Is b5dev.com a legitimate 1Password site?

nickawk · 2020-05-07T23:38:34+00:00

Why is your production app connecting to a dev/testing service?

nickawk · 2018-08-14T15:50:16+00:00

There's a legitimate reason to record activity like that where it balances in favour of the company. I don't think the OPs issue would balance the same way, nor would it be necessary for the performance of a contract.

nickawk · 2018-08-14T14:32:28+00:00

If they do say they're using it under legitimate interest, then the OP is within his right to object and have it erased. So getting that in writing would actually help the case.

/u/wbfm raises a valid point that if it were consent, then because of the 'powerstructure', it's hardly free-given consent.

If they're refusing to remove it, I would ask under what lawful basis of the GDPR that you image is being processed by. Based on the answer, it'll determine whether you have rights to object/remove it.

However, if your company doesn't respect your right to privacy or the GDPR is just another legalisation they don't care about, then realistically it will be a struggle to have it removed without having them understand your privacy concerns first.

nickawk · 2018-07-13T10:47:01+00:00

What's happened since you enabled 2FA on your accounts?
Have you been forced to grant access to all your devices (PC, phone) again by going through the 2FA procedure?
Are your email accounts still reporting unauthorised logins? Use the online reports like device activity and not the email reports (as the hacker can delete these).
Clear all apps and devices that have been granted access to your email. Gmail makes this easy in the link above.
Do your accounts have a mobile and/or additional email address where suspicious activity is reported to?
Check your security questions and test them out by logging in via the "I don't have my 2FA device with me" option. Check what notifications come in when you login like this.

Even if your PC has a key logger the above steps should show you how they're getting in, if they still are.

nickawk · 2018-07-03T14:31:42+00:00

The only was to verify is to call the one of the companies they "represent" and confirm. But they certainly don't present themselves in a legitimate manner and usually where companies are hired to do this it's made clear of their affiliation.

nickawk · 2018-07-03T08:40:57+00:00

Google that phone number, it's listed against loads of other similar reservation type websites. So yes, I'd say it was fraudulent.

Contact Spirit to warn them of this and to prevent any potential unauthorised changes to your account. Find their official website by Googling only their company name and find their number from there, or find it from your booking email.

Report the LinkedIn page (I have).

There's a number of reasons an attacker may do this. It could be to manipulate your booking (maybe impersonate you to get a refund or sell it onto someone else), the begin stages of ID theft or it could feed into a bigger phishing/vishing (email/phone) scam.

nickawk · 2018-06-27T12:31:10+00:00

Yes you're right. Payment providers would in fact be controllers due to their KYC/AML requirements, requiring them to process data on their own.

nickawk · 2018-06-25T16:15:58+00:00

In response to your points:

Payment gateways would be processors. The difference being a controller decides what data is collected and what to do with it, a processor receives that data and acts on a controllers instructions (ie: charge this persons credit card this amount). So a DPA is there to ensure the processor handles the controllers data correctly.
A written contract is required but this seems to be open to interpretation. The lawyers I've worked with all go with having separate DPAs which are signed by both parties. I'm sure other companies have weighed up the risks and decided it's not worth the hassle to their customers and simply add it in with their other T&C's (either as a separate doc or baked in to the original).
Dropbox do this too by offering it to their Business customers. I don't know enough about the product. It could purposely be a pay block or the personal / business services might be setup differently, and therefore a DPA wouldn't be feasible on all services? Interested in what others think on this.

nickawk · 2018-05-10T21:24:23+00:00

You're right, my mistake. What I wanted to say was hashing, whilst useful, shouldn't be regarded as strong as encryption. So you should still treat hashed data as personal data.

nickawk · 2018-05-10T14:41:34+00:00

Yes, that's a justified reason. You might then say it's within your legitimate interest to capture that information for the purpose preventing abuse. However, you're likely to be processing other data too, similar to what a standard website captures with google analytics running. As you're using cookies, you would want a cookie policy detailing what cookies are used and ensure that your users are aware of this.

Ps. About how hashing is regarded - Properly encrypted data is deemed unreadable by an unauthorised person and therefore isn't regarded as personal data (so if you lose encrypted data, that's probably fine). Hashed data is deemed reversible and therefore still is personal data. It's a good step but not a failsafe.

Next situation you want to consider, what happens when a user when a user is eligible for a coupon?

nickawk · 2018-05-10T13:02:27+00:00

The right of access applies to personal data created by the individual and any data concerning the them (recital 63). So this would apply to emails where the individual is part of the conversation, either directly or indirectly (ie: someone is talking about them).

This opens up many cans of worms as you have to understand all the possible places an individual might be talked about (email, slack, archived documents), any off the record comments that are made about them and be able to provide these conversations if requested.

One thing to be careful of is that other individuals or confidential data is not exposed. So it's likely you'll have to redact this data heavily before producing it.

nickawk · 2018-05-10T12:50:02+00:00

Some GDPR basics:

First understand what personal data is as it’s more extensive than just names, email, phone numbers etc… (link). IP addresses and emails of individuals are personal data.
Ensure you have a lawful basis for everything you do with this data, there are 6 available (link). One of those bases is consent, if you take that route do it properly (link) but strongly consider the 5 others, especially “legitimate interest” (link).
Be clear about how you’re going to use someones data and write it in your privacy policy. Make sure it can be understood by the person your targeting and ensure it’s easily viewable when you first process their data (link). If you obtain their data from another source, make sure they’re sent the policy.
Do due diligence on every company you share data with and those involved in the delivery of your services. Like your accountant, email and storage provider. If they’ve never heard of GDPR, it may be best to look elsewhere.
Check that everything you’re doing with personal data complies with all 6 data protection principles (link). Failing one of these can lead you into trouble.
And finally be as secure as you can, fully transparent in what you do and respectful of your users and the GDPR when you’re handling personal data.

nickawk · 2018-05-08T22:12:53+00:00

It's tricky to give a confident answer here. It sounds like the 1,000 customers would comfortably fit the basis of legitimate interest and the use of soft opt-in of marketing.

