Children can change their names upon reaching adulthood, to escape tracking. (This is a serious suggestion made by Google's then CEO Erich Schmidt, see below). And maybe every 10 years thereafter.
Erich Schmidt's audacity is both telling and shocking. This is pretty much the equivalent of an armed robber saying that everyone can still be save from harm, as long as you just stay home and don't go outside. Probably the biggest shame here is how people like Schmidt still have platforms to suggest these kind of things unhindered, without any punishment.
I do not know how this particularly works in the USA, but in most reasonable countries I know of, the ways in which anyone (company/government/etc) can interact with anyone who isn't a legal adult are limited. For good reasons too, I believe. I think it even is dictated by signed/ratified international treaties/declarations, but I don't recall any details right now.
I'm pretty sure that the tracking of minors (or the unborn), essentially surveillance, is actually in violation of the legal protections those are supposed to have. I've heard plenty people argue that this tracking is somehow admissible, if their legal guardians sign off on it. Often based on the assertion that legal guardians are responsible for those under their care. However, the legal protects of minors are a thing on their own. As far as I know, guardians can not "give away" the legal protection of minors. No more than any person can "give away" their inalienable human rights (also not by consent), which is what makes them inalienable.
So here we have an industry that in all likelihood is seriously violating the legal protections that minors (and arguably unborn too) are supposed to have. Instead of demanding that governments address these rogue corporations, which considering the systematic nature of their violations probably even warrant to be classified as criminal organizations, we instead listen to what key people in this industry say in an attempt to justify their actions, or suggest as remedy for their behavior.
I'm not really all that shocked about people like Schmidt saying such things. About as predictable as a politician talking any kind of bullshit that will sell their agenda. However, I am appalled that this industry gets away with what it currently does. To me, that says a hell of a lot about the system, and how it apparently prefers to protects these interests instead of protecting the people it legally is supposed to protect.
> This is pretty much the equivalent of an armed robber saying that everyone can still be save from harm, as long as you just stay home and don't go outside.
This also happens to adequately describe how it feels to live in Brooklyn, NY these days...
What can Eric Schmidt do differently? Let's say Google suddenly made it their #1 priority to make sure to never ever collect profiles about minors. Would that make the advice any less useful? They still have competitors from all around the world who may be less scrupulous than them making that advice still useful.
The problem is not individual bad people or bad companies. Take out the ones that exist now and a sea of new adtech startups will take their place.
I struggle to see the type of regulation regime that could work effectively to prevent such profiles from being created (the data collection would move overseas and then later be re-sold as contact lists, or as audiences, etc.).
Isn't that a cop out argument? Just make it outright illegal and fine heavily per violation. You have profile information that a user didn't explicitly give you? $10k fine, each.
We have (kinda) world wide copyright laws. We have world wide drug laws. We have world wide sea and war laws. Why don't we have world wide privacy laws?
The Internet makes trying to enforce world wide privacy laws much harder than physical laws: anyone in the world can reach you and collect data about you.
> Just make it outright illegal and fine heavily per violation. You have profile information that a user didn't explicitly give you? $10k fine, each.
How do you propose to discover violations? Self-reporting won't ever happen. If you then propose to give draconian sanctions to trying to cover up such issues, congratulations, you've killed the ability of people to build anything and share it with the world.
No, but if you are a robber and suggest to people who complain about being robbed by you about how to reduce the problems associated with being robbed in the future it makes you sort of a hypocrite.
> They still have competitors from all around the world who may be less scrupulous
Not really. European Union services are more regulated towards user rights (GDPR) and services from other big countries are usually targeted towards domestic or regional market (typically East-Asian apps for example).
There is no other way to say this: that is a simplistic non-solution.
This is akin to saying: if you desire privacy, you can just clear your cookies.
There will always be a way to find these "name reset" folks - the privacy policies if services will have sentences like "to combat fraud..." "to protect the service..."
This will seem reasonable because one person desiring privacy shouldn't be able to skip out on a utility bill!
Without regulation - strong regulation - this won't change anything. Unfortunately it seems like anti-business regulation rarely works - if bills progress, they are defanged at the last minute.
The reason the EU has these laws is they remember people being put to death, even with minimal data collected in the pen-and-paper era.
Even though the US had pearl harbor, they haven't had their data pearl harbor moment.
