Minetest 2-factor Authentication Service[mt2fa]

sofar
Developer
Posts: 2146
Joined: Fri Jan 16, 2015 07:31
GitHub: sofar
IRC: sofar
In-game: sofar

Minetest 2-factor Authentication Service[mt2fa]

by sofar » Post

For the past weeks I have been working on an idea to solve several issues that currently exist due to the way minetest handles usernames and passwords, and I've made a solution that I will be sharing with everyone:

Minetest 2-Factor Authentication Service

This service consists of a mod and a backend that together create a 2-factor authentication service. This service creates a way for players, and for server owners, to create "trust" that can be verified. This "trust" is created by providing an email address, and this email address will be used by the service to confirm that the person who wants to interact (login, change IP address of the server, etc.) is actually in control of that email address.

Together, this allows server owners to verify that returning players are actually who they say they are, and players can verify that they're actually logging in on the correct server. If changes occur, for instance, the server changes IP address, then all transactions are on hold for that server until the server owner confirms the IP address.

Servers becomes a trusted thing. A server owner needs to register their server with the service, before they can have players register or authenticate. If the server changes IP addresses, the server owner will need to confirm this change.

Persons can register from any trusted server using an email address. This links the playername on that server to their identity. The email address is not stored on the game server, but will only be sent to the -factor server. Once the person confirms the identity, it can be used on other servers, and even on the same gameserver again for other player accounts.

Players become trusted on every server due to their connection to the registered Identity. This allows a person to have many identities, either on the same or on different servers.

Interactions:

The game server, the 2-factor service (from here on: mt2fa) interact through HTTPS. In general, events on the game server cause the sending of requests to the mt2fa service. If required, the player or server owner will sent an email with a confirmation token that they need to "click". This sends another HTTPS message back to the mt2fa service that the request is legitimate and confirmed. Meanwhile the game server sees the confirmation and the requested data is exchanged and the required changes are made.

In this way, the following things can happen:

- the game server owner registers the server
- the game server owner confirms an IP address change for a registered server
- the player registers their identity
- the player connects their identity to a playername on a specific game server
- the player authenticates on a specific game server
- the game server inquires whether a player must authenticate or not

What happens next is up to the server owner. They can decide to "enforce" or not:

- the server can require registration of users - either for all users, or for some, or for none
- the server can require authentication of users- either for all users, or for some, or for none

But, the player also gets to choose and force the server if they want to:

- if registration is not required for a user, they can still register themselves
- if authentication is not required for a user, they can still force the server to authenticate them

If registration or authentication is required for a player, or requested by themselves explicitly, they must complete this before a grace period expires, otherwise they will be removed from the server. During the grace period, the player will not have any player privs, and, if any of the interactions fail, the player will be removed from the server.

You can see that some server owners would make registration required for all players for instance, or authentication required for moderators and players with special privileges!

As of now, I have planned several more features:

- allowing a player to reset their passwords on a server, without interaction of the server owner
- allowing a player to change their email for their identify.
- allowing a server owner to change the email for their registered server.

Why am I writing this?

- some way to create a level of trust that allows players to say "it's really me" and having an actuall way to verify that, will certainly help some servers to open up to more players from the internet.
- some way for players to stay in control over their accounts on servers, prevent account sharing and borrowing and just being a little bit more careful with it.
- some way for players to recover a lost password without interaction, in a safe and validated way.
- a way for server owners to show the same level of trust - players can now verify and know that server owners also have to confirm their identity, and so there's a way to spot "stolen" server identities.

Are you using this yourself?

No. I do not intend to enable this for my own server. The server I run does not suffer from most of the problems that this is intended to solve due to its unique nature. I may change my mind in the future but for now I don't see a reason to.

How do I enable this or use this?

I have deployed a public instance of the mt2fa service. I will run this service and everyone is free to use it for the purposes shown above. I will also post a server `mod` that allows your server to use all the functionality listed above, and all the code (including all the server code) so that you can verify what it does, and help me develop it further.

You can run your own mt2fa instance, but I would not recommend it, as this would make things more complex for players, since then they would have identifies on several mt2fa servers. However, I won't stop you from doing this.

