As a mobile user the consideration there is appreciated.
(Maybe now I won't be locked out when my mobile carrier bounces my IP adress around like a @$!# ping pong ball!)
The answer to life, the universe and everything:
MIND THE GAP
Right now both egosoft.com and the forums default to http. Since you are already using Let's Encrypt there is little reason not to redirect all http traffic to https. Currently most of the links within the forum are https, but some like the FAQ aren't. If you are using certbot with webroot-path you want to exclude .well-known/acme-challenge so the auto renew still works.
If you enter into a contract which requires you to send us your payment information (e.g. account number for direct debits), we will require this data to process your payment.
Payment transactions using common means of payment (Visa/MasterCard, direct debit) are only made via encrypted SSL or TLS connections. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://".
In the case of encrypted communication, any payment details you submit to us cannot be read by third parties.
You probably want to remove the SSL part here. SSL has been broken & deprecated since 2015. The payment card industry security standards council demands that no payment information are processed through SSL or early TLS versions after June 26, 2018. In the best case this is misleading, in the worst it can be pretty costly mistake. Please ensure you are only using TLS 1.2 or higher.
Turmfalke2 wrote:Right now both egosoft.com and the forums default to http. Since you are already using Let's Encrypt there is little reason not to redirect all http traffic to https. Currently most of the links within the forum are https, but some like the FAQ aren't. If you are using certbot with webroot-path you want to exclude .well-known/acme-challenge so the auto renew still works.
The forum has been set to default to https for quite some time. Are you sure you're not just using an old bookmark?
Wait what..? That wasn't my cookie, at least not one that contains data worth protecting.
I didn't provide any cookies in my http request, so it is just your page generating a new cookie without being given any login information or such. The better question would be, why would it even try to set a cookie in that situation? There is nothing worth saving.
While we are it, you might also want to rework your cookie policy.
www.egosoft.com wrote:
This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Cookie Policy.
@Miniding
There are more things than just the mail address. For example, according to the GDPR, IP addresses are personal data. Accessing any website also transmits information like your browser and operating system versions. Websites might analyse at what times you access them (though I suspect Egosoft doesn't. )
Cookies can store your session data, and that information might allow others to access your account until you log off. Most people don't want others to read their messages or write posts under their name.
Can't login anymore, I get an error message, the session times out in seconds. I guess this is related to the forum update?
@Fanchen
Despite this being a problem of Egosoft and not ours, do you know this by fact?
(Except for the IPs: I know Google has to anonymize IPs of German residents.)
@Tamina
What exactly are you referring to, the browser/OS versions? That is done by the User Agent string which you can check on website like this one. And yes, given that websites can identify you (for example by your IP address or, even easier, because you are logged in) they could check at what time you are using their service.
I hope this is still somewhat ontopic and my last post on this matter.
To clarify the question: If the information you listed fall into the declaration of "personal information" in the GDPR by fact.
(Despite that they could be potentially used to cross-track a single person with enough given other information.)
)
