[HN Gopher] EU privacy agency urges more safeguards to curb U.S....
___________________________________________________________________
EU privacy agency urges more safeguards to curb U.S. tech giants
Author : stiray
Score : 190 points
Date : 2021-02-12 14:42 UTC (8 hours ago)
(HTM) web link (www.reuters.com)
(TXT) w3m dump (www.reuters.com)
| yulaow wrote:
| At this point honestly I just wish for a general ban on tracking
| ads of any kind. Just give me good old contextual ads and remove
| some MBs of js, with the only purpose of tracking me, from most
| websites of the internet.
| whazor wrote:
| Tracking should be considered creepy, just imagine if a single
| person would collect all this data of you. There should be some
| limitations of what can be advertised on.
| jka wrote:
| Ads could be placed into a search engine, and user agents could
| choose to request relevant ads based on the page they are
| viewing (the context) and/or the current user's profile (if the
| user opts-in to their profile being included).
|
| Advertisers would compete within that search engine to have the
| most relevant and accurate product and service offerings to
| match demand, and would pay the search engine provider for the
| hosting.
|
| The search engine provider could attribute and send credit back
| to the websites from which advertising requests from the user
| agent originated. This could be attributed based on requests,
| clicks, purchases, etc.
|
| Under this model, publisher websites would not need to design
| and manage their pages specifically to incorporate advertising
| slots, and users would not have to see any advertising at all
| unless they are genuinely interested in further commercial
| information related to the page they're on.
|
| As a side-effect this could reduce the usage of advertising in
| various grey areas (spam, disinformation, and even the rare-
| but-feasible harassment of individuals by using targeted
| advertising).
| GradientAssent wrote:
| And when effectively no users opt in to advertising, how does
| the search engine stay in business?
|
| It does actually cost money to operate a good search engine.
| Fargren wrote:
| The search can still show ads that are relevant to my
| search terms, right?
| pryelluw wrote:
| How about they find alternate revenue channels? Like every
| other business in the world?
| GradientAssent wrote:
| Sounds like a great opportunity for you to enter the
| market and capture one of these alternative revenue
| channels with your ad-free search engine.
| pryelluw wrote:
| I think all the great minds at google have a better
| chance than I do. Plus you were the one saying how unfair
| it would be for them to not invade people's privacy in
| order to cash in. My point is that if they can't operate
| without violating our human rights then they shouldn't
| operate.
| colejohnson66 wrote:
| Yep. People don't pay for search anymore. They haven't
| since Google took over the world a decade and a half ago.
| That's not to say free is the best option, but people
| don't want to pay when there's a free solution that works
| just as well.
| onion2k wrote:
| _And when effectively no users opt in to advertising, how
| does the search engine stay in business?_
|
| A few years ago my response to this would be that I'd
| gladly pay Google $10/year for access to Search without
| adverts, but over the past couple of years that's changed.
| Google have become so utterly terrible at handling
| customers that I no longer would. I'll only use Google
| services if they're free. The idea that Google might just
| kill my account without notice leaving me with no access to
| search would be catastrophic.
|
| I would gladly pay a different search engine company for
| access to a good search service though.
| GradientAssent wrote:
| Google's revenue per user is unfortunately much higher
| than $10/year.
| simias wrote:
| Do you have exact numbers? The estimates I've seen are
| about $60 per user per annum, so about $5 per month.
| That's for all services, not just search.
|
| So for less than a Netflix subscription you have Youtube,
| Gmail, Search, Drive, Translate, Calendar, Maps, Photos,
| Hangouts and more. Services that many people use
| regularly.
|
| It wouldn't be hard to argue that _any_ of these products
| is worth a lot more than $10 a year, but convincing users
| at large to go down that route will be a challenge,
| undoubtedly.
| JumpCrisscross wrote:
| Google's ARPU for American users was reported at $256 in
| 2019 [1]. So for ~$25 a month, you might get them to
| consider switching business models.
|
| [1] https://mondaynote.com/the-arpus-of-the-big-four-
| dwarf-every...
| ISL wrote:
| It is less than a Netflix subscription but essentially
| _everyone_ on the planet subscribes and can 't cancel.
|
| (Also, many users would agree on the value but balk at
| redirecting funds from an existing allocation to continue
| service on something they've already gotten for free.)
| jayparth wrote:
| It's not that much higher though. Back of napkin tells me
| that it's like 60$
| username90 wrote:
| It is much higher for US users.
| simias wrote:
| Make me pay for it.
|
| The ad industry's biggest accomplishment is making most
| users believe that they can have access to state of the art
| search engine, video streaming, messenging etc... for
| "free". It means that it's incredibly hard to compete with
| a different business model.
| GradientAssent wrote:
| Would you pay, say, $120/year? What if it wasn't nearly
| as good as Google yet?
| stiray wrote:
| Yes I would. Based on the really, really crappy results
| that google gaves me out lately (I have actually quit
| using it), $12 a year seems more than reasonable (you
| have market of millions of users, charging $10 / month is
| ripoff). Under condition that it is not some ads company
| under disguise (like google), that they eliminate all SEO
| crap (i dont want those results anywhere near the 100th
| page of results) and ads from my results and serve me
| relevant content.
|
| Instead of google I am aggregating multiple search
| engines and joining the results eliminating all that are
| not on most of them. I am losing anything special (like
| there is something "special" today) but at least I dont
| get bunch of stuff on google that just wastes my time.
|
| Nextgrid: yes, exactly that. I want old results, I want
| old content, I want content that matches with my search
| words 100% instead of getting what google crappy
| algorithms think that I want. I dont want hipster crap
| that propagates next silver bullet (that is just a copy
| what we already had packed into SaaS).
| GradientAssent wrote:
| > Based on the really, really crappy results that google
| gaves me out lately
|
| People on Hacker News seem to think Google's results have
| gotten worse over time. Maybe they have for the narrow
| set of interests and requirements of this crowd, but I'm
| very confident they've gotten better for the vast
| majority of other users (users who I bet are less likely
| to use an ad blocker too).
|
| > That they eliminate all SEO crap (i dont want those
| results anywhere near the 100th page of results) and ads
| from my results and serve me relevant content.
|
| This is an extremely difficult engineering problem.
| Google doesn't make a conscious decision to include
| low/middling quality SEO'd content. That content is
| optimized to appear relevant and high quality. Google
| does a better job than say Bing at telling the
| difference, but it's still obviously an unsolved problem.
| arch-ninja wrote:
| I'd pay double that right now for any search engine that
| gave 10 results in <1 second.
| Nextgrid wrote:
| I'd happily pay that for a search engine equivalent to
| what Google was a decade ago.
| [deleted]
| petre wrote:
| How would the EU enforce such a ban? They actually need to
| prove company X was tracking its users if it goes to court.
| mrtksn wrote:
| Turkey successfully made US tech giants comply to Turkish law
| by banning purchase of ads from non compliant ones and
| threatening with accumulating fines and progressive bandwidth
| throttling.
| jorge-d wrote:
| By setting very high fines for those who don't comply?
| Nasrudith wrote:
| That is like saying if we make the punishment for any crime
| tortorous enough we won't need law enforcement. That only
| answers "what the punishment will theoretically be" not
| "How can it be found out when it is being broken? By whom?
| Will we able to take action against it?".
| maedla wrote:
| Oh heaven help us if a trillion dollar enterprise gets a
| fine !!!!
| caddywompus wrote:
| I think what they mean is, how can you track which
| companies are not complicit, how do you organize the
| proof so that you can levy the fine successfully
| petre wrote:
| Already done. It's up to 10% of turnover, not profits.
| Which the companies would happily go to court over. But how
| to actually prove in court that company X is tracking users
| if a leak doesn't occur? Subopenas? They need a court order
| for that. They need reasonable suspicion to get a court
| order.
| travisjungroth wrote:
| Those issues aren't unique to this problem. Courts
| already try to solve them. It's the same as how you would
| find banks denying loan based on race. You find banks by
| complaints or wide search. You do an initial
| investigation from the outside with no warrant or
| subpoena. Like send in a white client and black client
| (or someone with a search history of fishing versus
| sewing) and see what happens. Then that's enough to ask
| for all the secrets. Of course they could delete them,
| but that should be a big crime.
|
| I'm not saying this is a perfect system. It's not. But
| it's an attempt the problem you describe.
| speedgoose wrote:
| Right now it's very easy to see, the companies are not
| hiding it at all. They send the data to third-party
| trackers straight from their website or application.
| EGreg wrote:
| Disqus loads a million external resources
|
| That's so stupid, why not just take your OWN cookie and
| use it in the backend to send to all these resources,
| proxying through your own server or having a CNAME for
| theirs under your domain?
| speedgoose wrote:
| I guess it's often much simpler and cheaper to not try to
| hide it.
|
| The CNAME practice is becoming more and more common. See
| https://blog.apnic.net/2020/08/04/characterizing-cname-
| cloak... or https://medium.com/nextdns/cname-cloaking-
| the-dangerous-disg... or
| https://www.laquadrature.net/2020/10/05/le-deguisement-
| des-t...
|
| I think proxying or doing it server side only will be
| implemented later when these people will be forced to
| hide to save their shitty business model.
| Sayrus wrote:
| CNAME cloacking has gone even further, ad company now ask
| you to put a A/AAAA record pointing to one of their IPs
| as CNAME uncloaking was working pretty well.
| _-david-_ wrote:
| I think the move will be for ANAME records. ANAME is not
| a real record (yet), but some providers are supporting
| them.
|
| It is similar to a CNAME record but instead of storing
| the domain name you want to map to it pulls the A record
| and puts that IP as your A record.
| matheusmoreira wrote:
| How about we make them prove they are _not_ tracking users
| instead?
| petre wrote:
| That's presumption of guilt and then we all have a problem.
| sefrost wrote:
| How could I prove my blog doesn't track you?
| matheusmoreira wrote:
| Allow experts to audit your blog, including the code
| running on the servers. Hosts should submit to similar
| audits.
| filoleg wrote:
| Never thought I would see the day when people on HN would
| enthusiastically support making it much more difficult
| for anyone to publish their stuff on the web. All while,
| in the same breath, clamoring for the "good old days" of
| the web when publishing something was as easy as just
| uploading a folder with your HTML/CSS to your host.
|
| No, thank you, I don't want to go through audits and deal
| with bureaucracy when I just want to publish my side-
| project blog on the web. If you want to discourage people
| from building and publishing their personal projects and
| making them easily accessible to the public, that's how
| you do it.
|
| However, I am absolutely ok with EU doing this, given
| they seem to be hellbent on running their local tech
| industry into the ground. Truly great founders from EU
| will either manage to make their companies succeed
| despite EU or eventually end up creating their companies
| in the US, and both of those scenarios sound like a win-
| win to me (from the perspective of the US; from the
| perspective of the EU, I guess they are doing all of this
| knowingly, so they get what they wanted, which would
| count as a win in a way too).
| matheusmoreira wrote:
| Well, in the good old days people didn't abuse users with
| unwanted tracking and fingerprinting. Pages used to be
| just that: files someone uploaded to the internet. People
| came up with tracking techniques here and there but they
| weren't so pervasive. Now most pages aren't pages,
| they're hostile applications purposefully built to
| extract as much value out of you as they can by any means
| available whether you want it to or not.
|
| If all you did was publish an HTML+CSS page, your
| innocence is self-evident. Anyone can look at your page's
| source and confirm it. If you link to Google's
| javascripts though, that should put you into a completely
| different category of suspicion.
| filoleg wrote:
| >If all you did was publish an HTML+CSS page, your
| innocence is self-evident. Anyone can look at your page's
| source and confirm it. If you link to Google's
| javascripts though, that should put you into a completely
| different category of suspicion.
|
| Things change. Back in the day, HTML+CSS page was all it
| took. These days, wanting to know how people discover
| your page or how many new readers come to your blog is
| basics. Reliability and performance tracking is something
| that wasn't really a commonplace thing back then. For all
| of those things, you kinda do have to use JS.
|
| The question is, do you necessarily need those features?
| No. Would it be nice to have? Yes. When I publish a side
| project, I want to make it nice and great, since I am not
| getting paid to do it, I am doing it out of pure
| enthusiasm and motivation for creating the best I can.
| Forcing anyone in this situation to go through audits and
| deal with bureaucracy just to be able to publish their
| personal side-project is a certain way of discouraging
| people from ever doing so. All you end up with is a bunch
| of people who are willing to jump through all these hoops
| because they have something monetary to gain from it or
| those who know how to jump around those hoops really
| well.
| petre wrote:
| Audits. Sounds much like scientology, only at EU level.
| qertoip wrote:
| How about _you_ prove your haven 't stolen my Mazda?
| Because I believe you _did_ stole my Mazda and it should be
| on you to prove innocence.
| matheusmoreira wrote:
| People are all equal and should be afforded the benefit
| of the doubt. On the other hand, there is a massive power
| difference between a rich corporation and an individual.
| Inverting the burden of proof is warranted in such cases.
|
| Your accusation would be very troublesome if made against
| individuals but for corporate lawyers its just another
| day at the office.
| Nasrudith wrote:
| Okay then how do you prove the government hasn't stolen
| my Mazda? They are even more powerful than corporations.
|
| Inverting the burden of proof is listed as a logical
| fallacy for a reason. It is never appropriate.
| matheusmoreira wrote:
| Not only is it appropriate, there are already cases where
| this is done. Wikipedia documents some:
|
| https://en.wikipedia.org/wiki/Reverse_onus
| 1vuio0pswjnm7 wrote:
| Just disable Javascript. If people did this en masse, even for
| one day, the adtech companies would start to panic. Castles
| made of sand.
| qertoip wrote:
| That would help but tracking would still be possible through
| HTTP layer like resource caching and other headers.
| 1vuio0pswjnm7 wrote:
| I control the HTTP layer with a forward proxy. Works well.
| lizardmancan wrote:
| that extension that silently clicks every add was funny. Why
| was it not allowed? Seems anti-competitive to me.
| qertoip wrote:
| "ban, ban, ban, ban, ban" - what a great idea to improve the
| world.
| eternalban wrote:
| You're reducing the equation to an unreasonable degree.
|
| Parameters are:
|
| - negative effects on society at-large
|
| - destruction of privacy
|
| - creation of turn-key surveillance systems
|
| - negative effects on urban environment aesthetics
|
| - ...
|
| - legitimate business desire to promote goods and services.
|
| It's that sole last item, which is the entire stated purpose
| of "advertising". We could create a web just for product
| promotion, and it would be opt in. Looking for widget x? Go
| to the market and even provide demographics for better
| service.
|
| Advertising is a _pretext_ for baking in surveillance and
| social modification systems into society. It is, like certain
| aspects of financial system, 'sacrosanct', and it is
| strictly taboo to state the obvious regarding advertising, as
| a systemic approach to moderating societal norms and
| behavior.
| maedla wrote:
| yes
| melomal wrote:
| The thing is these ads are not exactly effective either. I mean
| you'll read about the guru's with 90% conversion rate at 0.50c
| per click or some garbage like that but when you run them
| yourself, with what is considered a normal company (not a
| unicorn) you somehow find yourself with a <1% CR on most
| remarketing/tracking ads.
|
| They are crazy cheap though and essentially act like a TV/Radio
| ad. It's about getting repeated exposure, even if it's not a
| direct conversion (because it never is). Everyone wants to get
| rich quick these days and highly customized ads appear to be
| the best way to get there.
| dillondoyle wrote:
| I see this a lot but I find that it can't be true on the
| whole for many many.
|
| We buy ads for political clients. On FB I could get a
| positive immediate roi for donations. Scaling huge is hard (i
| got one client to over $1 million last cycle for context).
| Admittedly but you could go a lot bigger if you look at ROI
| down the line with email donations.
|
| And we're not alone. I don't think the many many direct to
| consumer brands would spend so much money on FB if they
| didn't get a positive ROI.
|
| Maybe some PE or other funded brands are trying to grow over
| profit spending more than they make. But there are a ton that
| are profit seeking and get good value. FB is definitely an
| exception though unless you are an app install ad on mobile.
| afdgadfgadfh wrote:
| Where is the control for the experiment? What is the ROI on
| non-targeted ads?
| dillondoyle wrote:
| There are a lot of ways to do it.
|
| For us we make a donation page. The only links that go
| there are from FB ads. We also use different refcodes for
| different ad groups AND the FB pixel passing in purchase
| value which is really good at optimizing FB's delivery to
| highest ROAS
|
| FB is very very very good at this
|
| I feel like people who question it or like don't
| understand basic attribution should do some more research
| before denigrating
|
| There are other non-direct measurement, FB for instance
| allows you to upload offline purchases. Definitely not as
| clean especially if you're hitting across different
| channels. But a basic A/B holdout test is pretty good in
| that case too.
| eivarv wrote:
| Exactly. Not to mention that lots of people do lots of
| stupid stuff - so appealing to it's popularity doesn't
| tell us much either.
| 8fingerlouie wrote:
| It's not like the current tracking adds are super efficient
| always. I searched for a new washing machine, found one I
| liked, bought it, and spent the next 3 months looking at
| washing machine adds.
| spaetzleesser wrote:
| With a lot more AI the smart people at Google, Amazon and
| Facebook may find out one day that there are products you
| buy rarely versus products you buy repeatedly. Like washing
| machines vs potato chips.
|
| It makes sense to show ads for potato chips but with
| washing machines you should stop after purchase.
|
| I much preferred the time when kiteboarding sites had
| static kiteboarding ads instead of the current situation
| where ads are totally out of context.
| fhood wrote:
| You know I think Amazon may have gotten better about that
| in the last little bit. I don't recall being flooded with
| recommendations for something I just purchased recently.
| exporectomy wrote:
| You seem to imply that the alternative would be more
| effective. What ads did you see in the 3 months prior to
| buying it? Maybe they were equally bad or worse but you
| forgot because of the psychological impact of the washing
| machines.
| II2II wrote:
| Clearly more tracking needs to be done in order to connect
| your conversion to your purchase.
|
| Not only will they stop showing ads of washing machines
| after the purchase, knowing the make and model will help
| them gauge when to start targeting repair ads as well as
| start targeting replacement machine ads. They will also
| know whether you will stick to the current manufacturer or
| which you will switch to, and which model you will buy. You
| will be able to live with the comfort of knowing that your
| entire future of washing machine purchases is planned out
| and concentrate your energy on more important things in
| life (such as lobbying for better privacy protections).
| melomal wrote:
| The cost of keeping it like that is next to none so there's
| very little motivation to fix it too. I've done many
| remarketing ads and generally speaking setting it up to
| avoid recent buyers is pointless in the grand scheme of
| daily work.
| DaedPsyker wrote:
| Could it just be that online advertising is simply oversold?
| I don't know about others but I'd click an ad maybe once
| every 6 months at best. Maybe there is logic behind constant
| feed although on a number of occasions I actively avoid
| products for bombarding me (looking at you grammerly).
| melomal wrote:
| From a marketing pro's perspective you assume that because
| you have data - reach, impressions, est. click-through
| rates etc - that you can find a 'quick win' aka get rich
| rich quick.
|
| So inevitably you try it, then you get some 'tips', then
| you read a marketing guru's success story, then you start
| getting ads for ebooks all of which have the best strategy
| and you really feel that you have no choice but to go for
| it. It's the FOMO/what if complex magnified by professional
| requirements to grow at all costs.
|
| From now on I consider online advertising like gambling.
| You think you can win but the house always win's because
| you spend more money on A/B testing, copy edits and new
| keywords all of which create very few leads or deals. You
| always think you can win too, 8 years later I still go back
| to online ad's because I feel that there's just that juicy
| copy, design, content combo round the corner.
| lizardmancan wrote:
| maybe thats it? consider all gambling gambling and move
| it under gambling laws? I know, it sounds nuts. But it is
| certainly possible to make an advertisement service that
| doesn't involve gambling. You just pay for sales.
|
| I mean, currently i have no idea what im buying until i
| do. The agencies talk about CPC and CPM but I just want
| sales. They sell me black boxes that are just like
| scratch cards. It feels like gambling? How is it not?
| Nextgrid wrote:
| I do believe online advertising is a bit of a bubble right
| now. Lots of bullshit unprofitable VC-funded companies burn
| tons of money on advertising (more than what they'd ever
| earn from the potential customer) in an attempt to
| establish monopolies which in turn inflates the value of
| advertising companies.
| melomal wrote:
| Slap the word A.I. or ML in there are you are golden.
|
| New platform, new opportunities. I have thrown money into
| ad's on various content suggestion platforms, Reddit,
| Quora, BuySellAds, Google, Facebook, LinkedIn and a hell
| of a lot more.
|
| TikTok is apparently incredible right now with
| conversions and pricing. It's all over the forums and the
| guru's are pumping it too. Give me some solid targeting
| options and viable metrics and you could probably wrangle
| some money out of me and many other marketers out there.
| I would say it's easy money if you can spin the ad
| network in a new way.
| quest88 wrote:
| Anecdotally they're effective on me. I've bought lots of
| things through fb/instagram ads.
| bpodgursky wrote:
| The arrogance of people outside the industry saying that a
| many-billion-dollar market is "not effective" is... kinda
| ludicrous on here.
|
| If you don't think it's right for them to exist, I'm not
| challenging that viewpoint at all. But coming in and
| assuming, with minimal to no research, that thousand of
| people and billions of dollars are pouring into complicated
| products which don't actually do anything, is a bit of an
| anti-vaxxer approach to the world.
| TechnoTimeStop wrote:
| It is crazy to think Facebook is still able to operate as they
| do. I mean look at the stock price. Ridiculously out of
| reality. This will come crashing down soon enough.
| justapassenger wrote:
| > Ridiculously out of reality
|
| Their P/E ratio is 27. It's below P/E ratio for SP500, which
| sits right now at 40, and includes tons of beyond ridiculous
| companies like Tesla, with P/E ratio over 1200.
|
| There's lots of wrong with Facebook, but calling their stock
| overpriced isn't one of those things.
| 4cao wrote:
| Call me cynical but more regulation like this only serves to
| further entrench the existing (quasi-)monopolies by increasing
| the barriers for new entrants.
|
| Especially the focus on "illegal" content and political
| advertising only (as opposed to, say, advertising as such) makes
| it appear not as an attempt to improve the situation in general,
| but rather to carve a bigger slice of the extant lucrative pie
| for certain interest groups.
|
| > EDPS said gatekeepers should provide an easy and accessible way
| for users to consent or decline the use of their personal data by
| the companies for their other services, and that there should be
| tests to ensure personal data is effectively anonymous.
|
| Users will consent to anything, especially if they have no
| choice, and any tests can and will be gamed. Ultimately if the
| problem is to be solved it would require a more novel approach
| than this.
|
| > The proposed European Commission rules will need to be
| discussed with EU countries and EU lawmakers before they become
| law, a process which will take 16-24 months.
|
| The implementation deadline seems excessively long to me. A lot
| can change within this timeframe, rendering the laws obsolete
| before they even come into force.
| qertoip wrote:
| 100%.
| betterunix2 wrote:
| Yup, that is exactly how it worked with GDPR: big companies can
| easily afford the cost of compliance while smaller competitors
| struggle.
| weinzierl wrote:
| On related news: Just two days ago the EU ePrivacy regulation
| took the first hurdle in Brussels. This will most likely bring
| some changes to the whole consent drama. I'm not good at reading
| legalese and there seem to be no commentary for the current
| version[1] yet. What I understand is that they "encourage"
| browsers to implement "whitelists" (their choice of word, not
| mine) as a solution to "end-users [..] overloaded with requests
| to provide consent". I'm not sure what is in there regarding
| first-party analytics cookies which some hoped will be exempted.
|
| [1]
| https://data.consilium.europa.eu/doc/document/ST-6087-2021-I...
|
| Partly recycled comment from
| https://news.ycombinator.com/item?id=26103635
| lmkg wrote:
| I would hone in on pages 27 & 28 in that document. In
| particular, this quote:
|
| > Cookies can also be a legitimate and useful tool, for
| example, in assessing the effectiveness of a delivered
| information society service, for example of website design and
| advertising or by helping to measure the numbers of end-users
| visiting a website, certain pages of a website or the number of
| end-users of an application. This is not the case, however,
| regarding cookies and similar identifiers used to determine the
| nature of who is using the site, which always require the
| consent of the end-user.
|
| It is, of course, legalese. But they seem to be drawing a
| distinction between _analytics_ and _tracking_. Counting
| distinct users seems to be acceptable without consent;
| profiling users does not.
| jefftk wrote:
| _> profiling of users for content moderation purposes should be
| banned_
|
| I'm not sure exactly what this is suggesting, but noticing that a
| user has previously posted abusive comments and using that to
| lower the threshold for flagging future comments for review seems
| completely fine.
| marcodiego wrote:
| It is good to see regulation that diminishes the chance of
| monopolies or abuses. I don't know if current safeguards help
| such guarantees.
|
| What could be interesting are economic incentives. For example,
| social networks profits could be taxed and part of the money
| acquired could be applied on independent de-centralized services.
| Imagine the impact if just a small amount of facebook profits
| were donated to wikipedia.
| betterunix2 wrote:
| How is this going to diminish monopolies? Big tech is (a) going
| to have a voice in these regulations and (b) will easily afford
| the cost of compliance. Small competitors will have no voice
| and will struggle to comply. This is almost certainly going to
| entrench the big players and widen their moats.
| qertoip wrote:
| > It is good to see regulation
|
| It is never good to see regulation. Never ask state to fix the
| problem or you will end up with two problems. Especially, the
| Big State.
| CodeGlitch wrote:
| The web is broken. No amount of regulation by the EU will fix
| things. I can only hope for something new which is designed from
| the ground up to protect the users. I'm not smart enough to know
| what that looks like, perhaps IPFS or similar?
|
| In the mean time I'll block all ads and third party cookies and
| hope for the best.
| KDJohnBrown wrote:
| What the EU should really do is fine / tax monopolists like
| Google and Facebook into submission then invest that money into
| the EU-based startup ecosystem.
| 908B64B197 wrote:
| The EU would need to rewrite it's tax code.
|
| Right now, everything is going through Luxembourg and
| Ireland... perfectly legally!
|
| > then invest that money into the EU-based startup ecosystem.
|
| So bureaucrats deciding where money is going... How did that
| work out for the EU again?
| thetrb wrote:
| Cool, maybe the US should also add some protections against
| German exports.
| La1n wrote:
| For example German vehicles? Those are taxed already. The US
| has quite a few types of import tax.
| KDJohnBrown wrote:
| I am all for import tariffs, especially when those taxes
| prevent wasteful international shipping.
|
| However, to respond to your snarky tone, does Germany have a
| monopoly on the world auto industry and use that to abuse the
| rights of citizens while squashing all competition? If so,
| absolutely, tax the hell out of them! My '99 VW Jetta was a
| piece of junk and I sold it at a major loss after a year.
| Nasrudith wrote:
| They have tried that several times. They don't hold a candle to
| even the "second tier" of the US (Barnes and Noble, eBay, etc.)
| Really the harsh truth is that the source of their problems is
| not found in the "Big Tech" Boogeyman but in the mirror.
| beaconstudios wrote:
| ah yes, protectionism.
| KDJohnBrown wrote:
| If you want to see the outcome of a lack of protectionism,
| look no further than the devastation of the steel, automobile
| and other manufacturing industries in the '70s and '80s which
| effectively wiped out the middle class.
| beaconstudios wrote:
| hey I'm no fan of naked neoliberalism either, but I promise
| you an EU facebook would suck just as much and in the same
| ways as US facebook. Profit motives still exist for huge
| corporations in Europe.
|
| every tool has its use, but protectionism is not the way to
| solve big tech's bad incentives.
| KDJohnBrown wrote:
| Why is protectionism bad? Why is it better to allow trade
| imbalances which sucks your nation's financial and
| intellectual wealth to others with nothing in return?
| kreeben wrote:
| Targeting taxes directly towards specific companies seems
| overly aggressive. I hope they will find and implement more
| generic rules to achieve what it is they want to achieve which,
| if I'm not completely mistaken, is to protect me from invasive
| tracking.
| Nasrudith wrote:
| Are you sure that is really their goal in the first place? If
| they wanted that they would downsize their intelligence
| agencies.
| KDJohnBrown wrote:
| Is this really any different than the USA banning Huawei to
| prevent 5G carrier equipment competition under the guise of
| "national security"?
|
| (Edited to clarify 5G carrier equipment competition)
| [deleted]
| dominotw wrote:
| can't google just threaten to pull out like they did in
| australia?
| hadrien01 wrote:
| They can. They won't. EMEA accounts for 30% of Google's
| revenue.
| jonathanstrange wrote:
| That could indeed potentially create a little bit of friction
| for a few weeks before everyone had replaced their services
| with different solutions.
| emteycz wrote:
| Like what solutions? Have you tried these "solutions"? I
| live in one of the countries which is special by having its
| own competitive search engine - and it's truly bad compared
| to Google. If we're going back to that, I am going out of
| EU.
| dominotw wrote:
| > replaced their services with different solutions.
|
| can't the govt simply ban google and fund these 'different
| solutions'.
| Nasrudith wrote:
| Didn't we hear the same thing from the UK with Brexit about
| their disregard for billions of dollars of commerce and it
| ended in completely predictable and avoidable disaster?
| qertoip wrote:
| What Google and Facebook should really do is to tax/fine the
| monopolistic EU into submission and then invest the profits
| into whatever they feel like it.
|
| Because Big State is worse than Big Tech.
| beaconstudios wrote:
| God no. Governments absolutely suck at changing the incentives to
| deter bad behaviour. Do we really want more cookie banners and
| GDPR consent forms?
|
| Maybe I'm missing something, but why can't we block all forms of
| stateful identifiers to third-party content? First-party cookies,
| localStorage, etc only. Is there some big legitimate use case I'm
| not seeing?
|
| Having said that, I'm sure if they were blocked, tech companies
| would just provide an SDK that passes through first-party state
| so companies could continue the status quo.
| Nextgrid wrote:
| Some stateful identifiers are required for technical purposes.
| IP addresses for example.
|
| Other identifiers are required for the functionality of the
| service, such as your contact details or information you enter
| in a social network.
|
| Given you can't work around providing the information, the only
| solution is to use legislation to prevent that information for
| being used in malicious ways.
|
| Also, the current situation with the consent prompts in Europe
| is not because of the GDPR but because of its lack of
| enforcement. The GDPR learned from the former "cookie law"
| (which I agree was a shit-show) and explicitly prohibits
| annoying/misleading consent prompts.
| beaconstudios wrote:
| > Some stateful identifiers are required for technical
| purposes. IP addresses for example.
|
| Yeah that one's pretty unavoidable, but is at least for many
| people temporary and pseudonymous only. Once their dynamic IP
| rotates (granted this isn't the case for everybody), the
| connection is lost. Much better than every website with a
| "Like" button on the page allowing facebook to track you as
| you traipse across the internet.
|
| > Other identifiers are required for the functionality of the
| service, such as your contact details or information you
| enter in a social network.
|
| That's first-party information. You're not posting on
| facebook via an iframe on another site. If you choose to
| provide your information to facebook, they're gonna use it -
| legislation or not. Legal encodings of intent are always full
| of loopholes, even if they escape regulatory capture via
| lobbying. The best way to stop Facebook from getting
| information about you, is to not give them information.
|
| > Also, the current situation with the consent prompts in
| Europe is not because of the GDPR but because of its lack of
| enforcement. The GDPR learned from the former "cookie law"
| (which I agree was a shit-show) and explicitly prohibits
| annoying/misleading consent prompts.
|
| I'm sure it won't be long before that argument goes to court
| and teams of lawyers spend the next decade arguing over the
| meaning of the word "annoying". Hence my argument that if we
| want Facebook to not know everything about us, perhaps we
| should stop them knowing everything about us?
| hedora wrote:
| They should just ban the gathering of personal information
| without consent, and ban any UI that makes it easier (or as easy)
| to opt in.
|
| On the day the legislation takes effect all users should be
| assumed to have opted out, regardless of any terms of service or
| non-negotiated contract.
|
| The only exceptions should be things strictly necessary to do
| business (e.g., contact info for a bank account holder.)
| detournement wrote:
| really excited for more popup policies to approve
| dazc wrote:
| Maybe it's a cunning ploy to condition people into agreeing to
| anything if only it means they can see the damn content?
|
| I already instantly accept cookies without hesitation.
| undefined1 wrote:
| no doubt that's what 99% of people do. just like terms of
| service, it's an automatic click through and a waste of
| everyone's time.
| teeray wrote:
| It's so irritating that this can't be an HTTP header. Then
| again, we probably have the failure of DNT to thank for that.
| colejohnson66 wrote:
| The problem was the DNT was optional, so there was no legal
| method to force a website to obey it.
| pornel wrote:
| Adtech companies have worked hard to make you associate privacy
| with annoying popups.
|
| They've lobbied hard to water down tracking bans to be "user
| choice", and then used dark patterns/malicious compliance to
| make not agreeing a horrible experience to wear people down, so
| that people just give up on privacy.
| hedora wrote:
| They should ban the pop ups, and make the cookies opt in. Done.
| Easy.
| lanevorockz wrote:
| I pray to the day were privacy is reclaimed. Big Tech has abused
| us for long enough. You cannot enforce slavery through terms of
| service, You also should not be able to own all private
| information of someone through terms of service.
| apples_oranges wrote:
| People. Just. Delete. Your. Cookies. Regularly. I am baffled
| about the crazy amount of debate and technical solutions to a
| problem that was solved the moment Cookies were invented. In the
| 1990s I suppose.
| bserge wrote:
| Just. Don't. Care. About. Ads.
| fauigerzigerk wrote:
| That would mean getting every single cookie banner,
| insterstitial ad, newsletter begging screen, country selection,
| TOS confirmation, etc, on every single visit.
| throwawayboise wrote:
| That's what I do. I use Firefox, set to delete cookies,
| cache, and history when I close the browser, and also uBlock
| Origin. I close the browser frequently, often between sites,
| certainly before/after visiting my banking site or anything
| like that.
| badjeans wrote:
| A lot of those can be blocked with e.g. ublock (the
| "annoyances" filters, not on by default)
| fauigerzigerk wrote:
| Yes but apples_oranges suggested that deleting cookies was
| an alternative to more complex/advanced technical
| solutions.
| simion314 wrote:
| >People. Just. Delete. Your. Cookies. Regularly.
|
| Do you think you are clever? Like this ad trackers can't just
| switch to use local storage, fingerprinting or other methods to
| go around your clever solution? You can't use tech to solve
| this, Google, Facebook and the others will tech around your
| fix.
| apples_oranges wrote:
| I am not being clever, but sometimes the clever people need
| an idiot to see what is in front of them. ;) ok tell me what
| are anonymous browser windows good for? Local storage is not
| deleted then? If yes, use that.
| simion314 wrote:
| Sure, now train all people to use that. And then tell them
| how to edit their hosts file(or to install a firewall) to
| also block tracking embedded in apps or in the OS. And when
| the OS vendor goes around the firewall and the DNS by using
| other technology then tell the users to buy and setup some
| fancy router and when they invent some other tech then what
| ?
|
| Much simpler, make tracking without permission illegal so
| everyone can benefit not only the tech people and the ones
| that can afford extra routers, VPNs or other tech
| solutions. Also not sure if private mode is 100% safe.
| inetknght wrote:
| Your argument isn't grounded in reason. Let me make another one
| in kind: let me just take all of the money from everyone's
| wallets. If anyone notices then they can just get new wallets.
| caddywompus wrote:
| Problem is, there are a ton of ways that these companies track
| you, not just through session cookies.
|
| Some of the methods are explained here:
|
| https://pixelprivacy.com/resources/browser-fingerprinting/
| DCKing wrote:
| This is not productive to this conversation.
|
| Please don't propose technical solutions for things that should
| be solved by law. Protection should be the default, and not up
| to your own cleverness vs. the cleverness of trillion dollar
| industries. If that is the fight you have to fight, you will
| lose either immediately or eventually (see also the next
| point).
|
| Please don't propose technical solutions that are mostly
| ineffective due to the huge amount of brainpower spent on
| browser fingerprinting, super cookies and other means of
| persistence. Cookies were invented in the 90s, and the means of
| being more clever than those deleting cookies were invented
| soon after.
|
| Please don't speak with such condescension about these topics.
| People might mistake your confidence to imply you are actually
| on to something, but if the solution to the problem was so
| simple it would have been solved already - and the industry
| behind this would be dead or pivoted away.
| emteycz wrote:
| It's the other way around. Things with technical solution
| should never be solved by law. Lawmakers and law enforcement
| is absurdly expensive and law has unforeseen side effects, we
| should use that only when absolutely necessary.
| DCKing wrote:
| We'll probably disagree on this, but I think we're well
| past the point where this is "absolutely necessary". Some
| of best engineering talent in the world is spent on
| engineering the internet to 1) misuse human psychological
| affinities to lure you in and keep you in and 2) build
| large profiles of you to make as much money from (1) as
| possible. Targeted advertising and the incentives it
| creates should be banned as a benefit to society.
| emteycz wrote:
| The technical solution wasn't even tried, I will agree
| with you after that fails. Also for example subsidy for
| Firefox and other independent browsers (of Google/MS/...)
| could be tried. Law should be the last resort.
| DCKing wrote:
| I'm curious what the technical solution is you're
| proposing. I was considering OP's context of a technical
| solution that's "clearing your cookies regularly". Surely
| that's both not sufficient (not by a long shot) and being
| tried at some scale [1]? So probably you mean something
| else, but I'm not sure what.
|
| [1]: https://en.wikipedia.org/wiki/Private_browsing
| emteycz wrote:
| First step would be making private browsing the default.
| Second step would be making strong, capable adblockers
| built-in. Third step would be something like Firefox
| containers, one for each domain. Fourth step could be
| analyzing network traffic for potentially fingerprinting
| information and blocking it. I am sure there is much more
| to think of.
| speedgoose wrote:
| People use Google chrome.
| kzrdude wrote:
| (Seriously) I don't want to be logged out.
| apples_oranges wrote:
| why not, your browser or operating system remembers all your
| logins for you
| inetknght wrote:
| Automatic logins are easily automatable to steal data from
| my device, me, and the people around me.
|
| I want to be asked every time a service wants to know who's
| using it from my device. I want to have the option to
| immediately decline authorization _before_ any information
| about me or my device is sent.
|
| I want to have the option to say "no, I don't want this
| service to know it's me". I also want the option to say "I
| am <soandso>" even if really I am not <soandso>.
|
| Not giving me that option is a disrespect of me as a user.
| paddez wrote:
| 2FA slows down the entire log-in process a non-trivial
| amount - even more so if it's implemented over SMS.
| apples_oranges wrote:
| hm, then just use a dedicated browser for those logins?
| use a Firefox for logged in stuff for example, Safari for
| the other stuff.
| an_ko wrote:
| In what I imagine is a brilliant twist of irony (I can't read the
| article), all I see when I open this page is a consent form to be
| tracked, with a link buried in text to opt out, which brings me
| to a page that requires me to fill in all of my personal details
| in order to opt out.
|
| Apparently in order not to track me reading their web page,
| Reuters requires (among others) my full name, residency, date of
| birth, street address, and telephone number.
| Jestar342 wrote:
| I see the usual OneTrust modal, with a giant, very easy to
| locate "Reject All" button at the bottom of the modal.
|
| https://imgur.com/uZmlGlc
| throwaway2245 wrote:
| I would wager that "Reject All" does not, in fact, opt you
| out of "Legitimate Interests" - sites are using the language
| "Object to Legitimate Interests" for this.
| an_ko wrote:
| I see the same. Maybe I'm getting confused by the wording and
| layout.
|
| I interpreted the "Reject All"/"Confirm My Choices" buttons
| at the bottom to belong only to the "Manage Consent
| Preferences" section. The "Information Our Partners Collect"
| part above it is a separate section, with a separate "Accept
| All" button, and an opt-out link in the text, so I figured
| the final "Reject All" might only reject the second section.
| Because why else would they have separate sections with
| separate buttons?
|
| Either way, none of this inspires confidence that they have
| my interests in mind.
| estaseuropano wrote:
| > Either way, none of this inspires confidence that they
| have my interests in mind.
|
| Bingo. This is the underlying issue. And indeed this dual
| opt out is probably intentionally confusing - and I'm never
| sure either whether 'refuse all' refuses also the partners.
| Semaphor wrote:
| For me (EU) the consent popup has "reject all" at the very
| bottom (though I only see it with blocking disabled). Pretty
| lame, but still better than most.
| weinzierl wrote:
| "For me (EU) [..]"
|
| You are probably not the right person to ask then, but I
| always wondered: How prevalent are these consent popups
| outside of the EU?
| curryst wrote:
| In the US, I see them fairly often. Doubly annoying because
| I know they don't even have to obey my answers in the US.
| Semaphor wrote:
| If their consent manager doesn't distinguish between EU
| and non-eu, I doubt they'll handle your data differently
| bgdam wrote:
| Way less frequent. I'm usually jumping between Germany and
| India and whenever I'm in Germany it feels like I'm always
| getting a popup on every site I visit for the first time.
|
| A lot of the same sites don't bother to throw the popup
| when I'm browsing from India.
| high_byte wrote:
| is there some extension to mark links like this? popups,
| paywalls, consent forms. all of these, I don't mind if the link
| is red or if their domain is entirely blocked. I'm immediately
| not interested in such websites and it would save me so much
| time
| h_anna_h wrote:
| They could start by making it easier to report and act on GDPR
| violations (fb, discord, google, etc all have known violations
| but nobody seems to care). Then they say that they need more
| safeguards, no, you need to actually start doing something.
___________________________________________________________________
(page generated 2021-02-12 23:01 UTC)