Data Protection I Server? I What kind of data

[TryAndError]

Hello,

I´m working as a trainer using OBS in my virtual training with teams in Germany. I got a request to teach using OBS in a bigger company (consultants who must present a lot).

However, it´s still unclear if they can use OBS in their company.

I´m waiting to hear back from the IT guys but like to get a better understanding as well.

Hence here are some questions I´m curious about that might help to move the project forward by supporting the IT gys with some answers in advance:

1.) Where are the OBS servers located when using OBS in Germany?
2.) What kind of data gets collected by OBS?
3.) How do plugins affect data protection? Anything I must know?
4? Has anyone experienced using OBS as an employee in bigger companies in combination with GDPR?

Many thanks for any support! Highly appreciated
Tino

 

[Lawrence_SoCal]

1.) Where are the OBS servers located when using OBS in Germany?

Depends on what you mean. Are you asking the servers (this site) where you download the free open-source software code?
OR.. are you asking about the servers you stream to that others connect to, to watch a stream? if this, then realize OBS is the software that streams. It is NOT a content delivery network system like YouTube, Twitch, FaceBook, etc. You pick a streaming service of your choice to use. OBS doesn't host such for you

2.) What kind of data gets collected by OBS?

There are OBS logs on the local PC. Feel free to look at other support posts with link to peoples OBS logs. The standard log (not a crash log) has very basic computer info (OS, CPU, RAM, a few key settings) and then details on OBS settings. From a security perspective, sharing a log could be an issue if a person's name in a file path (ie User Directory path), a source includes a sensitive name/info {ie secret project X, killer new feature, etc). Default OBS captures this on the OBS PC creating a stream/recording, and is not shared any more than other application logs are shared, unless someone explicitly choses to share such a log (say in a support case). The log is just a TXT file, so sensitive info can easily be edited if need be

3.) How do plugins affect data protection? Anything I must know?

A plugin can do anything the local user has permission to do (so, yes, a plugin could be a huge security risk... just depends on the individual plugin). Many plugins are also open source, you someone can always check the source code if desired

4? Has anyone experienced using OBS as an employee in bigger companies in combination with GDPR?

OBS is a locally run app, so in and of itself has no GDPR implications.
No, what someone chooses to do with OBS? whole other discussion. Just like creating a PDF is a non-issue. What is in that PDF and where its gets placed... that can be an issue

OBS is a composite tool (ie combine multiple 'sources') and can stream a video (usually to a streaming server, though if I recall correctly, there is a plugin that allows the OBS PC to be its own RTSP server) and/or locally record a video (for later posting, or further video editing, etc)

.. just a happy OBS user, who has worked for large international enterprises for decades, and am well-familiar with InfoSec protocols and standards

 

[Suslik V]

I think, he also asks about silent jobs that running background: version check (for updates), surveys etc. Some menus gets access to online sources automatically (About menu for example) etc, etc. It's not only about what you see.
OBS can run offline but that's all. You need to use OS own tools to setup the right policy to block every online activity of the application.

 

[TryAndError]

Depends on what you mean. Are you asking the servers (this site) where you download the free open-source software code?
OR.. are you asking about the servers you stream to that others connect to, to watch a stream? if this, then realize OBS is the software that streams. It is NOT a content delivery network system like YouTube, Twitch, FaceBook, etc. You pick a streaming service of your choice to use. OBS doesn't host such for you

There are OBS logs on the local PC. Feel free to look at other support posts with link to peoples OBS logs. The standard log (not a crash log) has very basic computer info (OS, CPU, RAM, a few key settings) and then details on OBS settings. From a security perspective, sharing a log could be an issue if a person's name in a file path (ie User Directory path), a source includes a sensitive name/info {ie secret project X, killer new feature, etc). Default OBS captures this on the OBS PC creating a stream/recording, and is not shared any more than other application logs are shared, unless someone explicitly choses to share such a log (say in a support case). The log is just a TXT file, so sensitive info can easily be edited if need be

A plugin can do anything the local user has permission to do (so, yes, a plugin could be a huge security risk... just depends on the individual plugin). Many plugins are also open source, you someone can always check the source code if desired


OBS is a locally run app, so in and of itself has no GDPR implications.
No, what someone chooses to do with OBS? whole other discussion. Just like creating a PDF is a non-issue. What is in that PDF and where its gets placed... that can be an issue

OBS is a composite tool (ie combine multiple 'sources') and can stream a video (usually to a streaming server, though if I recall correctly, there is a plugin that allows the OBS PC to be its own RTSP server) and/or locally record a video (for later posting, or further video editing, etc).

.. just a happy OBS user, who has worked for large international enterprises for decades, and am well-familiar with InfoSec protocols and standards

Hi Lawrence,

many thanks for your detailed answer. Very much appreciated.

I forgot one thing to mention. I "only" use the virtual camera function in OBS to use OBS in Zoom and MS Teams. This is what people would need to be able to use as well in their company.

From what I understood isn´t OBS installed on any server but only your computer and is therefore not sending data to a server at all (at least if I turn of the update function).

In addition, I only use the audio monitor plugin.

That being said it looks better than expected.