Slashdot Mirror
Ask Slashdot: How Is It Even Legal For Websites To Gather And Sell Users' Data?
Long-time Slashdot reader dryriver sees it like this:
Lets say that I follow a person named John D. around for days without permission, make note of what John D. does and where he buys with timestamps accurate to the second without John D. knowing it is happening, analyze what kind of personality traits John D. has, enter that data into an electronic database where it is stored forever, and also make the data purchaseable to any third party who is interested.
Would I be breaking the law if John D. has not given me explicit permission to do this? Very likely. If this is the case for "meatspace data gathering", how can websites justify gathering information about visitors, and selling that information to third parties?
How would you answer this question? Attempt your own best explantions in the comments. How is your country balancing the need for online privacy with actual laws governing what can and can't be collected?
How is it even legal for web sites to gather and sell users' data?
Would I be breaking the law if John D. has not given me explicit permission to do this? Very likely. If this is the case for "meatspace data gathering", how can websites justify gathering information about visitors, and selling that information to third parties?
How would you answer this question? Attempt your own best explantions in the comments. How is your country balancing the need for online privacy with actual laws governing what can and can't be collected?
How is it even legal for web sites to gather and sell users' data?
They're completely legal.
One can't answer your question unless you specify "legal in jurisdiction X". For example Europe has GDPR, USA or Canada or Mexico or China does not, but they have other laws.
So I guess I would answer your question with "Legal where?" and a disclaimer "IANAL". ;-)
Lets say that I follow a person named John D. around for days without permission, make note of what John D. does and where he buys with timestamps accurate to the second without John D. knowing it is happening, analyze what kind of personality traits John D. has, enter that data into an electronic database where it is stored forever, and also make the data purchaseable to any third party who is interested.
That sounds a bit like a private detective, with the exception that they typically work for a specific client.
Also, if you stop to think about it, going to a website it like going to some person's private establishment. I'm visiting their server, so it's their rules. Stores no doubt track my purchases, and some even have cameras on presence that record my every action. If I have a problem with it, I can take my business elsewhere.
Sure, terms of service could be more explicit, but most people wouldn't bother to read them or would just click through like they did when they signed up for a Facebook account or half of the other shit they use online.
.. the rule of law exists in this world. There are two sets of laws, one for the rich and corporations and another for the rest of us. The reality is the internet and technology has made it cheap and easy to collect data on everyone. Even if you wanted privacy it can't exist due to technological advancement. Our technology is making rule of law irrelevant.
The last 20 years the internet enabled software companies to steal peoples game and OS software (drm) and remove their privacy by force because we can't reach them. The only solution is reconstituting corporations legally so they certain behaviors aren't allowed or they lose their charter, but that's unlikely given the free market fundamentalism that grips the world. The only way out would be for society to have a say in how corporations or businesses are run and given the mass stupidity and huge amounts of money arrayed against that outcome it is unlikely.
What makes you think any of what you described in 'meatspace' is illegal? It's not, in the US, anyway. PERHAPS could be considered under harassment or stalking laws if it was very blatent, but if you are in public, you are subject to anyone recording/photographing you and what you are doing, pretty much.
If I'm not back again this time tomorrow...
They are enhancing the customers experience.
Rick B.
Lets say that I follow a person named John D. around for days without permission, make note of what John D. does and where he buys with timestamps accurate to the second without John D. knowing it is happening
No, a more apt description would be that John D spends all of his free time at the same Target. He buys all of his stuff there using a Target credit card. He talks to the employees constantly. He hangs out with his friends at the attached Starbucks and has loud conversations with them. He eats at the attached Subway every day. He uses the Target pharmacy for all of his prescriptions.
Then, he finds out that the employees of that Target know all of this stuff about him and is appalled.
My Other Computer Is A Data General Nova III.
USA Laws are limited by these 2 main laws that limit it by age (under 13) and healthcare respectively: COPPA https://www.ftc.gov/enforcemen... and HIPAA https://www.hhs.gov/hipaa/for-...
And then it's not really limited anymore except by state. Which a summary exists here: https://en.wikipedia.org/wiki/...
You are going to their house and doing what you do, and they're just making note of what you did in their living room.
STOP . AMERICA . NOW
The real-world analogy would be more like keeping track of someone's location and activities who entered your retail store, then using/selling that data as they see fit. People may not like that, but I don't think there's any serious theory that it would be illegal. (Let's ignore for a moment the places in that retail store where you'd have a reasonable expectation of privacy like changing rooms, since that's outside the scope of the submitter's doe-eyed question.)
In the same way, you visit someone's website, you play by their rules. This doesn't seem particularly complicated or surprising.
People who setup accounts of Facebook, Google, etc generally authorize being spied on in the fine print of the click-through agreements they usually consent to without ever reading because: FREE STUFF!
You are onto something else here though:
1. Who ever made it legal for websites to spy on, AND SELL PERSONAL INFO on, people who did not ever create an account and click on an "I agree" button?
