Posts by Pseu Donyme 346 posts • joined 10 May 2011
I suspect that promises not to sell user data rely on a deliberate misdirection based on a legal definition of selling where the seller transfers all of its rights to what is being sold the buyer for monetary compensation; the data is not sold in this sense, but rather a copy is licensed on a non-exclusive basis (if for money, then it would still qualify as selling in an everyday sense, of course).
While having the ability to sideload on iOS would be an improvement it and 3rd party app stores can't really fix the root problem which is an inevitable tendency to de-facto monopoly. This is because of the network effect where app developers and users attract each other in a self-amplifying loop resulting in one dominating app store, a de-facto monopoly. This is what we have seen with Android where Google Play absolutely dominates. There is no reason to think that things would be different if competition was nominally possible on iOS, on the contrary, an upstart's prospects against the incumbent are dire, practically nil.
Monopolies - whether absolute or inescapable de-facto ones - ought to be run as regulated utilities. Ideally, perhaps, an app store could be a mutual non-profit corporation / co-op controlled by the developers. In practice regulating the current ones, most importantly limiting their commission towards making them non-profit entities, seems like a pragmatic approach.
Indeed. The term 'assumed consent' is a reflection of the dishonesty at play here: in honest terms the question is to what (if any) extent patient data can be used *without consent* e.g. to derive aggregated data for research; I'm open to this as long as the aggregated data is derived in a way which precludes any individual's data leaking out, but the discussion as to how to go about it ought to be on an honest basis.
This is my conclusion as well: petty nickel-and-diming us punters trough third party manufacturers; I have an iPhone as the alternative is a too obvious privacy disaster to be a real alternative*, but this doesn't mean I have to like Apple's petty monetizing (while they are charging a hefty premium on the phone itself).
* sadly, it has become too difficult to find a reasonably cheap off-the-shelf phone to run Lineage (?)
... at the root of this - I'd think - is granting the constitutional right of free speech that properly belongs to a real person to a corporation (just a pile of paper, really, as opposed to a flesh and blood person); in the general case* this leads to a contradiction: when a corporation exercises the right it results on forced speech from the point of view of any shareholders who might disagree, on their dime**.
* i.e. public LLCs whose business and purpose is other than journalistic or political***; those getting involved in such things by buying shares should expect such corporations to exercise the freedom of the press and/or free speech rights on their behalf
** on any controversial subject such disagreement is guaranteed in any sizeable population of shareholders
*** in the US - I understand - much of what would be an association with a political purpose elsewhere is set up as a certain kind of a LLC
... whether absolute or de-facto ones* and ought to be run as regulated utilities; a mutual non-profit company / co-op owned and controlled by app developers might do the trick.
* e.g. Google Play is nominally outside the dictionary definition of a monopoly** but it still is a de-facto one due to the network effect***; in general "monopoly" is used in economics and competition law in a less strict sense for a good reason: a controlling market position has much of the disadvantage of an absolute monopoly; Google Play's position in its respective market is so overwhelmingly dominating that it is really indistinguishable from an absolute monopoly (like Apple's App store).
** a particular product or service has only one provider
*** developers and users attract more of each other which results in one store ending up in an overwhelmingly strong market position from which it is virtually impossible to dislodge; the end result is a natural monopoly of a sort (in the sense of being due to the nature of the beast)
I adore this definition (i.e. cookies without which the service to the user can not be delivered at all): it is concise and clear while perfectly capturing the essence of the matter. With it in mind I propose that cookie banners are in fact not necessary at all: everything that is essential in this sense can be done with session cookies which are not restricted by the EU cookie law (1) at all since that only requires consent for cookies *stored* on user equipment and session cookies by definition aren't. Given this, any gripes about cookie banners ought to be directed not at the EU, but at those who put the banners on websites.
(1) ePrivacy Directive (2002/58/EC), also, crucially, the Planet 49 (C-673/17) CJEU decision: GDPR definition of consent applies to cookie consent.
