[HN Gopher] In wake of data breach - Samsung forcing users to ac...
___________________________________________________________________
In wake of data breach - Samsung forcing users to accept T&CS or
risk their data
Author : dddavid
Score : 103 points
Date : 2022-09-05 18:14 UTC (4 hours ago)
(HTM) web link (thecrow.uk)
(TXT) w3m dump (thecrow.uk)
| dimensionc132 wrote:
| The hack shows, that users data is at risk regardless of whether
| users accept the T&Cs.....how moronic to think that accepting new
| T&C will somehow negate another hack or data breach.
|
| I guess normies will believe it ... :(
| systematical wrote:
| I'm more interested to see how this guys raspberry pi server
| holds up.
| walrus01 wrote:
| Probably pretty well, as the content seems to be static HTML,
| any sensible apache2 or nginx configuration (And linux kernel
| storage-to-ram caching) will keep the frequently-accessed HTTP
| GET requests in RAM. And a raspberry pi with 4 or 8GB of RAM
| has enough resources for quite a lot of simultaneous threads.
| dddavid wrote:
| Past experience with articles making it to HN FP show it can
| handle up to around 3K visits /hour without too much trouble.
| Maybe more, but my Matomo analytics instance tends to give up
| around then. Right now it's pulling maybe 700 visits/ hour.
|
| If it starts looking bad, I'll move the site onto a VPS
| Macha wrote:
| A pi 4b is more power than the basic 1 vcpu, 1gb or 2gb VPSes a
| lot of personal blogs on this site use. If it's a static site
| (and it appears to be, meta generator=Jekyll) then a pi 4b
| should be plenty for HN.
| metadat wrote:
| tl;dr:
|
| > Whether or not Samsung's updated terms affect you, you'll have
| to accept them in order to get the reassurance that no-one has
| logged into your Samsung account, and is currently monitoring
| your whereabouts using the "find my device" feature, checking out
| your frequent locations in "Places", or using your profile pic to
| create fake accounts elsewhere. If you don't want to accept terms
| and conditions foisted on you with the barest nod towards
| consent, well, that's tough really.
|
| Android users might unknowingly be victims of location monitoring
| by a hacker, and users are forced to accept new ToS just to
| verify whether this is or isn't happening.
|
| Yuck, what a user-hostile privacy+security mess. A total failure
| on the "Keep-Users-Safe" front.
| walrus01 wrote:
| > the new terms are instead, "governed and construed in
| accordance with the laws of the jurisdiction where you are a
| resident." This could be good or bad, depending on where you
| live.
|
| I'd like to see what happens when someone in Afghanistan with a
| late-model Samsung android phone files a lawsuit against them in
| the Taliban's local sharia law court.
| vorpalhex wrote:
| I know this is tongue-in-cheek, but one of the reasons why the
| Taliban was tolerated in many areas is because they had very
| comprehensive courts that took cases quickly and gave justice
| swiftly (but probably not very fairly).
|
| There is a story of a taliban fighter who had stolen from a
| local. The local opened a case at the local taliban court.
| Judge agreed with the local and whacked off the fighters hand
| right there.
|
| Anyways, Samsung v Owner in a taliban court would be
| entertaining for sure.
| gambiting wrote:
| Absolutely nothing because obviously they won't show up,
| Samsung doesn't have any presence in Afganistan, and Taliban do
| not have any ability to enforce their rulings outside of
| Afganistan.
| HarryHirsch wrote:
| You may laugh, but the local sharia judges generally have a
| reputation of being impartial and of not taking bribes.
| Apparently it's not uncommon to agree to have a dispute
| arbitrated by a kadi both parties agree on. Regular court is
| just hopelessly corrupt.
| kmeisthax wrote:
| >They also remove the prohibition against class action lawsuits,
| and allow disputes to be settled in court instead of through
| arbitration. This is actually good news for litigation-minded
| Samsung customers - especially in light of certain recent data
| breaches and unnecessary delays in reporting them.
|
| Fun fact: much of this is because lawyers started telling people
| how to launch arbitration en-masse, and it turns out you cannot
| legally compel arbitration without also offering to pay for it.
| And since there's no class-action provision with most arbitration
| companies, it was actually _more_ expensive to compel arbitration
| than to just take the class-actions.
| dataflow wrote:
| Companies have started prohibiting mass arbitration in their
| ToS in response.
|
| Edit 1: Since people requested an example, here's Adobe's:
|
| > The Notice of Claim must provide Adobe with fair notice of
| your identity, a description of the nature and basis of your
| Claim, and the relief you are seeking, including the specific
| amount of any monetary relief you are seeking, _and cannot be
| combined with a Notice of Claim for other individuals_.
