Mozilla CSO demands fines to curb Big Tech surveillance Mozilla's Chief Security Officer Marshall Erwin urged federal regulators to crack down on internet giants and web browser makers that don't protect their users' privacy — and to make them pay penalties for bad behavior. "Privacy online is a mess, consumers are stuck in this vicious cycle in which their data is collected, often …
For each cookie that a web site adds, calculate a cost based on its persistence and longevity.
Let's imagine micropounds/microdollars/microdirhams:
1. Session cookie, expiry at most one week (these have some value to the end user): 0.0
1.1 Session cookie more than one week (easy workaround - require a new login): 0.05
2. Advertising cookie: 0.1
2.1 Advertising cookie per day (make them pay if the cookie persists longer than an advert in a daily newspaper): 0.1
3. Analytics cookie for one web site, expiry at most one week (this has legitimate use for a web site): 0.0
3.1 Analytics cookie cross site (this is tracking, not just analytics): 0.1
3.1.1 Analytics cookie cross site per day: 0.1
4. Device cookie uniquely identifying a device whether laptop, desktop, mobile (utter scum of the earth): 0.5
4.1 Device cookie per day (make them pay): 1.
We are not the product, we are the victims. If there is a cost to be born by the advertisers and trackers, they will do far less of it. The cost of buying billboard space is not cheap, cookies are. We give about 1 or 2 seconds of our attention to an advert in a newspaper, if it grabbed our attention in the first place, then we move on. So it should be with cookies.
... or maybe... make tracking techniques under the guise of "advertising" illegal altogether, how about that?
I'm sick and tired of the constant "... but we need the advertising revenue" whining. You're not making any advertising revenue. You're making tracking revenue. Why do ad companies get away with pretending that they need "targeted advertsing" and thus need to track your web surfing to the max?
Who on this planet would accept someone ringing your door bell and going, "Excuse me, sir, we need to make sure the junk mail we fill your mailbox with is relevant, so I just need to have a quick look at your book shelves and the products in your fridge. If you could just step aside for a second..."
And don't get me started about the whole "legitimate interest" BS in the GDPR. That sounds like the rules for using the company credit card for personal expenses in the Hitchhiker: It's forbidden – unless you declare that you really want to do it. In other words, doing something illegal is OK, as long as that is your business model.
Dawn raids are the best. You can't actually convict executives of anything meaningful, but getting hauled out of bed at 4am by armed cops in front of your mistress (or wife and children in unusual cases) spoils anyone's day, and even top executives would avoid it happening too often.
Whenever these companies get caught doing something they shouldn't it always seems to be the fault of "a rogue engineer" so I'm going to say no to custodial penalties because it would be the poor developer serving them not the middle manager who told them to add the tracking code, nor the suit who made it the company policy.
I have refused to write code, including ad tracking code, because it was against my ethics but not every developer has the ability to do so.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
