As for what I mean by "Less Lucrative", you know exactly what I mean, so dont play coy.
There is significant value in sample size, because sample size increases confidence of a statistical sample being demonstrative of a demographic that is being targeted. Advertisers are VERY aware of that. They *DO* in fact, "Care" about the sample size, and thus DO care that there is a difference between "mandatory collection" and "voluntary collection."
The former is more predictive than the latter, and thus of greater value to them for their purposes of tailoring advertisements to prey on the insecurities and foibles of their target audiences. It is thus "More profitable."
Lol "Before I answer this question, answer my question" is much weirder when you specifically weren't asked a question public forum or not. Like what is this, the primaries?
The question that was asked openly, is this:
"Explain to me why insurance companies knowing less about those who they insure is a good thing? "
Without more context to answer that question, specifically about the questioners values, (and thus what they would consider "good things"), it is not possible to answer the question. Do you expect me to be clairvoyant AC?
Namely, IPv4 is exhausted, and nearly everyone lives behind NAT, which prevents immediate 2-way communication. (needs to have a stateful connection created from inside a network) The only people that can realistically afford a direct, uninhibited connection on the IP4-bone are corporations. Hence, motherships for things that in the past, really did not need them.
Adoption of IPv6 will negate this issue entirely, when combined with sane IP stack software, and quality service providing daemons that listen on ports.
The end user would be EMPOWERED by this, because they can SPECIFY what the identity of the server is. (and control that server.)
as for 2, again-- that is what OPT IN is for. You do not, or at least, should not DEMAND that data from end users. Doing so is arguably the same as demanding to see a woman's panties ever time she puts them on, to assure quality of the elastic in the waist band. It's just absurd.
What you really mean, is that those services would be significantly less accessible for vertical integration, and thus far less lucrative, without the NO CHOICE collection.
But you already knew that before you wrote anything. Didn't you?:P
It means that the chromebooks should not talk to Google, and should be managed completely offline by the management suite installed by the school's IT coordinator, on the IT Coordinator's designated hardware.
While technically true that such a dedicated machine is in fact a mothership, it is not an internet facing mothership with serious privacy risks associated with that. It is something that parents have some measure of direct control over, and has significantly more oversight. The data the machine contains is significantly reduced from what is on an internet facing mothership, and so a data breach is significantly less destructive as well.
Yes, I know this is against Google's VISION!(tm) of how the office should be conducted. That is kinda the fucking point.
Before I answer this question, I will ask you a rhetorical one of my own:
Which is more valuable to society-- Shareholder value, or social stability and cohesion?
From a "Shareholder value trumps all things!" viewpoint, there is NOTHING that should stand between an insurer, and having the absolute most accurate and up to the millisecond data about those they insure, allowing them to rescind a policy the very nanosecond that the insured violates the terms of their insurance agreement, (but continues to pay in up until that very nanosecond).
From a "Social stability and cohesion is more important that some rich fuck's pocket book" perspective, the ability of an insurer to make such decisions, with such perfect knowledge, is NOT in the public interest, because it means many many people who believed in true earnestness that they have purchased assurance of coverage for healthcare/damage/loss, will in fact-- NOT have that assurance, and will thus NOT be prepared, and this will cause a significant burden to the society.
So, which position do you personally feel is more important? It will greatly affect how I should answer your question.
If the company does not have a truly legitimate* (as in, the operation of the device cannot be accomplish reasonably in any other fashion) reason to collect the data, they should not collect it.
Again, say a fitness tracker. This thing just needs lots of inexpensive, slow ram inside it. It just needs to log accelerometer and GPS data over time. It can store this internally in whatever encoded form it wants. It has no real need to be in constant contact with the internet. (Dont try to tell me that a complex bit of SoC like an antenna is inexpensive, compared with very slow, mass produced RAM chips.) It can communicate over a wired USB port (which is likely to be there for charging anyway), and deliver its data to an offline only application. At no point in the device's operation is it unavoidably necessary to communicate with the internet. As such, I feel such devices SHOULD NOT communicate with the internet.
