←back to thread

We outsmarted CSGO cheaters with IdentityLogger

(mobeigi.com)
379 points mobeigi | 3 comments | 16 Oct 24 18:18 UTC | HN request time: 0s | source
Show context
Retr0id ◴[16 Oct 24 19:30 UTC] No.41862899[source]
> Wonderful, we have found a way to silently persist a cookie for each player as they join the server.

This violates GDPR, no?

Edit: It sounds like this took place before GDPR was being enforced.

replies(2): >>41863024 #>>41867747 #
kemitche ◴[16 Oct 24 19:41 UTC] No.41863024[source]
GDPR isn't a blanket ban on cookies. You don't require a cookie notice for strictly necessary cookies, which you have a "grounds of legitimate interest" for: https://commission.europa.eu/law/law-topic/data-protection/r...

Fraud prevention is listed as an example of a "legitimate interest."

So no, by my layman's interpretation, they would not have been bound by GDPR to notify the user of cookies or other fingerprinting used solely for anti-cheat. They'd run into trouble if they use that same ID for marketing/advertising without consent, though.

replies(2): >>41863188 #>>41863514 #
1. newZWhoDis ◴[16 Oct 24 20:28 UTC] No.41863514[source]
GDPR is toothless eurotrash.

I saw a consent form that had 72 optional, 21 “legitimate interest” cookies.

GFB

replies(2): >>41864372 #>>41867902 #
2. Ylpertnodi ◴[16 Oct 24 22:15 UTC] No.41864372[source]
That means gdpr is working.
3. tmtvl ◴[17 Oct 24 09:36 UTC] No.41867902[source]
If GDPR were entirely toothless then they wouldn't have shown you the consent form but they would've just served the cookies regardless. The GDPR is not about reducing the cookies served, it's about letting people opt out.

Unfortunately it is lacking some teeth because normally opting out of all cookies should be as easy and straightforward as opting in to all cookies, but I've seen quite a few forms that hide 'reject all' behind a 'more info' button type of thing. Maybe I could file a complaint about that, I should look into it.