MeetFighters News

Just curious. Are you planning to issue a GDPR-style privacy notice, or have I received it but not spotted it among the hundreds of others?

My understanding of GDPR is that the main practical change it has created for many companies is that it is no longer good enough to assume users are happy to receive marketing emails or give your data to others without asking your explicit consent. Defaulting to having the box ticked is not allowed any more - users must *choose* to opt-in to these things.

I suspect MF simply doesn't have this issue so it doesn't have to do anything. It doesn't sell or give your data to others and it has a clear privacy policy. And you only receive emails related to the running of the service.

It's a bit more than that. But I'd be grateful for Admin's comments.

I assume, Admin, that you hold data about me such as my date of birth and special category data such as my sexual orientation and, sometimes, health data.

GDPR is a headache and not all of it is entirely clear, at least not in the UK. Apart from anything else it was written in French and doesn't always translate. IN the UK, the Information Commissioner's Office is going to have to issue quite a bit of clarification and no one can reasonably expect perfection on the effective date, which is tomorrow. Nor does any data controller want to be bombarded with subject access requests.

The privacy policy, I am guessing, is pre GDPR. I can't see any explicit reference to GDPR in the link and it reads like a pre-GDPR document.

But I would in general like to know whether the site, and the data controller, is subject to the GDPR and/or it's statutory equivalent in whatever country the site is domiciled in.

Is there any chance of a general statement?

Were you asking about the emails a lot of companies have been sending out recently? Or about the privacy policy of the site? My answer assumed the former.

NO my question was more general.

The GDPR has been brought into force within the EEA in recognition of the cyber world that we all live in.

In the UK it preserves the principles of the existing Data Protection Act and strengthens them.

My data is in here. All I really want to know is whether MF is subject to GDPR and to see a general statement from Admin as to how the site is meeting those standards.

I know I'm off topic slightly here and my apologies if I'm detracting from the point Admin was making. I'm happy to shut up and open a new thread, but I would like to know

You're right the GDPR is a headache.

Truth be told, we are running late on GDPR-related activities. The site is ran by a handful of volunteers, and there is only so much we can do on our free times. The legislation comes into effect tomorrow, which is unfortunate. Even less fortunate is that we keep receiving self-contradicting statements from official sources in the past weeks, and still trying to sort through the best course of action, if any, for the site to take. This is why there's now a cacophony of online (mis)information as to what exactly is and isn't legal.

We will be following up on this before the end of the month, you will hear from us.

Thanks Admin.

I'm sitting here in my office with exactly the same headache so I totally get where you are coming from. We've taken a bunch of very expensive legal advice and the only thing for sure is that the consultants are getting rich.

I look forward to your statement when you're ready.

Gah.. I work in the US for a European security company, talk about headaches.

But from a site operators perspective, the gist seems to be if I tell you to delete my account and data, you pretty much have to wipe my identifiable records, and some transparency aspects.

Hi Admin,

Firstly a big thank you to yourself and the rest of your volunteers for continuing to run the site.

In very simply terms (and from my fairly limited understanding) that as MF is a membership site, you won't have to do too much beyond showing how the information is used and stored, thus giving people the choice whether they want to stay or not (or "opt in" / "opt out")

PS. I have very limited free time but if you want some help with writing standard docs (e.g. subject access requests) I would be happy to chip in

It's a bad new, it means your security is not good enough...

BCNBOXER, your vommentg is clueless.

MF was breached because the user gave his MF password to a corrupt site, which was then used by that site to impersonate the MF user.

This is a risk inherent in using the same password on multiple accounts.

Agree with that!

I don't use the same password on multiple accounts, but there is a security issue in Meetfighters.com.

On their own words: 'We recently had a nasty incident originating from another site'. This is a problem for the users of the site. If the issue only affects to one profile, please, don't give an advise to all the members of the site, It's not necessary.

@BCNBOXER: dalwrestle42 is right, your comments are clueless.

If you make security doors, it doesn't matter how good they are if the homeowner hands his keys to a burglar.

Cruelty is another thing, not a disagree comment written with respect. Please, a bit of respect with the opinion of users who have been supported this site for years. This kind of advises don't appear in other sites.

BCNBOXER: Yes they do, Facebook for example: https://www.facebook.com/help/379220725465972

BNCBOXER please read admin information again:
Other website has taken the password of MeetFighter's member from his site database, and used it to break into that member's MeetFighters account.
Other website could do so because other users of MF are not as good as you in password protection. They used probably the same user and password to login on other website.
I appreciate admin honesty with us and warning sent to all users.

