* Posts by Pseu Donyme

404 publicly visible posts • joined 10 May 2011

Page:

UK Information Commissioner OKs use of phone data to track coronavirus spread

Pseu Donyme

Color me confused

There really isn't such a thing as anonymized location data on the individual level: in most cases looking at the locations where one usually spends the night (home) and the day (home, work, school, ...) will offer enough clues to identify one.

How's this for a JEDI mind trick? AWS waves hand, has Uncle Sam 'reconsider' $10bn contract award to Microsoft

Pseu Donyme

As an aside it occurred to me that a cloud provider will no doubt work relentlessly to lock in any customer in a number of ways and likely succeed. After which it is just about tightening the screws for as much money as can be squeezed out. Which will be plenty when the customer is a government; in effect the power to tax has been handed to a for-profit corporation.

Microsoft's Bill Gates defrag is finally virtually complete: Billionaire quits board to double down on philanthropy

Pseu Donyme

Bill epitomizes what is wrong about 'capitalism' as currently implemented*: he got financially rewarded beyond belief for substantially holding back progress in a critical field of technology (thereby screwing up the humankind in general).

* a hint for a fix: thou shalt not suffer a monopoly

Australian privacy watchdog sues Facebook for *checks notes* up to £266bn

Pseu Donyme

re inadequate fine

I wonder if a similar arrangement could have been (or could still be) used with the old EU data protection regime: while the maximum fine might have been £500 000 or similar amount, insignificant to the likes of Facebook, could this have been applied for every individual violation i.e. user whose rights were violated? With the likes of Facebook these are in the millions and even 1 000 000 x 500 000 = 500 bn, which should get their attention.

You've duked it out with OS/2 – but how to deal with these troublesome users? Nukem

Pseu Donyme

Re: Timing is off..

>IBM PC user manual

I seem to recall it was the Technical Reference*, Appendix A. Also, importantly, there was a documented, cleanish** API to the BIOS - a hardware abstraction layer of a sort - via software interrupts with registers used for parameters and return values.

* http://www.retroarchive.org/dos/docs/ibm5160techref.pdf

** In practice the IBM PC programming interface included much of the memory map and hardware details as BIOS variables, frame buffers, i/o port mappings and such were often used directly in application code (these too were documented in the Technical Reference)

Grab a towel and pour yourself a Pan Galactic Gargle Blaster because The Hitchhiker's Guide to the Galaxy is 42

Pseu Donyme

Re: Remember the Philosophers

I'm afraid it does; I take this opportunity to condemn the mice for having taken the piss by installing him in his current position.

Now Internet Society told to halt controversial .org sale… by its own advisory council: 'You misread the community mindset around dot-org'

Pseu Donyme

Endgame ?

Given the buyer's relatively modest total assets compared to the size of the deal this looks like a typical private equity leveraged buyout, in which case the goal tends to be loading the target with as much debt as possible - I suppose the .org cash flow would support quite a bit (?) - and then siphoning off the money as dividends and consulting fees, leaving a wreck ripe for bankruptcy (and, in this case, possibly a taxpayer bailout as a part of vital infrastructure).

Pseu Donyme

I'm glad

There seems to be hope still that you don't get away with openly stealing the very thing you were supposed to guard.

Protestors in Los Angeles force ICANN board out of hiding over .org sale – for a brief moment, at least

Pseu Donyme

Re: Appearance of impropriety

Indeed, public trust breached for personal gain. Moreover, in this particular case the breach is so utterly blatant that it would, sadly, warrant putting the culprits against the wall without further ado. :(

EU court rules Right To Be Forgotten doesn't apply outside member states

Pseu Donyme

On a related note

An issue relevant in this context is that exporting personal information from the EU is restricted by the GDPR; while Google is required to honor the right to be forgotten as such only "inside the EU" it is hard to see how search results by a person's name with hits on a server inside the EU* could be provided to a search user outside the EU without exporting personal information** from the EU.

* which is where any information about an "EU person" is likely to be

** at the minimum the name of a person at some point

Pseu Donyme

re: "inside the EU"

My understanding is that "inside the EU" applies if either the server or the user (= browser / device / ...) is inside the EU as personal data is then processed physically inside the EU; the domain trough which search is used is irrelevant as such.

