You read and agreed with the terms explicitly stating the data would be used to do those things, and it was not at all necessary for you to do that. What else do you want? It seems like consent isn't the issue. You just don't like what this company does, and still volunteer your data for them to do just that. Now you regret it and write a blog post?
One thing is to be tricked or misled, or for a government to force your face to be scanned and shared with a third party. Another is to have terms explicitly saying this will be done, requiring explicit agreement, and no one forcing you to do it.
This is where I disagree. You basically have to use LinkedIn to participate in today’s job market. These large platforms that are protected by network effects should be highly regulated so they cannot abuse your privacy and rights.
Most privacy issues with today’s technology industry are caused by companies behaving like private service providers, when in practice they are somewhere between public utilities and government agencies in terms of their necessity and inevitability.
In many companies, you don’t need to bother applying without a LinkedIn profile. You’re not even going to be considered for a position, full stop.
They consented to their data being used to verify their identity, not to train an AI on their data. Each separate purpose the data is being processed for needs its own basis.
"Consent" and "Legitimate Interest" are legal terminology - they're two bases defined in GDPR and have different implications and requirements for balancing user and processor interests.
When the author says that Persona claims the "legitimate interest" basis for these data, they're saying that Persona is trying to achieve maximum flexibility for using the data (since "consent" generally requires specific agreement on a specific use for the data, and the burden of maintaining the consent records, where "legitimate interest" does not).
The government who wages the wars and brings its terrors home invades people's privacy and comfort in the small amount of time they have away from the toll they put to pay their taxes, and the people are thankful, after all, all of it is for their safety.
Would you? I think that EU mandates a mobile connect for emergency services (eCall), but can you point out a legislation which forbits the owner to disable it in the vehicle they own?
The EU-wide "911 eCall" system records your location at all times and has a cellular modem connected to government systems. It is illegal to disable this system. If you still do so, there are fines, and your insurance is no longer considered fully valid in case of an accident.
You asked for specific legislation. For the Netherlands and our "APK" system, the relevant rule is under "Geluidssignaalinrichtingen en eCall", article 5.2.71 of the APK handboek, issued by our Rijksdienst voor het Wegverkeer.
In the EU, automatic surveillance cameras on the side of the road enforce this APK system, so if you do disable the eCall system, you will fail your APK, and you will automatically receive a fine. Even if you don't leave your driveway, the government is working hard to keep you safe; government camera surveillance cars drive around constantly, scanning your license plates, cross-referencing surveillance images with other government databases to automatically issue fines if you step out of line.
I really don't think there's anything to worry about, though; to quote another comment of mine:
>Thankfully, we're safe. Car software is notoriously high quality and rarely hacked. All governments are fully trustworthy, especially around espionage and privacy, and have a perfect track record of never lying to the public.
>Look, the European Commission stated that it cannot be hacked; "hackers cannot take control of it", from ec.europa.eu. They built an unhackable device. I am not sure what you could be worried about. If the government tells you something cannot be hacked, then it cannot be hacked. Furthermore, none of the EU member states have been found using other infrastructure to violate privacy laws.
They'll have to find you first, which (without a cell modem and GPS) would be an undertaking. The cell antenna "accidentally" falling off or the cable developing a fatigue break after the connector might be easier to explain. A Faraday bag comes to mind, as well.
>DNS query [...] in the clear. [...] (DoH) plugs this privacy leak [...] no one on the network, not your internet service provider [...] can eavesdrop on your browsing
Whoever could see DNS traffic can still see the target you're connecting to...
The promise is especially dangerous when a huge fraction of traffic doesn't use Encrypted Client Hello, [1] so the domain name is sent in the clear with the initial request to the server.
A while back I wrote a quick proof-of-concept that parses packet data from sniffglue [2] and ran it on my very low powered router to log all source IP address + hostname headers. It didn't even use a measurable amount of CPU, and I didn't bother to implement it efficiently, either.
I think it's safe to assume that anyone in a position to MITM you, including your ISP, could easily be logging this traffic if they want to.
But if that request is going to a large provider (GCP, AWS, CloudFlare), without the hostname, the request is going to be close to meaningless for the snoop.
This is correct. The right way to think of DoH is as part of a package of mechanisms (including ECH) that collectively are designed to close network-based leakage of browsing history. Used alone, it has some value but that value is limited.
You read and agreed with the terms explicitly stating the data would be used to do those things, and it was not at all necessary for you to do that. What else do you want? It seems like consent isn't the issue. You just don't like what this company does, and still volunteer your data for them to do just that. Now you regret it and write a blog post?
One thing is to be tricked or misled, or for a government to force your face to be scanned and shared with a third party. Another is to have terms explicitly saying this will be done, requiring explicit agreement, and no one forcing you to do it.