Privacy regulations can make it very difficult for competitors to gain traction for incumbents, so there is active lobbying to get regulatory barriers to competition in play. At the same time, far too much money is being made to allow laws and regulations to kill revenues... so it gets complicated. The easy way is to just say you are all for privacy, and then oppose it at every turn.
Another issue is this: breaking some of these privacy laws both in force and proposed, is really quite easy to do - as easy as a misconfigured logger or a developer including the wrong field in a query.
>Another issue is this: breaking some of these privacy laws both in force and proposed, is really quite easy to do - as easy as a misconfigured logger or a developer including the wrong field in a query.
So if I drive accidentally over the speed limit I should not get a ticket? That's a weird argument isn't it? Moreover, we are talking about companies with billions of revenue, they can afford to pay people to make sure things work. If you are worried about large incumbents using the laws as barriers (a weird argument, should we not protect people first, not companies?), just lobby for fines to be a fraction of revenue.
Moreover, the behavior of the big companies in Europe shows that they have and continue to intentionally skirt and break the rules as much as possible until they get hit with fines. I really have very little empathy with Google, Meta et al.
You should not get a ticket for accidentally driving over the speed limit (unless you are driving over every plausible speed limit), but a corporation should. This is not an arbitrary distinction, and equivocating as you have hurts your argument.
You should absolutely get a ticket for accidently driving over the speed limit, as the company should too. Its about safety and awareness. If you are not paying attention to the road signs and/or your cars speed, who knows what else you are not aware of. Maybe a child crossing the road in front of you.
Should you get a ticket for accidentally driving over the speed limit because your speedometer was broken? Should the company who made the speedometer get the ticket? What if the speedometer was broken due to a bug software the speedometer company bought? Should that company get the ticket?
Not a lawyer, but I'm pretty sure the burden is on the consumer in the USA to have their speedometer calibrated appropriately (10% error in the few states I've checked), and not doing so violates additional laws. Details could get complicated if you had proof that you did your part (OTA updates, can they prove you drove by a speed sign and should have known the speedometer was broken, ...), but you might be able to argue your innocence and might have a civil claim against one or more parties who touched your car.
Plenty of existing laws take intent into consideration so its not unreasonable to suppose that a log that happens to accidentally contain some information that it shouldn't before being destroyed and the bug patched would be quite legally distinct from a log containing the same information but has a business unit processing and profiting from it.
It is not unreasonable, I agree. However, the privacy laws passed by government are mostly intended to play performative and punitive role, and actual interest of the people in balancing their privacy and usability concerns are tertiary at best. The politicians pass those laws to look good on one side, and to attack the companies on the other. User concerns are mostly ignored.
Indeed and I don't see how that changes _structurally_ when people "in the know" are always going to be a tiny minority — they say that about 3% of the population has the profile to work in tech, and I tend to agree anecdotally.
I feel it's comparable to the inception of medicine for instance, and the solution was auto-regulation of the field by itself through the application of a loud (public and transparent) set of deontological rules of practice ("Primum non nocere", etc).
Awareness of society about these issues re. privacy and information sanctity in a democracy will not come naturally, structurally as time goes by. Just like they don't really know how doctors make life-or-death decisions on the spot. Nevertheless, the right principles should eventually exist, be known, and abode to, by those who work in the field. It should be loud and clear that we all have ethics (rules, implementing guiding principles), and which exactly.
A deontology of information technology and its practice in relation to human beings is one big "TODO" of this century, and it should concern anyone even remotely skilled to understand the problem.
> Besides, private companies don’t have the force of law to force people to do anything.
As more and more consolidation happens I'm not so sure this is still true. If all grocery stores become zero-human Amazon markets and their AI decides your long forgotten, hobby EC2 instance is past due then can you buy food?
Rent an apartment?
Fly on a plane?
Elections in the US need reformed, no doubt. And governments have a monopoly on legal violence. The answer isn't to keep handing the keys to the government over to whomever/whatever has the most money.
There is definitely not a “tech monopoly” on renting an apartment. On the other hand, the government can and does take away peoples property through both imminent domain and civil forfeiture.
The government already controls who can fly and who can’t via “no fly lists”
I don't understand. You want rights but don't want the government to have any power to enforce them? What should happen when a company does something that you feel violates your rights?
The government doesn’t “enforce rights”. They take rights away from people. Laws by definition limit what you can do.
A company can only “violate my rights” if I choose to use those services. It’s much easier not to for instance use a phone with an operating system controlled by an adTech company than it is to not have to deal with a government.
Do you really think a government that always pushes the limit on being a surveillance state cares about your “privacy”?
That’s a very interesting example you choose. I wonder if you’d have a choice of mobile phones today had the US government not exercised its anti-monopoly authority with the Kingsbury Commitment and later the break-up of the Bell System.
Prior to 1983, nearly everyone in the US and Canada had to lease their physical telephones (wired and wireless) from Ma Bell, and if you didn’t like the phone Ma Bell gave you, tough luck. Your other choice was to simply not have access to the PSTN.
The US government accepted AT&T’s natural monopoly of telephone communications (this is the Kingsbury Commitment of 1913 mentioned in the link you provide) in exchange for their divestment of their control of other forms of telecommunication—namely telegraph communications via their controlling interest in Western Union—which was the other major important telecommunication technology at the time in the early 20th century. I can only imagine what things might be like if AT&T was allowed to keep an unchallenged natural monopoly over all forms of telecommunication and further allowed to hold that monopoly to the present day.
