What's killing off "gameified" communities (yes I made a post of my tweets, suck it)
-
Oh man. That hurts.
Captain Ridiculous can say whatever he wants. But online marketing?
Damn. That stings. :)
I was never in that business. I was an analyst for a market research firm. Yes we sometimes did work for online marketers. But a lot of our work was legit. I did the backend stuff for survey analytics. And I don't mean bullshit Facebook polls. I mean actual real research with science behind it. I designed the analytics, and I wrote the code to make it happen. Never did any online marketing, unless posting on forums is online marketing (legitimate point, if you want to make it.)
-
I guessed as much, but I am on mobile so I took a few shortcuts. Sorry.
-
No worries, man.
-
If you mean me when you say "Captain Ridiculous", I've been saying fingerprinting and tracking are possible, plausible, and standard behavior this whole time.
-
He means blakey ;)
-
I know that now. Sad.
I really don't want the @Captain persona associated with that vile turd. @Captain is a character, sure, but he's pretty alright.
-
<columbo>I just wanna ask one more question.</columbo>
Let's say I own two domains: veryniceresearch.com and actauallysprained.net
I'm saying that because I own both of those. Nothing is hosted at the moment. But whatever. Don't bother either clicking or DDoS-ing. They are both empty right now.
Let's say I own both of those, and I have completely different web apps hosted on each of them and they both do completely different things. Let's say that veryniceresearch.com hosts a company site, and actuallysprained.net hosts my personal blog. And they both have completely unconnected database servers.
Any time someone goes to either site, I capture everything I can about the visitor. IP address, whatever else the browser is willing to tell me. I capture all of that on both websites. I use that information to make a guess about which visitors to each website are the same person.
I'm hearing from Captain Ridiculous that this is illegal. Because <reasons>. Because PII. Because of all that stuff.
Does anyone really think this is illegal? No. No one thinks this is currently illegal. There are probably people who think it should be illegal. Great. Make it illegal. But it isn't currently illegal.
Are there legitimate reasons to do this? I think the answer is yes. I want to know how many people are reading my blog and subsequently going to my business page. Or vice versa. That's a meaningful metric.
Over time it's far more important to know these kinds of metrics because direct referrals don't tell the whole story. Where did this specific hit on one of my sites come from is good to know. But it isn't the only thing I need to know.
I need to know if you visited my site 10 or 100 times before you started reading my blog. I need to know if you read my blog a thousand times before you signed up.
This is what's going on in cross-domain tracking. We are not looking at you as an individual. We are looking for aggregate data that tells us a story about how people are using interconnected websites.
That use of ip addresses is absolutely not prohibited by law. Not by PII law, not by any other kind of law.
And before someone chimes in and says, "No, you do not need to know that." Umm, fuck you. I run a business (a hypothetical one). Is your face or your presence at a physical store PII that I can't use? Am I allowed to video tape everyone who comes into my store? Am I capturing PII by doing that?
Yes. I am capturing that in a physical way. I am claiming PII every time you come into my Condom Sense, and I'm capturing it whether or not you buy anything.
You come into my web store, and yes, I will get everything I can about you. For all the same and good reasons.
At a very basic and, I think non-objectionable level, this kind of thing is okay in just the same way that it's okay to have video surveillance in physical stores.
PII all around. How it is used is what's important.
-
To be fair to you, I have studiously refrained from using @ when I refer to Captain Ridiculous.
-
Noted and appreciated. But can't we call him "General Shitstain" instead?
-
Welcome to Discourse, where you're Doing It WrongTM, because that's not how Jeff thinks. He's said pretty much everything should be rate-limited, except, I guess, with the exception of number of posts per day.
Posting is rate limited by the fact that Discourse takes a dump in its diaper if you try to do it too fast.
Even reading is rate limited, in a sense. Nothing (except Discourse's inability to load new posts into the DOM) prevents you from scrolling through a topic as quickly as you want. But if a post is visible in your browser window for less than 4 seconds, or something like that, Discourse doesn't consider it "read." This matters to the extent that having read a certain percentage of recent posts is one of the criteria for being granted additional privileges (such as recategorizing topics; see http://what.thedailywtf.com/t/user-trust-levels/792/1).
-
Do we really want to give him a promotion?
How about Private Parts?
-
Works for me!
-
Even reading is rate limited, in a sense.
I sort of agree with this. It is, by definition. But I think it's a pedantic one.
I think that what you are saying is that after you read a certain number of posts, you have to wait for a network call to load more posts.
This is also true for paginated systems. It's just a lot more obvious.
-
Didn't react to this earlier, but if IPs were PII, and there were some restrictions on "capturing" (i.e., storing) PII, wouldn't that make most logfiles legally troublesome? At least, nginx's logfile happily stores IPs by default.
(Note- I don't really know anything about the legal aspects of this kind of stuff. The claim just seems a bit ridiculous, unless I'm missing something central.)
-
I think that what you are saying is that after you read a certain number of posts, you have to wait for a network call to load more posts.
That is true, but that's not what I was saying. Scrolling through the posts that are already loaded in the DOM will not mark them read if you do it too quickly.
There is a small blue dot next to the timestamp of posts. (It's not obvious because sometimes it fades, as described below, before the post is even visible.) This dot is an indication that the post is unread. When you scroll the post into view, the dot will fade away after a few seconds, indicating that Discourse considers you to have read the post.
This is pretty useless, as Discourse considers the post to be visible if even a single row of pixels is visible. Sometimes it marks it read even before it's visible at all. Except when Discourse is refusing to talk to your browser at all, and won't mark anything read.
-
Private Parts doesn't really understand the legal bits and pieces of this issue either.
