As always, it is worth nothing that these things are being conducted by individuals who have had a falling out with the general matrix community for a number of reasons and have since worked on a generally hostile fork. It is in their best interest to make these documents as damaging for matrix and matrix.org as possible.
That won't change any facts, which I can't comment on the validity of, but it's important to keep this context in mind while reading these and any future documents.
Thank you for bringing our "failing out", which has an impact on the Personal Data leak itself, so I really hope people will look into it.
As for "with the general matrix community", I believe the amount of projects and people we talk to, and still are in rooms with (which are public) will be the proof of that.
I hope you'll enjoy the read, since we believe this is not the first data leak of this kind and that your personal data might very well have been leaked if you're a Matrix user.
What was the point of redacting the name of the operator in Annex A "for privacy" and then linking to a blog post that clearly states the author's name saying "the same operator made this blog post while we were talking"?
Because our document could be collected and processed illegally under GDPR. That the operator makes the conscious choice to have their name listed on their own organisation's website they are from is their own choice. Their organisation is processing their data, not us. They have the right to object to that, and the right to erasure of their personal data if having their name is listed.
They were not given the choice to be part of our publication and therefore, we have no lawful basis to use their name since 1) they did not give us consent and 2) they would not have understood (we didn't say) nor expect (it was a private chat) that we will use their personal data - making Legitimate Interest not possible.
The only way we could be GDPR compliant for being Accountable and not break a lawful basis was to not use their name but the name of their role under their obligations towards us, and linking to the blog post instead (Accountability of what we claim).
Still doesn't seem necessary to point out that it was the same person writing the blog post, could have just said New Vector released this blog post around the same time. Just seems underhanded, but that isn't much surprise coming from someone with a clear vendetta against NV because you want people to switch to Grid. These papers are nothing more than marketing documents for your fork.
I guess then New Vector is actually our best sponsor: they always give us those very important things to write about, like a personal data breach that has a federation-wide scope.
They certainly are generous! I'll ask them to renew our contract!
Good idea, it might help you to get more than 12 users on your fork.
Also I think you know this already, but the claim that the original document was a valid GDPR request is horseshit. That document didn't even have authors listed, and yet you believe a paragraph with further unanswered questions should be seen as a request for specific personal data about two users from New Vector? Get real, you're just looking for a way to claim that the request took more than 30 days.
People who just joined the community can't comment on your things? Of course you'd pull this out when someone calls you out for your bullshit. Odd that Mr. User-privacy-is-important wants other people to reveal their private identities online. You're such a hypocrite, but hey this post seems to have got a LOT of traction so keep it up with your fork pal.
Wow, another person has bought into your overblown concerns about a protocol you are trying to compete with, I'm super impressed dude. Let me know when you have close to the number of users that Matrix does, then you might have some justification for your inflated sense of self-importance.
11 comments
[ 1579 ms ] story [ 2391 ms ] threadThat won't change any facts, which I can't comment on the validity of, but it's important to keep this context in mind while reading these and any future documents.
As for "with the general matrix community", I believe the amount of projects and people we talk to, and still are in rooms with (which are public) will be the proof of that.
I hope you'll enjoy the read, since we believe this is not the first data leak of this kind and that your personal data might very well have been leaked if you're a Matrix user.
They were not given the choice to be part of our publication and therefore, we have no lawful basis to use their name since 1) they did not give us consent and 2) they would not have understood (we didn't say) nor expect (it was a private chat) that we will use their personal data - making Legitimate Interest not possible.
The only way we could be GDPR compliant for being Accountable and not break a lawful basis was to not use their name but the name of their role under their obligations towards us, and linking to the blog post instead (Accountability of what we claim).
They certainly are generous! I'll ask them to renew our contract!
Also I think you know this already, but the claim that the original document was a valid GDPR request is horseshit. That document didn't even have authors listed, and yet you believe a paragraph with further unanswered questions should be seen as a request for specific personal data about two users from New Vector? Get real, you're just looking for a way to claim that the request took more than 30 days.
I'm serious enough to put my name out there and own up to what I write - Are you also? Or are you ashamed?
I'll let you do your own homework and research what else it triggered.