Recherche avancée

Sur d’autres sites (11797)

• Revision 30857 : On a rendu le plugin saisies nécessaire donc autant l’utiliser On ...

  12 août 2009, par kent1@… — Log

  On a rendu le plugin saisies nécessaire donc autant l’utiliser
  On améliore l’include inc-tags aussi ... s’il est correctement placé dans la page, il se recharge à chaque tag ajouté / supprimé

• Google Analytics 4 and GDPR : Everything You Need to Know

  17 mai 2022, par Erin

  Four years have passed since the European General Data Protection Regulation (GDPR, also known as DSGVO in German, and RGPD in French) took effect.

  That’s ample time to get compliant, especially for an organisation as big and innovative as Google. Or is it ? 

  If you are wondering how GDPR affects Google Analytics 4 and what the compliance status is at present, here’s the lowdown. 

  Is Google Analytics 4 GDPR Compliant ?

  No. As of mid-2022, Google Analytics 4 (GA4) isn’t fully GDPR compliant. Despite adding extra privacy-focused features, GA4 still has murky status with the European regulators. After the invalidation of the Privacy Shield framework in 2020, Google is yet to regulate EU-US data protection. At present, the company doesn’t sufficiently protect EU citizens’ and residents’ data against US surveillance laws. This is a direct breach of GDPR.

  Google Analytics and GDPR : a Complex Relationship 

  European regulators have scrutinised Google since GDPR came into effect in 2018.

  While the company took steps to prepare for GDPR provisions, it didn’t fully comply with important regulations around user data storage, transfer and security.

  The relationship between Google and EU regulators got more heated after the Court of Justice of the European Union (CJEU) invalidated the Privacy Shield — a leeway Google used for EU-US data transfers. After 2020, GDPR litigation against Google followed. 

  This post summarises the main milestones in this story and explains the consequences for Google Analytics users. 

  

  2018 : Google Analytics Meets GDPR 

  In 2018, the EU adopted the General Data Protection Regulation (GDPR) — a set of privacy and data security laws, covering all member states. Every business interacting with EU citizens and/or residents had to comply.

  GDPR harmonised data protection laws across member states and put down extra provisions for what constitutes sensitive personal information (or PII). Broadly, PII includes any data about the person’s :

  • Racial or ethnic origin 
  • Employment status 
  • Religious or political beliefs
  • State of health 
  • Genetic or biometric data 
  • Financial records (such as payment method data)
  • Address and phone numbers 

  Businesses were barred from collecting this information without explicit consent (and even with it in some cases). If collected, such sensitive information is also subject to strict requirements on how it should be stored, secured, transferred and used. 

  7 Main GDPR Principles Explained 

  Article 5 of the GDPR lays out seven main GDPR principles for personal data and privacy protection : 

  • Lawfulness, fairness and transparency — data must be obtained legally, collected with consent and in adherence to laws. 
  • Purpose limitation — all personal information must be collected for specified, explicit and legal purposes. 
  • Data minimisation — companies must collect only necessary and adequate data, aligned with the stated purpose. 
  • Accuracy — data accuracy must be ensured at all times. Companies must have mechanisms to erase or correct inaccurate data without delays. 
  • Storage limitation — data must be stored only for as long as the stated purpose suggests. Though there’s no upper time limit on data storage. 
  • Integrity and confidentiality (security) — companies must take measures to ensure secure data storage and prevent unlawful or unauthorised access to it. 
  • Accountability — companies must be able to demonstrate adherence to the above principles. 

  Google claimed to have taken steps to make all of their products GDPR compliant ahead of the deadline. But in practice, this wasn’t always the case.

  In March 2018, a group of publishers admonished Google for not providing them with enough tools for GDPR compliance :

  “[Y]ou refuse to provide publishers with any specific information about how you will collect, share and use the data. Placing the full burden of obtaining new consent on the publisher is untenable without providing the publisher with the specific information needed to provide sufficient transparency or to obtain the requisite specific, granular and informed consent under the GDPR.”

  The proposed Google Analytics GDPR consent form was hard to implement and lacked customisation options. In fact, Google “makes unilateral decisions” on how the collected data is stored and used. 

  Users had no way to learn about or control all intended uses of people’s data — which made compliance with the second clause impossible. 

  Unsurprisingly, Google was among the first companies to face a GDPR lawsuit (together with Facebook). 

  By 2019, French data regulator CNIL, successfully argued that Google wasn’t sufficiently disclosing its data collection across products — and hence in breach of GDPR. After a failed appeal, Google had to pay a €50 million fine and promise to do better. 

  2019 : Google Analytics 4 Announcement 

  Throughout 2019, Google rightfully attempted to resolve some of its GDPR shortcomings across all products, Google Universal Analytics (UA) included. 

  They added a more visible consent mechanism for online tracking and provided extra compliance tips for users to follow. In the background, Google also made tech changes to its data processing mechanism to get on the good side of regulations.

  Though Google addressed some of the issues, they missed others. A 2019 independent investigation found that Google real-time-bidding (RTB) ad auctions still used EU citizens’ and residents’ data without consent, thanks to a loophole called “Push Pages”. But they managed to quickly patch this up before the allegations had made it to court. 

  In November 2019, Google released a beta version of the new product version — Google Analytics 4, due to replace Universal Analytics. 

  GA4 came with a set of new privacy-focused features for ticking GDPR boxes such as :

  • Data deletion mechanism. Users can now request to surgically extract certain data from the Analytics servers via a new interface. 
  • Shorter data retention period. You can now shorten the default retention period to 2 months by default (instead of 14 months) or add a custom limit.  
  • IP Anonymisation. GA4 doesn’t log or store IP addresses by default. 

  Google Analytics also updated its data processing terms and made changes to its privacy policy. 

  Though Google made some progress, Google Analytics 4 still has many limitations — and isn’t GDPR compliant. 

  2020 : Privacy Shield Invalidation Ruling 

  As part of the 2018 GDPR preparations, Google named its Irish entity (Google Ireland Limited) as the “data controller” legally responsible for EEA and Swiss users’ information. 

  The company announcement says : 

  

  Initially, Google assumed that this legal change would help them ensure GDPR compliance as “legally speaking” a European entity was set in charge of European data. 

  Practically, however, EEA consumers’ data was still primarily transferred and processed in the US — where most Google data centres are located. Until 2020, such cross-border data transfers were considered legal thanks to the Privacy Shield framework. 

  But in July 2020, The EU Court of Justice ruled that this framework doesn’t provide adequate data protection to digitally transmitted data against US surveillance laws. Hence, companies like Google can no longer use it. The Swiss Federal Data Protection and Information Commissioner (FDPIC) reached the same conclusion in September 2020. 

  The invalidation of the Privacy Shield framework put Google in a tough position.

   Article 14. f of the GDPR explicitly states : 

  “The controller (the company) that intends to carry out a transfer of personal data to a recipient (Analytics solution) in a third country or an international organisation must provide its users with information on the place of processing and storage of its data”.

  Invalidation of the Privacy Shield framework prohibited Google from moving data to the US. At the same time, GDPR provisions mandated that they must disclose proper data location. 

  But Google Analytics (like many other products) had no a mechanism for : 

  • Guaranteeing intra-EU data storage 
  • Selecting a designated regional storage location 
  • Informing users about data storage location or data transfers outside of the EU 

  And these factors made Google Analytics in direct breach of GDPR — a territory, where they remain as of 2022.

  2020-2022 : Google GDPR Breaches and Fines 

  The 2020 ruling opened Google to GDPR lawsuits from country-specific data regulators.

  Google Analytics in particular was under a heavy cease-fire. 

  • Sweden first fined Google for violating GDPR for no not fulfilling its obligations to request data delisting in 2020. 
  • France rejected Google Analytics 4 IP address anonymisation function as a sufficient measure for protecting cross-border data transfers. Even with it, US intelligence services can still access user IPs and other PII. France declared Google Analytics illegal and pressed a €150 million fine. 
  • Austria also found Google Analytics GDPR non-compliant and proclaimed the service as “illegal”. The authority now seeks a fine too. 

  The Dutch Data Protection Authority and  Norwegian Data Protection Authority also found Google Analytics guilty of a GDPR breach and seek to limit Google Analytics usage. 

  New privacy controls in Google Analytics 4 do not resolve the underlying issue — unregulated, non-consensual EU-US data transfer. 

  Google Analytics GDPR non-compliance effectively opens any website tracking or analysing European visitors to legal persecution.

  In fact, this is already happening. noyb, a European privacy-focused NGO, has already filed over 100 lawsuits against European websites using Google Analytics.

  2022 : Privacy Shield 2.0. Negotiations

  Google isn’t the only US company affected by the Privacy Shield framework invalidation. The ruling puts thousands of digital companies at risk of non-compliance.

  To settle the matter, US and EU authorities started “peace talks” in spring 2022.

  European Commission President Ursula von der Leyen said that they are working with the Biden administration on the new agreement that will “enable predictable and trustworthy data flows between the EU and US, safeguarding the privacy and civil liberties.” 

  However, it’s just the beginning of a lengthy negotiation process. The matter is far from being settled and contentious issues remain as we discussed on Twitter (come say hi !).

  

  For one, the US isn’t eager to modify its surveillance laws and is mostly willing to make them “proportional” to those in place in the EU. These modifications may still not satisfy CJEU — which has the power to block the agreement vetting or invalidate it once again. 

  While these matters are getting hashed out, Google Analytics users, collecting data about EU citizens and/or residents, remain on slippery grounds. As long as they use GA4, they can be subject to GDPR-related lawsuits. 

  To Sum It Up 

  • Google Analytics 4 and Google Universal Analytics are not GDPR compliant because of Privacy Shield invalidation in 2020. 
  • French and Austrian data watchdogs named Google Analytics operations “illegal”. Swedish, Dutch and Norwegian authorities also claim it’s in breach of GDPR. 
  • Any website using GA for collecting data about European citizens and/or residents can be taken to court for GDPR violations (which is already happening). 
  • Privacy Shield 2.0 Framework discussions to regulate EU-US data transfers have only begun and may take years. Even if accepted, the new framework(s) may once again be invalidated by local data regulators as has already happened in the past. 

  Time to Get a GDPR Compliant Google Analytics Alternative 

  Retaining 100% data ownership is the optimal path to GDPR compliance.

  By selecting a transparent web analytics solution that offers 100% data ownership, you can rest assured that no “behind the scenes” data collection, processing or transfers take place. 

  Unlike Google Analytics 4, Matomo offers all of the features you need to be GDPR compliant : 

  • Full data anonymisation 
  • Single-purpose data usage 
  • Easy consent and an opt-out mechanism 
  • First-party cookies usage by default 
  • Simple access to collect data 
  • Fast data removals 
  • EU-based data storage for Matomo Cloud (or storage in the country of your choice with Matomo On-Premise)

  Learn about your audiences in a privacy-centred way and protect your business against unnecessary legal exposure. 

  Start your 21-day free trial (no credit card required) to see how fully GDPR-compliant website analytics works ! 

  21 day free trial. No credit card required.

  Your email address
  

  Your website address
  

  Your Analytics subdomain will be .matomo.cloud (change)

  Choose your analytics subdomain
  

  .matomo.cloud

  I hereby accept the terms and conditions and the data processing agreeement (DPA).

  
  Your information will be used to create an account on our cloud service. For more information please consult our privacy policy.
  
  

  » Start improving your websites now

  

• My SBC Collection

  31 décembre 2023, par Multimedia Mike — General

  Like many computer nerds in the last decade, I have accumulated more than a few single-board computers, or “SBCs”, which are small computers based around a system-on-a-chip (SoC) that nearly always features an ARM CPU at its core. Surprisingly few of these units are Raspberry Pi units, though that brand has come to exemplify and dominate the product category.

  Also, as is the case for many computer nerds, most of these SBCs lay fallow for years at a time. Equipped with an inexpensive lightbox that I procured in the last year, I decided I could at least create glamour shots of various units and catalog them in a blog post.

  While Raspberry Pi still enjoys the most mindshare far and away, and while I do have a few Raspberry Pi units in my inventory, I have always been a bigger fan of the ODROID brand, which works with convenient importers around the world (in the USA, I can vouch for Ameridroid, to whom I’ve forked over a fair amount of cash for these computing toys).

  As mentioned, Raspberry Pi undisputedly has the most mindshare of all these SBC brands and I often wonder why… and then I immediately remind myself that it has the biggest ecosystem, and has a variety of turnkey projects and applications (such as Pi-hole and PiVPN) that promise a lower barrier to entry — as well as a slightly lower price point — than some of these other options. ODROID had a decent ecosystem for awhile, especially considering the monthly ODROID Magazine, though that ceased publication in July 2020. The Raspberry Pi and its variants were famously difficult to come by due to the global chip shortage from 2021-2023. Meanwhile, I had no trouble procuring these boards during the same timeframe.

  So let’s delve into the collection…
  

  Cubieboard
  The Raspberry Pi came out in 2012 and by 2013 I was somewhat coveting one to hack on. Finally ! An accessible ARM platform to play with. I had heard of the BeagleBoard for years but never tried to get my hands on one. I was thinking about taking the plunge on a new Raspberry Pi, but a colleague told me I should skip that and go with this new hotness called the Cubieboard, based on an Allwinner SoC. The big value-add that this board had vs. a Raspberry Pi was that it had a SATA adapter. Although now that it has been a decade, it only now occurs to me to quander whether it was true SATA or a USB-to-SATA bridge. Looking it up now, I’m led to believe that the SoC supported the functionality natively.

  Anyway, I did get it up and running but never did much with it, thus setting the tone for future SBC endeavors. No photos because I gave it to another tech enthusiast years ago, whose SBC collection dwarfs my own.

  ODROID-XU4
  I can’t recall exactly when or how I first encountered the ODROID brand. I probably read about it on some enthusiast page or another circa 2014 and decided to try one out. I eventually acquired a total of 3 of these ODROID-XU4 units, each with a different case, 1 with a fan and 2 passively-cooled :

  

  Collection of ODROID-XU4 SBCs

  This is based on the Samsung Exynos 5422 SoC, the same series as was used in their Note 3 phone released in 2013. It has been a fun chip to play with. The XU4 was also my first introduction to the eMMC storage solution that is commonly supported on the ODROID SBCs (alongside micro-SD). eMMC offers many benefits over SD in terms of read/write speed as well as well as longevity/write cycles. That’s getting less relevant these days, however, as more and more SBCs are being released with direct NVMe SSD support.

  I had initially wanted to make a retro-gaming device built on this platform (see the handheld section later for more meditations on that). In support of this common hobbyist goal, there is this nifty case XU4 case which apes the aesthetic of the Nintendo N64 :

  

  ODROID-XU4 N64-style case

  It even has a cool programmable LCD screen. Maybe one day I’ll find a use for it.

  For awhile, one of these XU4 units (likely the noisy, fan-cooled one) was contributing results to the FFmpeg FATE system.

  While it features gigabit ethernet and a USB3 port, I once tried to see if I could get 2 Gbps throughput with the unit using a USB3-gigabit dongle. I had curious results in that the total amount of traffic throughput could never exceed 1 Gbps across both interfaces. I.e., if 1 interface was dealing with 1 Gbps and the other interface tried to run at 1 Gbps, they would both only run at 500 Mbps. That remains a mystery to me since I don’t see that limitation with Intel chips.

  Still, the XU4 has been useful for a variety of projects and prototyping over the years.

  ODROID-HC2 NAS
  I find that a lot of my fellow nerds massively overengineer their homelab NAS setups. I’ll explore this in a future post. For my part, people tend to find my homelab NAS solution slightly underengineered. This is the ODROID-HC2 (the “HC” stands for “Home Cloud”) :

  

  ODROID-HC2 NAS

  It has the same guts as the ODROID-XU4 except no video output and the USB3 function is leveraged for a SATA bridge. This allows you to plug a SATA hard drive directly into the unit :

  

  ODROID-HC2 NAS uncovered

  Believe it or not, this has been my home NAS solution for something like 6 or 7 years now– I don’t clearly remember when I purchased it and put it into service.

  But isn’t this sort of irresponsible ? What about a failure of the main drive ? That’s why I have an external drive connected for backing up the most important data via rsync :

  

  ODROID-HC2 NAS backup enclosure

  The power consumption can’t be beat– Profiling for a few weeks of average usage worked out to 4.5 kWh for the ODROID-HC2… per month.

  ODROID-C2
  I was on a kick of ordering more SBCs at one point. This is the ODROID-C2, equipped with a 64-bit Amlogic SoC :

  

  ODROID-C2

  I had this on the FATE farm for awhile, performing 64-bit ARM builds (vs. the XU4’s 32-bit builds). As memory serves, it was unreliable and would occasionally freeze up.

  Here is a view of the eMMC storage through the bottom of the translucent case :

  

  Bottom of ODROID-C2 with view of eMMC storage

  ODROID-N2+
  Out of all my ODROID SBCs, this is the unit that I long to “get back to” the most– the ODROID-N2+ :

  

  ODROID-N2+

  Very capable unit that makes a great little desktop. I have some projects I want to develop using it so that it will force me to have a focused development environment.

  Raspberry Pi
  Eventually, I did break down and get a Raspberry Pi. I had a specific purpose in mind and, much to my surprise, I have stuck to it :

  

  Original Raspberry Pi

  I was using one of the ODROID-XU4 units as a VPN gateway. Eventually, I wanted to convert the XU4 to something else and I decided to run the VPN gateway as an appliance on the simplest device I could. So I procured this complete hand-me-down unit from eBay and went to work. This was also the first time I discovered the DietPi distribution and this box has been in service running Wireguard via PiVPN for many years.

  I also have a Raspberry Pi 3B+ kicking around somewhere. I used it as a Steam Link device for awhile.