You are not wrong at all. It would be a problem if it were true that capturing PII were illegal.
It's not a real problem.
-
What about passing PII on to third parties? IIRC I've read about there being some restrictions on that (probably depending on your jurisdiction). Even so, the question would be what exactly qualifies as PII, and whether or not it still qualifies as such after "anonymizing" by mapping to a unrelated, but unique identifier (c.f. extracting unique information from browser headers an so).
-
I see your point, and I stand corrected.
That's almost as asinine as rate-limiting your spam filter.
-
if IPs were PII
I'm under the impression that, thanks to ISP-level NAT and dynamically allocated consumer IPs, a single IP cannot be meaningfully tied to a single individual, or even a single property? Which of course means IPs cannot be PII by definition.
-
That's almost as asinine as rate-limiting your spam filter.
Welcome to the
asininewonderful world of Discourse.
-
What about passing PII on to third parties? IIRC I've read about there being some restrictions on that (probably depending on your jurisdiction). Even so, the question would be what exactly qualifies as PII, and whether or not it still qualifies as such after "anonymizing" by mapping to a unrelated, but unique identifier (c.f. extracting unique information from browser headers an so).
Passing PII to third parties is an unsolved problem. In the analytics world, we solve it by only passing aggregate data with none of that involved. What we do in the payments processing world where we are dealing with names and actual bank account or credit card numbers is that if things have to be passed to a third party, we obtain authorization from each individual person (usually through terms of service--not ideal, I admit), we encrypt the data with a key and provide that hey to the third party only by a side-channel.
So if we have a ton of credit card data for a bunch of people, and one of our clients decides to move to another payment gateway vendor, they can request a transfer. We will dump the data to file and encrypt the file. We will send the file with one employee and the key with another employee.
They will travel by separate means and ultimately deliver the file and the key to the client. They have to pay for this, of course. And it's not bullet-proof. But it's the best way we've come up with to protect actual PII that matters.
I haven't been able to come up with a more responsible way to deal with credit card data. But I'm all ears if someone has a better idea. That's our approach though.
-
-
-
Which of course means IPs cannot be PII by definition.
Since when did legislation ever match reality?
-
Since when did legislation ever match reality?
You are like the Steve Jobs of bad ideas.
IT'S iLLEGAL! IT'S iMORAL!!!
Oh wait, laws and morals don't match what I claimed.
Never Mind, everyone!!
-
Since when did a blakeyrant ever match reality?
-
Damn. You beat me to it
-
Am I allowed to video tape everyone who comes into my store?
Time to buy stock in dazzle camouflage makeup.
-
That whole thing by @blakeyrat reeked of BS to me when he first said that IP addresses were PII, now that I looked it up I am sure of it. Everything I found for US Law says that it is not.
-
Pick your own source.
-
And I'm fairly sure there have been piracy cased thrown out because the only real evidence was an IP address assigned via DHCP
-
My understanding is that no single piece of information itself is PII; you can have a list of every first/last name in the world, every IP address, every ss#, credit card#, etc. Only when you start tying that information together does it become PII.
So yeah, IPs themselves would not be PII.
-
The links in the search results that I read said that as long as you are
only tying it back to a computer, it will not be PII. You can tie whatever
you wish together to identify the browsing habits of a computer and never
run afoul of the law.
-
Over 4 minutes for a reply by email to post. Not exactly speedy...
-
Don't mind me. I'm just liking the shit out of everything up in here.
-
Wait, what??!! Likes are rate-limited?
Default is 50.
There must be some rationale for this. I'll happily accept a link in response instead of an explanation, but seriously, what the fuck?!
Bookmarks are rate-limited too, as were stars before they got Jeffedâ„¢.
Default is 20.
except, I guess, with the exception of number of posts per day.
-
Welp, so it goes. I guess. It probably does make sense to have those settings. But putting them that low is pretty weird.
-
Is there a maximum number of replies a day?
-
-
Well, I guess that it the default settings are like that, I have to retract my earlier statements.
With the default settings, no one would ever have to worry about spam.
But then again, no one would ever have to worry about having a community either.
-
OK, but what about someone who's made it up to TL2 or TL3? The limits you mention appear to apply to just noobs.
-
OK, but what about someone who's made it up to TL2 or TL3?
Couldn't find anything relevant, so I presume no.
-
But can't we call him "General Shitstain" instead?
This is good...
How about Private Parts?
But this is better.
-
There's also Major Problem and Corporal Punishment.
-
They all imply some form of rank and ...organisation. Why not just @it ?
...because he is always at it.
see what I did there...
-
Are PMs new PM topics or replies in an existing PM thread? Because if replies to PMs count I'm going to hit that limit pretty darn fast....
-
Not specifically, but that's not relevant. I wonder, though, are AdBlock, (or anyone else) , catching that, etags, cookies, local storage, flash storage, and everything else, in one convenient package? I've been considering just doing all my browsing in incognito mode, but that seems like a lot of extra work.
For Firefox: the Self-Destructing Cookies extension.
It's also available on Firefox Mobile.
-
Status: I just posted a topic based on my morning news reading, so I won't post another, but I liked this StackOverflow critique:
-
http://www.embeddedrelated.com/showarticle/741.php
AAAAAAAAAAAAAAAAAAAhhhhhh!! "The good"
Logins are via OpenID so you don’t have to remember Yet Another Password, just use your favorite OpenID provider like Google or Facebook to log in.
DIAF OpenID.
-
Haha no shit, I noticed that too. Quick someone call Atwood, we found the one person on Earth who actually likes OpenID. (AND Markdown! Although a lot of morons like that for some reason.)