We already know what would happen, landlines would still become irrelevant as cellular took over. There are and were still local “natural monopolies” with phone services.
>The government doesn’t “enforce rights”. They take rights away from people. Laws by definition limit what you can do.
If you want to have rights in any meaningful sense, people's actions must be limited such that they don't violate them overmuch.
>A company can only “violate my rights” if I choose to use those services.
That's complete nonsense. But even if it were true, how do you suppose that would help you if you don't have a handy oracle that provides you perfect information about every company's actions past, present, and future? It's not as if a company is likely to advertise practices they don't want you to know about. And there's nothing (aside from the government) preventing them from deciding the day after you purchase goods from them that, for example, they're not going to honor warranties anymore. And, of course, you don't have to buy from a company for them dump industrial waste on your property.
>It’s much easier not to for instance use a phone with an operating system controlled by an adTech company than it is to not have to deal with a government.
Is it easier to purchase all your goods and services from companies that have no objectionable practices? You probably don't have many choices of ISP and it's increasingly difficult to find a TV without some manner of integrated as tech.
>Do you really think a government that always pushes the limit on being a surveillance state cares about your “privacy”?
"The government" is not a single entity with only a single goal. Do I think that well-written legislation aimed at protecting privacy would, in effect, tend to protect privacy? Of course. Do I think that would stop the NSA from violating citizens' right to privacy? Of course not.
> Privacy regulations can make it very difficult for competitors to gain traction for incumbents
This is an oft repeated argument that makes no sense. The point of privacy legislation is not to increase competition. The point is to increase privacy. The government has other legislative tools to increase competition should it wish to do so.
I think the point he was trying to make is that big tech can use privacy regulations to keep out new competitors, rather than encourage them, as compliance with privacy regulations can create a higher barrier to entry
How? You just need to not save user data outside of that strictly required for providing your service and you easily comply even with the most stringent GDPR directives. To be honest caring about privacy lowers a lot your barrier to entry, unless you whole business is based around tracking ads or reselling of data to shady third parties.
Or collecting samples of user-provided data to build machine learning systems, which is how Google bootstrapped its search, spam filter, and voice recognition technologies.
> With sadness, StreetLend was shut down in April 2018, after five years of operation.
> Unfortunately the European Union's new GDPR (General Data Protection Regulation), introduced on 25th May 2018, creates uncertainty and risk that are impossible to justify for small non-profit websites.
That is an example of someone who chose to shut down due to perceived risk. There is no argument on the linked page that that perception of the risk of running a free non-profit website under the GDPR is based in reality. In particular, the does not seem to have been any GDPR enforcement against said site.
It looks more like someone who does not like the GDPR (because it affects them in some other way, because they are mislead, out of principle or who knows what reason) who then chose to sacrifice their pet project to make a statement.
> The point of privacy legislation is not to increase competition. The point is to increase privacy.
There is no point without a person to have one. This is your point. It's absolutely impossible to generalize it to everyone who works to pass "privacy" legislation, and simply incorrect. Sometimes you try to pass privacy legislation to reduce privacy. Sometimes you try to pass privacy legislation because you have a product that would sell more if it passed. And yes, sometimes you try to pass privacy legislation because it adds so much red tape that you need a full time employee, a team, or a department to comply with it, and you know potential challengers can't afford that yet.
Yes, but the side-effects of laws are the direct effects of laws and cannot be simply dismissed. This is the primary concern for any law, that it may impose other costs on society than just its intended consequences.
Reality is, many such consumer protection laws include revenue minimums to avoid this very problem. See, as an example, the proposed law in CA allowing parents to sue social media companies.
Because the insights from the data do depend on the scale of the dataset. Thats why the number of users is taken into account in data privacy laws such as GDPR (No. of users correlates with revenue).
This is backward. You don't need an engineering army to _not_ collect private data. You do need an engineering army to collect private data and use it.
It doesn't exist in English Wikipedia. If you find this weird, my guess is this acronym must have gotten more (mainstream?) attention in Germany (despite being in English).
I've never heard of it and I don't think it's common where I am (Canada). Sometimes people coin terms and they get picked up in some places, but not others.
When I lived in Germany and the Netherlands, it was often surprising to me which foreign terms/concepts/artists get elevated to mainstream relevance. There's a lot of imported culture from English speaking countries, but it's through a specific filter.
Because it mostly looks like book promo rather than something that needs a separate Wikipedia page. It's not a widely used term and should likely be tossed from German wikipedia as well. It would make sense in a page about the book or the author.
Yet another article where Apple gets recklessly tossed in and combined with the real bad actors in this field, even though the article then fails to cite even a single breach or privacy issue or anti-privacy stance taken by Apple. Worse, the article contains this complete lie:
"All of the companies cited by The Markup – Amazon, Apple, Google, Meta, and Microsoft – have dominant or emerging online ad businesses, which rely heavily on data collection."
Nope. Apple does not have an "dominant or emerging online ad business". Apple has no ad business at all, let alone one that "relies heavily on data collection".
Is it too much to ask to have some professional editors vetting these articles before publishing?
Understanding the ways this is different from, say, Google Ads, AdRoll, or TowerData, is nuance beyond most journalists.
