Comment by leephillips
3 years ago
Good. US citizens should be, at least, disappointed that their government is so bad at protecting their privacy, that US law is so far behind the times.
To those companies and people who find these EU decisions baffling or inconvenient: tough. If you had had respect for your users this would not be an issue. You would already not be spying on them.
To website visitors: if you see a cookie banner, the site is asking permission to spy on you. If that concerns you, close the tab.
I'm not disappointed I'm infuriated. Because the US uses technology companies to get around the 4th amendment all the time: https://www.salon.com/2013/04/24/government_giving_att_other...
The US isn't "behind" it simply has no intention of moving in that direction, despite the 4th amendment making it really clear they're not allowed:
>The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
> To website visitors: if you see a cookie banner, the site is asking permission to spy on you. If that concerns you, close the tab.
There was a recent ACM article on this. They found there was a large number of sites that don't actually ask permission for anything, they are simply informing you of the spying. Not surprisingly, the ones that did allow modifying cookies were all setup in a predatory fashion which discouraged the disabling of tracking.
The whole system is broke at the moment.
It’s because they’re allowed to use the word “cookies” for it.
If they were required to use specific wording, like for instance “injecting surveillance artefacts” people would probably care a bit more.
Not necessarily. The team that wrote the ACM article did a small user-test using various versions of the "disable cookie" banner. In all cases they concluded that the user was indeed aware of the negative impact of cookies, however, the need to just "get back to the content" often overruled that distaste.
Not surprisingly, the most effective banner they found was the one which had a single "disable all cookies" button. It was something like an 80% hit rate. So, people care, but not enough to dig into another prompt to uncheck a bunch of boxes. This is what the ACM writers referred to as predatory (abusing human nature).
Hardly. It's like the requests for administrative rights in Windows Vista, or the installers with many browser addon bars...
Nice idea in theory, but if it's too frequent the awareness will, at some point, just disappear.
Pragmatically, to what extent do you believe the European laws have protected Europeans above and beyond how American laws have protected Americans?
Basically, what class of badness are Americans subjected to due to behind-the-times data protection laws, that Europeans are protected from?
It's possible for a company, which is seemingly providing you a service since you visited the site, to make money off a targeted ad in exchange for free video streaming/content/entertainment.
The whole thing has always seemed overblown to me. Websites make much more money off targeted ads, allowing them to do things like allow anyone to upload a video of any length and quality for free. And view other videos people upload. In most cases it seemed to me like a fair trade to make. Yet as people point out all the time, technically a website isn't allowed to deny access to someone who refuses targeted ads (through the cookie pop-up), so they're essentially being forced to provide that user content at a loss. Untargeted ads are often worth 90% less or more than their targeted equivalent.
Privacy privacy privacy though, as if someone at Google is manually looking through your history laughing at you.
> Privacy privacy privacy though, as if someone at Google is manually looking through your history laughing at you.
Part of the problem is that it seems more or less impossible to get large companies to keep their data secure. In fact Google stands out as maybe the only big tech company that has not been involved in a major breach.
Notwithstanding the legal and political issues that arise when (not if, but when) this data gets into the hands of law enforcement agencies.
And yes, there have been individual instances of employees misusing sensitive user data.
Privacy is security.
Generally I agree that content providers should be allowed to make money somehow, but this way has proven to be untenable and something needs to change.
Give me the option to pay more if it lets me get more privacy. Otherwise I keep using fake accounts, VPN, antifingerprinting methods, ad blockers, etc.
2 replies →
You won't get a good answer to this because there isn't one. These no realistic, practical harm to people that this EU law is preventing.
Given your comment history, it’s clear that you’re driven by motivations that aren’t at all universal.
More bluntly, you’ve decided that consumer-surveillance-as-a-service is harmless. I’m thankful that the European regulatory apparatus disagrees. Now if only we could remind the American federal government why regulation is a worthwhile effort.
I believe a part of the data-privacy laws and sentiment in Europe comes both from the WWII and the civil wars/dictatorships/etc that happened across EU. When in our grandparents time (YMMV) the government was compiling list of citizens or checking what they were doing in their private lives, it was not to give them flowers. And while that still sounds pretty far from me, it was also fairly recent in the past so that there's some social residue of the sentiment.
BUT to answer the question directly, credit checks to the level they are performed in the USA sound like a horrifying thing and a total privacy breach for us EU citizens.
European laws are pushing to end Chat providers control over social interactions(which is something that shouldn't be done for profit any way) in the Digital markets act, which forces big apps to provide federation APIs.
The EU with the GDPR made an incentive to not use trackers, dont want that ugly tracker on your site ? Then stop selling data, that's why private analytics like Plausible and Umami have sprung to life. And also made it clear how much tracking is on the web.
There is also finally a movement to let the US host everything because really, the US isn't trust worthy.
So, the EU laws, gave better awareness about tracking, gave incentives to not use trackers, and is now working on improving the user experience by stopping the monopolization of social interactions.
Have you heard of Robo-calls? Basically there are no Robo-calls in EU, because you can just add yourself to a Government no-call list. If any company doesn’t respect that, they get a huge fine.
> To website visitors: if you see a cookie banner, the site is asking permission to spy on you.
Or you know...count how many unique visitors they have and how to make the site more useful. Do you avoid using cookies on this site but still manage to log in?
Cookies needed to properly provide user authentication, i.e. user session identification, are counted as "technical necessary" cookies and do not need a cookie banner. You only need to ask for cookie consent, if you track visitors with third-party services. And, to counter your unique visitors claim: you don't need cookies, or any third party service, for that. Everything can be done locally without disrespecting user privacy.
Exactly. HN doesn’t need a cookie banner because they’re not spying on their users. No barrier to keeping track of sessions.
