back to article Brits hate how big tech handles their data, but can't be bothered to do much about it

Fewer than one in five Brits report being happy with the way their personal data is handled by big tech companies, yet the furthest many will go is to reject optional cookies on the web. A little more than 60 percent of the 5,000 or so respondents to the UK government's Department for Science, Innovation, and Technology (DSIT …

  1. Primus Secundus Tertius

    Compulive cookie clearer

    I am a compulsive cookie clearer; I do it when moving from one website to another. I do not want each website to know what else I have been reading. The downside is that I then have to tell each website: no, stuff your cookies up your posterior. I wish the default was always no cookies.

    1. Piro

      Re: Compulive cookie clearer

      You need the handy plugin "I still don't care about cookies".

      1. Dan 55 Silver badge

        Re: Compulive cookie clearer

        That one automatically accepts cookie banners, so probably not a good thing?

        1. karlkarl Silver badge

          Re: Compulive cookie clearer

          If you clear the cookies (automatically) after each session, I don't see a problem.

          Besides, selecting "no" on many cookie banners is ignored anyway.

    2. Neil Barnes Silver badge

      Re: Compulive cookie clearer

      Cookies should automatically clear when you move from one domain to another, or close a tab. And cookies set in one tab should not be visible to another tab. This should be default operation, not an add-on requirement.

    3. sedregj Bronze badge
      Childcatcher

      Re: Compulive cookie clearer

      @PST - how on earth did you end up with first, second, third?

      Perhaps a PiHole might work for you. https://pi-hole.net/

    4. Blogitus Maximus

      Re: Compulive cookie clearer

      If you wish to compartmentalise your sites I'd recommend using https://addons.mozilla.org/en-GB/firefox/addon/multi-account-containers/

      If you're still using Chrome, stop.

      As for the article, this bit made me laugh "...tech-literate 18-29 demographic" You're joking right? Many/most of the people I know around this age bracket are very good at using applications but have about as much tech savvy as my elderly mother. i.e. bugger all.

      Now, if you're talking about the generation born in the 80s brought up on the birth of the internet and all the innovations over those years to get where we are today, then I'm with you.

  2. Dan 55 Silver badge

    Time to mention Consent-o-Matic again

    Automatically rejects many cookie banners for you. Click here and scroll to the end of the page.

    1. Mark #255

      Re: Time to mention Consent-o-Matic again

      I came here to mention this - there are versions for Chrome and Firefox (even works on Firefox mobile!)

    2. Korev Silver badge
      Pint

      Re: Time to mention Consent-o-Matic again

      I can't remember who it was on here who I picked up the recommendation from, but thank you

      As it's almost Friday -->

    3. Cornishman

      Re: Time to mention Consent-o-Matic again

      Have you seen their website privacy code - probably the same as all others but suggesting their site (yes I'm a sucker too) adds to the issues mentioned:

      Website

      When visiting the Consent-O-Matic website, your web browser automatically sends the following information to our web server:

      the time of the visit

      the IP address of the computer the request comes from

      the referrer website (if you are linked to this page from somewhere else)

      inferred geographical information about where the request is made from

      the browser used to visit the website

      the operating system of the computer used to visit the website (if possible)

      I think we're all doomed to fail...

      1. Dan 55 Silver badge

        Re: Time to mention Consent-o-Matic again

        Isn't this true for all websites?

        They're saying they log this info for 90 days then delete it and do not sell it on. It's an academic project so I'm inclined to believe them.

        1. OhForF' Silver badge

          Re: Time to mention Consent-o-Matic again

          While it is pretty much standard and not an issue for me i still wonder why they think it is useful to log stuff like inferred geographical information or the client operating system.

          I can understand logging the ip address to rate limit clients to mitigate (simplistic attempts of) denial of service attacks for a short period but what is the benefit of logging all the listed information for 90 days?

          1. Dan 55 Silver badge

            Re: Time to mention Consent-o-Matic again

            "We process this data based on legitimate interest to be able to evaluate system security, stability, and performance."

            Having 90 days of IP, user agent, and inferred location data to find any performance problems seems okay to me.

    4. hoola Silver badge

      Re: Time to mention Consent-o-Matic again

      What I am unclear on is whether many of these tools not only reject the site cookies but also the hundreds of (il)legitimate interest that are carefully hidden and enabled by default. One has to "withdraw consent " on these, not reject them.

      It also pisses me off that even with the minimum of cookies accepted most sites are incapable of remembering that you have rejected all the extraneous shite.

  3. Alan Spang

    On the desktop, I NEVER use Chrome or Edge, I do use multiple ad-blockers with Librewolf, and a pi-hole and raft of script rules.

    For my mobile device, I rarely use apps, and then only those that state ZERO data collected, I use ad-blockers and an adblock browser.

    I use single purpose email addresses for ALL logins and only browse the web on Mac or Linux.

    My windows machine has all the background web collectors blocked, local account only, I never shop on it or log into any accounts on it, I use the apps I need to then shut it down.

    I haven't covered every base, but I think it's a good minimum.

    1. Doctor Syntax Silver badge

      "On the desktop, I NEVER use Chrome or Edge"

      It's getting difficult to make a preferred browser choice these days. My preference list is SeaMonkey > Falkon > FireFox but too many sites - including my in-house NextCloud FFS!!! - force the last of these.

      1. Graham Cobb Silver badge

        I, similarly, use a very tightly locked down Firefox instance for my main browsing (as I type this, for example) - with every tab in its own container, javascript disabled by default, and uBlock Origin, Privacy Badger, various Fingerprint Defenders and a few other tools.

        However, in the last few months, I have found that more and more sites just won't run in that environment. Mostly they do nothing. In many cases, I end up using a disposable Brave instance - better than nothing, even though it is Chromium-based.

  4. tony72

    That said, there will always be those who take no action unless they know something directly affects them negatively, and for the most part personal data mishaps don't lead to catastrophic consequences.

    Hmm. I installed the "I don't care about cookies" browser extension way back, and my attitude since then manifestly reflects the name of that extension. Does that count as taking no action? I believe that extension auto-accepts whatever cookies are necessary to get past the cookie dialog, but to be honest, I'm not completely sure, or bothered, as long as I don't have to click any cookie dialogs. I never delete cookies (except when the BT Business Portal won't let me log in until I do so, anyway). Still waiting for the sky to fall.

  5. Doctor Syntax Silver badge

    "The most common reason for taking no action was down to simply not knowing how to take control of one's data online."

    And exactly how does one do that, other than rejecting intrusive services, as mentioned in the article?

    Maintaining multiple email IDs is one way. It takes work but is possible although email clients could make it easier by providing a preferred ID field in the contacts list.

    What's needed is an amendment to the DPA enabling the ICO to pro-actively audit companies, issue fines big enough to cause consternation at board level and, to support and incentivise the work, allow the ICO's office to retain a proportion of the fines.

    1. Anonymous Coward
      Anonymous Coward

      "What's needed is an amendment to the DPA enabling the ICO to pro-actively audit companies, issue fines big enough to cause consternation at board level and, to support and incentivise the work, allow the ICO's office to retain a proportion of the fines."

      and also for the ICO to change its general attitude of "we really don't care about what we're supposed to be enforcing, especially if it's a public sector organisation" ?

      Quoting from the film Team America: "Or else we will be very angry with you... and we will write you a letter, telling you how angry we are."

  6. Anonymous Coward
    Anonymous Coward

    Delete all history on browser close = TRUE isn't a terrible place to start. Hopping from site to site within same browser session will still catch you out and there are other, more esoteric ways to track.

    Avoiding Chromium based browsers, not a terrible choice either (hah - good luck, doesn't leave many working alternatives). Decline all cookies in principle is also useful but many pages break from i

    The truth of the matter trying to do something about all this monitoring is extremely challenging at best, even if you know what you are doing. The utility of the internet is too useful to avoid; but the more trash that gets in the way of that utility the more one would consider looking elsewhere.

    A private BBS for your contacts, for instance, is an interesting concept... Instead of relying on ad-laden social media services.

    1. Doctor Syntax Silver badge

      It looks like we've got a Chrome or Edge representative in here downvoting anyone who says a bad word against their master. They're not arguing their case but I don't suppose that's surprising..

      1. Doctor Syntax Silver badge

        Point proven. I wonder how much the gig pays.

  7. Anonymous Coward
    Anonymous Coward

    A third of people actually read the T&Cs? Where are all these people, I've never met any of them!

  8. Anonymous Coward
    Anonymous Coward

    “presumably more tech-literate 18-29 demographic”

    Hmmmm, maybe.

    In my experience in IT for many years, it’s the young ones who are cavalier about online privacy and browser settings.

    Us old farts are the ones yelling at cookies!

    1. DanielsLateToTheParty
      Joke

      Re: “old farts ... yelling at cookies”

      *SHAKES FIST*

      Damn you cookies! Stay off my lawn!

  9. Anonymous Coward
    Anonymous Coward

    Misdirection......Again!

    Quote: "Fewer than one in five Brits report being happy with the way their personal data is handled by big tech companies"

    Could it be that cookies ARE THE LEAST OF ONE'S DATA PROBLEMS?

    What about the collection and aggregation of personal data by everyone out there (e.g. Meta, Amazon, Microsoft, Google, GCHQ, NSA.......)?

    None of this snooping is visible to the average internet (or mobile phone) user!

    RIDICULOUS to ask people about something they cannot see!!!

    Misdirection.....bad journalism.......

  10. Evilgoat76

    Or maybe..