Not that it’s hard to research. Consider:
Apple Search Ads doesn’t buy or share users’ personal information with other companies. We don’t track people by linking user or device data collected from Apple apps with user or device data collected from third parties for advertising targeting or measurement. And we don’t share user or device data with data brokers. — https://searchads.apple.com/privacy
Pro-tip to journos: the story is in what comes immediately after “which rely heavily on data collection”.
So that text doesn't say they are not using the data they collected for advertising targeting or measurement. They simply say they don't link the data with data collected from third parties for advertising. They are the only ad provider on iOS are they not? So the argument is, because they have a monopoly on their platform and don't share with anyone else they are vastly different? Or am I misunderstanding something?
I'm not sure if you're misunderstanding something. Definitely seem to be missing something. I didn't ask what's being done with the data. I asked where it goes.
Do you think there's equivalence between selling user data to a marketplace of 4,700 third parties, and an internal machine-learning-sized A/B test?
Are Apple ads not targeted? ie is their platform different than:
> Even though companies like Facebook and Google aren’t directly selling your data, they are using it for targeted advertising, which creates plenty of opportunities for advertisers to pay and get your personal information in return.
But even otherwise, the links between the companies and legislation are weak to begin with (IMO). Its a lot of lazy connect-the-dots type reasoning that turns "may be" "could be" "seems like" into "must be" and "is".
If you want E2E encryption, you sacrifice good full-text search, because you have to build the index on a computer that has access to the plaintext, which means doing it on an endpoint. It’s not as nice as doing it on the server.
If you want to hide metadata, the state of the art is onion routing, and that adds a lot of latency. The only other way that’s even been attempted is Enclave computing, which basically just moves the trust from the service operator to the enclave vendor. Enclave computing is better than nothing, but it belongs in a defense-in-depth approach, not a privacy strategy in itself.
And if you want to avoid fingerprinting, you lose responsive design. Those two things are just directly in conflict here.
> If you want E2E encryption, you sacrifice good full-text search, because you have to build the index on a computer that has access to the plaintext, which means doing it on an endpoint. It’s not as nice as doing it on the server.
I'd argue it's better than on the server. Bring me back local computing, please. It's more private, more performant and more energy efficient. The attempt to centralize computing into central server nodes is not reasonable.
I'd say it's probably the single most important question.
Engineering is about trade-offs; understanding which trade-offs are acceptable means understanding what it is you're trying to solve; then assessing whether the problem is being looked at from the correct point-of-view (and for that matter whether it's even a technical one).
For example: Journalists within hostile nations are risking their lives every day. Because of this, they're keen on keeping their communication private and away from prying eyes.
So far, the compromises largely involve zero-days and social engineering. The former is really due to the shaky foundation of software today. Every single best practice I see is just awful. Whereas social engineering is an on-going problem and is a policy/procedural/cultural problem, not a technical one. The union of bad software and tolerant social protocols make privacy difficult.
Going back to your objection: For use cases where your life is on the line, is a few seconds or even minutes of latency really a problem? Extend the question, for cases where it's not life-threatening but life-altering. What trade-offs are most users willing to make then?
If you're not willing to make any trade-offs no matter what, then it's difficult or even impossible; and also a sign of a poor engineering process.
I would say that's backwards. Sure, politics is slow, but we've seen it succeed exceptionally with aerospace safety (meaning planes built to protocol and maintained to prevent crashes, not TSA security theater) which is an insanely impressive global feat.
Tech has the most impact on user privacy, but there's no financial incentive to uphold privacy and so the slow political stick is required.
Meanwhile users can do their best installing ad blockers, navigate the snake-oil fields of VPN vendors, estrange themselves by quitting social media, set a different search engine on all their devices (which probably still use Google/Microsoft), maybe look into TOR and Whonix, ensure they use email masks and unique usernames for every service, buy Twilio numbers for account sign-ups, get their contacts to use E2E-encrypted messengers and PGP, get a dumbphone that doesn't have GPS enabled at all times, a laptop with camera/mic killswitches. It's not clear which of these steps are excessive or impractical for the layman, aside from ad/tracker blockers.
So the tooling to uphold user privacy is there, but it's nuts to think the solution is for everyone to adopt better privacy-preserving habits rather than slowly killing the business model of the personalized ad industry. A great byproduct of this is that governments will see less surveillance tech vendors to buy from.
> it's nuts to think the solution is for everyone to adopt better privacy-preserving habits rather than slowly killing the business model of the personalized ad industry. A great byproduct of this is that governments will see less surveillance tech vendors to buy from.
Right to the heart. The personalized ad industry has exacerbated the issues of privacy, because it's in their interest to do so.
Having enforceable ground rules in place, in the form of laws, will be difficult because of the money involved; and also the sizeable number of software engineers feeling like they're above the politics.
Still amazed daily at how many people eagerly line up to work at Facebook and Google, two companies engaged in mass fuckery with long-term harm to the entire population.
Having worked at one of those, I can give you some insight.
... They think exactly the opposite. Google even has an estimate of how many lives their services save per year on average.
Privacy concerns become extremely secondary when you're stranded in the woods and all rescuers have on your location is the last time your GPS-equipped smartphone pinged. Googlers think of themselves as working on systems like that.
