119 posts • joined 10 May 2011
Re: What has it got on its serverses?
>... then what's the problem?
Maybe that the data was supposed to be strictly confidential, accessible to named individuals within PA Consulting only? Instead, a company with the business model - in essence - of violating privacy for profit on a massive scale was given a copy. It does not help that Google fancies that the EU data protection law does not appy to them (on record, no less: http://www.cnil.fr/linstitution/actualite/article/article/google-failure-to-comply-before-deadline-set-in-the-enforcement-notice/).
> ... the market ...
Indeed, the market, competition. I'd give it a try before dusting off Das Kapital. Hence ODF.
>... The French are being plonkers, IMO.
I wouldn't say that it is only a) about the combining of data (new TOS) and/or b) the French (CNIL).
See the letter to Google from OCT 2012, signed by just about every (?) EU data protection authority: http://www.cnil.fr/fileadmin/documents/en/20121016-letter_google-article_29-FINAL.pdf (from http://www.cnil.fr/english/news-and-events/news/article/googles-new-privacy-policy-incomplete-information-and-uncontrolled-combination-of-data-across-ser/)
Likewise I have a timer switch that turns the router off briefly in the wee hours combined with a startup script that pulls the MAC for the WAN port from /dev/urandom (on dd-wrt). With the browser clearing cookies, local storage, cache etc. on exit this should keep Google and its ilk at least somewhat in check as far as tracking goes. :)
As a (partial) solution by other means, ISPs could offer privacy options (that might be enabled by default for the great unwashed), such as NAT (effectively destroying the association with an IP-address and a particular user/device, already widely used with mobile data) and mapping known ad servers and other trackers to 127.0.0.1 (or similar) in DNS (akin AdAway / custom hosts file).
Re: Its like when you have proof that a politician is lying...
>...how do you propose any nation "punishes" the US?
In this particular context eliminating US tech products from official or infrastructure use by law would seem to have merit: a fair and prudent precaution also amounting to punishment.
I'm afraid the reality of it is that the big US corps don't actually give a hoot about privacy (if there is money to be made). Case in point: Google's current troubles with CNIL and other EU data protection authorities.
Realistically, though, we are going to see no such thing. Instead, Google will either relent soonish and start following the law or be forced to do so after a (more or less prolonged) court battle. Although the initial fines may be of no consequece to them as such, they cannot simply pay and continue to operate as if nothing had happened as this would amount to an admission of guilt and continuing breaking the law, which, in turn, would just result in litigation, criminal and civil, from the hopeless position of having admitted guilt and continuing with the offense.
I don't think they can 'move out' without giving up the European business (i.e. ad sales) at the same time. Hence there no real change of them 'moving out'. Also, currently their global tax shenanigans are based on having a presence in Ireland and the Netherlands.
Re: Big consequences?
>If they were to win this lawsuit that would surely put paid to any
>e-mail anti-spam and anti-virus scanning at the server level?
Not really, as long as no information about the scanned emails leaks from the scanning process (i.e. is kept in a form that may allow linking it back to sender / recipient(s)).
Re: Implied consent
I'm not so sure of that, even for Gmail account holders: Google's privacy statement and/or Gmail T&Cs do not explicitly mention scanning emails for profiling (for advertising) or at least finding that takes quite a bit of interpretation, which makes meaningful consent rather suspect. As for senders from other providers, there is not even that.
A crime, plain and simple.
Re: Death penalty for companies
... or maybe a categorical marketing ban for a fixed period? (akin to prison sentence, could come with a probation period too)
The companies no longer deny any knowledge of PRISM (which - I seem to recall - was their initial position).
Re: Schultz A lot of frustrated officials
>If it turns out this use of the law was "Legal" then I guess that law will
>have to go, as it is clearly too widely defined and abusable.
Quite. Here the scandal may not be that what was done was illegal, but that it may have in fact been legal.
How about Apple putting some serious resources into Wine? This should have interesting implications beyond running native Windows apps on Mac OS. :-)
Re: He actually said that ?
>special attention and harassment
Like that previously applied to Laura Poitras (Glenn Greenwald's (mostly) silent partner in reporting the Snowden leaks)? (see: http://www.nytimes.com/2013/08/18/magazine/laura-poitras-snowden.html )
Google is not opt-in as far as its data collection via its ad services, Google Analytics and G+ goes. In fact, even opting out from these is difficult if not impossible.
"A huge break in trust and confidence"
Indeed. Fortunately there was this chap with enviable intergrity to blow the whistle on it.
Re: What's the problem?
Re: What's the problem?
The problem is that Google, in essence, sees fit to collect whatever it can get, use it however it pleases, keep it as long as suits their fancy and give (trade / sell) the information to whoever it chooses*. This is incompatible with the EU data protection regime which requires consent to data collection and use, and a detailed description of the same as a basis of such consent (i.e. there can't be meaningful consent without the details).
I have been wondering whether Google is just arrogant (and ignorant/stupid) or arrogant and unscrupulous here. I would presume the latter: they probably figure that by effectively ingoring CNIL and the other data protection authorities they can keep doing what they are doing for a substantial while longer and maybe even get a break ot two in the court(s) where this is going to end up. At any rate, it seems ill-advised to blatantly disregard the EU data protection laws, if only because the likely outcome, a court decision finding (some of) their current practices illegal and the publicity arising from the proceedings; Google's business model rests firmly on the deep ignorance of the general population (most of whom wouldn't have the slightest idea of, say, what a cookie is).
Exceptionally worthy article, quality discussion.
Re: IRS Would Like to Tax the World
As it is they might be inviting a lawsuit for damage due to lost goodwill or because shareholder money is sitting idle instead of having been doled out as dividends (which, after all, is supposed to be the point of being a shareholder).
Re: If you want to see some of the tax money...
Alternatively, give advance notice that there will be rate hike next year. Amounts to the same thing without loss of revenue.
Re: Dear Appletards
The problem with that is you really can't avoid Google's ad-pushing services (and Google Analytics) on 3rd party web pages. These are (or can be) used to collect profiles as well (IPs which Analytics collects and keeps are as good as cookies in most cases, or actually better in that they are globally unique identifiers at a given point in time).
Since I didn't see it explicitly mentioned I'd like to register my displeasure with a) the disdainful attitude these US companies have towards EU privacy law, which amounts to b) pushing the US law (lack thereof, really, when it comes to privacy) unto us.
If this was only about collecting profiles for on-line advertising, something like do-not-track might be good enough. However, the underlying general issue is privacy in a world where collecting, combining and looking up information on an individual has been - and continues to be - completely transformed by technology, hence something along the lines of a blanket ban on collecting and using information that *might* be personally identifiable is needed. This would then have narrow exceptions, most importantly allowing collection and use with consent (= opt-in) with the provision for opt-out later (= the right to be forgotten i.e. having the data relating to you deleted, or, failing that due to technical or legal reasons, only used as strictly necessary for those technical or legal reasons).
A bottom-line hurting fine would seem deserved and necessary or else the essential take home message is that EU competition law and the authorities enforcing it need not be taken seriously.
> "may appear extremely rich or altogether distasteful to some"
Something sort of akin to a wee bit of not totally unlike that, yes.
Re: This is serious
I do agree about the demise of proper journalism being a serious issue. I wonder whether a viable micropayment sceme where you'd conveniently pay a couple of cents / pennies /per article as you go would make a difference. (This was talked about in the 1990s if not earlier, still no such thing, apparently? Technically, at least, it shouldn't be that much of a problem ...).
Currently it would seem that on-line advertising is in for a rough ride. End-users can effectively filter it out and increasingly do, for perfectly good reasons (such as privacy concerns, avoiding annoyance, faster load times, ...). If this means the demise of advertising in general down the line, it might be just as well: advertising is commercial propaganda, where the punter pays for being manipulated and misinformed (as a part of the price of a product or service). Also, it is worth noting that such propaganda undermines the premise of well-informed parties on the 'free market' i.e. in its current form advertising or marketing in general amounts to a serious systemic problem in a market economy.
A related thought: How do you trust a professional propagandist to give you accurate information when buying the services of the same or contemplating doing that?
A revenue-friendly alternative
... to a tax holiday would be raising the tax rate and announcing this well ahead of the change taking effect :).
Re: Perfect Example
A counterexample: the private healthcare system in the US vs. the public ones in the rest of the 'advanced' countries: in the US this takes ~18 % of GDP, OECD average is ~10 %, yet ~50 million people in the US are not covered.