I will maintain and keep maintained the mt2fa public instance. You and anyone running a minetest server can use it as long as you want.

What about privacy?

I will post a privacy policy soon. It will be reasonable, there will be no sharing of any personal data, email etc. unless required by law. We will not post any specific data but we will monitor usage and make statistics available but not anything with personal data (emails).

Show me the code already!

This is the part you want for your server:

Minetest server mod Project: https://github.com/sofar/mt2fa
License: ISC
Dependencies: none
Archive download: https://github.com/sofar/mt2fa/archive/master.zip

You don't need this, you can, and probably should, use the public mt2fa server URL instead:

MT2FA Service daemon Project: https://github.com/sofar/mt2fa-server
License: ISC
Dependencies: nginx or apache,
Archive download: https://github.com/sofar/mt2fa-server/a ... master.zip
(Binaries for x86_64 linux will be posted at a later stage).

sofar
Developer
Posts: 2146
Joined: Fri Jan 16, 2015 07:31
GitHub: sofar
IRC: sofar
In-game: sofar

Discussion rules

by sofar » Post

Please remember:

- if you're not going to use this on a server, you don't have to
- you can run your own instance of the mt2fa service

also:

- if you hate this, please, just don't reply
- if you have criticism, try to remain open minded and keep the discussion from derailing

your cooperation is appreciated and will keep the discussion constructive and enjoyable.

User avatar
rnd
Member
Posts: 220
Joined: Sun Dec 28, 2014 12:24
GitHub: ac-minetest
IRC: ac_minetest
In-game: rnd

Re: Minetest 2-factor Authentication Service[mt2fa]

by rnd » Post

It appears to be: minetest server uses http lua api to send http request to your local go application which listens to http request and then sends/receives https request to next target. Good to see some
useful code for making https servers.

I searched a little and there seems to be https for lua too: https://github.com/brunoos/luasec/wiki

about using crypto schemes: https://security.stackexchange.com/ques ... ll-our-own
Last edited by rnd on Mon Jan 08, 2018 10:47, edited 1 time in total.
1EvCmxbzl5KDu6XAunE1K853Lq6VVOsT

User avatar
sorcerykid
Member
Posts: 1841
Joined: Fri Aug 26, 2016 15:36
GitHub: sorcerykid
In-game: Nemo
Location: Illinois, USA

Re: Minetest 2-factor Authentication Service[mt2fa]

by sorcerykid » Post

I'll give you credit, as this is certainly is a noble concept, in principle. However, it doesn't really improve trust nor security since there is no guarantee that personal data being collected and stored by a third party (one which has no certification for handling such data) cannot be compromised or otherwise mishandled.

I think it's one thing for a single service to request confidential information for use exclusively by that service, but entirely another to create a central agency of sorts that uses confidential information to authenticate across a variety of disparate services. That is a whole different can of worms. The link rnd shared is an apt concern as well. Just some thoughts.

User avatar
rubenwardy
Moderator
Posts: 6972
Joined: Tue Jun 12, 2012 18:11
GitHub: rubenwardy
IRC: rubenwardy
In-game: rubenwardy
Location: Bristol, United Kingdom
Contact:

Re: Minetest 2-factor Authentication Service[mt2fa]

by rubenwardy » Post

For 2FA, it's much better to implement TOTP. This allows a server to have 2FA without depending on any other servers. There is a UX issue with this - most authenticator apps allow you to manually enter a code, but a QR code is more user friendly. You could potentially implement QR codes using formspecs or texture modifiers, but that probably prove to be difficult.