And the much bigger and more serious:
2. Who ever made it legal for any of the credit reporting agencies (like equifax and experian) to gather personal data on anybody without that person establishing a relationship with them and authorizing it? Keep in mind that the vast majority of so-called identity theft would not occur without the services of these agencies. Reminder: "Identity Theft" crime is actually a business [bank/credit card] enabling another business [a store or service provider] to do a fraudulent trasaction with a criminal [the so-called identity thief] in YOUR NAME, and then blame YOU for it even though YOU were the one party not at all involved in the criminal act.
The real problem is that corrupt "establishment" policitians in BOTH PARTIES are on the take to big corporations, and they're not actually interested in protecting the safety and privacy of their voters; they're in the business of paying lip service to groups of poll-tested voters using micro-targeted issues while actually screwing over those same voters by enabling the people who fund their reelection campaigns.
NEVER answer a pollster - the pollsters are not doing ANYTHING for YOU (YOU are not paying them), they're operating in the service of politicians and businesses and activists and coporations who are trying to figure out better ways to manipulate the public.
No reasonable expectation of privacy. Perfectly legal.
Browsing at +1 - no ACs, I ignore their posts. So refreshing!
Especially since you agree to their terms of service when you sign up.
In the tiny fine print click thru you get on sites these days, you give them permission. Or sometimes just by using the site if they bury the fine print somewhere you can theoretically get to it.
The user and their content is the product.
Use an ad company that offers "free" services and the ads will flow.
Domestic spying is now "Benign Information Gathering"
The cops don't show up when a corporation robs you. It's only a crime when you rob a corporation. That's how you know you're living in a fascist police state. Sieg heil it as mandated.
I use uBlock Origin, Ghostery and a Hosts file to block as much Web advertising and tracking as possible.
This makes the leaks obvious: one random item I browsed will follow me around in ads on several sites.
Of course, Amazon knows exactly what I want, and Google knows I go to (legal) cannabis dispensaries on my vacations, but I can live with that.
Wrong. When I visit a website, I'm inviting them into my house. When I close the website, I expect them to leave, not have agents of their choosing stay behind indefinitely to spy on me.
It's not necessarily illegal to follow someone around without there permission to the extent you are not entering private property illegally and trespassing. Basically assuming nobody tells you to say leave a store following someone onto private property of a nature open to the public it is going to be legal. There may be statues against harassment, but those are going to be more specific. There may also be laws against practicing investigations without proper licenses. However following someone around and making notes about them is not in and of itself necessarily either of these things. It's merely impractical to make such a business model work and so nobody has done it until more recently and really only to the extent it is automated via technology via cameras, cell phones, etc.
Yes and no. When I visit a website... I've crossed a virtual "welcome mat" in front of their world. I didn't ask them to come visit me in my house. That was the first problem. The second problem is they have decided to co-habitate with me without my consent. Once that happens they can gleefully watch/note/report on everything I do and sell it to world+dog.
It's best to compare this to a brick and mortar world to make true sense of it.
The copyright-absolutist position is this: My life is *my* performance before God and all mankind. As soon as it is recorded, that recording is a copyright work for which I own the copyright (unless there is a specific written contract to the contrary), according to US Code Title 17. And use of that work without my permission for commercial gain is felony copyright infringement. Felony copyright infringement is exactly the behavior all these data-gatherers are doing. FWIW.
"My opinions are my own, and I've got *lots* of them!"
My computer is my property, not theirs. Their site and their site's code that tracks me is running on my system.
Yes, there is tracking that happens on both ends, which muddies the entire thing in a way that resists real-world analogy. In my opinion that begs for the protection afforded the highest point in that equation, not the lowest.
Imagine you phonecall a company and say:
Send me a travelling Salesperson, please. Or a delivery service and say, please deliver a newspaper to my office.
They answer: "sure, but there are some conditions for that convenience, please, for the next 8 minutes listen carefully to them."
You do not listen, instead, put the phone on the table, set your watch to 7 minutes, and go brew a tea.
You return, and when the operator asks: "Do you agree to our terms?" You say "yes"
It turns out that the terms include the salesperson or deliveryperson staying in your office long after the transaction is concluded (you place your order or get your newspaper), taking notes of many of the things you do, correlating those notes with those of other delivery companies/salespeople/third parties and a long and creepy et cetera.
But hey, you neglected to hear the terms of their service, because those terms were boring, and instead you went for tea.
Having corrected the analogy used by dryriver, the correct question to ask slashdot is:
Are the terms of service used by most websites even legal?
*** Suerte a todos y Feliz dia!
pro-business and pro-corporate leaders for nearly 50 years now. If the people in charge of regulation don't believe in regulation then we don't get regulation.
Seriously, it's not complicated.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
if you're out in public and somebody takes your picture you don't own the picture.
If we made every bit of data that involves you copyrightable it wouldn't really help. You don't have the money to litigate dozens of copyright lawsuits. It would just turn into a useful tool for the wealthy to quash criticism against them.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
My country is still debating if Global Warming is real or not, if Evolution is real or not, if Vaccination creates Autism or not, if the Earth is flat or not etc. Online Privacy is too advanced a topic for us right now. Perhaps in a couple of decades we will get there.
