HackerTrans
TopNewTrendsCommentsPastAskShowJobs

mehdim

582 karmajoined 14 năm trước
Founder at ALIAS, a decentralized data and identity platform. Previously founder of APIdays conferences and OAuth.io.

Submissions

Opensourcing Multiplayer AI in Discord

bunnyandcloud.com
2 points·by mehdim·Hôm qua·0 comments

Show HN: Is This PII?

isthispii.com
2 points·by mehdim·4 năm trước·1 comments

Show HN: Making GDPR Machine-Readable

github.com
2 points·by mehdim·4 năm trước·0 comments

[untitled]

1 points·by mehdim·4 năm trước·0 comments

[untitled]

1 points·by mehdim·4 năm trước·0 comments

Ask HN: Replacing the word “Cookie” by “Tracer/Tracker” in banners

16 points·by mehdim·4 năm trước·5 comments

[untitled]

1 points·by mehdim·4 năm trước·0 comments

[untitled]

1 points·by mehdim·4 năm trước·0 comments

[untitled]

1 points·by mehdim·4 năm trước·0 comments

Show HN: The Interactive API Industry Landscape

apilandscape.apiscene.io
1 points·by mehdim·5 năm trước·0 comments

Ask HN: What critical open source software you use that is not well maintained?

3 points·by mehdim·5 năm trước·3 comments

[untitled]

46 points·by mehdim·5 năm trước·0 comments

comments

mehdim
·4 năm trước·discuss
In bullet points : - GDPR is a risk management policy about personal data protection more than a privacy regulation

- for any personal data (PII) all companies must declare the following :

  - purpose of the collection and the treatment of the specific data

  — legal base of the treatment (6 available, they are the field card in Magic the gathering, they define a context of what is possible to do)

  - data category (what type of data you are collecting i.e if you declare collecting delivery shipping information for a purpose, you limit yourself to data that correspond to that category )

  - data retention duration (how long you declare storing the data in production and then in archive)

  - list of recipients (all the 3rd party companies who will access the data)

  - security measures (what is the level of security for keeping that data safe from breaches)

  - some infos about the company, the data controller (who is responsible) etc…
So all companies must do a internal data mapping to know and declare where is the data and where it flows in production and write for every PII a ROPA (record of processing activity) You can find an open source specification UROPA here)

https://github.com/uropa-project/uropa

- consent is just one of the 6 legal bases to collect and treat data. The comment above that everything is possible with consent is wrong.

- below 250 employees you don’t need officially a DPO
mehdim
·4 năm trước·discuss
We are building one such service and I agree (to name a few services doing GDPRaaS : soveren.io, ethyca.com, securiti.ai, datagrail.com, alias.dev) .this is so much needed as there is almost no legally valid answer on the whole comment section! I started to write an article on all the points above… should get back in 2 hours and post it here
mehdim
·4 năm trước·discuss
I am a multiple meetup organizer and owner on meetup.com and I find it actually great that the meetup can stay alive if the organizer stop to pay. Your communities are not owned by you. Also, they don't give subscribers infos but just "an access" to send them email communication to the list, not the "list" with email list etc...
mehdim
·4 năm trước·discuss
Either you don’t do business anymore with Eu users or any user on Eu territory (but how do you know there are not actually on Eu territory), either you try to automate it so you continue to “not care about it”
mehdim
·4 năm trước·discuss
Yes! an "Echoes for Open source" contributions may be one day. Nice work btw, I will try Echoes with my team.
mehdim
·4 năm trước·discuss
Nice. Do you plan to match it with marketing/sales budget per product line or Business unit? To be sure that the effort of "maintaining legacy" is equally measured versus over funded efforts on new features for growth?

Disclaimer : I am running a non profit in my country called "The Maintainers", this is why I look for products that can give more merit to code maintainers.
mehdim
·4 năm trước·discuss
What is the "Unit of technical/economic value you identify for that? You do it at the Commit level? Build? Deploy?
mehdim
·4 năm trước·discuss
We have never been successful showing that internal maintainers of the legacy were the ones really paying the bills and delivering the current value of the company. Fame and payroll was mostly towards the cool engineers working on new tech not yet in production serving real customers. I hope Echoes helps giving merit to the one contributing to the economic value of the company
mehdim
·4 năm trước·discuss
I made a list of all resources on privacy engineering, including meetups groups, tech conferences on privacy engineering https://github.com/progressive-identity/privacytech-resource...
mehdim
·5 năm trước·discuss
The link between "groups never admit failure" and "non-profit organizations are not sustainable by design" is a little bit too direct and non relevant.

Lots of non-profits make revenues, selling stuff with customers, they just don't pay dividends by design and re-invest everything. So what he says does not apply.

And again, even foundations are at least oriented to hear feedbacks from donators who are their "customers". So it does not apply here.

The only valid point is that yes, group never admit failure as a whole, but the post should have stopped after this
mehdim
·5 năm trước·discuss
Updated : not "well maintained". Or not enough maintained compared to their criticity and their global use.