|
| Edit 2: Here's Venmo's, which is more comprehensive
| (https://venmo.com/legal/us-user-agreement/):
|
| > You and PayPal agree that each of us may bring claims against
| the other only on an individual basis and not as a plaintiff or
| class member in any purported class or representative action or
| proceeding. Unless both you and PayPal agree otherwise, the
| arbitrator may not consolidate or join more than one person's
| or party's claims and may not otherwise preside over any form
| of a consolidated, representative or class proceeding. Also,
| the arbitrator may award relief (including monetary, injunctive
| and declaratory relief) only in favor of the individual party
| seeking relief and only to the extent necessary to provide
| relief necessitated by that party's individual claim(s). Any
| relief awarded cannot affect other PayPal or Venmo customers.
| vorpalhex wrote:
| That reads like just the notice of claim itself. You can of
| course bulk generate individual claims.
| dataflow wrote:
| Sure, maybe with Adobe's. See update--I added Venmo's,
| which goes beyond that.
| vorpalhex wrote:
| Interesting.
|
| Thank you for the examples by the way.
|
| I do wonder if the Arbitration Society will find these
| terms acceptable. They have some ability to throw out
| unfair terms (in respect to arbitration).
| armchairhacker wrote:
| Is there anything stopping 1 lawyer from representing
| 1000 clients with more or less the same copy-pasted
| arguments?
| dataflow wrote:
| If he's willing to go through 1000 individual
| proceedings, probably not? I'm not sure how long
| proceedings take, but I imagine that would take a good
| chunk of the lawyer's life (1000 one-week proceedings =
| 20 years).
| wongarsu wrote:
| Time to hire 100 interns for a couple weeks. Presumably
| the proceedings are all more or less the same, so you
| only need a good lawyer to work it out once and an army
| of low-paid helpers to repeat the recipe book 990 times.
| hedora wrote:
| Send 1000 copies of the same letter to the arbitration
| firm. When BigCo tries to get you to agree to combine the
| claims, agree to do so if and only if they pay out $1M to
| cover the legal expenses they are avoiding.
| pessimizer wrote:
| The point is making arbitration expensive. In order to
| set up the process by which Venmo will have to pay an
| arbitrator to manage 1000 claims, it costs the lawyer
| 1000 sheets of paper and 1000 stamps.
| cmeacham98 wrote:
| Don't these both benefit mass arbitration? The point, as I
| understand it, is to have a lot of people submit claims about
| an issue so the company is forced to pay for them all.
|
| If, instead, claims could be combined then
| Adobe/PayPal/whoever could combine them all and presumably
| avoid paying to arbitrate each individually.
| dataflow wrote:
| > Don't these both benefit mass arbitration?
|
| Well, I think it's safe to assume they don't, given
| companies started adding these terms after mass arbitration
| became popular.
|
| As to how/why they don't, I'm not sure. But if I had to
| take a guess, I imagine motivations could include: (a)
| clogging the arbitration system to slow claims down to a
| crawl (since they can't be handled en masse), (b) making it
| difficult for every individual to demonstrate damages
| (since many people will not be able to prove actual harm),
| (c) forcing every individual to contribute _significant_
| time and effort into the process (which will not be worth
| it for many people, and practically impossible for many
| others).
| buscoquadnary wrote:
| "It's better than legal we're using the law to keep
| justice away" - The PHB
| tintor wrote:
| I am curious. Do you have an example of such ToS?
| AlexandrB wrote:
| How do you prohibit something like that? "Disputes are solved
| through arbitration, unless a bunch of other people want to
| do it too, then..."?
| mysterydip wrote:
| reminds me of the "not responsible for damages" some dump
| trucks have written on the back
| m463 wrote:
| Also, you can opt-out of arbitration in california (I believe
| if you notify them in a specific time period)
| dataflow wrote:
| The painful part is, if you're doing this for privacy
| reasons, you frequently have to give them _more_ personal
| information (and accurate ones too! not bogus ones you might
| 've used to sign up for an account) just to opt out. And you
| often don't get any acknowledgment of the opt-out either,
| which I imagine means you'll have to do this with e.g.
| certified mail and keep around evidence that you opted out.
| And if you gave them bogus info and now want to opt out... I
| imagine that might be a ToS violation which I expect would
| give them an excuse to toss your claim away. Not sure how any
| of these would fly in court, but as a layman it sure looks
| like a purposefully self-defeating uphill battle.
| zeristor wrote:
| My LG TV has a new Agreement.
|
| I guess I'll just unplug the network table, assuming it can't
| tunnel back up the HDMI cable to my Apple TV.
| WithinReason wrote:
| How would it be able to? Does the TV, the cable and the Apple
| TV all support Ethernet over HDMI?
| GauntletWizard wrote:
| Who knows? As you said, there's a pretty clear channel for
| it, and would be advertised as a feature for all those
| devicves.
| DanAtC wrote:
| Samsung is such a trash company with garbage products. Why people
| are willing to pay them a premium is beyond me.
| kleiba wrote:
| _And if you created your account before September 2021, Samsung
| is under no obligation to notify you when those terms change -
| unless you attempt to log into your online account, that is._
|
| Wouldn't that depend on which legislation you live in?
| Tijdreiziger wrote:
| I live in the Netherlands, created my account before September
| 2021, and Samsung keeps sending notifications to my phone
| urging me to accept their new terms.
| cryptonector wrote:
| > One new aspect which may scare Samsung customers is:
|
| > "We respect the intellectual property rights of others. We may
| suspend or delete an account or stop providing all or part of our
| Services to an account if we reasonably believe that such an
| account has repeatedly infringed intellectual property rights."
|
| > The terms don't say what constitutes reasonable belief.
|
| You have no digital rights. And yes, it's a private company, blah
| blah blah. But you still have no digital rights. And most
| everything happens on the Internet now. Think.
| [deleted]
| googlryas wrote:
| The terms also don't define "intellectual property". Or
| "respect". Or "that".
|
| Reasonable belief is a well understood concept. It doesn't need
| a definition in the terms of service. A judge reviewing a
| complaint by a party against Samsung will understand what
| "reasonable belief" means.
|
| > But you still have no digital rights.
|
| I think you're confused. It seems like you want Samsung to
| _not_ have digital rights. You have digital rights, but not to
| use someone else 's system in a manner which they don't want.
| If they operate a system, they have a right to specify how
| users can and can't utilize the system. You have the same
| rights.
| cryptonector wrote:
| The problem here is that due process is extremely expensive
| to obtain. Let's say you have reverse engineered something,
| but the IP holder claims you stole it, so the provider shuts
| you down, and now you're losing money _and_ you have to file
| a lawsuit in a possibly-hostile, far flung jurisdiction,
| _and_ it may take weeks to get injunctive relief ( _if_ you
| get it), and months or years to settle the case, and all of
| this while having lost your income and having to foot hefty
| legal bills. Few will bother. The effect is chilling.
|
| Thus, "reasonable belief", while a legal term of art, is
| pretty meaningless to users.
|
| > It seems like you want Samsung to not have digital rights.
|
| I wrote nothing of the sort. But now that you put me on the
| spot, I'll tell you what I want: either that users get better
| access to due process, or that common carriers to have less
| power over what they carry (not zero power, just less), or
| both. While it's true that there are expensive, abusive users
| out there, we need to strike a better balance for all the
| users who aren't.
| googlryas wrote:
| What would "access to due process" look like to you?
| cryptonector wrote:
| Excellent question.
|
| First, I'd like users to get a reasonable amount of time
| to challenge any suspensions or bans before they take
| effect, using an internal appeals process. Second, I'd
| like users to get a reasonable amount of time to further
| appeal lost appeals, again, internally. Thirdly, I'd like
| there to be some civil and criminal liability for making
| false reports, and some civil liability for common
| carriers acting on false reports. I.e., the costs to
| common carriers of acting rashly should be a great deal
| greater than they are currently.
| googlryas wrote:
| In this system, should Facebook be forced to keep serving
| child porn, while the child pornographer is going through
| the internal appeals process?
| [deleted]
| ThrowawayR2 wrote:
| > " _It seems like you want Samsung to not have digital
| rights._ "
|
| Never thought I'd see the day people would be arguing
| vehemently for the rights of multi-billion dollar
| international conglomerates with an army of highly paid legal
| staff so that they can arbitrarily mistreat consumers. Has
| the world gone mad?
| googlryas wrote:
| But they can't arbitrarily mistreat customers. Which is
| what the ToS is about.
|
| And I'm merely reminding OP that companies, as just a group
| of people with a common goal, have rights too, because OP
| seemed to have forgotten that. I'm not out here shouting it
| in the drive thru line at a Wendy's.
| cryptonector wrote:
| > But they can't arbitrarily mistreat customers. Which is
| what the ToS is about.
|
| Users have almost no way to enforce what little the ToSes
| grant them, and no injunctive relief w/o a great deal of
| effort beyond the reach of most users.
|
| > And I'm merely reminding OP that companies, as just a
| group of people with a common goal, have rights too,
| because OP seemed to have forgotten that.
|
| Stop ascribing to me things I did not write and about
| which I've already corrected you. Keep things civil
| please.
| jbay808 wrote:
| It's a real problem that corporations can afford to spend much
| more time writing these agreements than customers can spend
| comparing them.
|
| I'd certainly prefer to choose a competitor that didn't have
| abusive terms, but I don't think the market would really reward
| a company that offers such. Most customers just wouldn't even
| realize they care about it, until it bites them.
___________________________________________________________________
(page generated 2022-09-05 23:00 UTC)