By that line of reasoning, nearly everything that is IoT, should not actually BE "IoT". I am perfectly fine with that pronouncement.
Fake location data (for testing purposes! Or COURSE!) is incorporated into pretty much every android phone as a developer option. (sadly, you have to push the magic button a bunch of times to turn it on...)
That does not help with IoT devices though.
Thankfully, most IoT devices are in actuality-- just VERY poorly secured Linux boxes, and often times you can get root console access. A little poking, and you can make those things do Whatever the Fuck You Want. Want them to routinely tell the mothership that it should go fuck itself? Sure-- set up a recurring cron job that does exactly that. Black-hole the device right at its interface with a local hosts entry/DNSMasq/Bind9 config? Sure. You can do that too.
The fundamental problem is that you cannot get a defective end user (A user that cannot be made to understand the gravity or consequences of operating a shitty IoT gadget) to stop being a defective end user.
The message format for GPS pings is public knowledge. As is the frequency band.
The issue is that (IIRC?) it is illegal to broadcast on that frequency range.
Make it legal to do that, with some sensible power transmission rate (like, say.01W max) so that any such broadcast is restricted to just a few meters, and incorporate it into some little coin cell powered tags-- and booya, bob's your uncle.
Agreed, which is why the consumer is the one on the line, as the one and only line of defense.
If the device communicates with a mothership, you should not use, nor buy it.
I would go on a limb, and say 90% (or more) of the use cases for IoT devices, DO NOT actually require a mothership; The user's home computer, with a local app, with local map data, would be MORE than sufficient to handle whatever "connected" services the satellite device offers. (Fitness trackers, etc.)
The reason the use a mothership for the communication is because a big corporation finds that data use^^ I mean PROFITABLE.
Remember when people were horrified at the idea of giving corporations personal information? I do. I want those days back.
I do not know of any direct physical toys either, but there are plenty of phone apps geared quite clearly at children, that do extensive tracking and advertising.
As a blanket that also includes this latter category, I would whole heartedly assert that "Yes, parents should snub such things." with an additional "People in GENERAL should snub such things."
So, that fitness tracker? Yeah... You shouldn't use that. There is no justifiable reason for it to report your use data to some mothership. The exact same functionality (to the end user) could be accomplished by the device logging GPS pings, then that data being given to and parsed by an offline application, which then reconstructs the jogging path. The potential perk of "I dont have to worry about data backup!" of this "clearly critical"/s data is not suitably wondrous as to make it trump the major bad of advertisers knowing where you jog, how often, and what stores you pass every day.
Similar story with nearly all such "Oh yes, our tracking is 'essential' to the function of the device!" bullshit devices. As such, people should shun the ones that report to a mothership.
Of course, that will never happen, because in the real world convenience is king. (doubly so to idiots that refuse to learn better.)
a person who expresses a contentious opinion in order to provoke debate or test the strength of the opposing arguments.
"the interviewer will need to play devil's advocate to put the other side's case forward"
historical
the popular title of the person appointed by the Roman Catholic Church to challenge a proposed beatification or canonization, or the verification of a miracle.
Or, in other words--- I am NOT in agreement that Verizon would be in the "Right" to do such a thing (or, in the wrong!), only that they COULD, and that I am curious--- This thread is explicitly to create debate, to better find truth.
If anything, the cost of the bandwidth used by Archive could be ascribed by Verizon as a real cost of their unauthorized access, and was why they were explicitly forbidden said access, while other public accesses were not inhibited.
For real people, I would rather that Verizon go fuck off and die in a corner. That's my official personal position on the matter, for the record.
However, given the way things are, and how much more clout Verizon has legally than Archive, (and how much more money, and lobby presence) I am not confident in an Archive victory.
Again, the title is "Devil's Advocate / Semi-serious question". A devil's advocate is a person who attempts to interpret a position held by another person, that they do not themselves agree with. If I did not lamplight this well enough, I do apologize. Given the gravity of such a ruling (should Verizon decide to pursue this line of legal remedy against Archive), I am very much interested in an answer to it.
Which is why I asked.
The CFAA is one of the terror dildos that certain powerful orgs like to whip out to penalize people for inadvertent access escalations. (Like that poor schmuck that learned he could access other people's online banking features with a mistyped URL, and got subsequently beaten with it.) Given that Archive has admitted to blatant and intentional circumvention, it makes me a little sweaty palmed.
If it were any other organization I would agree with you.
This *IS* Verizon though. They continue to PERSIST with policies that have earned them a slot on the "Most hated company" list for early a decade solid.
What would normally be considered reasonable to assume, does not seem so in this particular instance. More than likely, Verizon was so concerned about the data throughput of a complete archival dumping process, that they explicitly tried to block Archive. They *COULD* save face by saying that if Archive had requested an offline copy be made, they would have obliged, but that Archive did not make such a request, and that Verizon is under no obligation to provide access to the information over the public internet, now that NN has been repealed.
If anything, such a position would correspond to much of their lobbying over the past few years.
Possibly. There is no directly applicable precedent that I am aware of, and I am not a lawyer.
I would very much LOVE for Facebook to have its greedy data grubbing paws lopped off in court with the CFAA on grounds of illegal device access. It would make my morning.
I am not in favor of the corporatocracy, and its abuse of financial power to erode public rights.
I am merely curious which side of this conflict the COURT SYSTEM will side on. In the past, they have sided with the interpretation that an explicit IP range block == sufficient notice of trespassing, and thus is a violation of the CFAA. That is an established fact.
At no point did I assert a personal value, except to 110001101010 (or whatever his handle is), where I outright told him I agree with him and his position. What I personally feel, and what the legal system DOES, are defacto *NOT THE SAME THING.*
Now, kindly cease and desist with this bullshit, M'kay?
CraigsList is clearly publicly available data; However, the operators of Craigslist explicitly blocked 3Taps from scraping their data. (much like Verizon explicitly blocked Archive.org). 3Taps circumvented that lockout. The court handed them their teeth.
Indeed. It is more like a bouncer at a publicly accessible night club.
"Hey, If this one fat chick stops by, tell her she can't come in. Here's her picture. In the past, she has done things we don't like on premises."
That one fat chick stops by, and the bouncer says "No, you can't come in."
The fat chick is undaunted, and puts on some outrageous lady-gaga disguise, (or cross-dresses, if you prefer), then proceeds to do the very things she was barred entry for. Proudly proclaims how she easily circumvented the bouncer, and did the thing.
Technically, the exemption to the DMCA that legitimate archival teams have allows them to violate copyright for the purposes of preservation. Copyright is the authority to impose a terms of use; For the use that Archive.org has, (archival), they are granted an explicit blanket exception--- so, they can basically ignore a terms of use document as long as their reason for doing so lies within their established operations.
However, there do appear to be several grey and unexplored areas, legally speaking, with this action. See below, my semi-serious question.
Slashdot Mirror
As for what I mean by "Less Lucrative", you know exactly what I mean, so dont play coy.
There is significant value in sample size, because sample size increases confidence of a statistical sample being demonstrative of a demographic that is being targeted. Advertisers are VERY aware of that. They *DO* in fact, "Care" about the sample size, and thus DO care that there is a difference between "mandatory collection" and "voluntary collection."
The former is more predictive than the latter, and thus of greater value to them for their purposes of tailoring advertisements to prey on the insecurities and foibles of their target audiences. It is thus "More profitable."
The question that was asked openly, is this:
"Explain to me why insurance companies knowing less about those who they insure is a good thing? "
Without more context to answer that question, specifically about the questioners values, (and thus what they would consider "good things"), it is not possible to answer the question. Do you expect me to be clairvoyant AC?
There are significant reasons for item 1.
Namely, IPv4 is exhausted, and nearly everyone lives behind NAT, which prevents immediate 2-way communication. (needs to have a stateful connection created from inside a network) The only people that can realistically afford a direct, uninhibited connection on the IP4-bone are corporations. Hence, motherships for things that in the past, really did not need them.
Adoption of IPv6 will negate this issue entirely, when combined with sane IP stack software, and quality service providing daemons that listen on ports.
The end user would be EMPOWERED by this, because they can SPECIFY what the identity of the server is. (and control that server.)
as for 2, again-- that is what OPT IN is for. You do not, or at least, should not DEMAND that data from end users. Doing so is arguably the same as demanding to see a woman's panties ever time she puts them on, to assure quality of the elastic in the waist band. It's just absurd.
That's what customer surveys, with OPT-IN is for.
What you really mean, is that those services would be significantly less accessible for vertical integration, and thus far less lucrative, without the NO CHOICE collection.
But you already knew that before you wrote anything. Didn't you? :P
It means that the chromebooks should not talk to Google, and should be managed completely offline by the management suite installed by the school's IT coordinator, on the IT Coordinator's designated hardware.
While technically true that such a dedicated machine is in fact a mothership, it is not an internet facing mothership with serious privacy risks associated with that. It is something that parents have some measure of direct control over, and has significantly more oversight. The data the machine contains is significantly reduced from what is on an internet facing mothership, and so a data breach is significantly less destructive as well.
Yes, I know this is against Google's VISION!(tm) of how the office should be conducted. That is kinda the fucking point.
Before I answer this question, I will ask you a rhetorical one of my own:
Which is more valuable to society-- Shareholder value, or social stability and cohesion?
From a "Shareholder value trumps all things!" viewpoint, there is NOTHING that should stand between an insurer, and having the absolute most accurate and up to the millisecond data about those they insure, allowing them to rescind a policy the very nanosecond that the insured violates the terms of their insurance agreement, (but continues to pay in up until that very nanosecond).
From a "Social stability and cohesion is more important that some rich fuck's pocket book" perspective, the ability of an insurer to make such decisions, with such perfect knowledge, is NOT in the public interest, because it means many many people who believed in true earnestness that they have purchased assurance of coverage for healthcare/damage/loss, will in fact-- NOT have that assurance, and will thus NOT be prepared, and this will cause a significant burden to the society.
So, which position do you personally feel is more important? It will greatly affect how I should answer your question.
We nerds have spent the better part of 20 years TRYING to do exactly that.
The problem, is that what is interesting (and thus obvious) to *US*, is NOT interesting (nor obvious) to THEM.
There is no way to MAKE them interested. Thus, there is NO WAY to "Fix" them.
There are sufficient numbers of them, that like PT Barnum put it, "One is born every minute", and the same business calculus can apply.
I take the pessimist view;
If the company does not have a truly legitimate* (as in, the operation of the device cannot be accomplish reasonably in any other fashion) reason to collect the data, they should not collect it.
Again, say a fitness tracker. This thing just needs lots of inexpensive, slow ram inside it. It just needs to log accelerometer and GPS data over time. It can store this internally in whatever encoded form it wants. It has no real need to be in constant contact with the internet. (Dont try to tell me that a complex bit of SoC like an antenna is inexpensive, compared with very slow, mass produced RAM chips.) It can communicate over a wired USB port (which is likely to be there for charging anyway), and deliver its data to an offline only application. At no point in the device's operation is it unavoidably necessary to communicate with the internet. As such, I feel such devices SHOULD NOT communicate with the internet.
By that line of reasoning, nearly everything that is IoT, should not actually BE "IoT". I am perfectly fine with that pronouncement.
Fake location data (for testing purposes! Or COURSE!) is incorporated into pretty much every android phone as a developer option. (sadly, you have to push the magic button a bunch of times to turn it on...)
That does not help with IoT devices though.
Thankfully, most IoT devices are in actuality-- just VERY poorly secured Linux boxes, and often times you can get root console access. A little poking, and you can make those things do Whatever the Fuck You Want. Want them to routinely tell the mothership that it should go fuck itself? Sure-- set up a recurring cron job that does exactly that. Black-hole the device right at its interface with a local hosts entry/DNSMasq/Bind9 config? Sure. You can do that too.
The fundamental problem is that you cannot get a defective end user (A user that cannot be made to understand the gravity or consequences of operating a shitty IoT gadget) to stop being a defective end user.
The message format for GPS pings is public knowledge. As is the frequency band.
The issue is that (IIRC?) it is illegal to broadcast on that frequency range.
Make it legal to do that, with some sensible power transmission rate (like, say .01W max) so that any such broadcast is restricted to just a few meters, and incorporate it into some little coin cell powered tags-- and booya, bob's your uncle.
Agreed, which is why the consumer is the one on the line, as the one and only line of defense.
If the device communicates with a mothership, you should not use, nor buy it.
I would go on a limb, and say 90% (or more) of the use cases for IoT devices, DO NOT actually require a mothership; The user's home computer, with a local app, with local map data, would be MORE than sufficient to handle whatever "connected" services the satellite device offers. (Fitness trackers, etc.)
The reason the use a mothership for the communication is because a big corporation finds that data use^^ I mean PROFITABLE.
Remember when people were horrified at the idea of giving corporations personal information? I do. I want those days back.
I do not know of any direct physical toys either, but there are plenty of phone apps geared quite clearly at children, that do extensive tracking and advertising.
As a blanket that also includes this latter category, I would whole heartedly assert that "Yes, parents should snub such things." with an additional "People in GENERAL should snub such things."
So, that fitness tracker? Yeah... You shouldn't use that. There is no justifiable reason for it to report your use data to some mothership. The exact same functionality (to the end user) could be accomplished by the device logging GPS pings, then that data being given to and parsed by an offline application, which then reconstructs the jogging path. The potential perk of "I dont have to worry about data backup!" of this "clearly critical" /s data is not suitably wondrous as to make it trump the major bad of advertisers knowing where you jog, how often, and what stores you pass every day.
Similar story with nearly all such "Oh yes, our tracking is 'essential' to the function of the device!" bullshit devices. As such, people should shun the ones that report to a mothership.
Of course, that will never happen, because in the real world convenience is king. (doubly so to idiots that refuse to learn better.)
Why does everyone think I am Verizon's bitch on this?
Do I need to point out what a Devil's Advocate is, in the opening statement, from now on?
devÂil's adÂvoÂcate /ËËOEdevÉ(TM)lz ËadvÉ(TM)kÉ(TM)t/
noun
unpunctuated: devils advocate; noun: devil's advocate; plural noun: devil's advocates
a person who expresses a contentious opinion in order to provoke debate or test the strength of the opposing arguments.
"the interviewer will need to play devil's advocate to put the other side's case forward"
historical
the popular title of the person appointed by the Roman Catholic Church to challenge a proposed beatification or canonization, or the verification of a miracle.
Or, in other words--- I am NOT in agreement that Verizon would be in the "Right" to do such a thing (or, in the wrong!), only that they COULD, and that I am curious--- This thread is explicitly to create debate, to better find truth.
If anything, the cost of the bandwidth used by Archive could be ascribed by Verizon as a real cost of their unauthorized access, and was why they were explicitly forbidden said access, while other public accesses were not inhibited.
For real people, I would rather that Verizon go fuck off and die in a corner. That's my official personal position on the matter, for the record.
Again, I would rather that Archive come out rosy.
However, given the way things are, and how much more clout Verizon has legally than Archive, (and how much more money, and lobby presence) I am not confident in an Archive victory.
Again, the title is "Devil's Advocate / Semi-serious question". A devil's advocate is a person who attempts to interpret a position held by another person, that they do not themselves agree with. If I did not lamplight this well enough, I do apologize. Given the gravity of such a ruling (should Verizon decide to pursue this line of legal remedy against Archive), I am very much interested in an answer to it.
Which is why I asked.
The CFAA is one of the terror dildos that certain powerful orgs like to whip out to penalize people for inadvertent access escalations. (Like that poor schmuck that learned he could access other people's online banking features with a mistyped URL, and got subsequently beaten with it.) Given that Archive has admitted to blatant and intentional circumvention, it makes me a little sweaty palmed.
If it were any other organization I would agree with you.