Irish data cops are shoving a probe right into Google's ads

Pseu Donyme

Re: That woulda be a spicy tamale

Where the money goes doesn't really matter as long as an offender is hit hard enough to deter them (or any potential offender) from breaking the law in the future. I suppose the money from a GDPR fine goes into government coffers in the issuing country (as is the case with fines in general), hence taxes on the populace can be a smidgen lower (and/or their tax financed services better) down the line - this in addition to the benefit of them actually enjoying their right to data protection due to GDPR being enforced (as with other protections enshrined in law).

Google rolls out Android Easter Egg for Europe – a Microsoft antitrust-style browser, search engine choice box

Pseu Donyme

Google (Alphabet) should really be sliced and diced into smaller independent companies exposed to competition*, or, failing that, regulated as monopolies**. A key thing here is removing the cross-subsides between the component parts of Google so that competition could emerge***. Regulating monopolies is necessary as such; in this case the regulators should be especially careful to prevent a monopoly from being used for an advantage in another market / business area****.

* I suppose this might work for things like search or email, at least if the users paid for the service as this would create a straightforward market; micropayments could work for search, subscription works for email

** Android as an OS, and its app store certainly fall in the latter category as natural monopolies (both created and maintained by the network effect)

*** further action might be required for competition to actually emerge though, such as further splitting a subsidiary split from Google into two or more separate companies competing with each other

**** e.g. using monopoly profits to price out competition in another market or using an OS monopoly to push other products and services of the OS vendor

UK MPs' disinformation sub-committee is sure to bring Facebook chief to heel (in Opposites Land)

Pseu Donyme

Re: call on Facebook to ditch its appeal

>Precedent.

Also a longer rap sheet, which means bigger GDPR fines, and, in general, the regulators and courts having a dimmer view of them.

Pre-checked cookie boxes don't count as valid consent, says adviser to top EU court

Pseu Donyme

Re: "I don't care about cookies"

This also exists for Firefox. Seems to eliminate most (not all, but there seems to be an option to report where it doesn't work presumably so that the developer can see if a rule or somesuch could be added to it make it work).

Pseu Donyme

Re: Not quite the same issue

A variation of this I have seen lately with embedded Twitter content is getting a message complaining about disabled 3rd party cookies instead of the tweet. This sort of thing seems like a violation of GDPR as consent is not considered freely given if made a condition for providing a service (GDPR Article 7(4)).

In a humiliating climbdown, Facebook agrees to follow US laws

Pseu Donyme

Re: None!

Heresy! Sacrilege! To which I'd like to add: how about outlawing all advertising with which there is any change whatsoever that it could be seen by someone who had not specifically requested it. This would seem like a simple way of removing the incentive to snoop us at every turn and, on a more general level, pervert the internet and with it the wider economy with business models detrimental to the consumer (i.e. us plebs).

Brexit text-it wrecks it: Vote Leave fined £40k for spamming 200k msgs ahead of EU referendum

Pseu Donyme

Re: 3 choices

A ranked choice (instant runoff) vote should work with this.

Click here to see the New Zealand livestream mass-murder vid! This is the internet Facebook, YouTube, Twitter built!

Pseu Donyme

Re: I disagree completely with this

>Which countries' laws? ...

To me this seems awfully simple, really: if you want to do business in a jurisdiction you do it by their laws or not at all; in case the laws conflict you need to choose where you do business.

Let's face it. We need to face up to facing off with face-recog tech, say US senators: Bipartisan AI privacy law proposed

Pseu Donyme

Re: UK similar

The people who happen to be present (if any) being able to see you is one thing, being recorded and the record used for whatever purpose - potentially forever - is quite another.

A few reasons why cops didn't immediately shoot down London Gatwick airport drone menace

Pseu Donyme

Also, I would imagine that rifle sights set for a bullet trajectory roughly in the horizontal plane are off for a one that is closer to vertical, especially at distance.

Pseu Donyme

Re: How about a high power laser burst ?

A tractor beam would seem more elegant.

2018 ain't done yet... Amazon sent Alexa recordings of man and girlfriend to stranger

Pseu Donyme

Re: More questions than answers...

>Does the GDPR require this?

Certainly not; it is difficult to see how Amazon's merely having the copies is not a gross violation (of the principle of data minimization and the requirement for explicit, informed consent for starters).