Simple answer: It's not users' data. It's data *about* the users.
When you take out a pen and paper and write down the colour of your dog, that data isn't *owned by* your dog. If you kept a record of your customers height and weight on your own hard drive, your customers don't own that data.
If you make a website, and record data about your site's visitors, your visitors don't own that data. It's data *about* them.
In a free country, everything is legal which is not explicitly illegal. So nothing has to be "made legal" unless it was previously made illegal.
In this specific case, the information you choose to send to a website from your computer is completely under your control. You don't even have to hook your computer up to someone else's network if you really don't want anyone to know anything about what you do with it. They aren't pointing TEMPEST gear at your windows, you're voluntarily sending them information from your computer to their server.
The party of stupid and the party of evil get together and do something both stupid and evil, then call it bipartisan.
Per the following someone around parallel, I wonder if this comes under stalking laws?
you give them permission to do so.
even this very site is like that.
see also: https://slashdotmedia.com/priv...
Follow everyone around and collect data on them.
The only thing that covers is your expectation of continued service.
Privacy is covered by law and is not something that can just be signed away because a company would like it that way.
The real problem is simply these companies aren't being challenged in a way that financially hurts. I'd be happy if Facebook couldn't exist due to burden of fines.
If you walk into Walmart, they are allowed to video record you and track your movement in the store. They are allowed to outsource their security to Google. Google is allowed to have billboards near your house showing products it has determined you might be interested in from tracking your movement inside Walmart.
well, you do give the website permission by agreeing to their terms of use.
People seem to think at the individual level, not at the group level. I first ran across this in the 1990s playing Everquest. In response to complaints about griefers harassing regular players, they came up with an anti-harassment policy. You could be banned for targeting a player and harassing them. This had the opposite effect than intended. Griefers didn't target specific players. They tended to hang out in an area and try to ruin the day of anyone who came into the area. On the other hand, people who got fed up with the griefers and tried to drive them out of an area were targeting a specific player. And so the anti-harassment policy ended up protecting griefers, while getting anti-griefers banned.
For some reason people seem to judge the harm of bad behaviors in terms of the average harm done to an individual, rather than to the overall harm done to society. A spammer sends out a hundred million spam emails, and people say "what's the big deal? It only takes you 3 seconds to realize it's spam and delete it." But 3 seconds times 100 million is 9.5 years of cumulative wasted time and productivity. Likewise, people handling private customer data don't take it seriously, since each individual's data is probably only worth a few dollars. Nobody cares if they lose a few dollars, right? But multiply it by several hundred million people and you're doing serious economic damage if you take it without permission or let it get stolen by hackers.
to gather and share your information with govenment?
#GDPR #PRISM
You ----> Cloudflare ------> Website
Website __and Cloudflare__ knows your raw password and your entire activity
What now?
Adblocker collects data about the websites you are visiting. If you use windows everything on that system is tracking you and the second most intrusive piece of software other than Microsoft Windows is your antivirus product they see everything you do on the Internet. Antivirus products leave tracking software behind even after you have deleted that program.
If you go into device manager and then select show hidden devices you will see data drivers collecting data from your ex antivirus product.
It is no different on a Apple Mac system Apple has root.
Most web tracking websites are non-sophisticated they simply use tracking cookies. Amazon is following you everywhere and so is Facebook even if you do not use them. If you are in the U.K. your Internet provider has to collect data about the sites you visit and that data is for the government watchdog.
If you are in the U.S. almost every government department is spying on you with the aid of companies like Google.
I could have probably typed that better but I am tired I have been reading too much misty eyed.
P.S. did you see the "UbuntuMate 18.04 programming team not one of them used a Linux desktop, or even Linux. no wonder the desktop is a mess they themselves do not use it.
https://youtu.be/wNd2bvLvyk4
We have so much other crap to worry about right now. Everyone takes our data. Heck it's part of our freedom as a species to monitor other people / animals / objects and record things about them. What the fuck is going on that this is all of a sudden a huge concern? What's driving this? Apple? EU? There's got to be some kind of financial motivation behind wanting companies to STOP taking our data. Or is it socialism trying to stop them? I don't get it. What do we get in the end if say none of us could record what other people do using a service we provide? Where's the benefit? So some company doesn't know when to stock for pudding pops during a storm? I mean what is it we're trying to stop here that is so damn harmful. This is coming from a person who fucking hates data being collected by Verizon with their horrible "deep" network cookies, hates answering agreements to share data, always clicks on free/non free software disagree to sharing crash reports. Yeah I don't like it but why the fuck does it matter? Really. I hate this anti freedom approach and trying to pass even more laws to make more things illegal. It only hurts all of us in the end and way more than some company knowing I visited beeg.com 25 times today.
Their site and their site's code that tracks me is running on my system.
You requested their site and code. You chose to run it.
