Jump to content

Unread Forum Topics

Showing all content posted in for the last 365 days.

This stream auto-updates     

  1. Earlier
  2. Admin

    GDPR

    Your GDPR questions answered Individual Rights The right to be informed Invision Community has a built in privacy policy system that is presented to a new user, and existing users when it has been updated. What should your privacy policy contain? I personally like the look of SEQ Legal's framework which is available for free. This policy covers the important points such as which cookies are collected, how personal information is used and so on. There may be other services out there offering similar templates. Right to erasure I personally feel that everyone should listen to "A Little Respect" as it's not only a cracking tune, but also carries a wonderful message. The GDPR document however relates to the individuals right to be forgotten. Invision Community allows you to delete members. When deleting members, you can elect to remove their content too. There is an option to keep it as Guest content, thus removing the author as identifiable. It's worth using the 'keep' option after researching the user's posts to make sure they haven't posted personal information such as where they live, etc. Emailing and Consent Invision Community has the correct opt-in for bulk emails on registration that is not pre-checked. If the user checks this option, this is recorded with the member's history. Likewise, if they retract this permission, that action is also recorded. When you edit the terms and conditions or privacy policy, all users are required to read it again and opt-in again. Cookies A lot of GDPR anxiety seems to revolve around these tiny little text files your browser stores. If you read the GDPR document (and who doesn't love a little light reading) then you'll see that very little has actually changed with cookies. It extends current data protection guidance a little to ensure that you are transparent about which cookies you store. Invision Community has tools to create a floating cookie opt-in bar, and also a page showing which cookies are stored and why. This is the page that you'd edit to add any cookies your installation sets (if you have enabled Facebook's Pixel, or Google Analytics for example). Your GDPR Questions Now let's look at some questions that have been asked on our community and I'll do my best to provide some guidance that should help you make decisions on how to configure your Invision Community to suit your needs. Alan!! Is the soft opt-in cookie policy enough? What about the IP address stored in the session cookie? Great question. There's conflicting advise out there about this. The GDPR document states: The ICO states that session cookies stored for that session only (so they are deleted when the tab / window is closed) are OK as long as they are not used to profile users. This is re-enforced by EUROPA: My feeling is that GDPR isn't really out to stop you creating a functioning website, they are more interested in how you store and use this information. Thus, I feel that storing a session cookie with an IP address is OK. The user is told what is being stored and instructions are given if they want to delete them. Given the internet is very much driven by IP addresses, I fail to see how you can not collect an IP address in some form or another. They are collected in access logs deep in the server OS. Finally, there is a strong legitimate interest in creating a session cookie. It's part and parcel of the website's function and the cookie is not used in any 'bad' way. It just allows guests and members to retain preferences and update "last seen" times to help deliver content. Do I need to delete all the posts by a member if they ask me to? We have many large clients in the EU with really impressive and expensive legal teams and they are all unanimous in telling us that there is no requirement to delete content when deleting a user's personal information. The analogy often given is with email: once someone sends you an email you are not obligated to delete that. The same is true with content posted by a user: once they post that content it's no longer "owned" by them and is now out in public. Ultimately, the decision is yours but do not feel that you have to delete their content. This is not a GDPR requirement. What about members who haven't validated? They're technically not members but we're still holding their data! No problem. The system does delete un-validated users and incomplete users automatically for you. You can even set the time delay for deletion in the ACP. What about RECAPTCHA? I use this, and it technically collects some data! Just add that you use this service to your privacy policy, like so: I see many companies emailing out asking for members to opt back in for bulk mail, do I need to do this? Short answer: No. Since Invision Community 4.0, you can only ever bulk email users that have opted in for bulk emails. There's no way around it, so there's nothing to ask them to opt-in for. They've already done it. There is a tiny wrinkle in that pre 4.2.7, the opt-in was pre-checked as was the norm for most websites. Moving forward, GDPR asks for explicit consent, so this checkbox cannot be pre-ticked (and isn't in Invision Community 4.2.7 and later). However, the ICO is clear that if the email list has a legitimate interest, and was obtained with soft opt-in, then you don't need to ask again for permission. What about notifications? They send emails! Yes they do, but that's OK. A notification is only ever sent after a user chooses to follow an item. This falls under legitimate interest. There is also a clear way to stop receiving emails. The user can opt-in and opt-out of email as a notification device at their leisure. Do I need to stop blocking embeds and external images? No. The internet is based on cross-linking of things and sharing information. At a very fundamental level, it's going to be incredibly hard to prevent it from happening. Removing these engaging and enriching tools are only going to make your community suffer. There's no harm in adding a few lines in your privacy policy explaining that the site may feature videos from Vimeo and Youtube as part of user contributions but you do not need to be worried. As stated earlier, GDPR isn't about sucking the fun out of the internet, it's about being responsible and transparent. Phew. Hopefully you've got a better understanding about how Invision Community can assist your GDPR compliance efforts. The best bit of advice is to not panic. If you have any questions, we'd love to hear them. Drop us a line below. Edited May 12 by Matt GDPR updates for Invision Community 4.3.3 Unless you've been living under a rock, or forgot to opt-in to the memo, GDPR is just around the corner. Last week we wrote a blog answering your questions on becoming GDPR compliant with Invision Community. We took away a few good points from that discussion and have the following updates coming up for Invision Community 4.3.3 due early next week. Downloading Personal Data Invision Community already has a method of downloading member data via the member export feature that produces a CSV. However, we wanted Invision Community to be more helpful, so we've added a feature that downloads personal data (such as name, email address, known IP addresses, known devices, opt in details and customer data from Nexus if you're using that) in a handy XML format which is very portable and machine readable. You can access this feature via the ACP member view The download itself is in a standard XML format. A sample export Pruning IP Addresses While there is much debate about whether IP addresses are personal information or not, a good number of our customers requested a way to remove IP addresses from older content. There are legitimate reasons to store IP addresses for purchase transactions (so fraud can be detected), for security logs (to prevent hackers gaining access) and to prevent spammers registering. However, under the bullet point of not storing information for longer than is required, we have added this feature to remove IP addresses from posted content (reviews, comments, posts, personal messages, etc) after a threshold. The default is 'Never', so don't worry. Post upgrade you won't see IP addresses removed unless you enter a value. This new setting is under Posting Deleting Members Invision Community has always had a way to delete a member and retain their content under a "Guest" name. We've cleaned this up in 4.3.3. When you delete a member, but want to retain their content, you are offered an option to anonymise this. Choosing this option attributes all posted content to 'Guest' and removes any stored IP addresses. Deleting a member Privacy Policy We've added a neat little feature to automatically list third parties you use on your privacy policy. If you enable Google Analytics, or Facebook Pixel, etc, these are added for you. The new setting Finding Settings Easily To make life a little easier, we've added "GDPR" as a live search keyword for the ACP. Simply tap that into the large search bar and Invision Community will list the relevant settings you may want to change. These changes show our ongoing commitment to helping you with your GDPR compliance. We'll be watching how GDPR in practise unfolds next month and will continue to adapt where required.
  3. Admin