I worry that we might have passed a "point of no dissent", where groups and even individuals in favor of privacy regulation can be surgically removed from dissent.
> There will always be a way to find these "name reset" folks
No problem, you just need simultaneously to change your name, your address, your bank account and credit card, your friends, your hobbies, and your biometric properties. Of course, also buy a new computer with different hardware, and install different applications.
Then hope you didn't forget anything, otherwise you need to do the whole thing again.
I love this solution, as it reveals that the "name reset" answer is not given in good faith. "become someone else" is not an answer to "how to remove this from myself".
Changing your name might work for: potential employers searching by your chosen name. (Assuming you can also change the name which your qualifications are in)
Won't work for: Google/Facebook tracking you across the web, probably not even 10 years ago when this article was published. You're still the same person.
Do name changes actually work? Even if you closed your accounts with every company you do business with, your persistent identifiers (eg. SSN, DL number) would stay the same, so I'd imagine it's trivial for credit reporting agencies to link back to your old name. Not to mention, if your social graph is compromised (eg. your friend enabled contacts upload to facebook), then it's very easy to infer that the guy who dropped off the radar 6 months ago is the same person who appeared out of thin air 6.5 months later.
Name changes would be meaningless without corresponding behavioral change. You will instead have multiple names associated with the same behavioral profile.
Nothing is gonna change, if you have the same Facebook friends sharing your photos. Worse, Facebook will demand a government document to prove your new name.
I think things can and likely will change -- facebook did not exist 20 years ago, and the masses will probably move on to another platform in 20 years from now.
I'm more interested in how decentralized platforms might impact the current trend of verified accounts and use of real names. I can see a couple potential outcomes with decentralized platforms:
1) The use of pseudonyms grows further and speech gets even more divisive as people can speak without it coming back tarnish their real-life identity.
2) The use of real names grows more popular as people want to own their speech without fear of being de-platformed.
Pseudonyms have been and are again the defacto standard in the internet. Really only facebook did change that for a few years. I dont see this becoming normal.
>>Of course, a better way may be to introduce new right-to-be-forgotten laws like in the EU.
In combination with flipping Data Ownership laws to where a person owns the data about then, and Right to Know laws where companies are required to (on request) give you all the info they have about you, and allow you to correct that information. Basically expanding on the Credit Rating agencies laws where (in the US) you are entitled to a free credit report and the ability to dispute info.
Why would you put the burden of tech companies' failure to regulate themselves on the victims? Changing your name is not just an administrative thing, it is a change of identity, it is one of the most important bits of your psyche, your internal and external ID, you think of yourself as the person with that name.
Not necessarily. As an anecdote, I don’t think of myself as a person with a specific name. If I look at the mirror and try to say my name it just does not sound like it fits the person in the mirror. Also I can tell different names to baristas in Starbucks etc. It’s not that I dislike my name either, I think it’s a great name overall.
I never gave it particular thought so maybe I’m in the tiny minority though.
That's interesting. One of the first things many cults do in an attempt to wipe out a persons identity is to force them to choose a new name for themselves and to put some kind of penalty on using their old name. This conveniently cuts them off from their whole support network which might question the grip the cult is exerting on the new recruit.
Honestly i dont dislike my name, however i dont define my personality on it. If i am in a group of people that all call me something different i dont care either and represwnt the very same person. Not all people know me by the same name.
In Indonesia, the cost is more than Rp 1.7 million (120 USD) more than 10 years ago. Also you need a very good reason to change your name (religion, etc). You can not change your name on your whim.
This gets me thinking. From a legal perspective, does a parent's consent to tracking pass over to their children even after reaching adulthood? (say for GDPR etc.)
I think (and this is probably why this is part of the general tech conversation now) that we're on the verge of a massive legal shift with data ownership.
A child born since Facebook's inception will be approaching 18 soon, and might have had parents who posted the child's entire life on Facebook from the ultrasound all the way to (maybe?) high school graduation.
When that child turns 18 and the child does not consent to tracking, what happens to all those photos, behavior, and YouTube videos that kid has watched? Maybe the kid starts as a clean slate since they've reached an age of majority, but how can you technically even keep track of that?
The person who took the photo owns the photo in most of the world. You don't need the permission of everyone you take a picture of to upload it to facebook
Whilst that is technically correct, you do need the consent of the subject of the photo to share it, in most of the world, except for in a narrow set of circumstances. (Public good, expectation of privacy).
