Then you should make that argument. If you think it's a good thing, put in the effort of saying why. Don't force me to imagine why it might be so.
> That's not a claim, that's a fact.
Sure. But asking for explicit consent for the innocuous thing: logging a bit and nothing else, doesn't change the fact that the company could be lying. Nothing is gained. If they're lying about logging the bit, they might be lying if you opt out. Obviously it's far easier to figure out what is being sent than what is being being logged serverside, but you'd still need to verify that independently. If you don't trust the group providing the service, unless its verifiably trustless (not communicating at all or client-side encrypted with minimal side channels), you shouldn't use the service. Otherwise, you're still trusting the service provider.
> The horror!
Yes. Making people expend mental energy on otherwise unimportant/irrelevant decisions is anti-user.
> Good, people shouldn't blindly sign up to services they don't understand just because it's a new shiny thing.
My point is a lot of people do understand and just don't give a shit. Getting in the way of those people is anti-user.
> Music to my ears.
Again, anti-user.
> I care about the people whose data will inevitably be leaked
I'm talking about innocuous things. Things where being leaked isn't a problem: truly anonymous or aggregated data that can't be used to identify or tied back to an individual user or group. You're saying users should still need to opt in to those kinds of tracking. That's anti-user. It obfuscates actually harmful tracking.
To phrase it another way, there's PII and not-PII. Are you suggesting that tracking of non-PII need explicit user consent? Even if revealing non-PII, by definition, can't be tied to an individual user?
>by said business in a future breach.
Recently, we've seen leaks of PII from CapitolOne and Equifax. Click boxes on websites don't help when the data being leaked is banking information that (for capone) has to be stored tied to an identity and can only be opted out of by not using the products in question (credit cards, banks), or isn't gotten from the user at all (equifax).
How does clicky-consent boxes on their websites help with that?
There's a difference between a post request with zero content to some count API and a request with metadata. If there were a way to send a request without even info like IP address, it'd be even less objectionable, but that kind of request doesn't exist on our current tech stack.
Yes, because you get a bunch of meta information when any device of mine uses my internet connection to connect to your servers to increase that counter. If you save that information or not, you created a trail.
I expect from any app that it doesn't establish any connections per default to be honest. You can have that as an option that I can enable if I feel like it.
Ok, so what if the app is internet connected and has to communicate with some central server? Think a non-p2p messaging app, or an app for a bank/<some internet thing like youtube or facebook or reddit>?
Then it is obviously allowed to do that for that specific purpose. If you want your flag to be packaged into the data stream, it has to be some option that says "send additional diagnostic data".
Then you should make that argument. If you think it's a good thing, put in the effort of saying why. Don't force me to imagine why it might be so.
> That's not a claim, that's a fact.
Sure. But asking for explicit consent for the innocuous thing: logging a bit and nothing else, doesn't change the fact that the company could be lying. Nothing is gained. If they're lying about logging the bit, they might be lying if you opt out. Obviously it's far easier to figure out what is being sent than what is being being logged serverside, but you'd still need to verify that independently. If you don't trust the group providing the service, unless its verifiably trustless (not communicating at all or client-side encrypted with minimal side channels), you shouldn't use the service. Otherwise, you're still trusting the service provider.
> The horror!
Yes. Making people expend mental energy on otherwise unimportant/irrelevant decisions is anti-user.
> Good, people shouldn't blindly sign up to services they don't understand just because it's a new shiny thing.
My point is a lot of people do understand and just don't give a shit. Getting in the way of those people is anti-user.
> Music to my ears.
Again, anti-user.
> I care about the people whose data will inevitably be leaked
I'm talking about innocuous things. Things where being leaked isn't a problem: truly anonymous or aggregated data that can't be used to identify or tied back to an individual user or group. You're saying users should still need to opt in to those kinds of tracking. That's anti-user. It obfuscates actually harmful tracking.
To phrase it another way, there's PII and not-PII. Are you suggesting that tracking of non-PII need explicit user consent? Even if revealing non-PII, by definition, can't be tied to an individual user?
>by said business in a future breach.
Recently, we've seen leaks of PII from CapitolOne and Equifax. Click boxes on websites don't help when the data being leaked is banking information that (for capone) has to be stored tied to an identity and can only be opted out of by not using the products in question (credit cards, banks), or isn't gotten from the user at all (equifax).
How does clicky-consent boxes on their websites help with that?