Jump to content

GDPR conformity


webmicha

Recommended Posts

GC removed the audit-logs, because it doesn't fit to GDPR. But this is hypocritical as there are so many GDPR violences on the website, apps and the API. So, if geocaching.com really wants to comply with GDPR, they have a lot more to do. In times where importance of data protection and privacy is even recognized by Facebook, GC should go this way too. 

Just my 2 cents.  

  • Upvote 1
Link to comment
4 hours ago, HHL said:

Please add a 3rd cent and name it. :rolleyes: Just ranting is pretty useless.

 

Hans

 Example: a user decided to not show his statistics. A third-party like project-gc can use the data anyway, cause they are available through GC API. It is not users responsibilty to check additional platforms if his data are used, even if he don't want so.



 

  • Helpful 1
Link to comment
34 minutes ago, webmicha said:

 Example: a user decided to not show his statistics. A third-party like project-gc can use the data anyway, cause they are available through GC API.

It is not users responsibilty to check additional platforms if his data are used, even if he don't want so.

 

Curious...

 I click "Do not allow Authorized Developer applications to access my public profile information",  located in the Developer Authorizations section, in my  profile account settings.

Are you saying that third-party sites can get that information anyway ?   Thanks.  :)

  • Upvote 1
  • Helpful 2
Link to comment
8 hours ago, webmicha said:

there are so many GDPR violences on the website

 

Have you read this https://gdpr-info.eu/issues/consent/

It is about how you may consent to use your personal information.

 

Practically all personal information has been kept secret from other players including your email. Personal data are any information which are related to an identified or identifiable natural person.""

 

A nickname is used to disguise your personal information. All problems, including audit-logs, requires that your nickname is considerded as a personal information when the reason to use nickname is opposite, not to disclose you personal information. I fear that the GDPR is not applicable for nicknames in this case at all but I understand that no one can promise this because it is a legal matter.

Edited by arisoft
  • Upvote 1
Link to comment
5 hours ago, on4bam said:

The "simple" solution would have been to have a tickbox in your profile to opt-in/out of being seen in audit logs just as you can dis(allow) apps API access.

 

Yeah I think that's more of a thing now that the API and mobile app(s) exist, which didn't when the audit log was first launched. Since there are sources that don't affect the log, it doesn't seem counter-productive to let people 'opt out' of having their web hits count to the audit log. But it was probably just easier to remove the feature because it's fundamentally unable to provide reliable analytic information other than strictly "These users have loaded this geocache listing in a web browser"... which really isn't all that helpful.

 

I mean if you want to see a cache but don't want to be tracked... view it in the app. (well, no worries any more at least)

Edited by thebruce0
Link to comment
15 hours ago, on4bam said:

The "simple" solution would have been to have a tickbox in your profile to opt-in/out of being seen in audit logs just as you can dis(allow) apps API access.

 

But that would then render the audit log even more inaccurate and unreliable than it is now, what's the point in investing development effort into something which is so worthless?

  • Upvote 1
  • Helpful 1
Link to comment
8 minutes ago, MartyBartfast said:

But that would then render the audit log even more inaccurate and unreliable than it is now, what's the point in investing development effort into something which is so worthless?

 

Since it's unreliable an inaccurate, what's the problem that it's gone?

BTW, it's not gone because of GDPR but because of bad implementation of GDPR.

 

Next bad implementations could be: cache placed by "anonymous", Found by "anonymous", TB owner: anonymous, cache coordinates: "withheld for privacy reasons".

 

Remember GDPR is about having control over your personal data not about being anonymous everywhere.

 

 

 

Link to comment
On 11/2/2019 at 7:24 PM, arisoft said:

 

Have you read this https://gdpr-info.eu/issues/consent/

It is about how you may consent to use your personal information.

 

Practically all personal information has been kept secret from other players including your email. Personal data are any information which are related to an identified or identifiable natural person.""

 

A nickname is used to disguise your personal information. All problems, including audit-logs, requires that your nickname is considerded as a personal information when the reason to use nickname is opposite, not to disclose you personal information. I fear that the GDPR is not applicable for nicknames in this case at all but I understand that no one can promise this because it is a legal matter.