In most legal circumstances consent can be withdrawn at a later date. That generally can only not be done if something is permanent. Requiring the photo to be "de-published" is something that publications have done for some time.
This is not true in most of the world. Unless you are using their likeness to advertise a commercial product, you don't need the subjects permission to publish it on the internet, sell the photo, upload it etc.
And the parents do consent when the photos are taken.
> This is not true in most of the world. Unless you are using their likeness to advertise a commercial product, you don't need the subjects permission to publish it on the internet, sell the photo, upload it etc.
Lets take a run at this one. I did specifically mention a couple exemptions above, which include expectation of privacy - a crowd in a public space don't have an expectation of privacy.
(In the US this goes further, where you can photograph anyone in public, with or without their consent, so long as it is within the nebulous "community standards" - but the US is not the norm.)
However, that's not the case for a wide variety of other photographs.
For example under the Australian Privacy Act:
> Images of individuals in photographs or video (images) are treated as personal information under the Privacy Act 1988 (Privacy Act) where the person’s identity is clear or can reasonably be worked out from that image. [0]
Similarly, in the EU, photographs or video of someone who can be reasonably identified within that work, is to be treated as Personally Identifiable Information under the GDPR, and thus requires consent. GDPR also requires you notify anyone in a public space ahead of time that you may be filming or photographing in the area.
I think it's fair to say that it is _not_ normal in most of the world to require no consent if you're not doing something commercial. Consent is the norm.
It probably does not need any specific consideration, as consent can be freely withdrawn at any time (GDPR Art 7.3), so the consent not passing over is equivalent to consent passing over but the child deciding to withdraw it the moment they are legally able to - in any case, legal consent persists only if the legal decisionmaker actually consents.
And it's worth noting that this is not about collection of data but use of data - if the legal basis of the processing was consent (perhaps there was a different legal basis, then consent isn't relevant) then withdrawing the consent does not make the earlier processing illegal, but it does require the controller to stop processing (using) the data they collected while they had consent and ensure that any processors to whom they delegated data processing do so as well.
OK, but withdrawing requires a process on the part of the child, what I'm referring to is even without a process of withdrawing consent. Since the child has never consented to begin with, shouldn't it automatically be illegal to continue?
Additionally, the child will usually not know every site their parent has consented to tracking use.
Your right to be forgotten does not out weigh my right to remember and share what I remember with others.
You have no right to tell me that I can't tell someone else I was in a hacker news conversation with Flowerlad on HN in January 2021 where he wrote "....whatever you wrote...." and that includes writing an article on my blog, tweeting about it, publishing it in the NYTimes, etc... and the idea that some law would prevent a search engine from indexing my content because your name happens to be in it seem wrong to me. You'd have effectively de-platformed me to talk about you or even my own memories.
As far as I understand, the earlier EU right-to-be-forgotten laws have been replaced by the GDPR and the right-to-erasure in it.
You are correct that right to be forgotten does not outweigh you right to remember and share what you remember with others. The law does not restrict this right - GDPR, including that clause, does not apply to private persons personal activity.
However, that right is more narrow than you imply. First, you personally have the right to share your memories with others, but companies and businesses do not have such a right. Second, you do not have a right to have your content indexed by a search engine - your right to talk about these things in everyday outweighs the other persons right to privacy, but their right to privacy outweighs your privilege to publish your memories in mass media. Yes, you would be effectively deplatformed, but that does not violate your right to speak about this - the right to privacy is a fundamental human right, the right to a platform is not; any rights to free speech does not include a right to be widely disseminated.
The world seems to disagree - United Nations Universal Declaration of Human Rights Article 12, European Convention on Human Rights Article 8, etc - the human rights definitions that we use explicitly list privacy as one of the fundamental human rights.
IIRC the ECJ ruling is not de-indexing - the requirement is to remove the link from certain search results, ie. when you google for "flowerlad" but not when you google for "greggman hacker news conservation".
I don't see the distinction. I want people to be able to search for "greggman's conversation with flowerlad". Flowerlad should have no say over what I can share and how others can find it.
Death is no escape either - my grandfather died almost thirty years ago but you can still find his name and last address on all of the people search sites. My grandmother was still getting marketing materials addressed to him when she died about five years ago. I had an uncle who died in the early 80s and there is no trace of him, so 90s seems to be the point at which the data brokers decided that nobody ever dies. Online advertising is already a sham (no really, I am never ever going to download Homescapes but I see ads for it thirty times a day), add on top of that all the dead people’s data being passed around. There really needs to be some regulation and oversight.