I liked the graphics, especially the cutesy character sprites. In general the game (on Switch) was well worth the price. Still (as above) things didn't totally click: it seems I had better things to do than the endgame after all the eight storylines had been brought to a conclusion. This could be due to exposure to the embarrassment of riches which is Zelda on the Switch, then again I could have used (even) more of Fire Emblem Three Houses which seemed to have that certain something (hard to put a finger on, also in the Eye Of The Beholder).
App stores are natural monopolies (or close enough) so they really ought to be run as regulated utilities. That competition turns to monopoly (or close enough for practical purposes) in the general case is due to a version of the network effect: the nature of the beast is that app developers and users attract each other which tends to result in one store becoming more and more dominant over time akin to the emergence of the de-facto monopoly of Windows. Also, developers and users having to deal with more than one app store per platform is wasteful; not the same but similar to 'traditional' natural monopolies where the waste would come from the unnecessary duplication of a physical network (e.g. an electrical one).
For a while it looked like Russia might become if not another western liberal democracy or at least something close enough to be worked with on the same basis as other 'normal', more or less allied or at least not adversarial countries. Instead there has been a gradual move back towards the cold-war of old; instead of 'working with' (as in mutually beneficial trade and other co-operation) 'working against' such as the western countries (in Europe, in particular) having to beef up their military which adds to the waste* from loss of co-operation and makes the world a crappier place in general.
* the best outcome with military spending is that was not needed in the end so was waste (in a sense; it probably helped prevent the much worse outcome of outright war though)
It is still a profile and therefore subject the GDPR* which should mean opt-in consent.
*GDPR Recital 72 : "Profiling is subject to the rules of this Regulation governing the processing of personal data, such as the legal grounds for processing or data protection principles." (https://eur-lex.europa.eu/eli/reg/2016/679/oj)
It doesn't matter how personal data was obtained: it falls under the GDPR by simply being personal data* so Facebook needs Article 6** lawful basis for processing*** it. It is hard to see how there could be such a lawful basis for using data slurped from phone/address books for Facebook's own purposes (or even for slurping it in the first place).
* definition : GDPR Article 4(1) : ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
** https://gdpr-info.eu/art-6-gdpr/
*** definition : GDPR Article 4(2) : ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Indeed it is. In practice it will take complaints to DPAs, meaningful action by them* and then the cases dragging trough courts for years. Apparently the potential fines - although substantially increased with the GDPR - still aren't large enough; otoh, I suppose consequences years in the future don't seem too bad especially when they don't affect those making the decisions directly (and when the same are likely to keep and enjoy whatever bounty they got as a result of said decisions even if shareholders eventually do suffer a loss).
* unfortunately this is hardly guaranteed, case in point:
https://noyb.eu/en/dpc-cancels-parliamentary-hearing-eu-us-transfers
(latest in the Irish DPC's epic labours to avoid doing anything meaningful in the 7.5 year old Schrems vs Facebook case)
Also worth noting that this is news*: Google (& Apple) haven't been exactly forthcoming with what they do which would seem a bit strange if this is supposed to be normal, expected, above board etc. as Google insists (now that they have been caught with hand in the cookie jar).
* I suppose many of us suspected as much; I'd say confirmation is still news.
Indeed. This is the only sensible solution: it is entirely unreasonable to expect users to deal with professionally set up legalese. For one thing there is an asymmetry at work: the corporations setting these up can afford a team of lawyers and other professionals to do it as the cost /user is reasonable while the cost of an user scrutinizing such a thing to the same level would be about the same and borne by each user individually (i.e. patently prohibitive). Opt-in == no need for this == no cost, not even waste of time (assuming proper, active opt-in where opting out is the default which you get by doing nothing).
>Who is policing this stuff?
The DPAs, but in practice this takes time as the cases work their way to the ECJ. There is a complaint with the promise of a relatively speedy resolution though: https://noyb.eu/en/data-transfers-us-and-insufficient-cookie-information-noyb-files-complaint-against-european (This is because cases against EU institutions get fast-tracked to the ECJ; this one is about an internal website the EU Parliament, apparently commissioned from some cowboy outfit who seem to have done it with a template designed to circumvent consent.)
