[HN Gopher] Meta now lets EU users unlink their Facebook, Messen...
___________________________________________________________________
Meta now lets EU users unlink their Facebook, Messenger and
Instagram accounts
Author : pg_1234
Score : 330 points
Date : 2024-01-22 16:00 UTC (7 hours ago)
(HTM) web link (www.neowin.net)
(TXT) w3m dump (www.neowin.net)
| cnity wrote:
| This must have been a painful engineering effort that I bet
| absolutely consumed the backlogs of at least tens of teams.
| Usually business assumptions about user accounts have their
| tendrils deep into the architecture and services that presumably
| many many years of code sits on top of.
| madsbuch wrote:
| Could be that they have not been entirely consolidated yet as
| they all previously were individual products.
|
| From a user perspective is appears like the users have been
| relatively loosely coupled.
| cnity wrote:
| True, in which case it might be even more painful: imagine
| ending a year long epic to consolidate user account logic
| only to have to reverse it.
| mynameisvlad wrote:
| Instagram might have been a separate product, but Messenger
| was just Facebook's built in chat feature.
| ffpip wrote:
| > presumably many many years of code sits on top of.
|
| Not so many, since they tried to link all 3 only few years ago
|
| https://www.theverge.com/2019/3/6/18253472/mark-zuckerberg-f...
| LinAGKar wrote:
| That may be the case for Instagram, which was developed
| separately and then acquired, and which still uses separate
| accounts that AFAIK can be created without a Facebook
| account, although they can be connected to one.
|
| Messenger though has always just been the chat function on
| Facebook, which can nowadays also be used via a dedicated
| website/app if you like. It doesn't even have separate
| account infrastructure on the backend, unlike Instagram.
| Looks like they're getting around that by essentially
| creating a second Facebook account, with social media
| features disabled.
| wrboyce wrote:
| Many years ago when I disabled my Facebook account I
| noticed that Messenger continued to work, so there was
| definitely some level of separation.
| smashed wrote:
| But can you really disable a Facebook account?
| TheRoque wrote:
| Disabling merely means just making yourself invisible,
| and the Facebook profile unusable, but all the data stays
| there. If you delete it though, your messenger account is
| no more.
| eastbound wrote:
| Even for EU citizen with GDPR?
| Sharlin wrote:
| Disabling is what it says on the tin, giving you the
| chance to re-enable the account later. Nothing GDPR-
| violating with that. As long as you are also given an
| option to actually nuke all your PII.
| Perz1val wrote:
| There has been an option to create messenger only accout
| (so you could do that for your grandma who would not have
| figured facebook anyways, but you can send her photos now)
| loceng wrote:
| I guess part of karmic consequence of "move fast and break
| things" motto - especially when it comes to not caring to
| develop or have forethought on security-safety concerns for
| what such a system, a digital version of The Facebook, could
| have on society; Harvard was planning to launch a digital
| version of their print version of The Facebook - and part of
| Mark's history he's quoted as saying, along with lying to the
| ConnectU twins he was hired to develop, that he didn't
| understand why Harvard was taking so long to get it going -
| that he could do it way faster; the externalized costs/harms
| are practically incalculable - all for that sweet sweet cheap-
| shallow-manipulative advertising revenue.
| stavros wrote:
| > Usually business assumptions about user accounts have their
| tendrils deep into the architecture
|
| If their business assumptions are "users will never have a
| choice about how much we track them", they deserve what they
| got.
| ethbr1 wrote:
| "They" being Meta, yes.
|
| "They" being engineers, eh?
|
| It's a tough sell to justify greenfield dev effort when
| there's a BigCorp paved road laid out for you.
| avgcorrection wrote:
| > "They" being engineers, eh?
|
| If you're a volunteer Roman legionnaire don't be surprised
| when you are ordered to march on Gaul.
| ethbr1 wrote:
| Fair! I took the original question in the vein of "Who is
| to blame?"
|
| I feel like IC latitude isn't usually sufficient to say
| "Do we really want to require the identity our platform
| is based around?"
| ryandrake wrote:
| ICs (at least the people good enough to pass a Meta
| interview) have a choice of where they work though. I've
| quit a job where I had an ethical issue with what the
| company was doing with the code I wrote. When Company X
| does something naughty, the individual developers need to
| at least _share_ blame with the managers making the
| decisions. After all, whose fingers are typing the code
| in and hitting submit?
| someotherperson wrote:
| I haven't worked for a company as large as Meta but we
| encounter these issues on smaller projects too: should
| the unique identifier for an account be their email? Or a
| UUID? If your business only uses SSO, should you use the
| [Google/Microsoft/whatever] ID as the identifier for that
| user on your database?
|
| I personally wouldn't think that Facebook engineers would
| have had their hand forced on something like this.
| ethbr1 wrote:
| Oculus engineers apparently did.
|
| So I'd imagine the internal pressure over something
| closer to main products would be the same or worse.
|
| Centralizing identity was (prior to the EU) a core moat
| for Facebook/Meta.
| XghTk wrote:
| Those are all acquired services, so the opposite is likely:
| they were linked together through the number of ugly hacks.
| dewey wrote:
| That was a very long time ago though, so I could imagine that
| there's not much left from the original code base after it
| was moved onto Meta's infrastructure.
| chimeracoder wrote:
| > That was a very long time ago though, so I could imagine
| that there's not much left from the original code base
| after it was moved onto Meta's infrastructure.
|
| They only linked them a few years ago, in anticipation of
| an antitrust battle. They are now unliking them because
| they have lost/ceded that fight.
| EMIRELADERO wrote:
| Could you elaborate on that?