The general legal approach is that dead people have no privacy rights, and their privacy tends to be protected only as much as it concerns the privacy and reputation of their surviving relatives. It's fully legal to read and publish the private letters and intimate diaries of historical figures, as it is to make claims about their deeds and motivations that might constitute libel if they were alive.
"It's fully legal to read and publish the private letters and intimate diaries of historical figures"
Only if you don't violate the copyright of the dead person - which, depending on the country, can last 50 to 90+ years after the person's death. Thus to publish you'd have to get the right to do so from said person's estate.
There are many instances where private correspondence, etc. has been banned from publication/the public domain for this reason.
This goes in with the legal principle that these dead people don't have rights, but their surviving relatives do - if whoever inherited those letters and the rights to them decides to sell or publish them, the dead person's privacy is not grounds to prevent that.
>It's fully legal to read and publish the private letters and intimate diaries of historical figures, as it is to make claims about their deeds and motivations that might constitute libel if they were alive.
There are some resitcitions there, for example the Private letters and Diaries would still be covered under copyright and the estate of the person could come after you for Copyright violations if it was with in 70 years of their death.
Also the Estate of a person could absolutely sue you are defamation provided the Estate has a person actively working to police that activity and the resources to hire a lawyer to do it.
So your position that "dead people have no privacy" is really false as they have just as much privacy as people alive it is just most dead people do not have anyone around that will expend the resources to enforce it like a live person
"So your position that "dead people have no privacy" is really false" - no, I strongly assert that my position here is appropriate and that you are mistaken.
The relatives of the deceased can sue you for defamation damages to their reputation (e.g. the widow might assert that the claim about her deceased husband damages her own personal reputation, and if so, perhaps she would have standing but only as far as her own name was slandered). The relatives or the estate can not successfully sue you for defamation of the deceased him/herself.
It's even possible that defamation that happened while the victim was alive gets ignored if they die before the case is settled - for example, Ohio code (http://oh.elaws.us/orc/2311.21) explicitly asserts that libel and slander cases (unlike pretty much everything else) should end in this case.
A famous case is Michael Jackson and the 2019 documentary "Leaving Neverland"; when he was alive, he successfully won a defamation case against Victor Gutierrez with a pretty much equivalent case, however, as this happened after his death, those managing his estate were not able to bring a defamation suit for this documentary because those defamation laws did not apply any more.
> I had an uncle who died in the early 80s and there is no trace of him
Hmm, I wouldn't be so sure. Ancestry, FamilySearch, and other genealogical databases may yet have him in there, along with tons of information that ancestors literally voluntarily supply, including photos (for posterity). I see that as a good thing though. I can learn about my ancestors and see pictures of them and read stories about them.
What's on those sites is based off source materials. And those are generally disparate: oral witnesses, family members, documents found in private archives,... but also public records found in your city archives.
Where I live, different offices kept population records through out time e.g. city hall, the Church,... You can easily walk in, and access records from the 18th century and figure out when someone was born, who they married to and when they died.
However, legal provisions prohibit access to those public records pertaining to births, marriages and deaths which are less then 100 years old. Meaning you don't get access to lists of names of all everyone were born in 1936.
Why? Privacy for the living. e.g. someone could walk in and assert that your parents aren't your real parents.
Moreover, privacy legislation states that you need consent from living people before you can publish personal information regarding their names, addresses and so on. It means that even if someone passes away, you can't just publish that they were married or about their children if any of those are still alive.
Publishing pictures is even more fraught. You need consent from the person depicted, and consent from the photographer. That means ascertaining whether they are still alive, or getting consent from their estate in the case of the photographer. In the latter case, it might mean you may have to wait for 70 years after their death before those pictures enter the public domain. Genealogy websites allowing people to simply upload pictures without constraints expose themselves to copyright liability in that regard.
... and then there's the issue of how those legal provisions are upheld on the Internet. For instance, any ancestry/genealogy site who wants to operate in the EU has to comply with EU legislation including GDPR, copyright, right to be forgotten and so on.
For sure, being able to dig into your own ancestry and being able to rely on other people's work through digital technology is awesome. But, as with anything digital, it does come with the same challenges that confront any business case leveraging personal information.
TL;DR: Genealogy is fraught with legal challenges. You don't just get to publish, let alone scour and use those data without consent.
I read a science fiction book a couple years ago where the main cast of characters paid data services to generate fake digital trails for them. They couldn't erase the real video record of where they were, but they could create fake video records showing them in 6 other locations around the world at the same time. (And browser logs, credit card purchases, chat histories, etc).
I wonder if at some point we'll see deep fake profiles being made like that for obfuscation. 40 accounts with my name on facebook, all with similar but different histories and similar but different friends and travel histories. One of them is the real one and the rest deep fakes. Instead of being lost in silence, we can lose ourselves in noise.
They are throwing their money away, if I didn’t download the game the first thousand times I don’t know why they think the 1001st time is going to be different. Isn’t that supposed to be the promise of online advertising? Effective targeting? Yet day after day I get ads for homescapes (thousand times no), Harry Potter (nope), rheumatoid arthritis drugs (even trying to target?), cramps (you had 50/50 and you missed), and so on. They might as well be taking ads out in a newspaper (I should not encourage them).
From the article they mention a user being angry that they lost their kick data. It felt like they were highlighting this scenario like it was somehow weird or unusual that a pregnant mother was upset that she lost this data.
This "fascination" from the author is unhelpful IMHO.
I am not surprised that the pregnant mother was upset - in the UK it is now drilled into you that you need to keep track of kick data for your child and that you must - must - call the hospital as soon as you notice any change at all in kicking from your unborn child (1).
They are deliberately very vague and unclear about what a "change" constitutes - just that if you feel something has changed at all or in any way then you need to call. From experience, these calls always end with a request that you go into hospital for a check from a midwife. So 55 kicks today, but 60 yesterday? Come in and a midwife will hook you up to keep track of your baby's vitals for an hour just to be sure with lots of reassurance that you did the right thing by coming in and getting it checked.
So no shit if you've entrusted this data to an app and they've dropped the ball, no wonder you are angry: this is not just data for data's sake - not having it potentially endangers the life of your unborn child because you don't have your historical data to compare against any more, so you can't know anymore if today's kicks are changed from yesterday's or the day before etc.
I am sure many people will scoff and call this an overreaction (including apparently the author of the article) but this is the current recommendation from the NHS here, and not everyone has a totally normal medical history or otherwise-textbook pregnancy where it is all skipping through meadows of wild daisys and baby ducklings quietly nuzzling at your feet followed by the perfect stress and pain free delivery. People can and do have medical circumstances that influence pregnancy. It ain't all plain sailing.
People have reason to need to trust that their medical data is stored safely and reliably. To insinuate that is is odd is deeply unhelpful.
We had a similar experience, where my wife was STRESSED OUT ALL THE TIME at the data in these apps. Everything was tracked and it was fucking awful. The reliance on them meant she had no idea how to feel intuitively about our kid growing inside of her. After some convincing, the apps were ditched, she felt more "in tune" with what was going on, and we even had a ride to hospital to check on things because she felt things had gone quiet movement wise. Our kid moved like clockwork at certain times of the day and after meals, no app needed to figure that out.
These apps are a fucking cancer on what should be an enjoyable and natural time.
If you are in that situation it's probably even worse for the child than not keeping track of all this data. Stress from the mother during pregnancy can and does affect the development of the child:
My wife took maternity leave from 3 months before her due date for this very reason. I understand not everyone can, but it baffles my mind that often those who are able to, choose to continue to work rather than taking time off to care for themselves and their unborn child.
> in the UK it is now drilled into you that you need to keep track of kick data for your child and that you must - must - call the hospital as soon as you notice any change at all in kicking from your unborn child (1).
From link: “You do not need to count the number of kicks or movements you feel each day. The important thing is to get to know your baby's usual movements from day to day.”. I am guessing you are repeating what you have heard outside of the NHS recommendations (the NHS link appears well written to me, although I have zero experience).
“Call your midwife or maternity unit straight away if: your baby is moving less than usual; you cannot feel your baby moving any more; there is a change to your baby's usual pattern of movements. They'll need to check your baby's movements and heartbeat. Do not wait until the next day – call straight away, even if it's the middle of the night.”
“It's not likely your baby can move too much. The important thing is to be aware of your baby's usual pattern of movements. Any changes to this pattern of movements should be checked by a midwife or doctor.”
What your quotes say and what GP says boil down to the same thing. How can you tell if "your baby is moving less than usual; (...) there is a change to your baby's usual pattern of movements"? You count kicks. And quite likely note it down, because there's plenty of things going on, particularly around pregnancy, that will make you prone to forgetting such counts from day to day.
Most annoying about these kinds of situations is that the company likely hasn't even lost the data, but has simply removed your ability to access it. It's probably still being used to profile and profit off you, but good luck being able to use it yourself. I'm almost certain that this is the case with my Google search history, for example, where anything over a few years old has become quite difficult to access (entries that used to have very granular data about my browsing now simply list a domain), but I find it incredibly hard to believe that it's been completely discarded.
We desperately need modernized data rights and regulations. Companies can afford it.
Aside from all that, I’m sure the app itself had all sorts of messaging on how important this info is, and all the nasty things tracking it can help prevent, and lots of pretty graphs and visualizations. Why wouldn’t you be upset after that?
I'd say in many cases the issue is more that you are socially forced into accepting ToS that you have never read, thereby making data collection legal despite you never intending to do so.
That's why the GDPR is so great: It's only legal if the user has willingly and independently given consent to your data processing. So as soon as you force or coax someone into ticking that box, it's invalid and you can be sued for it.
You can't make anyone sign terms. What you can do is offer and you can also make pre-offer commitments if you feel like it. So they offer and they make the commitment that if you attempt to modify terms, they will instantly reject. At that point, you won't get the service and they won't get the data.
From their side, they also offer a well-defined interface to sign up to their service with the standard set of terms. Now, whether you use a tool that conforms to this interface is up to you. You don't have to use a tool that will conform and you won't get the offer.
Likewise, you can offer a well-defined interface to sign up to your data and everyone else can just choose not to use it and they won't get your offer.
> So they offer and they make the commitment that if you attempt to modify terms, they will instantly reject. At that point, you won't get the service and they won't get the data.
What about shadow profiles in that case? I assume companies track a lot more data on people that just what you put into your account explicitly — photos of friends not on platform, 3rd party sites using Pixel etc.
It's one thing that's really missing from GDPR style controls — if I have an account, I can request that my data is deleted (but not validate it really). What can I do if I don't have an account?
It's a feature, not a bug. Similar with strong consumer protection laws. I don't have to ever bother reading any ToS or disclaimers or whatnot when dealing with merchants, because there's an overriding set of laws I can invoke when they screw me over. So I only have to read one ToS - the government-issued one.
"Big data is a resource and a tool. It is meant to inform, rather than explain; it points us toward understanding, but it can still lead to misunderstanding, depending on how well or poorly it is wielded. And however dazzling we find the power of big data to be, we must never let its seductive glimmer blind us to its inherent imperfections.
. . .
What we are able to collect and process will always be just a tiny fraction of the information that exists in the world. It can only be a simulacrum of reality, like the shadows on the wall of Plato's cave."
- from the book "Big Data" mentioned in the article
Meant to inform rather than to explain. Words of caution for "data scientists". We get more useful data from our senses each day than we ever will from a company conducting surveillance over the internet.
an international study that demonstrated that out of 24 mobile health (mHealth) apps, 19 shared user data with parent companies and service providers (third parties). They also showed that third parties shared user data with 216 fourth parties, including multinational technology companies, digital advertising companies, telecommunications corporations, and a consumer credit reporting agency.
But what data are they collecting? Things available via JavaScript, tracking pixels, phone characteristics - most definitely. But the raw data about their pregnancies that users enter into tracking apps? While that’s entirely possible, Citation Needed.
I’m not trying to be obtuse - I understand the risks here - and I don’t want to get into an argument about semantics - but
Populating a variable based on the current user so as to segment them in analytics or advertising - regardless of whether it’s that the user is pregnant or they said their favorite color is blue - is different than “sharing” structured pregnancy data or favorite color data that a 3rd party can inspect.
If this sort of wide-scale actual sharing of data exists, then I’d expect to see job postings for the role of coordinating data exchange, schemas for pregnancy data in XML format, API documentation for transmitting ‘sensitive’ data to 3rd parties, leaks containing this sort of sensitive data in unexpected places, etc.
