Tumult Hype and the GDPR

One of the reasons I use Tumult Hype is because the exported project doesn’t phone home. (At least, not that I can see. There was the hyperlink to Tumult.com, but wasn’t that removed recently?) Perhaps Tumult should emphasize that fact with a new blog post. That’s a hot topic this week, as the GDPR goes into effect on May 25, 2018.

…and just in general, anyone stressing over this issue? I’ve seen a wide range of reactions to this, from apathy to panic.

I think WordPress did a great job addressing this issue…

Matomo (formerly Piwik) did a great job too…

Heh, I wasn’t sure which article to link to, as the majority of the recent blog posts are about the GDPR. FastSpring (Tumult uses this as an alternative to the Mac App Store) also has some blog posts about the GDPR…

This is a bit of struggle for Photics.com too, as the website is being updated to address the GDPR – even though Photics is based in NYC, the customers are international. There’s also the question about what to do with two new Tumult Hype related products. Wrapping is leaving the Mac App Store. It’s been updated to work as a Hype Export Script. That’s right, it’s done. I just haven’t figured out the best way to sell the software yet. The GDPR is making that complicated. A new edition of A Book About Hype is being planned too. Lots of factors are influencing the direction of this project, not just the GDPR.

1 Like

No, I’m not stressing.

Another example of pernicious “group think”… (and if You want to recalibrate the parameters a bit it is another form of FUD).

Certainly You have a certificate! You absolutely need to be mobile friendly - and You do have some sort of parallax effect on your web site - right? etc. etc.

Big Brother has showed up in an entirely different guise than George Orwell imagined.

While no doubt well intentioned - GDPR is stampeding the herd into yet another paroxysm.

I certainly don’t agree. This law is heavenly influenced by the laws that have existed in Germany for a long time. The notion of the federal government overreaching is a very unique thing from the United States and this big country of individual states of yours. The rule of the „X“ (supply meets demand) might work in many areas but the political market needs to be balanced between the private sector (mostly huge commercial titans) and the needs of the people.

Looking at privacy and tracking in my opinion the whole discussion about influences on the US election comes down to the topic of excessive data collection.

Turning the tide and giving the user the power to demand all collected information and to allow explicit minimal and earmarked use of personal data is the right way forward and I am really hoping that programmers and startups embrace this turn of events and view… much to the recently surfaced dystopian movie by google discussing a google data ledger that is not your own.

Well, the Fear Uncertainty and Doubt is from the massive fines…

Up to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher

Aside from big companies like Google, Facebook and Apple, those are business killing numbers.

Well, yeah. It’s a country formed by violent revolution – based on distrust and loathing of big government.

Well, that’s the problem here in the states. United States citizens didn’t elect these people, but now the rules of a foreign nation apply? Wow, that’s at the very core of the United States. We don’t like that.

Sure, you could argue that the EU is protecting its citizens. Having to update your website to conform with the new regulations is just part of doing international business. However, that’s not how it feels.

Personally, I think Google and Facebook is out-of-control, and I think it’s great the EU is doing something to balance the massive privacy invasion that the Internet has become. However, what about the little gaming website, with players from all over the world? To update a website can be very expensive – especially if that’s customized software. A single developer would have to put in a lot work to match what WordPress or Matomo did for their software.

On Reddit r/webdev, you can see stories of smaller developers worried about this.

Well, some will and some won’t. What’s going to happen to those that won’t? What’s going to happen to US companies that push back on this? What happens to companies that are simply not ready yet. That’s the uncertainty and doubt.

No kidding :slight_smile: so true. Then again you got a very “undemocratic” influences through the lobbying and funding process of politicians. It makes it hard for your representatives to argue on behalf of the greater good or the people of their district.
I am not saying that the “federal” EU is in any way better as we got a whole bunch of problems ourselves. In this case I think the EU came through for it’s citizens.

