A critical reflection on GDPR
-
Ooohhh yes... Make that smooth'n'silky experience come right this way!
-
@tsaukpaetra I think I saw that exact same popup earlier today. I appreciate the "No thanks" option (though I wonder how it's stored).
-
@heterodox said in A critical reflection on GDPR:
earlier today.
You might have been browsing the 🔗 Quick links thread. ;)
-
@heterodox said in A critical reflection on GDPR:
(though I wonder how it's stored).
If you have to ask, you don't want to know?
(either that, or prepare to be bombarded. againandagainandagain)
-
Meanwhile, in Australia…
Passing sensitive customer health data to ambulance chasers with no opt out capability. Because fuck you for not reading our small print, that's why.
-
Another one who doesn't get it ...
No you don't need my e-mail ...
Also I had to make my browser window more then 3px higher just to be able to see the mail field.
-
@blakeyrat said in A critical reflection on GDPR:
@Gąska said in A critical reflection on GDPR:
Dude, are you even reading what I say?
It relies on Nazis taking over New York, so you'll forgive me if I thought it was a little too implausible.
What about adherents of {religion1} doxxing and persecuting adherents of {religion2}? Governmental influence or not, it can and has happened (yes, even in the USA).
Edit: 'd
-
@blakeyrat said in A critical reflection on GDPR:
@Gąska I understand Google has the data; I want to know how antifa gets the data.
One of them works for Google?
Edit: 'd
-
@El_Heffe said in A critical reflection on GDPR:
@Gąska said in A critical reflection on GDPR:
@blakeyrat said in A critical reflection on GDPR:
@Gąska said in A critical reflection on GDPR:
@blakeyrat should or shouldn't my explanation include how to do table joins?
How do they even get access to the data in the first place?
In case of Google, they just crawl your email and save the URLs you've visited (that contain Google Ads). In case of non-Google, I guess their data generally doesn't contain real name and address, though I don't know how much data they collect exactly. Some professional sites like LinkedIn encourage providing real name and workplace, and in this particular case, the name is encoded in profile URL - AFAIK the URL is included in HTTP request for ad image/script. It certainly sounds plausible for a large enough entity with large enough database to figure out at least names and cities (by IP and other means).
The more we go back and forth, the more I think you're theory that you're too paranoid is the correct one.
The more I talk with you, the more I think you don't even want to listen to what I have to say and you're here just to call me paranoid. Don't worry, I've heard worse today.
As much as I hate to do it, I really have to agree with blakeyrat on this one. You're presenting all sorts of scenarios full of what if . . . what if . . . what if ..... and jumping to all sorts of wildly hypothetical conclusions, but not presenting a single actual example of harm that has actually occurred.
It's not that people aren't listening or understanding you, it's just that I (and many others) don't believe that you can cause actual real-life harm just from cookies. And the current or former political climate of your home country doesn't change that.
It's currently unlikely in the USA (and probably most places), but it's hardly implausible, especially if non-governmental groups are included.
Edit: 'd
-
@blakeyrat said in A critical reflection on GDPR:
@sloosecannon said in A critical reflection on GDPR:
I think the problem here is everyone has different definitions of the word "harm".
Right; but nobody considered those giant phone books literally everybody had in every home and business in 1995 as harmful. What changed?
Phone books contain a name, phone number, and address. They don't contain info about what you do, where you go, or how you spend your money.
-
@djls45 Maybe a minor detail: they also don't contain network information who communicates with whom.
EDIT: Maybe I should explain that. If I upload my address book, they don't just get the phone numbers of the people in my address book. Even if they know all the numbers already, they now know metadata that I am connected to them.
-
@tsaukpaetra Done right. I've seen similar pop ups on slashdot and a few other sites, and dismissed it with "no thanks".
Even better would be a fine print option to "store a cookie to remember this and this only" vs. "ask me every time". But not relevant for me, I use private browsing anyway.
-
@djls45 said in A critical reflection on GDPR:
Phone books contain a name, phone number, and address. They don't contain info about what you do, where you go, or how you spend your money.
Unless, of course, you include an M.D., Esq., or whatever with your name, or have a business listing in the Yellow Pages™, but then you're choosing to reveal that for business purposes.
-
GPDR may be flawed and everything, but it prevents things like this:
Scumbaggery is a prerequisite for telecom companies, but American ones have perfected it into an art form.
-
LOL. Got the weekly "company news" email. It has a link to a story about something we're doing and the title has a parenthetical, "(link not accessible in the EU)." Emphasis in the original.
-
Bonus points if your company actually has offices in Europe.
-
-
@zerosquare said in A critical reflection on GDPR:
Bonus points if your company actually has offices in Europe.
Woo hoo! We do.