This *IS* Verizon though. They continue to PERSIST with policies that have earned them a slot on the "Most hated company" list for early a decade solid.
https://www.usatoday.com/story...
What would normally be considered reasonable to assume, does not seem so in this particular instance. More than likely, Verizon was so concerned about the data throughput of a complete archival dumping process, that they explicitly tried to block Archive. They *COULD* save face by saying that if Archive had requested an offline copy be made, they would have obliged, but that Archive did not make such a request, and that Verizon is under no obligation to provide access to the information over the public internet, now that NN has been repealed.
If anything, such a position would correspond to much of their lobbying over the past few years.
Possibly. There is no directly applicable precedent that I am aware of, and I am not a lawyer.
I would very much LOVE for Facebook to have its greedy data grubbing paws lopped off in court with the CFAA on grounds of illegal device access. It would make my morning.
You misunderstand my position sir.
I am not in favor of the corporatocracy, and its abuse of financial power to erode public rights.
I am merely curious which side of this conflict the COURT SYSTEM will side on. In the past, they have sided with the interpretation that an explicit IP range block == sufficient notice of trespassing, and thus is a violation of the CFAA. That is an established fact.
At no point did I assert a personal value, except to 110001101010 (or whatever his handle is), where I outright told him I agree with him and his position. What I personally feel, and what the legal system DOES, are defacto *NOT THE SAME THING.*
Now, kindly cease and desist with this bullshit, M'kay?
For what it is worth, I agree with you.
However, what you or I assert, is not what holds authority.
The issue is not with the content.
The issue is with circumventing an access control technology to a network that contains it.
See also, this case.
https://en.wikipedia.org/wiki/....
CraigsList is clearly publicly available data; However, the operators of Craigslist explicitly blocked 3Taps from scraping their data. (much like Verizon explicitly blocked Archive.org). 3Taps circumvented that lockout. The court handed them their teeth.
There is precedent against Archive.org, in the form of CraigsList vs 3Taps.
https://en.wikipedia.org/wiki/....
Craigslist is clearly a public site, however, they explicitly blocked 3Taps by IP range. 3Taps circumvented the block.
The court ruled against them, and in favor of CraigsList.
Archive.org is granted explicit exemption to copyright for its activities, BY the DMCA.
It is not a copyright issue.
This is a computer systems access issue. That is the CFAA, not the DMCA.
https://en.wikipedia.org/wiki/...
See also, Craigslist vs 3Taps.
https://en.wikipedia.org/wiki/....
From Webster:
append verb
apÂâpend | \É(TM)-Ëpend
\
appended; appending; appends
Definition of append
transitive verb
1 : attach, affix appended a diagram to the instructions
2 : to add as a supplement or appendix (as in a book) notes appended to each chapter
In context--- The practices of censorship, curation, or social taboo attach additional biases to content that is otherwise free of those biases.
Simply because your English parsing function got offended, does not mean you should turn off your brain sir.
Indeed. It is more like a bouncer at a publicly accessible night club.
"Hey, If this one fat chick stops by, tell her she can't come in. Here's her picture. In the past, she has done things we don't like on premises."
That one fat chick stops by, and the bouncer says "No, you can't come in."
The fat chick is undaunted, and puts on some outrageous lady-gaga disguise, (or cross-dresses, if you prefer), then proceeds to do the very things she was barred entry for. Proudly proclaims how she easily circumvented the bouncer, and did the thing.
A more appropriate analogy would be:
A bouncer at a night club that is open to the public, has been given explicit instructions not to let a certain person into the club.
That certain person gets turned away at the door.
Rather than accept that they were denied entry to the club, they put on a ridiculous fake nose and mustache disguise, and go in anyway.
Technically, the exemption to the DMCA that legitimate archival teams have allows them to violate copyright for the purposes of preservation. Copyright is the authority to impose a terms of use; For the use that Archive.org has, (archival), they are granted an explicit blanket exception--- so, they can basically ignore a terms of use document as long as their reason for doing so lies within their established operations.
However, there do appear to be several grey and unexplored areas, legally speaking, with this action. See below, my semi-serious question.