* Posts by Pseu Donyme

408 publicly visible posts • joined 10 May 2011

Page:

Japan's digital minister declares victory against floppy disks

Pseu Donyme

re: gadgets

Also, not good depending on gadgets for core necessities that can be yanked away by Google/Apple (ultimately under the thumb of a government that could turn more or less hostile after the next election).

Polyfill.io claims reveal new cracks in supply chain, but how deep do they go?

Pseu Donyme

Also, 3rd party resources are suspect data-protection-wise: the 3rd party gets the user's ip-address and the URL of the referring page (at least).

There is even a German court decision against this: https://www.theregister.com/2022/01/31/website_fine_google_fonts_gdpr/

In a nutshell: since a resource can be hosted locally it is not necessary to hand information about a visiting user to a 3rd party and therefore this isn't lawful in the sense of the GDPR Article 6(1), where all subsections (b-f) begin with 'processing is *necessary* for ...' (except the subsection for consent (a), which wouldn't be valid if made a requirement for using a site (Article 4(11), Article 7(4)). (https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679)

Meta will use your social media posts to train its AI. Europe gets an opt out

Pseu Donyme

If you are interested in Noyb's take on why this is patently illegal under the GDPR, see:

https://noyb.eu/en/noyb-urges-11-dpas-immediately-stop-metas-abuse-personal-data-ai

A detailed look in legal terms can be found in Noyb's complaint to the Irish DPC (chosen from the links included in the above because it is in English):

https://noyb.eu/files/meta_ai/complaint_ie.pdf

At Apple, AI stands for 'Apple Intelligence' – and it's coming to everything

Pseu Donyme

I have one question

How do I permanently disable this?

European Commission broke its own data privacy law with Microsoft 365 use

Pseu Donyme

By now it should be abundantly clear that the US Big Tech companies not only don't care about data protection but are built around a business model that make them actively hostile to it; anyone taking data protection seriously can't but ditch them. Instead of fraternizing with the enemy (of data protection) the Commission should be busy looking for and pushing alternatives* which would also have the benefit of increased strategic independence: it is hardly ideal to depend on a de-facto monopoly, much worse if that is a foreign one ultimately under the thumb of an unpredictable government that may very well turn hostile (at the next election).

* The obvious ones would be the existing free / open source projects; a practical policy example would that public monies in the EU could only be used to buy hardware that can run a free & open source OS (such as Linux for PCs or AOSP for phones and tablets)

40 years since Elite became the most fun you could have with 22 kilobytes

Pseu Donyme

re: docking

I still dread the thought. :/ Buying the docking computer ship upgrade automated it and was thus a priority for me early in the game. :)

Pseu Donyme
Unhappy

re: value of Google analytics

I'd argue that this is a very large negative number as a key part of the private surveillance-for-profit-infrastructure the internet is currently plagued with.

Google is changing how search results appear for EU citizens

Pseu Donyme

re: direct hotel booking (with discount)

A measure towards this would be making contractual clauses forcing accommodation providers to offer their cheapest price through a booking site null and void by law.

Pseu Donyme

re: opt-out consent

There is no such thing: having to opt-out == no consent.

YouTube cares less for your privacy than its revenues

Pseu Donyme

Re: Cognitive dissonance

Similar experience with my wimpy 11.6" netbook (Celeron-4M RAM): small, light, runs 10 hours on a charge (so ideal to lug around) also cheap (was 200€ish, which is an advantage in general and also while away from home in that the financial hit wouldn't be too bad if it was nicked or suffered damage while being subject to the tender mercies of luggage handling). This would be practically useless for browsing without ad blocking, but works surprisingly well with with that in place (with a lighter weight Linux such as Xubuntu or Mint XFCE, natch, I wonder how it is even legal to sell these for Windows use).

Pseu Donyme

Different revenue model ...

... is what is sorely needed to replace ad revenue. Thinking of which I seem to recall some Guardian bigwig years ago suggesting an internet tax collected by ISPs where the monies thus obtained would be divvied up by those providing content for profit. It seems to me that this could be improved by a) making it a voluntary extra fee (say 10 $/£/€ /mo or so) which the ISPs would collect and for which the subscriber would get access to paid sites and b) strictly banning all unsolicited ads on the net. An illustrative, simplistic scheme would be giving paying subscribers an odd IP address and everyone else an even one from which a server could instantly tell if revenue from a particular visitor can be expected or not and decline to serve paid content in the latter case. The real problems, of course, lay elsewhere, such as on what basis the money would be divvied up without too much opportunity to game the system, who'd keep the tallies (the ISPs probably?) and how to make sure that only the tallies and not everyone's complete internet access history is collected (and these are merely technical problems as opposed to those on the wider scheme of things). At any rate, some such scheme would provide income from content while - by cutting out the ad-pushers as middlemen - dealing with much of what seems to be at the root what is currently wrong with the internet: the business models based on ad revenue - where the user is the product, not a customer.