A good start would be legislation making it a serious criminal offense to collect, keep, release, receive, process or otherwise use any data where there is any possibility that the data could be connected to a person, living or dead, unless:
1) The data is strictly needed to provide a product or service requested by the aforementioned person, and
2) The aforementioned person has given explicit, informed consent to the aforementioned use, and
3) The consent mentioned in 2) can be withdrawn at any time with the effect that the aforementioned data is kept and used only as strictly necessary for technical reasons or to fulfill a legal obligation.
(There would need to be exceptions for things like government records (tax, court / criminal, ...), credit information and such of course ... 'technical reasons' above is intended to include backup tapes and such ... )
Re: Still haven't separated OS and Data
I wanted to move the profile directory (Windows 'home directory') to another 'disk' (drive letter) with a Virtual Box installation I set up for running Lightroom on XP on a Linux host. I wanted the OS disk (C:) / image file to contain the barest minimum of stuff so that it would be easy to back up, while all the user data was to go on what XP sees as a network drive provided by Virtual Box, in reality a directory on the Linux side for easy access and backup (from the Linux side). The short of it is that it apparently couldn't be done.
The registry edit relocating the profile directory didn't work for a network drive, nor did junctions*. I suppose setting up a samba server on the Linux side for the profile directory might have worked, I didn' t try that as it seemed far too complicated for such a simple thing.
For my purposes moving the 'My Documents' directory to the 'network drive' was good enough and for this the Virtual Box network drive worked ok: it seems Lightroom puts most of its data there by default**. Lightroom gave me trouble about its 'catalog' (picture database) though, it didn't like this being on what seemed like a network drive to it. Turns out one can overcome this by using 'subst'***, which apparently always appears a local drive.
* I seem to recall the target should have been on a NTFS partition on a local physical disk.
** The only exception, I'd recall, was the raw converter cache, which, of course, was configurable from within Lightroom.
*** That is, 'My documents' is on the drive created by 'subst', which, in turn points to (a directory on) the 'network drive' provided by Virtual Box, which, in reality is a directory under my home directory on the Linux side (where I can use symbolic links to further map things around.
I'd rather not have Google collecting a profile on my web searches, page visits and whatnot. Hence I'd rather avoid being constantly logged on to a Google account (which the app store requires) which (greatly) facilitates their data collection. I'm even more reluctant to give Google the opportunity to tie my real world identity to such a profile. Hence the change to conveniently get apps from Amazon and even (maybe) to buy some as well as other content is welcome; I don't think I would have ever bought anything from Google Play, as that would have meant giving out my credit card information (i.e. my real world identity).
'Modern UI' ... I guess that makes the current one 'Retro'.
Re: Not due process
Indeed. Rejecting ACTA is absolutely necessary, if only not to encourage similar attempts in the future.
AFAIK ... it is a parilamentary system: 'cabinet' (commission) proposes 'laws' (directives, regulations), these must pass the 'two chamber legislature' (EU Parliament + council of ministers). Also, the commission needs the 'confidence' of the parliament: the parliament votes on the approval of the roster of commissioners, (in theory) there could also be 'a vote of no confidence' dismissing the commission in mid term.
The point of outsourcing pretty much: get <something> without having to care / being responsible as to how <something> is produced.
Summary: bitch, moan, whine, whine.
So they intercept the HTTP requests (replies?) and add (substract) their own stuff (headers at least)? (If so one wonders to what end and with what excuse.)
The *really* worrying aspect of ACTA is that what amounts to legislation can so effectively pushed by a handful of US trade associations, in secrecy and under false pretenses.
>Seriously though, what the hell is going on in that country?
A theory: vile, cynical propaganda making use of ignorance and prejudice for political gain with the ultimate motive of financial gain (i.e. greed) and power for its own sake.
- Vid Hubble 'scope scans 200,000-ton chunky crumble conundrum
- Bugger the jetpack, where's my 21st-century Psion?
- Google offers up its own Googlers in cloud channel chumship trawl
- Interview Global Warming IS REAL, argues sceptic mathematician - it just isn't THERMAGEDDON
- Apple to grieving sons: NO, you cannot have access to your dead mum's iPad