Feature request about data protection and protection against warnings
Asked Modified Viewed 977 times
asked
I am currently supplementing every new release with some modifications I have created. It would be good if some important things were present in future releases.
Especially with regard to European data protection laws, PHP-Fusion 9 cannot be used legally without several changes.
Example: "Privacy Policy" and "Terms of Use".
Currently, every webmaster has to save the data protection declaration and the terms of use twice. These texts must be first entered once in the text fields provided for this purpose in the admin area (registration and security settings) . If these are filled out as intended in the CMS, the terms of use can be called up in the registration form only, the data protection declaration must be integrated as a modal in the theme in order to make it visible at all. Only to call the print view of them is possible at all.
Since both contents must be accessible at any time in addition to the imprint, it would be good to create 2 additional files in the main directory (privacy.php / terms-of-use.php), for which a link can be shown anywhere on the homepage (e.g. pages navigation or in the footer). The two files then simply show the already saved text from the admin area. Currently, it is rather the case that each site operator is forced to create their own pages with the same content a second time in order to make these important legal texts accessible at any time.
Next problem: Google Recaptcha
Data protection experts commissioned by the German federal government and the federal states repeatedly comment on the use of Recaptcha to avoid spam.
It has been clearly proven that due to the user information derived in the background after behavioral analyzes and the transmission of the data to American servers without the user having any influence, there has been a violation of European data protection laws. The so-called "legitimate interest of the site operator" cannot be referred to, since the interest of the user prevails here and there are certainly other means of combating spam.
I would recommend fixing and continuing to support SecurImage v3. I adapted it for PHP 8.1 and I'm using it, I'm happy to make it available to you.
Another problem: embedded JScripts and fonts
Maybe it's unbelievable, but there have already been court judgments in which the plaintiff was awarded damages.
I think it's good that the Bootstrap files, jscripts and fonts in PHPFusion are not loaded on demand from external sources, but are mostly integrated directly into the CMS.
Unfortunately, fonts from Google are loaded in the supplied "Magazine" theme, for example. Nobody knows. which personal datas are used by Google in this cases.
These fonts are already loaded before you can point them out to the visitor. It is therefore impossible to obtain the necessary consent from the visitor.
It would be nice if such important things were also taken into account during development by following clear guidelines.
Especially with regard to European data protection laws, PHP-Fusion 9 cannot be used legally without several changes.
Example: "Privacy Policy" and "Terms of Use".
Currently, every webmaster has to save the data protection declaration and the terms of use twice. These texts must be first entered once in the text fields provided for this purpose in the admin area (registration and security settings) . If these are filled out as intended in the CMS, the terms of use can be called up in the registration form only, the data protection declaration must be integrated as a modal in the theme in order to make it visible at all. Only to call the print view of them is possible at all.
Since both contents must be accessible at any time in addition to the imprint, it would be good to create 2 additional files in the main directory (privacy.php / terms-of-use.php), for which a link can be shown anywhere on the homepage (e.g. pages navigation or in the footer). The two files then simply show the already saved text from the admin area. Currently, it is rather the case that each site operator is forced to create their own pages with the same content a second time in order to make these important legal texts accessible at any time.
Next problem: Google Recaptcha
Data protection experts commissioned by the German federal government and the federal states repeatedly comment on the use of Recaptcha to avoid spam.
It has been clearly proven that due to the user information derived in the background after behavioral analyzes and the transmission of the data to American servers without the user having any influence, there has been a violation of European data protection laws. The so-called "legitimate interest of the site operator" cannot be referred to, since the interest of the user prevails here and there are certainly other means of combating spam.
I would recommend fixing and continuing to support SecurImage v3. I adapted it for PHP 8.1 and I'm using it, I'm happy to make it available to you.
Another problem: embedded JScripts and fonts
Maybe it's unbelievable, but there have already been court judgments in which the plaintiff was awarded damages.
I think it's good that the Bootstrap files, jscripts and fonts in PHPFusion are not loaded on demand from external sources, but are mostly integrated directly into the CMS.