Dutch consumer groups sue Google over its entire business model

Pseu Donyme

Re: Waiting for that crippling fine

Indeed, GDPR Article 7(4)*: "When assessing whether consent is freely given, utmost account shall be taken of whether, inter alia, the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract."

GDPR enforcement has been lacking though, the worst offender (as far as the impact goes) is Ireland's DPC** (where Google, Facebook, etc. are domiciled for EU purposes). :(

* https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&qid=1694602882952#d1e2001-1-1

** see e.g. https://noyb.eu/en/just-eu-55-million-whatsapp-dpc-finally-gives-finger-edpb

Rate of disruptive tech and science discoveries has slowed over the decades, claims study

Pseu Donyme

Re: Fewer great developments, or just more crap ones?

I was going to suggest blockchain as well, but I suppose (hope) it is passe already.

Ireland fines Meta $414m for using personal data without asking

Pseu Donyme

Re: Oh yes

The fine is kind of minuscule considering the scale of the breach and that it is a rounding error in Meta's finances. There is a provision in the GDPR for increased fines for repeated violations though, so maybe this can be considered an initial slap on the wrist. What worries me more is that the appeal will probably take years to get through the courts while Meta does its best to make it so and continues as they were; I suspect the order to change their ways within three months is put on hold on appeal as well as the fine (?). Fortunately there is a parallel case by NOYB / Max Schrems on its way to the CJEU already: https://noyb.eu/en/breaking-austrian-ogh-asks-cjeu-if-facebook-undermines-gdpr-2018

Five British companies fined for making half a million nuisance calls

Pseu Donyme

An Ltd is a bit too convenient for deliberate liability avoidance and other shenanigans. Perhaps only publicly traded companies should be allowed to be Ltds i.e. they'd need to be something like limited partnerships (at least some partners with personal liability, crucially) until an IPO and listing at which point the partners would become shareholders of the new Ltd. This might also chill schemes by private equity (and other) masters-of-the-universe as the reverse would need to happen when taking an Ltd private.

Using personal info for ads without consent puts Meta in EU's gunsights

Pseu Donyme

Re: Appeals

The fine could be determined after the final decision by multiplying the original fine by the number of years the violation continued after the first decision? This way there would be more incentive to fix things and less to delay the process.

Pseu Donyme

Re: Who else does this apply to ?

Well, Google not so much, not directly, as they apparently haven't tried the same blatant abuse of contract as legal basis as Facebook / Meta. The general gist of the decision (or what is allegedly known about it; it hasn't been actually published yet) seems to be against anybody's advertising based on profiling without consent though; this is still the core of Google's (Alphabet's) business model and the only plausible rationale for their extensive data collection with Chrome* and Google Analytics** (which is hardly based on consent in the GDPR-sense).

* https://contrachrome.com/

** https://noyb.eu/en/update-cnil-decides-eu-us-data-transfer-google-analytics-illegal

Pseu Donyme

"Meta has the option to appeal both the EDPB finding and Irish DPC ruling, whenever that appears."

Actually, the CJEU General Court has just found that EDPB binding rulings cannot be appealed as such; an appeal may only be made against the DPA decision based on such a ruling. (https://curia.europa.eu/jcms/upload/docs/application/pdf/2022-12/cp220196en.pdf).

130,000 UK businesses sue Google over £13.6B in lost ad revenues

Pseu Donyme

re: Half my advertising spend is wasted

Sounds awfully optimistic.

Microsoft 365 faces more GDPR headwinds as Germany bans it in schools

Pseu Donyme

Re: What about Google's stuff?

Indeed, see:

https://edpb.europa.eu/news/national-news/2022/danish-dpa-imposes-ban-use-google-workspace-elsinore-municipality_en

Nutshell summary: Google is not a viable alternative.