... so they really ought to be run as regulated utilities. That competition turns to monopoly (or close enough for practical purposes) in the general case is due to a version of the network effect: the nature of the beast is that app developers and users attract each other which tends to result in one store becoming more and more dominant over time akin to the emergence of the de-facto monopoly of Windows. Also, developers and users having to deal with more than one app store per platform is wasteful; not the same but similar to 'traditional' natural monopolies where the waste would come from the unnecessary duplication of a physical network (e.g. an electrical one).
A rating scheme won't do much good where there is no competition; a sore lack thereof with Windows on the desktop. An idea to remedy that to some extent would be a requirement that government systems must run on other platforms as well, where the government could do itself and - even more importantly - others a favor by boosting Linux (the OS itself and - importantly - applications running under it) by such a requirement. Since there are already distros with commercial support this wouldn't necessarily need much else. With mobile devices, however, a relative pittance of money directed in the way of an alternate Android distribution (such as LineageOS) would go a long way (with a stipulation that any devices bought with government funds must be flashable with an alternate). Also, the EU would be well advised (actually, moreso than the US) to take this sort of a scheme under consideration (as it has been demonstrated that US technology can be withdrawn at the whim of a US president: see China / Huawei & others).
GDPR* recital 72 explicitly subjects profiling** to GDPR so it is hard to see how targeted ads based on user profiles could survive in the long run, especially under GDPR's consent regime***. I suppose it will take quite a while for this work its way trough the courts though if Facebook's efforts to obstruct**** are any indication. The first significant blow to Google seems to be coming sooner though:
https://noyb.eu/en/data-transfers-us-and-insufficient-cookie-information-noyb-files-complaint-against-european.
This seeks to enforce the recent ECJ 'Schrems II' judgment (in a nutshell: data transfers to the US are illegal due to insufficient data protection over there); the thing is that this particular complaint is on fast track to the ECJ (instead of the usual detour via national courts) because it is against the European Parliament (for an internal website apparently making use of Google Analytics, among other things).
* https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN
** defined as: "any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements" (Article 4(4)).
*** Article 7, in particular Article 7(4): "When assessing whether consent is freely given, utmost account shall be taken of whether, inter alia, the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract."
**** 7.5 years so far, might be coming to an end relatively soon though: https://noyb.eu/en/irish-dpc-agrees-decide-swiftly-facebooks-eu-us-transfers
... of Google as a data processor I can't help but suspect that the plan might be to use nominally GDPR compliant* contracts between Google and EU data controllers as an end run around the GDPR: Google pretends to comply and the controller pretends to believe that while enjoying their free (or at least cheap) products and services (actually paid with the data of us EU plebs).
* for certain values of 'compliant' (such as 'not quite in blatantly obvious violation')
One thing that could come handy is the data collected with Google Analytics. The key here are the 1st party id cookies that analytics.js generates and stores not only on the user's device (for two years) but on the Google Analytics server. While these apparently only identify a user in the context of each site, they still mean that when / if you revisit the same site (within two years) Google can be sure it is you even if your ip-address has changed. Otoh, if your ip-address has not changed since the last visit, Google can be sure* that ip-address == you between the first and second visit. This means that Google, in effect, has access to most everyone's** browsing history covering not only the sites using Google Analytics but also those using other Google services embedded in webpages (such as doubleclick.com, googletagmanager.com, fonts.googleapis.com/gstatic.com).
* most of the time, at least when the time between visits is shortish; otoh, given their huge data trove they can also tell with high confidence whether or not a given ip-address has been assigned to someone else in the meantime
** most everyone would be those who don't get rid of cookies on a regular basis i.e. most everyone
App stores should to be run as independent non-profits with the goal of minimizing their cut from the sales enshrined in their bylaws (and therefore in management compensation / incentives); it is hard to see a way around the network effect* resulting in de-facto monopolies so app stores should be treated as utilities / infrastructure.
Making on-line advertising strictly and truly opt-in would seem to fix much of the current mess as that would remove the incentive underlying the creation and upkeep of the same.
* An app store with more users and/or developers attracts more of both thereby becoming ever more attractive until very few users or developers can be bothered with other app stores (akin to a telephone network becoming more useful with more subscribers leading in a single telephone network instead of several disjoint ones).
Indeed, the physical network (at least the part reaching the end users) is very much a natural monopoly (like electric networks, waterworks, sewers, roads, ...), a waste of resources to duplicate even in densely populated areas, never mind rural areas. Hence the only sensible way to build and run such infrastructure (which, moreover tends to be rather critical infrastructure) is to run it as a public utility. This usually means having some public body responsible for building and mainlining it. This could be a municipality, especially where the "last mile" is the problem. The actual work can/should be outsourced to private companies, which - done right - would bring in some competition to that part as well. Also providing services over the physical network can/should be under competition; the Swedes did something along these lines: the fiber network itself is public, but the ISPs offering service on it are private (which I understand has worked quite well with the desired result of combining universal availability even in rural areas with reasonable overall cost).
http://www.enseignement.polytechnique.fr/informatique/INF431/X09-2010-2011/AmphiTHC/SynchronizationPrimitives.pdf has a summary of computer history covering these (Ch 2.1). According to that the Atanasoff computer was never completed so it seems the Colossus was the first actual implementation of an electronic computer while Zuse's electromechanical Z3 was the first actual implementation of a programmable computer.
The site (amazon.de) has become a minefield where you need to be constantly on guard lest you are sold something you don't want. This started with pushing Prime at each checkout which was annoying enough. Now recurring orders on some items are the default and modal popups spring up when you put something in the basket. These push additional items Amazon for some reason seems to think I would like (with dismal accuracy, I might add) and/or extended warranty insurance (which should, in general, be banned as fraud, if you ask me) even when I'm trying to buy an usb memory stick worth a couple of €. Also, the last time I used the .co.uk version (before that becoming impractical due to Brexit) I was dismayed to notice that Amazon has gotten into the Dynamic Currency Conversion scam (i.e. a "service" which consists solely of giving its user a worse exchange rate than the VISA/Mastercard rate). This too as default, of course.
In summary: what used to be a very convenient web shop has become a drag to use. Also, prices aren't necessarily that great either, it seems I can often find the same product cheaper elsewhere.
As natural monopolies (due to the network effect) app stores ought to be run as independent non-profits*. In practice these could be co-ops of developers who'd get access to the app store by buying a share**. The non-profit nature could be enshrined in the co-op bylaws, as could a prohibition of any party voting with more than a handful of shares (the goal being that the mutual non-profit stays that way).
Further inspiration for regulators (hopefully) sharpening their knives in anticipation of slicing and dicing the likes of Google (Alphabet): compensation for eminent-domaining app stores to convert them to co-ops could come from extra heavy fines to the monopolist, deserved in any case.
* i.e. these would siphon enough fees from the sales to keep them going in the long run but would not pay dividends
** the share price should be nominal or at least low enough for one-man-shops and even non-profit hobbyists
[Okay, sure, this might not be proper socialism as the ownership is not fully public, but by a group that could expected to manage the store in the public interest as it aligns with their own, nor does this apply to all means of production so Marx would see it as a step in the right direction at best; I just couldn't resist putting it in the title. :) ]
Since I haven't given Facebook (or big tech in general) the benefit of doubt for years I'd assume they are trying to push something significant for European users as well. Otherwise it wouldn't make sense to push what amounts to no change with the obvious risk of an exodus if only because of the dick move of threatening termination of service to those not accepting the new T&Cs itself. (Btw, the weasel worded pr as in the shared information not used for marketing to European users begs the question of what exactly is it used for then).
Also, I wonder if what just happened to the embarrassment-in-chief has had an effect: if Facebook (and others) can do this to a sitting US president known to be very litigious - without comeback - they can do this to anyone on a whim i.e. it is best not to rely on Facebook (or the others) for anything important. Don't get me wrong: muting the EIB seems well warranted given the obvious potential of trouble much, much worse still and and if anything should have come sooner, it is just that there ought to be some sort of principled way for this sort of thing.
I was wondering about this too. These shareholder lawsuits surely can't be as stupid as them effectively suing themselves for damages while suffering further losses from paying for their own lawyers directly and those of the company indirectly? Can anyone enlighten us as to how these actually work?
The more I think about it the more convinced I become that the only way to fix the mess that is the current internet is to revisit the original sin of ad-funding. As in eliminating it completely and replacing it with something else, such as micropayments. The current ad-funded arrangement is a nebulous mess in which consumers not only pay with their money (1) but also with a loss of privacy. Moreover, consumers are denied the benefits of straightforward markets - where a consumer pays for a service and has several competing options to choose from - and so suffer additional losses - monetary and reduced choice - as a result.
A conceptually simple fix (2) would seem to be banning all advertising delivered over ip or similar network where there is any change of anyone receiving it unsolicited, that is, unless the consumer has made an explicit request for information about a specific product or service within the last five minutes. The means of making such a request could be a search engine as far as finding the product/service information goes, but it would be essential that search engines were restricted to receiving payments from end users only as that would make the end users the customers, not products; a straightforward market for competing search engines could emerge and be sustained. Also, search engines should be specifically required to be separate, independent entities, not owned or in any way controlled by another entity (i.e. the the likes of Alphabet owning Google search should be illegal).
(1) the money for advertising has to ultimately come from higher prices of products and services
(2) the practical consequences are another matter, of course, but as the rot is systemic so is any real fix
These ultimately emanate from a handful of central sources - such as Google - who deliberately design them to annoy end users with the goal of turning them against data protection regulation; the fairly frequent posts in on-line forums such as this one blaming the EU for these is astroturfing to ascertain the intended reaction (the obvious solution of using only strictly necessary cookies with no banner has been available all the while, it is just incompatible with a business model with privacy violation at its core).
As app stores are natural monopolies they ought to be run as separate, independent non-profit entities. The natural monopoly is due to the network effect: even if the company controlling a platform allows installing from other sources as Google does with Android, the interdependent app users and developers tend to flock up in a single app store as more users means more developers, which means more users, which means more developers, ... which results in a (de-facto) monopoly - a market failure, great for the monopolist, but sucks for consumers and developers.
As an aside it occurred to me that a cloud provider will no doubt work relentlessly to lock in any customer in a number of ways and likely succeed. After which it is just about tightening the screws for as much money as can be squeezed out. Which will be plenty when the customer is a government; in effect the power to tax has been handed to a for-profit corporation.
I wonder if a similar arrangement could have been (or could still be) used with the old EU data protection regime: while the maximum fine might have been £500 000 or similar amount, insignificant to the likes of Facebook, could this have been applied for every individual violation i.e. user whose rights were violated? With the likes of Facebook these are in the millions and even 1 000 000 x 500 000 = 500 bn, which should get their attention.
>IBM PC user manual
I seem to recall it was the Technical Reference*, Appendix A. Also, importantly, there was a documented, cleanish** API to the BIOS - a hardware abstraction layer of a sort - via software interrupts with registers used for parameters and return values.
* http://www.retroarchive.org/dos/docs/ibm5160techref.pdf
** In practice the IBM PC programming interface included much of the memory map and hardware details as BIOS variables, frame buffers, i/o port mappings and such were often used directly in application code (these too were documented in the Technical Reference)
Given the buyer's relatively modest total assets compared to the size of the deal this looks like a typical private equity leveraged buyout, in which case the goal tends to be loading the target with as much debt as possible - I suppose the .org cash flow would support quite a bit (?) - and then siphoning off the money as dividends and consulting fees, leaving a wreck ripe for bankruptcy (and, in this case, possibly a taxpayer bailout as a part of vital infrastructure).
The Register - Independent news and views for the tech community. Part of Situation Publishing
Biting the hand that feeds IT © 1998–2021
