Yeah, I think that's right. But it does raise an interesting point. The meta-point of the study was a good one, I think, which is to "study privacy on the internet".
I'm soooo behind that (one reason I am disappointed in the ethical lapses here)—I've often considered publishing the steps I take for each website on a substack or whatever, to help other people. Sometimes, it can be hard to figure out (1) if your data can be requested-to-be-deleted, and (2) how to even do it.
Clearly, the deception was bad; I guess, just thinking out loud, how could this study have been done ethically? Perhaps, sign up real people to request the data, and transparently include a notice that this was part of a study?
The last bit is the tricky one; including that might skew the results in favor of websites being compliant.
If I understand correctly the sentiment is that the study is not in “good faith” by virtue of being a study. That’s where I’m genuinely ethically confused. It’s not like the study is bad faith (like they’re trying to trick websites into something illegal then sue them). At worst it’s neutral faith. But why is that unethical?
I'm soooo behind that (one reason I am disappointed in the ethical lapses here)—I've often considered publishing the steps I take for each website on a substack or whatever, to help other people. Sometimes, it can be hard to figure out (1) if your data can be requested-to-be-deleted, and (2) how to even do it.
Clearly, the deception was bad; I guess, just thinking out loud, how could this study have been done ethically? Perhaps, sign up real people to request the data, and transparently include a notice that this was part of a study?
The last bit is the tricky one; including that might skew the results in favor of websites being compliant.