-
@blakeyrat I'm not surprised. Based on my understanding, the way it's supposed to work is that any site that gathers, stores, uses, or shares your data has to have specific, easily-understandable opt-ins for each specific use of each specific type of data they gather in an easily-found place. I don't think any site I frequent has done it right, since most of them just wrap it in an "Agree to our privacy policy" agreement or a "Agree to everything or no account for you" kind of thing.
-
@e4tmyl33t said in A critical reflection on GDPR:
@blakeyrat I'm not surprised. Based on my understanding, the way it's supposed to work is that any site that gathers, stores, uses, or shares your data has to have specific, easily-understandable opt-ins for each specific use of each specific type of data they gather in an easily-found place. I don't think any site I frequent has done it right, since most of them just wrap it in an "Agree to our privacy policy" agreement or a "Agree to everything or no account for you" kind of thing.
Ah, so to actually "do it right" that means the user needs to fill out a 50 page questionnaire!
-
Related article:
https://gdprhallofshame.com/5-techcrunch-engadget-and-oath-cookie-gore/You could say that this makes GPDR impossible to comply to.
You could also say this shows how -y the average modern website is, when you look behind the curtains.
-
@zerosquare said in A critical reflection on GDPR:
Related article:
https://gdprhallofshame.com/5-techcrunch-engadget-and-oath-cookie-gore/You could say that this makes GPDR impossible to comply to.
You could also say this shows how -y the average modern website is, when you look behind the curtains.
I love the one about Tumblr! 322 checkboxes. And no global opt out. So on your phone, you have to uncheck each one-by-one!
-
@dcon I've seen a bookmarklet/console C&P being passed around to uncheck all of them at once.
No matter how much of a pain you try to make it, users will find a way.
-
@zerosquare So these guys are actually trying to comply in good faith, and this site bitches at them because the UX is bad?
WELL FUCKING DUH.
It's a bad law, we all knew that. You'd think they'd be happy someone was really taking it seriously.
-
@zerosquare said in A critical reflection on GDPR:
You could also say this shows how -y the average modern website is, when you look behind the curtains.
That's certainly the message I'm getting.
-
@blakeyrat: "The label on my favorite brand of ketchup bottle is now huge, because of this stupid law that makes it mandatory to list all of the 320 artificial food additives that are present in it."
-
@zerosquare "But it's delicious, so I'll keep buying it anyway."
-
@zerosquare I suppose you're trying to make some sort of point?
-
Yes.
But if you find nothing wrong with adding more than 300 food additives to ketchup or sharing users' personal data with more than 300 third parties, I don't know what to tell you.
-
@blakeyrat said in A critical reflection on GDPR:
@zerosquare So these guys are actually trying to comply in good faith, and this site bitches at them because the UX is bad?
WELL FUCKING DUH.
It's a bad law, we all knew that. You'd think they'd be happy someone was really taking it seriously.
-
Oh, the irony!
From a clean slate with no cookies, visiting that site without adblock has set 19 cookies on the main site
digiday.com
and 14 cookies on 9 3rd-party sites, all before clicking that "Accept" or "x" (which is also accept) button.Everyone is breaking the law right now
Everyone is trying to make things work the way they used to, rather than thinking about privacy.I mean, yeah, if your only goal is to break the law in a way that you can get away with it, that's not very surprising.
-
@dcon said in A critical reflection on GDPR:
Ah, so to actually "do it right" that means the user needs to fill out a 50 page questionnaire!
Or maybe a site displaying a simple article and to which I don't need to log in doesn't actually need to store 33 cookies in the first place? How about that?!
If you want all that tracking, it should be hard.The general message of
This site uses cookies to work correctly
is (almost always?) a load off bull. I delete cookies by default (and ad-block prevents a lot of 3rd-party crap) and I've yet to see anything not working because of that.
(This site being the very only exception because of the "desktop notifications" toaster cookie, but it doesn't count because I was talking about sites you don't log in to.)
-
In the first month, the dutch privacy agency got over 600 GDPR-related complaints. 170 of these arrived in the first 10 days.
Almost a third of these regard data deletion issues, such as failed attempts to unsubscribe from a newsletter
18% regards unauthorised sharing of data
5% regards insight in data collected about oneself.87% of complaints regards companies, the rest regards government institutions.
84 complaints are about foreign sites; part of these are transferred to other European privacy agencies.
-
@topspin said in A critical reflection on GDPR:
is (almost always?) a load off bull.
Hah! How do you log into anything ever?
@topspin said in A critical reflection on GDPR:
I delete cookies by default (and ad-block prevents a lot of 3rd-party crap) and I've yet to see anything not working because of that.
Then you're not deleting cookies by default. Maybe you're deleting non-session cookies, or you're deleting 3rd party cookies. But what you're literally saying here is literally impossible. There is no (bug-free) way to keep a user logged into a website without using cookies.
(Someone's going to come in here and say "why not add a session param to the URL derp derp derp I am a retard! and to that person I say: 1) shut up, 2) note the word "bug-free".)
-
@blakeyrat said in A critical reflection on GDPR:
@topspin said in A critical reflection on GDPR:
is (almost always?) a load off bull.
Note how I explicitly wrote about sites where there is zero reason to log into, such as the majority of pages where I just want to read the damn article. And yet all these sites try to store shit.
What reason did this article about how "everyone is breaking the law" have to store anything?Then you're not deleting cookies by default
Fine, if you want the pedantically correct version: the cookies which aren't blocked up-front get deleted when the tab is closed. That's good enough, even if you're correct that it's not immediate.
-
@topspin said in A critical reflection on GDPR:
Note how I explicitly wrote about sites where there is zero reason to log into, such as the majority of pages where I just want to read the damn article. And yet all these sites try to store shit.
Why wouldn't they. What if you hit the font size up button, how the fuck is it supposed to store that? What if you want breadcrumb navigation, how the fuck is it supposed to store that? You can't think of any reason a site might want to store data for a user who isn't logged in? Really?
@topspin said in A critical reflection on GDPR:
What reason did this article about how "everyone is breaking the law" have to store anything?
Ask the person who wrote the site. I would assume it has something to do with "so their company doesn't go bankrupt and they don't lose their jobs".
@topspin said in A critical reflection on GDPR:
Fine, if you want the pedantically correct version: the cookies which aren't blocked up-front get deleted when the tab is closed. That's good enough, even if you're correct that it's not immediate.
So you allow sessions cookies. WOW. It's almost as if you realize cookies are necessary for the web to function correctly.
Unfortunately you have now disqualified yourself from ever serving in the EU government, where only ignorant morons are allowed.
-
@blakeyrat said in A critical reflection on GDPR:
Why wouldn't they. What if you hit the font size up button, how the fuck is it supposed to store that?
My browser does that already.
What if you want breadcrumb navigation, how the fuck is it supposed to store that? You can't think of any reason a site might want to store data for a user who isn't logged in? Really?
I didn't hit any of those stupid buttons, and yet I got 33 cookies. So, no, I can't think of any reason to trash those.
So you allow sessions cookies. WOW. It's almost as if you realize cookies are necessary for the web to function correctly.
I didn't write the "private browsing" code myself, so that's kind of irrelevant. But while I don't need session cookies to read an article, the point is that tracking cookies get killed.
-
@topspin OH NOES THE COOKIES ARE OUT TO KILL ME AND MY FAMILY BAN THE EBIL COOKIES! I AM EUROPEAN BY THE WAY HAVE SOME CHEESE.
-
@blakeyrat Great argument, would read again!
-
@blakeyrat Ask for permission to use local storage, if the user wants to let you, then you can store things in a non-retarded way. Cookie proliferation comes from dev teams composed of unreliable proxies for w3schools who cannot fucking come together on how to deal with the user's state.
-
@gribnit said in A critical reflection on GDPR:
how to deal with the user's state
Where is the user?
California.
Oh well. Stick cancer warnings on everything.
-
@dkf This post caused cancer in the state of California.
-
@pleegwat said in A critical reflection on GDPR:
In the first month, the dutch privacy agency got over 600 GDPR-related complaints. 170 of these arrived in the first 10 days.
Did you know that about 40% of sick days are taken on a Monday or Friday?
-
@dkf said in A critical reflection on GDPR:
@gribnit said in A critical reflection on GDPR:
how to deal with the user's state
Where is the user?
California.
Oh well. Stick cancer warnings on everything.CANCER WARNING: This cancer warning sticker contains chemicals known to the state of California to cause cancer.
-
@gąska Don’t say „gay” when clearly you mean „faggot”
-
@wft "fucking faggot" doesn't sound as good. In my native language, I'd say what "fucking pedals", but that might be confusing in context of cars.
-
@gąska
Then again pedal cars are rather gay
-
@dkf said in A critical reflection on GDPR:
@gribnit said in A critical reflection on GDPR:
how to deal with the user's state
Where is the user?
California.
Oh well. Stick cancer warnings on everything.We recently had a distributor ask us for a ton of test reports and documentation so they could sell one of our products in California.
After looking at the costs we just stated we don't approve the product for sale in California. Problem solved!
-
@luhmann said in A critical reflection on GDPR:
@gąska
Then again pedal cars are rather gayI only count 33% gays.
-
@topspin
How can you tell? The others are just still in denial about their true self.