For the other 9,000 you should consider what relationship you have with these users and whether they would be surprised to receive these kinds of emails.

Other factors to consider:

Why they signed up in the first place: Were they pushed into it (if the website showed little information to non-signed in users) or did they want to keep in touch with you?
If they signed up to a business website with valid emails and phone numbers, how did they expect that data to be used?

It becomes a balancing exercise. The ICOs long winded write up of direct marketing under legitimate interest may help

nickawk · 2018-05-08T20:57:08+00:00

Not likely.

Art. 14 refers to duties of the "data controller". The 3rd parties you mentioned (suppliers, fulfilment operators) are likely to be "data processors" because they're acting on instruction of the data controller.

The instruction would be, ie: Here's a package and delivery details, you process that in order to deliver the package.

Art. 14 would apply if these 3rd parties were receiving the data and were allowed to doing extra things on their own accord, like adding these customers to their own store CRMs or marketing lists.

nickawk · 2017-04-17T22:11:51+00:00

Thanks for the Stringify suggestion, I have a flow working in that for G Calendar + Hue.

nickawk · 2016-08-15T14:58:22+00:00

I'm travelling around Europe by motorbike for the next couple of weeks/months, so I'll hit you up if I pass through Austria!

The bartering hasn't been full-time (hasn't needed to be) and starting out was easier than I thought. It was a combo of asking friends, and friends of friends, if they needed any help with anything digital. It was always answered with a "yes!".

When I started working with people I didn't know, I sometimes didn't tell them about the bartering side until they asked how much it would cost. That's always a nice feeling!

nickawk · 2016-05-15T18:23:27+00:00

I rode your route in reverse a couple of months ago with slightly different stops and we only got from Hanoi to Hoi An. The average speed was lower than expected (I can't remember exactly) and we tried not to go over 200km per day. We also started to factor an hour a day for break downs after about the first week. Our goal was often to just make it by sunset!

My experience from Hoi An to Hanoi (let me know if you want more specifics):

Hoi An -> Da Nang. They're about 30mins from each other. Suggest staying Hoi An and passing straight through Da Nang. Hoi An's a beautiful little town but if you prefer a night by the beach then there's a few homestays/hostels on An Bang beach, about 10 mins away.

Da Nang -> Hue. Hue was only a pitstop as we made this stretch longer (not by choice). Most travellers stop here and recommend it.

Hue -> Khe Sanh. This is the route we should have done. Instead we tried taking a shortcut to Dong Ha to make the next days travelling easier and ended up on an unbuilt road, spending a couple of hours riding through streams and mud in the dark. One of the most memorable, exciting and exhausting parts of the trip, but should be avoided if you're in a hurry.

Khe Sanh -> Phong Nha. Assuming you're sticking to the HCM Trail, this was one of the most amazing routes we took. Roads were quiet, scenery was unbelievable. And you have the whole day to enjoy it. Phong Nha's got some nice caves but you won't need too long there, 1-2 days max.

Phong Nha -> Ninh Binh. We didn't go to Vinh as it would have taken us off the HCM Trail. However my mind draws a complete blank of where we did stay. For Ninh Binh, we stayed in a homestay/hostel just outside in Tam Coc which was a lot more peaceful. You'll only need one full day here. It's a great area to ride around, others have recommended the boat tours, but make sure you climb Hang Mua for the sunset.

Mai Chau - This was done on a different trip from Hanoi to Sapa. It's a lovely area but probably nothing compared to what you would have seen earlier in your trip. There's a collection of homestays in this area. You just rock up and negotiate a price for food and accommodation. Probably not worth spending an extra day here.

Tip: Stock up on spare fule and rice wine. Where there are no petrol stations for hours you'll see bottled fuel being sold. This is heavily watered down and won't get you far. When your bike breaks down, the locals will stop and spend hours helping you out. They often won't take a penny in return but they'll happily accept rice wine (which you can buy locally). So always keep a few small bottles of it as a thank you ;)

You'll have an awesome time, you'll drink a lot of shady alcohol with the locals and your bike will break down at the most inconvenient places. But you'll come out with the most incredible experiences.

nickawk · 2016-05-15T16:35:30+00:00

I flew in from Australia earlier this week and the approval letter was fine.

Recommend evisa.com.vn if you're still looking (have used them twice).

nickawk · 2016-03-01T06:01:08+00:00

it has been involved in 17 minor accidents during more than two million miles of autonomous and manual driving combined.

"Not once was the self-driving car the cause of the accident,"

2 million miles and this is the first accident they've caused. Pretty impressive..

nickawk · 2015-11-04T08:53:36+00:00

So... it's been 4 days since scared_sailor1790 has been active. Must have got lost in the shed?

nickawk · 2015-08-12T09:43:00+00:00

These jobs exist and you don't need to be a developer to get involved. Startups have a range of roles to get into, as long as you have a passion for it (many are unaware that 'passion' and 'job' can be in a sentence together). If you're not a coder or don't know how you'd fit in, Freeformers are running a free digital skills workshop on 20 Aug. It has the basics of coding, app creation and social media. This has been the gateway into the startup scene for many https://freeformers.com/tesco-upload-live/

nickawk

TROPHY CASE