Allowing a third-party server to reset passwords seems like a bad idea to me. Email verification is also slow and annoying - although is not so bad if you can just click a link
Renewed Tab (my browser add-on) | Donate | Mods | Minetest Modding Book

Hello profile reader

sofar
Developer
Posts: 2146
Joined: Fri Jan 16, 2015 07:31
GitHub: sofar
IRC: sofar
In-game: sofar

Re: Minetest 2-factor Authentication Service[mt2fa]

by sofar » Post

rnd wrote:Until i see source my only comment will be: https://security.stackexchange.com/ques ... ll-our-own
Sources posted. I didn't create any crypto. The service is using HTTPS encryption for exchanges. The only thing the daemon does is create "cookies" and "tokens" which are generated using random data and are 192bits. Since they aren't made using any known factors, I consider that secure enough for the purposes. The tokens by themselves also do not have any intrinsic value, a token can't give you anything. by itself.

sofar
Developer
Posts: 2146
Joined: Fri Jan 16, 2015 07:31
GitHub: sofar
IRC: sofar
In-game: sofar

Re: Minetest 2-factor Authentication Service[mt2fa]

by sofar » Post

rubenwardy wrote:For 2FA, it's much better to implement TOTP.

Allowing a third-party server to reset passwords seems like a bad idea to me. Email verification is also slow and annoying - although is not so bad if you can just click a link
TOTP would increase the security of the authentication, but do nothing for server owners to know that their players are actually people who are willing to convey their email address instead of being purely anonymous.

This project doesn't exist to make people purely anonymous, the goal is actually for everyone to certify themselves using their email address to show everyone that they're not going to do bad things.

What you are thinking of is therefore something completely different. Not useless, just very different.

The way this project works is that server owners and players all put something verifyable into a central hat(the service daemon) and everyone can check eachother, through an open and traceable service. TOTP doesn't provide any additional trust other than "this is the same person as the last time" but not "this person can actually be traced to a human with an email address".

Having a password reset capability that doesn't require an admin seems like a reasonable functionality to me. After all everything is verified and nobody except the person holding the account can initiate a password change. Would you want server owners to do this for all of their players? They have no way to even verify that the player is who they say they are right now, and without being able to log in (TOTP won't solve this) they can't prove anything.

sofar
Developer
Posts: 2146
Joined: Fri Jan 16, 2015 07:31
GitHub: sofar
IRC: sofar
In-game: sofar

Re: Minetest 2-factor Authentication Service[mt2fa]

by sofar » Post

sorcerykid wrote:I'll give you credit, as this is certainly is a noble concept, in principle. However, it doesn't really improve trust nor security since there is no guarantee that personal data being collected and stored by a third party (one which has no certification for handling such data) cannot be compromised or otherwise mishandled.

I think it's one thing for a single service to request confidential information for use exclusively by that service, but entirely another to create a central agency of sorts that uses confidential information to authenticate across a variety of disparate services. That is a whole different can of worms. The link rnd shared is an apt concern as well. Just some thoughts.
The only personal data that the 2fa service collects are:

- email address of the server owner
- email address of the player/person

this is needed to verify that requests to the service are validated. No other "personal" data is recorded, and that wouldn't make any sense. Note that I don't consider "player names", "server IP addresses" or "times of interaction with the server" necessily "personal" data as it's entirely public that when you play minetest online that anyone could record those pieces of information.

RND thinks I wrote crypto. I didn't. I use HTTPS to convey the email address between the game server and the mt2fa service. It is used to send emails using TLS (587) connections, so even that is done using secure industry practices.

Last, you can run your own mt2fa-server, and remove your last objections against a "central" service. Of course, this would make things more complex for players, but that's up to people like you who run servers to decide.

sofar
Developer
Posts: 2146
Joined: Fri Jan 16, 2015 07:31
GitHub: sofar
IRC: sofar
In-game: sofar

Re: Minetest 2-factor Authentication Service[mt2fa]

by sofar » Post

I just posted all the code. I'll be working on a setup guide for the mod, as it isn't entirely trivial just yet. I will assume people will be using the server I deployed for testing purposes in the mean time. The setup code for the mod will go into the `readme.md` of the mod project.

User avatar
rnd
Member
Posts: 220
Joined: Sun Dec 28, 2014 12:24
GitHub: ac-minetest
IRC: ac_minetest
In-game: rnd

Re: Minetest 2-factor Authentication Service[mt2fa]

by rnd » Post

updated my top comment. More long term idea, requires 1 trusted point ( i assume server list page is trusted), also works transparently in background, no need for any 'mail verify' - basically it emulates ideas from https:

1. make 'certificate authority' that issues server certificates ( basically public keys from 'public cryptography, private key is sent to server owner). List of those public keys can then be made freely accessible - on server list maybe.