Unfortunately, fonts from Google are loaded in the supplied "Magazine" theme, for example. Nobody knows. which personal datas are used by Google in this cases.
These fonts are already loaded before you can point them out to the visitor. It is therefore impossible to obtain the necessary consent from the visitor.
It would be nice if such important things were also taken into account during development by following clear guidelines.
douwe_yntema
douwe_yntema 33
- Senior Member, joined since
- Contributed 667 posts on the community forums.
- Started 57 threads in the forums
- Answered 1 question
How is it still possible to use an Android or Apple smartphone.
Anonymous User
Anonymous User 367
- Veteran Member, joined since
- Contributed 939 posts on the community forums.
- Started 2 threads in the forums
- Answered 20 questions
Quote
"Privacy Policy" and "Terms of Use".
I have infusion for this
Quote
Unfortunately, fonts from Google are loaded in the supplied "Magazine" theme
Delete link and use default system fonts, problem solved.
Quote
I would recommend fixing and continuing to support SecurImage v3.
This captcha is so bad, its author also stopped developing it - https://github.com/dapphp/securimage/...-636279862. If you use this captcha, it's the same as without it. Bots can very easily solve it. Zero security.
In core, it's still exactly for silly things like "GDPR" and for people with paranoia.. Always I recommend Google Recaptcha. Google already has all the data about every single person, so who cares lol.
If you are worried about your data turn off internet and do not use a smartphone, pc etc.., then you may be safe. Every smartphone sends some data to external companies or at least to manufacturer or your pc as well unless you use some sort linux distro without software.
Just think about whole GDPR. It does not make sense. If you block something, then you simply cannot use service.
It's simple, something for something. You can use service, but of course nothing is free. And you pay with your data.
Another good joke is privacy on the internet. No, there is no privacy. And never will be.
And who cares if the data is sent to USA. For end user it doesn't matter if data are stored in EU or USA. End users always wants fully functional service.
answered
I don't know why I'm being criticized personally now. Did I say I want this change to myself because I feel my privacy is being invaded?
Although I support data protection and handle the transfer of my data responsibly, that is not the topic of my post.
Yes, I use an iPhone instead of Android because I could choose the lesser evil from 2 options. Unlike Google, Apple's core business is not the exploitation of my data. But what does that have to do with this topic?
You think "They already have all my data", so you keep feeding them. Ok, that's your decision. But as a website operator, you have to be careful with your users' data, because many of them don't care as much as you do.
B2T:
I made nothing other than a suggestion not intended to be useful to me but to general end users. One can find the GDPR ridiculous. The fact is, however, that we have to observe strict laws in the European Union and especially in Germany. The integration of dynamic Google fonts violates the GDPR and has to be reckoned with legal consequences.
The same applies to Google Recaptcha: it violates the GDPR. There have already been legal warnings, in one example it costs the person concerned more than 2500 euros because of the use of Google Recaptcha, Tag Manager and Fonts. So the topic is anything but ridiculous.
Source: https://www.ra-schuetzle.de/aktuelles...-recaptcha (German)
Here is another court ruling in which a plaintiff received damages because a website had integrated dynamic Google Fonts:
https://www.dr-datenschutz.de/ damage...die-dsgvo/ (German)
One question is justified in this context: What is the target group of PHPFusion end users? (All, except Germany/EU?)
The "Material" theme is currently part of the core package. The end user must be able to trust that the package is technically and legally secure. Not every end user is also a developer, and not everyone knows that you may not embed Google fonts or how to remove it. How big is the effort to change the core package so that no dynamic fonts are loaded and to consistently maintain this "no external sources" rule? What is the advantage for the end user who wants to use this CMS as a basis for his website and who trusts the system? It's almost done for 99%, why not complete it to 100% with some simple movements?
As a reputable developer with knowledge of the legal problems you can no longer recommend the use of Google Recaptcha. If the user keeps using Recaptcha as a result of your recommendation and is unexpectedly fined a large amount, will you participate? Technically, I'm on your side. I would much rather use it myself because it is more convenient and effective than other captcha solutions. Problem: I'm no longer allowed to do this since the introduction of the GDPR.