Australian exchange pauses project to move stocks to blockchain

Pseu Donyme

re: slowing down transactions

This could actually have benefits if done right. Consider a stock market where buy and sell bids are paired at the end of the day so that the highest buy bid would be paired for the lowest sell bid at (buy+sell)/2, the pair is removed from the pool and this goes on until either buy or sell bids are exhausted. This would eliminate short term (<= 1 day) trading which destabilizes the market* and leaches money to the short term traders from the rest of the market for no discernible general benefit**. There is no real reason to run the market on a shorter timescale than a day (never mind a microsecond one): it is, after all, closed down during nights and weekends***.

* potentially resulting the rest of the economy going pear-shaped for no good reason (screwing up even those who don't participate in the market)

** except, allegedly, providing liquidity, which this scheme would do as well if not better

*** actually 1-3 times / week seems enough and would result in more stability and effective liquidity (for a stock or bond market, forex might need a shorter timescale (a couple of times / day, maybe))

California to phase out internal combustion vehicles by 2035

Pseu Donyme

I'd hope that the ban isn't on ICE-powered cars as such not to rule out synfuel where the carbon comes from the CO2 in the atmosphere as this seems like a good way to store excess solar/wind electricity for later use.

Pseu Donyme

re: rail

At least there is one out of town even where the ban at issue is prone to result in an adverse reaction.

Behind Big Tech's big privacy heist: Deliberate obfuscation

Pseu Donyme

Re: "a 10,000 word section"

Actually, there should be no need to read these as all processing of personal information should be under fine-grainded opt-in: if you don't opt-in only minimal, strictly necessary processing may take place; in theory the GDPR requires just this, practice (enforcement) is unfortunately another matter. :(

Dutch public sector gets green light to use Google Workspace

Pseu Donyme

This seems about as well considered as putting the worst addict you can find in charge of the drug store.

UK monopoly watchdog investigates Google's online advertising business

Pseu Donyme

What on-line advertising really needs is banning except maybe when it is strictly opt-in: the user should be the customer, not the product. Advertising doesn't even really pay for any services as the cost of it ends up in the price of the products and services we pay for. With the current arrangement we not only ultimately pay in those higher prices, but also pay with a loss of privacy (which is the result of the snooping needed for targeted advertising), not to mention having to endure commercial propaganda (i.e. advertising), being manipulated, misled and misinformed by it. The sane way is paying for the services we use directly, cutting out a bunch of middlemen and restoring a market with competition to the services 'paid' for by advertising - any other claim is just meta-advertising.

When management went nuclear on an innocent software engineer

Pseu Donyme

Re: Which one?

The intense neutron flux causes significant amounts of radioactive isotopes to be created by neutron capture in atoms making up the reactor and its surroundings. Orders of magnitude less of a problem than fission products, of course, but still a problem that has to be dealt with.

Revealed: The semi-secret list of techs Beijing really really wishes it didn't have to import

Pseu Donyme

re: Kylin

The EU would do well with something similar. A supported version of AOSP (with its own app store and possibly other key services) wouldn't go amiss either. The idea with these would be that all software and hardware bought with public monies in the EU would have to support these not that they'd be mandatory to use. Creating some competition like this would be good, as would the strategic independence in case of Trump mk II (i.e. someone not only malevolent but also competent with it) especially considering the cost of a relative pittance.

Campaigners warn of legal challenge against Privacy Shield enhancements

Pseu Donyme

Indeed, stopping data transfers from the EU to the US seems like the only solution (until there is decent data protection legislation on the US federal level - which doesn't seem entirely impossible as the attitude towards Big Tech has soured quite a bit on both sides of the relevant US aisles; moreover, California's attempt toward this seems promising).

Elon Musk flogs $8.4bn of Tesla shares amid Twitter offer drama

Pseu Donyme

Irony

This acquisition is supposed to be about promoting free speech while what it is on Twitter is in fact to be subjected to the whims of a single person.

EU, US close to replacing defunct Privacy Shield II

Pseu Donyme

Blatant mockery of rule of law

This is just an entirely transparent ploy for the benefit the US-based data slurpers (commercial and otherwise) designed to delay a proper solution: decent US data protection legislation (or the more pragmatic one of not sending any personal data to the US in the first place).

I fear the key idea here is to add cost and delay (both approaching infinity) by miring any complaint in the US court system; before a Schrems III case could even be filed in the EU all appeals must probably be exhausted in the US to demonstrate that the this new system is useless (as it is designed to be).