Google settles Right To Be Forgotten case on eve of appeal hearing

Pseu Donyme

Re: Question

The thing is that even if something is a part of the public record or otherwise public, it still cannot be handled willy-nilly over here in the EU. This is a data protection issue: personal data may only be processed* with the consent of the person in question unless there is an exemption. Processing for public record falls under the required-by-law-exemption, likewise Google needs an exemption to process personal data without consent (which, obviously, there wasn't in this case). The issue was whether Google's processing for search would have fallen under the public-interest-exemption; here "the right to be forgotten" comes in to play when something is no longer considered relevant to public interest.

*per the original data protection directive (now replaced by the GDPR) processing means "any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction"

US told to quit sharing data with human rights-violating surveillance regime. Which one, you ask? That'd be the UK

Pseu Donyme

Re: ECHR is not part of EU

Quite, but the former is required to be in the latter.

What a meth: Woman held for 3 months after cops mistake candy floss for hard drugs

Pseu Donyme

Re: Re; Moral

>I strongly suggest to get out while you still can.

Indeed: a border wall paid for by the Mexicans is starting to look increasingly likely. Not on the US side of the border though.

Brexit: UK will be disconnected from EU databases after 2020

Pseu Donyme

re: Scotland

It seems that an alternative to Brexit would have been England and Wales leaving the UK while Scotland and NI would have remained thereby remaining in the EU as well (I seem to recall this was what the voters in the respective parts wanted). Actually, I think there would have been precedent for an even better trick: if memory serves Greenland left the EU while remaining a part of Denmark.

Pseu Donyme

Re: Wah wah waaaaah!

>And the NHS will get an extra £350 million a week, remember.

With the £'s exchange rate and with that its purchasing power falling like it is currently does this could actually come to pass (if the NHS is to be funded at the current level in inflation adjusted terms, that is).

UK data watchdog fines Facebook 17 minutes of net profit for Cambridge Analytica brouhaha

Pseu Donyme

Re: Reciprocity

>UK cases being detained Chinah? really?

You are right, of course, this seems far too lenient. How about Saudi Arabia though?

Pseu Donyme

Re: 500k!!!

While the fine is indeed of no consequence to Facebook as such, their prior infringements should weight against them when* the GDPR is applied to their misdeeds in the future, resulting in higher fines. As it happens there is an explicit provision for that in Section 3 Article 83 (e) (https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679).

* I have little doubt that "when" not "if" is appropriate here.

So, about that Google tax on Android makers in the EU – report pegs it at up to $40 per phone

Pseu Donyme

Re: Time to ban Google outside of America?

> ... charity to countries ... to directly milk money out of schools ...

Google's involvement in education with Chrome OS and/or a package of services such as Google docs / gmail etc. would seem just such a thing. While there may be no money from this directly, the rationale of herding children into the system be exploited later is obvious enough.

Pseu Donyme

This is just exploiting their dominating market position in a different way i.e. placing an extortionist price on a key bit of Android infrastructure (Play Store) Google has managed to monopolize* while pushing their other wares and services on the side, and, moreover, making that so expensive that it is still really a non-option. An indication of how perverted the market** here has become is that Google can even contemplate to ask for an extra fee for including something that is actually their biggest direct source of income from Android: under any sort of normal circumstances *they* would be paying to make sure that sort of thing got as wide distribution as possible.

* in general an app store is a natural monopoly waiting to fall to some monopolist because of the self-amplifying feedback loop of: more users -> more developers -> more apps -> more users ... this time it didn't take much effort on Google's part as they got to ship theirs as the only option with every Android phone and competition never emerged before it was too late

** not really a market, at least not in the sense that a market is supposed to be something where vendors compete for the favor of customers, instead a complex tangle of cross-subsidied products and services where competition has no realistic change of emerging

Stroppy Google runs rings round Brussels with Android remedy

Pseu Donyme

Re: I trust Google more than the EC

>At least Google are honest about their data collection intentions

I have to disagree: they have consistently been pretending to be entirely benign while hiding behind vague T&Cs and only admitting to their slurpy ways after having been caught with their hand in the cookie jar (if then).

Pseu Donyme

Re: Ha

>They cant. Simply people buy what people want to buy.

Not really: Google already has a dominating market position and people can only buy what is available.

In retrospect the current situation was inevitable as it was with Microsoft and Windows: a natural monopoly tends to emerge around an OS because something akin to the 'network effect*': there is a self-amplifying feedback loop where more application software for an OS attracts more users which in turn attracts more developers to the platform which means more applications which means more users which means more developers which means more applications which ... Only this time the situation is more complex and hence worse, because Android is "free" (and even nominally "open"**) i.e. Google pays for it with its ad revenues which means that a competitor with anything resembling a level playing field cannot emerge unless it somehow manages to put together a similar tangled web of mutually supporting services and revenue sources from the ground up which might be nominally possible, but isn't going to happen in practice.