| sitzkrieg wrote:
| yea sf companies are definitely known to cleanup their
| hacks to go to market at any cost w a barely working thing
| later
| dylan604 wrote:
| isn't that done naturally when they rewrite it the trendy
| language of the day?
| mcmcmc wrote:
| It'll save them a good chunk of time when they eventually get
| split off like Baby Bells
| andy_ppp wrote:
| And it's good for consumers and Facebook can afford to do it, I
| wish the UK was still in the EU and I would be extremely happy
| about unlinking Instagram from Facebook just to avoid their
| notifications for it that pop up on Instagram never mind the
| ease of spying this creates.
| notahomosapien wrote:
| Isn't the UK GDPR basically the same as the EU GDPR?
| withinboredom wrote:
| Different sized teeth.
| waynesonfire wrote:
| Probably not, if it was painful they would have done it
| everywhere. Since now they have to maintain two configurations,
| linked and unlinked.
|
| It also highlights how much revenue is tied to this bundling of
| service since it's probably very expensive to maintain this
| dual configuration.
| amelius wrote:
| And I bet management asked: what can be so difficult about
| decoupling the accounts? Just set coupling=false somewhere or
| something, okay?
| summerlight wrote:
| At least they have a choice to unlink accounts, which probably
| makes the overall DMA compliance much easier. For Google, it's
| just been an engineering nightmare, cross-cutting across the
| entire stack :D
| scyzoryk_xyz wrote:
| Sounds like a them problem not an us problem. Nothing they
| couldn't afford ,,tens of teams". It's a nice moment living in
| the EU, knowing that common sense policies like GDPR and anti-
| trust can be enacted and enforced.
| jarjoura wrote:
| The challenge isn't unlinking accounts in the database, that's
| just a simple copy command. The challenge is in all the
| metadata that is used for account A (Facebook), and account B
| (IG) that can no longer share any downstream metadata.
|
| So when you have to split the two apart, it's likely a hard
| legal requirement that there's no way account A can know
| anything about account B anymore. This means, countless metrics
| and logs and whatever has to be thrown away. So I imagine,
| there's lots of auditing of systems and every single property
| that is stored somewhere was scrutinized in long meetings.
|
| Less an engineering burden than a policy and legal burden.
| rodgerd wrote:
| > This must have been a painful engineering effort
|
| It would be less painful if it were a universal option, and
| they didn't have to test with a bunch of geo-linked options.
| AlexandrB wrote:
| It's constantly frustrating to read about European users getting
| cool new features to help manage their digital life that the rest
| of the world doesn't get. The expected cost in lost ad revenue
| per user must be pretty significant to justify the complexity of
| keeping this stuff limited to Europe.
| wizzwizz4 wrote:
| It's just politics. Ask your legislators to give you the cool
| stuff as well.
| cnity wrote:
| FWIW, we also get non-stop cookie permission banners and often
| just straight-up denied access to certain services that don't
| want to have to jump through the hoops.
| zht wrote:
| that's propagated to the rest of the world lol
| patrickmcnamara wrote:
| The only things I've been denied as an EU citizen on the web
| so far have been US local news websites. And tbh I assume
| that is just one company that has a blanken policy of sorts.
| So I don't think "often" is accurate here.
| whatshisface wrote:
| That's just the secret program to get Europeans to stop
| making fun of us.
| blackbeans wrote:
| If you don't want to deal with cookie banners, there are
| browser extensions you can install to automatically accept
| them. However, although the cookie banners are sometimes a
| nuisance, it is still a good thing that people are informed
| and given the option to accept it or not.
| switch007 wrote:
| Those extensions are far from perfect in my experience
| (ditto the lists in uBlock Origin)
|
| Often leave you wondering why you can't click anything on
| the page
| stavros wrote:
| I agree in general, but when I see a dialog box titled "We
| respect your privacy" and a choice between "allow all" or
| "see more", I donate 0.10 EUR to NOYB.
| vdaea wrote:
| If anything, every time I have to click through one of
| those banners I wish that activist
| organisations/politicians had to pay me for having to go
| through it.
| stavros wrote:
| You can get an extension that will automatically click
| "allow all" and everything will be exactly as it was
| before this directive.
| vdaea wrote:
| I wish that was true, but those extensions are far from
| flawless. Still, they are a massive improvement over
| having to click away all banners, especially for those of
| us who have our browsers set to clear cookies when
| quitting the browser.
| Filligree wrote:
| I want one that automatically rejects all.
| alwayslikethis wrote:
| You can disable cookies in browsers so that cookies do
| not persist after session close. Firefox lets you add a
| whitelist of sites to allow cookies, too.
| vdaea wrote:
| Cookie banners will still appear.
| probably_wrong wrote:
| If I understand the law correctly, your suggestion is
| good on practice but could be harmful on the long run.
|
| When I click "I agree" I am not agreeing to _cookies_ but
| rather to _tracking_. If the website wants to track me
| with (say) browser fingerprinting, deleting the cookies
| will not stop them from tracking me across sessions. Even
| worse: since I agreed they no longer need to show me a
| warning, so I may not even notice that I may want to
| revoke that consent.
|
| If I don't want to be tracked, saying "I do not consent"
| is the only legally-actionable way. Deleting cookies
| works now because cookies are still cost-effective, but
| this won't remain true forever.
| stavros wrote:
| https://addons.mozilla.org/en-
| US/firefox/addon/istilldontcar...
