* Posts by Pseu Donyme

388 publicly visible posts • joined 10 May 2011


Australian exchange pauses project to move stocks to blockchain

Pseu Donyme

re: slowing down transactions

This could actually have benefits if done right. Consider a stock market where buy and sell bids are paired at the end of the day so that the highest buy bid would be paired for the lowest sell bid at (buy+sell)/2, the pair is removed from the pool and this goes on until either buy or sell bids are exhausted. This would eliminate short term (<= 1 day) trading which destabilizes the market* and leaches money to the short term traders from the rest of the market for no discernible general benefit**. There is no real reason to run the market on a shorter timescale than a day (never mind a microsecond one): it is, after all, closed down during nights and weekends***.

* potentially resulting the rest of the economy going pear-shaped for no good reason (screwing up even those who don't participate in the market)

** except, allegedly, providing liquidity, which this scheme would do as well if not better

*** actually 1-3 times / week seems enough and would result in more stability and effective liquidity (for a stock or bond market, forex might need a shorter timescale (a couple of times / day, maybe))

California to phase out internal combustion vehicles by 2035

Pseu Donyme

I'd hope that the ban isn't on ICE-powered cars as such not to rule out synfuel where the carbon comes from the CO2 in the atmosphere as this seems like a good way to store excess solar/wind electricity for later use.

Pseu Donyme

re: rail

At least there is one out of town even where the ban at issue is prone to result in an adverse reaction.

Behind Big Tech's big privacy heist: Deliberate obfuscation

Pseu Donyme

Re: "a 10,000 word section"

Actually, there should be no need to read these as all processing of personal information should be under fine-grainded opt-in: if you don't opt-in only minimal, strictly necessary processing may take place; in theory the GDPR requires just this, practice (enforcement) is unfortunately another matter. :(

Dutch public sector gets green light to use Google Workspace

Pseu Donyme

This seems about as well considered as putting the worst addict you can find in charge of the drug store.

UK monopoly watchdog investigates Google's online advertising business

Pseu Donyme

What on-line advertising really needs is banning except maybe when it is strictly opt-in: the user should be the customer, not the product. Advertising doesn't even really pay for any services as the cost of it ends up in the price of the products and services we pay for. With the current arrangement we not only ultimately pay in those higher prices, but also pay with a loss of privacy (which is the result of the snooping needed for targeted advertising), not to mention having to endure commercial propaganda (i.e. advertising), being manipulated, misled and misinformed by it. The sane way is paying for the services we use directly, cutting out a bunch of middlemen and restoring a market with competition to the services 'paid' for by advertising - any other claim is just meta-advertising.

When management went nuclear on an innocent software engineer

Pseu Donyme

Re: Which one?

The intense neutron flux causes significant amounts of radioactive isotopes to be created by neutron capture in atoms making up the reactor and its surroundings. Orders of magnitude less of a problem than fission products, of course, but still a problem that has to be dealt with.

Revealed: The semi-secret list of techs Beijing really really wishes it didn't have to import

Pseu Donyme

re: Kylin

The EU would do well with something similar. A supported version of AOSP (with its own app store and possibly other key services) wouldn't go amiss either. The idea with these would be that all software and hardware bought with public monies in the EU would have to support these not that they'd be mandatory to use. Creating some competition like this would be good, as would the strategic independence in case of Trump mk II (i.e. someone not only malevolent but also competent with it) especially considering the cost of a relative pittance.

Campaigners warn of legal challenge against Privacy Shield enhancements

Pseu Donyme

Indeed, stopping data transfers from the EU to the US seems like the only solution (until there is decent data protection legislation on the US federal level - which doesn't seem entirely impossible as the attitude towards Big Tech has soured quite a bit on both sides of the relevant US aisles; moreover, California's attempt toward this seems promising).

Elon Musk flogs $8.4bn of Tesla shares amid Twitter offer drama

Pseu Donyme


This acquisition is supposed to be about promoting free speech while what it is on Twitter is in fact to be subjected to the whims of a single person.

EU, US close to replacing defunct Privacy Shield II

Pseu Donyme

Blatant mockery of rule of law

This is just an entirely transparent ploy for the benefit the US-based data slurpers (commercial and otherwise) designed to delay a proper solution: decent US data protection legislation (or the more pragmatic one of not sending any personal data to the US in the first place).

I fear the key idea here is to add cost and delay (both approaching infinity) by miring any complaint in the US court system; before a Schrems III case could even be filed in the EU all appeals must probably be exhausted in the US to demonstrate that the this new system is useless (as it is designed to be).

I do hope the EU parliament gets a say and kills this forthwith.

Tech world's Ukraine response mixes evacuation efforts, ad bans, free phones, infosec FUD

Pseu Donyme

re: Russian attack on Ukraine

It is difficult to see any credible rationale* for the attack. How the Ukrainians have rised to the challenge has been absolutely awe-inspiring though. Also on the bright side: this could bring the reign of Putin to an end which would mean a fresh start for the Russians in their relation to the West and in general - the not-so-bright side is of this the extremely high price of this potential improvement falling on Ukraine.

* there is the Russian propaganda, but the only thing it tends to convince one of is that it is propaganda

Website fined by German court for leaking visitor's IP address via Google Fonts

Pseu Donyme

Having waded trough the decision via the link provided I was surprised to see that it did not rely on the Schrems decsions. Instead, since there wasn't consent the defendant tried to rely on legitimate interest but the court ruled that it doesn't apply as the font could have been self-hosted and therefore there was no need to Google to get the IP-address; Google being well-known data hoarder was also mentioned. I'd think the use 3rd party resources might still be legal on legitimate interest grounds if there isn't a straightforward alternative and if the 3rd party could be trusted not to use the IP-address for its own purposes; a contract preventing such use or the 3rd party merely being in the EU or another jurisdiction with sufficient data protection legislation making such use illegal could suffice (in any case 3rd parties located in the US are out though because of the Schrems decisions).

Pseu Donyme

Re: Maybe this fine will start a trend.

From the link to the court decision It seems the 100 € was actually compensation to the plaintiff, not a fine.

IPv6 is built to be better, but that's not the route to success

Pseu Donyme

Re: NAT won't block it.

I'd think a packet bearing a destination address in a private ip block would have trouble getting routed over the internet. Moreover, any decent NAT implementation is likely to take a dim view on (drop) packets coming in from the WAN interface with a LAN destination address.

Pseu Donyme

re: privacy

The privacy concern is why I make sure to disable IPv6 on all kit. Automatic fiddling with the local part of the address doesn't cut it as the network part may well be static and Google etc. are certainly smart enough to figure this out; with IPv4 I can at least force a new dynamic address on a regular basis by presenting a different MAC for the ISP's DHCP server or hide behind CGNAT. Come to think of it, CGNAT or a similar arrangement should really be the legally mandated default for consumer connections, especially with IPv6.

Windows box won't boot? SystemRescue 9 may help

Pseu Donyme

GParted Live CD/USB/PXE/HD ...

... can also come handy with borked PCs, making backup images and such: https://gparted.org/livecd.php

Tougher rules on targeted ads, deepfakes, crafty web design, and more? Euro lawmakers give a thumbs up

Pseu Donyme

Enforcement is the key

This is all well and good, but as we have seen with the GDPR good legislation doesn't matter in practice if it is not vigorously enforced: with GDPR there is something deeply wrong with the Irish DPC which has turned into an advocate and ally of US Big Tech*, which has seriously hampered enforcement as the European HQs of the worst offenders (i.e. Facebook/Meta and Google/Alphabet) are in Ireland and so the Irish DPC is supposed to be the lead authority to rein them in.

* case in point: https://noyb.eu/en/irish-dpc-greenlights-facebooks-gdpr-bypass

Pseu Donyme

The "urging a recipient of the service to change a setting or configuration of the service after the recipient has already made a choice" being verboten -bit sounds like it would do just that (among other things).

Lawmakers propose TLDR Act because no one reads Terms of Service agreements

Pseu Donyme

Re: cookie notifications

It is instructive to consider who actually implemented them and why they chose to implement them in a particular way; EU 'cookie law' certainly didn't require the abusive ones we got, indeed, it required none at all as long as only strictly necessary cookies were used.

Google and Facebook's top execs allegedly approved dividing ad market among themselves

Pseu Donyme

A simple mitigation ...

... for the various abuses (such as this) rising from the current business model would be forcing a more healthy one by making on-line advertising strictly opt-in; the user should be the customer, not the product.

Austrian watchdog rules German company's use of Google Analytics breached GDPR by sending data to US

Pseu Donyme

One has to wonder about Google's rationale for offering GoogleAnalytics as a free service; the obvious one, of course, would be collecting data for their own use. For a page with GoogleAnalytics Google gets the URL of the page and ip-address* of the user and there is a unique per site (first-party) id-cookie expiring in 2 years from last visit. Assuming Google uses these for its own purposes it essentially has everyone's browsing history for the pages using GoogleAnalytics; this works somewhat subtly: as long as your ip-address stays the same it is a perma-cookie in its own right, when it changes, the id-cookies can be used to re-identify an user as soon as a previously visited page with GoogleAnalytics is re-visited within 2 years of the last visit.

* Google can always store this as is for its own purposes regardless of ip-address obfuscation

US watchdog pokes Facebook a second time: Meta faces fresh monopoly lawsuit

Pseu Donyme

Re: Network effect at work

The premise is that there is an inescapable monopoly i.e. no competition to begin with so all that can be done is to regulate the monopoly to limit its abuse. Ideally, perhaps, competition could be brought to the user-facing part resulting from the split suggested above, but the core part would still have to be a regulated utility completely independent from Meta.

Pseu Donyme

Network effect at work

The sort of thing Facebook is ends up as a monopoly because of the network effect where, in essence, users attract each other and where a competing upstart wouldn't get anywhere as the people you want to aren't there; as a natural monopoly of a sort it ought to be run as a public utility.

An ideal approach could be splitting Facebook itself into two parts:

- a regulated utility providing the technical core of the service on a common carrier basis, and

- an user facing part operating under competition

i.e. the former would used trough a well-documented API by the latter which would be just one of competing implementations paying fees to the regulated part. In practice, I suppose, regulating the existing monolith will have to do. Also, there is obvious opportunity to improve competition by cleaving off Instagram and WhatsApp.

Nothing's working, and I've checked everything, so it must be YOUR fault

Pseu Donyme

Perish the thought

I fear you might also suggest that there could be some reason for my hair having gotten grey other than having to give up creosote shampoo due the EU ninnies banning it.

Pseu Donyme

re bad printing on fuses

What is more it seems to have gotten worse and worse over the years. A few decades back this wasn't an issue at all, then I started to notice that I need to bring these under a bright light and lately it has gotten so bad that I had to add a pair of reading glasses to the toolbox in case I run into these. No doubt this is because the molds or whatever the metal tips made with are crude Nth generation copies of the originals.

It takes more clicks to reject their cookies than accept them, so France fines Facebook and Google over €200m

Pseu Donyme

re legitimate interest

Come to think about it, 'legitimate interest' has no business being mixed with cookie consent: the EU 'cookie law'* requires consent for storing cookies on user devices, there is no alternative to consent such as legitimate interest or other GDPR Article 6(1) lawful basis.

* ePrivacy Directive (2002/58/EC) amended by Directive 2009/136 with the CJEU Planet 49 (C-673/17) decision (with the latter bringing in GDPR consent; as such the ePrivacy Directive predates and is distinct from the GDPR)

Pseu Donyme

Re: Saying "no cookies" involves setting a cookie

Quite, as long as this is framed as opt-out instead of opt-in; with opt-in the cookie would be needed to store the fact that the user has in fact opted in (including to storing the opt-in cookie itself). Opt-in, of course, is the proper, GDPR way of doing things. Besides, most anything really necessary can be done with session cookies which don't fall under the EU 'cookie law' / ePrivacy Directive as they are by definition not stored on user devices (this, of course, hangs on the exact meaning of 'store' in this context; given that the legislator's intent here is protecting privacy by preventing tracking allowing session cookies without consent seems reasonable as they aren't much good for tracking).

Pseu Donyme

Re: Why it has taken so long

The 'cookie law' is actually EU Directive 2009/136, an amendment to the ePrivacy Directive (2002/58/EC) so it dates back to 2009. However, at the time it was - unfortunately - left open what exactly consent for storing cookies on a user device means and so the likes of Google and Facebook came up with the aggressive interpretation that things like 'consent' banners with only an ok-button would do.

Eventually (01OCT2019) there was the CJEU Planet 49 (C-673/17) decision though: GDPR consent rules apply to cookie consent. So it seems it took about two years from that to a decision by the CNIL. This doesn't seem too bad given that Google and Facebook have likely worked hard to delay it; now, of course, they will appeal and will no doubt work even harder to drag that on as long as possible.

Wi-Fi not working? It's time to consult the lovely people on those fine Linux forums

Pseu Donyme

Re: Similar problem with a moped

A rented scooter in Greece: turns out the start button has no effect unless one of the brake handles is depressed enough to activate the brake light switch.

Pseu Donyme

I tend to have these connected to the mains via an electronic timer that cuts the power for one minute in the middle of the night for just this reason (especially if I have set one up for someone not exactly techy; this seems to virtually eliminate support calls arising from this cause).

Pseu Donyme

Re: You think Covid is political?!

Unfortunately it has turned out that way (closely related things like vaccination rates and attitude to wearing a mask correlate with party affiliation; this might be most extreme in the US but can be seen elsewhere as well).

Luxembourg judge hits pause on Amazon's daily payments of disputed $844m GDPR fine

Pseu Donyme

Re: Redeployment

Also, they might try interpreting the law conservatively (i.e. to make sure there is no change of violating it) as opposed to aggressively (i.e. to circumvent it for maximum advantage to themselves).

Meg Whitman – former HP and eBay CEO – nominated as US ambassador to Kenya

Pseu Donyme

Substantial donations seem to reliably translate to ambassador posts. I must be missing something as this sure looks awful lot like bribery.

UK and USA seek new world order for cross-border data sharing and privacy

Pseu Donyme

The worst offenders come from the US ...

... because there has been no data protection legislation worth mentioning and so no impediment to their business model - essentially privacy violation for profit. Hence, what would really be needed would be proper data protection legislation (akin to the GDPR) on the federal level, and crucially, its vigorous enforcement (which has left quite a bit to be desired in the EU so far). I'm actually somewhat hopeful about this as Big Tech seems to have attracted the ire of just about everyone, including the current US administration and their political opposition.

American diplomats' iPhones reportedly compromised by NSO Group intrusion software

Pseu Donyme

I wondered about that too: whether snooping the mentioned miscreants with few allies is proper and legal surely cannot depend on the country code not being "+1".

Microsoft adds Buy Now, Pay Later financing option to Edge – and everyone hates it

Pseu Donyme

re abuse of monopoly

That's what it looks like. With the history (and likely future) of that sort thing in mind it seems to me that the EU would do well to take an active role in creating alternatives: a relative pittance of public money to prop up existing alternate platforms (most importantly Linux + AOSP) and applications (office and browser, at least) would go a long way, especially combined with a stipulation that public funds may only be spent on compatible hardware and software*.

The key idea would be to force the existence of actual alternatives, not necessarily forcing their use on the public sector (although, see **); importantly, the alternatives would be available to business and private use as well. If need be complaints of state aid could be dismissed on national security grounds**.

* say, only PCs capable of running Linux, only phones and tablets with manufacturer supported AOSP as an option; the AOSP part would need supporting services as well, most importantly an alternate app store; desktop and server software would have to available for Linux (i.e. not only Windows or other proprietary OS), apps for AOSP (as well as iOS or Android)

** with straight face, even, as this would provide for strategic independence, the lack of which is currently a problem; the potential for snooping might also a be consideration (or at least this is what the US government would seem to insist us to believe when a provider is under the thumb of a foreign power (with Huawei at least))

Giant Japanese corporations to launch bank-backed digital currency

Pseu Donyme

A (conceptually) simple way to digital currency ...

.. would be automatically giving every natural and legal person in a jurisdiction an account in the central bank. These days it shouldn't be too difficult as a technical matter either, although how exactly transfers between those accounts would be carried out in practice would require some thought for this to be useful (and not, among other concerns, a privacy disaster). This would, at least, solve the problem of the 'unbanked' and eliminate a bunch of inefficiencies currently manifesting themselves in in banking and card fees (which include monopoly rents, the underlying monopoly at least partly being the current privileged access to central banks). Also, it would seem that this would go a long way to eliminating the need to prop up too-big-to-fail financial institutions (deposit guarantees could be eliminated as the central bank is always good for what it owes).

Granted, this would also make it easy to trace payments, but then this is the case already with money going trough the banking system as it is, so I'm not sure this is really a huge problem (at least as long as physical cash isn't completely eliminated and/or the legislation concerning this is up to scratch). Also, this would have a cost, but this seems trivial and could be easily covered by a fraction of the new money central banks create as a matter of routine to keep up with inflation (or to create some, actually, as a part of their mandate).

An obvious extension to the scheme would be allowing existing account holders easily (automatically) opening an account in another central bank where their 'home' central bank would vouch for their identity; this could (should) be combined with some sort of an automated, competitive market for currency exchange available to the small time punter.

Max Schrems hits Irish Data Protection Commissioner with corruption complaint

Pseu Donyme

The way I see it is that the question of whether a service must be provided to those who do not consent does not arise: if consent is required to use a service such consent is not valid and therefore cannot be used as a legal basis for processing (which in turn makes processing based on it illegal); if consent cannot be used as a legal basis, then another basis must be found (which is what Facebook pretends to have done here, see below).

At any rate, as said, ultimately Facebook must to be taken to court over this. However, Facebook's European HQ is in Ireland which makes this the Irish DPC's responsibility, and, the problem with that is that the Irish DPC seems to have turned to an advocate for Facebook*: they accept Facebook's BS contract as a legal basis here.

Facebook tries, with a straight face, to reframe what is really about consent as carrying out a contract. The simple counterargument is that if this were allowed to stand anything could be so framed and so the requirement for legal basis for processing, the centerpiece of the GDPR would, in effect, cease to exist; this cannot have been the legislator's intention and so cannot be the law.

Fortunately the issue is on its way to the CJEU via another route** thanks to Max Schrems / NOYB; I suppose their dealings with the Irish DPC led them to anticipate the outcome with that route early on.

* https://noyb.eu/en/irish-dpc-greenlights-facebooks-gdpr-bypass

** https://noyb.eu/en/breaking-austrian-ogh-asks-cjeu-if-facebook-undermines-gdpr-2018

Singaporean regulator punishes biggest-ever data breach: Almost 5.9 million hotel customers' info exposed

Pseu Donyme

The fine seems far too puny ...

... to act as a real deterrent for this particular company or others; the proper order of magnitude would be something that brings a company if not within an inch of its life then at least within a foot, the idea being that raking these in is not an option.

As the level where this happens while not resulting in an outright bankruptcy very much depends on circumstances, I'd suggest an alternate scheme where a company is forced to issue a substantial amount of new shares to be sold to the public with the proceeds going to government coffers: this should result in sufficient annoyance among existing shareholders to make a difference.

Another alternative could be a fine as a percentage of yearly revenue to be garnered from profits before any are paid out; this would also work companies other than LLCs, again without resulting in an immediate bankruptcy while hopefully getting the message trough.

In any case, while repeat offenses should attract higher penalties, the initial one must be substantial enough to act as a deterrent in itself; a token fine like this essentially means a license to ignore regulation until caught (and while appeals drag trough the courts, which is another problem, especially with well heeled companies with the resources to make sure this takes ages; with this in mind a fine should perhaps be a fixed percentage of yearly revenue or the combined revenue for the period in which there was an active violation, whichever is higher, for an incentive to fix things while waiting for the final verdict).

'We are not people to Mark Zuckerberg, we are the product' rages Ohio's Attorney General in Facebook lawsuit

Pseu Donyme

The Way of the Megacorp

"We are not people to Mark Zuckerberg, we are the product and we are being used against each other out of greed."

Unfortunately it looks like this is the essence of the de-facto American way these days; problem is that the two are deeply intertwined.

NSO fails once again to claim foreign sovereign immunity in WhatsApp spying lawsuit

Pseu Donyme

re: soverign immunity

Surely this also means that the contractual arrangements to limit their government customers' use of the product are unenforceable.

It's 'near-impossible to escape persistent surveillance' by American ISPs, says FTC

Pseu Donyme

Re: Shared?

I suspect that promises not to sell user data rely on a deliberate misdirection based on a legal definition of selling where the seller transfers all of its rights to what is being sold the buyer for monetary compensation; the data is not sold in this sense, but rather a copy is licensed on a non-exclusive basis (if for money, then it would still qualify as selling in an everyday sense, of course).

Antitrust battle latest: Google, Facebook 'colluded' to smash Apple's privacy protections

Pseu Donyme

re: slowing down and delaying the ePrivacy Regulation

All the more reason to make on-line advertising explicitly and strictly opt-in in it then.

Apple warns sideloading iOS apps will ruin everything

Pseu Donyme

App stores are de-facto monopolies and should be treated as such

While having the ability to sideload on iOS would be an improvement it and 3rd party app stores can't really fix the root problem which is an inevitable tendency to de-facto monopoly. This is because of the network effect where app developers and users attract each other in a self-amplifying loop resulting in one dominating app store, a de-facto monopoly. This is what we have seen with Android where Google Play absolutely dominates. There is no reason to think that things would be different if competition was nominally possible on iOS, on the contrary, an upstart's prospects against the incumbent are dire, practically nil.

Monopolies - whether absolute or inescapable de-facto ones - ought to be run as regulated utilities. Ideally, perhaps, an app store could be a mutual non-profit corporation / co-op controlled by the developers. In practice regulating the current ones, most importantly limiting their commission towards making them non-profit entities, seems like a pragmatic approach.

Patients must know how their health records are used – and approve any sharing for research

Pseu Donyme

re: if it's assumed, it isn't consent

Indeed. The term 'assumed consent' is a reflection of the dishonesty at play here: in honest terms the question is to what (if any) extent patient data can be used *without consent* e.g. to derive aggregated data for research; I'm open to this as long as the aggregated data is derived in a way which precludes any individual's data leaking out, but the discussion as to how to go about it ought to be on an honest basis.

Opt-out is the right approach for sharing your medical records with researchers

Pseu Donyme

re: consent

Assumed consent is not consent, never mind informed consent.

One-size-fits-all chargers? What a great idea! Of course Apple would hate it

Pseu Donyme

re: licencing fees

This is my conclusion as well: petty nickel-and-diming us punters trough third party manufacturers; I have an iPhone as the alternative is a too obvious privacy disaster to be a real alternative*, but this doesn't mean I have to like Apple's petty monetizing (while they are charging a hefty premium on the phone itself).

* sadly, it has become too difficult to find a reasonably cheap off-the-shelf phone to run Lineage (?)

Texas law banning platforms from social media moderation challenged in lawsuit

Pseu Donyme

The mistake

... at the root of this - I'd think - is granting the constitutional right of free speech that properly belongs to a real person to a corporation (just a pile of paper, really, as opposed to a flesh and blood person); in the general case* this leads to a contradiction: when a corporation exercises the right it results on forced speech from the point of view of any shareholders who might disagree, on their dime**.

* i.e. public LLCs whose business and purpose is other than journalistic or political***; those getting involved in such things by buying shares should expect such corporations to exercise the freedom of the press and/or free speech rights on their behalf

** on any controversial subject such disagreement is guaranteed in any sizeable population of shareholders

*** in the US - I understand - much of what would be an association with a political purpose elsewhere is set up as a certain kind of a LLC