I know the meaning of the advise. It's an not important thing. Maybe the administrator think we are stupid and we don't know the risks of using the same passeord in different sites. What about driving under alcohol effects? Or walking fixing our look on the phone instead on the things around us? Is it necessary to treat us like stupid people?

If it would only be about a single person, well, I´d be in your camp that it´s that single person´s problem if he chooses to use the same password everywhere.

However, it´s not just their problem alone.
By using the same password it becomes possible that another person from another website can use that very same password to impersonate that single person and harrass other users here, and voila, no longer just that single person´s problem alone but a problem affecting many users and therefore the whole site community.

So please, even if any of you think you don´t have important data or think you don´t have any secrets to hide or whatever excuse you might come up with to use just one same precious password everywhere: Don´t! The potential trouble you might cause is much bigger than you might imagine.

It´s fine if you(BCNBOXER) are using different passwords for different sites, but it would be even better if you(all 16thousand users here) would also use different passwords. I bet there is a tiny handful who doesn´t, and that alone is enough for trouble if some evil site joins the game.

Yes. Anyone who has ever worked in IT can confirm that it is necessary. Survey after survey have concluded that some 80% of users regularly reuse passwords, and that these passwords are also frighteningly easy to crack. This figure is also stable across age groups so it's not a generational issue. The reality is that admin is being responsible in sharing this and encouraging users to update their passwords.
As for DUIs and injuries arising from device usage, the sheer amount of policing and public health resources being dedicated to these two problems seem to support the idea that people don't understand the risks associated with both.

Admin Thanks for your work on this matter!

Thanks Admin for the warning :) and for all the other amazing work you do on Meetfighters!

Over 16000 members but less than 1,100 verified... ?

Personally, i see verification as something needed by someone with no past opponent's, it gives them a reputation as real. But if you have 5 plus past past opponent's then its pointless.

I won't verify because I do not want to post my face in a public portion of a wrestling website, and I wasn't able to get the workaround to work. But ask any of my almost 200 past opponents if I am real.

As for sockpuppets... it's a nuisance that Admin is correct in trying to address. My meetfighters password is unique, but since I am job hunting, I have to set a password for each and every company I apply to, each site I register on, each place... and there are hundreds of them. I wish I were smart enough to keep track of all that (or successful enough to be hired in a smaller number of attempts), but not all of those passwords are unique.

Two words: password manager. Remember one strong master password, and the manager will create and fill in all the unique ones for you.

Call me a cynic but I don't trust the password managers. My passwords for important stuff are secure; my candidate logins aren't meaningful since I have no real access and they didn't hire me anyway.

i do agree with your last. i always consider my password and make it unique not to me but to something so out there it would not be obvious to anyone ,

Understandable, but an offline open source password manager can alleviate that. I guess from my perspective, just knowing how much data gets processed in recruitment management systems, I really wouldn't want someone accessing my data using a shared password.

Most of that data is already on the public recruitment sites and LinkedIn. If they want me... I'm out there. I don't want to be an open book, but I don't have a choice if I want to work.

This is a pretty good wake up call for making sure your have different passwords not just here but across all social media/email/etc. The hard part is remembering them all lol.

May i say thank you Admin for bringing this to our attention, and yes to use any password for more than one site is foolish. Although you do your best to keep all our details private it is a;so upto each and every individual to be vigilant and not just rely on Admin.

Oh, then we will toast with cyber sparkling wine. Cheers ;-) and thanks for site maintenance.
When I joined the forum, it was only approx. 6000 user.

Another scary point to raise would be that since the owner was able to get one password out, they just store members' passwords in their database in plain text, unencrypted - if their database is ever compromised, whoever did it would have access to every member's password with really no extra effort.

If you're on that site and really don't want to commit to remembering different passwords, at least have a different one for that one or get a password manager.

Thank you once again, Admin, for all your efforts on our behalf, making this such a good, honest, safe, tolerant place to be. I think I'll change my password as you suggest. Not that I can imagine anyone would particularly want to hack into my MF account ... but it's just good practice to change passwords every so often. Thank you for the timely reminder.

Admin, if you need any assistance on the GDPR front, I'm a GDPR expert - lobbied on the original law and am now running support programmes for SMEs worldwide as part of my employment activities... I'm certified by the University of Maastricht as a Data Protection Officer, etc. Be more than happy to help out the site pro bono considering how much it's given me. :)