The point in the case is that Meta kept a detailed profile of the individual, and then processed that data, even though the person didn't have an account with the company.
That's against the EU's data processing and consent laws, irrespective of the actions of the third party app.
Saying it’s the responsibility for owners to protect their stuff isn’t the same as saying the attackers aren’t responsible for any wrong doing.
I appreciate nuance is something the HN community often struggles with, so hopefully this analogy helps:
If you had £100 on your person, you’d be expected to look after that money responsibly. For example not leaving your wallet on a park bench and walking off. However even if you did the latter, that doesn’t mean it’s ok for the person who finds your wallet to keep your money.
My unpopular opinion: they shouldn't seek consent, this should be completely opt in. Draconian laws should make this happen and flip this backward industry so everything is opposite.
The point in the case is that Meta kept a detailed profile of the individual, and then processed that data, even though the person didn't have an account with the company.
That's against the EU's data processing and consent laws, irrespective of the actions of the third party app.
If I try to rob a bank and succeed, it's not my fault if the bank doesn't protect it's money sufficiently well.
That's how a lot of security researchers think...
No it’s not.
Saying it’s the responsibility for owners to protect their stuff isn’t the same as saying the attackers aren’t responsible for any wrong doing.
I appreciate nuance is something the HN community often struggles with, so hopefully this analogy helps:
If you had £100 on your person, you’d be expected to look after that money responsibly. For example not leaving your wallet on a park bench and walking off. However even if you did the latter, that doesn’t mean it’s ok for the person who finds your wallet to keep your money.
1 reply →
Meta has the same obligations to seek consent regardless Og how they obtain the data - that seems fair, no?
My unpopular opinion: they shouldn't seek consent, this should be completely opt in. Draconian laws should make this happen and flip this backward industry so everything is opposite.
What's the difference between consent and opt-in? Both require the user to actively say yes before it happens, no?
3 replies →
“Opt in” is literally just in IT way of saying “seek consent”.
You’re arguing for the same thing as the person you’re arguing against.
People are harmed, Meta benefits. That means Meta did wrong, the middle is just details.