| latexr wrote:
| Emphasis mine:
|
| > In most cases, the add-on just blocks or hides cookie
| related pop-ups. When it's needed for the website to work
| properly, _it will automatically accept the cookie
| policy_ for you (sometimes it will accept all and
| sometimes only necessary cookie categories, depending on
| what 's easier to do).
| Yujf wrote:
| It is not the activists fault that the company wants to
| track you. They do not have to show you that stuff if
| they don't so unnecessary tracking
| latexr wrote:
| > when I see a dialog box titled "We respect your
| privacy" and a choice between "allow all" or "see more"
|
| It's usually "we value your privacy", which always makes
| me think "you put a value on it, alright, can't wait to
| take it away".
| pgeorgi wrote:
| https://consentomatic.au.dk/ also allows to reject them
| automatically.
| latexr wrote:
| If anything, there should be extensions to automatically
| reject them. It's a testament to how draconian the process
| to do it usually is that the extensions just surrender.
| Every time an extension or person accepts those, they're
| reinforcing those companies' choice to break the law1 in
| the name or profit.
|
| 1 The GDPR is clear that rejecting must be as simple as
| accepting.
| Hamuko wrote:
| Eh, can't be that excited about anything involving the data
| hole that is Meta Platforms products, even if they make some EU
| concessions. Maybe when we get that EU-only iOS sideloading
| support I can finally be more smug about it.
| coldpie wrote:
| We could have these regulations in the US, too, if we voted for
| them.
| JumpCrisscross wrote:
| Or just called our electeds about it. I've worked on privacy
| issues. Past tense, because after a massive effort like two
| people call and the bill is dropped. (Except in Oregon.
| Oregonians apparently call and write about privacy.)
| segasaturn wrote:
| Both parties in the US are in the tank with big tech (see: NY
| Dems killing right to repair)
| Levitz wrote:
| My experience is that stuff like this gets framed as "pro
| consumer" in Europe and "anti corporation" in the US. The
| difference runs deep.
| BobaFloutist wrote:
| Ok, how about this: "It's a bummer that the rest of the
| voting population doesn't agree with my priorities enough to
| enact similar privacy regulation to Europe."
| carlosjobim wrote:
| European citizens didn't vote for those regulations.
| drooopy wrote:
| European Citizens voted for the people who voted for those
| regulations.
| tgv wrote:
| And we have input via our governments, and the national
| parliaments have a say in the procedures: a group of 1/3
| of all national parliaments can send proposals back.
| carlosjobim wrote:
| Yes, and so do American citizens. Whether you agree or
| disagree with the regulations, they were never voted on
| by the people.
| makeitdouble wrote:
| To a larger point, european citizens are largely favorable
| to those regulations, which makes passing these rules
| possible, and not a political suicide.
|
| HN might not be representative, but the number of comments
| we see defending companies's right to make as much money as
| they can and against regulation that would add costs to
| businesses is IMHO pretty high. If that's the general US
| sentiment, politicians the have little upside in putting
| burdens on tech companies in the first place.
| carlosjobim wrote:
| European citizens are largely ignorant of EU regulations,
| EU politics and EU spending. Most European citizens do
| not know the name of the EU president. But Europeans will
| categorically support and agree with EU policy and laws.
|
| As for cookie laws, can we honestly say that they have
| done anything to protect people from corporate spying and
| abuse of private information? Real regulation would be to
| outlaw that kind of spying, not putting up annoying
| banners so that some web developer can feel good about
| themselves.
| yau8edq12i wrote:
| > European citizens are largely ignorant of EU
| regulations, EU politics and EU spending. Most European
| citizens do not know the name of the EU president.
|
| Very bold claim. Do you have any sources to back it up?
| EU politics are in the news all the time here.
| carlosjobim wrote:
| Go ask a European. Who are the three EU presidents? Who
| were the EU presidents before them? Then ask them who is
| the current US president? And which presidents were
| before him? Which are the two top candidates in the 2024
| election?
| troupo wrote:
| Because the person doesn't matter. _Policies_ matter. And
| Europeans largely prefer privacy-protecting regulations
| int_19h wrote:
| We don't vote for regulations, we vote for politicians. Who
| are a package deal, so in practice you're voting on several
| dozen different issues at once, and you inevitably have to
| prioritize. I don't think you'll find significant opposition
| to many of these laws in US, it's just that it's never going
| to be that one thing that drives people to vote for or
| against some candidate or party.
| miohtama wrote:
| There are also downside for European regulations. There is no
| free lunch and some toll needs to be paid.
|
| Some examples include
|
| - Banning encrypted messaging (almost passed)
|
| - Cookie pop ups
|
| - Various regulations harming open source (discussed before on
| HN)
|
| Also due to how Europe is wired up, the cost of doing startup
| business is higher, why there are fewer and fewer successful
| European software growth companies.
| flohofwoe wrote:
| The cookie banner isn't required if the web page isn't doing
| shady things with cookies though.
| poszlem wrote:
| "shady things"
| airstrike wrote:
| Cookie popups are a net positive because users are given a
| choice. Besides, in the US we often still get the popups but
| they're just useless, with the only option being "accept"
| alwayslikethis wrote:
| Unpopular opinion: the proper place to controll cookies is
| from the browser, not from the website. Browsers should
| show a prominent way to disable or otherwise restrict
| persistent storage to websites to inhibit tracking.
| xigoi wrote:
| The problem is that you can't tell if the site actually
| needs the cookies to work properly. And it does not help
| against other kinds of tracking.
| ulucs wrote:
| DNT exists, and the cookie banners did not need to be
| regulated into existence if the websites did not
| strategically ignore the DNT header.
| whatshisface wrote:
| Why not regulate the DNT header into expressing the
| user's cookie banner preferences?
