The point in the case is that Meta kept a detailed profile of the individual, and then processed that data, even though the person didn't have an account with the company.
That's against the EU's data processing and consent laws, irrespective of the actions of the third party app.
Saying it’s the responsibility for owners to protect their stuff isn’t the same as saying the attackers aren’t responsible for any wrong doing.
I appreciate nuance is something the HN community often struggles with, so hopefully this analogy helps:
If you had £100 on your person, you’d be expected to look after that money responsibly. For example not leaving your wallet on a park bench and walking off. However even if you did the latter, that doesn’t mean it’s ok for the person who finds your wallet to keep your money.
My unpopular opinion: they shouldn't seek consent, this should be completely opt in. Draconian laws should make this happen and flip this backward industry so everything is opposite.
“Asking for consent” doesnt automatically mean a pop up. “Asking for consent” isn’t even a technical term. It just means that personal needs to give permission. Exactly like an opt-in option does.
Moreover, popup is still technically a form of “opt-in”. “Opt-in” doesn’t mean the option is hidden. In fact plenty of sites use dark patterns to trick people into opting in.
In that case I don't think this would be an unpopular opinion - I can't think of anyone who would rather have a pop up thrown at you than having adverse side effects (tracking) hidden in some obscure setting you never see.