I do hope the EU parliament gets a say and kills this forthwith.

Tech world's Ukraine response mixes evacuation efforts, ad bans, free phones, infosec FUD

Pseu Donyme

re: Russian attack on Ukraine

It is difficult to see any credible rationale* for the attack. How the Ukrainians have rised to the challenge has been absolutely awe-inspiring though. Also on the bright side: this could bring the reign of Putin to an end which would mean a fresh start for the Russians in their relation to the West and in general - the not-so-bright side is of this the extremely high price of this potential improvement falling on Ukraine.

* there is the Russian propaganda, but the only thing it tends to convince one of is that it is propaganda

Website fined by German court for leaking visitor's IP address via Google Fonts

Pseu Donyme

Having waded trough the decision via the link provided I was surprised to see that it did not rely on the Schrems decsions. Instead, since there wasn't consent the defendant tried to rely on legitimate interest but the court ruled that it doesn't apply as the font could have been self-hosted and therefore there was no need to Google to get the IP-address; Google being well-known data hoarder was also mentioned. I'd think the use 3rd party resources might still be legal on legitimate interest grounds if there isn't a straightforward alternative and if the 3rd party could be trusted not to use the IP-address for its own purposes; a contract preventing such use or the 3rd party merely being in the EU or another jurisdiction with sufficient data protection legislation making such use illegal could suffice (in any case 3rd parties located in the US are out though because of the Schrems decisions).

Pseu Donyme

Re: Maybe this fine will start a trend.

From the link to the court decision It seems the 100 € was actually compensation to the plaintiff, not a fine.

IPv6 is built to be better, but that's not the route to success

Pseu Donyme

Re: NAT won't block it.

I'd think a packet bearing a destination address in a private ip block would have trouble getting routed over the internet. Moreover, any decent NAT implementation is likely to take a dim view on (drop) packets coming in from the WAN interface with a LAN destination address.

Pseu Donyme

re: privacy

The privacy concern is why I make sure to disable IPv6 on all kit. Automatic fiddling with the local part of the address doesn't cut it as the network part may well be static and Google etc. are certainly smart enough to figure this out; with IPv4 I can at least force a new dynamic address on a regular basis by presenting a different MAC for the ISP's DHCP server or hide behind CGNAT. Come to think of it, CGNAT or a similar arrangement should really be the legally mandated default for consumer connections, especially with IPv6.

Windows box won't boot? SystemRescue 9 may help

Pseu Donyme

GParted Live CD/USB/PXE/HD ...

... can also come handy with borked PCs, making backup images and such: https://gparted.org/livecd.php

Tougher rules on targeted ads, deepfakes, crafty web design, and more? Euro lawmakers give a thumbs up

Pseu Donyme

Enforcement is the key

This is all well and good, but as we have seen with the GDPR good legislation doesn't matter in practice if it is not vigorously enforced: with GDPR there is something deeply wrong with the Irish DPC which has turned into an advocate and ally of US Big Tech*, which has seriously hampered enforcement as the European HQs of the worst offenders (i.e. Facebook/Meta and Google/Alphabet) are in Ireland and so the Irish DPC is supposed to be the lead authority to rein them in.

* case in point: https://noyb.eu/en/irish-dpc-greenlights-facebooks-gdpr-bypass

Pseu Donyme

The "urging a recipient of the service to change a setting or configuration of the service after the recipient has already made a choice" being verboten -bit sounds like it would do just that (among other things).

Lawmakers propose TLDR Act because no one reads Terms of Service agreements

Pseu Donyme

Re: cookie notifications

It is instructive to consider who actually implemented them and why they chose to implement them in a particular way; EU 'cookie law' certainly didn't require the abusive ones we got, indeed, it required none at all as long as only strictly necessary cookies were used.

Google and Facebook's top execs allegedly approved dividing ad market among themselves

Pseu Donyme

A simple mitigation ...

... for the various abuses (such as this) rising from the current business model would be forcing a more healthy one by making on-line advertising strictly opt-in; the user should be the customer, not the product.

Austrian watchdog rules German company's use of Google Analytics breached GDPR by sending data to US

Pseu Donyme

One has to wonder about Google's rationale for offering GoogleAnalytics as a free service; the obvious one, of course, would be collecting data for their own use. For a page with GoogleAnalytics Google gets the URL of the page and ip-address* of the user and there is a unique per site (first-party) id-cookie expiring in 2 years from last visit. Assuming Google uses these for its own purposes it essentially has everyone's browsing history for the pages using GoogleAnalytics; this works somewhat subtly: as long as your ip-address stays the same it is a perma-cookie in its own right, when it changes, the id-cookies can be used to re-identify an user as soon as a previously visited page with GoogleAnalytics is re-visited within 2 years of the last visit.