The trillion dollar question - an elegant answer to which would also guarantee a Nobel price in economics - is how to tackle a market failure like this.

* originally - I seem to recall - from telephone networks where the value of such a network to the user depends on the number of other users (to talk to) and so one network will end up as a monopoly for which it is practically impossible to create competition from scratch

** in reality it is neither free or open any more: ultimately it is paid by consumers with both loss of privacy and the price of advertising baked in the price of products and services, also Google has actively perverted the original concept of an open platform by making apps depend on their proprietary SW components and services (most importantly the Google Play app store which even in isolation tends towards a natural monopoly, again, because of the network effect: more apps in Google Play (exclusively) -> more users of Google Play -> more developers using Google Play (exclusively) -> more apps in Google Play (exclusively) -> ... )

It's a cert: Hundreds of big sites still unprepared for starring role in that Chrome 70's show

Pseu Donyme

I'm not entirely convinced that forcing the use of https everywhere is such a good idea. Right now this means that I can't check out bus schedules on titsa.com without passing the gauntlet of adding a security exception to Firefox. While this seems like a miscofiguration on TITSA's part (or, indeed, maybe them using one of these dodgy certificates) protecting my browsing of bus schedules doesn't seem to merit the added complexity and overhead to me: this should be a user choice i.e. typing http/https as desired (and maybe a browser setting for the default, which could be https out of the box by all means), not something that is forced on me whether I want it or not, or indeed, whether it works or not.

I suppose there is more of a point to https everywhere in the US where the ISPs can sell their customers out; this is probably why Google has been a proponent as they'd rather not have the competition.

EU watchdog sniffing around Amazon's merchant data collection

Pseu Donyme

Re: GDPR ?

>Using it for analytics to help improve their business is also allowed.

If personal information is processed with the justification of carrying out a contract then it may only be processed for that purpose. Doing anything else with it - such as "improve their business" - needs a separate justification, usually consent. The legitimate interest justification could apply, but there is apparently a high bar to using it* - as there should be lest this becomes a general purpose loophole that'd make GDPR internally inconsistent and effectively null and void.

* https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/legitimate-interests/what-is-the-legitimate-interests-basis/

Google bod wants cookies to crumble and be remade into something more secure

Pseu Donyme

On a related note

The defaults on all browsers to ought to be: session cookies only, no 3rd party cookies.

Facebook insists it has 'no plans' to exploit your personal banking info for ads – just as we have 'no plans' to trust it

Pseu Donyme

This reminds me of Facebook's lying about what they were going to do with WhatsApp's data after the merger (the EU even fined Facebook for this: https://www.theregister.co.uk/2017/05/18/ec_fines_facebook_110m_for_wrong_info/ )

Thomas Cook website spills personal info – and it's fine with that

Pseu Donyme

re: Spies Denmark

For a second I was wondering what the local Google affiliate was doing in a list of travel agencies.

UK privacy watchdog to fine Facebook 18 mins of profit (£500,000) for Cambridge Analytica

Pseu Donyme

While the fine in itself is of no consequence to Facebook this may still come back to bite them down the line: I'd imagine a legal argument against, say, Facebook like / share buttons all over the place would be bolstered by pointing out repeated prior violations.

Facebook, Google, Microsoft scolded for tricking people into spilling their private info

Pseu Donyme

The default should be no slurp whatsoever. Moreover, no active measures on the part of the would-be slurper to induce the end-user to change that i.e. a facility to opt-in may exist, but the end-user must find and use it on their own.

Pseu Donyme

Re: None of them does

>You opt-in by using the service.

Under the GDPR it doesn't work like that: making the provision of a service conditional on consent to process personal data invalidates the consent (Article 7(4), recitals 42-43 : https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32016R0679 )

GDPR forgive us, it's been one month since you were enforced…

Pseu Donyme

Re: Washington Post

I saw this too: no 3rd party tracking is promised only as a part of the most expensive subscription. This is in breach of GDPR as giving consent may not be a precondition to providing a service, nor can there be any other disadvantage to those who decline to give consent. (Article 7 point 4, also see recitals 42-43 : https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679, see also: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=623051 )

It also occurred to me that this sort of thing requires using location information which supposedly required explicit consent even before the GDPR.

