A critical reflection on GDPR
-
@coderpatsy He'll be fine. He's using the list for just the explicit reasons it was collected.
-
@blakeyrat said in A critical reflection on GDPR:
The text of the law should assume abuses from the most hostile possible government.
I wonder why the Second Amendm- oh shit, not the Garage, pretend I didn't say anything.
-
@dkf said in A critical reflection on GDPR:
@coderpatsy He'll be fine. He's using the list for just the explicit reasons it was collected.
But he didn't get consent to hava data collected. Also, now every naughty person can opt out.
-
@gąska
Opting-out removes you from the list so you don't get presents either
-
@blakeyrat said in A critical reflection on GDPR:
There's a lot of stuff people took for granted in the US before Trump came into office.
Yeah, like how Presidents would just make up laws by themselves.
-
@luhmann said in A critical reflection on GDPR:
@gąska
Opting-out removes you from the list so you don't get presents eitherBut then I opt-in again!
-
@gąska
Then you agree that Santa can use you personal data to evaluate if you should go on the naughty list.
-
@luhmann yes, yes I do. I'm all for unlimited storage of information collected first-hand.
-
@PJH said in A critical reflection on GDPR:
@japonicus said in A critical reflection on GDPR:
that might be down to under-funding, incompetence or laziness.
"Or"?
Inclusive, not exclusive.
-
@coderpatsy Clearly, Santa should simply refuse any communication from kids in the EU.
-
@hardwaregeek
That's why we have Sinterklaas
-
@luhmann Yes, and Kerstman, Père Noël, Papá Noel, Djed Božićnjak, Άγιος Βασίλης, Jõuluvana, Joulupukki, Weihnachtsmann, Daidí na Nollag, etc. But are all of them GDPR compliant?
-
@hardwaregeek
Since Sinterklaas is only handling Belgium and the Netherlands it would be stupid would it not? Or are you calling Sinterklaas stupid? Anyway ... he has enough Zwarte Pieten to make his list compliant
-
@luhmann said in A critical reflection on GDPR:
Or are you calling Sinterklaas stupid?
Well, he does go to B*****m.
-
@hardwaregeek said in A critical reflection on GDPR:
@luhmann Yes, and Kerstman, Père Noël, Papá Noel, Djed Božićnjak, Άγιος Βασίλης, Jõuluvana, Joulupukki, Weihnachtsmann, Daidí na Nollag, etc.
I wonder which ones are capitalist and which are communist.
-
-
-
-
EDIT:
GDPR’s heavy punch might have goaded Peter Thiel into accusing Europe of enacting a protectionist legal regime. “There are no successful tech companies in Europe and they are jealous of the US so they are punishing us,” Thiel said at a talk at the Economic Club of New York back in March.
The sad thing is there are successful tech companies in Europe, they're just successful despite having really shitty software. (Siemens for one obvious example. AFAICT their hardware is on-par with everybody else's.)
There's also successful tech companies in Europe that just make video games, like Rare and CD Projekt Red, but I wouldn't expect Thiel to be aware of those.
-
@gąska said in A critical reflection on GDPR:
@luhmann said in A critical reflection on GDPR:
@gąska
Opting-out removes you from the list so you don't get presents eitherBut then I opt-in again!
To opt-in, you must agree for Santa Clause to accept your cookies.
-
No one's ready for GDPR
It's been on the book for 2 years. Nobody forced people to act all surprised and get their stuff together three weeks before it goes into effect.
-
@topspin Right but it's also extremely vague and nobody will know what counts as a violation until it actually happens and someone gets prosecuted for it.
To give one example I've posted to this thread. Someone comes to my site, I ask if I can track them, they say no. I save their answer in a cookie. Next time they visit the site, I check the cookie to see if they answered yes or no.
Is that a violation? It could be. I stored data about them (whether they want me to store other data), but they did not give explicit consent to store that data. And I don't need that data to perform any critical function of the site-- the only use of it is to not annoy the user by asking them a question they've already answered in the past.
And we've already talked about the whole IP address thing. They're considered personal information, but all web browsers:
- Log them to a file by default
- Have NO provision to ask a client device first if the IP may be logged and
- Have NO provision to review or delete previously-logged IP addresses from the web logs.
The problem isn't just the law's overreach (especially from the perspective of non-European countries), but also its vagueness.
-
@blakeyrat said in A critical reflection on GDPR:
I ask if I can track them, they say no.
"GDPR requires that I ask you this question ... ". Don't save. Annoy the user but pass the blame!
-
@dcon That seems to be what most sites do with that asinine EU cookie law, which has a similar Catch-22 aspect to it. (Can you cookie the user to stop nagging them about using cookies?)
-
@blakeyrat said in A critical reflection on GDPR:
To give one example I've posted to this thread. Someone comes to my site, I ask if I can track them, they say no. I save their answer in a cookie. Next time they visit the site, I check the cookie to see if they answered yes or no.
While only indirectly related to GDPR, that specific problem already had an answer Mozilla came up with:
Since the advertising-industry assholes couldn't be convinced to go opt-in for tracking (as it should be), as a compromise Mozilla devised a technical solution to opt-out of tracking, the Do-Not-Track header. That even got adoption by all major browsers, but then the advertisers decided "you know what, we don't care about this compromise anymore. We will specifically ignore all such do-not-track requests".
-
@blakeyrat said in A critical reflection on GDPR:
@dcon That seems to be what most sites do with that asinine EU cookie law, which has a similar Catch-22 aspect to it. (Can you cookie the user to stop nagging them about using cookies?)
I'm gonna go with "most certainly not, that would defeat its purpose". Still I bet >90% of websites do exactly that.
-
@topspin said in A critical reflection on GDPR:
While only indirectly related to GDPR, that specific problem already had an answer Mozilla came up with:
Since the advertising-industry assholes couldn't be convinced to go opt-in for tracking (as it should be), as a compromise Mozilla devised a technical solution to opt-out of tracking, the Do-Not-Track header.Like everything Mozilla comes up with, it was half-assed and shitty. Since the information only existed in a HTTP header, you couldn't query the browser's "Do Not Track" status from JavaScript, which meant that JavaScript-based tracking products have to collect all the data anyway then throw it away when it hit the server. Fucking wasteful and moronic for everybody involved.
@topspin said in A critical reflection on GDPR:
That even got adoption by all major browsers, but then the advertisers decided "you know what, we don't care about this compromise anymore.
That's because a bunch of browsers (notably led by Internet Explorer) said they'd turn it on by default, which makes the entire concept useless.
Advertisers rightly thought that browser makers turning the flag on by default for all users was basically shooting a shot across their bow. And in fact it was probably a move by Microsoft to make Google less valuable since, again, IE was the first browser to announce it'd turn on DNT 24/6/365 for all users and Google is both the largest online advertising platform and also makes a lot more money from targeted ads than untargeted.
(And note: advertisers are not necessarily the same people as trackers, even though I know a lot of retards on this forum think they are-- my products only track pages for usability reasons, the data is never used for serving ads. The products I build respect the DNT header, even though it's useless. However, since its implementation is so stupid, my JS still tracks events on the page, and still sends those to a server, the server just throws them away. Because Mozilla fucks up every web standard ever.)
-
@topspin said in A critical reflection on GDPR:
Still I bet >90% of websites do exactly that.
Right; because for users who are ok with cookies, you don't want to spam the fuck out of them by notifying them every time.
An obvious problem with the legislation that no EU politician apparently thought about.
-
@blakeyrat Can't JS get the session's cookies?
-
@blakeyrat said in A critical reflection on GDPR:
That's because a bunch of browsers (notably led by Internet Explorer) said they'd turn it on by default, which makes the entire concept useless.
No, it asks about it on first start and the "no tracking" radio button is the default selection. So the user does pick, and can pick to enable tracking if they want to. It just got it a little bit closer to opt-in, which should be the default, but it is still opt-out.
And if Microsoft hadn't done that, they'd have found a different excuse to not respect the users' wish if that wish goes against their profits.
still sends those to a server, the server just throws them away
As long as the effective result is that I don't get tracked, I'm perfectly fine with that. The problem is when the server doesn't throw it away.
Right; because for users who are ok with cookies, you don't want to spam the fuck out of them by notifying them every time.
Then save that choice in a cookie for them only.
-
@mikehurley How would that help? DNT is a HTTP header.
The only way to get access to a HTTP header in JS is to write a dumb webserver that does nothing but read the HTTP headers and bounce it back in a fake-o .
js
file. And sure you could do that.But why the fuck would Mozilla put DNT only in an HTTP header in the first place? And not anywhere in the DOM? Those fucking typewriter chimpanzees could have designed this better.
-
Latest chancer... no; they've never had my consent to begin with...
-
@blakeyrat said in A critical reflection on GDPR:
@mikehurley How would that help? DNT is a HTTP header.
The only way to get access to a HTTP header in JS is to write a dumb webserver that does nothing but read the HTTP headers and bounce it back in a fake-o .
js
file. And sure you could do that.But why the fuck would Mozilla put DNT only in an HTTP header in the first place? And not anywhere in the DOM? Those fucking typewriter chimpanzees could have designed this better.
I saw talk of cookies in your summary so I mixed those up with headers.
Can't JS read the request HTTP headers? I've never tried but reading web request info like you can in a .NET/Java webapp seems like something that should also work in JS.
-
@mikehurley There isn't something browserside in JS to get the headers the browser sent with the navigation context's request. Either the server has to provide them to you somehow as part of that response -- and none of them are set up to do that without custom code -- or you have to create a separate dedicated request.
-
@mikehurley said in A critical reflection on GDPR:
Can't JS read the request HTTP headers?
Nope.
@mikehurley said in A critical reflection on GDPR:
I've never tried but reading web request info like you can in a .NET/Java webapp seems like something that should also work in JS.
Maybe; but it does not.
Like I said, you can write a web server page to bypass the restriction and then just hope and pray that the web server page gets the same headers than your JS request got (which is a pretty safe bet, but by no means a guarantee).
-
@blakeyrat said in A critical reflection on GDPR:
Like everything Mozilla comes up with, it was half-assed and shitty. Since the information only existed in a HTTP header, you couldn't query the browser's "Do Not Track" status from JavaScript, which meant that JavaScript-based tracking products have to collect all the data anyway then throw it away when it hit the server. Fucking wasteful and moronic for everybody involved.
Because it's not like that JavaScript came from a server that saw the HTTP headers in the first place or anything...
-
@masonwheeler said in A critical reflection on GDPR:
Because it's not like that JavaScript came from a server that saw the HTTP headers in the first place or anything...
See it's great how Mozilla's stupid obvious design oversight quickly becomes my fault. Yes obviously I'm the one at fault here. The fact that we were serving the content from a CDN which didn't allow dynamic code, that must have been my dumb decision. Goddamned Blakeyrat you're so stupid.
Or you could just admit that Mozilla fucked up bad.
-
@pjh said in A critical reflection on GDPR:
Latest chancer... no; they've never had my consent to begin with...
Or some spammer just came up with the best way eva to collect email addresses...
-
@dcon said in A critical reflection on GDPR:
@pjh said in A critical reflection on GDPR:
Latest chancer... no; they've never had my consent to begin with...
Or some spammer just came up with the best way eva to collect email addresses...
Given the email address they used (a unique one used only on what is now an 8 yr old CV) and what they do (employment stuff) they may have a modicum of reason to have it, but not to use it for this sort of thing. And certainly not after all this time.
-
[Source]
-
@blakeyrat said in A critical reflection on GDPR:
The sad thing is there are successful tech companies in Europe, they're just successful despite having really shitty software.
How's that different from literally every other company in the world?
-
-
Hi!
Just letting you know you can't use your lights anymore because we're slathering your data around and GDPR is here.
good luck! bye!
Source: @internetofshit
-
I bought smart lights and expected them to work for an extended period of time!
I know the person behind the account buys that sort of stuff knowingly, but it still seems like a waste of effort dealing with all the iot bullshit and setup
-
-
With less than 24 hours to go, I can take pride in earning this:
-
@thebread I know something about someone in Europe so I don't think I can accept this
-
@thebread Wow that Lotus Notes guy would have charged you $1000 for a badge like that.
-
@blakeyrat We got it from Oracle, so it's at least a $1000 per upload of that image, and every time we email it to someone to show we're certified.
-
: Welcome to mandatory GDPR lecture. My name is Data Privacy Super Specialist.
[blah blah blah blah]
...privacy is super important...
[blah blah blah blah]
...always think about about processing client data...
[blah blah blah blah]
...privacy comes first, before any action, be it analysis or actual development...
[2 hours of blah blah blah blah]
Well, that's about it. If you have any questions, you can ask them via Facebook.