> and, to counter your unique visitors claim: you don't need cookies, or any third party service, for that. Everything can be done locally without disrespecting user privacy.
how do track unique visitors without cookies, and how is that way less "disrespecting" of user privacy than a cookie?
1 reply →
Do you know the difference between cookies and a cookie banner? Do you understand why this site can have login sessions, and even keep track of the number of unique visitors, yet is not required to have a cookie banner?
What do you think the _ga attribute is in their cookie?
Isn't there an exception for authentication in the consent requirement, but not in the inform requirement?
Have you researched to know if this site is hosted on a US server? I wouldn't be surprised if it is and I also wouldn't be surprised if your IP address was additionally stored in a log somewhere for a period of time. In the US.
1 reply →
My buddy is a manager at a chemical plant, and your comment reminds me of a very astute statement he made recently.
“I don’t generally like unions. I’ve worked at both union and non-union plants. But anytime someone else complains about unions, I remind them that if they have a union at their plant, they earned it.“
When union plants are shuttered in favor of non-union plants, did they earn that too? Or does this logic only apply in one direction?
I think it's fair to say that most unions have been established as a sole result of proportional human effort, while the same cannot be said for the success of most businesses. There are many instances where an existing imbalance in power or resource ownership is a significant factor in a business' success.
His point is having a union established often means the problems were really bad.
Yes? Why wouldn't they?
Sounds like a manager's take on unions, at least he sounds somewhat reasonable. Good on him
Yeah, even as a very pro-union guy (film background) I couldn’t really take issue with that stance.
Yes “we care about privacy. But we also want a back door to all encrypted communications”.
https://appleinsider.com/articles/22/05/11/eu-plans-to-requi...
America is the LTS branch of Democracy.
Privacy improvements will be pulled in along with independent political parties in the next kernel update.
You guys are getting kernel updates? Our supreme court is taking us back to v0.1 from 1800
I think the support contract ended a while back
more like the archived repository on Github
More like the bitrotting prototype ;)
and global wealth.
If a modern democracy requires an ever-growing government I think I will stick to Democracy Stable.
Here in NH we have a group of people trying to compile their own. I never thought of them as distro hipsters, but it tracks.
1 reply →
Agreed i'm not interested in "ever-growing"...not for a distro nor a gov...but i am interested in an evolving one for the better - i.e. improve effectiveness, and reduce bloat if it adds nothing of value. ;-)
4 replies →
An equivalent regulation to the one banning GA in the US would not ban GA because the data centers are in the US.
No one is asking for exactly the same law, just the same results: more privacy.
If I thought the EU was doing this to protect privacy I'd be all for it. They really don't give a fuck as seen by ever bit of legislation they are pushing for. Yes I also do understand that the EU in general view privacy from the government as illegal rather then a right.
The EU has both enacted the most promising and some of the most backwards, stupid and regressive privacy laws. I'm guessing that it depends on what representative guides it and forms it through the various processes, and what the courts do with it. Overall I think they have moved the needle towards more privacy.
> Yes I also do understand that the EU in general view privacy from the government as illegal rather then a right.
That is absolutely not true, at least not by enough people for anyone to be able to make that sort of blanket statement. I'd also wonder what reasons you have for thinking that, it seems to me like all of the 5-eyes used each other to spy on themselves (besides all of the things done by normal police, various levels of federal police, etc.)
> To website visitors: if you see a cookie banner, the site is asking permission to spy on you. If that concerns you, close the tab.
I'd love to see how often people do anything besides click okay anyway (I'd be very surprised if it wasn't 99%+).
Unless there is a very simple "reject" button, I click okay. Between Firefox's native protections, DNS-level blocking and uBlock, I have a lot more confidence in my own protections than I do in their honesty, and it's not worth it to me to uncheck a bunch of boxes.
Sometimes it's easier on mobile to just accept all the garbage cookies and then clear my cookies & site data after I'm done with the page.
But they are probably fingerprinting my phone anyway through other means.
Yeah clicking anything but okay or reject all (which I rarely ever come across) is usually a maze of options no one has time for except some tiny dedicated minority.
1 reply →
Well I’m not an expert but I think the main issue is that American citizens have protections that non-Americans do not. The government cannot spy on Americans without a court order.
Unless they have an intelligence sharing agreement with a nation that happens to pick up signals from americans, from who they can request that data. And maybe there exists a network to share the raw data, wouldn't that be convenient? Or you could have a secret court system (FISA) to bypass most of the protections normally granted by due process?
> The government cannot spy on Americans without a court order.
Have I got news for you. Specifically at least 100 years of news.
The word "spy" is so loose these days. I'd consider the vast swaths of metadata other companies compile on me "spying" to an extent.
> You would already not be spying on them.
Can you point me to the part of the ban that says it's about protecting users from "spying in general" and not "protecting users from spying by US companies instead of EU companies that EU member states can obtain PII from at any time"?
> "protecting users from spying by US companies instead of EU companies that EU member states can obtain PII from at any time"
I want to quantify this quote. Each EU country can spy on its citizens to similar extent as 3 letter agencies from the US, but in a less analytical/big meta data way (part of it being the US brain draining EU countries for those working in tech).
However, if EU country A wants to have access to its citizens user date on website X located in EU country B, is not an easy process; involving a strict judicial system between those countries.
I think your logic may be a bit muddled, or I misunderstand your question (but, if I take it literally, my answer would be “no”.)
Not spying ⇒ not using GA ⇒ this ruling moot.
If you feel this way I hope you do research before visiting any website at all, because you might accidentally connect to a server in the US and your IP address will be in the TCIP stack of that server and probably the logs too. US servers that are intended to serve US customers have no obligations to you.
What about Australian citizens?