User Privacy Controls - More important now than ever

Hey

This was something I first raised about 3 years ago, but with gdpr and governments looking into more online controls, I.e

https://www.bbc.co.uk/news/amp/uk-politics-44188805

I thought this would be a great time to revisit this and hopefully get more people's input this time round.

As good as Jamroom is it lacks in this area big time.

At the most basic level a new report abuse system, a simple module that puts a report abuse button on every item of content on the site, when clicked a modal window appears with a drop down with pre determined reasons and an additional comments block. This would then get submitted to admin and appear in the dashboard/ open a support ticket if module installed.

Next stage would be extend the Jamroom Profile Privacy options to allow to exclude specific members from viewing your content. The easiest way to do this would just have a blocked users area in profile settings. The additional step here could be to add a "Who Can View This" option when adding a new item of content, so any item of content could have restricting viewing privledges, but that is a bigger undertaking.

Third stage would be to add some sort of Age control based on Date of Birth, this age control would determine visibility of a users profile, and profile privacy option should be auto set to whatever the admin decides and approve followers should be auto checked. ie if a user is under 18 their profile is only visible to followers. DOB field should be hidden from this user after this, only admin can see/edit for an under 18 profile.

Fourth stage is to add some sort of parental control system. ie

Under 18 signs up, profile made private automcatically by system
Parent is concerned their child is getting bullied so can sign up and request access to their sons/daughters profile.
Consent between parties is agreed. (Admin decides what is needed for consent)
Admin grants parent access to the profile
Upon the child turning 18, access should be revoked automatically, but of course the parent can re-apply for access after this is there are reasons why they feel son/daughter's account still needs monitoring.

The fifth stage would then to be add some sort of content filter to modules, which would exclude those profiles under 18 from seeing inapropriate content.

There is no doubting this is a major job, and this is only some of the things that could be done in this area, just wish more would weigh in on this area.
updated by @garymoncrieff: 08/27/18 08:15:54PM

Might be best to forget anything about age until things become clearer. Did you see the idiot talking about this on the Andrew Marr show yesterday?

It's going to be difficult to design for compliance with unspecified rules about which the minister is unable to answer any questions at all.


--
¯\_(ツ)_/¯ Education, learning resources, TEL, AR/VR/MR, CC licensed content, panoramas, interactive narrative, sectional modules (like jrDocs), lunch at Uni of Bristol. Get in touch if you share my current interests or can suggest better :)

Age concern is something I have real concerns about, didn't see the Marr interview you're referring too but these rules are coming sooner rather than later. The age controls really are the underlying part of what I mentioned above.

I realise any system based on age can be gamed but as mentioned this can be somewhat minimised by sites making DOB on signup mandatory, if the user is under set age then this field wouldn't be editable again by that user until they turn the set age limit. Not a complete solution but it will keep the honest ones safe.

For instance, for site content

Audio
If an audio item has been marked as contained explicit language when uploading then this track shouldn't be able to be played to users under a certain age.

Images
If an image has been marked as containing some form of nudity or other inappropriate portrayal, the image, thumbnail etc should be replaced with a content blocked image if user is under a certain age.

Videos
Like audio, if a video is marked has containing explicit language or content, then the video shouldn't be able to be played for those users under the certain age.

and similar for other modules.

How do you ensure the user is putting in their real date of birth? If you really must be sure, there is only 1 way to do it:

1) Make ALL accounts admin activated only
2) Require the user to send proof of birth date to you via mail or a scan before you activate their account

Anything else leaves room for someone to lie to you about their birth date.

To be honest this is an area that we've not looked into much since no one wants it - in fact I think you're the only one to ever bring up concerns about age related content. Since our development is primarily driven by what users ask for, it's not an area we've focused on. Now with the GDPR that may change, so your feedback is appreciated


--
Brian Johnson
Founder and Lead Developer - Jamroom
https://www.jamroom.net

I saw GDRP coming back way then and knew Jamroom was pretty much ok in this area as it has the 'right to be forgotten' stuff.

I see the above as the next evolution of these rules, online bullying is a hot topic, as is restricting underage users from seeing/listening to inappropriate material. Just look at the questions being asked of Facebook right now.

I am baffled why more don't want to get involved with this discussion mind with how politicians in the west have pounced on Facebook for allowing fake news, misleading ads etc. Even Mark Zuckerberg was grilled by the EU recently about the suicide of a Northern Ireland teenager.

I appreciate everything you guys do, I am trying to get other users in on this topic as it's clear that these rules are coming. I need more perspectives on this before I can flush it out further however, only then can you guys get an idea of what path to go.

I don't know when but I would expect the US to follow suit with similar rules to GDPR soon too.

It's interesting smart home devices have stopped working since GDPR makes you wonder what data they have been gathering to be effected so much!
updated by @garymoncrieff: 05/26/18 12:00:20AM

Hi Gary,

I understand your concerns, GDPR is serious, for everyone who has visitors or members from Europe. As a minimum you should adopt the privacy policy, terms and create a cookie policy. secondly for each new visitor a pop window should inform the user of the use of cookies and get consent and log the consent.

the cookies should differentiate between necessary, marketing, performance and statistic cookies. in addition you have to inform your members what cookies the site is using. where the members personal data is stored.

there are several service providers who can do this, I'm using cookiebot, GDPR Compliant policies can be found on the web. The whole thing is not cheap but better than loosing your European members or risking a substantial fine, which on paper is enforceable outside the EU. Not sure how aggressively they will try to prosecute, time will tell.

Birthday and all the other stuff explicit pictures or music you can get around by warning users there is may explicit stuff on your site and get your members to mark it explicit. In Europe 15 year old can determine and register on sites.

I also would recommend to look at the legal structure of a site. All my sites are owned by my company and not in my personal name. worst case scenario you can liquidate your company.

there is lots of other stuff which is too much for the forum and everyone has to make his own risk assessment.

rgds

Helmut


--
jesan
FRC All Music

This is content related - not really Jamroom. It's up to you to police the site content on your site.


--
Brian Johnson
Founder and Lead Developer - Jamroom
https://www.jamroom.net