Facebook puts 1.5bn users on a boat from Ireland to California

Pseu Donyme

Re: Farcebook

Also, Facebook is in a business, which is a natural monopoly due to the network effect i.e. a service like it is more valuable to its users the more users it has (like a telephone network where the one with more subscribers is the more useful one): there is a positive feedback loop luring more users (from other similar services) to the biggest one until there is no competition to speak of. This not only means that the first provider to get beyond some critical size is likely to become a de facto monopoly, but also that it is practically impossible to outcompete the monopolist after this. Also the monopolist, as in here, tends to be in a position to buy out or otherwise neutralize anyone who might try, just in case.

Pseu Donyme

> ... too many users who just don't seem to care.

Because they have no idea there is an issue, never mind knowing what it might be (?).

Pseu Donyme

Re: It goes from bad to worse.

>A user in China or Africa cannot claim EU GDPR rules, just because their data is held in Europe.

Actually, I'm not sure of that: as long as the 'processing' in the sense of GDPR (including merely storing it) physically happens in EU it would seem that an EU country has jurisdiction, while the user's country outside the EU would have jurisdiction as well as there in an effect on a user in their jurisdiction - these are not mutually exclusive, but Facebook must abide by both legal regimes. Usually this means going by what is more restrictive for Facebook. If, however, there is no way operate in two jurisdictions without breaking the law in one, then it would seem that Facebook needs to make a choice as to where it wants to do business.

Moreover, regardless where the data is 'processed', the users outside the EU who currently have a contract with Facebook Ireland would seem to have a right to be treated in a way compliant with the GDPR (or the pre-existing data EU data protection regime) on the basis of Facebook Ireland being an legal entity within the EU. Actually, since this effectively means moving vast amounts of data from the EU I'm not so sure this legal as moving data outside of the EU is restricted under the current rules. As the data is going to the US I suppose Facebook could point to Privacy Shield for now, but then it would seem that this will eventually unravel as it is not substantially better than Safe Harbour was.

ZTE to USA: Sure, ban us, but you cannot afford such victories

Pseu Donyme

Re: Protectionism

>The basis of Android is open source ...

Nominally, yes, Android is open source, but actually Google has a monopoly* on it akin to Microsoft's on PC OS: Google has perverted the openness of the system by creating/moving APIs that many apps depend on into proprietary components outside of the AOSP proper, moreover, Google has the only viable app store for Android.

Microsoft's becoming monopoly on PC operating systems depended on the "network effect" where a product or service becomes more valuable the more users it has, which happens because of the closed feedback loop: more/better software available for Windows -> more Windows users -> writing Windows software becomes a better proposition for developers (than writing for competing platforms) -> more/better software available for Windows ... This soon results in a natural monopoly which is practically impossible for a competitor to challenge.

With Android Google not only has an OS monopoly akin to Microsoft's as such, but this is reinforced by its app store monopoly (Microsoft is working on the latter for Windows as well, but not quite there yet). Google's paying for Android and the related services from its advertising revenue makes it even more infeasible for a competitor to succeed and therefore one is unlikely to even emerge: for Google Android is good business as it helps them to rake in advertising revenue, for a potential competitor not so much as it would have to sell the OS as such or embed the cost into price a physical product thereby making those more expensive which means they cannot really compete (as Android is "free"**).

* technically, an overwhelmingly controlling market position, colloquially a monopoly (which is close enough as it is equivalent to an absolute monopoly for most intents and purposes)

** not really free, of course: 1) the consumers ultimately pay for it in higher costs of advertised products and services (only they pay more as there are middlemen) 2) they also pay with their information / loss of privacy and 3) with having to put up with commercial propaganda (=advertising) i.e. getting actively manipulated and misled, which 4) is a systemic problem in a market economy depending on well-informed parties to work efficiently (hence, again, resulting in actual monetary cost because of less efficient economy due to a group of market parties actively working on consumers to be less than well-informed in their decisions)

An easy-breezy attitude to sharing personal data is the only thing keeping the app economy alive

Pseu Donyme

Re: And that's exactly why...

> ... an amendment to the GDPR such that ...

I don't think an amendment is needed, except maybe for extra clarity. With GDPR and even with the old EU data protection regime consent is required to process an individual's data, which there can't be if the data is purloined from friends' address books and such or, in general, not from the individual him/herself.

Page: