California outlaws wording, webpage buttons designed to hoodwink people into handing over their personal data California’s Attorney General has updated the state's data privacy regulations to outlaw shady semantics designed to confuse folks into handing over their data. In an update to August's California Consumer Privacy Act (CCPA), the rules have now changed again. The modifications deal with so-called dark patterns, where tech …
NOTE: I believe tracking should be opt-in only, above board, and you should be able to view it and manage it yourself on the tracker's web site, but I doubt any legislation will really help, so I use my own mitigations anyway. it doesn't mean I won't support such legislation, I just don't have any hope in it. That being said...
For anything other than simple web surfing (including El Reg) I have a special non-priv logon that I use, and the browsers that I run get their caches adn history dumped, every time.
Firefox is simple, just tell it to delete history on exit.
Chrome is not so simple, but works better with CAPTCHA [firefox fails a lot for some reason, probably by design] but you can run a script to wipe out everything in the following directories to clear chrome's cache:
rm -rf ~/.cache/chromium/Default/*
rm -rf ~/.config/chromium/BrowserMetrics*/*
etc. - there are others, too - my script is pretty long, and rather thorough
But as a hint, there are many files in ~/.config/chromium/Default/ that are created by chrome and if you wipe them out, they just re-appear. Some of them have persistent "things" in them. YMMV.
In any case, getting a handle on how to purge your cache and history (while keeping any important settings 'intact') might make a topic of its own someplace. in the mean time you can experiment a bit.
What's good about using Linux or FreeBSD: if you set your X server up to allow connections to localhost via the DISPLAY environment variable, you can use a shell to log in to a very unprivileged user account, then run firefox or chromium on the current desktop by setting DISPLAY via 'export' (or similar), and be in a COMPLETELY different user context. It works for video playback, too. then when you are done, wipe away ALL history. Hard to track you with NO history, NO cookies, NO persistent data, yotta yoltta. Other settings like 'private browsing' and whatnot can't hurt, either. And of course THIS would be for any site where script is unavoidable, like the DMV or certain electronics parts retailers that I can't avoid using.
worth pointing out, windows 7 had 'run as' which could be used in a similar way, so that you have a apecial user context JUST for web surfing that really doesn't do anything else... and you can auto-delete history and cache and so on with no consequence to YOU.
But... if you EVER log into certain sites, that 'icon' on half the pages you visit is part of their tracking. Its very presence probably tracked you opening up that web page... unless you do NOT have login information stored in a cookie [which is where purging the persistent data comes into play]. So if you did use FB or twitter or reddit or google login, you'd do that from the "web surfing only" user account, or maybe even a special "FB only" user account, and "flush" when you're done, so they don't know it's you.
and for everything else, on your 'normal surfing' user account, you NEVER log into google, FB, twitter, reddit, or ANY of those other "they will track you" web sites.
So it is broken from the outset. It should be opt in - ie user data only once the web site has got permission.
I suspect that we will see games played along the lines of "Last week you opted out for purposes x, y, z. This week we are doing a, b, c and you need to opt out of that separately."
To be frank, any site that has more than 3 clicks to opt-out of the data gathering/cookie storing options simply doesn't get looked at.
The old 'rule of thumb' for any website was 'no more than 3 clicks to fine the information the user wants', it seems that has fallen completely by the wayside now that users are the product.
Quote: "To be frank, any site that has more than 3 clicks to opt-out of the data gathering/cookie storing options simply doesn't get looked at."
Yup.
Also any site that when selecting opt-out, tells you to change your browser settings to manage the cookies.
Any site that disables content unless you opt back in (such as RockPaperShotgun).
Or sites that have a single opt-in button, but then an opt-out window where you have to scroll down a list and individually opt-out of every single service/3rd party one at a time!
A federal GDPR type would be good. Its going to get more difficult to do business in the US. Not because of CCPA - rather because we already have 3 states with slightly different regulations - California, Maine and Nevada - and around 12 more with legislation in state senates.
Add to that States like Mass which has data protection but no real privacy laws and things get more complicated still.
Further, most states create laws specific to a technology - so today its the browser - but not necessarially other methods of trawling data - for example, IOT or PAPER..
The one thing thats clear about the GDPR are the underlying principles - it doesnt go into much detail on the implementation on purpose - its system agnostic
A federal legislation. That ain't going to happen. 9 out of the 10 riches counties are in the Washington D.C. metro area. The United States has the best government money can buy. When was the last politician you saw who left offer poorer than when he arrived?
You don't bite the hand that feeds you, so these greedy, selfish politicians will only generate a powerful privacy law if, and only if, it threatens their re-election hopes. There will be no large-scale public outcry over privacy that would threaten their re-election fetish, so these greedy, selfish politicians will not do anything about that. Especially since Facebook and Google just generously "donated" a large amount of money. And no future politician will win on the platform "I kept your personal information away from Google!"
I run a business who's demographic is young mum's with toddlers/pre schoolers or mature (grandparents).
I rely on Facebook because that's where they are.
I can control what the Zuk gets to know about me personally but there are plenty of small, home based businesses in the same boat.
I don't like FB nor do I like doing business on my (rooted) phone but that's where my demographics live - they don't 'do the interwebtubes' because they use facebook instead - that's how they view 'tech'.
Just because we commantards here are all high and mighty and 'hates the faecesbook' or whatever other childish chant, doesn't mean I need to starve myself and family.
Sure, I have a website and all but I ignore my market on facebook at my peril.
Your mileage may vary.
And I have family in southeast Asia. Facebook basically is the Internet down there, to the point it's part of their feature phones. Think about that; limited capabilities and they still put Facebook in there out of sheer necessity. Facebook pretty much subsidizes Internet access there; a lot of promotions include Facebook time PINs and so on. Let's just say it's the only boat, and the water's full of sharks, so I ain't swimming.
"The business’s process for submitting a request to opt-out shall not require more
steps than that business’s process for a consumer to opt-in to the sale of personal
information after having previously opted out. The number of steps for
submitting a request to opt-out is measured from when the consumer clicks on the
“Do Not Sell My Personal Information” link to completion of the request. The
number of steps for submitting a request to opt-in to the sale of personal
information is measured from the first indication by the consumer to the business
of their interest to opt-in to completion of the request. "
It isn't actually possible to guarantee that, given how the internet works.
Click OK to opt out of our tracking ...
OK ... click.
... one page down in the privacy agreement : If you have opted out of tracking then we will not track you.
... five pages down in the privacy agreement : By visiting our web site you agree that we can sell your data to a third party.
Where they send you something through the mail with their privacy policy, and you have to send a letter to them requesting to be opted out? That's the #1 thing that should be made illegal (and though I don't live in California, hopefully companies give up on doing this in the rest of the US as a result)
I wonder if there will be any talks of moving to Nevada or Arizona with any of these types of firms currently based there. When a major taxpayer threatens to move out of jurisdiction, that tends to get their attention. That's how the oil barons get away with anything: "Would you like 10% of something or 100% of nothing?"
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