That said, the title of the article says “profiling” and not “sharing”, so maybe Facebook and Google can derive that particular theoretically opaque segmentation values from particular apps represent pregnancy status.
Or maybe an opaque, trained model outputs that for certain users with certain segmentation values in certain apps, those users are more likely to click on ads relating to pregnancy.
Edit: The WSJ article notes that Facebook has acknowledged that the latter is possible via a filed patent. FB say it doesn’t use that technique.
I've seen examples of encrypted payloads being sent to various third parties on the internet, it would be very time consuming to try and determine what that data actually is.
In my opinion, the OS should let you deny the "internet" permission on any app, no reason why it should need it if I don't want to risk my data being uploaded without my consent.
You get much more signals from an app than a web page or god forbid just local data.
It is probably why companies like reddit push their app so hard that it almost makes using the web page on mobile impossible.
I've been trying to find a meal tracker that store everything on my phone and phone only but it doesn't exist so I am considering writing one myself, but I feel like I am the crazy tinfoil hat person sometimes since I want local data!
This is not an exaggeration. Nowadays basically anything you buy that uses electricity also has chips included for various purposes. Those chips of course run proprietary software.
IIRC that took a Matrix-style war that humanity just barely won, so I don't think there's much hope among writers that we get to a post-tech universe without breaching the brane of cataclysm, seeing machine-borne oblivion on the other side, and pulling our heads back just in time (or perhaps an instant later...).
The third option is coexistence, though this too is something writers seem to be bearish on (Egan's Diaspora gives it a bit of consideration before simply killing off most organic life with a gamma ray burst, which I found somewhat cynical and or even spiteful, given the timing).
All the more reason we need some laws defining your data as your property, not the company that collects it. We need strong consumer protection of data.
Or... you know, we can just not patronize these services.
Nobody is holding a gun to our heads.
Many today argue that the internet is largely unusable if we block all the FAANG hostnames, and for many this may be true, but it's becoming less and less of a sacrifice every day to disconnect from these massive centralized blobs.
I understand many people feel an unquenchable urge to legislate these kinds of things into being, but we really cannot "will" things like this into existence. It's, actually, much easier to incentivize and promote a practical means towards adoption. In our case, we need to begin promoting technologies that promote decentralizing and owning our own communications protocols.
Maybe it's just me, but if someone in physical space asks for unnecessarily personal data I have no problem leaving it blank and/or lying through my teeth.
You know how some people are just complete fucking assholes, and people let them get away with it to avoid conflict?
Yeah, if you say your name is Bog Saget and your email is bob@gmail.com, nobody's gonna raise a stink. They'll know you're full of shit, but if you can deal with their disapproving glare nobody will stop you.
The "indoor play area" thing has not been an issue for me, personally.
Reminds me of the Sheriff's office from around here that was trying to fingerprint all kids at a spring festival... (in case they get kidnapped, they said).
it's worth remembering that somewhere, someone or a team:
- had a whiteboard/design/brainstorming session
- decided or was told to develop a feature involving data hoovering, with whatever justification
- not enough of the team said "no", or were replaced by those that said "yes", that the feature made it to production
- decided to sell/buy/run analyses over said data to increase profits (ostensibly)
now, if there were a handful of companies doing this consistently, that'd be one thing. however, if all these apps, web sites, etc. are engaging in this, then it's clear there's just zero fundamental ethical force to stop data hoovering, and we ought to expect that the data collection will increase up to and until government regulation of this stuff.
anyway, from where i sit, the engineers, vendors and data scientists involved in surveillance capitalism must share some of the blame, if not a lion's share.
Although many celebrated the passing and "enforcement" of the GDPR, I consider it to be one of the biggest failures in recent times. I'd argue the situation is worse today, and so far, the GDPR doesn't have any teeth whatsoever. On one website this is the cookie pop-up "consent" message:
"We use cookies to provide a great experience. If you're happy with this, continue browsing"
Apparently that counts as an "explicit, freely informed, permission given" consent now?