Do you have some source to corroborate that Google and Facebook have a net positive effect on the lives of billions of people? Making false assumptions is also a way of acting biased.
No, and I never said net positive, although I do believe that it is one. The negatives are inherit to anything where people can interact with each other, things like using up your time or things like bullying.
You don't have a source for your claim either. I'm at least saying that you should recognize how Google provides you plenty of free tools like search, docs, sheets, present, maps, email, etc and entertainment like YouTube. Facebook allows you to connect with your friends, talk to people about your interests, a marketplace, entertainment from photos, videos, streams. Meta also offers Insta for sharing photos or stories and they are investing heavily into XR.
These companies do a lot and I do not think you should trivialize all that they have done by saying that they've done something bad in the past and not even say what they have done. Have you considered the people who want to work their want to actually improve people's lives working on these different projects. Have you considered that large compensation can make people ignore issues. Have you considered that people are just interested in working on the stuff that's available there.
> You don't have a source for your claim either. I'm at least saying that you should recognize how Google provides you plenty of free tools like search, docs, sheets, present, maps, email, etc and entertainment like YouTube.
I would argue none of these are free, because they use/sell your data. If it wasn't so google could not exist.
> Facebook allows you to connect with your friends, talk to people about your interests, a marketplace, entertainment from photos, videos, streams. Meta also offers Insta for sharing photos or stories and they are investing heavily
For facebook and instagram there are at least studies which have shown the harm they are doing to teenagers and children, so there is at least some established facts that show the bad influence (lets not even get into the political bits).
> These companies do a lot and I do not think you should trivialize all that they have done by saying that they've done something bad in the past and not even say what they have done.
That's a slippery slope though, at some point you can justify working for anyone because you don't want to consider their actions of the past to judge them. What about continued action though, e.g. meta burying their own studies on their affect on the mental health of teenage girls just to continue making their profits. At some point someone has to take responsibility to continue working for them (and some people are even actively involved in these decisions).
>I would argue none of these are free, because they use/sell your data
In a technical sense sure, but from the user's perspective it's equivalent to being free since the user doesn't have to do anything different compared to if it was a free service.
>meta burying their own studies on their affect on the mental health of teenage girls just to continue making their profits
Are you referring to the study that said that Instagram on average improved mental health in 12 out of 12 categories for teen boys and in 11 out of the 12 categories they were surveying for teen girls (the exception being that 32.40% of teenage girls with body image issues felt Instagram made it worse)? It was internal research which is why it was initially kept internal.
All those things you mentioned are great, sure. But to my mind, something can be useful, fun, loved, enjoyed while actively making your life worse. The obvious example being addictive drugs.
My smartphone, for example, has definitely made a lot if things more convenient. It use it all the time, for all sorts of useful things. Marvelously useful piece of technology, the smartphone. Has it improved my life? I'm honestly not sure, but my gut reaction is no, because it's ruined my already limited ability to focus(I have ADHD). It actually makes me far more productive having my phone turned off, despite how useful I seem to think it is.
My point is that something can be useful and do all sorts of things for you, but that can still be true while it's actively harmful to you. And you might not even be conscious of this about yourself, let alone most of the global population.
Facebook has allowed anyone to spread video capturing police misconduct that the mainstream press has ignored for decades.
Google with Android and ChromeOS has put computing devices in the hands of people who could never afford the alternative and YouTube has allowed anyone to publish video.
I myself find Google’s products second rate and I prefer business models where I give the company money and they give me stuff. But I realize that a $1200 iPhone Pro Max is an indulgence that many walking around with a $35 unsubsidized phone can’t afford.
Without Android, would WebOS and other mobile OSes never have come out? Do the people using $35 phones care it’s Android vs what ever other OSes they’d have if it never existed?
There were video sites besides YouTube. YouTube cornered the market. That doesn’t make them special. All the examples are one brand cornering a market without having done any exceptional innovation that would be incredibly missed without them. Cornering markets is almost never a net positive for people. I should probably say it never is.
The world wouldn’t have been negatively affected much if Android wasn’t around. Why would the world be helped with Google controlling the majority of smart phones with a superior OS vs an inferior OS controlled by an independent Palm? The world would be much better.
> Facebook has allowed anyone to spread video capturing police misconduct that the mainstream press has ignored for decades.
Facebook didn't allow that, they enabled it, as well as many other places. In fact, if it's on Facebook, I can't see it. Smartphones in general created the glut of police misconduct videos, because everyone started carrying video cameras 24/7.
> Google with Android and ChromeOS has put computing devices in the hands of people who could never afford the alternative
I do not believe this is true. I don't think they put computing devices into anyone's hands, and that there are also cheap alternatives. Android and ChromeOS crowd out (real) FOSS alternatives, and iirc ChromeOS started by crowding out Linux on the trendy tiny laptops that were being marketed in the mid/early-oughts.
Having a monopoly on the low-end market isn't charity work.
Sure, it's helped people spread some information. It's also helped people massively disseminate misinformation though. What I asked for was some corroboration that there is a net positive.
you mean when I toured the new Facebook campus in California, with a data science group from Berkeley, and the Facebook guide stood on the stage and showed us on a thirty foot screen, that any one of us can make a map-reduce job in a certain format, Facebook will sell us info on any way to slice the hundreds of social tags and categories they had mined.. that was perfectly OK?
