(Lack of) Privacy

[Cnut237]

Hi everyone. I've been complaining a lot on here recently about surveillance capitalism, and about Facebook's foray into crypto. I thought it might be worth a quick post for those of you who are outside the EU, and so maybe aren't aware of just how much data all of these websites gather on us, and how much they share it (sell it).

In the EU we are afforded the limited (but welcome) protection of General Data Protection Regulation or GDPR - https://eugdpr.org The aim in theory is to give consumers some measure of control of the data that is held about them, and how that data is used. In practice a lot of companies are sidestepping the 'active consent' element with pre-ticked opt out boxes, or forcing users to either a) one-click to accept data gathering or b) enter a labyrinth of permissions and un-tick every single one, and then visit the website of each named affiliate and repeat the process there, ad infinitum. But at least it is more visible now.

Anyway, if you are outside the EU you may not get even this level of transparency, so I've pasted an example below in case it is of any use. Apologies if everyone is already aware of all this!
I picked a random UK newspaper website "The Sun"...

1) When you enter the site you can either one-click to accept everything, or else edit permissions. There is often no one-tick option to reject everything.


2) Choosing to edit permissions takes you to a page with menu options for other sub-pages, in this case 'strictly necessary' cookies, measurement, content, ads, information storage, personalisation. There is also a wall of text that gives a vague overview to put you at ease... data is "mostly" used to make the site work, information does not "usually" identify you, etc.


3) Choosing to 'view vendor consent' brings up the page below. This is the list of companies with which the website shares your data. Note the scrollbar, this first page only lists up to 'Ab'... there are many many more.

 

[1715417455]

1715417455

[1715417455]

1715417455

[Spendulus]

Hi everyone. I've been complaining a lot on here recently about surveillance capitalism, and about Facebook's foray into crypto. I thought it might be worth a quick post for those of you who are outside the EU, and so maybe aren't aware of just how much data all of these websites gather on us, and how much they share it (sell it).

In the EU we are afforded the limited (but welcome) protection of General Data Protection Regulation or GDPR - https://eugdpr.org The aim in theory is to give consumers some measure of control of the data that is held about them, and how that data is used. In practice a lot of companies are sidestepping the 'active consent' element with pre-ticked opt out boxes, or forcing users to either a) one-click to accept data gathering or b) enter a labyrinth of permissions and un-tick every single one, and then visit the website of each named affiliate and repeat the process there, ad infinitum. But at least it is more visible now.

Anyway, if you are outside the EU you may not get even this level of transparency, so I've pasted an example below in case it is of any use. Apologies if everyone is already aware of all this!
I picked a random UK newspaper website "The Sun"...

1) When you enter the site you can either one-click to accept everything, or else edit permissions. There is often no one-tick option to reject everything.


2) Choosing to edit permissions takes you to a page with menu options for other sub-pages, in this case 'strictly necessary' cookies, measurement, content, ads, information storage, personalisation. There is also a wall of text that gives a vague overview to put you at ease... data is "mostly" used to make the site work, information does not "usually" identify you, etc.


3) Choosing to 'view vendor consent' brings up the page below. This is the list of companies with which the website shares your data. Note the scrollbar, this first page only lists up to 'Ab'... there are many many more.

 

What you are seeing is an example of how law and regulation enables the very activities the public thinks law and regulation works against.

[TECSHARE]

Use script blockers. Only allow the sites you need to in order to have the site function. Problem (mostly) solved.

[Cnut237]

Use script blockers. Only allow the sites you need to in order to have the site function. Problem (mostly) solved.

Yes, there are various things that we can do as individuals to guard against a lot of it. What I really meant by posting was just to highlight exactly what is happening, in case anyone is not aware of quite how pervasive this stuff is. I don't think these companies mind if a small number of people - and it's probably a fraction of one per cent - try to stop them; they are still making money from the 99+ per cent that remains. They would scarcely notice that anyone was trying to block their activities, when the vast majority are either unaware or aren't (yet) bothered.

Whilst it is important for us as individuals to understand what is happening, and to take steps to defend ourselves, it is more important that as many people are aware of this as possible. That's the only way to stop this relentless data mining and behavioural profiling. It needs a big enough objection from the population that these companies have to stop. We've seen the first stirrings of it with the Facebook scandals such as Cambridge Analytica, and with the Toronto Waterfront fightback against Google. GDPR is a first step, but we need much much more.

[iamverybusyperson]

I use: VPN
Firefox with adds like Privacy Badger, Adblocker X, HTTPS Everywhere, DuckDuckGo Privacy Essentials and uBlock Origin
This is enough for me.