2. when you connect to server client sends to server random challenge to digitally sign by server and then checks the signature using servers public key. If signature valid - this verifies server is who it says it is.

3. same thing could be done for client ( server checks authenticity of client )

4. This wouldnt be 'required' to play, only unchecked servers would then be marked with 'unchecked' on serverlist. Also note that this doesn't reveal any useful info to either client or server, but it does verify each party authenticity.

5. if you worry about that 1 authority going rogue, use several of them and then you get something like: 7 of 10 authorities say this guy is ok...
1EvCmxbzl5KDu6XAunE1K853Lq6VVOsT

sofar
Developer
Posts: 2146
Joined: Fri Jan 16, 2015 07:31
GitHub: sofar
IRC: sofar
In-game: sofar

Re: Minetest 2-factor Authentication Service[mt2fa]

by sofar » Post

rnd wrote:updated my top comment. More long term idea, requires 1 trusted point ( i assume server list page is trusted), also works transparently in background, no need for any 'mail verify' - basically it emulates ideas from https:

1. make 'certificate authority' that issues server certificates ( basically public keys from 'public cryptography, private key is sent to server owner). List of those public keys can then be made freely accessible - on server list maybe.

2. when you connect to server client sends to server random challenge to digitally sign by server and then checks the signature using servers public key. If signature valid - this verifies server is who it says it is.

3. same thing could be done for client ( server checks authenticity of client )
Those are good ideas, and similar to TOTP as rubenwardy proposed, however, they avoid the "the player has to provide something of value" benefit. Essentially, what you propose could live alongside this project. The choice for this project to rely on email was on purpose. It also avoids doing crypto entirely. What you want extensively relies on crypto as well, which poses additional risks.

dawgdoc
Member
Posts: 260
Joined: Mon Feb 27, 2017 01:10
GitHub: dawgdoc

Re: Minetest 2-factor Authentication Service[mt2fa]

by dawgdoc » Post

Sofar,

Would the mt2fa permit email filters? What I am specifically referring to is allowed by gmail and other providers and is seen in the form of username+someword@domain.com for a person whose true email address is "user@domain.com". This is something I almost universally do when registering for a site and wish to monitor the source of new emails.
Give a man a fish, feed him for a day. Give a kid a fish, it's going to die.

sofar
Developer
Posts: 2146
Joined: Fri Jan 16, 2015 07:31
GitHub: sofar
IRC: sofar
In-game: sofar

Re: Minetest 2-factor Authentication Service[mt2fa]

by sofar » Post

dawgdoc wrote:Would the mt2fa permit email filters? What I am specifically referring to is allowed by gmail and other providers and is seen in the form of username+someword@domain.com for a person whose true email address is "user@domain.com". This is something I almost universally do when registering for a site and wish to monitor the source of new emails.
The way I'm implementing it allows this by design. The emails that are provided become only active after we've successfully used them to verify the identiy, and so as long as they work, things like `+` characters are OK.

sofar
Developer
Posts: 2146
Joined: Fri Jan 16, 2015 07:31
GitHub: sofar
IRC: sofar
In-game: sofar

Re: Minetest 2-factor Authentication Service[mt2fa]

by sofar » Post

I've squashed a few more bugs and debugged the 'only registration required' codepaths, making this now ready for use in servers where people want to deploy it in these lighter settings.

Make sure to regularly update the mt2fa lua mod as that's where most of the bug fixes will end up going into. In the future, I'll have the server send update notifications to game servers.

sofar
Developer
Posts: 2146
Joined: Fri Jan 16, 2015 07:31
GitHub: sofar
IRC: sofar
In-game: sofar

Re: Minetest 2-factor Authentication Service[mt2fa]

by sofar » Post

The server is up and running in production, and in use. I will be doing some small incremental changes to complete features such as password and email changes in the near future.

Given the recent amount of abuse that's been going on, maybe this project will be helpful for server owners.

