Well that makes it much worse, I guess, if that’s the case. I know the exact details kept changing a little bit, and the member states can implement their own exact versions of the rules — which makes it worse, IMO, because every country there will have slightly different rules. How can anybody navigate that?
It’s been discussed but it is a complex thing to build, and we’d only build it for enterprise customers who absolutely required it.
There are one or two relatively minor related feature things Discourse would gain out of implementing this, but it’d be a lot of work, so the cost/benefit is not quite there outside enterprise.
@sam might have more to add. This is not currently on our roadmap, to be clear, because the enterprise customers who “needed” this suddenly decided they didn’t when we told them the cost
With the availability of VPN services the user of geographic blocks doesn’t achieve anything. A user originating from Europe on a VPN still exposes you to the same risks. If any part of the traffic passes through europe, it can be considered as included.
Member countries have yet to turn the EU ruling into local laws, and if GDPR is anything to go by they’re free to interpret the EU wording to the limits of the language.
Just like GDPR this is a problem without an easily navigable solution.
Technically now that we ship the maxmind db out of the box, this kind of feature would only take a few weeks to build.
Caveats being:
NGINX would not do any blocking so “anon requests” would unconditionally have to be funneled through the app which would cause perf issues.
CDN support would be tricky, most CDNs out there don’t support a mechanism for this so it is likely you would not be able to use most CDNs.
I don’t see us building this though cause it goes against a lot of our principles. Closet feature I can see us building is “self service, best effort strong IP block” (aka. if your IP matches list then application will return an access denied prior to walking through all the app code) cause this can allow all sorts of forums to protect themselves a bit better against abuse beyond the rate limiting we ship.
If you really really deem that you need this, why not drive all your traffic via cloudfront and have it do it for you?
My guess is that @geek is simply saying, “I don’t want to think about this problem, I am worried Europe are going to put me out of business, can I have this feature please”
I think there is a lot of uncertainty when new laws pass, some of us are a lot more risk averse than others
The last thing I want is for this topic to devolve into one of those GDPR scare topics. Where 1 side is saying “Don’t worry be happy” and the other side is saying “The sky is falling”.
Happy to talk about what Discourse can technically do and what we have in our roadmap.
Warning though for all the readers here, cause we are just in post 7 and this my spidey sense is tingling real bad.
Lets stay laser focused on discussing:
“Ability to Block Discourse Access from Geographic Regions or Countries”
The only thing I’m saying is that an option to block the entire forum at a country level would be nice. That would neatly solve the issue entirely for anybody that doesn’t want to navigate the legal issues. If you don’t operate in a country you aren’t subject to its laws.
I don’t actually need this personally, as I mentioned in my original post.
First, it’s not a tax, so let’s drop the fear-mongering ‘spin’.
The data in the open graph tags is much more than a couple of words. Given its purpose, despite not being a lawyer (@angus), my hunch is that there exists an implicit licence to use this data as previewing remotely is exactly what it’s meant for. If they didn’t want you to use this text, why include it in their open graph tags? We might need this tested in court to confirm, though why someone would bring a case against you for linking to their site using their link data is anyone’s guess!
I suspect therefore oneboxing will continue to not require an explicit licence.
I will certainly continue to do so without any fear of repercussions.
I appreciate quoting from arbitrary points in the main text is going to be a bit more tricky.
If you dig through the legalese they’re mostly concerned with lifting enough of an excerpt to negate the need to click through to the article.
Opengraph is neither the problem nor the solution. As previous EU decisions it will be down to individual member states as to how this manifests into enforceable laws.
But yes that’s the crux of it, they’re concerned with publisher to publisher, not audience.
The only thing you lose is the ability to see the real IP of users if you are using a reverse proxy + cloudflare, but that can probably be fixed too if you really care about it.
Maybe there are other CDN’s that can do it, but with a free CDN like Cloudflare that can serve the needs of like 90% of the websites for free I don’t see a reason to look for another one.
Warning though for all the readers here, cause we are just in post 7 and this my spidey sense is tingling real bad. 