 

Yes, I agree with this. We can also fill our profile with the info we deem interesting for other users. What annoys me though is that quite some profile information is also available to non-users via the new profile, namely location and user photo. I added this info to my profile knowing only users would have access to it. However, with the new profile this info is also available to people who don't have an account. I feel I should have been informed about that change of publicly available data from my profile to be honest. If I'd known it i would have chosen a different user photo and opted to not disclose my location.

  • Upvote 3
  • Helpful 1
  • Love 1
Link to comment
6 hours ago, terratin said:

 

Yes, I agree with this. We can also fill our profile with the info we deem interesting for other users. What annoys me though is that quite some profile information is also available to non-users via the new profile, namely location and user photo. I added this info to my profile knowing only users would have access to it. However, with the new profile this info is also available to people who don't have an account. I feel I should have been informed about that change of publicly available data from my profile to be honest. If I'd known it i would have chosen a different user photo and opted to not disclose my location.

 

Okay, I'm curious how a non-user accesses any profile information. I just went to geocaching.com on a PC that's not signed into my account and there's nothing I can see there that allows me to view any caches or players. It just tells me there are 2077 caches near Penrith (which is nowhere near here but it's where my internet service provider lives), with links to download the app or create an account.

 

Edit to add: I've found it by doing a web search on "geocaching" and my user name. Yes, that is disturbing that they're displaying so much information to non-users.

 

Profile.png.c046e447db9a159a8cab74908250367c.png

Edited by barefootjeff
  • Upvote 4
Link to comment

Hey, yeah, I never noticed that home location was made public info!  When did that happen?  That used to be private even to members... that is NOT good, there was always good reason to not show that, and only use it for internal purposes; and there's no good reason to show that publicly.

 

Also, it is odd that it shows "you must first log in to view this profile" yet still shows basic info. I'd expect even the stats to be behind the login wall. Profile and cover photo - okay I could that being public. But that should be it at most, especially if not logged in.

wow

  • Upvote 3
  • Helpful 1
  • Love 1
Link to comment
2 hours ago, thebruce0 said:

Profile and cover photo - okay I could that being public. But that should be it at most, especially if not logged in.

 

I don't see why any profile information, including the cover photo, should be publicly visible. I'm curious how doing so benefits the game and I can easily imagine scenarios where it could be abused.

  • Upvote 3
Link to comment
9 hours ago, barefootjeff said:

 

Okay, I'm curious how a non-user accesses any profile information. I just went to geocaching.com on a PC that's not signed into my account and there's nothing I can see there that allows me to view any caches or players. It just tells me there are 2077 caches near Penrith (which is nowhere near here but it's where my internet service provider lives), with links to download the app or create an account.

 

Edit to add: I've found it by doing a web search on "geocaching" and my user name. Yes, that is disturbing that they're displaying so much information to non-users.

 

Profile.png.c046e447db9a159a8cab74908250367c.png

 

 Disturbing , yes. There appears to be quite a bit of information given away for free there , before the little red 'Sorry you must first log in to see this profile'

Location, profile photos, dates ... surely it is a GPPR issue making that information , which we assumed was 'cacher's eyes only'  freely available to the public ?

  • Upvote 2
Link to comment
1 hour ago, hal-an-tow said:

 

 Disturbing , yes. There appears to be quite a bit of information given away for free there , before the little red 'Sorry you must first log in to see this profile'

Location, profile photos, dates ... surely it is a GPPR issue making that information , which we assumed was 'cacher's eyes only'  freely available to the public ?

 

You know, if there was a mail or any other information that this information was to become public and please change everything you don't want non-members to see then ok. This might have been a bit weak, but better than nothing. Just throwing this info out there without any information of the users is rather poor form. Btw, when I signed up to geocaching I don't think there was the sentence

Tips to protect your privacy

Choose a home location that is not your real address.

 

anywhere, and now I can't find it either. When you change your home location it only says " Choosing your home location personalizes the geocaching experience to your area. This information is kept private." I know, because I've moved so often in the past x years. But anyway..

