Archiver Policy Suggestion

DragonSlayer2189 · November 2, 2020 at 1:28 PM

Due to the recent occurances with the deletion of all the data on the server, It is clear to me that we need some kind of possition to help backup the server, and keep those backups secure while still being easy to access, I propose that we introduce an "Archiver" position. This role, unlike other high position roles, would go to whoever the owner deams is most trustworthy and most capeable of the task, regardless of rank (Basicly, you don't have to be an admin to become the Archiver)

This is my idea for how this possition would work:

Would act semi-similar to the System Administrator role
Would be appointed by the owner, as they must be trusted to have access to everything in the server. However, this would only be done after discussing if the person in question is fit for the role with the executive team
Would have full access to the server files (possibly no write access, only read)
Would make copies of the entirety of the servers files every week

The Archiver Position will also be responsable for following these procedures, so as not to risk the leak of server files and user data to those who shouldn't have access to it:

All the backups must be dated with the following structure: "M/D/Y Server Files" where M is month, D is day, and Y is year (e.g. if a backup was done on the 26th of October, In the year 2020, the file would be named "10/26/2020 Server Files")
The backups must be locked by a Password, this password would be help by the Archiver, and only the archiver
The Archiver Is only allowed to send backups to other users of the server if it is absolutely neccisary, and must never make these backups public for everyone.
If the Archiver needs to send backups to another user, they must first make a copy of the file that they need to transfer, and then change this password to something completely different from what the other server files password is, no password can be the same for these transfers.
Whevever the Archiver sends a backup to somebody, they must notify the owner, and all of the executives that they have sent these files, even if the person the files are being sent to are the owner or an executive. The Archiver must tell them who the files were sent to, which files were sent, and must also give a reason for the transfer.
The Archiver would also not be allowed to Modify and of the server backups unless explicitly permitted to do so by the owner. should the archiver wish to modify any server backups for their own use, they may make a copy of the backup and may modify the copy, but not the origional
Under any circumstance, If something accurs to the main server files, and a backup is needed, the Archiver is responsible for getting the most recent backup of the server files to whoever is the owner, If there is no owner at the time, they must send the files to the EAO, if neither of these roles are filled, they must send it to whoever they deem is most able to recover the server

On top of this, the following must be considered by all of the executive team and the owner:

Should there ever be a leak of the server files, the Archiver should be put under investigation for the distribution of files
If the Archiver is found to break the previously mentioned procedures without good reason (as deamed by a decision from the owner and executive team), they must be immediately removed, and must be blocked from any access to the main server files. After this, an announcement must be made by the owner stating that the archiver was removed and also stating what went wrong
Additionaly, if the archiver, for whatever reason, finds themselves indeffinitly banned from the server, they will be removed from their role as archiver, and a new archiver would be appointed. It is important to note that if a previously removed archiver was removed for this reason, and then became unbanned, they are eligable for getting the role again, provided that the owner and executives decide to appoint them again.
If the owner, or an executive wishes to remove the Archiver and appoint a new one, but the current archiver isn't able to be removed for the above reasons, they can be removed if, and only if, the owner and executive team come to an agreement about the removal of the current archiver and the appointment of a new one.

**wild1145** · November 2, 2020 at 2:38 PM

I would suggest this needs some serious thought, there are a number of legal implications that need to be thought through, along with ethical concerns around random people storing everyone's data...

Telesphoreo · November 2, 2020 at 3:25 PM

@wild1145#190 this and also what is the archivist gets suspended? now they have all user data that can potentially be used against the server and we have no way of knowing whether the data is deleted. Not to mention that they'd have to be pretty high up since they'd be able to essentially see absolutely everything

**wild1145** · November 2, 2020 at 3:45 PM

@Telesphoreo#192 Yeah, to be honest the reason I refused to move to Flarum when Seth was running it was over concerns of data security and privacy...

I think with whatever we do there will be a risk of data loss, that is the nature of things because ultimately an owner isn't really supposed to be replaced in the way we've tried to setup here, and as proved even if you host with a 3rd party as long as someone has access to delete stuff there is a risk.

I'm just not sure to be honest this is the solution to the problem we're all facing.

**StevenNL2000** · November 2, 2020 at 4:00 PM

Note that this problem essentially solves itself if we do end up switching to a split ownership system, because each owner can simply send their backups to the other owner(s), which not only guarantees that the holders can be trusted, but also that there is always at least one other person with access to the backup.

**wild1145** · November 2, 2020 at 4:06 PM

@StevenNL2000#199 It does and it doesn't... There are still legal concerns that would need to be addressed in terms of GDPR Data ownership and processing, which unless someone's going to register a legal entity that is TF will be prevalent, but equally that happens if it's 1 or 100 owners, the difference being it's simpler with fewer owners.

There would also still be data security concerns that I for one would want answered before I'd be comfortable with random people potentially holding personal data on me...

DragonSlayer2189 · November 2, 2020 at 4:41 PM

@Telesphoreo#192 ah, somehow i didn't think about that, if they were to be suspended i would think they would probably be removed, and a new one would be put in place. and we don't need to make sure that the data is deleted as long as people remember to change all of the passwords following a archiver being removed

As for the legal concerns, yes, there would be a lot, and while we probably should follow those, we would have to rework a lot of stuff, because we would have to make things like the forums and panel and other thing all GDPR compliant which it is 100% not rn. as such, we could just say "fuck it" and not do that, which is basically what we have been doing for the past several years, and this policy i think would work if we choose to go with the fuck it method. If we are going to want a full secure backup system thing, it will require reworking a lot of our systems, and as such, it will probably be up to whoever is the new owner to choose which implementation we go with

**wild1145** · November 2, 2020 at 4:43 PM

@DragonSlayer2189#215 That's not the point though... They would still have ALL our personal data to do as they please with, which is the issue...

The only way I could ever see this being remotely viable is if multiple people hold parts of the encryption password so you end up needing 3-4 people to all agree to restore the backup, but then you end up in the issue where if one doesn't want to or goes AWOL, you're fucked back to where you were...

**StevenNL2000** · November 2, 2020 at 4:51 PM

@wild1145#200 But that has nothing to do with backups, you are technically violating the GDPR right now by hosting this forum without having a privacy policy in place. My argument is that if we have that sorted, the privacy policy very likely already clears the owner(s) to have access to that data because they need it to run the community, whereas a separate archiver might introduce more liabilities.

DragonSlayer2189 · November 2, 2020 at 5:01 PM

@StevenNL2000#218 yes I agree, If we decide to go fully GDPR complient, then we should not implement this, however my assumption is that, for most people who may apply to become the owner, they aren't going to want to deal with that.

**wild1145** · November 2, 2020 at 5:21 PM

@StevenNL2000#218 Yes, I had hoped to have actually published a privacy policy and the other bits and pieces required before hosting the forums, but unfortunately that hasn't gone quite to plan. Though one is being worked through at the moment and will then be published accordingly.

And you're right it should well sort many of the issues out, but again assumes we have multiple owners which may not happen for all we know. Either way, I'm not sure an official archiver is ever going to able to actually do this in an effective and meaningful way.

fssp · November 2, 2020 at 8:55 PM

Ignoring how terribly written this suggestion is, we've developed a preference for suggesting new "policies" instead of expanding the current conduct policy as if we're writing some convoluted package of federal legislation. There's no practicality in doing this: players don't want to hire legal advice so they can understand how this server works. This is also a bad idea.

elmon · November 3, 2020 at 11:33 AM

@fssp#236 I think policies make sense if they outline how something works (eg. The Executive or Ownership policies) rather than an actual rule that affects most players on the server. It's this very reason that I made the suggestion to remove the Zero Tolerance Policy because it made no sense to have a rule be a whole separate policy to the conduct policy.

fssp · November 3, 2020 at 7:23 PM

@elmon#278 Policies which are directly pertinent to administrator activities make sense because operators aren't inclined to understand how they work. Integrating them into our conduct policy wouldn't make sense; the executive/ownership policies don't contain information which would be relevant to regular members. For that reason, I agree with you.

What's being suggested directs the handling of server files, which is comprised of individual people's work, therefore it's the kind of designation which everyone should know, meaning it belongs in the conduct policy.

**wild1145** · November 3, 2020 at 8:29 PM

@fssp#323 I think it depends on the complexity of what's being proposed... I'm all for less policies as long as we don't just end up with 1 2000 page long policy that is "The Server".

In this case I do sort of agree that if we're going to have a scenario to address this, we need something fairly detailed and robust because there are genuine legal implications of what happens here... That's something we really have to be aware of... I'm not really sure how this specific scenario fits in with other polices we already have in place?

**wild1145** · November 14, 2020 at 10:41 PM

I think my current plan with this will be not to have a specific person responsible for archiving of the server. I'm intending on making sure that the worlds are available for download where we re-set the maps, and we'll be implementing a more formal backup process in the near future, and once I've got that nailed down I'll publish something here to explain how it's been setup and what assurances there are in place.

While it doesn't 100% solve all the issues you're trying to hope, I don't think there is a rational way to solve the issues, and I don't think appointing someone to that role is going to be the answer we're looking for so I'm going to decline this suggestion.

Archiver Policy Suggestion

wild1145 July 17, 2022 at 2:19 PM

wild1145 July 17, 2022 at 5:13 PM

Tags