If it is an unnecessary request to another service, yes.
IP-adddresses are considered personally identifying information. TCP requests transmit IP addresses.
Under the strict interpretation of the GDPR, a lot of things which are common outside the EU might be illegal, like e.g. embedding Google Fonts. To be on the safe side, people usually at least list these external dependencies in their privacy policies to construct some kind of "consent", but till we have more actual court rulings, this is a huge problem area.
For the problem at hand, it is pretty clearly illegal, as it's not only an ip address transmitted, it is a combination of ip address plus visited unrelated domain. This allows the creation of profiles. It does not matter for the GDPR, if the profile is ACTUALLY created, the pure possibility of creating it any time is enough to be a problem.
I don't think this is an accurate way to analyze GDPR compliance. As the staffer points out this favicon service follows their own privacy policy, if by this policy they keep (or analyze, sell, distribute, etc.) no data on your use of the service then there is nothing of interest for the GDPR.
They might have to prove that their privacy policy is indeed GDPR conformant and that their service works as advertised, but in practice this is likely more about public trust that legality.
Art. 4 GDPR (1) clearly makes the (ip-address, visited domain) tuple personal data
Art. 4 GDPR (2) defines "processing" data, and the pure "collecting" of data, even if immediately thrown away, is usually already considered "processing", therefore the GDPR applies.
If you are doubting this, just for a moment imagine, instead of the visited domain they would have sent all form data, including for example credit card data, you entered somewhere on a third party webpage to their central server and did not mention the fact in their privacy policy.
Do you really think then there is "nothing of interest for the GDPR" just because they do not actually permanently record that information? It would clearly be a violation. But to the GDPR, the importance of that data is equal. In fact, the domainnames might actually be more important to the law, as article 9 establishes event stricter rules for "sensitive" data about e.g. health or sex life of a person, and the domainnames might just leak that information.
> Wait what? a TCP request already breaks the GDPR rules?
If the TCP request carries personal data like the name of a visited website plus the user's IP address, then it "breaks the GDPR rules" in so far as you now have to fullfil your GDPR transparency/consent etc. duties /before/ sending that request.
Maybe not all website names look like sensitive data to you, but some website visits you surely want to be treated as sensitive, personal data (like names of hospitals, doctors, political parties, religion etc.).
I think its good to realize that the waterfall method really encourages this. Thinking through everything before building can really help formalise informal workflows.
... then you get into standardised work flow diagrams and you are so far into UML that it just becomes programming again.
When starting to program so much abstractions take place. So explaining code paths step by step really helps. Plus writing it out, makes it easier to tackle it step by step. Then taking this flow and explaining it to my senior give me great points to ask questions.
If you look at a satellite image, you quickly see that there just isn't that much space left to nature. That is true for most of central Europe. Doesn't mean it isn't green, but pristine forests don't exist anymore. There are some spaces left to itself now, but they were still touched by human cultivation.
Pristine is a very high bar. There is archaeological evidence of semi-settled early agrarian existence where they would slash and burn an area to farm it and then once the soil depleted move on to a new segment of the surrounding forest and abandon their old settlement to be overgrown and renewed. Wasteful but the cycle was fully sustainable.
Even without human involvement we would see some "normal curves" to tree diameters via attrition of the oldest for varied reasons - but their ring count would be higher.
This sounds like the USA, or any other country when they are still growing and developing as it sounds like the UAE.
Did the industrialists in the UK care about sustainability? Did the European colonialists care about sustainability?
Only now that our countries somewhat have our shit together we start caring about how clean our air is, how long our stockpile of resources/money lasts and how good and kind we are to our earth.
When your biggest struggle is having enough money to eat. That's your priority. Later on when your biggest issue is pollution because it will shorten your lifespan that's what you fight for.
The UAE is not struggling to have enough money to eat. It's spending money to spend money because they have extensive oil and gas resources (and at least the wisdom to diversify their economy to enable them to better survive oil shocks).
We're excited about it. Cloud/browser coding being normalized is great for us.
I don't think what we're building is a direct competitor to IDEs -- you'll always need a repl in the same way you'll have a TV but still go to the movies, or you'll have a tablet but still have a desktop etc.
I would personally always have an off-platform backup to fall back on, as protection against the platform going down, accidental damage to data or malicious damage to data. Snapshots in cold storage too.
Any human readable ways of dealing with that?