Edited by terratin
  • Love 1
Link to comment
52 minutes ago, terratin said:

 

You know, if there was a mail or any other information that this information was to become public and please change everything you don't want non-members to see then ok. This might have been a bit weak, but better than nothing. Just throwing this info out there without any information of the users is rather poor form. Btw, when I signed up to geocaching I don't think there was the sentence

Tips to protect your privacy

Choose a home location that is not your real address.

 

anywhere, and now I can't find it either. When you change your home location it only says " Choosing your home location personalizes the geocaching experience to your area. This information is kept private." I know, because I've moved so often in the past x years. But anyway..

 

OK, I have that home location set, but I did NOT fill in the location space on the initial profile tab - and that space did NOT populate with my home location info.

I followed barefootjeff's procedure in finding my profile, and see that my location is not showing ... I guess because it's not showing on the general, PROFILE tab.

 

That certainly doesn't negate your concerns, but you could reduce the precision of location in general profile without compromising other geocaching calculations that use your specific home location.

 

 

Link to comment
19 hours ago, VAVAPAM said:

 

OK, I have that home location set, but I did NOT fill in the location space on the initial profile tab - and that space did NOT populate with my home location info.

I followed barefootjeff's procedure in finding my profile, and see that my location is not showing ... I guess because it's not showing on the general, PROFILE tab.

 

That certainly doesn't negate your concerns, but you could reduce the precision of location in general profile without compromising other geocaching calculations that use your specific home location.

 

 

 

Ok, sorry, this was beside the point. GS warms to not use your address when setting a home location for maps, cache placement etc. There is no obvious warning that the home location in the profile will one day become public and index-able by search engines.

Link to comment
On 11/10/2019 at 5:43 AM, on4bam said:

Or use something generic like "Home location: Earth". Also, in statistics it may help to use a general area location.

The "home" location when using a GPS/Waze... should also never be your real home homeaddress.

 

Fortunately for us, The Chief insists that we use a generic home location! 

Not happy about this recent revelation. 

Link to comment
On 11/2/2019 at 11:21 AM, webmicha said:

Example: a user decided to not show his statistics. A third-party like project-gc can use the data anyway, cause they are available through GC API.

 

This was true at one time, however, it's no longer true. Now, you're asked ( over and over)  to allow Authorized Developer applications to access ....

 

And you can NOT allow. See cerebus1 post above.  He doesn't exist on project gc (currently). He can change that at any time, so at some point, he may exist on project gc.

 

 

  • Helpful 1
Link to comment
On 11/10/2019 at 3:30 AM, barefootjeff said:

I don't see why any profile information, including the cover photo, should be publicly visible. I'm curious how doing so benefits the game and I can easily imagine scenarios where it could be abused.

 

Profile and cover photo are almost always a publicly visible element of profile pages on most any website (which allows a publicly visible profile URL). Except maybe online dating websites. :P  One could argue that social media websites' mentality is that you're already wanting to be public (with some exceptions - tho even Twitter's private profile option still shows a profile pic) with your online persona, so a profile photo and cover photo are as "public knowledge" as the username.  On dating websites the mentality is that the profile is extremely personalized, so some may provide the option to keep all photos private, thus someone must be logged in to see even the profile photo (though most often the username is public).

One could argue that on geocaching the profiles are personal, but it feels to me somewhere in between a social media profile and a dating profile :P - somewhat private.

 

All that to say, there are very very few websites that provide a personal profile, with a username, profile pic, and/or cover pic, all of which are locked behind a login wall. One argument is that all a person needs to do is create a login to see all that, so a login wall is really not a good privacy protector in the slightest.  Most sites typically assume that those such assets of a profile are public already.  Users would understand that and not upload a photo they want kept private as a public profile picture (and that would be my strong recommendation - at least to consider that this is common practice today).

 

So I'm on the fence as to whether GC.com should put the profile and cover photos behind a login privacy wall. IMO, it's not effective privacy, and users should be aware of that. I can understand the desire to keep the profile pic private, but really, it's not going to be. Unless you're absolutely adamant that a login wall is sufficient privacy for your own sake. (which is almost non-existence, and honestly a little baffling /:) )

 

 

And frankly, I wouldn't be surprised that a profile is indexed in search engines.

