Hacker News new | past | comments | ask | show | jobs | submit | randalluk's comments login

Or notepad inserted a UTF8 BOM.


> Me; it's far superior to anything outside of a mouse.

I used to love the track point - it felt so efficient to have my pointing device right on the home row of the keyboard.

Eventually I realised it was the cause of some pretty bad RSI (or something) in my index finger. Now I have to remove the plastic cap to stop myself from using it.


I can see that happening. Interestingly though, while I'm a right handed person and use mouse with my right hand, I use the trackpoint with my left hand! It actually thus helps prevent RSI for me - I get to mix it up and switch my hands :). I also find that it's a very different position - I think stretching right thumb to hit left button is harder than using left thumb to hit left button, which is just naturally resting there (understanding of course these can be remapped:).


As the article says

>Libertarianism's attraction is based on ignoring externalities, and cryptocurrencies are no exception.

The economy as currently regulated doesn't correctly price in externalities such as the ongoing cost of global heating generated by burning fossil fuels.


I'm all for including externalities. My usual argument is if you look at positive and negative externalities, fossil fuels are a massive win.

People seem to struggle with positive externalities so the argument usually falls flat, and the situation is too clear to me to be able to spell it out easily. But without fossil fuels, 40-80% of the modern world would have been all but impossible. The knock-on effects of abundant cheap energy (and precursor materials to plastics) aren't being priced in.


The 'positive externalities' of fossil fuels are already accounted for in our economic system: When mining for raw materials, the price that the miner is paid in the first sale is payment for that. And ditto in every subsequent sale: The benefits to the buyer goes into setting the price.

I am not an expert on economics nomenclature, but ISTM you can't really call that externalities when it's already being rewarded by the current economic system. Wouldn't that be an "internality" or something? They are already included.

Unlike the negative externalities from pollution. In the absence of something like a carbon tax, they are not included.


I've never bought any oil directly. It is beyond question that if oil & gas producers disappeared I'd be much worse off (it'd be physically quite difficult for me to get food, for example, and I'd likely starve to death). That is the informal definition of an externality right there; my entire lifestyle is being enabled by a deal that I'm not party to.

And even if I've got the definition wrong, the oil and gas producers are creating huge amounts of value that are being captured by other actors in the economy (like me). If we fairly evened out the harms and benefits, they deserve subsidies rather than taxes. Obviously nobody sane is going to advocate for that, but if we want to price in externalities that is the logical outcome.

This isn't obscure logic. People often point out that the measurable value of what blue collar workers produce is far in excess of their pay and follow it up with the idea that we should force the market to pay them more. It isn't a good idea but it is logical in as far as it goes.


>That is the informal definition of an externality right there.

You pay a grocer who pays a farmer who pays a fertiliser manufacturer who buys some natural gas. You wanting to eat has a reasonably direct impact on demand for fossil fuels, and therefore prices and profits. The oil company doesn't capture all the value, partly because they're not doing all the work, and partly because of competition.

If the oil companies went away tomorrow, the price of oil would skyrocket, because people want to eat, and new oil companies would form to meet the demand. There is no need for subsidy.

Positive externalities are things like "I financed construction of a road for my own commercial reasons, but other people can use it for free". Or "I wanted to renovate the rundown building I live in, but doing so made my neighbour happy too".

But to come back to the point, finally. The argument is that we know crypto mining has negative externalities (crypto miners don't have to reimburse people negatively impacted by climate change). The article argues that permissionless blockchains are doomed, ultimately, to fail anyway. So they will destroy value, by pointlessly wasting fuel AND by harming the climate (which doesn't factor into a miner's decision-making because it's an externality).


> There is no need for subsidy.

There is if we add on a tax for the negative externalities, we need to consider both positive and negative externalities to get the tax right. The evidence is that the more fossil fuels we use the better off people are. If we add a tax on we'll use less, which is pushing the market in the wrong direction.