Your analogy is as idiotic as suing Cutco because you bought a knife, went to your kitchen, and stabbed yourself in the dick with it.
You've got the wrong metaphor.
Open up the session monitor in your browser of choice and you'll see it as a series of requests. Now the metaphor is much clearer: you're ringing them up, and asking them things. Your browser, on your behalf, is sending the data that lets the session persist and allows inferences to be drawn.
*ring ring*
ACME: This is ACME products, how can I help you?
John: Hi, I'm John, can you show me products related to 'shoes'?
ACME: Okay, here are leather shoes, casual shoes, trainers.
John: This is John again. I want casual shoes.
ACME: Mens or womens?
John: This is John again. Mens please. Brown, size 10.
ACME: Here are some styles of mens shoes in that colour. - writes down that John may be male, adult -
John: This is John again. Thank you I'd like to buy these ones.
ACME: Okay John, done. Would you like to see some women's shoes?
John: This is John again. Yes, women's, adult, formal.
ACME: Okay John, here are some formal women's shoes - writes down that John may be married to a woman, employed -
John: This is John again, bye.
*click*
I think the idea that this is 'users' data' to be misleading. It's the company's data regarding a request from a user. If I keep track of how many red or green apples I sell and in which months of the year and whether the seller is male or female or tall or short, that's sales data.
We keep assuming that it's our data. I'm not so sure it is.
Consider a different situation:
A woman has a baby. He grows up to be a famous actor. He doesn't want his birthday published because he believes there is age discrimination in Hollywood. His mom wants to write an autobiography. They each have a valid claim that the date in question is their own personal data.
If I google erectile dysfunction treatment, I think "My request for Google to bring me information on ED is my data," but Google thinks "That request I received for info about ED is my data." Obviously Google winds up with a freakishly gigantic amount of data, so our assumption seems natural, but I'm not 100% sure it's reasonable. Every search is transaction with at least two parties.
I hate and fear the data gathering. That's why I don't have a Facebook account, or Snapchat, Instagram, Pinterest, etc. I do search using Google, though, and I shop on Amazon sometimes, so I guess I don't hate it as much as I tell myself I do.
Serious question.
If all online services did not leave tracking cookies/spyware/etc on your computer, would you be ok with all of the other data accumulation and trading that happened?
Before the web, user information was gathered based on TV channels you watched by vans equipped with radio equipment that could detect which channels were active on a TV as they drove through neighborhoods for ratings or licensing purposes: https://www.theguardian.com/no...
Credit card companies, magazine subscriptions, and mail order catalogs requested were also valuable sources of consumer interests
The search engines and social media are simply extending the concept which is how they get paid for all the free software and services you get.
You can skew the AI engines and results somewhat by periodically visiting completely random sites or posting completely random things way out of your normal interests and watch where those interests show up in ads on other web sites. Industrial equipment is my favorite alternate go to.
As soon as they commercialize it it requires a model/actor/etc release, last I checked.
Just because it is legal to make the recording doesn't mean it is legal to use it for commercial purposes. One of the few legal commercial uses might be to release it to an officially recognized journalist to print in a newspaper if it is in the public interest. But as the Hulk Hogan sex tape scandal showed, even that has limits, even for celebrities who normally give up much of it as part of their professional lifestyle.
Wrong. When I visit a website, I'm inviting them into my house.
So you are not utilizing their web servers, aka their house? You are 100% within the borders of your own property at all times?
By never being in communication with their servers, you in their house, it isn't possible for them to collect anything on you, there would be no way for them to get any such data since you never once communicated with their servers as you claim.
That means the act of not transmitting any data with you, which includes collecting data, can't possibly violate any rule or law that has a requirement of collecting data on you.
Either you are going to their house and playing by their rules, giving them your data freely,
or you are not, and no data is exchanged, and there is no problem in the first place.
You simply can't convince anyone they are collecting data on you when you authoritatively state you were never in communication with them in the first place.
It's called Surveillance Capitalism. More than just our labor, information about us is an object of economic value. In effect, people have been turned into commodities.
Market research's psychographics classifies us according to our social niche. That information is then used to micro-target specific segments of the market, the segments we occupy. As part of a massive feedback loop, words and phrases we are comfortable with are used in tailor-made messages designed to massage our psyche, and get us to buy whatever they're selling, be it goods, services, logos, ideas or politics.
https://en.wikipedia.org/wiki/Surveillance_capitalism/
Jurisdiction and liability can't be signed away, but privacy absolutely can. In fact you can give it away for free, just make your your private information public, and bang! You're there.
Yes, it seems we're not that good at overcoming simple, sound-bite messaging. For too much of the American electorate, 'simple sells.'
Websites don't follow you, so the analogy is really incorrect. It's more like if you go into a store, and they take note of what you buy, and what products you looked at. They then assign you a number based on various information about you, such as your appearance, the car you arrived in, etc, and then share your purchase and browsing information (associated with that number) with a marketing company who pays the store for the privilege. They do this with other stores, and they all use the same method to assign you a number, so if you go to another store, they know it's you without knowing exactly who you are. Then the marketing company tells the stores that people who look at X products tend to buy Y products, or that people who look like A tend to buy B, or ones that drive C cars buy D products, and help them arrange their promotions, product placement, etc, appropriately to maximize their sales.