The data protection declaration and the terms of use are also already included in the core package. The only disadvantage is that the direct display option is not fully implemented.
I appreciate your skills and achievements in PHP development, I also think your infusion is well coded like all other things you created. But: why have to install a separate infusion for basic functions that should be present in every CMS and are half implemented in PHPFusion only? After all, the imprint obligation, data protection declaration and terms of use have not only existed since today. They are mandatory content for any website that makes content publicly available. I think your infusion should be tightly integrated into the core system.
The usage of SecurImage is in my view not useless, the security is not the same like having no captcha. Some bots can solve it, some not. It's not safe, but safer than no captcha. But: better to have lower security then break the law with Recaptcha, right?
Btw.: Some AI Bots can enter Recaptcha already...
In combination of SecurImage with Fusion Gateway the protection level is high enough. In my case there is an extra site pre-shown with privacy rules, you have to accept the rules first before you can continue and have access the register and contact forms. This is very effective, even if i am not using Fusion Gateway. I have no bot spams on my sites, i am not using Recaptcha's since few years.
Although I support data protection and handle the transfer of my data responsibly, that is not the topic of my post.
Yes, I use an iPhone instead of Android because I could choose the lesser evil from 2 options. Unlike Google, Apple's core business is not the exploitation of my data. But what does that have to do with this topic?
You think "They already have all my data", so you keep feeding them. Ok, that's your decision. But as a website operator, you have to be careful with your users' data, because many of them don't care as much as you do.
B2T:
I made nothing other than a suggestion not intended to be useful to me but to general end users. One can find the GDPR ridiculous. The fact is, however, that we have to observe strict laws in the European Union and especially in Germany. The integration of dynamic Google fonts violates the GDPR and has to be reckoned with legal consequences.
The same applies to Google Recaptcha: it violates the GDPR. There have already been legal warnings, in one example it costs the person concerned more than 2500 euros because of the use of Google Recaptcha, Tag Manager and Fonts. So the topic is anything but ridiculous.
Source: https://www.ra-schuetzle.de/aktuelles...-recaptcha (German)
Here is another court ruling in which a plaintiff received damages because a website had integrated dynamic Google Fonts:
https://www.dr-datenschutz.de/ damage...die-dsgvo/ (German)
One question is justified in this context: What is the target group of PHPFusion end users? (All, except Germany/EU?)
The "Material" theme is currently part of the core package. The end user must be able to trust that the package is technically and legally secure. Not every end user is also a developer, and not everyone knows that you may not embed Google fonts or how to remove it. How big is the effort to change the core package so that no dynamic fonts are loaded and to consistently maintain this "no external sources" rule? What is the advantage for the end user who wants to use this CMS as a basis for his website and who trusts the system? It's almost done for 99%, why not complete it to 100% with some simple movements?
As a reputable developer with knowledge of the legal problems you can no longer recommend the use of Google Recaptcha. If the user keeps using Recaptcha as a result of your recommendation and is unexpectedly fined a large amount, will you participate? Technically, I'm on your side. I would much rather use it myself because it is more convenient and effective than other captcha solutions. Problem: I'm no longer allowed to do this since the introduction of the GDPR.
The data protection declaration and the terms of use are also already included in the core package. The only disadvantage is that the direct display option is not fully implemented.
I appreciate your skills and achievements in PHP development, I also think your infusion is well coded like all other things you created. But: why have to install a separate infusion for basic functions that should be present in every CMS and are half implemented in PHPFusion only? After all, the imprint obligation, data protection declaration and terms of use have not only existed since today. They are mandatory content for any website that makes content publicly available. I think your infusion should be tightly integrated into the core system.
The usage of SecurImage is in my view not useless, the security is not the same like having no captcha. Some bots can solve it, some not. It's not safe, but safer than no captcha. But: better to have lower security then break the law with Recaptcha, right?