User avatar
Lone_Wolf
Member
Posts: 2576
Joined: Sun Apr 09, 2017 05:50
GitHub: LoneWolfHT
IRC: LandarVargan
In-game: LandarVargan

Re: Minetest 2-factor Authentication Service[mt2fa]

by Lone_Wolf » Post

This looks great!
My ContentDB -|- Working on CaptureTheFlag -|- Minetest Forums Dark Theme!! (You need it)

sofar
Developer
Posts: 2146
Joined: Fri Jan 16, 2015 07:31
GitHub: sofar
IRC: sofar
In-game: sofar

Re: Minetest 2-factor Authentication Service[mt2fa]

by sofar » Post

Thread post in a different topic, so I'm posting it here because I suspect people may want to continue this discussion:
Linuxdirk wrote:
sofar wrote:I'm not saying mt2fa is ideal just yet, though
Is it GDPR compliant at least?
Don't ask me, Ask a lawyer. Seriously.

It's a very interesting topic, of course. I'm definitely not a lawyer, and very happy that I'm not one. I can make a few brief statements that are not a legal interpretation of course. First of all, mt2fa only stores the email address of the person, and providing it is voluntary. I suppose we can make this an explicit consent message, which would be the right thing to do. From a service perspective, from what I can understand, mt2fa works entirely within the gdpr and since the email is critical to the service, since it is the key part of mt2fa, there is nothing wrong with using it as such.

From a purely "does it even apply" perspective, the GDPR does not seem to even apply, since the mt2fa service isn't operated by an actual organization or company. One could argue that, because the operator is me, a private person, the GDPR doesn't apply at all. This doesn't mean I don't want to avoid responsibility, though, because mt2fa actually was designed in partial to do something about anonymous players while letting them remain effectively anonymous to servers, in a way.

As for "forgetting" about people, this is a very interesting topic and I'm inclined to implement this. It would effectively make the player unable to use existing accounts on existing servers if mt2fa was enabled and required for those accounts, and I would implement it in a way that servers would delete the user account on the minetest servers that are linked, too, which would grant players a significant right that they do not have right now.

I've been more and more interested in putting significant work in mt2fa, maybe I'll take the holidays to implement some of these things.

User avatar
Linuxdirk
Member
Posts: 3216
Joined: Wed Sep 17, 2014 11:21
In-game: Linuxdirk
Location: Germany
Contact:

Re: Minetest 2-factor Authentication Service[mt2fa]

by Linuxdirk » Post

Unfortunately the GDPR applies to everyone processing data and is not limited to companies.

Because of this many privat blogs were discontinued. Blogs are dead anyways nowadays, but a lot of German blogs were discontinued specifically because of the German GDPR implementation DSGVO.

So basically everyone using mt2fa or even hosting a Minetest server should at least read the first 3 chapters of the GDPR. https://gdpr-info.eu/

sofar
Developer
Posts: 2146
Joined: Fri Jan 16, 2015 07:31
GitHub: sofar
IRC: sofar
In-game: sofar

Re: Minetest 2-factor Authentication Service[mt2fa]

by sofar » Post

Linuxdirk wrote:Unfortunately the GDPR applies to everyone processing data and is not limited to companies.

Because of this many privat blogs were discontinued. Blogs are dead anyways nowadays, but a lot of German blogs were discontinued specifically because of the German GDPR implementation DSGVO.

So basically everyone using mt2fa or even hosting a Minetest server should at least read the first 3 chapters of the GDPR. https://gdpr-info.eu/
Again, I don't think so. Lawyers should read this. I don't know what you do for fun in the evenings, but I advise you not to read the GDPR right before going to bed ;)

Of course, I'm not going to just walk away and that's why I'm more than entertaining the idea that we should make mt2fa compliant, but I will likely only go as far as "I'm making a stupid uninformed attempt based on rumors about the GDPR" because if I do anything more, I really ought to pay for a lawyer to review things, and I am neither a company nor does mt2fa make any money to cover that cost.

So, from my recollection, I can do some things in mt2fa to better comply with the GDPR:

1. Allow removal. I think this is feasible, and it could actually empower players to get their accounts removed from servers as well. This might actually be a nice feature.
2. Informed Consent. When the user provides their e-mail address, provide some clear message such that is compliant. Of course, I have nfc what this text should be.
3. As noted at the top, a privacy policy on the server would be nice. For instance, because the whole idea is to link accounts to your e-mail, it needs to state that the email is collected purely to create a functional service, and that without the email, no such service is possible to the user.