I have found countless examples of websites sending data to facebook (including PII), simply by using XHR/fetch and a POST request, sending entire page URLs every time you navigate the website. I've noticed tens of requests to several domains that could be hijacked at any time and peoples information collected by a bad actor is they get the domain "totallynotspyingonyou.com"
If the GDPR was serious platform changes would've been implemented - similar to Apple's coming tracking permission - which should be standard on every OS inside the EU. Instead of relying on websites/providers to the right thing, the upstream systems (browsers, OS) should be designed around the laws instead. As it stands, Google allows their OS to collect an individuals entire address book, apparently that data structure can be parsed, uploaded and freely traded once somebody taps "accept", and if my data is included...Well tough shit for me I guess. Asking Google whom has got my phone number saved onto their accounts yields no response, yet if somebody puts my PII onto Google, I have no rights over it.
The "rights" the GDPR enshrined are nothing more than a empty, hollow promise - how many have had success trying to get information deleted? All I get told is it's "legal" as there's a "public interest" or for any number of reasons.
Regulators simply can't and won't keep up. Reporting Google is a waste of time, a regulator is unlikely to touch them, even if there is data Google won't provide in a SAR and take months to provide a response.
We need to embrace and accept data is going to be collected on all humans and kept for as long as the collector wants, and it can be sold, leaked, used and abused without you having any way to control it.
We're all just numbers in a database somewhere, your feelings don't matter, how it affects your life on earth is disregarded, ads must be sold, data must be harvested.
People are too focused on data collection. We get it, surveillance is everywhere. It’s taking up a quarter of the front page at any given time. Anyone have anything intellectually novel to say? Or can I go write a bunch of articles about the same topic?
Edit: If you read the following as "vote with your feet" and not "go live in a tent" you will have better results.
It is written: 𝓣𝓱𝓮𝔂 "𝓽𝓻𝓾𝓼𝓽 𝓶𝓮" / 𝓓𝓾𝓶𝓫 𝓯𝓾𝓬𝓴𝓼
[For screen readers: They "trust me" / Dumb fucks]
It's a problem, for sure, but I don't think we're totally helpless... yet... and it frustrates me to see this level of learned helplessness, and mistaking convenience for necessity. Being used to using your phone for everything, doesn't mean you cannot do something else. It's inconvenient, and not impossible, to go to a library[0] instead of Google and BabyCenter.com for answers to your questions. It's inconvenient, and not impossible, to momentarily disappoint your kids to protect their data forever (which is the kind of long-term concern that you understand and they don't, because you're the adult, which in turn is why you, and not they, are in charge).
[0] RE libraries & books, that's the method most people used up to and past the 80s when PCs started appearing in many homes. That's the method by which enough knowledge was transmitted through millennia to enable the invention of smartphones. You don't even have to borrow the book; you can read it on-premises. But if you need to borrow it, you should still real-quick make sure the library isn't selling you out to anybody either. Most libraries have enough money and are pretty popular when it comes time to levy a tax or issue a bond. But some are just strapped enough that they "could really use the extra cash" that comes from providing borrower data to somebody who has convinced them it will be "anonymized."
Please don't use the Mathematical Alphanumeric Symbols block of Unicode to make cutesy letters like that, it can prevent the visually disabled from reading HN through their screenreaders.
Because we don't want a world where we HAVE the technological capability to make life so much more convenient but somehow can't use any of it because of some shitty fixable privacy/social/political problems.
For example, if you see a car that tracks your movement and sells it so some third party, you can either say "lets make cars that don't do that" or "lets go back to horses". I'm not excited about going back to horses, we can fix the damn car :/ Turning our back on modern technology is a depressing and limiting action in the long run.
Completely agree with you there. My objection was to the point around convenience & cost of time i think.
Seeing how much we focus on lowering the friction to onboarding, landing pages and just working in software for a while, i think the private solutions have to be every bit as convenient as the commercial option, otherwise they are not viable. That is just table stakes for mass adoption by a broad audience. Technical users may vote with their feet even when its slightly inconvenient, but its not enough to make a dent in the world.
For example, i cannot even imagine how much longer everything would take if every google search i made was replaced with a visit to the library. It would be 5-10x the time, maybe much more. A ton of information would be completely unavailable even given infinite library time. Luckily, I can (and do) just use DuckDuckGo instead.
There's lots of encouraging progress in these kinds of solutions that are both just as convenient AND private - decentralized web, pinephone, linux adoption, end to end encryption on messengers, personal clouds like NextCloud etc.
Google's Eric Schmidt suggests that young people should change their name upon reaching adulthood: https://www.telegraph.co.uk/technology/google/7951269/Young-...
Of course, a better way may be to introduce new right-to-be-forgotten laws like in the EU.