| progval wrote:
| GDPR does not specify what technology to use to acquire
| consent [1], as long as the user consent. Trackers could
| honor the DNT header if they wanted to, and show the
| banner as a fallback for browsers not sending the header.
|
| [1] You can read the text: https://eur-
| lex.europa.eu/eli/reg/2016/679/oj there is a single
| instance of "cookie" (in the preamble) and no instance of
| "banner".
| Aloisius wrote:
| _> Consent should be given by a clear affirmative act
| establishing a freely given, specific, informed and
| unambiguous indication of the data subject 's agreement
| to the processing of personal data relating to him or
| her, such as by a written statement, including by
| electronic means, or an oral statement. This could
| include ticking a box when visiting an internet website,
| choosing technical settings for information society
| services or another statement or conduct which clearly
| indicates in this context the data subject's acceptance
| of the proposed processing of his or her personal data.
| Silence, pre-ticked boxes or inactivity should not
| therefore constitute consent._
|
| While DNT could potentially be used for opt-out, it
| wouldn't comply for opt-in because it is not specific or
| informed as the user does not know what specific data
| processing activities will be done, can't opt-in or out
| of specific data processing activities, doesn't know the
| identity of those doing them or that they can withdraw
| consent at any time.
| shortsunblack wrote:
| DNT specification does not allow for giving valid consent
| under GDPR because it is not granular and it is not
| informed. There's no browser dialogue that details the
| requested consent for which and what processing.
|
| There are proposed browser signal specifications that
| would meet legal GDPR consent defintions. See
| https://www.dataprotectioncontrol.org/spec/
|
| And as for why DNT did not took off, it's because MSFT
| sabotaged it by making DNT set by default in Internet
| Explorer. The social contract in that time between
| adtech, publishers and users was that the signal would
| strictly be opt-in. The adtech industry used IE making
| DNT the default as justification for not honoring any of
| the signals being sent by browsers. It doesn't take a lot
| of reasoning to realize MSFT did this on purpose, knowing
| it itself earns income from ads.
| petre wrote:
| I've checked and sadly it's listed as deprecated on MDN.
| I don't know if there's anything to replace it.
| latexr wrote:
| But it was deprecated precisely because websites either
| ignored it or used it as yet another signal to identify
| users (thus making it have the opposite effect to what
| was intended).
| tgv wrote:
| Tell that to the Chrome team.
| summerlight wrote:
| https://assets.publishing.service.gov.uk/media/62052c52e9
| 0e0...
|
| You probably want to tell that to CMA first.
| shortsunblack wrote:
| Neither GDPR nor ePrivacy directive demands cookie walls.
| ePrivacy directive demands consent. That consent can be
| given programmatically by browser APIs. There's even
| acknowledgement of such possibillity in the legal text
| (see point 7 in the directive). GDPR itself does not
| demand cookie banners, either. It merely demands there to
| be a legal basis for processing of data that constitutes
| personal data. One of those bases is consent. It's not
| the only basis. Other notable basis includes contractual
| necessity (includes all the cookies that are necessary
| for user experience, i.e sth like PHP placed session
| cookie).
|
| Browsers do not have automated means to give consent/not
| give consent under ePrivacy because the largest browser
| is ran by an ad company. Monetarily speaking, the ad
| company earns more if it coerces its users with dark
| patterns into giving consent under ePrivacy than it does
| offering pro-user choice technologies to give a blanket
| not consent.
|
| And ePrivacy itself is not just about cookies. EDPB
| recently released binding recommendations that severely
| expanded the _perceived_ scope of ePrivacy (the true
| scope was always as it is, the adtech industry just
| ignored it). ePrivacy includes JavaScript side tracking,
| fingerprinting with various APIs and so on. It 's not
| just cookies.
| weberer wrote:
| I use uMatrix for that. I have it set to block all cross-
| domain cookies by default.
| miohtama wrote:
| Your opinion should be more popular. Seems like even a
| lot of technically savvy readers on HN miss this.
| mderazon wrote:
| I don't know. The web is pretty unbearable here in the EU
| due to the cookies consent.
|
| Even more, many times I find myself wondering why a site is
| not responsive to my clicks just to find out there's some
| hidden cookie consent that didn't fire up properly and now
| I have to inspect the DOM to remove it manually.
| gherkinnn wrote:
| Obtrusive cookie banners are somewhere between malicious
| compliance or a sign of shady business practices. Now that I
| see it spelt out like this, they are always a sign of scumbag
| companies.
| shp0ngle wrote:
| They are present even literally on the pages of the EU
| organs that proposed them.
|
| Go to European Commision page - bam, cookie banner.
| troupo wrote:
| Compare a clear "allow cookies/allow only essential" to
| the industry standard wall of "we care about your
| privacy, so we sell your data to thousands of trackers
| that you have to opt out of manually"
|
| Though yes, government services shouldn't use anything
| but essential cookies (for which you don't need a cookie
| popup)
| sofixa wrote:
| > Various regulations harming open source (discussed before
| on HN)
|
| But coming from a good idea - make vendors responsible for
| the software they put out, to prevent tons of abusive
| practices like shutting of cloud services making
| paperweights, or never updating massively holed software
| harder. The ramifications for open source were then realised,
| and the legislation which is still under planning/review has
| been drastically updated to make it more applicable for open
| source software.
|
| > Banning encrypted messaging (almost passed)
|
| But didn't?
|
| > Also due to how Europe is wired up, the cost of doing
| startup business is higher, why there are fewer and fewer
| successful European software growth companies.
|
| Which has little to do with regulations, much more to do with
| the size and wealth of the potential markets.
|
| > why there are fewer and fewer successful European software
| growth companies
|
| Is that bad though? Are software "growth" companies a
| requirement for something? There are tons of successful
| software companies in various European countries, just not at
| the level of their American counterparts. Again, with quote
| obvious reasoning - there are 4x the people in the US
| compared to France (which is top 2 by population in the EU),
| and Americans both earn and spend more in USD not adjusted
| for anything.
| akie wrote:
| > Also due to how Europe is wired up, the cost of doing
| startup business is higher, why there are fewer and fewer
| successful European software growth companies.
|
| I really believe the primary reason is that Europe is not one
| culturally homogeneous area that speaks one language - like
| the US. Having that is such a huge benefit.
|
| Doing marketing, promo, getting traction, legal documents,
| taxes, - anything - for your startup in your ONE country is
| already difficult. Now imagine doing it in 25 countries
| before you get to have scale benefits equal to the US or
| China.
| berkes wrote:
| Exactly. We are building a platform that helps founders
| generate a sales strategy in the EU. We're half a year in
| and almost tackled "how to write good emails to Dutch
| prospects". Next up is Flemish, which has the same
| language, but a very different business culture. With luck,
| we have then captured a few percent of the EU tech market.
|
| Germany is so different, that we'll need to hire several
| experts for the different regions in Germany. France too.
| Italy and Spain, unattainable (we are told) without at
| least a local branch and solid local staff. That's still
| only a portion of the EU.
|
| "Cookie banners" are not the reason tech is hard in Europe.
| If you believe that, you really don't know anything about
| Europe or the EU.
| ko27 wrote:
| Your examples are terrible, which probably proves the point
| that EU users are getting more than they are losing. Btw
| Europe != EU.
|
| > Banning encrypted messaging (almost passed)
|
| It's a positive thing that it was brought up and struck down.
| EU is the actually the one you should be thanking because
| most European countries would ban it.
|
| > Cookie pop ups
|
| Malicious compliance by websites, but at least users have a
| choice of opting out of tracking. Again, a positive thing.
|
| > Various regulations harming open source (discussed before
| on HN)
|
| The most recent changes are so watered down that it basically
| only applies to commercial open source companies that are
| turning a profit. It's helping users more than it's harming
| the open source community.
| whywhywhywhy wrote:
| > Malicious compliance by websites
|
| If the legislation had been written correctly then the
| current nightmare wouldn't exist.
|
| Should have been a browser level setting the sites are
| forced to comply with. The pop-up per site with free rein
| how obtuse it can work was always gonna suck. Pure
| incompetence from the politicians involved.
| imiric wrote:
| This is always brought up when EU cookie regulations are
| discussed. If only the EU consulted HN readers...
|
| It's true, though. The technical language could've been
| written in a way that makes it more difficult for
| websites to circumvent, and less annoying for users. Or
| the regulation could've been amended to clarify and
| improve the technical aspects.
|
| That said, getting to a regulation at all was probably a
| bigger nightmare, with Big Tech lobbying against it every
| step of the way. So I'm glad that we even have the
| current GDPR, and that the EU is still leading the way in
| privacy regulations globally.
| varispeed wrote:
| The cookie regulation was designed to train people to
| "Agree" without reading.
|
| It was a prerequisite step for GDPR that was designed to
| legalise data collection and trading.
|
| Before GDPR it was a gray area, now companies can easily
| get consent as users mindlessly click "Agree" to data
| processing and selling and they have a legal basis to do
| so.
|
| These are corrupt laws, but most people blindly believe
| EU is good and totally not in bed with big corporations.
| imiric wrote:
| > The cookie regulation was designed to train people to
| "Agree" without reading.
|
| That's a cynical take. In reality, companies took
| advantage of the loose technical language to do the least
| possible work to comply with the law, while doing their
| best to implement dark patterns to confuse the user into
| clicking "Agree". This is something that can be improved
| with stricter regulation, but it will always be a cat and
| mouse game.
|
| > It was a prerequisite step for GDPR that was designed
| to legalise data collection and trading.
|
| Another cynical, and also false, take. The GDPR wasn't
| "designed" for that. In fact, it actively tries to
| prevent it. An EU citizen can contact any company in the
| EU and demand to access all their personal data, or for
| it to be deleted. This is an unequivocal win for people
| to regain control over their personal information.
|
| Is this the best that governments can do? Certainly not.
| I'm still glad that at least something exists, and the
| tech industry is not entirely unregulated, as in most
| other parts of the world.
|
| > These are corrupt laws
|
| No. These laws are a step in the right direction.
| Unfortunately, the strong influence and rapid pace of
| development of the tech industry means that governments
| will always play catch up, even when they want to pass
| laws that protect their citizens.
|
| > most people blindly believe EU is good and totally not
| in bed with big corporations.
|
| Citation needed. Name me a government that is not in bed
| with Big <industry>. Big Tech in particular is in strong
| symbiosis with governments, as they both share some
| common goals. So, sure, there's that. And yet despite of
| it, the EU still passes laws that fight Big Tech's reach,
| and fines companies when they don't comply. Can it do
| better? Sure. But name me a government on Earth that does
| a better job at this than the EU.
|
| We don't need to get political here. But it's foolish to
| spew cynical takes when some governments are at least
| trying to fight Big Tech, and even more foolish to imply
| that their attempts are making things worse for its
| citizens.
| troupo wrote:
| > If the legislation had been written correctly then the
| current nightmare wouldn't exist.
|
| It was written correctly. Because it's a _General_ Data
| Protection Regulation. It applies in equal measure to
| websites, apps, paper records, SaaS, shops, government
| entities etc.
|
| And it says: "do not get more data than is required for
| your business. If you want more data, the user must give
| consent, where opting out is the default, and must be as
| easy as opting in".
|
| Now, what _exactly_ is badly written in the law? You can
| start with quoting exactly where it requires existing
| cookie popups.
|
| For example, GitHub found out they need exactly none:
| https://github.blog/2020-12-17-no-cookie-for-you/
|
| > Should have been a browser level setting the sites are
| forced to comply with.
|
| It's called the Do Not Track header, and at one point
| Safari removed it because the companies you think are
| blameless used it to track users
| varispeed wrote:
| > It's a positive thing that it was brought up
|
| No it's not. People should be fired for proposing such
| things as they breach human rights.
|
| It's like being happy that someone proposed genocide of all
| men over 60 to save on pensions and that the idea didn't
| pass.
| aqfamnzc wrote:
| Perhaps GP meant that the end result is a net good, since
| now it's in the books that it was positively, explicitly
| struck down? (Rather than being ambiguous or assumed,
| with no records etc.)
|
| Anyway, reading sibling comments it seems like it's not
| that simple either way.
| pronik wrote:
| >> Banning encrypted messaging (almost passed)
|
| > It's a positive thing that it was brought up and struck
| down.
|
| You see, the thing about european legislation is that
| certain stuff, especially stuff people oppose, is proposed
| over and over again until it passes. It costs almost
| nothing to re-propose things like killing net neutrality or
| banning end-to-end encryption, but it's very costly to
| oppose them. Which the politicians and lobbyists know and
| use to their advantage.
| jonkoops wrote:
| Well at least people's voices are being heard, not
| something I can say for every country, federation, or
| union.
| Vinnl wrote:
| That does not sound particularly specific to the EU to
| me?
| TheCoreh wrote:
| What's frustrating is that we get the annoying things like
| the cookie popups everywhere but the beneficial stuff is
| somehow properly region locked to inside the EU?
| tester756 wrote:
| >- Cookie pop ups
|
| Websites do not have to show cookie pop ups if they are using
| only technical cookies like auth tokens.
| mderazon wrote:
| Also lately, getting the newest LLMs features much later than
| the rest of the world, or not getting them at all
| troupo wrote:
| > fewer and fewer successful European software growth
| companies.
|
| It's funny how you slipped in "growth companies" in there.
|
| How about... profitable companies? In the past 10-15 years
| most "successful" US companies have been fueled by unlimited
| investor money with zero expectations of profits. I mean,
| look at YC's "top startups list". They lose billions of
| dollars every year. But sure, they grow. Like cancer
| greggsy wrote:
| I wonder if I could just change my location in settings?
| sofixa wrote:
| Thanks to the Brussels effect[1] some of it can trickle down.
|
| https://en.wikipedia.org/wiki/Brussels_effect
| makeitdouble wrote:
| A part of this is the products being fitted to US market and
| only after they get traction do they hit the other countries.
| That means any of the wider digital management, privacy etc.
| are literally after thoughts, and the business model also
| doesn't properly fit.
|
| With that approach I think we'll always get products that are
| optimized for free + ads first and foremost, as the US public
| reacts better to those, and once it's setup it's just so hard
| to pivot to paying models.
| superjan wrote:
| If that's what it takes to get them compliant with EU's GDPR,
| shouldn't the same apply to youtube and gmail? Or the rest of
| google services, for that matter?
| SushiHippie wrote:
| I got a popup today after opening google play, which let me
| decide if I want these services linked together or not.
| SushiHippie wrote:
| This is the information they provided:
|
| About linked services Google currently shares data across its
| services for the purposes described in its Privacy Policy at
| g.co/privacypolicy, and depending on the previous choices
| that you've made about your privacy settings, such as Web and
| App Activity, YouTube History and personalised ads.
|
| As of 6 March 2024, new laws in Europe will require Google to
| get your consent to link certain services if you want them to
| continue to share data with each other and other Google
| services as they do today. For example, linked Google
| services might work together to help personalise your content
| and ads, depending on your settings.
|
| Services you can choose to link You can choose which services
| to link from this list of Google services:
|
| Search YouTube Google Play Ad services Chrome Google Shopping
| Google Maps All other Google services that are not listed
| here are always linked and therefore able to share data with
| each other for the purposes described in our Privacy Policy,
| depending on your privacy settings
|
| What data is used Personal data that is collected about your
| interaction with Google services can be shared across any
| linked services. This includes:
|
| Searches Videos you watch on YouTube Apps you install from
| Google Play Associated info, such as your device info All the
| other types of info described in our Privacy Policy How
| Google uses this data Google uses data shared across linked
| services for all the purposes that are set out in our privacy
| policy:
|
| Providing personalised services, including content and ads,
| depending on your privacy settings Maintaining and improving
| our services Developing new services Understanding how people
| use our services to ensure and improve the performance of our
| services Performing other purposes described in our privacy
| policy What won't be affected The choices you make about
| linked services will not change:
|
| The purposes for which Google uses data Your privacy
| settings, such as choices you have made about personalising
| Google services Aspects of a service that don't involve
| sharing data The following can always be shared across Google
| services:
|
| Info that's associated with your Google Account and not
| specific to any service, such as your profile picture or the
| info used to verify your identity Content or info you've
| chosen to make publicly available on Google services, such as
| comments you've posted on YouTube Your data from all Google
| services, regardless of whether they are linked, may still be
| shared across all services for certain purposes, like
| preventing fraud, protecting against spam and abuse, and
| complying with the law.
|
| Your data may also be shared across Google services to
| effectively help you complete tasks when two services are
| offered together. For example, if you make a purchase on
| Google Play, Play and Google Payments will share related info
| so that you can complete your purchase.
|
| Things you should know Other settings let you control whether
| you see personalised content or ads. Linking Google services
| is not about sharing your data with third-party services.
|
| If services aren't linked, some features that involve sharing
| data across Google services will be limited. For example, if
| you have personalisation on for a service in your privacy
| settings but don't link that service, you won't get
| personalisation based on data from other services, but can
| still get personalisation based on data from that service.
|
| You won't be signed out of any Google services if you choose
| not to link services.
|
| How to manage linked services You can manage your choices,
| including selecting other Google services to keep linked or
| withdrawing your consent, in your Google Account at
| myaccount.google.com/linked-services. You can also manage
| your other settings, like Web & App Activity, YouTube History
| and personalised ads, in your Google Account.
| Sjonny wrote:
| I recently got a popup in youtube to unlink the accounts, so
| already on their way.
| flohofwoe wrote:
| Yep, just wanted to write that exact same reply. It was one
| or two weeks ago and asked for permission to unlink YouTube,
| GMail, etc... from each other (as I understood it, when
| "opting out", login with the same Google account will still
| work, but they're not allowed to share data for ad profiling,
| recommendations etc...)
| 0cf8612b2e1e wrote:
| Does this mean a potential Google YouTube ban would be
| firewalled from a Gmail ban?
| nolist_policy wrote:
| Nope:
|
| > Your data from all Google services, regardless of whether
| they are linked, may still be shared across all services
| for certain purposes, like preventing fraud, protecting
| against spam and abuse, and complying with the law.
| josephcsible wrote:
| It annoys me every time a company makes a long-requested change,
| but only for EU users. Since the technical work required for it
| had to be done anyway, it seems to be pure malice that they don't
| just give it to everyone.
| baliex wrote:
| Not just malice, profit too
| judge2020 wrote:
| > it seems to be pure malice that they don't just give it to
| everyone.
|
| Only if you consider malice ~= profit.
| guerrilla wrote:
| Why would you not? What is malice if not intentionally
| harming people out of greed? Is it only malice if the
| intention is explicitly and strictly sadistic?
| micromacrofoot wrote:
| isn't this the "free market" that many in the US brag about?
| altairTF wrote:
| Kinda, but this is also how the free market dies--happens
| little by little. A change here, a law there that helps the
| people, oops, now the law makes it harder for competition to
| get in, and so on and so forth.
| pgeorgi wrote:
| The business models this regulation harms are the business
| models that aren't desired to begin with. As such, a
| competitor is encouraged by regulation to find another,
| compliant angle to deal with monetization.
|
| And competitors that already do that get an uplift (over
| time, but still).
| DaiPlusPlus wrote:
| Btu a free market (which is devoid of anti-competition
| regulation) also makes it harder for competition to get-in.
| Not to mention the problems of regulatory-capture (see:
| Boeing and the FAA).
|
| It's almost as if the best (or rather: least-worst) option
| we have lies somewhere in-between laissez faire capitalism
| and mandatory state-ownership of all industry...
| csallen wrote:
| _> somewhere in-between laissez faire capitalism and
| mandatory state-ownership of all industry _ >
|
| Yes, which describes both the US and Europe. It just
| comes down to where to fall on that spectrum.
| int_19h wrote:
| It's not a 1D spectrum. You can have laissez-faire
| arrangements that still preclude massive concentration of
| capital (and thus effectively gut capitalism) without
| going all in on public ownership of everything. The key
| thing to remember is that private property rights
| themselves require some kind of government to maintain by
| using force when necessary - i.e. the existence of
| private property is inherently a step away from true
| "laissez-faire". Thus the government doesn't need to
| aggressively collectivize anything to avoid concentration
| of capital; it just needs to refuse to protect such
| concentrated capital.
| altairTF wrote:
| I don't think even the most well-intentioned state have
| the incentives to properly allocate resources in the
| market. Usually, when state-owned industries fail, the
| taxpayer suffers, so the administration has little to no
| incentive to actually do good in the long run.
| int_19h wrote:
| Not quite. It would be a free market if people could freely
| move across borders. The overall arrangement that we have -
| where goods and services flow almost freely, but the movement
| of consumers and labor is restricted - is inherently abusive.
| pfdietz wrote:
| I already unlinked myself from all those.
| plussed_reader wrote:
| How?
| dewey wrote:
| Probably by not using them in the first place.
| pfdietz wrote:
| Bingo!
| moffkalast wrote:
| Galaxy brain move.
| xyst wrote:
| Not using them, or deleting accounts
| plussed_reader wrote:
| Neither of those are unhooking the services from each
| other.
| pfdietz wrote:
| > I already unlinked myself from all those.
| georgeecollins wrote:
| Me too, but unfortunately the Quest 2 and Quest 3 are really
| good if you like to use VR. So now somewhere I have a Facebook
| account that does nothing except report on what VR games I am
| playing. Hopefully no one is friending me! If so, sorry for the
| spam of useless information.
| MikusR wrote:
| Quest stopped needing a Facebook account more than a year
| ago.
| bonton89 wrote:
| Now it just needs a Meta account, totally different thing.
| anticensor wrote:
| This unlink would just be a formality, as they would still be
| able to correlate those users anyway.
| pgeorgi wrote:
| That's a great way to route 4% of their global earnings into
| the EU's bank account.
| xyst wrote:
| What about "threads" accounts? I believe these are directly tied
| to IG accounts.
| Euphorbium wrote:
| Google also let me unlink youtube and other services. Probably
| forced by EU.
| bandergirl wrote:
| Source? What do you mean by "unlinking"? There is no YouTube
| login, are you saying it will spin off a new gmail/google
| account?
| BiteCode_dev wrote:
| Same with google with youtube.
|
| Good.
|
| People keep bashing EU for making innovation hard, and there are
| a lot of truth to it.
|
| But I welcome this kind of restrictions.
| sofixa wrote:
| The EU doesn't make innovation hard, it just puts rules in
| place to ensure that your "innovation" cannot be abusing users'
| data.
|
| Nothing is stopping any of the thousands of EU companies
| innovating in all sorts of fields.
| smoldesu wrote:
| > People keep bashing EU for making innovation hard, and there
| are a lot of truth to it.
|
| If you consider the GDPR or DMA limitations on "innovation",
| then I don't want you innovating.
| gevz wrote:
| Is there a criteria to be qualified as a EU user? I assume there
| must be more than just geo-ip location. What will happen if I
| pretend I moved to EU for the sake of decoupling all Facebook
| accounts.
| calmoo wrote:
| These days most accounts are geolocated by your phone number,
| in my experience anyway.
| gevz wrote:
| It seems that Facebook proper does not require you to have a
| phone number. I just tried signing up and there is an option
| to use email.
| reincoder wrote:
| I work for IPinfo. I often see IP geolocation data being used
| for compliance purposes, so I will share some insights.
|
| This question relates to algorithms and the definition Facebook
| has set up for "EU User". What parameters have Facebook's legal
| team considered adequate to label an account belonging to an EU
| user? It is difficult to say.
|
| They will probably look into multiple factors like phone number
| location and GPS-backed data to identify the true location of
| an EU user. Now, the interesting part is that if you use a VPN
| quite frequently, you will notice that IP geolocation data is
| treated as a universal truth on cookieless interactions.
| Facebook will likely have a significant amount of data beyond
| IP geolocation data to infer the location information of their
| user. But they are likely not going to do that as they launch
| this new feature. So, it all comes down to how seriously
| Facebook wants or is required to identify an EU user.
| black_puppydog wrote:
| I'll hold out on whatsapp until I can unlink "send this text to
| that number" from "here's a copy of my entire phone book"
| Timshel wrote:
| Not to encourage you to use whatsapp but on android an empty
| work profile is nice for this use case.
| nolist_policy wrote:
| I just use OpenContacts from F-Droid and leave my phone
| contacts empty. OpenContacts has a extra button to open a
| contact in Whatsapp.
| DaiPlusPlus wrote:
| > "here's a copy of my entire phone book"
|
| I don't know how or why that was ever legal in the first place,
| and why Facebook and LinkedIn haven't been sued to death over
| it.
|
| The contacts-matching system is how Facebook and LinkedIn'ss
| ultra-creepy "People you might know" list works, and I have no-
| doubt this will have led to things like journalists'
| confidential sources being discovered and harmful outing of
| closeted people, and worse.
| whywhywhywhy wrote:
| I've never uploaded my contacts to FB but it still recommends
| people I worked with or met 20 years ago because _they_
| uploaded theirs.
|
| Extra evil because you can be triangulated from the uploads
| of many naive people, so essentially they win in the end.
| aqfamnzc wrote:
| Same situation with DNA. I may avoid getting an online
| genome test, but once a couple cousins send theirs in I'm
| basically a part of the network at that point
| ryandrake wrote:
| This is great, now do Oculus. I shouldn't need to have an
| "account" to use my O.G. Rift offline. It's like needing an
| account to use a monitor.
| Handprint4469 wrote:
| > It's like needing an account to use a monitor
|
| Given the current enshittification trends, I would not be
| surprised if in the next few years Samsung, Acer, LG, et al
| decide that a subscription model for monitors is exactly what
| they need to pump those share prices up.
| wepple wrote:
| IIRC I required a Samsung account to use my TV. Won't buy
| anything from them again.
| colordrops wrote:
| I tried using John Carmack's instructions to unlock my old
| Oculus Go, which involved your Facebook account for some
| reason, and got banned from my account twice.
| pwdisswordfishc wrote:
| I'll believe it when each service is operated by an independent
| company.
| CatWChainsaw wrote:
| My facebook sits abandoned for the better part of a decade and I
| never got messenger or instagram. Since they're all under the
| same umbrella I question the actual benefit. Seems like it would
| be placebo more than anything.
| exabrial wrote:
| What would have been better is if the three things were just
| split up into separate businesses. Monopolies are annoying.
|
| But I'll take progress over perfection, glad to see the move.
| diebeforei485 wrote:
| Can they do YouTube next?
| ozyschmozy wrote:
| They already did, the news of Google doing the same on hn last
| week iirc.
| 1oooqooq wrote:
| because it's all linked in WhatsApp, which is the only thing
| anybody still actively uses anyway
| gerash wrote:
| can someone ELI5 what unlinking a "Facebook account" from a
| "Messenger account" accomplishes?
|
| IMHO we should strive to remove moats around digital services so
| new competitor can pop up and provide competing services in a
| short amount of time but somehow EU thinks creating busy-work for
| the engineers of incumbents is the right approach.
|
| I already despise the "accept cookies" noise on all websites and
| don't tell me "Oh, it's bad compliance, blah blah". If so, then
| write a new more useful law instead.
___________________________________________________________________
(page generated 2024-01-22 23:00 UTC)