If you can think of anything else, feel free to add it in this thread or even in github.

User avatar
TumeniNodes
Member
Posts: 2941
Joined: Fri Feb 26, 2016 19:49
GitHub: TumeniNodes
IRC: tumeninodes
In-game: TumeniNodes
Location: in the dark recesses of the mind
Contact:

Re: Minetest 2-factor Authentication Service[mt2fa]

by TumeniNodes » Post

https://termsfeed.com/blog/privacy-poli ... atory-law/

I do have concerns that providing a privacy policy can put one in a bit of a pickle, in the event of a successful hack though.
While it is a means to convey to the user what you are using their info for, and that you, in no way use it or sell it to any third parties etc..., I imagine with a privacy policy in place, it places you in the position of having to prove you, in no way did just that.
Of course in the US the rule is, "Innocent until proven guilty" but, seems these days to be turning more into... guilty unless you can prove your innocence, they just do it in a crafty way.

Can you provide a privacy policy, while at the same time a claim of no responsibility in such an event?

I know that many cases of hacks, where personal data is stolen, one of the goals is to establish whether or not the owner was negligent, and therefore, responsible for the theft of the user's personal information.
It is easier to try to attach blame and justice to the one they can get their hands on... a hacker is far more difficult to find.
A Wonderful World

sofar
Developer
Posts: 2146
Joined: Fri Jan 16, 2015 07:31
GitHub: sofar
IRC: sofar
In-game: sofar

Re: Minetest 2-factor Authentication Service[mt2fa]

by sofar » Post

TumeniNodes wrote:I do have concerns that providing a privacy policy can put one in a bit of a pickle, in the event of a successful hack though.
While it is a means to convey to the user what you are using their info for, and that you, in no way use it or sell it to any third parties etc..., I imagine with a privacy policy in place, it places you in the position of having to prove you, in no way did just that.
Of course in the US the rule is, "Innocent until proven guilty" but, seems these days to be turning more into... guilty unless you can prove your innocence, they just do it in a crafty way.

Can you provide a privacy policy, while at the same time a claim of no responsibility in such an event?
Ask a lawyer?
TumeniNodes wrote:I know that many cases of hacks, where personal data is stolen, one of the goals is to establish whether or not the owner was negligent, and therefore, responsible for the theft of the user's personal information.
It is easier to try to attach blame and justice to the one they can get their hands on... a hacker is far more difficult to find.
This is probably getting off-topic now, and venturing way too much into legalese surrounding the nasty parts of many privacy laws. I'd vote for just focusing on the technical improvements that we can do, since we're not lawyers, but software developers.

User avatar
Linuxdirk
Member
Posts: 3216
Joined: Wed Sep 17, 2014 11:21
In-game: Linuxdirk
Location: Germany
Contact:

Re: Minetest 2-factor Authentication Service[mt2fa]

by Linuxdirk » Post

sofar wrote:Again, I don't think so. Lawyers should read this.
Regardless of being a lawyer the GDPR will affect you in one way or another. Knowing the most important points when providing a publicly available service can't be bad.
sofar wrote:I don't know what you do for fun in the evenings, but I advise you not to read the GDPR right before going to bed ;)
Actually I like such things. Leave me alone :)
sofar wrote:because the whole idea is to link accounts to your e-mail, it needs to state that the email is collected purely to create a functional service, and that without the email, no such service is possible to the user.
Article 7, Paragraph 4 implies defines if the consent voluntary. If a service does not work without consenting to data processing then providing data is not voluntary and other rules apply (regardless of using the service in general is voluntary). Recital 43 is very specific on this: "Consent is presumed not to be freely given if [...] the performance of a contract, including the provision of a service, is dependent on the consent despite such consent not being necessary for such performance."
sofar wrote:I'd vote for just focusing on the technical improvements that we can do, since we're not lawyers, but software developers.
According to Recital 32 a checkmark for consent is enough but it is not allowed to pre-check it. ("Consent should be given by a clear affirmative act [...] This could include ticking a box when visiting an internet website, [...] Silence, pre-ticked boxes or inactivity should not therefore constitute consent.")