It is very hard to argue coherently that less & more expensive energy leads to better outcomes. The evidence is that in countries like China, Africa & India everyone benefits a lot more from using more fossil fuels than the cost of any negative externalities. We've run a big natural experiment here, the outcome is that more fossil fuels == rapidly improving living standards. Less fossil fuels leads to poverty.

Breaking growth in fossil fuels with a tax would be doing much more harm than good, even to bystanders. So there must be a large positive externality here somewhere. Because if you reduce the negative externalities and the outcome is much worse for everyone then there was probably a big positive externality in there somewhere.

I dunno, I suppose as a question - who do you think is bearing the cost of these negative externalities right now? Because it sounds from your reasoning like you are imagining a group of people who don't use fossil fuels or sit downstream of fossil fuels (so they can't influence the market with price signals). Who are these people, demographically speaking? And to preempt my argument, would they not be better off if we got them access to fossil fuel rather than worrying about negative externalities as they sit outside the system? It worked great for China.


> There is if we add on a tax for the negative externalities, we need to consider both positive and negative externalities to get the tax right.

There are few positive externalities directly associated with the act of burning oil, except some associated with global heating.

There may be positive and negative externalities from the things people choose to do with the power generated. Companies are generally better at internalising positive effects than negative ones, for obvious reasons. If my chemical plant produces hot water as a waste product, I can sell that to the plant next door or to a district heating system. Competent business try not to leave value on the table, and try not to pay costs that they don't have to. But where they can be identified, sure, subsidise away. Just not crypto mining.

> So there must be a large positive externality here somewhere

Not necessarily. There is/was a large positive asset: ie. a huge store of chemical energy underground. It has allowed us to do incredible things. If the cost of it included the negative impacts of burning it, the market would use less of it, smarter, more efficiently, towards the most valuable outcomes, and in better balance with the harms.

>who do you think is bearing the cost of these negative externalities right now? ...would they not be better off if we got them access to fossil fuel

I'm not a climate scientist and I'm not qualified to re-litigate the scientific consensus, which is that global heating is dangerous. Some will be more affected than others by increased incidence of extreme weather, water wars, mass migration, cost of flood defences etc. But ultimately it is a "tragedy of the commons": few of us are innocent, most of us are impacted or at risk in some way. It isn't even in the interests of those of us with economic power to stop polluting, because the cost of each of our individual actions is externalised. If I take a flight, I get the full benefit, but experience only one eight billionth of the total harm. That's why it needs a systemic fix.


Sure. Fossil fuels are valuable to society. They made the industrial revolution possible. If they were to disappear tomorrow, much hardship would ensue.

They are, however, overused, because the negative externalities are not properly accounted for.

> And even if I've got the definition wrong, the oil and gas producers are creating huge amounts of value that are being captured by other actors in the economy (like me).

That's how all market transactions work: Whenever you buy something, it's because the value you derive from the purchase is higher than the price you pay. All business has this value-add aspect. When you buy a jacket so you don't freeze to death in the winter, that doesn't mean you are beholden to the clothes manufacturer for your life.


> If they were to disappear tomorrow, much hardship would ensue. They are, however, overused...

No, that isn't true. There is a reason the environmentalists have had so much trouble getting their policies to catch and it is the fact that statements like this are manifestly wrong. The hardship caused by fossil fuels is minute compared to the benefits. If anything, oil and gas are underused. There is little question that if we could get more people more oil & gas, lifestyles would improve more than damage done by negative externalities. We've seen this play out in multiple countries. The only reason not to be pushing them like mad is that we're about to run out of useful reserves.

The benefits of a modern economy powered by cheap energy substantially outweigh the negatives. More cheap energy pretty much inevitably increases the general good. Taxing that energy doesn't help.

> That's how all market transactions work: Whenever you buy something, it's because the value you derive from the purchase is higher than the price you pay.

Yeah, but that isn't an externality. An externality is something that happens to a third part to a transaction - which is my relationship to the fossil fuel industry. I purchase very little fossil fuel.

The externality is they enable other deals to happen that would otherwise be impossible. Like my groceries.