  SOPINE + Baseboard
  Also procured when I was on this “let’s buy random SBCs” kick. The Pine64 SOPINE is actually a compute module that comes in the form factor of a memory module.

  

  Pine64 SOPINE Compute Module

  Back to using Allwinner SoCs. In order to make this thing useful, you need to place it in something. It’s possible to get a mini-ITX form factor board that can accommodate 7 of these modules. Before going to that extreme, there is this much simpler baseboard which can also use eMMC for storage.

  

  Baseboard with SOPINE, eMMC, and heat sinks

  I really need to find an appropriate case for this one as it currently performs its duty while sitting on an anti-static bag.

  NanoPi NEO3
  I enjoy running the DietPi distribution on many of these SBCs (as it’s developed not just for Raspberry Pi). I have also found their website to be a useful resource for discovering new SBCs. That’s how I found the NanoPi series and zeroed in on this NEO3 unit, sporting a Rockchip SoC, and photographed here with some American currency in order to illustrate its relative size :

  

  NanoPi NEO3

  I often forget about this computer because it’s off in another room, just quietly performing its assigned duty.

  MangoPi MQ-Pro
  So far, I’ve heard of these fruits prepending the Greek letter pi for naming small computing products :

  • Raspberry – the O.G.
  • Banana – seems to be popular for hobbyist router/switches
  • Orange
  • Atomic
  • Nano
  • Mango

  Okay, so the AtomicPi and NanoPi names don’t really make sense considering the fruit convention.

  Anyway, the newest entry is the MangoPi. These showed up on Ameridroid a few months ago. There are 2 variants : the MQ-Pro and the MQ-Quad. I picked one and rolled with it.

  

  MangoPi MQ-Pro pieces arrive

  When it arrived, I unpacked it, assembled the pieces, downloaded a distro, tossed that on a micro-SD card, connected a monitor and keyboard to it via its USB-C port, got the distro up and running, configured the wireless networking with a static IP address and installed sshd, and it was ready to go as a headless server for an edge application.

  

  MangoPi MQ-Pro components, ready for assembly

  The unit came with no instructions that I can recall. After I got it set up, I remember thinking, “What is wrong with me ? Why is it that I just know how to do all of this without any documentation ?”

  

  MangoPi MQ-Pro in first test

  Only after I got it up and running and poked around a bit did I realize that this SBC doesn’t have an ARM SoC– it’s a RISC-V SoC. It uses the Allwinner D1, so it looks like I came full circle back to Allwinner.

  

  MangoPi MQ-Pro with more US coinage for scale

  So I now have my first piece of RISC-V hobbyist kit, although I learned recently from Kostya that it’s not that great for multimedia.

  Handheld Gaming Units
  The folks at Hardkernel have also produced a series of handheld retro-gaming devices called ODROID-GO. The first one resembled the original Nintendo Game Boy, came as a kit to be assembled, and emulated 5 classic consoles. It also had some hackability to it. Quite a cool little device, and inexpensive too. I have since passed it along to another gaming enthusiast.

  Later came the ODROID-GO Advance, also a kit, but emulating more devices. I was extremely eager to get my hands on this since it could emulate SNES in addition to NES. It also features a headphone jack, unlike the earlier model. True to form, after I received mine, it took me about 13 months before I got around to assembling it. After that, the biggest challenge I had was trying to find an appropriate case for it.

  

  ODROID-GO Advance with case and headphones

  Even though it may try to copy the general aesthetic and form factor of the Game Boy Advance, cases for the GBA don’t fit this correctly.

  Further, Hardkernel have also released the ODROID-GO Super and Ultra models that do more and more. The Advance, Super, and Ultra models have powerful SoCs and feature much more hackability than the first ODROID-GO model.

  I know that the guts of the Advance have been used in other products as well. The same is likely true for the Super and Ultra.

  Ultimately, the ODROID-GO Advance was just another project I assembled and then set aside since I like the idea of playing old games much more than actually doing it. Plus, the fact has finally crystalized in my mind over the past few years that I have never enjoyed handheld gaming and likely will never enjoy handheld gaming, even after I started wearing glasses. Not that I’m averse to old Game Boy / Color / Advance games, but if I’m going to play them, I’d rather emulate them on a large display.

  The Future
  In some of my weaker moments, I consider ordering up certain Banana Pi products (like the Banana Pi BPI-R2) with a case and doing my own router tricks using some open source router/firewall solution. And then I remind myself that my existing prosumer-type home router is doing just fine. But maybe one day…

  The post My SBC Collection first appeared on Breaking Eggs And Making Omelettes.