Please be nice to the developer. I didn't post it to shame him. I'm just very sad about the post because I was hoping to establish XMPP as the group chat in my family, of which half are iPhone users.
The developer has decided to spread misleading information and FUD about legislation protecting people. We shouldn't be "nice" to people deliberately spreading lies.
Unfortunately every single one of these stories has turned into a long form ad-hominem attack against the site owner and their supposed alterior motives.
Just curious (to you or anyone else affected), would you be willing to give up your rights under the GDPR, with regards to this company specifically, to regain access? Do you believe you should have a right to trade these rights of yours or is it in the general good that companies cannot offer an easy GDPR opt out?
If the result of the GDPR is that only big companies, employing as much lawyers as developers, will be able in the future to provide the tools I need, then yes I would be willing to give up my rights under the GDPR. Because what is the alternative, if all small messenger provider have to give up everybody will be using FB? Is that better for privacy then the current state?
Wouldn't a better alternative be to design a messenger that complies with GDPR? Simple user accounts that can be deleted at the request of the user, peer-to-peer encryption (and where possible, communication), a "storage cabinet" for each user where encrypted data end in when the user is offline (with an encryption/decryption key that is generated client-side and transmitted while both users communicate) and can easily be deleted and i think this covers most uses.
This is just an idea that i came up with right now, but if you start your design with the goal to store as little data as possible and anything you store needs to be both encrypted and easy to delete, then i believe you can come up with several ideas for most issues.
It also helps to see this as respecting the users' privacy and giving them control, as opposed to a development burden :-P.
I don't think you actually answered his point. Sure you could build an IM client that is GDPR compliant, but at what point do the costs become so high that everyone just defaults to using Facebook because (1) they can afford to be compliant and (2) they are trained well enough to not fuck up their encryption.
In other words, are we moving towards a world where unless you are VC backed (Signal, Telegram, Whatsapp, etc) don't bother building an IM client? Also note, I don't think there might be anything wrong with that - if we expect all our communications to be E2E encrypted, maybe Joe Shmoe shouldn't be writing an IM client.
There is an assumption that there is some additional "natural" cost involved because of GDPR, but where does that assumption come from? The cost might currently exist if you are not compliant and you need to convert (or you need to skirt the edge between what is allowed and what not), but if you start with being firmly compliant from the design phase, where does the cost come from?
I think everyone already knows that more regulations hurt businesses. We don't have to wait for the result to find that out. The question is whether the help done to consumers outweighs that. There are many ways to tackle the privacy issue beyond a large, sweeping law.
> I think everyone already knows that more regulations hurt businesses.
That's not a given. Further, it's more important to look at what's better for society as a whole. Further, less regulation within banking caused some big profits.. but also some hefty problems.
The company would still be subject to the GDPR which they may consider an unacceptable risk. I'm specifically asking whether users would like to be able to give permission to ignore the GDPR altogether or if they see that ability as harmful for society in general.