>"lifestyles would improve more than damage done by negative externalities"

Just because you assert this doesn't make it true. Tragedy of the commons is at play - we have no good way to measure if your statement is true or not - which is it's own issue.

It is easy to imagine how your statement could be wrong, despite what we see. Starting with a non-industrialized society, you add in some tech, like cars. Some people use them for personal benefit. Of course a few cars don't cause everything to go suck just by themselves, and even so, the benefit for their users outweigh the harm to them personally, so they use them! Some other people are now going to need to use cars to compete with the people who do use them. Eventually the harms really become apparent, but there is no going back. And even if some people would choose not to use cars because of the harm, it is much harder to choose to abstain when practically speaking, things are still going to suck because everyone else is.

So, taking cars as an example, how do you know you are right?


There surely are positive externalities, but the very useful things we burn fossil fuels for are reflected in the price - cheap or no. Those primary reasons for burning fuel will have all sorts of externalities, positive and negative. And one would expect similar externalities from the work done by renewable energy.

If your position is simply that we are fortunate our planet was/is abundant in fossil fuels, I don't disagree (ideally there wouldn't have been enough to completely wreck the climate we depend on, but...). But the issue is whether we should trust the market in respect to cryptocurrency mining specifically. The history of human civilisation seems a bit beyond the scope.


> but the very useful things we burn fossil fuels for are reflected in the price

If we imagine a counterfactual where there were no fossil fuels, double-digit percentages of the world's population wouldn't exist.

There is no way that the oil and gas producing companies have made money on the same scale as the value they've created by enabling billions of humans to exist. No way at all. There is obviously something very powerful happening that is more than offsetting the notional damage that they will theoretically do at some point in the future to a relatively small percentage of humans.

If we balance out the harms and benefits that the coal and petroleum miners have caused to the rest of humanity, the ledger is overwhelmingly in their favour. I can't even estimate the numbers involved but based on the fact that I'm not slaving away for a fossil fuel company double digit percentages of my life I can tell it isn't close.


Sure. Bring on the carbon taxes.


>we keep having articles saying that bitcoin transactions are a waste of energy, and everyone ignoring that the block reward halves every few years until it drops to zero, so it not built with the incentives to use this much energy forever.

Bitcoin transactions aren't a waste of energy, a high bitcoin valuation is an incentive to "waste" energy (commit resources to mining).

The block rewards will drop over time, but they're denominated in BTC, so it's hard to predict what the incentive to mine will be.

It will be a long time before block rewards reach zero.


But not such a long time before block rewards are dominated by transaction fees, a few decades at most (in two decades, the block subsidy will be 32x smaller).


Doesn't this attitude overlook the "agency" of the "User-Agent"?


Note the text:

> It is undisputed that the plaintiff's IP address was forwarded to Google when the plaintiff visited the defendant's website.

In this context, "It is undisputed" does not mean "It is a truth universally acknowledged by everyone", but rather "there is no dispute between the defendant and the plaintiff that this happened; in the light of that non-disagreement, the court is not required to decide whether that happened or not, and will accept that as a fact".

So in this case, the defendant (as well as the plaintiff, of course) agreed that "the plaintiff's IP address was forwarded to Google when the plaintiff visited the defendant's website". If there was a place to bring forward this "agency argument", this was the place; however the defendant seems to have chosen not to bring it forward.

It may be because the defendant's lawyers are unprofessional and forgot; it may also be because they are professional and so they knew this argument would not hold.

P.S. see also https://news.ycombinator.com/item?id=30139489


Yeah, the plaintiff's browser made the request after all, no?


The plaintiff's browser did what the defendant's code ordered it to do.

If the defendant's code violated GPDR (which seems to be the court's conclusion) by sending the plaintiff's browser somewhere, it's a defendant's problem, not plaintiff's.


Yeah, that's exactly the agency argument. It's not as if the plaintiff's browser is actually under control of the defendant, a user agent is not forced to follow the instructions that are contained in a website it requested on behalf of its user.