I think the example the guide gave was "bowlers in the upper midwest" .. it was made clear that we could make a job submisison and be sold data on those people. Someone asked if law enforcement was a customer and the answer way "yes we do business with all branches of law enforcement".
There's going to be a point where choosing to work at Google in 2020+ is going to be a black mark on your entire career. Nobody has the excuse of claiming they still don't know what's going on. If you work there, you chose to put profit over society. And at least in my hopes and dreams, someday that will cost you a job.
Google is neither cutting edge nor solving problems at global scale. They are an adtech company that produces ho-hum messaging apps that abuses human rights as defined by the United Nations as their primary business model.
Choosing to work there today means choosing to hurt society for personal gain, full stop.
Ostracizing friends that work in these big companies is no simple task. And I wouldn't exactly put all the blame on them when society and capitalism has built the platform for these companies to succeed.
I would accept friends and acquaintances recognizing their participation, as well as my own as a user of some products, and observe plus work together to figure a way out of this mess (regulations, break up of big tech?)
One also must recognize the philanthropic arms of these companies. They may be some attempt to balance the shit they're doing.
What amazing companies are most people working at that don’t exploit their workers or society? Almost every one puts profit over society to some significant degree. We live in a hyper capitalist society. Being on the side of this hyper capitalist society as the majority of people are, is the problem.
Did companies like Facebook ever say their business was impacted negatively by GDPR - no?
But they were impacted by billions once Apple did one 10 line rule change strengthening privacy and pop up on apps. It didn’t take a 11 chapter 99 section law.
That's an interesting proxy for measurement for sure, but there are others. It rests on the assumption that all privacy improvements will cost Facebook significantly. I don't think that has been demonstrated to be fact. It seems that many will but also many won't. Apparently, just for example, being able to obtain and delete their data didn't effect them in the same way.
They don't have to have banners, they only have to have them if they do user-hostile tracking.
Unfortunately most sites have scummy business models and this just exposes them.
It opened a market for untargeted ads again (based on the general interest of site visitors) which would never have happened if it was left to the market.
Google is actively working against these untargeted ads because targeting is their #1 market advantage. Nobody has a bigger tracking network than them.
But especially in Europe other players are taking off with them now.
None-sense! If you have to blame 99% of the website (clothing, media, restaurants, ...) as being malicious in order to defend a piece of legislation then you're obviously wrong.
I don't care about the intentions of the law. I care about the effects. No one is trying to update/fix the law within a feedback loop. It's a one time process.
You mean all websites that incorporate Google and Facebook trackers allowing those companies to know everything we buy, every piece of text we read, who we talk to, etc ...
I don't find it obviously wrong to have a problem with this.
Consumer end up clicking accept all on every single webpage, after the equivalent of an attention grabbing popup, something we were happy to see disappear when organisations ( and not governments ) decided to pretty much ban them from browser.
What has improve my privacy:
- Disabling third party cookies via a browser setting (than you Mozilla and Apple). I can understand why websites that I visit might put cookies on my computer. I am even Ok with them tracking me when I visit their websites, but I do not feel why the need to track me outside of their websites
- Deprecating some api used for fingerprinting (thank you Mozilla and Apple). These API were not designed for those reasons, but where abused. What works here is technical expertise to maintain their general usefulness, while preventing the abuse. The various laws had close to 0 impact.
- Apple private relay (thank you Apple), preventing even more tracking, again through *technical* means.
Things that do not help :
- Clicking a button on every single website I visit. I would love to be able to put a setting in my browser to tell what I feel is OK with regard to cookies, and have my browser handle those since cookies are managed by my browser anyway. But the law won't allow me to do that since consent must be "specific", meaning that I need to express my consent for every single domain I visit. Note that this makes private browsing almost unusable since I have to repeat "consent" again fr websites that I already visit quite often. This has *reduced* my global privacy.
- Asking a website about my data. I did once for the lolz and never did it again. In my company, we get an average of one query every 3 month for thousands of daily users. But it justified some lawyer salary while we did a "project" out of it. So I guess it payed some suits guy a new BMW.
As a citizen on the web, GDPR et al. have made my life worse, while Mozilla and Apple made mine better. As a professional, these law have directed a small part of my revenue to lawyers, but haven't changed a thing about what we were doing and how we were conduction our business.
Yes but you must understand that most of users are incapable to do what you did.
GDPR wasn't written for technical users but for all citizens of EU. By having banner they have at least possibility to reject tracking.
Also there was a DNT header initiative. Simple and elegant, serer would get the header from browser and would stop tracking you. You wouldnt even see it. Did it work?
There's also no good way to block data collection inherent in the service you are using. You can't use ublock to stop Google from saving everything you search for, or your location data. GDPR does allow you to stop that.
It seems to me that Apple - a private company - had a lot more of a measurable effect than the government. Major companies like Facebook have explicitly said that Apple’s new policy had a material effect on their earnings.
> Yes but you must understand that most of users are incapable to do what you did.
Third party browser disabling is now enabled by default in firefox and safari, so no operation needed. API used for fingerprinting alternations require no operation on my side. The only thing that require activation is private relay, which needs to be done once and is much simpler than all the legislation around GDPR, cookies etc.
> Also there was a DNT header initiative. Did it work?
It didn't because honouring it was a server side choice. Just like honouring the EU cookie law is a server side choice and doesn't really work either. If you don't want a cookie to be used to track you: don't send it.
Well, the DNT was great. But the server side didn't honor it.
Anyway, if you are so annoyed by cookie banners, you can use this (and few others), works like a charm. Just a warning to website owners, this doesn't mean you got a valid consent from a user of this addon, and as you didn't, it means you cant track them or you are in violation of GDPR.
https://addons.mozilla.org/en-US/firefox/addon/i-dont-care-a...
It would be so much easier if DNT would be honored. Now we are having a law that penalizes the violation of PII (which is defined so broadly, that you cant workaround it - even unique id in a cookie signalizing you are rejecting cookies is PII; nice try, next time read GDPR before trying futile tactics) to the point where you need to take care what you are doing. And GDPR is just the beginning, it is only most widely known but currently 17 countries are having similar legalization and new are coming.
Or maybe a more simple to understand: chlorofluorocarbons (and other ozone depleting substances) were a good business for decades. They were recognized as harmful to ozone and life in general and were forbidden to use. Some companies went bankrupt, some adapted, some were lobbying and complain for another decade. Today we no longer use/produce ODS or at least in minimal quantities.
That add-on works great. On firefox. On a desktop. Of a computer I own. That's not exactly covering a significant portion of my use cases.
Also: I really don't care about analytics cookies, I think they are fair game and can genuinely make many websites/tools better when used correctly. So how can I express this measured and informed consent globally ? (Answer is: I cannot due to how the law is written). And with ton of added legislation, the user life won't get any easier.
I don't understand the parallel with chlorofluorocarbons. Banning that substance stopped its production and thus its harmful effects. PII on the other hand are - as you mentioned - defined so broadly that they are everywhere. Simply having a login button means you deal with PII. Having access to the user IP (aka: replying to an HTTP query !!) means dealing with PII. Sending an order confirmation by email means dealing with PII. You can legalise all you want, but these data are still going to be there: their production will not stop the slightest. In almost all the cases their usage does not cause any problem, unlike chlorofluorocarbons.
> That add-on works great. On firefox. On a desktop. Of a computer I own. That's not exactly covering a significant portion of my use cases.
That is why you should be happy about GDPR as it covers all your use-cases.
GDPR is actually great but no one reads it and only listens some scaremongering by companies that are hurt by it. The problem of mass surveillance and abuse of personal data is also huge. But again no one thinks about it outside some cookies and ads.
Enjoy watching about GDPR: https://www.youtube.com/watch?v=-stjktAu-7k (best done presentation that I was able to find on internet, you might notice in first few minutes that is not about you having access to PII but about using PII - or: I have access to a gun. But I wont use or abuse it. As I might end in jail.)
I don't know of specific sites that became better. Your premise is flawed, though, as the sites only became visibly worse because the site owners chose to do that. And now more people know how bad the web has become.
GDPR doesn't mandate cookie banners - that was actual other separate legislation (ePrivacy Directive). It provided a renewed focus and made more companies sit up and take note.
Sites aren't required to have banners - the intention of the legislation was to encourage and nudge companies towards more straightforward business models, based around what users reasonably expect etc. You only need banners and consent where cookies are used for purposes the user didn't request (adding an item to a shopping basket doesn't require consent, but profiling a user and sharing that with third parties for retargeting isn't something reasonably expected, so it would require consent and disclosures of the companies involved).
How has it helped users? Two of the largest tech companies are adTech, tracking ads are still everywhere. All we got are cookie banners that are worse than the ads. Ads are much easier to block.
You imagined google going bankrupt as a result of GDPR?
It has given users tons of options regarding exporting and deleting data. Changed the defaults and limits use of personal data. These are all huge and goes way beyond internet.
Users now have an ability to more easily see how their data is being abused and which companies are too greedy to not ruin their own websites.
For the first time in a very long time there is hope.
Then again, we have people who still believe GDPR is about banners, we have long ways to go but it is the first step in the right direction in forever and it is a huge step at that, we have barely started reacting to it.
It helped me by allowing me to demand that facebook and google delete the shadow browsing history they kept on me, and disallowing them from continuing to collect data.
So the point of cookie banners is malicious compliance. Annoying banners get people opposed to EU privacy laws, which is the true goal of the banners. When Facebook blocked news in Australia over a legal dispute, they "accidentally" blocked all sorts of other content. But it wasn't a mistake, it was intended to sabotage the privacy regulations' popularity, so people like you would call for it's removal. Craigslist didn't actually need to close personals when FOSTA was passed, but by doing so, they created a plausible claim for harm caused by a law that regulated them.
When companies overreact to legislation in ways that negatively impact society, stop blaming the law, because that's entirely what the tech companies are trying to do. They're trying to turn you against the very lawmakers who are protecting you from them.
So you mean the government passed a law without thinking through the unintended consequences…shocking!
And you’re claiming that every website that chose to use cookie banners was doing so for political reasons? Do you think that is the simplest explanation - and not that a bunch of lawmakers were incompetent?
It's not that I think laws were passed incompetently, but that they were watered down to get them passed. We should be hauling executives of Google and Facebook to jail, but we're still at the "make everyone notify users they're being abused" level.
Weird to blame regulation for how private entities act. Entities whose focus and goal are maximizing profits. I hope I don’t need to give citations for how the basics of our societies economic system works. Though I’m sure we can find “experts” at hundreds of think tanks simping for big business disagreeing.
If I don’t want to use a phone or browser backed by an adTech company - I don’t. Since most analytics is browser side, I can block tracking via a content blocker on my computer and my phone. I can choose a different search engine, etc.
Yes, free will. Good thing we are all born on an even playing field and then are given an even playing field for our childhoods. That way it doesn’t break our brains to blame the common man vs the actual status quo.
What we really need is the principled and ever consistent hypocrisy (that always seems to be benefit the person) of most libertarians/sympathizers. When they are doing well…no regulation or taxes or safety nets. Someone else does something wrong because the system sucks? That person is at fault. Oops something doesn’t go well for the person. Now they want action. Make things whole.
A quirky recurring example of this are grifters like Mark Cuban following this to a tee with crypto. Or even funnier, the reversal of Eth after the legitimate DAO attack or wanting FDIC sort of insurance any time things don’t benefit them! I understand the desire to want to fuck. All the time. Yet never wanting to be fucked.
GDPR didn't make the shit show. Tech companies that rely on breaking the GDPR caused the shit show by choosing to simply ask for consent to violate it instead of changing their practices.
Of all the areas of "consumer harm" online my point is for some reason THIS issue with Apple is the key issue they are going after. My guess is this is actually a "business harm" case - ie, scum bags like Match / Facebook with disrupted businesses now doing some kind of alliance to stir the pot and get action (the law is for the rich not the poor).
This is after Apple showed up the DOJ with app store rules that frankly should apply everywhere (ease of cancelation / clear subscription terms) as well as tracking rules, payment method rule and login rules that allow for lots more actual privacy and more.
Of the entire internet, with its endless horrors beyond Apple's control, the DOJ has decided to go after a small green patch that users trust. This is more an indictment of the DOJ than anything. Apple's phone market share is small, but the trust / spending on apple are crazy because it's one of the few places online that doesn't just screw you over.
And hey, I've tried to report online fraud issues for businesses I worked with - it's a total joke. The DOJ gives two craps for even totally obvious scams.
Match Group has mentioned in their earnings how Apple’s restrictive polices are harming their earnings by making it easy for consumers to cancel subscriptions.
Facebook has been screaming bloody murder over Apple’s regulations making it difficult for them to monetize user fare.
These companies are not your friends, and don’t for a second believe that their push for more open regulations has anything to do with user “freedom”. These companies are only concerned about apple limiting their freedoms to prey on users.
> Of the entire internet, with its endless horrors beyond Apple's control, the DOJ has decided to go after a small green patch that users trust. This is more an indictment of the DOJ than anything. Apple's phone market share is small, but the trust / spending on apple are crazy because it's one of the few places online that doesn't just screw you over.
The fact that the most valuable consumers willingly lock themselves behind this walled garden, when there were and are plenty of open alternatives is a pretty glaring indictment of the state of the tech industry. Unfortunately predatory and user-hostile companies are the norm in our industry, and consumers have adjusted their spending habits accordingly.
Match used the love letter scammers to turn non-subscribers into subscribers. What they did was block the scammers from messaging paid accounts, but kept them on platform to generate likes and messages to nonpaid accounts even though they had been flagged as scammers. The free users had to upgrade to see the messages from these scammers. So it was very intentional.
Match did something like 500,000 subscriptions from users within 24 hours of a user receiving a message from a scammer. Even better, if match DID delete the scammers profile, the user would pay to upgrade only to be told profile was unavailable, but no refunds were available.
I loved the "free subscription" match offered - 6 months free! The fine print was that you had to have a fully public profile with a primary photo approved by match, had to upload that photo in seven days, had to message 5 users per month and could only get through the claim process in a 7 day window out of the 180 day free trial! So yeah, another ridiculous scam
I could go on and on. The "consumer harm" by forcing match to play by Apple's rules is really "big business harm". And the folks on apple can afford to go elsewhere, these are not poor folks starving. Who has the time for the scams online - I got tired of spending time dealing with them (2 experiences I went to the mat on with plenty of resources). When I deleted an app recently on my iPhone apple REMINDED me to consider deleting a related subscription! That really does not happen in normal DoJ internet land.
The irony of the DoJ claims that Apple is the big bad consumer harm player on the internet (which is PACKED with love letter, phishing, sex-storation and more scams most enabled and many easy preventable if companies wanted to) is kind of comical.
Apple has a massive hardware moat that will take even secondary players a decade to break into. Every action they take that effects the industry should be taken critically, even if at the surface it appears to be a net positive.
It doesn’t have anything to do with manufacturing expertise. It has to do with a walled software ecosystem that sits on top of a custom full hardware stack. I probably should have said hardware/software moat.
Sure samsung knows how to make individual components, hell even put them together, that’s about it. Samsung does such a good job apple is a customer when it doesn’t matter as much too.
privacy and security is a pendulum, it swung hard to security post 9/11 and is swinging hard towards privacy currently. Id be surprised if we ever actually reach a happy middle ground but I am sure at some point we will see things swing back towards security
and to clarify when I say security there is of course the national security apparatus angle but also things like spam, fraud, cyber security, crime etc. All of these will happen and as governments grapple with addressing them unfortunately the easy button tends to negatively impact privacy versus things like providing better funding/training for law enforcement and regulatory bodies
Is there a demonstrated correlation between any of these facts?