    Today is World Lupus Day!

    Today, is World Lupus Day! Join Us and tell your story!
  4. Admin

    Tabbles

    I have been using Tabbles since it started and seen how it has developed. Its developer, Andrea, is someone who takes customer support very seriously. Whenever I have had a query or report a bug, he responds quickly. In addition, he has been very generous and has donated Tabbles to help me in my research. I am an academic researcher, which means reading hundreds of articles for a project. It's easy to create a new project, or container/virtual folder for the project, but each article may have aspects which can be tagged separately. For example, I am beginning a new project on contemporary racism. I created a new Tabble called Racism, which I colour coded - just as I used to do when I used cards for my research at university. I have hundreds of articles, from other projects, which are suitable for this project. It's easy to drop these into this new Tabble, from completed projects. At the same time, I can tag them to remind me they were also part of another Tabble or project. Many of the articles or information can be combined & Tabbles allows me to view these by using the "plus" sign.Thus,I can open the Racism Tabble & open two or more files at the same time. This "combine" feature means I can group together certain articles. For example, I might have a folder, within the Racism Tabble, called 19th century. Within this, I might want to put certain articles relating to 19th century. I can open & "combine" this specific information, from the articles, on nationalism in Germany. I might have a paper that I recall is a PDF & I can click on "New extension-tabble" because Tabbles automatically notes the extension of the file and locate the PDF. As I use the web for my research, Tabbles has a feature for the browser. I predominantly use Chrome and this means I can tag these articles for future reference. Every time I save an article, Tabbles lets me "tag" it via a pop-up my desktop.I can even create another Tabble or virtual folder, if necessary. As I research on the web, I can also use Tabbles to store its contents via tagging. One of the best features is to tag a file/article based, for example, on its "name". For this, Tabbles has a system called "auto-tagging" using the auto-tagging rule editor. Each time an article/file has the word "racism" I can use Tabbles to put it into "Racism" Tabble; a pop-up will allow the one-click tagging system in Tabbles. Without Tabbles, research would take much longer. You don't have to learn relational databases as Tabbles is intuitive. I cannot recommend Tabbles enough. I would be lost without it. If you are interested, you can find Tabbles here: http://tabbles.net/ ...
  5. Admin

    TABBLES 5

    I want to extend my thanks to Andrea at Tabbles: http://tabbles.net/quick-intro/ What is Tabbles, in a few words? Tabbles is a tagging software that allows to tag any kind of file, emails (in Outlook), and bookmarks. It helps you to tag and organize your files independently from folders and find them when you don’t remember where they are, but only what they are about. Tabbles allows you to combine tags with a few mouse clicks, immediately finding the file, regardlessly of what folder or disk it is stored on. It even tells you what drive you need to connect, in case the file is archived on a disconnected drive. A tabble is a both a tag and a virtual folder Tabbles are tags that you apply to files and other data; but they are also special folders, because they can be combined, intersected and subtracted from each other, to create dynamic combinations of files. You can put files in as many tabbles as you want, without duplicating them. No disk space will be wasted. The magic starts when you try to open the tabble and combine it with other tabbles, to find what you need in a natural way, without the need to know which directory or drive contains the files you need. You can also define powerful rules to tag files automatically. You can also define powerful rules to tag files automatically. Tags can be combined, allowing to find a file in many different paths The combine function allows you to find files and other documents by describing them the way you find more natural. Tabbles adapts to the way you think, allowing to find a file in many different paths. For example, you can reach the same file by clicking Pictures > John smith > vacations > beach or by clicking Year 2010 > Trip > India > John Smith > Mary Evans, even though that file only has a single physical path, like “Y:\archived\2010\Trip-to-india\Camera\BR0000223”. A physical path which you most likely do not remember! Add to all this that the drive containing the file is probably disconnected, and you would have to attach all your drives in sequence to find the file. In short, with Tabbles you get the power of a relational database and the usability of a pocket calculator! Share your tagging and collaborate In a corporate environment with many users and machines, users can share some or all of their tags, so that each user can find files based on tags applied by colleagues. Tabbles stores its tags into a Microsoft SQL Server databases, and allows for tag-sharing on local drives, shared drives as well as on cloud sync folder (like Dropbox, OneDrive etc.). The system administrator can manage users, sharing groups permissions and licenses via an Admin control panel.
  6. Invision Community 4.3 We are happy to announce the new Invision Community 4.3 is nearly available! Here is the list of what's new and we will follow up with individual blog entries going into detail about each new feature every couple days over the next few weeks. There will be a public preview in late January and we should go to public beta soon after that. Keep an eye on our blog for updates! Some highlights in Invision Community 4.3 include... Improved Search We now support Elasticsearch for scalable and accurate searching that MySQL alone cannot provided. There are also enhancements to the overall search interfaces based on your feedback. Emoji Express yourself with native emoji support in all editors. You can also keep your custom emoticons as you have now. Member Management The AdminCP interface to manage your members is all new allowing you easier control and management of your membership. Automatic Community Moderation You as the administrator set up rules to define how many unique member reports a piece of content needs to receive before it's automatically hidden from view and moderators notified. Clubs The new Clubs feature has been a huge hit with Invision Community users and we are expanding it to include invite-only options, notifications, exposure on the main community pages, paid memberships, and more. Custom Email Footers Your community generates a lot of email and you can now include dynamic content in the footer to help drive engagement and content discovery. New Gallery Interface We have reworked our Gallery system with a simplified upload process and more streamlined image viewing. The full list follows. Enjoy! Content Discovery We now support Elasticsearch which is a search utility that allows for much faster and more reliable searching. The REST API now supports search functions. Both MySQL and Elasticsearch have new settings for the admin to use to set search-defaults and default content weighting to better customize search logic to your community. Visitors can now search for Content Pages and Commerce Products. When entering a search term, members now see a more clear interface so they know what areas they are searching in and the method of search. Member Engagement Commerce can now send a customizable account welcome email after checkout. You can whitelist emails in the spam service to stop false-positives. REST API has many enhancements to mange members. Ability to join any OAuth service for login management. Invision Community can now be an OAuth endpoint. Wordpress OAuth login method built in. Support for Google's Invisible ReCaptcha. Groups can be excluded from Leaderboard (such as admins or bot groups). All emails generated by Invision Community can now contain admin-defined extra promotional text in the footer such as recent topics, Our Picks, and more. Admins can now define the order of Complete Your Profile to better control user experience. Clubs Option to make a Club visible but invite-only Admins can set an option so any Club a member is part of will also show in the parent application. So if you are in a Club that has a Gallery tab then those image will show both in the Club and in the main Gallery section of the community. Club members can now follow an entire Club rather than just each content section. There is a new option on the Club directory page for a list view which is useful for communities with many Clubs. If you have Commerce you can now enable paid memberships to Clubs. Admins can set limits on number of Clubs per group. If a group has delete permission in their Club, they can now delete empty containers as well. Members can ignore invitations. Moderation and Administration Unrestricted moderator or administrator permission sets in the AdminCP are visually flagged. This prevents administrator confusion when they cannot do something as they will be able to quickly see if their account has restrictions. You can choose to be notified with a new Club is created. Moderators can now reply to any content item with a hidden reply. Download screenshot/watermarks can now be rebuilt if you change settings. Support for Facebook Pixel to easily track visitors. Moderators can now delete Gallery albums. Automatic moderation tools with rules to define when content should auto-hide based on user reports. Totally new member management view in AdminCP. More areas are mass-selectable like comments and AdminCP functions for easier management. New Features Commerce now has full Stripe support including fraud tools, Apple Pay, and other Stripe features. Commerce packages can now have various custom email events configured (expiring soon, purchased, expired). Full Emojii support in the editor. Setting so when someone is typing in an editor, other members will see a "Member X is typing..." status in the editor view. Complete overhaul of the Gallery upload and image views. Announcements system overhaul. Now global on all pages (not via widget) and new modes including dismissible announcements and top-header floating bar option. Many new reports on traffic and engagement in the AdminCP. Blog has new view modes to offer options for a traditional site blog or a community multi-member blog platform. The content-starter can now leave one reply to Reviews on their item. Commerce now makes it much easier to do basic account-subscriptions when there is no product attached. Useful Improvements Forums has a new widget where you can filter by tags. If tags are not required, the tag input box now indicates this so the member knows they do not have to put in tags. Member cover photos can now be clicked to see the full image. Any item with a poll now has a symbol on the list view. Twitch.tv embed support. You can now update/overwrite media in the Pages Media Manager. Mapbox as an additional map provider to Google Maps. Technical Changes Direct support for Sparkpost has been removed. Anyone currently using Sparkpost will automatically have their settings converted to the Sparkpost SMTP mode so your email will still work. Your cache engines (like Redis) will be checked on upgrade and in the support tool to ensure they are reachable. Third-party applications will now be visually labeled to distinguish them from Invision Community official applications. The queued tasks list in the AdminCP is now collapsed by default as queued tasks are not something people need to pay much attention to during normal operations. When upgrading from version 3 series you must convert your database to UTF8 and the system saves your original data in tables prefixed with orig. The AdminCP now alerts you these are still present and allows you to remove them to reclaim storage space. On new installs there are now reasonable defaults for upload limits to keep people from eating up storage space. Categories in all apps (forums, gallery albums, databases, etc.) no longer allow HTML in their titles. This has been a concern both in terms of security and usability so we were forced to restrict it. Large improvements to the Redis cache engine including use for sessions. The login with HTTPS option has been removed and those who were using it will be given instructions to convert their entire community to HTTPS. Images loaded through the proxy system now honor image limits for normal uploads.
  1. Load more activity
×