[Cnut237]

Thanks, yes, I often use similar. My point in starting the thread was really just trying to highlight what these companies are doing and how pervasive this culture of selling and buying user data has become, as well as how difficult they make it to opt out of everything (and I'm pretty sure the letter of the law is that users should have to take action to 'opt in' rather than 'opt in' being the default). I posted just to highlight this, and in case anyone was not quite aware of the extent to which these data markets are now embedded. I appreciate the advice though on specific methods to combat this as an individual user, so thanks again.

[Naida_BR]

I think that you delayed to realize that our privacy is violate.
Just count how many times you have to press Agree on Terms during your day. Those terms are some conditions that you have to accept in order to let companies violate your privacy. You don't realize it because I think that you don't read the terms but that's how companies do it.

[squatz1]

There are a lot of hackers that can access your personal information and other data so its better to use some hotspot or other VPN programs that can change your IP address so that your privacy is more secured than just search without it. Of course lack of privacy can result to different behavior and most of teenager now needs privacy.

This is one of the things that VPN providers want you to think -- they want you to think that they're providing protection against anything on the internet when in reality all they do is change your IP, and maybe stop some DNS leaking. Which is great for certain things, though you should also be using a VPN in combination with firefox, privacy badger, ad blocking, blocking cookies, etc.

A vpn wont stop the tracking that sites do on you -- but you do have the ability to stop the other things.

[Spendulus]

.... My point in starting the thread was really just trying to highlight what these companies are doing and how pervasive this culture of selling and buying user data has become, as well as how difficult they make it to opt out of everything (and I'm pretty sure the letter of the law is that users should have to take action to 'opt in' rather than 'opt in' being the default). I posted just to highlight this, and in case anyone was not quite aware of the extent to which these data markets are now embedded. I appreciate the advice though on specific methods to combat this as an individual user, so thanks again.

The first thing to do is to not believe ANYTHING these people say in their "privacy policies."

[squatz1]

.... My point in starting the thread was really just trying to highlight what these companies are doing and how pervasive this culture of selling and buying user data has become, as well as how difficult they make it to opt out of everything (and I'm pretty sure the letter of the law is that users should have to take action to 'opt in' rather than 'opt in' being the default). I posted just to highlight this, and in case anyone was not quite aware of the extent to which these data markets are now embedded. I appreciate the advice though on specific methods to combat this as an individual user, so thanks again.

The first thing to do is to not believe ANYTHING these people say in their "privacy policies."

That's a little far fetched too.

Most of the stuff in the privacy policy is going to have to be legitimate and if it isn't you'd be able to go after them in a civil court (highly unlikely anyone would do this, though I cant see why it wouldn't hold up)

Most of the time the privacy policy for people is going to be a COVER YOUR ASS type of thing. So don't expect to see much out of it.

[styca]

Most of the stuff in the privacy policy is going to have to be legitimate and if it isn't you'd be able to go after them in a civil court (highly unlikely anyone would do this, though I cant see why it wouldn't hold up)

I don't know. With a lot of data and tech stuff we are charting new waters. A lot of this, there aren't laws for yet. It's the move fast and break things web-era ethos, do whatever the f--- you like and then ask forgiveness later.

I wouldn't be at all surprised if buried in however many pages of policy is some tiny snippet that essentially says: f--- you, we're going to take your data and make money from it.

[CryptocurencyKing]

Use script blockers. Only allow the sites you need to in order to have the site function. Problem (mostly) solved.

Yes, script blocker works. It prevents unauthorized access of other websites and packages, no ads nor spyware though, it's virtually difficult for biginners. I'll also love to add that the VPN app works too.
Privacy is one basic selling point of many apps, internet packages and network providing companies which should be watched out for as it is very damaging when used wrongly.

[squatz1]

Most of the stuff in the privacy policy is going to have to be legitimate and if it isn't you'd be able to go after them in a civil court (highly unlikely anyone would do this, though I cant see why it wouldn't hold up)

I don't know. With a lot of data and tech stuff we are charting new waters. A lot of this, there aren't laws for yet. It's the move fast and break things web-era ethos, do whatever the f--- you like and then ask forgiveness later.

I wouldn't be at all surprised if buried in however many pages of policy is some tiny snippet that essentially says: f--- you, we're going to take your data and make money from it.