> not forced to follow the instructions

Again, you're talking about an opt-out. GPDR (the law) requires an opt-in.


I don't think forcing each and every single website provider to implement their own consent forms is the right approach to regulating this. User agents should have the ability to convey and enforce privacy preferences on behalf of the user, and website providers should be legally required to comply with these if possible (or refuse service if not). But requiring ever more complex, explicit and custom opt-in consent forms for various provider, third party and user jurisdiction combinations is just inane.


Consent forms are not required, just host the font. They are also way more expensive and complicated to implement than self-hosting fonts. Asking for consent over usage of third-party fonts borders on pettiness from the website owner.

> User agents should have the ability to convey and enforce privacy preferences on behalf of the user, and website providers should be legally required to comply with these if possible (or refuse service if not).

The burden of respecting privacy choices in every single other case (data in the backend, data shared with partner, paper data) is already with the website. Every non-privacy-respecting implementation in the frontend is made by website owners.

Keep in mind that sometimes websites don't work with blocking other stuff, or are more difficult to use when blocking fonts (Google Material). So this is not even a practical suggestion.


There are two options to do what's required by the law: either A. not sending users' personal data to third parties; or B. receive informed consent from the users before sending their personal data to third parties.

If the option B seems unwanted for some reason (any reason), there is still option A. Implementing a different solution (that breaks the law) has consequences.


This is a pretty sad state of affairs IMO. The fact is that CDNs and similar third party services play an important role. Websites wont stop us6them, it's not feasible (btw if I "host" my fonts in S3 do I have to get consent for sharing IP with Amazon? With DNS? with every router that goes through tracert?) .

In reality, websites will add more crap "opt in" CYA forms at first loading, making the interaction fugly and unusable. We can discuss here in HN how that is unnecessary and whatnot, but that's what's going to happen...

I just wish that websites wouldn't force us outside of the EU to the asinine UX required by the EU (I hate having to press ACCEPT ALL on each page I visit.... whatever I dont want is already blocked by an extension anyways).


> The fact is that CDNs and similar third party services play an important role.

They no longer do, since browsers implemented cache isolation.

> if I "host" my fonts in S3 do I have to get consent for sharing IP with Amazon?

No, you're supposed to contractually bind your vendors/service providers as data processors with a contract (“data processing agreement”) per Art 28 GDPR. There's some debate around whether US-based companies are legally able of entering into such an agreement (say hello to the Cloud Act from me), but the general consensus still is that non-US cloud regions might be OK, and that CDNs that let you sign a DPA (like Akamai, Cloudflare, Fastly, …) are also OK. In contrast, Google Fonts does not seem to be covered by the Google Cloud DPA.

> with every router that goes through tracert?

No, such mere transmission doesn't count as processing, and/or the intermediaries are responsible for their own compliance. In any case the connection should be protected by TLS so that only the client IP address + your domain name is visible to intermediate routers.

> websites will add more crap "opt in" CYA forms

Unfortunately, I agree, though the point of this judgement is that self-hosting some assets is a perfectly cromulent alternative. I think relying on “consent” would be difficult in a case like this, since it is not generally possible to make access to a service conditional on consent to unnecessary processing activities. Using a CDN for assets like files is unnecessary.

> I just wish that websites wouldn't force us outside of the EU to the asinine UX required by the EU

For EU-based websites there is no choice, as the law doesn't care about where the users are.

There's also a bit of irony in here that there has been a lot of work in replacing the cursed cookie consent requirements that gave us most of these annoying consent banners – but the past few months revealed that the US tech giants have been successfully lobbying against the proposed ePrivacy Regulation. So please redirect your ire against Google. Without them this might have been fixed in 2018.


There's a difference between data sent to the website provider (and through it, indirectly to third parties), and interactions between the browser and third parties. The linked ruling forces the provider to ask the user for consent for third parties (even though the provider has nothing to do with the interaction!), instead of mandating a direct opt-in interaction between the user (agent) and third parties.

