Marry me. It’ll be cheaper, and easier, for both of us.
2 Likes
I think it was me
Stop blaming your tools, then!
2 Likes
@Andrei - pretty sure this calls for another giveaway… 
(Joking, I have enough monitors already, and really happy with HetrixTools, in case my endorsement is for some reason better than the sheer number of people using them…)
2 Likes
4 Likes
Remember
I see HetrixTools being mentioned so many times that I’m going to give it a try just now.
@Andrei Just a heads up: if I put my email address in the ‘Forgot user / password’ dialog it notifies me whether or not my email address exists in the system (as I use several mail addresses, I had to give it a few tries). Not only does that violate a few CWE definitions (e.g. 203 and 204) (CWE - CWE-203: Observable Discrepancy (4.11)), it’s also in violation of the GDPR (to some extend and for all you care). It’s common practice nowadays to simply notify the user that if their mail address exists in the system, they will get a mail with instructions on how to reset their password.
4 Likes
Thanks for pointing that out, I’ll look into it.
Although I don’t see how it violates GDPR, there’s bruteforce protection on the number of tries you can perform before the system locks you out so it’s not like someone can try out millions of invalid emails in order to find out the few valid ones.
1 Like
It violates GDPR because you’re basically verifying that a given email address is in use (in your system). As an email address is classified as personal information (as per the GDPR), you’re basically an online validator for email addresses. This is probably not in your privacy policy for intended use of user information, nor won’t that be acceptable from a GDPR perspective, as personal information may not be publicly accessible like it is today (confirming the existence of an email address in your system was classified in EU court as a data breach before). If you go by the rules, you’d even have to inform your users that there was a breach (as described in article 33).
Please don’t get me wrong, I’m not trying to be a dick here, just giving you a heads up. GDPR is a shitty thing, but it’s there anyway.
You can, if you have thousands of IP addresses 
. I admit chances are slim people are actually doing that, but it’s not that uncommon to do.
4 Likes
I highly doubt that with bruteforce protection anyone can get any data out of such systems or that anyone would consider it a GDPR violation:
Also, an email address is considered personal data only if it contains your full name (ie: [email protected]) as defined by EU. So even if you get that one in a million correct email address, the odds of it being actual personal data that would breach the GDPR are even slimmer.
3 Likes
That’s a fair point. I’ll look if I can find the case I have in the back of my mind and report back.
Fully agreed, with the side note that “slimmer” is not the same as “non existent”.
3 Likes
Since when did we turn into Reddit?
1 Like
That’s true indeed.
1 Like
Did some searching but unfortunately couldn’t find the legal case. I did skim through the Google / Facebook privacy policy and they both explicitly mention that they may show publicly visible account information in case others already have your email address or other information that identifies you, which is apparently fine from a GDPR perspective as you opt-in for that. It’s too much of a grey area without me finding the legal case, though. Both companies are in court as we speak fighting over many GDPR things.
1 Like
Facebook and privacy policy? Please. 
Other than that, I think this case is pretty clear: fairly easy to fix, prevents any issue with GDPR and adds a pinch of security aswell. GDPR isn’t a law thats ready to go in the current format.
Edit: and sorry for continuing the offtopic.
4 Likes
Couldn’t agree more. I stand corrected on the GDPR matter, as it may not be an issue after all (and maybe it is, but as you mention, it’s not ready in the current format, too many things still happening in court as we speak).
To not further derail from this thread: I’ve added HetrixTools to my list of active monitors! Will likely phase out Uptime Robot in favor of HetrixTools soon.
3 Likes
Zilore .
It’s free and hella accurate for 1min resolution.
4 Likes
Prtg by Paessler
2 Likes