Civil court they're going to need it, see below. But not for the reasons I'm talking about. But still.

https://www.privacypolicies.com/blog/privacy-policies-legally-required/

https://www.swlaw.com/blog/data-security/2015/03/12/why-you-need-a-privacy-policy-part-2-avoiding-three-common-fumbles/

Even so -- if they say in the privacy policy that by using the site you've signed away all rights as a human and that you're now they're slave -- that's not enforceable, like most other egregious violations.

[styca]

Even so -- if they say in the privacy policy that by using the site you've signed away all rights as a human and that you're now they're slave -- that's not enforceable, like most other egregious violations.

I don't think it's a question of being enforceable. It's more that they are doing this stuff anyway and making a shit-ton of money out of it, and then they just mention it somewhere in the depths of the contract, section 47 point 92 sub-clause 8: oh by the way we're fucking you over and there's nothing you can do about it because we're quite open about it we've told you we're doing it right here.

[Naida_BR]

I don't think that GDPR solves any issue around the EU.
The fact that you are not receiving any emails or getting any phone calls from companies that you have not shared your phone number with them doesn't mean that they do not have your phone number.
It is just fake hide and seek game where you think you are hiding but they can find you very easy.

[Artemis3]

Hi everyone. I've been complaining a lot on here recently about surveillance capitalism, and about Facebook's foray into crypto. I thought it might be worth a quick post for those of you who are outside the EU, and so maybe aren't aware of just how much data all of these websites gather on us, and how much they share it (sell it).

In the EU we are afforded the limited (but welcome) protection of General Data Protection Regulation or GDPR - https://eugdpr.org The aim in theory is to give consumers some measure of control of the data that is held about them, and how that data is used. In practice a lot of companies are sidestepping the 'active consent' element with pre-ticked opt out boxes, or forcing users to either a) one-click to accept data gathering or b) enter a labyrinth of permissions and un-tick every single one, and then visit the website of each named affiliate and repeat the process there, ad infinitum. But at least it is more visible now.

Anyway, if you are outside the EU you may not get even this level of transparency, so I've pasted an example below in case it is of any use. Apologies if everyone is already aware of all this!
I picked a random UK newspaper website "The Sun"...

1) When you enter the site you can either one-click to accept everything, or else edit permissions. There is often no one-tick option to reject everything.

2) Choosing to edit permissions takes you to a page with menu options for other sub-pages, in this case 'strictly necessary' cookies, measurement, content, ads, information storage, personalisation. There is also a wall of text that gives a vague overview to put you at ease... data is "mostly" used to make the site work, information does not "usually" identify you, etc.

3) Choosing to 'view vendor consent' brings up the page below. This is the list of companies with which the website shares your data. Note the scrollbar, this first page only lists up to 'Ab'... there are many many more.

This cherry picking permissions sounds a lot of what you can do to all websites if you use the uMatrix browser add on.  This EU law may apply to EU sites, but what about non EU sites? You cannot enforce your EU laws there, they will track you to the ends of the Earth the same. In fact, the cookies thing i found most annoying, and there are specific browser add ons to REMOVE the question about cookies. I mean, I'm not an EU citizen, why would i have to be harassed to no end if i want to accept cookies? Most people should have already made this choice as most browsers still keep the allow cookies option in its config settings.

Besides, if you truly want to evade tracking, you have no choice but to use uMatrix or one of those "privacy modes" that discard everything when you end your session (same as clearing your data before quit). Unfortunately most track evasion goes its merry way once you log in. Especially the likes of Google, Microsoft, etc. Its not just Facebook, everyone seems to want IN the data mining business nowadays. They make you log in your browser, and often in your os.

These laws are on one side annoying, on another ineffective. Politicians simply cannot cope with technology, and they often make things worse. Let me guess, you are going to search these options in every single (EU) web site you visit? At least the uMatrix button is always in the same place, AND works across ALL world websites, not just EU. Yes it may be well intentioned, but dumb.

[squatz1]

Even so -- if they say in the privacy policy that by using the site you've signed away all rights as a human and that you're now they're slave -- that's not enforceable, like most other egregious violations.

I don't think it's a question of being enforceable. It's more that they are doing this stuff anyway and making a shit-ton of money out of it, and then they just mention it somewhere in the depths of the contract, section 47 point 92 sub-clause 8: oh by the way we're fucking you over and there's nothing you can do about it because we're quite open about it we've told you we're doing it right here.

Isn't it fair to just assume that most sites are tracking all of your data and there's nothing you can do about it? They're within their right to use the data that you supply to them, and to use cookies and such.

There's nothing you can do expect not use their service or to block the cookies and such like that.