Imagine embedding many social media sites. Instead of forcing the social media sites or browser vendors to create embeddings that ask for consent themselves, the website provider has to ask for consent on behalf of all external sites before loading any content. As a web developer, this is a nightmare.


> even though the provider has nothing to do with the interaction

I beg your pardon, but in this case "the provider" (website) has directly sent the user's browser to a third party (google fonts) by including an instruction in the code (HTML) that the provider has sent to the user's browser. The browser did not decide to contact google fonts all by itself; it was directed to do so by the provider. Arguing the provider "has nothing to do with the interaction" looks a bit disingenuous to me.


I don't think you get the agency argument. Of course the request to the third party provider is causally related to the website sending the instructions. But while that is necessary for it to happen, it is not sufficient. The user agent's execution, on behalf of the user, makes it happen.


> I don't think you get the agency argument.

I do get that argument; I just don't think it holds any water.

If one hires a hitman to kill someone, that one may still be held accountable to manslaughter, even if that specific person didn't kill anyone themselves. It may also not matter how many degrees of separation are there between that person and the hitman: as much as putting a (Bitcoin) bounty on someone's head (with a "smart contract" or whatever) may be considered manslaughter, even if nobody knows who the actual hitman is.

"Agency" is not a magic get-out-of-jail card.

Also, one may try convincing a judge "Your honor, it's true that I wrote the code that encrypted the plaintiff's network and wrecked a havoc, but I did NOT execute it; the plaintiff could have instructed his CPUs to not execute my code"; I don't know if this argument would hold.

Finally, there might be a "reasonable burden" argument in this case. It's reasonable to expect that website builders would know how browsers/internet work. It's not reasonable to expect that website visitors (general populace) would know that. Hence, the burden of GPDR compliance is better put on the builders' shoulders, which is exactly what happened in this particular case.


I discussed that argument over here: https://news.ycombinator.com/item?id=30139489

Summary: A company did try the “it was the browser, not us” argument in the “Fashion ID” case. The court did not fall for it. Data controller and thus responsible for compliance is whoever determines the purposes and means of processing. Being able to control what the website does seems to be good evidence for being a data controller.

In this Google Fonts case, the website operator didn't even try this discredited argument.


Thanks, that's very relevant and on-point (as opposed to my examples).


As pointed out in another great comment:

   > Sure your honor, the victim died by carbon monoxide asphyxiation, but it was his choice to inhale the gas, even though it smells the same as normal air"


> Again, you're talking about an opt-out. GPDR (the law) requires an opt-in.

It is opt-in. You decided to use a browser that implements the full HTML spec. Just use a basic browser.


"Your honor, the victims of my ransomware attack decided to use a modern CPU to run my code. The attack would not have succeeded have the victims used Z-80, so there's no one to blame but the victims themselves."


Yeah like when you use a browser no where did you literally cause & consent to loading and running stuff.

False analogy.

Ironic that people use this line of reasoning to defend ad blockers (I'm responsible for whatever software I run) but then use the opposite argument when they don't like what the software does.


> It's not as if the plaintiff's browser is actually under control of the defendant

In theory and in practice it is, though. The browser viewport, by executing remote code, is in fact under control of the defendant's website.

Most websites are closed-source. The "instructions" are not available to the customer.


> a user agent is not forced to follow the instructions

Luckily! A large german media corporation called "Springer" has for years, and is still, unsuccessfully trying to get the courts and politicians to rule that users can not manipulate web content and must run it as intended, as changing it would violate copyright and is a sabotage of their program. And i bet they aren't the only ones globally. Also: how many devices are locked down and can only run code as it is provided by trusted third parties? Try installing an ad-blocker on a smart-tv or a playstation.


Website have no authority over the browsers accessing them. They can't order. Just state information. "There's a font over here" not "you have to go access this font over here".

That browsers by default tend to follow links to resources automatically doesn't change that. It's still the agent the user has chosen to represent them when talking to the website making the decision not the website.