Wrong. When I visit a website, I'm inviting them into my house.
Wrong. You are connecting to their server and sending data to them.
If you don't want them to have the data, then don't send it to them, and they won't have it. But if you do act to transfer data to them... then they have the data you gave them!
My computer is my property, not theirs. Their site and their site's code that tracks me is running on my system.
Yes, it is your property, and as such, you are volunteering to run the code you requested.
You don't HAVE to run it. Most often, I don't.
But as you pointed out, it is your computer and does what you tell it. You can't blame the other party if you allow it to send a big pile of data to them, and then they remember what you told them. Just like if you tell me your dog is named Spot, I am permitted to remember that your dog is named Spot.
I would pose this question to Equifax and transunion. They have been doing it for decades before the internet was born.
It's legal for them to know what you tell them.
If you call me up and tell me you just bought a new car, then I am now in possession of a piece of data indicating you just bought a new car.
If you don't want me to know that, you are welcome not to tell me.
The nature of the web is that the remote server cannot know anything you do not tell it. If you do not know how to stop telling it things, that is not the problem of the remote end, that's your problem for telling it things you don't want it to know.
Stop giving away the data you want to remain private. Or if you do give it away, you don't get to complain when someone else knows what you told them.
Privacy is all about preventing mapping of data to a person. If that is possible in any way, privacy is compromised. Data used for personalization is just that - data. If the data can be mapped to a real person it can be used against the person. Privacy watchdogs should get a law passed making it illegal to map data with a person - that's when we will see real strides being made in safeguarding privacy.
No, it shouldn't. Now get off my lawn! Noobs, u gotta luv em.
All my personal information is copyright by me.
No, all of those social media buttons and ad banners and "free" analytics tools and fonts, etc., those are mechanisms to spy on you. That's how they follow you around, well outside of their living rooms.
What makes you think that's illegal in meatspace? PIs do exactly that all the time. As long as you're not breaking into their property, you can follow and observe people all you want. And since your phone or the website has been explicitly invited into the person's life, there is no legal violations. You can make the argument about it being morally wrong and work to make it illegal, but it's not illegal now.
You're wrong, and an idiot.
In the case of a web-site, it's not like following a person through public. It's like following a customer of yours around your own store.
I don't think you'll find any jurisdiction in which it's illegal, or even frowned upon, to record how customers walk through your store, which shelves they look at, which clothes they try on, which products they pick up. And if you want to sell your customer-usage data to someone, it's yours because it's actually your customer data.
This all comes down to the purple pages. Phone books were illegal, in concept -- a book of everyone's phone number, name, and street address. But it was accepted anyway because you had to know the person's name. But there were the purple pages -- the very same phone book, indexed by street address. So you could look up a street address, and see who lived there. The purple pages were considered illegal -- for privacy reasons -- and were not widely published as a result.
Until they were.
So the only true answer to your question is actually the simplest one: slippery slope.
Ignoring the low effort implied by your question, take a look at the recently published book The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power.
I expected this question to be about data collected from my computer, not the data I send to the web site.
Ad blockers are a security tool, and the main reason I use them is to keep ad companies from trying to break into my computer. I've come across way too many malicious scripts in ads over the years. Given how many legitimate companies have been caught doing that, is anyone taking that seriously?
I don't own a smartphone at all. I don't even want to know how much questionable yet suspiciously legal data collection is going on in that arena.
Shoshana Zuboff's excellent recent book, The Age of Surveillance Capitalism explores this question in detail. The development of technical means of gathering personal data has happened far faster than legal systems have been able to respond. There was simply a legal void, as it never occurred to anyone that it would be possible for a corporation to know so much about everyone and use that knowledge for its own benefit and profit. Legislation like the EU's GDPR is attempting to restore some control, but Google, Facebook, Amazon and a few others have simply asserted their right to use our behavior as raw material for their own products, and it's probably too late to challenge this appropriation.
Bullshit. It's more like a handful of busybodies were following you about to everyone else's houses - and shops, and libraries, and gyms, and schools, and every other kind of place you might visit - and making notes about you there, and you're arguing that's OK because all those other places knowingly let them in.
I don't mind Facebook collecting and doing as they like with every keystroke I type into Facebook. But they're also collecting like information from what I type in other places.
The OP compares one physical activity and one digital activity and suggests one might be illegal whilst the other is perfectly legal.
It might be worth taking a brief detour here and considering the way that society determines whether or not a particular activity is legal or illegal. This is a significant simplification, but in general terms we could summarize the core principle of illegality as being a range of activities which cause harm or damage to those disadvantaged by it.
If I steal from you, you are harmed. If I injure you, you are harmed. If I kill you; well, you get the point.
A big part of the apparent disparity between physically stalking someone [or, to simplify again, actions in meatspace] from the digital equivalent stems entirely from the fact that it is very difficult to evidence the harm being caused by digital stalking. That is not to say that digital stalking is harmless.
There are no end of ways that the unregulated actions of private companies such as Facebook and Google can harm you as a private citizen.
With no regulation of what data is collected, how it is analyzed, or who it is sold to, the opportunities for that data to harm you are diverse and significant. You may be unsuccessful in securing your next job if you are blacklisted by recruitment agencies. You may have to pay more for credit, or you may be refused loans, if you cross invisible lines with your digital life. You may be denied health insurance. You may be subject to even more surveillance if data collected on you by a private company is caught up in a government data request dragnet. You may be significantly defrauded if a company with whom you have shared data knowingly and willingly then fails to protect it, allowing you to become a victim of identity theft and associated fraud.
Governments the world over have failed to take steps to address these harms - even though that is the principle on which the concept of law was founded - for two broad reasons. The first is ignorance. As elected leaders demonstrate almost every time they speak, very few of them have a reasonable grasp of just how much harm this data harvesting can cause. The second is self-serving: the agencies charged with protecting citizens rights would much rather be able to issue a subpoena or NSL and get access to all that juicy data for themselves.
The only reason that the activities of companies like Facebook and Google are not illegal is because neither the people nor the government[s] truly understand what they can do. To get even the narrowest of ideas, look at what Christopher Wylie (of Cambridge Analytica) told Congress.
Gossip was used (mostly by women) as a source of power over others for millennia. The ability for its victims to hide increased with modern expansion and travel. The databases maintained now reestablish the power of gossip. You can run, but you'll just die tired.
Certain state allow all kind of recording of private convo, put some other would consider recording a person without their knowledge to be illegal. So better check with your L of IANAL before starting recording somebody without their knowledge.
You are going to their house and doing what you do, and they're just making note of what you did in their living room.
No, all of those social media buttons and ad banners and "free" analytics tools and fonts, etc., those are mechanisms to spy on you. That's how they follow you around, well outside of their living rooms.
It's more like each major tech company controls a fleet of cameras. These cameras are absolutely everywhere, on the roads, in the shops, in the fitting booths, in your living room, in your bedroom in your car, at the restaurant where you eat, at the cash register where you pay for your groceries, in the sex shop where you buy your dirty magazines ... everywhere. If you sit down on any toilet to take a dump you'll find cameras belonging to Google, Twitter, Facebook, Pinterest, and a whole legion of tech, advertising and market research companies recording every strained look on your face as you struggle to squeeze out that turd and taping every loud wet fart. Every leaf of used toilet paper is copied in triplicate and carefully archived. Then they sell their records of your activities to anybody willing to pay. You can try to make it harder for them to keep tabs on you by wearing a VPN mask wherever you go and wearing a camera blinding laser AdBlocker laser on your head but that has only limited effect at best.
... Oh, wait, you're probably in the US. Errrm ... Nevermind.
Seriously you guys across the pond should probably just copy the new EU GDPR verbatim and be done with it. That would save you a lot of hassle. It's a great law and although it forces me to do muy job more diligently that actually by and large is a good thing.
Just sayin'.
We suffer more in our imagination than in reality. - Seneca
thats way this should roll...
Is Slashdot so in need of stories that anything gets published? There are such things as dumb questions, no matter what the nice smiling teacher may have said.
Nothing illegal about watching and recording where someone goes. I can watch my neighbors house and make extensive notes about all that goes on. And yes, I can follow you around and document what you do. You may be able to convince a court of a restraining order if I push things to far, but surveillance is not illegal.
It is not illegal in person or on line.
...until they are made illegal.
So why didn't Obama fix anything?
Do you think it might have something to do with how the DNC and Silicon Valley are such good friends? No, surely that isn't it!
The submitter seems to have some misunderstanding about how law works. "Very likely illegal"? What law would be violated? The submitter doesn't seem to quite understand that laws are written down, and given numbers for easy reference. For example, web sites must comply with US Code 2257. Unless the submitter can point to USC [number], they have a *feeling*, not a law.
I used to work as a private investigator and I did follow people. I had to be very diligent about documenting what I saw, because a PI is not supposed to tell the client or court what they *think*, only exactly what they *saw*. As a PI, I couldn't say "he's boning his secretary". I had to say "at 6:35 PM the subject entered hotel room #123 with a blonde woman of medium height. Both parties left the hotel room at 7:40". I can't speculate about what they did in the hotel room (could be discussing his campaign for governor of Arkansas), so I have to be specific about what I saw to allow others to decide how to interpret the facts.
You are going to their house and doing what you do, and they're just making note of what you did in their living room.
So... when they send their response to me and they include a 3rd party ad that is malicious and it is executed on my computer are they held liable for serving up a 3rd party ad? If they can do whatever they want while I am connected to their server then they need to be held liable for what they push to my computer.
its called marketing.
Article 27 of the GDPR includes a requirement to hire a representative within the customer's country or confederation thereof. Currently, article 27 representative service from VeraSafe starts at $2,700 per year even for the smallest businesses, including those with less than $1 million of annual revenue. If counterparts to GDPR adopted by other countries include a counterpart to article 27, then any small business that sells goods or services internationally may end up spending so much on representative services for each country with which the business trades that these businesses are likely to make a business decision to offer services only in one country or only in a small set of countries.
Other than limiting to which countries goods and services are offered, what solution would you recommend for recovering the cost of representative service pursuant to article 27 of the GDPR or counterparts thereto?
I believe that just about every legitimate website or social media platform has a privacy notice and usually requires explicit acceptance of its Terms of Service Agreement. No one reads them but they provide the legal justification for those sites to collect the information. We consent to that collection.
"Would I be breaking the law if John D. has not given me explicit permission to do this?"
No, you would not be breaking the law.
Repeat after me: "There is no expectation of privacy in public, PERIOD."
Anything that can been observed from a public vantage point can be recorded, noted, drawn, sketched, photographed, etc etc etc.
Just cruising through this digital world at 33 1/3 rpm...
When John D visits your website, assuming you did the right thing and have a pop-up with an "Agree" button, which is required by law for the GDPR anyway, you dictate your terms. As soon as he clicks "agree", he is bound to a contract, just as if he signed a piece of paper in front of a notary.
Because he signed the rights to his data away, you as the website operator are free to do what you want with it. This is first semester law school, and EULAs have been rigorously held up in courts time after time.
If you don't like this, don't use the website.
well i guess websites can track you as much as they want. it's build in tech. webserver access logs spring to mind.
you in return are allowed as much wit to stay anonymous.
denying service (*) because you don't want to reveal your(meat)self, however, is illegal.
denying service because you use ad-blockers/trackers for example.
(*) obviously for some services your identity is required by law; so no anonymous bank accounts or online voting.
however a meat space location (a real bank) is required if the service is denied if identity is not provided.
so a purely online service cannot require identification for the service to function, else the service is illegal.
?
See subject & beware addons operating in slow usermode vs. hosts in faster more cpu serviced 1st kernelmode doing more for less on more levels!
GOOGLE annihilated 'em - UBlock's near useless @ a 30k item limit to block (& there's TONS more) https://www.bleepingcomputer.c...
PLUS - Addons = easily detected & blocked by webmasters!
Ghostery is EVIDON (advertiser) owned. Fox guards your henhouse.
DNS = compromised (redirect poisoned) US DHS issues DNS redirect is HUGE danger (not w/ hosts vs.) https://threatpost.com/gov-war... & ICANN ISSUES SAME WARNING https://tech.slashdot.org/stor...
P.S.=> For the best hosts file multiplatform:
APK Hosts File Engine 2.0++ 64-bit for Linux h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r L i n u x . z i p (remove spaces between chars)
APK Hosts File Engine 10++ SR-1 32/64-bit for Windows https://hosts-file.net/?s=Down... (DL link @ bottom)
Soon 4 MacOS... apk
That question has a false premise. In virtually all countries it's legal to occupy public spaces and record all that you see, even if that amounts to trailing a particular person.
2) Any store you patronize must know that you were there. That is inherent in making any transaction. Since the store is their private property, just about everywhere allows them to set up security cameras for loss prevention. Thus, it is straight forward to combine your face with the time you entered, how long you shopped before heading to the cash, what items you purchased, what payment method was used, paper or plastic etc. And once collected, they own that data, so they can in most areas, sell that to whomever they like. You implicitly agree to this when you choose to shop at that location.
3) Same thing applies to your credit card. Visa/Mastercard/American Express/Discover know, usually to the second, when and where you make credit card purchases. For some things, it is obvious what you bought based solely on where you bought it. But for the majority of charges, the data collectors have to infer from other data. (e.g. Visa doesn't know what appears on your grocery list, but can make some shrewd guesses at the liquor store, dealership parts counter, local pizza joint et al) You agreed to this when you signed the card holder agreement#
4) Air Miles and store loyalty cards are among the worst offenders for data collection, analysis and distribution. For any of the ones I know of, it is their core business. Again, you agreed to this when signing the card holder agreement#.
5) Most of this isn't new, this sort of thing has been going on literally for decades. What IS new is that the collected data is being shared more widely than before. It used to be a store wouldn't share its data for fear of giving competitors an edge. But now, everyone is doing it and, most importantly, making enough profit by doing so to make it a good idea from their perspective. Also new is the ever increasing sophistication of the analysis being done.
#Foot note: As far as I know, every card of every kind includes text in its contracts to the effect that merely using the card is legally equivalent to signing the contract.
I need a wheelchair van for my son. Help me get the word out. https://www.gofundme.com/wheelchair-van-for-jj
because Americans are cheap and would sell their granny for a cent.
> follow around for days without permission
That's were a "reasonable person" disconnects. They don't realize that by going to a "website" you have given the website permission for all sorts of thing. An analogy would be you walk onto private property, at the border (there is no fence) is a small box that says (only discernible when you bend over to read the tiny type) "open and read the rules of access". Inside is a dozen pages of dense legalize written assuming the broadest and most favorable terms and no mention of a user rights or protections unless required by law.
You wander around this property, looking at all the "free" stuff owner has set up to attract visitors. It's owners property, you are a guest, who defacto by stepping across the border agreed to all sorts of things such as being followed by security personnel / drones. being videographed and tracked everywhere, for your visit to be logged and collated with your visits to other properties of other owners. etc etc.
I, too, am feeling like my government doesn't offer me enough protection from those who would abuse my appearances and participation in public dialog. My view: Nothing about me may be used except that which I personally deliver. Stop tracking information that is not in my public posts!
If I want to know about your product or service, I'll use the Internet to find you, and compare you with others. That's the premise of CAPITALISM. For robocallers to capture my personal phone number, and share it around like I'm some "lady of the evening" searching for more income, is unconscionable.
The Internet has been a boon to me because when I want something, I can find it and compare prices and features to my heart's content. For each of those sites I visit to capture whatever "lint" I may leave behind, and treat it as if it is THEIR property is an abuse of trust.
I recently bought a new phone system for my home, so I can have some peace and quiet. It has a "Block Caller" button, which keeps track of phone numbers for which even ringing my phone is not allowed. So, I've finally reduced my number of unsolicited calls...while my government plays the fiddle while Rome burns! The FCC is owned by the corporations, so they don't want us to have any peace from their unsolicited marketing, and the "Do Not Call" list is a joke; robocallers aren't obligated to USE it.
We need to reverse the structure of this system: If I WANT a particular vendor to call me with new product information, I should have to file a request at their website. They shouldn't call me just because I once bought something from them, nor should they sell their compiled lists of customer phone numbers onward to other robocallers.
I keep writing to my congresscritters, hoping they'll give a damn and stop these egregious practices. But, I'm a lone voice in the wilderness. When Congress members start hearing from 30%, or 50% of the voters, they'll start to take notice, and clean up this excessively crude way of trying to solicit customers: "Do Not Call List," indeed. Nobody EVER uses it that I can see!
Well, here's hoping you're right.
So... when they send their response to me and they include a 3rd party ad that is malicious and it is executed on my computer are they held liable for serving up a 3rd party ad?
Did you have to run the ad? No, you did not. Did you run it? Yes, you did.
Why did you do that? I have never done that. The very concept of "ads executing scripts" is so repulsive to me that I have never allowed any of my devices to do such a thing. That is making the internet into a dumpster fire.
So why do you do it?
You are responsible for what your own computing device does. If the internet is becoming a dumpster fire, it's because of people who blindly use computing systems without a single thought to what they are doing or what it means for the shared commons.
How would a company do if they set up face recognition in their store, had AI analyze everything you looked at and bought as you walked around, and shared all that info back into facebook or google or amazon's database on you?
Well, there was a little disclaimer in the lower right of their sliding door, I suppose.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
My personal profile (my name, things I like, links I've clicked, etcetera) is copyrighted to me and I do not consent for anyone to copy or create a duplicate record of my personal profile for sharing with anyone, for any reason.
Because I am an original snowflake.
In 50 to 100 years after I die when the copyright expires, Facebook can use my data legally whether I like it or not.
Until then, they're breaking the law, and I can sue.
... the user grants the permissions needed there: you don't read that?!
first of all there is no expectation of privacy for activities in public.
secondly online/phones/browsers/service providers make you pass through an eula front door that nearly everyone agrees to.
great you care about privacy but your example is flawed and your expectations are too high given what most mobile phone google users have established in precedent as acceptable.
better luck next time.
You know that link on the home page of every site that says "Terms of Service"? Or that long document you clicked "I agree" to when you started using a Web site? You may not have read those documents (and that is what they want), but in those documents, YOU give the Web site explicit permission to track you, and for them to sell your tracking data to whomever they want.
Sure, you just skipped over that. They didn't. They knew you would agree to whatever terms they put in front of you, because you want to use their site for free.
There are a few alternative sites that promise not to share your data, and in exchange, you agree to pay a subscription. How popular are those sites? Nobody goes there, that's why you haven't heard of them.
People, including you, are all too willing to give up your right to control your data, in exchange for free stuff.
And you consented to allow that code to run on your system by asking for it from their server.
You can argue this crap unto death. Politicians are going where the money is, at least for as long as they can.
The remedy is to use a VPN or SSH privacy service as I have for years. Use a privacy DNS (1.0.0.1). Do not use chat services unless they are private and use person to person encryption. Use a burner phone and change it out periodically. Otherwise, lie down and die, those are your only other choices.
It's funny how every privacy-related article on slashdot hides the comments that are made by anonymous posters. The people whose comments actually show have either given up trying to have any online privacy, or are still naive enough to think slashdot hasn't joined the bandwagon over a decade ago.
- Anonymous poster on slashdot (and the entire internet) since 1999.