and I've never been asked for consent, even if I visit it on different machines for the first time.

It also doesn't comply with distance selling regulations, which state that if any type of goods are sold on the website, it must provide a user with business details (such as contact name, address, etc.). That also falls under other laws, such as Companies Act in UK.
-----
GDPR is just the tip of an iceberg is what I'm trying to say. This website clearly doesn't try to follow rules and regulations
Last edited by Smaguris; Dec 13, 2018 at 03:42 AM. Reason: <24 hour edit/bump
Originally Posted by Kore View Post
3 seems more like a statement more than anything, a sticky thread somewhere will probably be the outcome.

Since afaik toribash doesn't use any user information for the sake of targeted advertisement, a simple outline of cookies should suffice. Along with an updated Privacy Policy.
Originally Posted by Wayne Luke, Technical Support Lead.
vBulletin 4 is end of life and will not be receiving updates for for GDPR compliance. With the software, you can already create custom profile fields and require that they are answered at registration and/or login. You can use the phrase system to update the rules of your site and link to your privacy policy. You can also add a privacy policy under the Site Name / URL / Contact Details section of the site.

In addition to the above, vBulletin 5 is receiving a GDPR compliance sub-system with GEO-Location and Guest compliance support in the next version to be released. The Mobile Apps are also being updated to work with GDPR when used with vBulletin 5.

a little more on why updating to vB5 would be worth while, since anything under is EOL.

Originally Posted by Kore View Post
Obviously number 4 is more difficult, but the SSL suggestion seems like a good start.

I think along with HTTPS implementation, which is free these days with Let's Encrypt, Two Factor Authentication(2FA) could be a good thing to look into. Again AFAIK that comes with vB5.

Originally Posted by Smaguris View Post
It also doesn't comply with distance selling regulations, which state that if any type of goods are sold on the website, it must provide a user with business details (such as contact name, address, etc.). That also falls under other laws, such as Companies Act in UK.

Not entirely sure if it's up to date, but the business details can be found here. and also due to the ToS all tc/items are property of nabi. I wonder if that negates anything? (I wouldn't know since I'm no expert haha)

I believe it would be an unreasonable expectation for tb/nabistudios to be fully compliant with every law. But I do think it could start going in the right direction. With a focus on security and user privacy. Also the ToS could do with a bit more...
Last edited by Tuna; Dec 13, 2018 at 04:01 AM.
Aimlessly swimming in circumcisions
Since there is no response from staff and there's nothing being done about it I've reported this website to ICO. Hopefully something can be done about it then

Kore Moderated Message:
Let's keep things civil and unprovocative please, this is a place for constructive discussion, not threats and condescending comments, any further comments that do not abide by these guidelines will be removed and the poster infracted
Last edited by Kore; Feb 22, 2019 at 05:00 PM.


if you're concerned about that, we can wipe your data. Just contact [email protected]

Also..... TB isn't an EU company, nor is it based in Europe.
ICO is EU related so uh good job on that oversight.
Last edited by Icky; Feb 21, 2019 at 09:02 PM.
Originally Posted by Icky View Post
Also..... TB isn't an EU company, nor is it based in Europe.
ICO is EU related so uh good job on that oversight.

I believe its a situation of Toribash holding information about people who live within the EU rather than being an EU company.

こんにちは、私はデータです。

[SIGPIC][/SIGPIC]
I'd hope not, if the people that are getting angry about how Toribash is supposedly breaking the law for not following either of those things need to probably go read those laws and about Nabi in greater detail.

Toribash not being EU means that they don't have to adhere to all of the ICO, or GDPR.

If that bothers anyone enough to want to really ditch everything here then Email [email protected] saying you want your data wiped. That will get done.
Last edited by Icky; Feb 21, 2019 at 10:37 PM.