If a legal body want to make the call that users shouldn't be responsible for choosing what their browsers automatically do or don't do on their behalf that's fine. But it's absurd to do it by making it the website creators problem. It's the browser that's choosing to do things without asking the person it represents for explicit permission. It's the browser sending the information to the third party. Put it on the browsers!

We've got a handful of choices for browsers. They all gratuitously send every bit of information they can get their hands on to every website they can. Just straight up informational security Judas'. And GDPR blames websites? It's crazy to me.


Use this one weird trick to make all browser exploitation legal.


no. It didn't decide and so isn't responsible. Have you ever seen a gun in jail?


no, if external resources are pulled in prior informed consent then there is no agency. Such consent is a hard requirement.

If I visit example.com I am not to guess what 3rd parties it uses.


Isn't regulation precisely the act of acting in behalf of the citizens because they are seen as "too stupid" to know what they are doing?


or too under-powered in relation to the powerful organizations that take advantage of them, or too overworked by all the tasks and details of their lives to deal adequately with all the things it might be beneficial for them to deal with, but are not strictly necessary for getting through the day.


No. It is so that they don't have deal with developers tricks and misdirections and intentionally misleading uis and so on. It is also so that they are not required to learn tons of obscure and otherwise useless knowledge to function reasonably.

None of that makes them stupid. Just like, when I am in grocery store I can be sure all food there is reasonably safe, even if I don't know anything about them. I am not expected to research them all personally for dangerous substances else "I am stupid for poisoning myself".


When talking about UX, there's this bad habit of using people's mothers or grandmothers as examples, because they are 'too stupid' to understand the UI that was built. Aside from the obvious problems, this also implicitly removes blame from the designer/implementor of the interface.

I always prefer to reframe it as someone with a very important, intelligence requiring job, say vaccine reasearcher, who doesn't have time to deal with your shitty UI when they want to print a document.

I feel the same applies here.


first I don't agree with coining any group as stupid per se.

Second, if they are a target group, a website has no excuse but to deal with them.


[flagged]


the car example again.

There is a legal framework that has certain requirements. Enforced by a court here. These laws are from elected representatives of the people.

So they are binding. Like it or not.


Okay, and I made an argument of why I am against the law. That is all.


and: many are forced to use the www if they like it or not. E.g. for tax or to get access to public services.

So there's no excuse for hostility but it has to be legal and layperson-friendly.


So you advocate a computer licence?


no. They just can't care about everything themselves individually all the time.

So penalising unwanted behaviour isn't about stupidity at all.


What does the browser's user agent have to do with this?


The browser is the user-agent, ie. an agent acting on behalf of the user. The browser chose to fetch the font, based on the orinal response. It could be configured not to.


> It could be configured not to

That's an opt-out and GPDR requires an opt-in.


You could also say that the user is opting in to loading a font from google when he actively sends the request to google. You could also say the user is opting in to storing cookies by accepting the file and writing it to his own disk, and sending the file back when the site asks for it. I think it is too late for these kinds of arguments in the EU though, and maybe with good reason, if it turns out the average citizen is not actually able to configure these kinds of decisions.


> You could also say that the user is opting in to loading a font from google when he actively sends the request to google.

Consent is not consent unless it's informed consent. If the user was not made aware of the request in a clear way before the request happened, he did not have a choice. If the person (and by person we mean the human being, not their browser) did not make the choice, then he did not consent. There's no "technically" about it, the question is only if the person knew what was happening and was given an opportunity to opt in.


So it is the responsibility of the website owner, to make sure that the user is informed about how his own browser works. Couldn't you make a case for shifting this responsibility to e.g. the browser vendor or the regulating bodies who decide on web standards?


No.

The responsibility of the website owner is not to send users' personal data to third parties, OR to receive their users' informed consent to such sending BEFORE that sending occurs.

That's the law. It's enforced by courts.

Web standards aren't law. They aren't enforced. You can't sue anyone in W3C court for using non-standard CSS or forgetting to close a `<b>` with a `</b>`.


>not to send users' personal data to third parties

>receive their users' informed consent to such sending BEFORE that sending occurs.

Neither of these are what's actually happening in this case. According to this court's decision, the responsibility of the website owner is not to send instructions to the user's machine that might expose their personal data to third parties after the user's machine follows these instructions, OR receive informed consent before such instructions are sent. I'm not saying the GDPR doesn't apply here, but at least it's clearly a different situation.


IANAL but

   For the purposes of this Regulation:
   (1)
   ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person

   — Clause 26 of GPDR [0]. 
Whereas I would point out the directly or indirectly part, the latter of which happened here.

[0] https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CEL...


It hardly matters in the court of law what you "could also say".

The law is clear: you don't have to send your users' data to third parties, but if you decide to do it, you have to receive their informed consent first. In this case, the defendant chose to send personal data to a third party without receiving their informed consent.

The option of conforming with the law by not sending that data anywhere still stands, as does the option of receiving informed consent beforehand.


But technically, the user itself is sending his own data to the third party, and the original website is merely requesting the user to do so. You could interpret it like this: "To use this website, it's best if you have this font. You can get it from here: https://google.com/fonts/blah". It's not exactly the same case as a more obvious GDPR violation, where the website would collect information from the user, and then send it to a third party (e.g. selling user data to a data broker).

>It hardly matters in the court of law what you "could also say".

On the contrary, it's exactly what the court is there for.


> the original website is merely requesting the user to do so

... in a violation of GPDR, because user's informed consent was not received beforehand.

> it's exactly what the court is there for

I might have been more clear: it hardly matters what you or I could say — what does matter is only what the lawyers say. In this case, I assume that either A. the defendant's lawyers have brought this argument before the court, and the verdict still was what it was; or B. the defendant's lawyers have failed to bring this argument before the court.

The courts are not there to discuss arguments made in HN comments.


At the end of the day, nothing matters, so why discuss anything at all?


Technicalities don't matter. The user never consented to this data being shared with third parties, and there is no simple mechanism for the user to block them that is available to all website users. As other mentioned, GDPR also requires opt-in.

There is a case for third-party requests, and considering that some websites make tens and sometimes hundreds (eg Yahoo) of third-party requests, passing the burden of filtering those requests to the customer doesn't really scale.

The burden is fully on the website operator here. They wrote the software, and it's most certainly closed-source. Just as the burden of keeping my data safe on their backend is on them, the burden of keeping my data safe on my frontend is also on them.


> passing the burden of filtering those requests to the customer doesn't really scale

I think it scales better than forcing millions of website providers to engage in the legal fiction that they are an intermediary between the user and all external content providers that are embedded on their page


> all external content providers that are embedded on their page

All the embedding is being done by the people building the websites, so yes, they do have full control and therefore full responsibility.

Just because I don't perform a crime or violation myself, it doesn't automatically absolve me when I pay or ask someone to commit it.

> forcing millions of website providers

Millions? There are billions of website visitors, and most of those don't have any control or deep knowledge over their tools. There are only 3 significant browser technology suppliers at the moment, and none of them provides the hypothetical tools to users, only third parties, and those tools often break websites.

Website builders, however are significantly more technical and able to control their tech stack. If anything just hire another company. The burden should definitely be on them.


How many of these billions want or are even capable of understanding what they do when they click the "i accept" button? Legal complexities seem even further removed from public understanding than technical ones. This approach seems equally ineffective for achieving what this regulation is intended to achieve, to not just to have the users sign away their rights with a click, but give them an understanding of what they give away. But I'm not sure whether that will ever be possible.

I agree that its a big problem that the big browsers do not act in the interest of their users, and that their vendors are in fact disincentivized to do so. That would be a good reason for antitrust action and public funding, since they should be public goods.


> How many of these billions want or are even capable of understanding what they do when they click the "i accept" button?

I don't see how this is relevant, but:

Again, whether those consent forms are understandable or not depends solely on how websites implement them. The fact they are confusing is purely because website operators want them to be.

These confusing forms are not a requirement of the GDPR. How they look and feel is up to the website hosting them. They go against the spirit and some go against the letter of the law.

The goal of GDPR is letting people answer to the question such as "Can I give your data to company X?". The fact that the internet became a cesspool of privacy violations doesn't change the original intent of the law.

> This approach seems equally ineffective for achieving what this regulation is intended to achieve, to not just to have the users sign away their rights with a click, but give them an understanding of what they give away.

The law already states that rejecting should be as easy as allowing. The fact websites don't make it means they're breaking the law, and I hope they get punished by it.

> I agree that its a big problem that the big browsers do not act in the interest of their users, and that their vendors are in fact disincentivized to do so

We already have a Do-Not-Track header, but websites refused to obey it for more than 10 years, to the point they were removed from browsers.

Solutions were always there. It is websites that chose not to comply.


GDPR requires informed consent.


I know, which is why I said: "and maybe with good reason, if it turns out the average citizen is not actually able to configure these kinds of decisions."


> It could be configured not to.

Not in practice. It requires configuration that is non-trivial for most users and might not be available for them in all cases (eg: using a computer in a library).

In fact, I can't think of a solution that doesn't require third-party software/hardware/product and some computer expertise (AdBlock? Pi-Hole? VPN? Little Snitch? Hosts File?).


Ublock Origin in advanced mode can be set to block all third-party requests by default. I browse the internet that way, but it's definitely not for everyone.


I also browse the internet this way, but yeah. This solution is not available to people not using their own computers, people using certain browsers that don't have it, or just people that haven't heard of it.


Are you content that full ownership of the device is a "premium feature"?


Think of it the opposite way.

All other devices are subsidized to be just an advertising platform for their producer. Real prices of devices are those that you consider "premium".


> AD: The fact that Paul is taking on all the risk, in effect Paul has made a self-endorsement via proxy...

Is funding your own stake via a third party explicitly allowed, or is it abuse that's too hard to police and therefore you turn a blind eye, with the above justification?

If the latter, employers should be aware they may be biasing hiring in favour rule-breakers.

For most jobs, there are plenty of people who can do it. Of those people, this system advantages those with easier access to some financial capital. Not great for diversity or social mobility.


> If the latter, employers should be aware they may be biasing hiring in favour rule-breakers.

AD: It doesn't matter if you fund your friends to do it or you do it yourself, someone is taking the risk and so from a signal processing point of view it's a strong signal.

> For most jobs, there are plenty of people who can do it. Of those people, this system advantages those with easier access to some financial capital. Not great for diversity or social mobility.

AD: The stake is commensurate with the salary, and people are likely to be in similar socio-economic bracket with their peers. The rich already have an advantage in life, we can't change that, but we can equal the playing field by adjusting the price per unit of influence to match wealth distribution.


I never have this issue. Is it a difference between iOS and Android keyboards, or did I add it to my dictionary long ago and forget all about it?


GBoard, at least, has a "block offensive words" option under "text correction" options. I think it makes sense - as bad as it is to accidentally type "duck", it's worse the other way round.

Context helps - if it looks like a duck, quacks like a duck etc...

Edit: this is a possible alternative meaning for "Duck Typing"...


If you're a driver, at some point you'll probably need to write bytes into a device register, mapped to a raw address in physical memory. That's a fundamentally unsafe thing to do: it relies on you as a programmer setting up the structure of the data in those registers correctly. Get it wrong and you can scribble over some arbitrary piece of memory, for example. The compiler can't check your working. It doesn't know the specification of every piece of hardware - that's what drivers are for.


Every Ethereum smart contact is validated (run) on every node in the Ethereum network, in order to achieve distributed consensus. It should be possible to be thousands of times more efficient than that (which suggests they could achieve much lower prices for buyers combined with greater rewards for CPU owners).


Imagine writing a contract that could mine more ether :O


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: