[HN Gopher] The bait-and-switch hidden in today's cookie announc...
___________________________________________________________________
The bait-and-switch hidden in today's cookie announcement
Author : DyslexicAtheist
Score : 310 points
Date : 2022-06-17 12:03 UTC (10 hours ago)
(HTM) web link (webdevlaw.uk)
(TXT) w3m dump (webdevlaw.uk)
| [deleted]
| rudasn wrote:
| Would it be possible to avoid all this mess by imaging a
| different way to use the web?
|
| An access method based on rss (of some sort), in the way "start
| pages" did it ages ago.
|
| So instead of going to a website to get information, the
| information comes to _my website_ where I make the rules (as I 'm
| the provider and the sole user). And instead of only receiving
| plain text information, I can also interact and communicate with
| other people (the content provider and other consumers), if I
| choose to.
|
| It took them 15 years to fuck up the Web, we can pull the rug
| underneath them and perhaps get 20 more.
| [deleted]
| bodge5000 wrote:
| Government attempting to legislate something they don't
| understand (especially technology I'd say) is nothing new, its
| already happening in the UK, in the EU, in the states and all
| around the world. Why we let this pass, I don't know, but its the
| reality we're living in.
|
| But if I'm reading this right, this takes the cake for the worst
| one yet, or certainly up there.
| DocTomoe wrote:
| > Why we let this pass, I don't know, but its the reality we're
| living in.
|
| Are you willing to hire armed and trained goons to make them
| stop their ways and kill, maim and/or kill them? Because they
| are willing to do the same to get their way.
|
| And that's why we let this pass. The so-called "monopoly of
| force" was not given by a "social contract", as Hobbes
| postulated - it was taken by them through superior force.
| dane-pgp wrote:
| But we can revoke the "monopoly of force" whenever we* want,
| without violence. That sounds a lot like a "social contract".
|
| * For some value of "we" which differs by jurisdiction:
|
| https://ripplejustice.com/2020/01/02/prisoner-voting-uk/
| DocTomoe wrote:
| Can you, really? Or are you just replacing the color of
| their hats, believing that that changes the system?
| dane-pgp wrote:
| > just replacing the color of their hats
|
| Are you saying that there are literally no policy
| differences between major political parties in countries
| like the UK? What about countries that have voting
| systems that make the legislature more representative of
| voters' preferences?
|
| The only way I can think to steel-man your position is
| that you're saying "Some unspecified power would
| intervene to stop a government relinquishing its monopoly
| on force even if the population overwhelmingly voted for
| the government to do so". That's hard to imagine though;
| not because the unspecified power is so vague, but
| because no country would ever vote like that to remove
| the protections that a state provides for them.
| bodge5000 wrote:
| I meant more in the way that its not even brought up. Take
| partygate for example, obviously Boris got away with that
| with pretty much just a slap on the wrist, but at least he
| had to sweat a bit over it.
|
| The fact that politicians can make rulings over things they
| don't understand in the slightest is bad, the fact that
| nobody even cares is tragic.
|
| (To be clear, I dont consider the fact that he had to "sweat
| a bit over it" in any way justice, or a sign of a fair
| society, but at least its something)
| Supermancho wrote:
| > Pop-ups, but British ones.
|
| I feel like this whole post, (notably this section) makes bad
| faith assumptions, then elaborates on the strawmen/bad
| assertions.
|
| > ...no matter what they're trying to put right in the world -
| to know the ages of all their visitors or users
|
| That's not what it says, explicitly. I interpret it as "it will
| require most every useful online service to be account-based
| with hoops at that level, not just some random visitor or on
| every page".
|
| Most of the sections are making reference to having to know the
| age of users as a pre-requisite to any web activity, in the UK,
| and I don't see it. Did I miss something or did she?
| DyslexicAtheist wrote:
| _> this takes the cake for the worst one yet, or certainly up
| there. _
|
| my number one is the Australian AABill mandating any Australian
| citizen working for a tech company can be forced to create
| backdoors in code and altering their employer about it is
| illegal. This one is so bad, that if it were China, we'd no
| longer hire any Chinese nationals anywhere in the world.
| AndrewThrowaway wrote:
| What if I create a backdoor but during the code review it
| gets noticed?
|
| Or does Australian government also supply some handbook about
| how to do it properly?
| margarina72 wrote:
| I mean that'd be a minimum, good guidelines can go a long
| way. Who's going to maintain this backdoor if you get
| fired, uh? /s
| ehnto wrote:
| I was an Australian freelancing internationally at the time
| it was introduced, and took pretty good care fully
| understanding the bill to the best of my ability. It really
| seems to be as bad as it sounds.
|
| But what worried me was that it was actually written quite
| coherently, I felt like it had been well considered by some
| people of technical background, but the bill still had ill
| intent. So I'm not sure what's worse, legislature
| misunderstanding technology so much that it's harmful, or
| people using a good understanding of technology to be more
| precise and underhanded in their abuse.
| fifteenforty wrote:
| It's completely outrageous and there is still no momentum
| to undo it.
| 2143 wrote:
| > any Australian citizen working for a tech company can be
| forced to create backdoors in code and altering their
| employer about it is illegal
|
| What the fish?
|
| > This one is so bad, that if it were China, we'd no longer
| hire any Chinese nationals anywhere in the world.
|
| Heck if it was China implementing something like GDPR and the
| rest of the world was seeing those annoying popups, then:
|
| * for 3 months the rest of the world will hate-tolerate it
|
| * then somebody will figure out how to get rid of the popups
| for the rest of the world
| jokethrowaway wrote:
| This is the living proof you can't even trust the governments
| that are removing bureaucracy and regulations.
|
| All those bribes must have made them forget their fight for
| freedom.
| TrueDuality wrote:
| From what I understand the way this is currently shaking out, is
| that it largely won't impact marketplace sites as credit cards
| can be used as a form of age verification. You might have to
| create an account and associate a credit card before you're able
| to browse which would be an awful user experience...
|
| For other sites though, if the this passes into law I suspect it
| will have a much more intense cooling effect on the availability
| and access to sites. For the unpaid service sites I run, I'm
| certainly not going to pay for identity verification or allow
| that garbage on my sites. I'm much more likely to hide or disable
| any user generated content, or just serve a static page to users
| in the UK saying the site isn't available in your region.
|
| They're really doubling down on removing themselves from the
| world community...
| dhosek wrote:
| Yeah, this seems remarkably unworkable. 10p per user is a
| really high cost. I have to imagine that sites like Facebook or
| Twitter will fight hard against this. It's far more onerous
| than GDPR.
| dcdc123 wrote:
| > The government said the change will cut down on "the irritating
| boxes users currently see on every website".
|
| Hate to break it to you but we have no laws for them in the US
| and we have the stupid popup on almost every site.
| permo-w wrote:
| Historically in the UK inconvenience-inducing online laws like
| the Online Safety Bill have fallen either shortly after passage
| or shortly before passage as the people who pass them realise
| that they too have to follow their own rules.
|
| This was certainly the case for that nationwide opt-out porn
| block that they brought in a decade ago, then quickly slipped
| under the rug when it became clear that they too would have to
| either learn to use a VPN or call up their service providers
| expressing their desire to watch porn
| toyg wrote:
| Some of it lingers, though. Like the invisible DNS filtering
| that all consumer ISPs are effectively forced to implement,
| blocking URLs coming from an unaccountable third party
| organization. Or:
|
| _> that nationwide opt-out porn block_
|
| That's still there; ISPs just made it very easy to switch off
| the block from apps and websites.
|
| Tories ask for 100, bag 20, then ask for 200 and bag 80 -
| result: they get 100. And there is no recourse now, because
| those pesky supranational voices of reason have been
| jettisoned.
| permo-w wrote:
| Boris Johnson is the only hope, in my opinion. Yeah he's a
| slimy, entitled, lying, racist, upper-class con-artist, but
| he's a populist at heart and has no principles beyond what he
| thinks will make the public like him. Yeah that's disgusting,
| and yeah it's the best of the worst, but it's still better
| than Cameronism, which simply doesn't care what you think. If
| an uproar comes, which it hopefully will, at least our
| fearless leader will listen, if only out of self-interest
| toyg wrote:
| I hope that was satire...?
|
| Johnson is the one who keeps pushing these crazy schemes
| just to keep people riled up against the "bureaucracy-mad
| EU" he invented so many years ago. He will stop at nothing
| to stay in power, and will happily sacrifice all your
| freedoms to that effect - he doesn't respect the law
| anyway, so anything put on the book is just for you and me
| to be beaten down, not for him and his mates.
|
| _> it 's still better than Cameronism_
|
| That's a false dichotomy. There is life outside the Tory
| ideological landscape.
|
| _> If an uproar comes, which it hopefully will_
|
| If the uproar comes from the "wrong" sector of the
| electorate, the Tories will just double down on it.
| permo-w wrote:
| you're not really following the hn guide on commenting
| etiquette, and if you continue I won't reply any further.
|
| >That's a false dichotomy
|
| right now the options are Boris or a Cameronesque Tory.
| Sure in 2 years better options will be available, but
| that's in 2 years time. it is not a false dichotomy.
| besides, the longer Boris stays in power, the more he
| damages the Tories as a whole
|
| >If the uproar comes from the "wrong" sector of the
| electorate, the Tories will just double down on it
|
| this is an exaggeration, especially under the populism of
| Boris. yes they largely listen to their base, but they
| don't seek to actively antagonise others. they're a
| centre-right party that seeks a wide base without a high
| degree of polarisation. they're not the GOP or UKIP.
| given your comment, I suspect you may assert that they
| are more like the GOP or UKIP than I think. if so, I will
| agree to disagree on that
|
| it seems like you have a lot of emotion and anger about
| this, and that's fine, but I don't think it's helping
| your objectivity about actual outcomes and intentions. I
| also don't like him or his party, but in the short-term
| he's better than a right-wing ideologue that doesn't care
| what you think
| toyg wrote:
| I mean, you started with "Boris Johnson is our only
| hope", so I assumed HN etiquette was out of the window at
| that point.
|
| _> 2 years better options will be available, but that 's
| in 2 years time_
|
| You assume the Tories can produce a majority after the
| current "Brexit coalition", held together by Johnson,
| collapses. That's not a given. It's also not a given that
| whichever cabinet a new PM could produce, will be strong
| enough to enact big policies.
|
| _> but they don 't seek to actively antagonise others._
|
| Policies like Rwanda deportations and the return of
| imperial measures are absolutely designed to produce
| outrage, and I challenge you to prove otherwise.
|
| The basic Johnson strategies are directly copied from the
| US playbook: they deliberately provoke the left in order
| to consolidate the right by defensive reaction, playing
| the victim and distracting from failures and scandals.
| And it works, for a while at least.
|
| Is the entire party like that? No, but the people who
| are, are currently running the show.
|
| _> they 're a centre-right party that seeks a wide base_
|
| They _were_. They stopped being that when absolute power
| went to the likes of Reese-Mogg. They attracted radical
| Northern votes by acting extremist on issues where the
| Labour party refuses to do. This is not your dad 's Tory
| party.
| permo-w wrote:
| First point, as far as I'm aware that phrasing has no
| relation to HN etiquette, and even if it does and you
| chose to interpret it in that worst possible sense, that
| doesn't give you the right to do it too
|
| Second point, do I assume that? I cannot see how you've
| read that from what I've said. I'm a dyed in the wool
| labour voter, and last I checked the Tories were down by
| about 15% in the polls.
|
| The rest is opinion that I disagree with. I'm not here to
| change your mind. It's fine to be emotional and shouty
| and take the worst possible view of everything, but I'm
| completely unconvinced by it, especially when you
| challenge me to prove a negative
| TechBro8615 wrote:
| If you think that's bad, you should see the software running
| on millions of home routers in the UK.
| aidos wrote:
| This is one depressing read.
| [deleted]
| kmlx wrote:
| for reference, the online safety bill is in the committee stage:
|
| https://bills.parliament.uk/bills/3137
|
| so, a long way to go.
|
| the new Data Reform Bill has not even been submitted yet.
| EGreg wrote:
| I am impressed. This bill manages to go from "think of the
| children" to "papers, please" in zero intermediate steps! One
| motivates the other, directly. And no one noticed the irony!
| Cthulhu_ wrote:
| It's on top of the existing measure where if you wanted to
| access mature content over your internet connection, you had to
| file a request with your ISP. And I'm sure the UK's big
| provider porn filter wasn't very good anyway, given how much
| and how quickly it can pop up.
|
| And the targeted demographic that should be protected -
| children - will find plenty of ways around it. Reddit and
| Twitter are easily accessed, Youtube has tons of soft porn that
| won't get filtered out, VPNs are everywhere - even free ones,
| like in Opera, and they Know about it - Tiktok has tons of soft
| porn, the list goes on.
| EGreg wrote:
| Step 1: roll it out for mature sites
|
| Step 2: roll it out for all sites
|
| Step 1 could be seen to have some justification. But any
| lawmaker with a functioning brain would immediately realize
| that Step 2 will cause a radical change on the Internet.
|
| They aren't saying that you get an unlinkable verifiable
| claim (Web3) that you're over 18, to access ALL SITES. That
| would be somewhat reasonable. No, they say you'll get an ID
| that is linked to you and all sites will be able to know who
| you are and cross correlate all data on you, to save the
| children. I mean... who needs third party cookie blocking at
| that point haha
| tankenmate wrote:
| The current proposals isn't to roll it out for mature
| sites, but any site that might possibly allow user
| generated content. Think of e-commerce sites with product
| reviews for example.
|
| Step 2 could conceivably happen a la boiled frog.
| janekm wrote:
| Web3 doesn't feel like the right framework here? Generally
| the types of tokens used in the "web3" world are inherently
| traceable. Something similar to Passkeys
| (https://developer.apple.com/passkeys/) would be more
| appropriate, generating a new key pair for every website
| accessed. In order to provide the attestation of age, the
| public key provided could be signed by a trusted authority.
| (not that I like any of this, but something like this would
| be the least objectionable implementation)
| IshKebab wrote:
| Can anyone give a summary? This is ridiculously verbose.
| mmarq wrote:
| The UK legislators want to replace GDPR with a watered down
| version that only applies to the UK. Their claim is that this
| will allow businesses to save money on compliance. (Me:
| Companies in Brazil, Australia and the US comply with GDPR, so
| realistically British companies will have to abide to both
| regulations and so costs can only increase)
|
| Furthermore the British government is planning to force all
| websites to verify their visitors' age (allegedly using
| government approved providers), which is orders of magnitudes
| more onerous than GDPR (me: which is actually almost free
| unless you abuse your users' data).
| 542458 wrote:
| The UK has eliminated cookie pop up requirements. However, they
| have introduced other legislation that requires websites to
| establish the ages of all visitors via checking legal ID so
| that adult content can be restricted. This is expected to be
| done by integrating with (paid) third-party APIs that will keep
| track of users' legal identity across websites. This will be
| both privacy-invasive for users and expensive for website
| operators. The UK has also axed many of the EU-based data
| protections that users have.
| zuminator wrote:
| And if you don't have legal ID, the website will need to
| access your Webcam and measure the size of your head(!) to
| determine your age.
| jeroenhd wrote:
| Popups were never required in the first place, what was
| required was to get consent before tracking users.
|
| Websites that seem they need to track users immediately and
| across their entire web space implemented popups because it's
| the only way to get consent before showing content, but
| that's the website's choice, not a consequence of the law.
| jcranberry wrote:
| Is this website reliable?
| __alexs wrote:
| This article is discussing draft legislation that hasn't been
| voted on yet. These changes haven't come into effect and IMO
| probably won't.
| buttscicles wrote:
| Wanted to add that according to the article, these checks
| will be required for all content, not just adult content.
| ectopod wrote:
| All user-generated content specifically.
|
| If you host non-adult content and there's no way for randos
| to upload it you don't need to verify.
| matt321 wrote:
| That is not true. Either A) You know for a fact all
| content is safe for underaged, or B) You verify.
|
| What is safe for underaged is not defined and can change
| on a whim. Therefor, any sane person running a website
| that is not "explicitly for underageds" will verify and
| eject said underageds. Especially since the one in charge
| (hired by the company) can be personally liable for any
| "harm" comming to the underaged.
| [deleted]
| fanf2 wrote:
| The postscript has a reasonable summary:
|
| _<< in their professional experience, age verification is only
| ever invoked in discussions around what we might call explicit
| adult content: pornography, alcohol, tobacco, and firearms. So
| that's what they assume this discussion is about, here, in the
| UK. They don't realise, until I explain it to them, that the UK
| legislative discussion is not just about preventing children
| from accessing those four kinds of content. It's about
| mandating age verification for anything and everything, for
| every user, of every age, in front of access to all topics, all
| subjects, all sites, all service providers, all opinions, and
| all content. The whole public open web. Everything. >>_
| nbevans wrote:
| Indeed this is overly editorialised and the author very much
| assumes the reader is of the same opinion of them from the
| outset. The author seems to believe that web browsers will just
| ignore UK legislation and not bother to implement the necessary
| changes.
| iostream24 wrote:
| It has not been editorialized at all, let alone overly
| editorialized. The author outlines the consequences of a very
| Ill-thought-out law that will harm the worldwide web, not
| protect users, and damage what is left of the UKs standing in
| the world. Telling the truth is never "overly" doing
| anything.
|
| Sometimes, you must call a spade "a spade"
|
| Do you have some information to contribute to the discussion
| or are you suggesting that the author should lie instead?
| nbevans wrote:
| https://news.ycombinator.com/newsguidelines.html
| [deleted]
| tjbiddle wrote:
| Arkanum wrote:
| *she
|
| Although i can't find any clear statement of pronouns [1]
| https://webdevlaw.uk/about/ [2] https://twitter.com/WebDevLaw
| nbevans wrote:
| Thank you!
| [deleted]
| orangesite wrote:
| Anyone else remember how to configure a gopher server?
| stormdennis wrote:
| Will the UK governemnt be also encouraging kids to use vpns, for
| their own protection, but remember to only use ones with UK ips,
| lest you seem something adult.
| tankenmate wrote:
| I could image people lobbying the corridors of power to
| introduce legislation that puts age verification / blocking
| requirements on VPN technology.
|
| The Great Firewall on the Thames.
| gorjusborg wrote:
| The EU had some teeth when GDPR was passed. Even if I'm not in
| the EU, there are lots of countries that are, so cost/benefit of
| compliance seems reasonable.
|
| When I hear about strange Brinternet rules, I just think _why
| should I care_ about a single country and their strange and
| costly laws. If UK users want to reach my site, change your laws
| or use a VPN.
| mattnewton wrote:
| Especially if compliance becomes a _criminal_ issue. But then
| again Britain probably thinks this will spur a domestic market
| for smaller tech, and maybe that's correct? Though it does
| sound like the main thing it incentivizes will be some rent
| seeking age verification companies or very dubious utility to
| consumers.
| unicornfinder wrote:
| Indeed. My response to this has largely been "if this passes
| I'll just block traffic from the UK to my website" as it'd be
| cheaper than implementing this utter madness.
| mngnt wrote:
| I'm really sad that even professionals hate the cookie/gdpr/data
| collection banners for the wrong reason. And most people hate the
| wrong entity for being responsible for their existence.
|
| If companies weren't actively spying on their users, if the
| didn't collect every last bit of data they can, there would be no
| need to put up a banner. If the website needs cookies for core
| functionality (essential cookies) only, there' no need to inform,
| ask or badger the user for anything. The websites/data collectors
| are the bad guy here (from where I'm standing) and now that they
| have to ask us if they can please spy on us, the EU is evil
| because they force them to ask?
|
| The main presented point of this bill is "We will eliminate the
| obligation for the spies to ask you if they may spy on you" and
| even the author of this piece is celebrating that.
| tensor wrote:
| You really think that basic web analytics is "spying on you"?
| So a company that records how many people purchase a given
| product is "spying" on them? Business owners are not allowed to
| do basic accounting to gauge product performance? Because
| that's all 99% of people use these analytics for.
|
| No one cares about you enough to "spy" on you.
| Nextgrid wrote:
| If this uses a third-party company whose business model is
| stalking everyone for targeted ads then it's absolutely
| spying.
| cycomanic wrote:
| What is "basic accounting to gauge product performance"?
| jodrellblank wrote:
| > " _No one cares about you enough to "spy" on you._"
|
| Would you mind telling them that? Maybe they'll stop sending
| me personalised spam offering me discounts since I haven't
| shopped there in a while, or paying to send me phyisical
| advertisements through the post. From your tone, that must be
| giving me an inflated sense of my own importance.
|
| > " _You really think that basic web analytics is "spying on
| you"_"
|
| No, I think web analytics is spying on me. A HTTP log is one
| thing, a JavaScript library which probes my browser, tracks
| available APIs and versions and mouse movements and sets
| EverCookies and behaves insidiously, is spying. If I visit
| example.com and example.com know I went there, that's
| understandable. If there's a deliberately invisible Facebook
| pixel telling Facebook I went to example.com, which is only
| vaguely disclosed in some "and our trusted 3rd parties"
| legalese, that's not fine.
| random_upvoter wrote:
| > The websites/data collectors are the bad guy here (from where
| I'm standing) and now that they have to ask us if they can
| please spy on us, the EU is evil because they force them to
| ask?
|
| If the end-result of the law + standard human behavior is that
| you made web browsing a crappier experience then you made a
| crappy law.
| riskable wrote:
| > If the end-result of the law + standard human behavior is
| that you made web browsing a crappier experience then you
| made a crappy law.
|
| That's not a very good way to figure out if a law is
| "crappy". Building codes make for a crappier construction
| experience (can't just do whatever TF you want) but that
| doesn't mean they're bad.
|
| Laws requiring designated handicapped parking spaces make
| parking a slightly crappier experience for non-handicapped
| people. That doesn't mean they're crappy laws.
| briHass wrote:
| It's a bad law if it ends up punishing the people it was
| intended to help. If the building code had a clause about
| building decks and max occupancy where the easiest way for
| a contractor to comply was to post a gigantic sign
| permanently attached to the deck stating the weight limit,
| the end-user would view that as terrible as well.
| teh_klev wrote:
| > and even the author of this piece is celebrating that.
|
| I don't think so. Read the last part of that sentence which
| I've emphasised in italics.
|
| "So if you work in any sort of tech or digital related role,
| and the work you put into the world can be viewed, or accessed,
| by anyone of any age in the UK, and you are (rightfully)
| celebrating the loss of the cookie popups, _I need you to do me
| a favour and drop the balloons and party streamers and sit
| down._ "
| ukoki wrote:
| Sounds like we're gonna need a Let's Encrypt-style NGO for age
| verification to kill these parasitic companies before they take
| hold.
| buttscicles wrote:
| I would guess it's more expensive than generating certs - all
| those ID verification "AI" services use teams of people as a
| fallback from what I know
| dhzhzjsbevs wrote:
| What countries dont have govt funded ID services yet?
| Nextgrid wrote:
| The UK is notorious for not having ID cards. That's a
| solved problem in every other developed country as far as I
| know.
|
| The reason behind it is privacy (lol, considering their
| total failure and unwillingness to enforce the GDPR) and
| yet they are totally fine with the tax office having the
| same database and information (which is no doubt accessible
| to law enforcement).
| rndgermandude wrote:
| >That's a solved problem in every other developed country
| as far as I know.
|
| Did you just call the US underdeveloped? :P
|
| But seriously, the US does not have a standardized "ID
| card" either. They have things like passports (which not
| that many people have), state-issued driver's licenses
| (so 50+ different ones, not sure how it's handled in all
| the non-state areas like Guam or Puerto Rico), social
| security numbers (which aren't exactly ID either), birth
| certificates, voter id cards (for people without a
| driver's license), and a slew of other things the
| government and businesses will accept under certain
| circumstances. What they do not have is a nation id card.
| weberer wrote:
| >voter id cards (for people without a driver's license)
|
| You mean State ID cards? They're used for much more than
| voting.
| riskable wrote:
| The UK _does_ have state-issued ID cards: Passports. Are
| you a UK person that wants to operate on the
| "international internet"? Get yourself a UK passport! :)
| moss2 wrote:
| There's a popular English stereotype that everything requires a
| permit or a license. I'm glad they continue to live up to that.
| macinjosh wrote:
| Even 007 had a license to kill!
| A4ET8a8uTh0 wrote:
| <<Preamble: you'll be aware that the UK's Online Safety Bill has
| been promoted as a piece of big tech/social media legislation,
| but it is not. It will impact any company or project of any size,
| nature, location, or business model which has user-generated
| content on it or allows humans to interact with other humans. So
| if your site, service or app is anything other than a promotional
| portfolio web 1.0 site, or a blog like this here blog that only
| allows comments, you're in scope. If you weren't aware of that,
| you are now. Enough of the preamble, let's amble.
|
| Sold. I am all for returning to standard boring web 1.0. Lets do
| this thing!
| DrBazza wrote:
| This doesn't read like a neutral analysis to me. On the other
| hand the UK will mostly continue to support GDPR, in the same way
| all our phones will be USB-C, EU legislation leaks across borders
| to every country on the planet.
|
| The UK government have been hopelessly out of their depth
| legislating the internet, since, forever.
|
| The site is called "webdevlaw.uk" and the article footer "This is
| my personal site, and the opinions on it do not reflect the views
| of any current or previous employer." seems a bit dishonest, but
| everywhere does it these days (putting "news" at the end of your
| twitter handle somehow makes you a journalist apparently).
| bodge5000 wrote:
| > The UK government have been hopelessly out of their depth
| legislating the internet, since, forever.
|
| This is both the good and the bad of this legislation. Bad, for
| obvious reasons, but good because usually they're so
| unbelievably out of their depth that it never actually comes to
| pass.
|
| We're now, what, 5 years is it delayed on a bill that was
| supposed to require an ID for adult websites? I remember it
| started up before May was in power and still nothing has been
| done about it, and that was far less "ambitious" than this.
| DrBazza wrote:
| Agreed. I don't really understand the UK government. Though
| it's probably the same elsewhere, career politicians schooled
| in humanities at university, completely clueless about the
| ministerial role they've been given.
| rswail wrote:
| It's like the republicans on abortion, the last thing they
| want is to actually pass any legislation, because then
| they'll have lost an issue that they can use to rile up the
| dumbest side of their supporters, combining the best of
| "won't someone think of the children", and "omg, genitalia
| in motion is much more evil than violence", and "if we do
| this right, we'll have a perfect panopticon to catch out
| the others out there that you don't like".
| mmarq wrote:
| > I don't really understand the UK government.
|
| They need some crazy headlines to try to win the next by
| elections. When the pensioners will realise that they have
| to identify themselves to watch porn, the bill will be
| retracted.
| GordonS wrote:
| The article is one-sided... but are there honestly _any_ good
| arguments in favour?
| Silhouette wrote:
| The trouble with these issues is that there is always a
| legitimate argument in their favour. There really are some
| nasty people in the world and some of them really do prey on
| children and there really is a lot of content on the Internet
| that isn't suitable for children and real children sometimes
| do suffer real harm because of these things.
|
| The question we should be asking is how much that we value
| for other good reasons we are willing to give up in exchange
| for the possibility of improving the protection of our
| children, when there is no crystal ball that tells us either
| how much of an improvement any given measure would actually
| make or how much of the potential harm from giving something
| else up would actually be realised.
|
| Until we view these kinds of rights and protections issues as
| a balancing act with legitimate arguments on both sides but
| also genuine concerns from both sides it's impossible to even
| have an intelligent debate on the ethics, never mind write
| good laws with all the extra practical concerns that
| legislation and enforcement introduce.
| rndgermandude wrote:
| I fail to see how this protects children from those evil
| people, tho.
|
| It establishes the age and id of UK children to websites
| and services. However, unless all these services children
| use are siloed off from the rest of the internet and UK
| only, bad people from other countries (and those in the UK
| savvy enough to mask themselves behind some kind of
| VPN/TOR) will still be able to use these services without
| having their ids established the same way, and will keep
| trying and sometimes succeed to groom and abuse children.
| Silhouette wrote:
| Yes, it's a daft plan and it's unlikely to work if they
| press ahead with it (at least if you think "work" here
| has anything to do with protecting children). You know
| that. I know that. But the problem isn't how to convince
| HN, it's how to convince Mumsnet and the tabloid-reading
| grandparents.
| GordonS wrote:
| I do understand the government's argument, but:
| 1. I don't believe children will really be "saved" from
| viewing/reading harmful content - if they really want to
| see something, they will simply find a way around it, but
| also remember this is a *UK-only* thing! 2. I don't
| believe for a second that the security apparatus won't have
| unchecked access to the data
| Silhouette wrote:
| I suspect you and I (and probably most people on HN) have
| similar views on these issues. We skew liberal and we
| skew technically literate. My point is that "normal"
| people don't necessarily perceive the same dangers that
| we do in measures like the ones proposed here. On the
| other hand "making our children safer online" is
| something any decent person can get behind as long as you
| conveniently ignore all the nuance and practical details.
|
| Given who the government here currently are it's hardly
| surprising that they resort to attention-grabbing
| soundbites. With a bit of luck the Tories will boot Boris
| before too long and that'll take many of his current
| Cabinet out of the picture as well since they were
| seemingly chosen more for their expected loyalty to Boris
| than any particular expertise or competence. Then at the
| very least there is a mini-reset in government and some
| of the more headline-grabbing but questionable policies
| of the Johnson administration might be quietly sidelined
| while whoever takes over desperately tries to steady the
| ship before the next general election. Although of course
| they quietly passed legislation earlier this year that
| pushed the latest possible date for that election all the
| way back to January 2025...
| rswail wrote:
| It's parents being lazy and demanding that the rest of
| the community accommodate their needs for bringing up
| their children, while abdicating any actual effort on
| their part.
|
| So instead of parents actually installing and/or
| configuring and/or actually using all of the different
| parental controls that are already available to stop
| their kids seeing stuff they shouldn't, they want all the
| rest of us to deal with the bullshit, while not solving
| the problem.
| Silhouette wrote:
| There is definitely an element of parental responsibility
| that often gets conveniently ignored in these debates.
| I'm a sceptic about placing the blame entirely there
| though, for the simple reason that so much of normal life
| is now connected. That includes time at school or when
| kids are playing with their friends and not under their
| parents' immediate supervision 24/7. The only way a
| parent could truly keep their child away from any
| possibility of getting online today would be to restrict
| their activities and access to technology so severely
| that they'd barely live a normal life or socialise and
| develop in a healthy way. So whatever we think of parents
| and how they raise their children, the problems that
| modern connected technologies create are always going to
| need societal solutions as well as parental or schooling
| ones.
| Hizonner wrote:
| Nobody who has an actual opinion will sound neutral, unless
| they're actively trying to mislead you.
|
| Everybody who is actually an expert will have an opinion.
|
| Therefore almost anything that "reads like a neutral analysis"
| will be worthless drivel. If you want such drivel, it's
| available in unlimited quantities from various press outlets.
| Of course, they're not "neutral", either, but they buy their
| biases wholesale rather than actually doing that whole tedious
| "understand the issue" thing.
|
| And some opinions are right, while other opinions are wrong.
| Reality is not "neutral".
| draw_down wrote:
| macinjosh wrote:
| I really despise "won't someone think about the children laws"
| and I say this as a parent. It is not society's job to shelter
| your children from the unsavory, it is the parents' job.
|
| Besides that, it is hard to argue against any law that is couched
| as protecting innocent children. Obviously, having to verify with
| ID the age of every website visitor is impractical right now. The
| logical solution is for government to mandate and issue Internet
| IDs that must be used to access any web service. This bait-and-
| switch leads down a slippery slope that erodes anonymity on the
| Internet, not that there is much left.
| loriverkutya wrote:
| Let's use leaded petrol again and you can protect your children
| however you want!
| dangerface wrote:
| Is there tldr? I am half way through the article and so far all I
| know there is a new bill is there any more detail than that?
| trinsic2 wrote:
| > where I discussed how government is shifting its language from
| describing us as people with data rights to consumers with
| contracts, was spot on. You'll understand if I'm not gloating.
|
| This is exactly the issue, and the most important point that
| people and small businesses should be focused on. Especially when
| dealing with organizations that want to use the "consumers with
| contracts" model. Stop using the word "Consumer". People are not
| consumers, they don't consume things. People and Individuals
| purchase things with their own purchasing power as "Customers".
| We are not apart of a mindless machine, where businesses are the
| engine and we are the gears. Its the other way around, and the
| more that people promote this in the work place and other areas
| of life, the better. Words are like magic, they can empower, or
| enslave us. Don't let the few, who want to control public
| perception, make the calls.
| pilsetnieks wrote:
| Also, and I understand it is a quote in the article but the GDPR
| isn't "highly complex". It is actually one of the more
| understandable pieces of legislation I've ever read. It is,
| however, vague and gives a lot of leeway to local data protection
| authorities in interpreting it.
| throw0101a wrote:
| It's a bit of a shame that self-labelling by web sites never
| seemed to really take off:
|
| * https://www.w3.org/TR/powder-use-cases/#cpA
|
| * https://www.w3.org/2007/powder/
|
| * https://en.wikipedia.org/wiki/Protocol_for_Web_Description_R...
|
| It could be much easier if the major web browsers (at this point
| Chrome, Safari (mobile), Firefox) were able to read the metadata
| and if parents (or corporate IT departments) wanted to filter
| content they could using 'built-in' technology rather every web
| site having to potentially re-invent the wheel.
| macinjosh wrote:
| This 1000%. Legitimate services have an incentive to self-
| identify because they don't want to anger parents and are
| generally not out to corrupt kids. A setting to block unrated
| sites could be provided as well.
|
| Movies and video games self report their rating not sure why
| web content needs to be any different.
|
| The problem with the top down approach of the government
| deciding which topics are taboo is that it removes agency from
| parents. Different parents, different kids, and different ages
| all lead to different values and levels of acceptibility.
|
| My tin foil hat catches my eye every time I see government
| trying a heavy-handed, slippery-slope approach to clamping down
| on a problem instead of just providing society with a common
| set of tools to accomplish a relatively simple goal.
| alisonkisk wrote:
| cameronh90 wrote:
| This sounds awful but I'm not sure comparing webcam age
| verification to Nazi phrenology is helpful. Indeed, such a
| reaching Reductio ad Hitlerum makes me doubt the credibility of
| the piece.
| tgv wrote:
| First, what the article describes is awful. It's a full
| onslaught on privacy, once more under the "won't anyone think
| of the children" banner. Of course, they don't care about the
| children, it's just an appeal to the purity of their blessed,
| little souls, as if encountering an inappropriate website will
| immediately condemn them to hell.
|
| Anyway, measuring age with e.g. just a webcam is quite
| feasible. It's not perfect. I mean: I was well in my 30s when
| people were still asking for my student id, so there's an error
| margin. I do suppose these methods cannot circumvented by
| holding a picture in front of the camera or judicious
| application of some make-up. Adolescent boys looking for porn
| are not going to give up just because an age filter declines
| them access.
|
| It's not phrenology, not in a technical sense, nor in the sense
| which the article appeals to. And that appeal is a bit
| pathetic, indeed, but more born from despair than the will to
| kill of a few million people.
| GordonS wrote:
| I thought it was a very well written and engaging piece.
|
| Given that this ludicrous legislation was, _undoubtedly_ ,
| pushed for by the Home Office and shadowy security apparatus,
| it seems plain to me that those same groups will have access to
| all the data the age verification companies hold - they will
| know the identity of every user accessing these websites, and
| there is absolutely _zero_ chance it won 't be abused. There is
| also _zero_ chance it won 't be used as a springboard to
| escalate the scope.
|
| This is yet more mass-surveillance via the handy back door of
| "think of the children". One of the main reasons I voted
| against Brexit was exactly because of shit like this - put
| simply, I trust the EU more than my own government. Honestly, I
| found the phrenology comparisons rather apt.
| kcartlidge wrote:
| > _I trust the EU more than my own government._
|
| You're not the only one. This was also my own number one (but
| not sole) reason for voting against Brexit, and that's a
| really sad thing to have to say.
| Arkanum wrote:
| I think the author was not the one performing the reductio ad
| hitlerum, but was referencing a tweet[1] citing a doctoral
| thesis on AI ambiguity (which made the "fallacy") and (i'm
| guessing here as I haven't read it) concerns biases present in
| modern vision systems.
|
| [1] -
| https://twitter.com/clancynewyork/status/1535686305438478339
| 542458 wrote:
| I don't see any references to nazis in there. The article says
| "Victorian phrenology", not "nazi phrenology". Calling it a
| Victorian practice isn't unreasonable. Technically phrenology
| was most popular immediately before the beginning of the
| Victorian era, but it's pretty close.
| adhoc_slime wrote:
| There was an inline quote about nazi phrenology as well
|
| > But for the slow VCs at the back who do need to be told:
|
| >> Concluding, Dr. @Abebab notes, "It took Nazi-era
| atrocities, forced sterilizations... for phrenology,
| zuminator wrote:
| The article embeds a tweet that states,"It took Nazi-era
| atrocities, forced sterilizations... for phrenology,
| eugenics, and other pseudosciences to be relegated from
| science's mainstream to its fringe. It should not take mass
| injustice for Cheap AI to be recognised as similarly
| harmful."
| [deleted]
| technothrasher wrote:
| The article doesn't directly equate phrenology with Nazis,
| but does make an implied connection between phrenology and
| Nazi craniometry, and goes on to quote a tweet which
| explicitly talks about Nazi atrocities being the driving
| force in the end of phrenology.
|
| The entire reference feels like an overreach, however, not
| just because of the Reductio ad Hitlerum, but also because it
| begs the question on the inherent evil of any use of
| craniometry.
| ajkjk wrote:
| ctrl-f Nazi?
| ilaksh wrote:
| Is there a service or system for automatically blocking anyone
| from the UK? And how can we make it clear to British politicians
| that such a thing will be widely deployed?
| onionisafruit wrote:
| Why would a webmaster with no ties to the UK go to the trouble
| of blocking their traffic?
| riskable wrote:
| A better service would be one that automatically blocks UK
| politicians with a clear message indicating why
| ta988 wrote:
| If only Google had used just a little bit of its lobbying money
| to get those laws more technologically sound and help solve that
| with metadata that the browser can then handle.
| dbrgn wrote:
| The announcement says it wants to "protect consumers", but it
| changes user tracking from opt-in to opt-out... How about
| ensuring that companies stop tracking people unnecessarily?
|
| I see so many websites - even club websites or private blogs -
| that have a cookie consent banner, but which wouldn't actually
| need one if they'd just turn off Google Analytics. I just don't
| get it.
| CommanderData wrote:
| The current UK govnement isn't interested in people's rights
| despite lots of catch phrases from Nadine Dorris which might
| make it seem so.
|
| Each passing day the govnement becomes more and more deceptive
| that_guy_iain wrote:
| >I see so many websites - even club websites or private blogs -
| that have a cookie consent banner, but which wouldn't actually
| need one if they'd just turn off Google Analytics. I just don't
| get it.
|
| Actually, most are probably not even correctly following the
| law since the cookies will probably be set before the popup is
| accepted. For most, people just assume they need a cookie
| banner. I'm pretty sure I've seen cookie banners on sites that
| had no cookies.
| qclibre22 wrote:
| Google will down rank if you don't use their analytics
| cookies.
| eropple wrote:
| Is this true? I'd believe it (edit: though, as noted
| elsewhere in the thread, it seems like it'd carry some
| business risk), but I haven't seen it.
| that_guy_iain wrote:
| If it is true it's an anti-trust lawsuit waiting to
| happen. I highly doubt it is true. Keeping that secret in
| the bag would be hard in my opinion. We're constantly
| getting leaks from Google.
| thayne wrote:
| A lot of stuff google does would be an anti-trust lawsuit
| waiting to happen. If you know, anti-trust was actually
| enforced.
| that_guy_iain wrote:
| The EU would 100% enforce that. The EU hits them
| constantly for their bs.
| jokethrowaway wrote:
| Sure, and fined them pennies
| that_guy_iain wrote:
| Have you seen the EU fines? Latest one is 1.6 billion
| againist Google.
| mhoad wrote:
| This is some completely made up bullshit for the record.
| lakomen wrote:
| I have a domain that was ranked #1 for a decade, it
| always had GA. I removed GA replaced it by Piwik, it
| dropped in rank. Nowadays I'm not eben on the 1st page
| anymore, despite having the most authentic design and
| simple use.
| mhoad wrote:
| That is not how any of this works.
| Reason077 wrote:
| > _" The announcement says it wants to "protect consumers", but
| it changes user tracking from opt-in to opt-out... "_
|
| The cookie-blocking features in modern browsers (except Chrome,
| probably, haha) effectively make tracking opt-in anyway, don't
| they? The cookie pop-ups are pretty redundant today.
|
| Not to suggest that this makes all the down sides of Brexit
| worthwhile, but it does make me happy that this can now be
| addressed. Cookie popups seriously harm the usability of the
| web and have been one of the most highly visible and ill-
| conceived pieces of EU legislation.
| phh wrote:
| I guess anti-GDPR won. So-called "Cookie popups" are about so
| much more than cookies. Looks like anti-GPDR marketing
| managed to make even technically-literate people unaware of
| their rights.
|
| If you're using a menstruating-cycle app, GPDR will protect
| you against the app owner publicizing your name that you're
| pregnant, and thus protect you against anti-abortion mobs, if
| you wish to abort. A cookie banner wouldn't do that. Because
| GPDR is NOT about the cookies.
|
| If we were to speak exclusively about tracking (which is,
| again, a very very small part of GPDR), even simply
| dismissing as a browser-side "feature" is yet another
| brainwashing win from anti-GPDR marketing. The number of ways
| to track people in a browser is infinite. From canvas
| rendering, to DRM, from cache leakage to window size. Hell,
| even the GPDR banners explicitly say so! Most GPDR banners
| now contains an option to allow site owner to fingerprint
| your browser to track you.
|
| Considering the way we went with browsers (was it right
| adding so many features? I don't know. But the effects are
| there), we CAN NOT put this on browsers, it is technically
| impossible. If Google wants to prove the world that it is
| possible, fine, I'll grab popcorn. But at the moment they are
| not even trying.
|
| So no, history has proven again and again that those privacy
| issues can not be handled technically. Only through
| regulation can privacy be preserved.
| Reason077 wrote:
| > _" If you're using a menstruating-cycle app, GPDR will
| protect you against the app owner publicizing your name
| that you're pregnant, and thus protect you against anti-
| abortion mobs, if you wish to abort. A cookie banner
| wouldn't do that. Because GPDR is NOT about the cookies."_
|
| Absolutely. I'm _not_ arguing against GDPR, which includes
| many important rights and protections that don 't have much
| to do with cookies. I'm arguing against intrusive and
| pointless cookie pop-ups.
| chrismorgan wrote:
| I think the really crazy thing about the cookie banner
| stuff is that it's actually nothing to do with GDPR: it's
| almost entirely about the ePrivacy Directive of 2002. Yes,
| 2002. (At that time it was opt-out, but you still had to
| disclose clearly; in 2009, it was revised to opt-in, and
| there was again very minor fuss but not much compliance.)
| It's just that most people didn't do much about it until
| GDPR came along, and then people conflated the two.
| jefftk wrote:
| _> The cookie-blocking features in modern browsers (except
| Chrome, probably, haha) effectively make tracking opt-in
| anyway, don 't they?_
|
| Browsers are generally only working on stopping cross-site
| tracking, but cookie banners are needed even for first-party
| cookies (ex: local telemetry, shopping carts).
| TheCoelacanth wrote:
| You don't need a cookie banner for a shopping cart.
| jefftk wrote:
| You do for the way shopping carts are usually
| implemented. Say you put something in your cart, close
| the browser, and reopen it the next day. On basically all
| sites, the item is still in your cart, but that requires
| cookie consent because it isn't "strictly necessary in
| order to provide an information society service
| explicitly requested by the subscriber or user".
|
| See this earlier discussion:
| https://news.ycombinator.com/item?id=29530890
| lesuorac wrote:
| I agree with the interpretation that you can just leave
| it in the cart forever.
|
| Mechanically if you add something into a physical
| shopping cart it will remain there forever until you take
| it out. But legally the pdf has the claim "a merchant
| could set the cookie either to persist past the end of
| the browser session or for a couple of hours" [1] and to
| me that means indefinitely or a few hours.
|
| [1]: https://ec.europa.eu/justice/article-29/documentatio
| n/opinio...
| Reason077 wrote:
| Yes, but usually cross-site tracking is the creepy stuff
| that people are concerned about. I don't have much of a
| problem with first-party cookies, personally, but some
| browsers (Firefox) are now offering "Enhanced cookie
| clearing", which can automatically clear first-party
| cookies at the end of each session, configurable per site.
|
| And every browser offers a private browsing mode which is
| more or less the same effect.
| lakomen wrote:
| A few days ago I visited a German provincial government website
| that had a cookie banner for the cookie banner provider. It's
| really funny if it wasn't so stupid.
| hericium wrote:
| > wouldn't actually need one if they'd just turn off Google
| Analytics.
|
| Isn't one of the incentives for Analytics, that by knowing your
| audience Google will be able to suggest your site to their
| search engine users?
|
| I've heard more than once something in the lines of "we can't
| disable analytics as we'd lose traffic".
| slenk wrote:
| Maybe they'd lose the ability to correlate traffic to your ad
| revenue, but having google analytics or not does not
| determine if you get traffic
| that_guy_iain wrote:
| For most people, analytics is just about know how much
| traffic you're getting and where it's coming from and what
| they're doing on your site. For example, if 30% of the
| visitors from reddit.com convert to paying customers but 60%
| of users from indiehackers.com convert to paying customers
| you'll know to spend time, money, etc on indiehackers.com.
|
| Also, my understanding is Google pretends like they don't
| really look at your traffic data and use that for search.
| weird-eye-issue wrote:
| What are you talking about?
|
| I've been in SEO for a while and there are a lot of myths but
| I've never heard anything quite this wrong before.
| Ensorceled wrote:
| It's a pretty persistent "myth" ... do you have any support
| that it's a myth other than "I've been in SEO for a while"?
| mikestew wrote:
| Do you have any support that it's _not_ a myth, other
| than..."a lot of people are saying..."? I mean, burden's
| on the one making the claim, not the other way around.
| Ensorceled wrote:
| There are literally "a lot of people saying" it isn't a
| myth, I've heard them, and one guy saying it is a myth
| and is an expert ... so, seems like that expert could
| straighten the issue out for us?
|
| I mean, the burden is on both sides here but one has
| "been in SEO for a while".
| nicbou wrote:
| What's asserted without evidence can be dismissed without
| evidence. Also the first claim is not falsifiable.
| Ensorceled wrote:
| Ummm, sure, I'm not disputing that. Just saying the
| expert could do us a favour ...
| weird-eye-issue wrote:
| Google doesn't need GA data. They know how many times
| people see sites in search results, how many people click
| them, and if people go back to make the same search
| again.
|
| Besides, GA data is easily faked. I can give a site a low
| bounce rate or make it look like people spend a long time
| on a page. Google can't trust their own Analytics data
| because of this since it is client provided.
|
| Sounds like a myth non-SEO people believe because, again,
| I've never even heard this before. And SEOs believe a lot
| of myths but this one is just too stupid
| fooey wrote:
| Yeah, it's obviously an urban legend
|
| People will do an update on their site, which includes
| removing GA, then blame GA exclusively for tanking their
| rankings. All of which is probably coincidental to an
| algorithm change that was going to de-rank them anyways
| kmeisthax wrote:
| The goal of the announcement is purely to make the EU look
| stuffy and bureaucratic. "Look, we got rid of those annoying
| cookie pop-ups THEY forced on US!"
|
| Tories need this because of two reasons:
|
| 1. Brexit is hurting the UK economy
|
| 2. They need to distract from the Partygate scandals[0]
|
| As for Google Analytics... I've talked with multiple clients
| who have wanted to improve site performance on their stores.
| The first thing I usually point out is the multiple overlapping
| analytics packages downloading multi-megabyte JavaScript files.
| Those are, of course, absolutely untouchable for whatever
| reason, and we just have to work around the most obvious
| performance flaws in their site.
|
| The reasons why someone might tank their site performance with
| a bunch of conflicting ad trackers is not just because "data is
| valuable". We're conditioned to think of ad tracking as solely
| interest targeting[1] and remarketing[2], but a huge part of it
| is also just attribution. Advertising is paid for on a per-
| click or per-conversion basis, and nobody trusts nobody in this
| industry, so _everything_ needs to be tracked or the people
| _buying_ ads get gamed out of their money by the people they
| buy ads from.[3] So even if you just want to _buy_ ads, you
| often also need to have tracking on your website purely so that
| the ad network can either protect you from click fraud, or if
| you 're paying per conversion, actually track how much you owe
| them.
|
| [0] For those who are not in the UK, like me: The scandal is
| the fact that the PM and his staff were running a bunch of
| illegal parties while the whole country was on COVID lockdowns.
|
| [1] When ad networks track your interests to serve more
| relevant ads. As the ad buyer you can purchase ads based on
| these specific interest categories; i.e. "I want this ad to be
| served to 40-year-old men with an interest in cars"
|
| [2] When ad networks track your history to serve ads based on
| what sites you've visited recently. This is actually a
| different thing from interest-related ads; it's more like "I
| want this ad to be served to anyone who has just gone car
| shopping".
|
| [3] This is also why on-domain advertising will never be a
| thing outside of the big social media networks.
| [deleted]
| phh wrote:
| > The reasons why someone might tank their site performance
| with a bunch of conflicting ad trackers is not just because
| "data is valuable". We're conditioned to think of ad tracking
| as solely interest targeting[1] and remarketing[2], but a
| huge part of it is also just attribution. Advertising is paid
| for on a per-click or per-conversion basis, and nobody trusts
| nobody in this industry, so everything needs to be tracked or
| the people buying ads get gamed out of their money by the
| people they buy ads from.[3] So even if you just want to buy
| ads, you often also need to have tracking on your website
| purely so that the ad network can either protect you from
| click fraud, or if you're paying per conversion, actually
| track how much you owe them.
|
| Thanks. I think this is severely understated. Ad people
| managed to force the debate to "customized ads" vs "privacy",
| saying that websites could make money exclusively with
| customized ads. We've seen here on HN a lot of examples of
| people realizing that was bullshit (I would guess there are
| some cases where customized ads can be beneficial, but
| overall they seem little).
|
| Apple showed how to make attribution privacy-friendly (I have
| no idea whether there implementation works and scale), yet
| debates still manage to ignore that totally.
|
| That being said, solving attribution doesn't actually...
| solve attribution problem. The reason being for the case
| where I search Nokia D3500 on Amazon, then I go on random
| website, which will show me ads for Nokia D3500 on Amazon,
| and I click on this ad to buy what I already planned to buy.
| In that case, the random website will get money, with current
| unprivate ads, while they won't with the private one. I
| didn't change my consumption based on that ad, so the ad has
| literally 0 value, "private-friendly ad" properly reflects
| that, however the migration from not private to private ad
| will reduce the revenue for websites (even though this didn't
| have any impact on my purchasing behavior).
|
| Edit: It does solve attribution for "proper meaningful" ads:
| If I'm reading camera reviews on some websites, and they have
| affiliated links for those reviews, then they'll rightfully
| get money for it, whcih is good!
| kmeisthax wrote:
| The role that remarketing played in poisoning the well
| can't be forgotten either. Targeted ads were sneaky (and,
| arguably people preferred them to untargeted), while
| remarketing ads made you feel _seen_. It was almost waving
| in the user 's face how much data you have on them. "You
| like to watch Netflix's Castlevania!"
| jasonkester wrote:
| The popups are annoying specifically because the rules lumped
| Google Analytics in with all the bad tracking that evil
| companies do.
|
| I want to know how many people visited my website. So does
| every website. It's something that websites need to know. We
| use Analytics to handle that for us, and because of this silly
| EU rule we're all technically breaking the law by not bothering
| every single visitor with annoying popups.
|
| Now there are in fact bad companies collecting data on
| individual people, correlating it between sites on the backend,
| and using it for nefarious purposes. Those are presumably the
| reason these stupid laws were passed in the first place, and it
| would be nice if they actually did need to show a button for
| you to click.
|
| But since the law says that _everybody_ needs to show that
| button or lose the ability to know how many people saw their
| site, you never know whether you 're getting the button for an
| evil site or just one of the millions of other sites you visit
| every day.
|
| I don't blame the evil companies even a little bit for this
| mess. It's the people who passed these terribly thought out
| laws. They'll keep passing more of them until we stop letting
| them.
| weberer wrote:
| >I want to know how many people visited my website. So does
| every website
|
| You can do that easily without third-party tracking cookies.
| jefftk wrote:
| Google Analytics doesn't use any third-party cookies; it
| uses first-party cookies only. [EDIT: this is too broad;
| see comments below] While the JS is loaded from a third-
| party origin, its notion of identity is entirely per-site.
|
| (Disclosure: I used to work on ads at Google)
| btdmaster wrote:
| It seems certain features are restricted to third-party
| cookies: https://developers.google.com/analytics/devguide
| s/collection.... In practice though, moving from third-
| party to first-party is simply a way to reduce the
| probability that the spyware gets blocked by the user
| agent.
| jefftk wrote:
| _> certain features are restricted to third-party
| cookies_
|
| You're talking about the https://developers.google.com/an
| alytics/devguides/collection... section, right? That's
| only for sites that are already using third-party cookies
| for advertising, has to be specifically enabled, and
| doesn't seem very applicable to our "know how many people
| visited my website" discussion? But my comment above was
| too broad, and I've edited it to point here.
|
| _> moving from third-party to first-party_
|
| GA, back to the Urchin days, has always been built around
| first-party cookies though.
| btdmaster wrote:
| > https://developers.google.com/analytics/devguides/colle
| ction...
|
| Is that the same as
| https://support.google.com/analytics/answer/2700409?
| jefftk wrote:
| I think so? It's about linking advertising activity
| (keyed by third party advertising cookies) with analytics
| activity (keyed by first party analytics cookies)
| blooalien wrote:
| Indeed. You get that and so much _more_ useful information
| for _free_ in your web-server logfiles. Any half-decent web
| server log analyzer tool will classify and graph all the
| useful data in those log files and present it to you in a
| nice shiny web page or report document of some sort. No
| cookies required.
| vips7L wrote:
| ...Can you not track how many people visit your site on the
| back end?
| jameshart wrote:
| A lot of modern cloud architecture is concerned with the
| business of making sure web requests don't reach your
| servers if they don't have to. Edge caching, content
| distribution networks, browser cache handling.
|
| If you do it right, a high proportion of your site visits
| leave no trace in your logs that they were ever there.
| chrismorgan wrote:
| No reason why your edge CDN can't log requests.
| jameshart wrote:
| Presumably at some sort of additional cost, though. So
| then we're into the business of weighing up whether to
| spend money on obtaining raw logs or purchasing the CDN's
| own traffic analytics add on... or just going with a
| third party. This stuff isn't just _built in_.
| Thiez wrote:
| Even if the CDN can't (for whatever reason) one could
| easily include a tracking pixel on every page that is
| marked as `Cache-Control: no-cache`, or insert a few
| lines of JS to do the same.
| jasonkester wrote:
| Sure. Everybody can.
|
| But Google Analytics is a 30 second setup, whereas setting
| up a log analyzer (or even getting logging going in the
| first place) is a much bigger hassle. Some of my stuff is
| on wacky Cloud Function hosting that I wouldn't have the
| first idea of how to go about logging.
|
| Thus, nearly 100% of us just use Analytics. If they had an
| "evil" checkbox that I could uncheck to stop it doing
| whatever you're worried it will do, then I'd happily do so.
|
| Frankly, I'm not sure what GA could do that would bother
| anybody. All it does is tell me how many people saw what
| page and how long they stayed there. It certainly can't
| tell me anything about you personally.
| ectopod wrote:
| The problem isn't that you are invading your users'
| privacy. The problem is that you are allowing Google to.
| Schroedingersat wrote:
| That's a you problem. It doesn't entitle you to help
| google stalk your users.
| Hizonner wrote:
| On the other hand, if you do it yourself you'll see all
| the people who block all contact between their browsers
| and anything they can identify as an "analytics" site.
|
| I don't have time to screw around with figuring out what
| uses third-party cookies, what uses browser
| fingerprinting, what correlates information across sites,
| and/or what tracks what how in general, nor to check all
| the time to see if any of that has changed. I'm just
| gonna block all of it, because it's not worth the
| investment of my time to make such distinctions. The most
| _I_ could get out of it would be slower page loads.
|
| Actually, I'm not even bothering to make THAT decision.
| My ad blocker blocks GA by default, and I'm not going to
| worry my pretty little head about unblocking anything
| unless something breaks.
| Schroedingersat wrote:
| > The popups are annoying specifically because the rules
| lumped Google Analytics in with all the bad tracking that
| evil companies do.
|
| That's because it is the most evil one of all.
|
| Just because you're only using it for one piece of info
| doesn't mean you aren't violating your users' privacy by
| handing over a complete record of every site they visit to a
| company that uses it exclusively for evil.
| avianlyric wrote:
| > But since the law says that everybody needs to show that
| button or lose the ability to know how many people saw their
| site, you never know whether you're getting the button for an
| evil site or just one of the millions of other sites you
| visit every day.
|
| Not sure where you got this from. But GDPR absolutely does
| not require this.
| jasonkester wrote:
| I got it from the post that I replied to:
|
| _I see so many websites - even club websites or private
| blogs - that have a cookie consent banner, but which wouldn
| 't actually need one if they'd just turn off Google
| Analytics. I just don't get it._
|
| He asked why we don't turn off GA. I explained.
| mkmk3 wrote:
| For sure an interesting take. Is there really no way to
| bypass gdpr restrictions if the only functionality you need
| is unique visitors? It's been a while since I read the gdpr
| doc, so at what point does your activity become relevant to
| its restrictions?
| tensor wrote:
| I looked into this, and yes, there are some services that
| can do analytics without the cookie. E.g
| https://usefathom.com. However, the vast majority use
| cookies and the ones that don't often have a much higher
| cost.
|
| Ultimately, some of these alternatives that avoid the
| cookie law are simply finding tech work arounds. I have no
| doubt in my mind that the gov would find a way to require
| popups for those services if they were more prevalent.
| jefftk wrote:
| To track unique visitors you need cookies or some other
| form of client-side storage. In Europe that means, per
| ePrivacy which predates the GDPR, you need cookie consent.
| user_7832 wrote:
| > I don't blame the evil companies even a little bit for this
| mess. It's the people who passed these terribly thought out
| laws. They'll keep passing more of them until we stop letting
| them.
|
| Apart from being a... very interesting take, how do propose
| to do this?
| tensor wrote:
| You just don't get that website owners want basic metrics to
| help them understand the health and performance of their
| website?
| YeGoblynQueenne wrote:
| >> The announcement criticized the EU's "highly complex" General
| Data Protection Regulation and promised a "clampdown on
| bureaucracy, red tape and pointless paperwork" to "seize the
| benefits of Brexit."
|
| And that's all one needs to know about that announcement.
| that_guy_iain wrote:
| For me, this is the important part.
|
| > The UK is also planning to legislate to remove the EU-derived
| requirement for the Data Protection Officer, as the person
| responsible for safeguarding an organisation's users' privacy
| rights, while simultaneously demanding under the OSB that
| companies appoint named individuals who are subject to personal
| arrests and criminal sanctions for failing to prevent bad things
| from happening on the internet.
|
| *subject to personal arrests and criminal sanctions* seems like
| the limited liability companies no longer limit the liability.
|
| I have a legal entity registered in Scotland. Seems like it might
| be time to wind that up and move it to another country. Where is
| a good company within the EU to registered?
| jamessb wrote:
| Ireland seems the natural choice, and wouldn't require you to
| use a language other than English for anything.
| closewith wrote:
| Limited liability companies in Ireland don't provide any
| protection against liability for criminal acts (nor do any
| countries), so I think the ideal would be to move to a
| jurisdiction where the act is not criminal or cease the
| criminal actions.
| that_guy_iain wrote:
| Well, the issue is, they made a company data protection
| issue criminal and not civil. It would be moving to a
| country where data protection is a civil matter in a day
| and age where data leaks happen on a regular basis.
| zekica wrote:
| I heard good things about Ireland.
| dhimes wrote:
| Kind of a Sarbanes-Oxley for privacy?
| alisonkisk wrote:
| acoard wrote:
| This doesn't even seem like it'll accomplish what's intended.
|
| The goal is to hold the company accountable, but it sounds like
| they just created legalized paid-fall guys.
|
| If the government wants to pierce the limited liability veil,
| they should either go after the persons in the company either
| directly or ultimately responsible (eg the direct manager, or
| the C-suite). Letting the company decide who takes the fall
| just means they're going to foist it on some uniformed schmuck.
|
| You get paid more for being on-call - now wait until you see
| the legaly-liable-for-the-entire-company bonus!
| pram wrote:
| Seems insane. Are there requirements for the individuals? Could
| you appoint summer interns?
| DocTomoe wrote:
| A limited liability structure still did not protect you from
| criminal activity in the past. Nothing really changes.
| that_guy_iain wrote:
| So if nothing is changing, why is it changing from a data
| leak being a criminal offence for an indivual from being a
| civil offence for the company? That seems like a massive
| change! Seems like the laws are changing!
|
| Just to be clear, some poor sod is going to end up getting a
| criminal conviction because someone at the company they work
| for but don't own fucked up. You get a so-so paid job at a
| mega corp and end up with a criminal record because some guy
| in an office you've never been to did something. That is
| nuts.
| avianlyric wrote:
| Well the law is changing to make failure to carry out your
| responsibilities as a specific officer in a company a
| criminal offence. But that's got nothing to do with a
| companies limited liability.
|
| There are plenty of other positions in companies that come
| with similar personal criminal liability. They mostly only
| exist in finance industry, but the roles of CEO, CRO, MLRO
| etc in most financial institutions come with personal
| criminal liability.
|
| The liability in these cases is usually tied to competence
| and knowledge. It's illegal to be incompetent at your role,
| and it's illegal to be ignorant of the activities of your
| company that fall within your roles responsibilities. The
| expectation is that individuals in this role will setup
| policy and monitoring frameworks to make sure that nobody
| is doing any stupid, that might result in them going to
| prison.
|
| All of these requirements came into existence after the
| 2008 financial crisis, after it became apparent that senior
| leaders in financial institutions we're keeping themselves
| deliberately ignorant of the misbehaviour of their
| companies, and creating a situation where nobody could be
| held responsible for the mess.
|
| I'm not sure that age verification for website meets the
| bar needed for applying this approach here. But there are
| certainly places where it makes sense.
| that_guy_iain wrote:
| > Well the law is changing to make failure to carry out
| your responsibilities as a specific officer in a company
| a criminal offence. But that's got nothing to do with a
| companies limited liability.
|
| The law is changing so that the liability isn't limited
| to the company. That has all to do with the companies
| limited liability.
| avianlyric wrote:
| No it's not. The law is changing to create new additional
| liabilities for people. The liabilities in question have
| never existed before, so it could never be limited.
|
| If you commit an act of murder as a company agent,
| limited liability isn't going to protect you. This law is
| simply saying that failing in your legal responsibilities
| as a specific company officer is a criminal offence. Just
| like committing fraud as a company officer, or failing to
| produce accurate accounts will also expose you to
| personal criminal liability.
| that_guy_iain wrote:
| > No it's not. The law is changing to create new
| additional liabilities for people. The liabilities in
| question have never existed before, so it could never be
| limited.
|
| GDPR, Data Protection Act, etc all exist. These are all
| leveled againist the company.
|
| > If you commit an act of murder as a company agent,
| limited liability isn't going to protect you. This law is
| simply saying that failing in your legal responsibilities
| as a specific company officer is a criminal offence. Just
| like committing fraud as a company officer, or failing to
| produce accurate accounts will also expose you to
| personal criminal liability.
|
| Comparing data protection with murder is silly. The law
| is simply stating if you breach data protection laws it's
| now a criminal matter againist a person instead of
| againist a company, Massive difference. Especially, if
| you registered a company to make sure you're not
| personally liable for data protect breaches.
| humanistbot wrote:
| > Where is a good company within the EU to registered?
|
| Estonia for sure. Their e-residency scheme is fantastic and
| designed for people all around the world to register virtual
| companies, even if you don't have any presence in Estonia.
| thayne wrote:
| How does the UK passing a law saying you don't need cookie popups
| make those popups go away. Maybe big companies will target UK
| cetizens to not get popups, but most sites will still give you
| popups, because giving everyone popups to comply with EU laws is
| a lot easier than figuring out if you live in the EU or not. For
| example, the US doesn't have requirements for cookie consent, but
| you still see a ton of these popups if you live in the US.
| sdfhbdf wrote:
| Hmm the main allegation against GDPR seems to be that it lead to
| creation of useless pop-ups, which is partially true but it
| should be also highlighted that GPDR itself does not require a
| pop-up mechanism just consent, it did not specify what
| technological implementation should there be. It is the website
| owners to blame for using daunting cookie pop-up implementations.
|
| This is to say that "killing pop-ups" should not be a point of a
| legislation if there isn't one that requires these pop-ups.
| jeroenhd wrote:
| The popups are a revenge tactic used by data hoarders. "Oh,
| look at this terrible EU, they make us show you all kinds of
| popups [small]because we want to track your every move
| online[/small], poor you, the inconvenienced users! If only
| there was a way to prevent this terrible faith!"
| TheRealDunkirk wrote:
| This whole charade feels exactly like ISO-9000 and SOX
| compliance. Both were a pretty simple idea: document your
| policies, and document your adherence to the policies. In
| practice however, mid-level managers at Fortune 500's sprang
| into action to implement every idea thrown at them by white
| papers, underwritten by auditing firms, who would then be hired
| to come in and judge whether the company was adhering to their
| recommendations for compliance, which ultimately had very
| little to do with either precision and accuracy (in the case of
| ISO) or separation of roles and security (in the case of SOX).
| TrueDuality wrote:
| A lot of cookie pop-ups you encounter are not even remotely
| required under GDPR. They are a mostly a form of malicious
| compliance from the ad-tech industry that want the restrictions
| lifted.
| waqf wrote:
| The popups happen because that turns out to be what the
| legislation is incentivising. The solution is to make different
| legislation that doesn't incentivise popups.
|
| Some examples (obviously not problem-free, but just to show
| that a solution space exists):
|
| * No tracking even with permission
|
| * No tracking unless the user mailed you hard-copy permission
|
| * No popups
|
| * No popups unless user testing shows that a user who hates
| popups, doesn't care about privacy and is just clicking stuff
| to get to see the site, will decline tracking at least 80% of
| the time
| wdb wrote:
| I hope the day I need to proof my identity to access the internet
| for typical sites (e.g. this site or a news site etc) never comes
| golem14 wrote:
| What I don't get is that if you have a web presence in the EU,
| you're STILL subject to GDPR regulations, so really, in practice,
| for many - in particular larger - companies, you'd have now
| implement GDPR AND the new british rules.
|
| And it's not clear to me that those two sets of rules would be
| compatible, rather than mutually exclusive.
|
| What a clusterfuck!
| andy_ppp wrote:
| So the Online Harms Bill (the switch part of TFA) is about having
| a completely controlled Internet in which innovation is
| completely stalled and entirely government mandated. It seems
| kind of mad that this could be phased in soon...
|
| I presume I will have to log into hacker news via a VPN because
| obviously this place isn't going to implement anything other than
| geo blocking for UK IPs (like 99% of websites will); it certainly
| isn't going to be paying 10p+ for every user here to prove they
| are over 16/18?
|
| Do we know under what terms young people will be allowed to
| interact with the Internet?
| ssl232 wrote:
| I think for the reasons you give this bill is never going to
| actually get through in its current form, or, if it does, it
| won't be abided by nor enforced. The reason it's gotten this
| far is because government ministers don't have any idea how the
| web works and they've adopted an attitude of ignoring experts
| so they won't learn. Once ordinary Tory voters start to get
| irritated by the implications of the law (credit card to view
| porn?) it'll get quietly scrapped. In any case, I know
| otherwise-luddite 60 year olds who know how to use VPNs to
| watch geoblocked TV, so getting around it will be trivial for a
| sizeable chunk of the population. And there's no way the UK
| government has the resources and political capital to police
| the internet on the scale required by this bill.
| dane-pgp wrote:
| > And there's no way the UK government has the resources and
| political capital to police the internet on the scale
| required by this bill.
|
| It doesn't have to, it just has to follow up by making VPNs
| illegal, and then selectively enforcing that law against its
| political opponents.
| ssl232 wrote:
| I don't doubt that the government can make life hell for
| its opponents if it wants to, I just doubt that ordinary
| voters will allow it to get that bad. Tories have such
| power right now because they're taking actions (and making
| signals) popular with the people, whether the rest of us
| agree or not. I don't buy that they've so corrupted the
| system that it no longer matters what the voting public
| think, which is why I still believe this bill is not going
| to be implemented or enforced in a way that removes real
| freedoms, once the public notice.
|
| Besides, don't plenty of despotic countries already ban
| VPNs around the world, to limited effect? A large, liberal
| country like the UK banning them would I'm sure drive
| improvements to VPN protocols to make them even harder for
| ISPs to detect.
|
| Maybe I'm too hopeful for the future...
| toyg wrote:
| _> I just doubt that ordinary voters will allow it to get
| that bad_
|
| A lot of people said that in 2015. And in 2016. And again
| in 2019. And here we are.
|
| Ordinary voters _want_ this stuff. They don 't know any
| better, and the UK press does its best to keep them that
| way.
| andy_ppp wrote:
| I think you're wrong, this UK government is scarily
| authoritarian and vindictive towards anyone who crosses them
| (see bullying of the BBC and the sale of Channel 4 as just
| two examples).
|
| Why do the commenters here don't think they want to be able
| to control and bully opponents on the Internet too?
| riskable wrote:
| > geo blocking for UK IPs (like 99% of websites will)
|
| Nahh, they'll just ignore UK law just like they ignore other
| countries laws. I mean, do you _really_ expect every website
| owner to be versed in every single country 's laws? There's no
| way!
|
| Unless they "do business" in a specific country (e.g. selling
| goods/services) there's not really any downside to just
| ignoring that country's laws (when it comes to website/data
| stuff).
|
| I don't plan to ever sell stuff to say, Guyana and never plan
| to go there. Why should I care what their laws are regarding
| websites/data collection? It's completely irrelevant.
| EGreg wrote:
| I have a serious question... in elections, we need to know a
| person has exactly one account etc. Entering a bar, they need to
| know you're 21 or over etc.
|
| The PROPER mechanism for this would be a certificate issues by a
| trusted authority (or a few) that would somehow prove with a zero
| knowledge proof that you have one of the certificates, but every
| time it would be different and unlinkable to you. It wouldn't
| leak an identifier that can be used to track you.
|
| Google GROUP SIGNATURES, that is what we want to achieve. How? Is
| there a well-known software library in crypto, besides a mixer
| like Tornado.Cash or rings like in Monero? Something like openssl
| so we don't have to "roll our own"?
|
| The technical name for what I want is Group Signatures, starting
| with this seminal paper by Chaum in 1991: https://chaum.com/wp-
| content/uploads/2021/12/Group_Signature...
|
| But what is the latest State of the Art in Group Signatures? What
| is used today, that can work at scale for groups of MILLIONS of
| people, and still be anonymous? Chaum's conception is linear in
| the number of group members and the group has to be fixed in the
| beginning, and can't be dynamically changed. That means issuing
| new certs once a year year to people who have come of age at 18,
| or registered to vote etc. That proves your age so they'd have to
| actually create larger groups by aggregating these together with
| previous groups (they could also remove people from the rolls if
| they haven't retegistered for a while, eg for a driver's license
| again).
|
| This is the latest work I could find and it's from 2003... why is
| no one making progress in this field, or implementations?
|
| https://cseweb.ucsd.edu//~daniele/papers/BMW.pdf
| jeroenhd wrote:
| There are mechanisms out there that try to minimise data
| exfiltration to validate certain facts about a person. IRMA [1]
| has a system that's developed quite well though development and
| expansion has slowed down over the years. It's a lot more
| chatty than using offline certificates, but the privacy
| challenges are very similar. The basic premise is that your ID
| holds your date of birth and that date of birth can be used to
| generate a signed token that says "over x years old". For
| Europe this can be 18, for America this can be 16 or 21,
| depending on what you're trying to gatekeep.
|
| Having users manage cryptographic secrets seems like an
| absolutely terrible idea. Developers and system administrators
| are incapable of renewing certificates in time, it'll only slow
| everything down.
|
| None of these technical measures solve the core issue, though,
| which is that kids will lie about their age online. They'll
| find a friend/family member/random guy over the required age
| and copy the super privacy friendly secret token to their
| devices and boom, everyone is 18. Cryptographic age
| requirements raise the bar but ultimately they'll never be
| enough.
|
| [1] https://irma.app/?lang=en
| EGreg wrote:
| What I am talking about is essential for voting or UBI. One
| person one account.
|
| It isn't just for kids.
|
| The hardest part is to make sure that the certificate issuing
| authorities aren't corrupted (eg by having a self regulating
| organization like FINRA) when they give out certificates --
| since those represent free cashflows or outsize voting
| shares.
| dsr_ wrote:
| The problem is that "exactly one account for election voting"
| and "untraceably anonymous" don't go together.
|
| What we've got now is a physical mixing where you "prove" your
| identity to a clerk at the assigned polling location, you are
| issued a physical token which you fill out in privacy, and then
| the token with the voting information on it is mixed with all
| the others from that polling location. By having opposed
| auditors watching vigilantly, we get some confidence that
| ballots are not altered or replaced.
|
| Let's say that you have a system which has a single account for
| every citizen (fine in theory), which can issue an anonymous
| bearer token that can be used for voting later. That bearer
| token is now vulnerable to being sold, confiscated, copied (but
| only usable once, so there's a race), forgotten, and can go
| unused.
| EGreg wrote:
| Yes they do. This is basically Group Signatures. I am just
| asking whether BBS04 is the state of the art still. In there,
| the group manager is the only one who can deanonymize people.
|
| Is there any way to provably opt out of this latter feature,
| so we can be sure NO ONE can link signatures to users? That's
| Chaum's original 1991 conception.
|
| The alternative is to use ZK mixers on distributed ledgers
| that have solved the double spend problem, but the jury is
| out on just how anonymous and unlinkable they really are in
| practice: https://arxiv.org/pdf/2201.09035.pdf
___________________________________________________________________
(page generated 2022-06-17 23:02 UTC)