    A large number of respondents lumped in with the CBA brigade simply dont see the point because most of the worst offenders make it impossible to deal with and/or know our toothless watchdogs wont do anything.

    Maybe drilling into that apathy would give more interesting results.

    More than once Ive picked up flagrant data abuse, flagged it with the company, got nothing so pucked it up with the ICO and got more or less "cant be bothered, speak to the company" The only contact Ive had with the ICO that looked anything like work was a vexatious request for data that never existed from someone I eas taking to court.

    1. Anonymous Coward
      Anonymous Coward

      Re: Or maybe..

      Completely agree. I've had exactly this experience with the ICO. Multiple clear breaches of the Data Protection Act were reported and they "put a note on file". When a clear breach of the act with evidence is reported and they do nothing, it's easy to conclude that the apathy comes from the fact that people know that it's a waste of effort to try to enforce regulation. Also, given that there is no option to opt out of browser fingerprinting, and the fact that none of the large Data Processors that I know of will allow access to the data that they collect from that technique, deleting cookies really doesn't achieve a huge amount in terms of privacy.

      1. Anonymous Coward
        Anonymous Coward

        Re: Or maybe..

        > Completely agree. I've had exactly this experience with the ICO. Multiple clear breaches of the Data Protection Act were reported and they "put a note on file". When a clear breach of the act with evidence is reported and they do nothing, it's easy to conclude that the apathy comes from the fact that people know that it's a waste of effort to try to enforce regulation.

        I raised with the ICO multiple clear on-going (for 11+ years) breaches of both UK DPA 1998 and (UK) GDPR/UK DPA 2018 by hundreds of organisations including multiple likely *criminal* offences and the ICO's attitude was basically 'we would only look into that if we received complaints from multiple people'.

    2. Anonymous Coward
      Anonymous Coward

      Re: Or maybe..

      > The only contact Ive had with the ICO that looked anything like work was a vexatious request for data that never existed from someone I eas taking to court.

      I have found the ICO's department that deals with FOI Request complaints to be slightly better than the department that deals with Data Protection complaints. However I was told the other day that they've got a 13 weeks backlog of dealing with FOI Complaints...

      I forsee having to raise yet another FOI Complaint with ICO regarding a particular Public Authority who are once again "taking the piss" regarding dealing with a FOIR I raised 4.5 months ago:

      - they first did their usual trick (i.e. they have done this for EVERY FOIR I've submitted over the years) of emailing me *on* the 20th working day (the last day of the statutory response timeframe) after my submission to say their response would be delayed: "Although we are unable to confirm a date at this time, please be assured we will try to expedite this matter on your behalf".

      - they then responded almost 1 month after that to (a) provide *some* of the information I requested, (b) to refuse to provide some information that I never actually asked for (people's names in a specific group) and didn't provide what I did actually ask for (people's job titles in a group), (c) to also refuse to provide some other information I did ask for by using the "cost limit" refusal, and (d) completely ignored some other information that I asked for.

      - I then narrowed the scope of the information that they refused in point (c) above.

      - 1 month after their (b) refusal to provide info that I never actually requested they sent me the result of a review where they upheld their decision not to provide me with the information that I never actually asked for (peoples' names) in the first place and decided to instead provide me with some of the information (peoples' job titles in a group) that I *did* actually originally request.

      - 2 months after their initial response (and from when I narrowed the scope) they then did actually provide the information from the narrowed scope of (c) above.

      - however as there was still no sign at all of the information requested in (d) above I chased them again. I had 2 back-and-forth email exchanges where I clearly explained the precise information in my original request that had *never* been provided and both times that person referring me to their most recently provided information which was nothing to do with the missing (d) information. Both times I clearly pointed out what was outstanding yet that person repeatedly parroted the same line about the previous review response having supplied this.

      - On my 3rd attempt the person finally referred the matter back to the "review committee" who had provided the previous response. 2 weeks later they provided *some* of the outstanding information from (d) but refused to provide the rest again using the "cost limit" excuse.

      So I'm now 4.5 months into a FOIR and only now have they (for the 2nd time) produced the "cost limit, go away" magic card. So I'll have to narrow the scope of that part of the request to get any of that specific information I wanted and then that'll go through another 1-2 months time period to get information back (assuming they don't find another excuse to reject the narrowed scope).

      On top of that the information they eventually provided for (c) has been excessively redacted (I suspect they went "overboard" on redacting to obscure some problematic, for them, information). So I'll now have to write to them contesting some of the redacting (some of the "redacted" info is obvious from either the context or from other documents I have and is not info I believe they have a valid excuse to redact).

      I forsee a long complaint to the ICO about this org once again failing to provide requested information within the statutory timeframe, ignoring portions of FOI Requests, "inventing" reasons to refuse to provide information, finally using "cost limit" excuses weeks or months after the statutory timeframe has elapsed, etc. This is an org where my worst record for a FOI Request from start-to-finish was a total of *two years* (which included them dripfeeding some of the info to ICO after they became involved and then the ICO finally issued an "Information Notice" to them which is basically a formal threat of "if you don't provide the info specified in this document within the specified timeframe then that automatically becomes a contempt of court matter").

      In the past when the ICO have questioned them about using the "cost limit" excuse their answer has basically been along the lines of "well we don't have that info in our Document Management System so we'd have trawl through everyones email going back years to try and find it which wouid take weeks of effort" - in the past the ICO "accepted" that sort of explanation.

      However the "Code of Practice on the Management of Records issued under section 46 the Freedom of Information Act 2000" covers how Public Authorities should manage the information that they possess. It covers both storing information that needs to be kept and deletion/destroying information when it is no longer needed. Why are documents going back 10+ years being kept by staff in their email rather than either (a) being placed in a Document Management System, or (b) being deleted if not longer required?

      This organisations' "non management" of information appears to be a conscious methodology to avoid providing it via FOI Requests (it is purposely "expensive" to sift through staffs' large mailboxes going back years to find documents).

      Unfortunately based on past experience I'm not expecting ICO to tackle the above organisation's blatent disregard for the FOI Act and the Code of Practice.

      1. hoola Silver badge

        Re: Or maybe..

        Having been on the other side of this the public sector and education is overwhelming with FOIA requests, most irrelevant and vexatious. There are a group of people who appear to spend most of their waking hours dreaming up bizarre requests, all that have to be responded to and all consuming ridiculous amounts of time. The output of the requests are usually utterly pointless as well.

        There is a place for FOIA however it has been systematically abused. I have had requests asking for the serial numbers and os versions of all our IT equipment on a regular basis.

        1. Anonymous Coward
          Anonymous Coward

          Re: Or maybe..

          > Having been on the other side of this the public sector and education is overwhelming with FOIA requests, most irrelevant and vexatious.

          The FOI Act does define vexatious requests and how to deal with them.

          What is an "irrelevant" FOI Request? Irrelevant to whom? Irrelevant how exactly? Only the person/org making a request would know if it is relevant (and why/to what).

          > There are a group of people who appear to spend most of their waking hours dreaming up bizarre requests, all that have to be responded to and all consuming ridiculous amounts of time. The output of the requests are usually utterly pointless as well.

          I agree that there are likely to be some people out there submitted FOI Requests purposefully "to feck with the system". However some FOI Request that appear "bizarre" to you may have been submitted for valid reasons - you don't know the reasoning of the people submitting them and therefore you also don't know if they are "pointless" or not.

          > There is a place for FOIA however it has been systematically abused. I have had requests asking for the serial numbers and os versions of all our IT equipment on a regular basis.

          I agree that often FOI Requests submitted by companies asking for information about hardware/software used and vendors etc would be considered by many as an abuse of FOIR. However there are ways that this could be addressed, one mechanism would be for organisation to actually publish this information which then would reduce or eliminate (valid) FOI Requests needing to be handled regarding that. Another solution would, of course, be to change the FOI Act to reduce such "abuses" by companies by adding restrictions on what "companies" (suitably defined), rather than individuals/journalists/charities/legal orgs/etc, can validly request.

          However "systematic abuse" of FOI also occurs by the recipient Public Authorities themselves - ranging from the likes of the delaying/"creative interpretation"/"don't index docs so we can use rejection on costs" tactics I mentioned in my earlier post, through to the like of the central governments "Clearing House" (run by the Home Office?) where the various Gov Department are required to forward FOI Requests from journalists etc so that the Clearing House can analyse patterns to then determine what potential scandal etc that journalists are working on (so that perhaps other gov departments could then be instructed to delete relevant docs *before* they are FOI requested, so not breaking FOI Act, and so killing or reducing scandal potential?)

        2. Stephen Wilkinson

          Re: Or maybe..

          When I was working in local government IT, most of the IT related FOI requests were companies trying to find out what software was used and when the contracts were up. Mostly a complete waste of officer time as we generally had to use one of the various government tendering portals when the systems were replaced.

          Either that or journalists mass emailing every council on the country asking some banal question on the hope that something spicey would be sent back.

  11. 7teven 4ect

    We are returning the data we stole from you

    Sir,

    Please find attached a copy of the data of you we took from masterdata website, we find you batshit crazy so much we delete our copy of the data of you and send you copy see how you like it

    thank you sir

  12. Captain Hogwash Silver badge
    Flame

    "...reason for taking no action was down to simply not knowing how..."

    Even when I tell them exactly how they still won't do anything.

  13. IGotOut Silver badge

    It's because....

    ...tech have designed it to be so damned hard.

    Even here, where a tech website is complaining about users being apathetic to data privacy, am I having to block 2 trackers and an advert.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like