"Price on Application
(also available after subscribed to the Trial for self-service customers)"
Please dont do this... I even clicked on the follow through link, then you want me to sso... still no price. Save us all some time, it is in short supply.
Bots are going to be the way we interact with the web (and really all systems) heading forward, this 'real people' at just 'browsers' is quite a misunderstanding of what a 'user-agent' really means in this day and age.
If I launch a new tab in the background and tell it go establish some set of factors for me, or locate price points and details for me, or buy something for me (and right now as me)... or just have it let me browser and interactively direct it but have it block ads as I go.
I know the law, and lawmakers, are looking at this from a fraudulent content perspective, but they are going to be hard pressed to do anything in long run to quell this.
Deletion (or confirmed re-deletion) of the data is irrelevant at this point, it is the models created from that data, and their use, which will now persist in usefulness to Analytica. Armed with these models, and future refined/iterated versions, they likely will capture the data more directly from users in the future. Once the genie is out, it doesn't readily go back in.
I haven't seen this reasonably addressed in any of the discussions, or org-based-presentations thus far. GDPR compliance itself basically ensures you cannot collect enough information to even defend against this type of attack vector.
See the details in my comment. The same way you would require authentication and/or signing on any request, on any modern platform. Not doing this is poor form.
If you are utilizing json-rpc anywhere in your stack, you should be authenticating every request via your transport(s), or the payload itself with JWT (or the like). To not do this, is to trust the world.
This is true over http and browsers, as well as internal servers, sockets, and cross frame communication. There are no such things as trusted internal services, just services that have not yet been breached (looking at you hardware vendors).
Please dont do this... I even clicked on the follow through link, then you want me to sso... still no price. Save us all some time, it is in short supply.