Yes and becoming indenpedant of colonial forces from the old world is a relatively historical recent event to your country and surly at the core of its genesis.
But if you look at it closely nobody is telling the US anything. The EU just got “new” rules and much like the legal age for alcohol, consent or other topics certain rules have to be acknowledged to open business in certain region of the world. The internet has been historically pretty unregulated and inherently global and therefore dismissed many local laws. Facebook and others are in origin from the States but now they are actually global players much like Coca Cola and Star Bucks. These businesses will have to oblige to local regulation to open a store in any given country.

Yes not easy but not sudden. It was on the horizon for a while and it will certainly kill off some business that already have their infrastructure in place and have no fund left to rework them. They will have to exclude business with the EU. But for the future systems will be written to comply out of the box and request permission todo many things concerning user data (so we hope) and if for efficiency purposes the smallest denomination becomes a single system that complies to the EU regulations … US citizens will profit from this (in my opinion) as your leaders still don’t see the need for such regulation. Mark Zuckerberg when answering to Congress was pretty evasive on the question of such regulation.

In the mind of the EU regulation business will be liable for lawsuits and the fines are pretty high. In reality I suspect the US will have their way and a bunch of loopholes will be opened/found for ”business as usual“. I hope the EU cracks do on them but only the future will tell if this regulation will have legal precedents.

1 Like

Lobbying in of itself is not a problem. Isn’t it sorta like free speech? Citizens or companies can present their opinions and ideas to their representatives. The problem is corruption.

That’s why the GDPR is an important issue. Because, in a sense, it feels like regulation on free speech. It is extra rules and regulations for an individual to start a website. Worse, it’s regulations created by a foreign government. The news is all about Russian medaling in the 2016 election… not a peep about the GDPR. Why don’t they go pressure Trump on that? What’s his stance on Net Neutrality? What is he doing to protect businesses from the overreach of the GDPR?

Sure, one could argue – just don’t collect private data, especially on European Citizens. But because the Internet is global, a popular website will naturally collect data on European citizens. It’s unavoidable for any popular website. IP addresses, screen size, operating system – this is basic raw log data, which could be used to identify someone. Does that have implications for website owners?! I’m not sure.

Because of the GDPR, I set my logs to auto delete after a certain amount of time. (I was inspired by DuckDuckGo too.) This is my profession though. I understand what that means. Is a layman going to understand what that means? Someone who’s a great journalist or a great photographer, they may have no understanding on how to run a website in general – not at this level. The European Union is now telling publishers that they need to know this if they want to publish. That adds expense.

It’s why only six corporations control 90% of media in America…

Side note – I’m not saying privacy isn’t an issue. Clearly this is a problem. Here’s what the DuckDuckGo extension says about that link…

As an American, I find this offensive. (There’s a lot to be offended about, so I’ll be clear… I don’t like 13 trackers on a single page, or just six companies controlling 90% of media. But for this paragraph, I don’t like how the GDPR could squish the little guy.) Any barrier to true journalism should not exist. This starts down a dangerous path of regulating the Internet. That’s not a driving force of the Internet. That’s not what made it great. We need more independent publishers and developers, not less.

Here’s an example with another profession. Do you know, to be a licensed electrician in NYC, you need SEVEN AND A HALF YEARS of experience?

In order to obtain a Master or Special Electrician license, you must meet the following qualifications:

  • Be at least twenty one (21) years old

  • Be able to read and write the English language

  • Have good moral character so as not to adversely impact your fitness to perform the duties and responsibilities of a Master or Special Electrician

  • Have at least seven and a half (7.5) years of experience or the equivalent (as indicated below) within the ten (10) years prior to application with a minimum of 10,500 hours or the equivalent (as indicated below) of satisfactory experience in the installation, alteration, and repair of wiring and appliances for electric light, heat, and power in or on buildings or comparable facilities.


One of the reasons I’m able to do what I do today is because there were no such regulations… no certifications… nothing. The only thing that mattered was my ability to do the job. Being an electrician is a tough job, but it shouldn’t need about the same level of education and experience as a doctor. That just seems accessive to me. Seven years?! Really?!

I’m concerned that this is the start of regulation creep. Because running a website is so technical, because the data is so sensitive, are developers going to need government issued licenses to do their job? Can you imagine it – needing a license to publish a website? It sounds a bit insane today, but it could very easily be a reality in a few decades – especially with a glut of web developers.

That’s the problem I have with this. My business is not in the European Union. It’s in NYC. My website is hosted in New York State. How can these regulations apply? Do they apply? :man_shrugging:t2:

In a sense, if it’s a small business in the United States, isn’t it like the EU citizen is visiting another country?

This is true. The GDPR did have a slow rollout. Heh, but it seems lots of website owners are just learning about this issue – many are not prepared.

Unfortunately, as I think about this issue, I find myself in this category. Is it really worth it to keep a small website online? The Internet is less and less fun to me. It feels like the more and more I learn, the more there is to learn. It’s not because of some profound wisdom to seek either. It’s because one company said, “Eh… we’re not going to support that anymore.” Now, that ActionScript expertise, that Macromedia / Adobe expertise, it’s useless. Better learn JavaScript… oh… I mean Web Assembly too… which means you’ll need to know Java and C++. Might as well know Python too, because everyone is using Python now… it’s totally not like that time everyone was in love with Ruby on Rails. Oh, you already know JavaScript? What about the million libraries… like jQuery, React and Angular?

You know, nothing too complicated…

Meanwhile, the regulations are starting to creep in. Plus there are hackers and spammers to contend with. Imagine if you had a parking lot, where you saw someone checking the door handles for unlocked cars. You’d probably call the cops right? Well, that’s not the way the Internet works. Websites are constantly being scanned for vulnerabilities, but the typical response is, “Ignore it kid, you can’t stop them.”

So, update those websites right away or the hackers will get you… whoops, too soon, the bugs got you instead. You do have a dev, test and production environment right, and backups of your backups?!

Most of the people are on YouTube, Twitter or Facebook anyway. Regulations like the GDPR could push more and more people towards the machine… the big corporations that gobble up big data.

Oh wow, Zuck was so so bad… and so many funny memes.

I view the GDPR like I view Apple’s app stores… great as a customer, terrible as a developer.

Sometimes I think I need a career change. I’m not sure what, but Goat Farming is out… https://www.reddit.com/r/sysadmin/comments/4l7kjd/found_a_text_file_at_work_titled_why_should_i/d3lgg0k/ :crazy_face:

The link you posted says it all. To petition the government is the key point. We got that too in our laws and if you collect enough signatures the Congress has to take the topic into discussion and allow the people to speak. That’s the free speech part of the law and the portion that translates into direct democracy. But what’s the money bit in this rule… this is like putting a Pie in the window and wondering that “human nature” eats it.

I am all for free speech and it is actually part of our constitution and not only amendment (after the war they named them base laws and they are particularly hard to change). One of these laws concerns the “privacy” of citizens and dates back to the expirence Germans had with the Gestapo (secret staate police) and in the recent east the Stasi. Having an evil player collect data and the “Gesinnung” (basic convictions,basic believes) of its citizens is a major risk for democracy and the livelihood of the citizens of a state. So the most EU/German citizens see this as protection and not as regulation of free speech.

I mentioned loopholes before and there is a clause in the law that allows for “essential business data”. But the main goals are minimal necessary data collection and the prevention of unwarranted data trafficking. And we are talking internet and programming here and the GDPR is a problem waiting for a solution. I am pretty sure it will be solved very quickly and after the transition there is a great potential that this creates a new sensibility for the theme of “privacy”.

Yes, they don’t know html, databases and css and so forth… so I don’t see the problem. They most likely will turn to a programmer or a service (open or closed source). WordPress for example did a great job on the GDPR and has most features in the core and now the mindset is slowly working it’s way into the plugin scape. This is the mentioned sensibility on behalf of programmers I see as an great benefit.