sofar
Developer
Posts: 2146
Joined: Fri Jan 16, 2015 07:31
GitHub: sofar
IRC: sofar
In-game: sofar

Re: Minetest 2-factor Authentication Service[mt2fa]

by sofar » Post

Linuxdirk wrote: Article 7, Paragraph 4 implies defines if the consent voluntary. If a service does not work without consenting to data processing then providing data is not voluntary and other rules apply (regardless of using the service in general is voluntary). Recital 43 is very specific on this: "Consent is presumed not to be freely given if [...] the performance of a contract, including the provision of a service, is dependent on the consent despite such consent not being necessary for such performance."

According to Recital 32 a checkmark for consent is enough but it is not allowed to pre-check it. ("Consent should be given by a clear affirmative act [...] This could include ticking a box when visiting an internet website, [...] Silence, pre-ticked boxes or inactivity should not therefore constitute consent.")
Oh look a squirrel.

What I want to know is whether I should make changes to the code or not. For instance, right now, the MT server side code does this:

1. if registration is optional, asks if the user wants to register (yes/no).
2. asks the user for their email address.

If the user doesn't want to consent their email address, they can still cancel. Depending on whether registration is required might get kicked from the server, but the service doesn't function without the email address. The server doesn't know it, so putting in a checkbox is just silly, since it's obvious that if you don't consent you should just not type in your email address. Of course, that's just my opinion. I wouldn't mind adding a little bit more text explaining things but overdoing it rubs against my fan of darwinism. The code does not have pre-ticked boxes, nor does it work through "inactivity" or "silence" so again, is this text just ambiguous or is the current code actually compliant? Note, it says "could include ticking a box", not that it "must" do that. Really, I have more important things to worry about.
Linuxdirk wrote:other rules apply
If someone wants to have a good time and summarize "other rules", that'd be great.

sofar
Developer
Posts: 2146
Joined: Fri Jan 16, 2015 07:31
GitHub: sofar
IRC: sofar
In-game: sofar

Re: Minetest 2-factor Authentication Service[mt2fa]

by sofar » Post

https://mt2fa.foo-projects.org/privacy.html

I've also posted an update to the mod that shows this link, and included a short consent statement.

https://github.com/sofar/mt2fa/commit/8 ... 98f239c488

User avatar
Linuxdirk
Member
Posts: 3216
Joined: Wed Sep 17, 2014 11:21
In-game: Linuxdirk
Location: Germany
Contact:

Re: Minetest 2-factor Authentication Service[mt2fa]

by Linuxdirk » Post

sofar wrote:What I want to know is whether I should make changes to the code or not.
Consenting and withdrawing have to be equally easy (Article 7, Paragraph 3). So when it is enough to enter a mail address then withdrawing the consent should be a button press.

If you process the data any further or collect any personal data that has not been provided by the user (as stated in the Privacy Policy you “[…] may publish usage reports that include service usage statistics, such as player count and server count”) you need to provide some information to the user about this as described in Article 14, Paragraph 1 a-f.

Article 14 is actually pretty horrible but I tend to say that Article 14, Paragraph 5, letter b applies (“Paragraphs 1 to 4 shall not apply where and insofar as: […] the provision of such information proves impossible or would involve a disproportionate effort, in particular [for] statistical purposes”).

Not quite sure about the consent of minors. Maybe add another field for the birthday and leave profiles out of usage tracking when the user is under 16. Article 8, Paragraph 2 mentions “reasonable efforts to verify” the age. So a date input field should be enough.
sofar wrote:
Linuxdirk wrote:other rules apply
If someone wants to have a good time and summarize "other rules", that'd be great.
Recital 42, Number 5 and Recital 43, Number 2 basically define the voluntary consent. If this does not apply to a service it has to be proven that the de facto involuntary provision of data is necessary for the service (your Privacy Policy describes this already).

Post Reply

Who is online

Users browsing this forum: No registered users and 6 guests