GDPR compliance for online services accessible through 0 A.D.

[elexis]

As of 25 May 2018, GDPR became enforceable.

Since we formally agreed to a second release of alpha 23 in the staff meeting on 2018-05-27 and agreed in the staff meeting on 2018-06-03 ​https://wildfiregames.com/meetinglogs/ to reevaluate the terms and conditions of our services and implemented support for updating the lobby terms of conditions in #5218.

do we #agree to update the lobby policy one way or another?

#agree We will use the opportunity of the rerelease to update ToS/ToU/the userreport manual with respect to RGPD

The Multiplayer Lobby (​Phab:D1590) and UserReporter are two services that are used with the software developed on this issue tracker.

refs ​https://wildfiregames.com/forum/index.php?/topic/24325-gdpr/
refs ​https://wildfiregames.com/forum/index.php?/topic/24722-improving-mod-security/

[elexis]

In 21858:

Remove disabled remains of the performance data (= profiler data + text input) upload feature from the UserReporter from rP8925.

User-submitted text upload was removed in rP12971 in preference of the bugtracker.
Remove leftover mainmenu.js function that this commit should have removed.

Profiler data upload was disabled in rP16213 because the data amount was too large and because the two timing snapshots are inconclusive without further data.
The hereby removed exposed JS functions could have been exploited by JS mods to upload 0ad userdata to arbitrary places.

The performance data upload feature can be redesigned, implemented without JS exposure, with a more transparent privacy policy (refs #5257).

Differential Revision: ​https://code.wildfiregames.com/D1597
Performance upload feature removal accepted by: Vladislav

[elexis]

• Lobby terms UI cleanup: r21846
• Lobby terms updates require new user agreement: ​Phab:D1568, #5218, r21847
• Terms version check ​Phab:D1575, #5218, r21850
• Lobby terms: ​Phab:D1590
• Removing obsolete UserReporter feature ​Phab:D1597
• UserReporter terms: ​Phab:D1598
• UserReporter SSL: ​Phab:D1600
• mod.io terms: ​Phab:D1601
• refactored terms page UserReporter D1602

All of that and further development progressed in a github branch:

• ​https://github.com/bb-bb/0ad/tree/terms and ​https://github.com/elexis1/0ad/tree/terms

Includes:

• Rewritten terms
• Further refactored terms page
• Terms language selection
• Lobby TLS and certificate error translation (#5257)
• UserReporter local logfile for transparency
• Hide UserReporterID from log and JS config

Wildfire Games other services are updated independent of the release cycle.

[elexis]

In 21866:

Move UserReporter C++/JS functions from JSInterface_Debug.cpp to JSInterface_UserReport.cpp, refs #4772.
This way it stands out more as a separate feature that can be more easily exchanged, extended, maintained or conditionally removed from the build and leaves more transparent includes, refs #5257.

Add missing string includes following rP7259 and rP20171.
Remove unused Profile include following rP1841 and rP20171.
Remove unused CLogger include, add missing debug include following rP20171.
Remove unused CConsole include following rP20572 / D1073.
Remove unused ProfilerViewer include following rP21858.

[elexis]

In 21867:

Hide userreporter ID from mods and logfiles, since it shall be used as an authentication token for GDPR personal data requests, refs #5257, rP21844 / D1563.

Comments by: Vladislav in irc on 2018-08-13

[elexis]

In 21868:

Write UserReport data to local logfiles, so that users can review the personal data impact without exposing the data to JS/mods, refs #5257, rP21867.
Write the logfiles even if the UserReporter is disabled, so that the assessment can be done prior to use.

[elexis]

In 21870:

Use https in hyperlinks for sites that support it, refs #5257.

[elexis]

In 21875:

Lobby to optionally require TLS certificate and certificate verification, refs #4737, #5257.

These are config options because developers should be able to test a local lobby server quickly without going through the hassle to create a valid or invalid certificate or modify and compile the client.
To protect from malicious JS mods reducing these security config options, these options as well as the hostname would have to be protected from JS access.
The user might still connect to other lobbies through a hypothetical UI if there were a non-modifiable GUI confirmation dialog prior to the connection.

Proofreading and feature design discussion by Vladislav and Dunedan on irc on 2018-08-19 and 2018-08-23.

[elexis]

In r21886:

Split UserReporter JS and XML from mainmenu code and refactor it.

XML button duplication removal by bb in ​​https://github.com/bb-bb/0ad/commit/62acfd74cb3efdb517db537bd4e62fa0ba6c304d Write formatUserReportStatus in object-oriented style, refs irc discussion with Vladislav on 2018-08-10. Add the two missing cases "proxy" and "waiting" from UserReport.cpp and reuse the "connecting to server" string. No messages.json changes needed for the new directory, no string changes.

[elexis]

In 21887:

Refactor lobby terms and conditions UI from rP21847 / D1568 to a new terms dialog UI and reuse that for mod.io and the UserReporter, refs #5257, #5218.

Reuse all existing strings, use a FileExists hack for mod.io until the new strings are committed.
Rename prelobby/common/terms/terms.js to termslobby.js for easier distinction from common/terms.js.

Based on patch by: bb
Differential Revision: ​https://code.wildfiregames.com/D1602
refs ​https://code.wildfiregames.com/D1601
refs ​https://github.com/bb-bb/0ad/tree/terms
refs ​https://github.com/elexis1/0ad/tree/terms

[elexis]

In 21889:

Move openURL function and two strings from public/ to mod/.

Use it for the mod author website now.
Use it for the terms links next, refs #5257, D1627.

[elexis]

In 21894:

Language selection dropdown in the terms dialog.

Allows the user to either read the english Terms and Conditions written by Wildfire Games or the version translated into the current locale by transifex users.
The underlying problem that Wildfire Games cannot verify the accuracy or completeness of the translations while providing the services to a global audience remains.

Refs #5257
Differential Revision: ​https://code.wildfiregames.com/D1643
Comments By: bb on irc, smiley, asterix

[elexis]

In 21895:

New strings for the Terms and Conditions dialog, refs #5257.

Button captions and instruction strings by bb from D1602.
For the UserReporter replace "anonymous feedback" with "feedback" because it was never anonymized on Philips backend and won't be anonymous on the new backend either, certainly until the logfile is rotated and possibly arguably afterwards too.

[elexis]

In 21896:

Mod.io Disclaimer.
Have the user accept explicitly that he is subject to the Terms and Conditions and Privacy Policy by the DBolical Pty Ltd company when using their service with our client.

Rely on luck that this is sufficient to count as educating the users about the personal data processed, the purposes and legal grounds of personal data processing and the GDPR user right to access, rectify, erase, restrict and complain, refs #5257, GDPR 13.
The Mod.IO DMCA report possibility should be added eventually.
Remove FileExists hack from rP21887 / D1602.
Refs D1601, ​https://github.com/elexis1/0ad/tree/terms

[elexis]

In 21898:

New UserReporter Terms and Conditions, hopefully GDPR compliant, refs #5257.
Require SSL for the UserReporter clientside.

Differential Revision: ​https://code.wildfiregames.com/D1598
Includes contributions by bb and Itms

[elexis]

In 21900:

Don't delay the pyrogenesis shutdown for 5 minutes but at most 10 seconds if the server is not responding, refs #968;
in particular Philips server not responding to SSL which became a requirement by the client following rP21898 or following GDPR 32.1.a, refs #5257 while the new backend is not ready yet.

Mark file emptied in rP21898 as deleted.
Add scrolling to the UserReporter window, so that the timeout error strings that became visible following the bugfixes in rP21892 and rP21897 and don't overlap with the buttons.

[elexis]

In 21903:

Update Lobby Terms Of Use.

Refs #5257, D1590, ​https://github.com/elexis1/0ad/pull/1
Comments By: Itms, user1, Hannibal_Barca, KeyCollector

[elexis]

In 21906:

Add liability and third party software exclusion to the Lobby and UserReporter terms.

Shorten Lobby Terms of Service by inlining definitions.
No personal data changes in this commit, refs #5257, D1590.

[elexis]

In 21908:

Lobby Privacy Policy.

Restricts the previous Terms of Service clauses that asked for a universal grant for personal data processing without explicitly mentioning chatlogs or IP address logs (possibly in violation of the Data Protection Directive).
Hopefully establishes GDPR compliance for the lobby by mentioning all data procsessed, purposes and new user rights, fixes #5257.
Explain why the service is not directed to children < 13 and a COPPA compliance note.
Add severability clause.
Add licensing note for terms.

Differential Revision: ​https://code.wildfiregames.com/D1590
Accepted By: Itms
refs ​https://wildfiregames.com/forum/index.php?/topic/24325-gdpr/

[elexis]

In 21909:

Increase minimum password length on the lobby from 1 to 8, refs #5257.

[elexis]

In 21919:

Allow the user to print and save the text of the terms and conditions before the conclusion of the contract and use the word "Clickwrap agreement".

See EU Court of Justice decision C-322/14, refs #5257.
Adds one string.

Differential Revision: ​https://code.wildfiregames.com/D1657