And it doesn’t … anybody can still publish what they want. Don’t mix the interests of free speech and commercial targeting… you think these 13 trackers are direcly connected to the Journalist? No the represent a conglomerate of marketers that want to turn the internet into an personalized and potentially creepy ad dumpster

That is indeed pretty long we have three years for the base education and then a couple more to become a master. But I can understand the rational behind this as I also don’t want my surgeon to be self taught. Electrical power, specially in the early with DIY wiring an DC, had caused many fires.

Well there are still no barriers only one technicality more. As mentioned before working as a self taught developer one still requires and has always a fair amount of learning and this will always be the case. Also the web has become this vast interdisciplinary scape and specialization is the logical conclusion (law, tech, marketing etc.). Also now there are many degrees and studies so the “Wild West” on this frontier is slowly fading towards a more “civilized”/organized conduct. The important topic on market equality and free speech are the current efforts to dismantle net neutrality and not the increase in data privacy.

True, technology has a fast pace and therefor in classical informatics you learn concepts and not particular implementation. At the core Action Script 2+ translates pretty good to JavaScript and is based on it so I still benefit from that knowledge. Looking beneath language quirks it really is logic and concepts that are much more essential to a good developer

That sums it up in a better way although it will become second nature to future generations (hopefully). Children talk to computers these days and grow up knowing no other world then that. It’s important that we set the right trajectory for technology as now is still the time to apply changes and the further we get locked into our systems the harder they get to be changed.

Continues Learning is at the core of my nature and even if I don’t consider many interest not being commercially viable I love the pursuit of them. I canned my television a long time ago (20 years and counting) and never looked back. Since then I got so much time to do things, read alternative media (podcast, discussions etc.) and play with the web.

Oh, there’s definitely a freedom of the press issue here. Sure, you could publish whatever you want. But if you upset someone in government… whoops, looks like someone needs a website security audit.

Where are the balances from abuse? I don’t know :man_shrugging:t2:

If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him.


  • How does the GDPR apply to email? I don’t know :man_shrugging:t2:
  • How does the GDPR apply to offline documents? I don’t know :man_shrugging:t2:
  • How does the GDPR affect embedded content, such as YouTube/Vimeo videos, CDNs or third-party analytics? I don’t know :man_shrugging:t2:

I agree with a core concept of the GDPR. People have a right to privacy. But if someone emails me, and then later emails me again to delete their data, am I obligated to delete their email messages at their request? How far does the right to be forgotten / the right of erasure go? I don’t know :man_shrugging:t2:

Here’s an example…

The GDPR could be used as a weapon against websites you don’t like. What defense does a website have against that? “Hey, I sent you data… hey, delete that data now.”

That’s a big problem for journalists, who tend to make enemies with their stories.

I think my reaction to the GDPR is way more excessive than it needs to be. That’s me though. With the increase in attacks on websites, I think it’s just easier for me to not store user data. You can’t hack what’s not there. I do like that part of the GDPR. It’s forcing companies to think, “Hey, do we really need to be collecting that data?”

I think we agree here. We want our web developers to be smart, but we don’t want excessive and unnecessary regulation. And yeah, we don’t want bad electricians burning our house down.

But to build a house in most places, there’s a stupid amount of regulations. If I build my house out of compressed earth blocks, there’s no way it’s burning down.

…but I looked into building one outside of New York City. I contacted the planning board and they had no idea how to respond. The building codes / regulations weren’t prepared for something like that. There’s no such thing as creative home building. It’s just a bunch of generic stick built houses with aluminum siding and some bricks.

I don’t want to see building a website fall into the same type of paperwork and bureaucracy. Years ago, it was just an annoying cookie warning. The GDPR is WAY beyond that. What’s to say it stops here? Nothing. The trend is more rules and regulations. I understand that the Internet is not the Wild West anymore, but wow, this is way too quick.

Yes, WordPress does a great job at addressing these issues, but that’s a concern too. One piece of software powers about 25% of the websites… but that limits creativity, as most websites will look the same. I was thinking about upgrading to Drupal, but that’s very unlikely with the GDPR…

I’m not going to base my business on a module that’s “not covered by Drupal’s security advisory policy.” That feature needs to be core.

It’s looking like Drupal is not ready… not like WordPress. That means advanced features for my website are harder to build. What does that mean for million-plus websites that are based on Drupal? Are they going to be targeted by the EU?

This is good thinking too. Yeah, we need to do something. Otherwise, when artificial intelligence rolls around, we could be living in a dystopian nightmare. The rights of an individual matter. The problem is balance. This is a moment in time where a lot of independent developers are going to give up. That’s sad.

I think GDPR enforcement should require a website warning before imposing any fines. Education should be part of the process. Otherwise, the GDPR is nothing more than a weapon against US business… which means the US will write their own regulations, to simply ignore the GDPR.

Heh, I watch a lot less television these day… but that free time seems to have shifted to forum posting. HA HA. Just kidding, good conversation.

I dedicate a lot of my time to learning new things – which is why this is so insane. The things I can do today were inconceivable years ago. And yet, it’s just barely enough to stay above average.

…and my expertise with Flash is not totally useless. That’s true. My point is that it’s a lot harder to run a website today. Flash exported to a single file, which pretty much ran on any computer. It had vector support, full screen, exported to an app. Hype is really REALLY close to replacing just about all of what Flash could do… but it’s more difficult.

Yes we end on an “half full” and “half empty” glass of water. Until now this regulation is in its infancy and we will see if it turns out to be a benefit, disadvantage or simply ineffective.

Good talking to you and give peace a chance. I love Steven Pinkers book talking about the peaceful times (on relativ statistics population vs. deaths etc.). I am still hopeful for the species and side on free knowledge and the education of the Individual (like intended in the enlightenment) rather then seeing the human as pure egotistical beast Maschinen. The cultural environment and the views we deploy on human nature will define and decide our future. I

And now this:

Some observations… little Update (Post launch day of the GDPR):

  • The communication about many aspects has been blown out of the water by fear mongers and false information (for example in the EU there is no need to ask for permission to send a newsletter that already has been confirmed, again).
  • Be aware of fear mongering used by big players and make these problems your own. There is a big interest of these players to discredit the GDPR and the EU has reassured that they will not be going after individuals and small business and rather be helping them in a phase of transition for theses sectors.
  • Big players (FB, Apple, Microsoft etc.) have whole suits of lawyers and a long time to prepare so they will be most likely targeted by user associations immediately that already had years of fight and experience / demand with / for privacy laws.
  • Regular/small business and freelancer are often not affected by certain aspects of the laws as they kick in with the size of the cooperation (Stichwort: Datenschutzbauftragter etc.)
  • And if ever a verdict is given agains a small/middle tier business… it has to take the revenue, reach and intent into account. So if you generally tried to oblige to the GDPR but missed an aspect / spot they will take your willingness into account and rather give you notice then a fine (specially for mentioned business size).

These bullets have been extracted across interviews I read today with experts and officials responsible for the GDPR. So in my opinion we get more privacy and it’s good that yesterday there was this update rush across Europe (increasing the sensibility for the topic across the board) but the major fallout for the foreseeable future will be on the big players where it belongs!

Best regards to ya all.

1 Like

Nice page with fails of the week concerning the GDPR


1 Like

Here is an interesting article about those consent mail on newsletters currently going around

1 Like
1 Like

GDPR Memes…

Not as funny…

…and wow…

$8.8 BILLION?! :scream_cat:

Dystopian world without privacy (Popculture … and Clive Owen):

Watch Tim Cock talk about the importance of privacy