Btw.: Some AI Bots can enter Recaptcha already...
In combination of SecurImage with Fusion Gateway the protection level is high enough. In my case there is an extra site pre-shown with privacy rules, you have to accept the rules first before you can continue and have access the register and contact forms. This is very effective, even if i am not using Fusion Gateway. I have no bot spams on my sites, i am not using Recaptcha's since few years.
Anonymous User
Anonymous User 367
- Veteran Member, joined since
- Contributed 939 posts on the community forums.
- Started 2 threads in the forums
- Answered 20 questions
Nothing personal.. The point of my post was that GDPR is nonsense. I'm from Slovakia so I know what GDPR is about. And yes, I "feed" them with my data. But as I wrote: something for something. I will give them data, and they will provide me service for free. Companies like Google uses data for advertising. Ads are their main income and thanks to them you get their services for free. This is nothing new, it works like this many years. Imagine paying for a Google search or not just Google services but services from all US companies that you may use every day for free. I don't think people want to pay for trivial things like Google search, Gmail, FB etc.. Do you think that data will be more secure on EU servers? No. They can be stolen here too. Nobody thinks about this that way.
This whole thing is so controversial and everyone has own point of view.
PHPFusion is for everyone, but end developer always has something to do if he doesn't like something. This is how all CMS systems work. CMS is just the base and all the other things you have to do yourself. You also need to install some plugins in WP to comply with the GDPR rules. I've tried a lot of CMS systems and only one (cms specially made for Minecraft sites) has probably implemented everything to comply with GDPR.
Anyway, you wrote that you have securimage fixed, you can send it to us if you think it's good. Because for me it's pointless fixing this and anyone else from DEV team will never fix it. I recommend ReCaptcha only because is much safer. I know that AI bots can bypass even new ReCaptcha v3. But is still better than securimage which was good 5 years ago.
However every developer can add own captcha. It's not hard to implement if you already have a captcha that works, just need 2 files and that's it: captcha_check.php that must set
Anyone can contribute to the core, there are a Pull Requests on Github. If you have good code changes and want them in core, then feel free to create a PR. This is how open source works.
Google fonts. OK, I removed that link https://github.com/PHPFusion/PHPFusio...a0cdcc8720
This whole thing is so controversial and everyone has own point of view.
PHPFusion is for everyone, but end developer always has something to do if he doesn't like something. This is how all CMS systems work. CMS is just the base and all the other things you have to do yourself. You also need to install some plugins in WP to comply with the GDPR rules. I've tried a lot of CMS systems and only one (cms specially made for Minecraft sites) has probably implemented everything to comply with GDPR.
Anyway, you wrote that you have securimage fixed, you can send it to us if you think it's good. Because for me it's pointless fixing this and anyone else from DEV team will never fix it. I recommend ReCaptcha only because is much safer. I know that AI bots can bypass even new ReCaptcha v3. But is still better than securimage which was good 5 years ago.
However every developer can add own captcha. It's not hard to implement if you already have a captcha that works, just need 2 files and that's it: captcha_check.php that must set
$_CAPTCHA_IS_VALID = TRUE; If you have passed test and captcha_display.php with display_captcha() function that shows it under form. Example usage is in root/includes/captchas.Anyone can contribute to the core, there are a Pull Requests on Github. If you have good code changes and want them in core, then feel free to create a PR. This is how open source works.
Google fonts. OK, I removed that link https://github.com/PHPFusion/PHPFusio...a0cdcc8720
Category Forum
Modifications and Requests - 9Labels
Statistics
- Views 0 views
- Posts 4 posts
- Votes 0 votes
- Topic users 3 members
3 participants
douwe_yntema 33
- Senior Member, joined since
- Contributed 667 posts on the community forums.
- Started 57 threads in the forums
- Answered 1 question
Systemweb 10
- Junior Member, joined since
- Contributed 22 posts on the community forums.
- Started 6 threads in the forums
- Started this discussions
Notifications
Track thread
You are not receiving notifications from this thread.
Related Questions