What Groundspeak could do (since they're doing so much work on conforming to GDPR, even though this isn't directly related) IS provide a distinct, clear option to make a person's profile 100% private. That is, not googled. If someone searches a username (there's no stopping that) on gc.com, the result would be "This account is private" and show NO details at all.

 

tl;dr:

* Basically, "semi-private" (public username, profile pic, cover pic) is not private. Don't expect it to be. It's common practice.

* GC could offer a "private profile" option - which is only private to viewers who are not logged in (not very good privacy, but thwarts search engines and gives a little bit of comfort at least).

* Heck, maybe GC could offer a private-up-to-Premium-Member status, so even free/public logged in users can't see the profile. That would thwart stalkers and all the above.

Link to comment
5 hours ago, thebruce0 said:

Profile and cover photo are almost always a publicly visible element of profile pages on most any website (which allows a publicly visible profile URL). Except maybe online dating websites. :P  One could argue that social media websites' mentality is that you're already wanting to be public (with some exceptions - tho even Twitter's private profile option still shows a profile pic) with your online persona, so a profile photo and cover photo are as "public knowledge" as the username.  On dating websites the mentality is that the profile is extremely personalized, so some may provide the option to keep all photos private, thus someone must be logged in to see even the profile photo (though most often the username is public).

One could argue that on geocaching the profiles are personal, but it feels to me somewhere in between a social media profile and a dating profile :P - somewhat private.

 

Last time I looked, geocaching.com was neither a social media site nor a dating service. It was certainly my implicit understanding that my "public" profile was for viewing by other geocachers, not the general public. Indeed, geocaching.com's own Privacy Policy says:

 

Quote

With whom do we share your personal information?

Except as provided below, we do not share or sell information that identifies our users personally or makes it possible for other parties to contact them directly.

 

Nowhere in the "except as provided below" does it say anything at all about showing profile information to the general public. There's a whole paragraph on the information it shares with Other Users, specifically "When you create an account, we make your username and certain details about your membership, such as whether you are Basic or Premium, when you joined and when you last visited the site, and your finds, hides, and trackable count available for other users who may want to add you as a friend in our system or understand your experience and activity level for purposes of determining your credibility or engagement level with the game." But all of this (the stuff I've bolded) is visible to muggles too! I'm not a lawyer, but I suspect geocaching.com are breaching their own privacy policy by doing so.

Edited by barefootjeff
  • Upvote 1
Link to comment
17 minutes ago, barefootjeff said:

Last time I looked, geocaching.com was neither a social media site nor a dating service.

 

I didn't say it was either of them.

 

17 minutes ago, barefootjeff said:

It was certainly my implicit understanding that my "public" profile was for viewing by other geocachers, not the general public. Indeed, geocaching.com's own Privacy Policy says:

 

Quote

With whom do we share your personal information?

Except as provided below, we do not share or sell information that identifies our users personally or makes it possible for other parties to contact them directly.

 

I don't see any of that explicitly describing the GC.com username, profile picture or cover photo.  Your implicit understanding is inferred.

 

17 minutes ago, barefootjeff said:

There's a whole paragraph on the information it shares with Other Users, specifically "When you create an account, we make your username and certain details about your membership, such as whether you are Basic or Premium, when you joined and when you last visited the site, and your finds, hides, and trackable count available for other users who may want to add you as a friend in our system or understand your experience and activity level for purposes of determining your credibility or engagement level with the game." But all of this (the stuff I've bolded) is visible to non-users too!

 

The only points there that relates to mine is "username". None of those bolded are the profile picture or cover photo.  I did not disagree with any of the bolded. You saw my comment and reaction to the fact of all that is displayed to non-logged-in users.  My point is solely related to whether or not the username, profile image, and cover image are covered by the privacy policy (and there's also a grey distinction between providing profile details to whatever degree, and "sharing" which typically means the company with other companies/organizations/people of their own volition). ie, "we store certain details, but we will not hand them out to others without permission; permission for displaying such information on a profile is implicit" (ie another company could 'scrape' provided data, but that is not "sharing or selling") - so the question is, to whom is profile shown?

 

That's the point of contention.

I would recommend, based typically on what websites with a userbase that also provide a forward-facing profile page for said users do, that one shouldn't expect username, profile image, or cover photo to be implicitly covered by "private personal details", unless included in such wording.

 

Many inferences can be made from the quoted privacy policy. If anything, HQ should clarify that, and not display all the details we've now discovered are publicly visible and indexable by search engines.  I don't believe they are "in breach" of the policy, unless it can be demonstrated legally that a profile page is "sharing...information that identifies our users personally or makes it possible for other parties to contact them directly".  The latter - nope. The former, well I think legally "Real name" qualifies as a private field, while "Any photo you'd like to upload" does not - even though you could choose to make it that personal.  Many users have a graphic for a personal profile. Many users know that a profile picture is generally public facing and not hidden behind a login wall, and thus do not upload a profile pic that displays their own face.  Many don't care.

 

It's not black and white. HQ may do well to tighten up the policy and better explain what is made publicly visible, and what's hidden and to what degree.  Because gc.com is neither a social media platform, nor a dating website; but somewhere between the two (which is precisely what I said above).

Edited by thebruce0
Link to comment
4 minutes ago, thebruce0 said:

It's not black and white. HQ may do well to tighten up the policy and better explain what is made publicly visible, and what's hidden and to what degree.  Because gc.com is neither a social media platform, nor a dating website; but somewhere between the two (which is precisely what I said above)

 

In my view it's nothing like a social media platform or dating website. It's a special interest group and in every other special interest group I belong to, member information is only visible to other members. Nowhere in geocaching.com's Privacy Policy or anywhere else on its website or Help Centre does it say any member information will be shown to the general public.

  • Upvote 2
Link to comment
Just now, barefootjeff said:

In my view it's nothing like a social media platform or dating website.

I've already made that point, yes.

 

1 minute ago, barefootjeff said:

It's a special interest group and in every other special interest group I belong to, member information is only visible to other members. Nowhere in geocaching.com's Privacy Policy or anywhere else on its website or Help Centre does it say any member information will be shown to the general public.

1. Now you're applying a definition of what geocaching.com is.  Why are they a special interest group with the same rules and privacy policies as entirely distinct special interest groups you belong to with their own defined policies?  To someone else it's not a special interest group by your definition. Who's right? You're inferring and projecting a privacy standard.

2. I agree. It also doesn't say that NO user's information in the slightest will be presented publicly. Which is why either they should clarify the privacy policy for what constitutes private personal information and to what degree it's visible and to whom, or people need to not infer privacy standards that aren't stated, and err on the side of "I have the option not to put personal content in places I don't know are kept private by the holding company" (such as profile and cover image)

 

@GCHQ:

Username: Clarify whether having that item publicly visible is in breach of "sharing or selling" or not.

Profile/cover photo: Decide whether to show these items publicly or not, and make it clear, by disclaimer if necessary.

Additional details: Get those back behind the login wall, especially if "you must be logged in to view this profile" is disclaimed on the same page.

Any details: Decide/clarify whether "you must be logged in to view this profile" applies to every piece of user information, or anything beyond username/profile/cover pic (or whatever).

  • Upvote 1
Link to comment
Just now, barefootjeff said:

It gets worse. A muggle can view practically everything on a non-PMO cache page, including a link to the CO's profile, the full description, hint, cache page photos and the last five logs including any photos that have been posted with those logs.

 

Yes. That, to my knowledge, was always true. It was only the location that's ever been hidden from public view, and more than a handful of logs. No surprise there. That hasn't changed. Definitely not on the same level as the now-visible profile information.

Link to comment

Well now I know why the physical waypoint of one of my recent multis was so quickly muggled, even though it should have been well out of sight of passing muggles. On the cache page I included an image of a mud-map of the route along the maze of tracks and the hint said where it was relative to the track.

Edited by barefootjeff
Link to comment
11 minutes ago, barefootjeff said:

Well now I know why the physical waypoint of one of my recent caches was so quickly muggled, even though it should have been well out of sight of passing muggles. On the cache page I included an image of a mud-map of the route along the maze of tracks and the hint said where it was relative to the track.

As far as I can tell, profile information isn't public. Nor is the map. A "muggle" would have to be logged in to find that specific cache, or to see if you have other hides in the area to pillage. 

Link to comment
14 minutes ago, Mineral2 said:

As far as I can tell, profile information isn't public. Nor is the map. A "muggle" would have to be logged in to find that specific cache, or to see if you have other hides in the area to pillage. 

 

Googling "geocache barefootjeff" on my muggle PC brings up my profile, hides, logs, bookmark lists, just about everything except cache coordinates, and for puzzle caches those are effectively visible too for anyone who wants to solve the puzzle.

Edited by barefootjeff
Link to comment

I don't think they ever have been. Those again don't have to have location details in them. Ultimately remember it's a GPS game, so specific location was left to GPS coordinates - which are hidden. And I'm sure there are lines in the TOU that explain what cache listing information is publicly visible and what's hidden. Again, that's not new.

And even all the satellite user info available I'm pretty sure has not changes in years. Again that would fall under what constitutes private details that are not shared or sold, or provide direct communication with a user.

Link to comment
31 minutes ago, thebruce0 said:

I don't think they ever have been. Those again don't have to have location details in them. Ultimately remember it's a GPS game, so specific location was left to GPS coordinates - which are hidden.

 

Except for puzzle caches where they're obtained by solving the puzzle which is visible in the description.

 

32 minutes ago, thebruce0 said:

And I'm sure there are lines in the TOU that explain what cache listing information is publicly visible and what's hidden.

 

Can you provide a reference or quote because I can't find anything to that effect. The TOU link on each cache page is just "we are not liable for anything" and "this site is for personal use only" stuff.

 

I'd naively thought that non-traditionals and caches with higher D/T ratings would be protected from the muggles-with-apps scourge, but now it appears muggles without apps can see practically everything without even having to create a bogus account. If any of my caches survive this week's forecast catastrophic fires, I should probably make them PMO just to hide them from muggles.

  • Upvote 1
Link to comment
8 minutes ago, barefootjeff said:

the muggles-with-apps scourge

umm, yeah, I don't agree with this assessment.  It's not muggles-with-apps, which labels all smartphone users as the problem. The problem is insufficient guidance and/or problem users. Yes, even though a majority may be users who use smartphones.

 

8 minutes ago, barefootjeff said:

but now it appears muggles without apps users who are not logged in can see practically everything without even having to create a bogus account.

For listings, I'm confident that hasn't changed in years.

For profile pages, yes, I'm pretty sure more info now is available than recently.

 

8 minutes ago, barefootjeff said:

If any of my caches survive this week's forecast catastrophic fires, I should probably make them PMO just to hide them from muggles.

Do as you will.

 

8 minutes ago, barefootjeff said:

Except for puzzle caches where they're obtained by solving the puzzle which is visible in the description.

As has always been the case.

 

8 minutes ago, barefootjeff said:

Can you provide a reference or quote because I can't find anything to that effect.

Nope because I haven't searched which is why I said "I'm sure there are", not "there are."  As in, I'm open to proof that there aren't, but as I'm not that invested in proving the point at this moment, and I'm resting on my understanding of general web ethics with user profile pages and what's been in place for years here without major concern (at least sufficient to warrant change). GDPR comes along and boom everyone's up in arms (on either side).

 

Some things on gc.com haven't changed (listing contents). Some have (due to GDPR). Some have without us realizing (seemingly unrelated to GDPR changes).

Edited by thebruce0
Link to comment
11 minutes ago, thebruce0 said:

It's not muggles-with-apps, which labels all smartphone users as the problem.

 

I use the term muggles-with-apps specifically for the recent scourge of people with no knowledge of geocaching or desire to learn anything about it but just download a free game app and, in the course of the day or two it holds their interest, wreak intentional or unintentional havoc. I would never refer to a genuinely interested BM app-user with that term.

 

11 minutes ago, thebruce0 said:
19 minutes ago, barefootjeff said:

but now it appears muggles without apps users who are not logged in can see practically everything without even having to create a bogus account.

For listings, I'm confident that hasn't changed in years.

 

Just because it hasn't changed for years doesn't make it right or appropriate. For all we know, some of this information that's displayed to non-users might be unintentional and have come about through coding bugs, in which case it really ought to be fixed.

Edited by barefootjeff
  • Upvote 2
Link to comment
26 minutes ago, thebruce0 said:

GDPR comes along and boom everyone's up in arms (on either side).

 

I have no interest in GDPR but I am concerned that a whole lot of stuff which I'd always presumed would only be visible to registered users, is apparently visible to anyone. With a recent spate locally of the "eradicate geocaching because it's littering" types, that's a worry. I was stunned to see what came up when I just Googled "geocache" and my town name; a cache-hater would have a field day here.

Edited by barefootjeff
  • Upvote 1
Link to comment
11 minutes ago, barefootjeff said:

 

I have no interest in GDPR but I am concerned that a whole lot of stuff which I'd always presumed would only be visible to registered users, is apparently visible to anyone. With a recent spate locally of the "eradicate geocaching because it's littering" types, that's a worry. I was stunned to see what came up when I just Googled "geocache" and my town name; a cache-hater would have a field day here.

I tried that too. Only non Premium caches apparently.

Link to comment
1 hour ago, barefootjeff said:

might be unintentional and have come about through coding bugs

 

Don't know whether this has something to do with your theory, but note that I was NOT able - as a muggle (not logged in) - to see ANY of my profile info, with a statement that I'd need to log in to see that ... until I clicked on the "Go to new public profile" link on the banner.  That's when I was able to see the minimal info provided in my profile.  Couldn't see the additional "about me" stuff, even then.  So yeah, it did occur to me that it might have something to do with the new profile ... but freely admit I know nothing about coding.

 

I temporarily made most of my caches PMO.  Perhaps your search engine is more powerful than just google, but my non-PMO caches do not offer the "see more caches hidden by this user" link (or any of those other associated links.)  And while I could click on the "Message this owner" link, I was brought to a log-in page.  I couldn't see anywhere that somebody could tell what my email address might be.

 

And I do have an account specific to geocaching.  I started it just so I'd be able to check on caches and geo updates without having to wade through other stuff.  The benefit of knowing where a leak might be coming from hadn't occurred to me; I'll consider it a bonus. 

Link to comment
9 hours ago, thebruce0 said:

GC could offer a "private profile" option - which is only private to viewers who are not logged in (not very good privacy, but thwarts search engines and gives a little bit of comfort at least).

 

I would take advantage of that option, minimal as it might be, if it were offered. 

Link to comment
54 minutes ago, VAVAPAM said:

I temporarily made most of my caches PMO.  Perhaps your search engine is more powerful than just google, but my non-PMO caches do not offer the "see more caches hidden by this user" link (or any of those other associated links.)  And while I could click on the "Message this owner" link, I was brought to a log-in page.  I couldn't see anywhere that somebody could tell what my email address might be.

 

I'm not concerned about my email address being revealed, which as far as I can tell it isn't, but enough information is revealed on some of my caches to compromise the cache to an inquisitive or malicious muggle. My descriptions are detailed, as many of my hides are off-track, as are the hints in particular, since I really don't want cachers going all that way and not finding the cache. On some where GPS reception is poor I also provide helper photos on the cache page, which it seems all and sundry can see.

 

The most recent five logs, along with any log photos, are also shown, which may further compromise the general vicinity of GZ. Anyone including photos of themselves in their logs could have their privacy compromised outside the caching community, especially when part of the information revealed in the New Profile is the user's locality. It's not too difficult in a small town to just hang around the supermarket until you see that person doing their shopping. As a 65-year-old male it doesn't bother me much, but I would imagine others wouldn't be too happy if they weren't aware that anyone can see their log photos along with a link to their profile. It's all well and good to say "just put Earth as your locality" but I doubt many cachers are aware that this information is displayed to non-cachers and would just assume, from what it says in the Privacy Policy, that this information is only revealed to Other Users.

 

Maybe I'm wrong, but I have a vague recollection from my early caching days that, when not logged in, all that showed on a cache page was the Title and Short Description, and I don't recall seeing logs thrown into the mix. Maybe this changed when the Short Description field was deprecated, I don't know, or maybe I'm wrong and it's always displayed everything bar the coordinates, but I still think they're showing way too much to non-cachers, especially when there's no warning that that's the case.

  • Upvote 1
Link to comment
1 minute ago, barefootjeff said:

My descriptions are detailed, as many of my hides are off-track, as are the hints in particular, since I really don't want cachers going all that way and not finding the cache. On some where GPS reception is poor I also provide helper photos on the cache page, which it seems all and sundry can see.

2 hours ago, barefootjeff said:
2 hours ago, thebruce0 said:

For listings, I'm confident that hasn't changed in years.

 

Just because it hasn't changed for years doesn't make it right or appropriate. For all we know, some of this information that's displayed to non-users might be unintentional and have come about through coding bugs, in which case it really ought to be fixed.

 

You're talking about data privacy concerns in a GDPR thread. It's a different discussion: If you want to change what's been visible for years, then I'd say start a thread for that.

 

2 minutes ago, barefootjeff said:

Maybe I'm wrong, but I have a vague recollection from my early caching days that, when not logged in, all that showed on a cache page was the Title and Short Description, and I don't recall seeing logs thrown into the mix. Maybe this changed when the Short Description field was deprecated, I don't know, or maybe I'm wrong and it's always displayed everything bar the coordinates, but I still think they're showing way too much to non-cachers, especially when there's no warning that that's the case.

 

A few logs have always been displayed, as long as I can remember. Along with all the description details.

 

1 hour ago, VAVAPAM said:

Don't know whether this has something to do with your theory, but note that I was NOT able - as a muggle (not logged in) - to see ANY of my profile info, with a statement that I'd need to log in to see that ... until I clicked on the "Go to new public profile" link on the banner.  That's when I was able to see the minimal info provided in my profile.  Couldn't see the additional "about me" stuff, even then.  So yeah, it did occur to me that it might have something to do with the new profile ... but freely admit I know nothing about coding.

 

Ahhhh, so then it's not a change to the profile recently - the old profile still does what was intended, it's the NEW profile that hasn't been produced with the same restriction on content to non-logged in users. That is a bug that should be reported.

 

The old profile page only displays the username (no way that will remain 100% private).  The NEW profile page shows all that extra profile info.

FOR CONSISTENCY, the new profile page should be limited to the same display as the old one. If that's the way it was, then there's really no reason to decide to open up all that additional profile data to not-logged-in users. Not unless HQ is changing their practice on what constitutes private profile data.

Edited by thebruce0
Link to comment
10 hours ago, barefootjeff said:

Maybe I'm wrong, but I have a vague recollection from my early caching days that, when not logged in, all that showed on a cache page was the Title and Short Description, and I don't recall seeing logs thrown into the mix.

 

Thought I'd have a play on the WaybackMachine...

 

Here's a snapshot of Mingo (GC30) from February 2009: https://web.archive.org/web/20090211055001/https://www.geocaching.com/seek/cache_details.aspx?wp=GC30.  Not much different to today: CO, description, photos, and last five logs (including photos), but no coordinates.

 

I managed to go even further back, for Geocache (GC40), to August 2003: https://web.archive.org/web/20030821014542/http://www.geocaching.com/seek/cache_details.aspx?wp=GC40.  Back then you even got the coordinates without logging in!

 

 

21 hours ago, thebruce0 said:

So I'm on the fence as to whether GC.com should put the profile and cover photos behind a login privacy wall. IMO, it's not effective privacy, and users should be aware of that. I can understand the desire to keep the profile pic private, but really, it's not going to be.

 

I agree that the login doesn't provide effective security, but I guess I'd still prefer to see most of 'this stuff' behind that flimsy wall.  To be honest, I can't actually see an argument for making any of it available without logging in.

  • Upvote 1
Link to comment
14 hours ago, barefootjeff said:

Except for puzzle caches where they're obtained by solving the puzzle which is visible in the description.

 

The irony of this is, of course, that all that angst, feeling that I was being monitored by puzzle cache owners on their audit logs, could have been avoided by simply logging out. ;-)

  • Funny 1
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...