i am blocked from (felt) 30% of the web. thats not probate
i am blocked from (felt) 30% of the web. thats not probate
HDon't know about GVO, but it does appear that Turnstile is GDPR-compliant
Ti am the only one with the problem? i cant reach cloudflare forums also
HOops, sorry
HHit my keyboard with the laundry basket
Ti honestly thought you hit the keyboarr with your head in regard of my question 
HSo just to confirm, Turnstile may be GVO-compliant, but because it is not marked as such in your system, it is blocked?
HI could check with the team whether it actually is/it is planned to be, but then it would be up to you/your team to actually mark it
Tif you follow the GDPR by word every website has to ask me BEFORE sending my data (get request) to a third party company.
HThis is getting into "lawyer" territory, so I don't quite feel comfortable speaking here one-way-or-the-other
Tso if i visiting xy.com and they trigger a cloudfalre challenge before showing me the data privacy rules and allow me to opt out they are violating the GDPR
Tas i am working in the data privacy field i have to be "nit-picking"
Tok, i totaly understand, european laws are strange. but it is like it is...
HI'm in the EU too btw, so I know (some of) the pains of GDPR
HPersonal question: if a website processes your IP address, does that require a GDPR warning, even if they don't actually store said IP address?
Tdpr is great! it is sometimes hard to understand for a "publisher" (website-owner) how to integrade it
T*integrate
Tthe hoster of the website is allwoed to store the ip adress if: - the owner of the site has a "avv" (dont find the english term, data protection agreement)
Tbut he has to anonymize the ip
T*has a avv agreement with the hoster.
HSo is the AVV/manual opt-in required if the Website doesn't store the IP adress, but just processes it?
Teven the processing of the personal information (ip adress) is forbidden if it is not technical neccessary
HAnd if it is, it is ok, even without an opt-out?
Tso you can store the ip adress for i.e. intrusion detection and protection. but you have to implement measures to protect the data and publish them
Tand there is a limit of 7 days i think
Tbut most privacy statements include a condition to allow free use of the ip adress. BUT if i want to do this i have to show the privacy statement BEFORE i collect the data. Same with 3-Party calls like challenges.cloudflare.com
HYeah, I'm just wondering how that works for a firewall for example. If I am not allowed to use your IP address(blocking via Firewall) before showing you a Privacy Statement, then all anyone would need to take down my website would be to DDoS my Privacy Statement
Tas far as i understand that is no problem because the processing of the ip trough the firewall is technicaly neccessary. If you use a blacklist on your firewall the content of the blacklist is not affected by the dpr because it is technically neccessary to save this ip adresses for a longer time. the ip adress of the visitor has to be deleted after a given limit (7 days i think, maybe 30) if there is no problem with it. (it is allowed to keep the address longer if the visitor seems to "attack" the page)
Tbut i have to operate the firewall on-prem, in a eu country or i need to have a privacy-agreement with the operator of the firewall.
HSo if I were to build a service that used IP, along with other signals from the browser, to prevent more sophisticated kinds of attacks before showing the user a privacy agreement, would that be ok, assuming that the privacy agreement would be available after they pass those checks?
Tas far as i understand legitimate intersest is the same as technicaly neccessary
Tif i operate a bank i need to collect the personal data of my visitors
Tit is not easy to answer the question of HardlyWorkin'
Tit is not only the availability of the privacy agreement to the visitor. if i am not asking the visitor for consent before transfering the data certain things must apply. if the 3party is outside the EU and not in a special "framework" (like the us privacy framework) it is not possible to transfer the data withouth the active and informed consent of the visitor. if the 3party is in such a framework (like cloudflare is in the us pricacy framework) the owner of the site has to sign a data processing agreement with the 3party. He also has to ensure and monitor if the 3party is following the "technical measures" to ensure the protetion of the data by the law. This is not possible for 90% of the website owners
T-sorry for the bad english-
Tat leo: cloudflare is allowed to process my data if i give a informed consent. opening xy.tld and beeing "redirected" to challenges.cloudflare.com i am not able to give (or deny) my consent. this could be legal if the owner of the site has an agreement with cloudflare and is monitoring the quality of the data protection at cloudflare. in my situation i am not able to rely on these agreements but have to block all 3d-party calls withouth consent (with the consent beeing managed by us).
Tso we are "exaggerate" the requirements of the dpr for our customers.
Ti am running out of time, i ask the law-guys next week. i am not a lawyer myself so the preceding statements are my personal interpration 
thank you guys for your time.
thank you guys for your time.Tyou are right i did not thought about that.
T*think
Tis every site "protected" by cloudflare hosted by cloudflare?
Tsorry i have to leave now... damn
Ewhat does the rule look like? maybe the expression is incorrect
SHi guys, I hope someone will answer this stupid question maybe :D. I use cloudflare for dns management for my domain. Everything works well except that I am not able to create a www redirect. Anything I tried will just not work when I do www.domain.com on my browser or anywhere else. Could some advise me what to do? I already tried to search the interent for my problem but without any luck.
SIs there a deployment time that I need to wait? Or should this be instantly?
Rit should be instant
Shmm, my rule description is the following
www.mello.ro/*
Forwarding URL (Status Code: 301 - Permanent Redirect, Url: https://mello.ro/$1)
and it seems is not redirecting but instead I get "www.mello.ro’s DNS address could not be found. Diagnosing the problem.
DNS_PROBE_POSSIBLE"
www.mello.ro/*
Forwarding URL (Status Code: 301 - Permanent Redirect, Url: https://mello.ro/$1)
and it seems is not redirecting but instead I get "www.mello.ro’s DNS address could not be found. Diagnosing the problem.
DNS_PROBE_POSSIBLE"