That you take reasonable care of your customers privacy does not entitle you to turn around and exercise monopolized control over that market, your competitors, or the consumers.
A straight A student doesn't get to break the law on the weekend just because he gets good grades.
What's interesting is how you and others have basically given up on any arguments around USER (not business) harm.
When looking at the many many thousands of businesses online and their behavior - you have decided that APPLE (with a much smaller market share than google) has come up with an approach (protecting users on their app store / platform) that is so horrible in its impacts on other businesses that the full weight of the govt should be brought to bear to tell them how to run their business.
This is the SAME govt by the way that absolutely screws folks over with its OWN billing process at the IRS where 90% of calls get an immediate disconnect, mail will sit unopened for 2 years, and millions of docs will be shredded without ever being looked at.
What the govt and you fail to understand is that users may not see the market power apple wields as a negative. In fact, in a world where the user force can basically never stand up to big corp voice (of Facebook or Match.com or whomever) apple is another big player that can. Is this altruistic? Far from it, it's a business play - and one that I'd love to see rewarded vs destroyed.
The reality is the DoJ hates apple for many reasons. They absolutely shut the DoJ down on a phone unlock case. They have pretty clearly created end to end encryption with iMessage. So yes, between facebook, match and biden/doj political stuff - they are going to be targeted. If you think this is a careful result of looking at places of greatest user harm and pursuing them, think again.
> have basically given up on any arguments around USER (not business) harm.
No, I explicitly mentioned that. Users are obviously harmed by lack of competition in pricing and with product release schedules and support mechanisms that are designed to extract the maximum amount of revenue from them.
It's not as if Apple hasn't been known to engage in precisely this behavior with many of their product lines.
> This is the SAME govt by the way
Again, you're making asserts that may be true, but you're not reliably connecting them to your overall point. Yes, the government itself sometimes gets it wrong, does this enjoin them from ever attempting to get it right?
They can only go after Apple, but only once they've fixed the IRS phone system?
> may not see the market power apple wields as a negative
I'm sure heroin users don't see the market power that heroin dealers hold as a negative, either. This isn't a useful measure and it entirely ignores their monopoly position in the labor and supply markets as well, which have historically been pernicious and poorly publicized but real problems that monopolies present.
> Is this altruistic? Far from it, it's a business play - and one that I'd love to see rewarded vs destroyed.
Just because half your publicly traded business seems to comport to some imagined idealism does not excuse you from following the letter of the law in any other domain. Al Capone used to run soup kitchens with free food, and it worked for a time, but it ultimately didn't save him either.
So, it's great that they get many things right, but it's also great the FTC is on their back ensuring that they get the other things right and aren't abusing their monopoly position as well. I fail to see how we are deprived as citizens by any part of this process.
> If you think this is a careful result of looking at places of greatest user harm and pursuing them, think again.
I don't think you've been paying attention to the the FTC, staff changes, or the politics surrounding it for the past 2 years, knowledge of which really undercuts the government conspiracy narrative you're attempting to peddle here.
Your claim that apple doesn't provide support is false. Apple provides some of the LONGEST levels of support for their products. That increases the value of their products, it does not decrease the value.
The chinese android phone you celebrate will ship with one generation back android and NEVER get updated. So if you look at devices holding value, iphones are WAY up there. iOS 15.5 will include updates all the way back to things like iphone 6S.
Users see through this with the govt. In many places, including potentially the US, users will trust Apple MORE than they do their govt. Let that sink in for a bit. People think their own politicians are likely more corrupt than Apple (!).
In terms of your claim around user harm - apple has a clear annual product release schedule that is HIGHLY predictable. I wouldn't call that a user harm. They offer by FAR the longest support options, and some of the best support in terms of retail store access - and if you want you can do applecare with theft and loss protection as well. The experience (I've used it once) is very good, absolutely crushes the companies you and the FTC are supporting. I was in and out in 15 minutes.
In terms of my paying attention to FTC et al, I'm pretty sure I've been around this a LOT longer than you have been. I like the idealism you've got, but give it some time - you'll see it's not a govt conspiracy, just selective enforcement of easy targets for political and other reasons.
Apple uses its market power to enforce rules not in effect in the broader internet in their little world. That is everything from clear disclosures of subscription terms, easy cancellation of apps, and lots more.
Other businesses absolutely hate this (ignoring the fact that they themselves poisoned the well outside of apple with endless scummy behaviors). So they are trying to stop apple from being able to do this. Ie, they want to be able to get payment flows and stuff off apple.
Apple's behavior per the DoJ is supposedly causing "consumer harm" - but the reality is DOJ takes a totally blind eye on consumer harm unless that harm also much more directly hits the bottom line of other billion dollar businesses with much worse behavior (ie, online dating folks / gaming folks etc). Then it's all hands on deck.
What's left is basically folks online doing things like scam baiting to even start to hit actual horribly destructive fraud rings online. And they barely make an impact as this is really the territory the govt should be active in.
Yes and this is the same government that HN users are cheerleading to protect their privacy. I am much more concerned about government overreach than any private company.
Another issue is this: breaking some of these privacy laws both in force and proposed, is really quite easy to do - as easy as a misconfigured logger or a developer including the wrong field in a query.