* Google can always store this as is for its own purposes regardless of ip-address obfuscation

US watchdog pokes Facebook a second time: Meta faces fresh monopoly lawsuit

Pseu Donyme

Re: Network effect at work

The premise is that there is an inescapable monopoly i.e. no competition to begin with so all that can be done is to regulate the monopoly to limit its abuse. Ideally, perhaps, competition could be brought to the user-facing part resulting from the split suggested above, but the core part would still have to be a regulated utility completely independent from Meta.

Pseu Donyme

Network effect at work

The sort of thing Facebook is ends up as a monopoly because of the network effect where, in essence, users attract each other and where a competing upstart wouldn't get anywhere as the people you want to aren't there; as a natural monopoly of a sort it ought to be run as a public utility.

An ideal approach could be splitting Facebook itself into two parts:

- a regulated utility providing the technical core of the service on a common carrier basis, and

- an user facing part operating under competition

i.e. the former would used trough a well-documented API by the latter which would be just one of competing implementations paying fees to the regulated part. In practice, I suppose, regulating the existing monolith will have to do. Also, there is obvious opportunity to improve competition by cleaving off Instagram and WhatsApp.

Nothing's working, and I've checked everything, so it must be YOUR fault

Pseu Donyme

Perish the thought

I fear you might also suggest that there could be some reason for my hair having gotten grey other than having to give up creosote shampoo due the EU ninnies banning it.

Pseu Donyme

re bad printing on fuses

What is more it seems to have gotten worse and worse over the years. A few decades back this wasn't an issue at all, then I started to notice that I need to bring these under a bright light and lately it has gotten so bad that I had to add a pair of reading glasses to the toolbox in case I run into these. No doubt this is because the molds or whatever the metal tips made with are crude Nth generation copies of the originals.

It takes more clicks to reject their cookies than accept them, so France fines Facebook and Google over €200m

Pseu Donyme

re legitimate interest

Come to think about it, 'legitimate interest' has no business being mixed with cookie consent: the EU 'cookie law'* requires consent for storing cookies on user devices, there is no alternative to consent such as legitimate interest or other GDPR Article 6(1) lawful basis.

* ePrivacy Directive (2002/58/EC) amended by Directive 2009/136 with the CJEU Planet 49 (C-673/17) decision (with the latter bringing in GDPR consent; as such the ePrivacy Directive predates and is distinct from the GDPR)

Pseu Donyme

Re: Saying "no cookies" involves setting a cookie

Quite, as long as this is framed as opt-out instead of opt-in; with opt-in the cookie would be needed to store the fact that the user has in fact opted in (including to storing the opt-in cookie itself). Opt-in, of course, is the proper, GDPR way of doing things. Besides, most anything really necessary can be done with session cookies which don't fall under the EU 'cookie law' / ePrivacy Directive as they are by definition not stored on user devices (this, of course, hangs on the exact meaning of 'store' in this context; given that the legislator's intent here is protecting privacy by preventing tracking allowing session cookies without consent seems reasonable as they aren't much good for tracking).

Pseu Donyme

Re: Why it has taken so long

The 'cookie law' is actually EU Directive 2009/136, an amendment to the ePrivacy Directive (2002/58/EC) so it dates back to 2009. However, at the time it was - unfortunately - left open what exactly consent for storing cookies on a user device means and so the likes of Google and Facebook came up with the aggressive interpretation that things like 'consent' banners with only an ok-button would do.

Eventually (01OCT2019) there was the CJEU Planet 49 (C-673/17) decision though: GDPR consent rules apply to cookie consent. So it seems it took about two years from that to a decision by the CNIL. This doesn't seem too bad given that Google and Facebook have likely worked hard to delay it; now, of course, they will appeal and will no doubt work even harder to drag that on as long as possible.

Wi-Fi not working? It's time to consult the lovely people on those fine Linux forums

Pseu Donyme

Re: Similar problem with a moped

A rented scooter in Greece: turns out the start button has no effect unless one of the brake handles is depressed enough to activate the brake light switch.

Page: