* Posts by Pseu Donyme

259 posts • joined 10 May 2011

Page:

Facebook puts 1.5bn users on a boat from Ireland to California

Pseu Donyme

Re: Farcebook

Also, Facebook is in a business, which is a natural monopoly due to the network effect i.e. a service like it is more valuable to its users the more users it has (like a telephone network where the one with more subscribers is the more useful one): there is a positive feedback loop luring more users (from other similar services) to the biggest one until there is no competition to speak of. This not only means that the first provider to get beyond some critical size is likely to become a de facto monopoly, but also that it is practically impossible to outcompete the monopolist after this. Also the monopolist, as in here, tends to be in a position to buy out or otherwise neutralize anyone who might try, just in case.

0
1
Pseu Donyme

> ... too many users who just don't seem to care.

Because they have no idea there is an issue, never mind knowing what it might be (?).

2
1
Pseu Donyme

Re: It goes from bad to worse.

>A user in China or Africa cannot claim EU GDPR rules, just because their data is held in Europe.

Actually, I'm not sure of that: as long as the 'processing' in the sense of GDPR (including merely storing it) physically happens in EU it would seem that an EU country has jurisdiction, while the user's country outside the EU would have jurisdiction as well as there in an effect on a user in their jurisdiction - these are not mutually exclusive, but Facebook must abide by both legal regimes. Usually this means going by what is more restrictive for Facebook. If, however, there is no way operate in two jurisdictions without breaking the law in one, then it would seem that Facebook needs to make a choice as to where it wants to do business.

Moreover, regardless where the data is 'processed', the users outside the EU who currently have a contract with Facebook Ireland would seem to have a right to be treated in a way compliant with the GDPR (or the pre-existing data EU data protection regime) on the basis of Facebook Ireland being an legal entity within the EU. Actually, since this effectively means moving vast amounts of data from the EU I'm not so sure this legal as moving data outside of the EU is restricted under the current rules. As the data is going to the US I suppose Facebook could point to Privacy Shield for now, but then it would seem that this will eventually unravel as it is not substantially better than Safe Harbour was.

2
2

ZTE to USA: Sure, ban us, but you cannot afford such victories

Pseu Donyme

Re: Protectionism

>The basis of Android is open source ...

Nominally, yes, Android is open source, but actually Google has a monopoly* on it akin to Microsoft's on PC OS: Google has perverted the openness of the system by creating/moving APIs that many apps depend on into proprietary components outside of the AOSP proper, moreover, Google has the only viable app store for Android.

Microsoft's becoming monopoly on PC operating systems depended on the "network effect" where a product or service becomes more valuable the more users it has, which happens because of the closed feedback loop: more/better software available for Windows -> more Windows users -> writing Windows software becomes a better proposition for developers (than writing for competing platforms) -> more/better software available for Windows ... This soon results in a natural monopoly which is practically impossible for a competitor to challenge.

With Android Google not only has an OS monopoly akin to Microsoft's as such, but this is reinforced by its app store monopoly (Microsoft is working on the latter for Windows as well, but not quite there yet). Google's paying for Android and the related services from its advertising revenue makes it even more infeasible for a competitor to succeed and therefore one is unlikely to even emerge: for Google Android is good business as it helps them to rake in advertising revenue, for a potential competitor not so much as it would have to sell the OS as such or embed the cost into price a physical product thereby making those more expensive which means they cannot really compete (as Android is "free"**).

* technically, an overwhelmingly controlling market position, colloquially a monopoly (which is close enough as it is equivalent to an absolute monopoly for most intents and purposes)

** not really free, of course: 1) the consumers ultimately pay for it in higher costs of advertised products and services (only they pay more as there are middlemen) 2) they also pay with their information / loss of privacy and 3) with having to put up with commercial propaganda (=advertising) i.e. getting actively manipulated and misled, which 4) is a systemic problem in a market economy depending on well-informed parties to work efficiently (hence, again, resulting in actual monetary cost because of less efficient economy due to a group of market parties actively working on consumers to be less than well-informed in their decisions)

7
2

An easy-breezy attitude to sharing personal data is the only thing keeping the app economy alive

Pseu Donyme

Re: And that's exactly why...

> ... an amendment to the GDPR such that ...

I don't think an amendment is needed, except maybe for extra clarity. With GDPR and even with the old EU data protection regime consent is required to process an individual's data, which there can't be if the data is purloined from friends' address books and such or, in general, not from the individual him/herself.

1
1

Any social media accounts to declare? US wants travelers to tell

Pseu Donyme

An implicit admission ...

... of the extensive communications and data snooping the US government is involved in: the obvious use unique identifiers like social media ids, phone numbers, email addresses is as a selectors for queries into databases containing the snooped stuff.

17
0

France gives WhatsApp a month to get slurps in order or face fine

Pseu Donyme

Re: So what if they don't ?

> Well seize their EU assets ...

I seem to recall that because of Facebook's tax shenanigans their global, non-US revenues go via Ireland (in the EU). I suppose this helps collecting fines and seizing considerable assets. Ultimately I suppose Facebook's Irish subsidiaries through which the global revenue goes could be seized with the effect that said revenue gets permanently seized (the contractual arrangements between Facebook and the subsidiaries created for tax avoidance would surely stay in effect after the seizure?).

0
0

Ghostery, uBlock lead the anti-track pack

Pseu Donyme

Re: NoScript no work

It seems updating to 57 also broke Request Policy (continued). :( This is why I dread updating Firefox. While any apparent change tends be just some rearrangement of the UI (usually pointless and annoying as such) you can be pretty sure that they have somehow managed to make existing addons incompatible and I'm at least forced to update those as well - if I'm lucky - if not, there is no compatible version.

1
0

Autsch! Germany slaps Facebook in its abusive little face for 'limitlessly amassing data'

Pseu Donyme

Re: Facebook et al

> ... because I use protection.

Good for you (so do I). However, not everyone does, knows about it or even why it should be used. And, actually, there should be no need, instead collecting, using and transferring personal data (i.e. any data about a person) should be all opt-in (which is pretty much the idea of data protection in a nutshell), such that there is prior, explicit, retractable consent, freely given (i.e. consent is actively given, the default is 'no consent'; consent can't be required to use a product or service).

2
0

European court: Let's not kid ourselves, Uber. You're a transport firm, not a 'digital service'

Pseu Donyme

Re: So...

I suppose it is also relevant that Uber sets the rates the customer pays (thereby controlling what the driver gets after Uber's cut as well); if Uber were merely a real-time market with an app for access matching customers seeking to go from A to B with drivers willing to make that happen for a price agreed between a customer and a driver (or maybe set by a regulator) it would be a different matter.

20
0

Nothing matters any more... Now hapless Equifax bags $7.5m IT contract with US taxmen

Pseu Donyme

If we can't have a corporate death penalty (i.e. fines large enough to bankrupt a corporation) for even the most serious misdeeds, could we at least have a penalty where a corporation was forced to issue new shares up to, say, hundred times of its current stock to be sold on a public stock exchange over time with the proceeds going in the public purse. To clarify: the intent is to allow regulators / courts to punish the shareholders of a corporation by wiping out the value of their holdings to a degree proportional to the offense thereby creating an incentive to force proper behavior on the board and top management.

13
0

How Apple is taming the ad biz. Just don't expect Google or Zuck to follow

Pseu Donyme

Re: What about...

Thanks, I tried to be very careful with them; a joke of a sort (to a retired (C-)programmer sometimes struggling to balance his parentheses to the satisfaction of (g)cc, anyways) seemed to be emerging as I was writing my short missive, which seemed to ((((perhaps) almost) reasonably) legitimately) call ever more nested parentheses. [Per above I can confirm that unbalanced braces are jarring. :/ (Although I'm not sure if it is (undiagnosed) OCD or merely a result of decades of nagging by cc and her relatives; these may amount to the same thing (or close enough) in practice (?).)]

6
0
Pseu Donyme

Re: What about...

Indeed. No third party cookies. In fact, no cookies other than session cookies. These should be the default settings of any browser (by law (with draconian punishment for violations (and something even worse for anything that could be construed as an attempt to circumvent (the letter or (especially) the intent of) the law))).

7
0

First big Privacy Shield review has ended – and yep, it's great! Just don't ask about mass spying

Pseu Donyme

I'm having mixed feelings as to whether I would like to try some of what those responsible for the EU side of this 'deal' have been smoking.

1
0

Shock: Brit capital strips Uber of its taxi licence

Pseu Donyme

Oh dear, oh dear

Too bad. (not)

1
0

Apocalypse now: Ad biz cries foul over Apple's great AI cookie purge

Pseu Donyme

Humbug

Session cookies only. Separate session for each tab.

0
0

Social media vetting for US visas go live

Pseu Donyme

Re: 15 years of history?

This could be meant to be impossibly onerous in practice without being strictly impossible in theory i.e. a de facto travel ban (v 3). As a bonus, if someone still manages to get visa approval, they have most likely left something out in the application and this can be used as a pretext to jail and/or deport them at will (neatly working around pesky legal constraints that might apply to a person physically in the US with a valid visa).

5
0
Pseu Donyme

> In fact, any country can ...

I suppose any country can also put anyone against the wall when there, or have someone assassinated while in another country. That something can be done doesn't make it right. For this reason most countries have chosen to limit what they can do by domestic law and by signing international treaties. In this context the US used be an ardent proponent of human rights; sadly, this has given way to seeking legalistic loopholes to work around them* in the sense that human rights apply simply because one is a human being.

* e.g. Gitmo, drone strikes, entirely unfettered mass surveillance of foreigners

5
0

Sick of Java and C++? Google pours a cup o' Kotlin for Android devs

Pseu Donyme

Re: Noob question

I suppose args has a similar purpose to argc and argv in C main(): the program gets the arguments it is invoked with (if any) trough this. In your example they are not used for anything, but they could be so they are part of the interface / function signature of Kotlin's main().

3
0

EC fines Facebook €110m for 'misleading' data on WhatsApp deal

Pseu Donyme

Re: EU Competition Commissioner said:

Indeed. 110 M € in this context is too small by two to three orders of magnitude. In general, I suppose fines to companies should be such that getting several within a few years would result in bankruptcy. If they are meant to have an effect, that is.

10
0

Republicans go all Braveheart again with anti-net neutrality bill

Pseu Donyme

re: "Obama!"

!Obama morelike?

2
3

Your internet history on sale to highest bidder: US Congress votes to shred ISP privacy rules

Pseu Donyme

weaken Privacy Shield?

Fear not, for Privacy Shield is about shielding US corps from having to give a hoot about the privacy of us EU plebs.

7
0
Pseu Donyme

Re: WTF?

>I'm curious to know how this was argued.

"Now Mr Congressman, about that campaign contribution ..."

7
0

That CIA exploit list in full: The good, the bad, and the very ugly

Pseu Donyme

I'll have to object to the idea (a tautology, really) that being a spy organization legitimizes spying: in civilized countries this is illegal without a warrant (for a good reason). Moreover, a spy organization operating outside its native country / jurisdiction cannot legitimately have such a warrant.

3
0
Pseu Donyme

Re: WhatsApp / Signal

I don't think any app is safe against local root access, never mind an exploit that allows running code in kernel mode i.e. unfettered access to the hardware: with these the attacker has access to everything the user has (and more).

4
0

Brussels cunning plan to save the EU: No more Cookie Popups

Pseu Donyme

The only place that mentions "cookie" in 2009/136/EC* is (66):

"Third parties may wish to store information on the equipment of a user, or gain access to information already stored, for a number of purposes, ranging from the legitimate (such as certain types of cookies) to those involving unwarranted intrusion into the private sphere (such as spyware or viruses). It is therefore of paramount importance that users be provided with clear and comprehensive information when engaging in any activity which could result in such storage or gaining of access. The methods of providing information and offering the right to refuse should be as user-friendly as possible. Exceptions to the obligation to provide information and offer the right to refuse should be limited to those situations where the technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user. Where it is technically possible and effective, in accordance with the relevant provisions of Directive 95/46/EC, the user’s consent to processing may be expressed by using the appropriate settings of a browser or other application. The enforcement of these requirements should be made more effective by way of enhanced powers granted to the relevant national authorities."

From this I'd gather that cookies needed for shopping carts and such are ok, as are session cookies in general as they are not (permanently) stored on user equipment. "Analytics cookies", if they mean 3rd party tracking cookies, would seem to fall foul of this as they are stored on user equipment and are a privacy menace amounting to spyware. If anything, the latter should be more clearly and categorically banned (at least without explicit consent and a right to refuse without affecting the service).

* http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32009L0136

3
0

Screw EU! Apple to fight back over €13bn tax bill

Pseu Donyme

Unless they have radically changed their ways recently Apple's claimed "26% tax rate on its worldwide earnings" doesn't seem credible or at least it is very much at odds with the findings of the 2013 US Senate investigation which found that Apple had managed to arrange to be tax resident nowhere for its earnings outside the US.

11
0

FBI overpaid $999,900 to crack San Bernardino iPhone 5c password

Pseu Donyme

Re: I'm not sure how he thinks this will work on an iPhone 6

@Steve Todd: Well, I'd be delighted to be wrong about this if it means that things are better documented or at least better known by now (or always were). Last time what information was around (using an hour or three to look for it with the benefit of a background as a seasoned embedded systems SW engineer) left me with the above impression (admittedly with some of my own speculation having most likely blurred to the info by now). I wouldn't mind seeing a quote from the above link attesting to the secure enclave's nature as a physically separate, tamperproof* subsystem, in particular it having its own persistent, but mutable storage, physically separate from the general purpose flash (without which it is still vulnerable to this sort of attack); this is the main point where I had to rely on speculation (i.e. Apple very likely minding the BOM / extra size / complexity from an extra chip / ... too much to implement a feature the finer points of which the general public would be unlikely to appreciate).

* one aspect of this would be whether the secure enclave's firmware is immutable (failing which makes the kind of hack FBI was demanding of Apple possible)

2
0
Pseu Donyme

Re: I'm not sure how he thinks this will work on an iPhone 6

Um ... as I seem to recall (from the time this was last an issue), the A6 already has the arrangement where a 256-bit constant is baked in the SoC only wired to the internal AES circuits (i.e. no direct software access). This means that cloning the flash and running the firmware in a VM won't work, but cloning the flash and running that with the actual hardware does (assuming that the only mutable storage in the device is the flash): this way at least the retry counter can be defeated by restoring the flash contents.

Unlike the A6, the A7 (and later) has the 'secure enclave'. However, rather than a physically separate processor with a dedicated mutable storage this appears* to be a virtual one sharing the system's flash chips as its only mutable storage. This is primarily geared at keeping someone with remote access (say, an exploit delivered via browser) at bay rather than someone with physical access (i.e. it keeps the iOS user and even kernel space isolated from the key storage, which is a worthy thing to have, of course). It seems Apple has not actually managed the latter; this would take your assumed separate tamperproof security processor with its dedicated mutable storage to keep the keys. This - afaik - Apple don't currently have. Hence, my impression is that there is no fundamental reason the technique (i.e. using a cloned flash with the original HW) wouldn't work on a iPhone 6 (or later).

* Apple seems to rely on obscurity for security here, afaik this is not properly (that is, publicly) documented

4
1

When Irish eyes are filing: Ireland to appeal Europe's $15bn Apple tax claw-back

Pseu Donyme

A no-brainer ?

I wonder if Apple's lawyers and accountants knew full well that this could happen, but went ahead anyway: it seemed likely to work and the worst that could happen was that they'd have to pay the tax they owed in the first place.

17
0

Making us pay tax will DESTROY EUROPE, roars Apple's Tim Cook

Pseu Donyme

re: Google and others

The Commission needs to start somewhere. Actually it started with Amazon, BASF, Fiat and Starbucks. I trust Google. Microsoft, ... will be dealt with as well.

13
0
Pseu Donyme

re: tax deals

There should be none, really. Instead, corporations pay tax on their profits at the non-negotiable corporate tax rate, same for any and all, where the bookkeeping rules for calculating the profit are likewise non-negotiable, same for any and all. As far as I can see this is what EU Commission is after here so that competition is not distorted due to company specific deals amounting to state aid.

5
0

Bungling Microsoft singlehandedly proves that golden backdoor keys are a terrible idea

Pseu Donyme

re: von Neumann

What I'd recall was that von Neumann got involved in the US war time computer programs (most importantly EDVAC as far as the eponymous computer architecture is considered) and put together an excellent memo of what he learned as a result. As the memo got somewhat wide distribution despite being about a secret wartime program and was about the only source of such quality right after the war, von Neumann got pretty much all the credit, much of which should have gone to John Mauchly and J. Presper Eckert, at least. (Actually, for a long time, the Americans got all the credit, despite Konrad Zuse's earlier work and that in the UK on the Colossus. Sadly, these are still rather poorly known.)

13
0

European Commission straps on Privacy Shield

Pseu Donyme

re: protects EU citizens, their privacy

Humbug. US corps, morelike, from having to give a hoot of the same.

1
0

Facebook crushes Belgian attempt to ban tracking of non-users

Pseu Donyme

re: jurisdiction

It seems strange that a Belgian court would not have jurisdiction of what physically happens in Belgium: if the user / browser / computer (or other device) is in Belgium the hard disk (flash chip, ...) on which the cookie is written is also in Belgium.

26
0

Apple pollutes data about you to protect your privacy. But it might not be enough

Pseu Donyme

re: "Modern data protection legislation which assumes that metadata is anonymous would need to be rewritten."

Re-writing would be ideal, of course. Then again what there is in the EU already covers this if interpreted with the law's purpose (privacy, self-determination) in mind. In this sense the the Schrems decision is very encouraging: the ECJ actually considers privacy and data protection fundamental rights to be protected as such.

1
0

Get ready for Google's proprietary Android. It's coming – analyst

Pseu Donyme

>This goes against the entire reason Android was created. ...

Probably. Google bought Android Inc. in 2005, though.

2
0
Pseu Donyme

Re: If it works for Apple...

While I wouldn't (at all) mind the wall around Apple's walled garden to suffer a fate akin to the structure that once circled West Berlin there is a crucial difference between Google and Apple: Google has a dominant market position in the EU (with Android, search, ...) while Apple doesn't (of course, Apple has monopolies within its own ecosystem, but then that isn't the dominant one within the general market(s), so, while I wish this could be acted upon it might not be possible under EU law ?).

6
0
Pseu Donyme

In effect Android is proprietary already ...

... because GMS is. Most importantly Google's stranglehold is cemented by GooglePlay, which at this points enjoys an unsurmountable advantage due to network effect*. (Not that coming up with the other components (browser, maps, ...) would be trivial, never mind something phone manufacturers on razor thin margins were likely to pull off or even try.)

* i.e. the value of a product or service to an user increases as the number of users increase, which in this case happens because of the feedback loop of: more GooglePlay users -> more developers using GooglePlay (exclusively) -> more GooglePlay users -> ...

5
0

Top EU data cop slams Safe Harbor replacement as inadequate

Pseu Donyme

Indeed. Like its predecessor "Privacy Shield" simply amounts to US firms being exempt from EU data protection. This is plain unacceptable as data protection is a fundamental right. Also, being exempt gives US firms a rather unfair competitive advantage.

17
0
Pseu Donyme

Quite. The US to needs to adopt proper data protection legislation like just about any other advanced country. In the meantime I suppose the only realistic solution is to keep EU citizens' data out of the US.

16
0

Google is the EU Remain campaign's secret weapon

Pseu Donyme

"It is vital that people should realise Google's potential (or actual) power." Quite. I don't think Google is actually under an obligation to be evenhanded and changing this would require something quite drastic. One such thing could be having the only permissible business model for search to be fully paid by its end users by micropayments, the idea being that a straightforward buyer-seller market* with competing vendors would keep search providers honest.

* instead of Google's constellation of interlocking, cross-subsidized markets amounting to the mother of all multi-sided markets (where a viable competitor in the combined market ought somehow to scale multiple barriers of entry at once)

4
0

SWIFT finally pushes two-factor auth in banks – it only took several multimillion-dollar thefts

Pseu Donyme

How can this happen?

What I find puzzling is that substantial amounts of money can be stolen with fraudulent bank transfers. Or not that so much, actually, but that it can remain missing with the perps uncaught.

9
0

One ad-free day: Three UK to block adverts across network in June

Pseu Donyme

>Some might argue...

There is that. At the same time ads are commercial propaganda (i.e. designed not to inform, but to manipulate). At any rate there is a better way on-line: search paid by its users (with, say, micropayments).

>"Google-dominated ad market"

DoubleClick's (=Google) ad servers market share of 69 % * seems dominant to me; this seems the most relevant single figure to the freedom of speech -angle mentioned above - maybe along with a global search market share of 71 % / 95 % (desktop / mobile) **.

* https://www.datanyze.com/market-share/ad-servers (as of 26MAY2016)

** https://www.netmarketshare.com/search-engine-market-share.aspx?qprid=4&qpcustomd=0 / https://www.netmarketshare.com/search-engine-market-share.aspx?qprid=4&qpcustomd=1 (April 2016)

0
0
Pseu Donyme

Micropayments or some other scheme amounting roughly to what sites get from adverts would be vastly preferable for a number of reasons:

- the current ad business model is a privacy disaster (for a typical user, at least)

- ads are commercial propaganda designed to manipulate and mislead; they undermine the key premise of an efficient market economy i.e. that of transactions between well-informed parties

- the Google-dominated ad market is a market failure / disaster in its in its own right: this is essentially not a market, but a set of interlocking multi-sided markets (search, Android, Google Analytics, Google Maps, ... and the ad distribution itself) where even some of the component markets are practically uncontestable monopolies due to the network effect

- a single company's de facto control of funding for news and other content is a freedom of speech disaster waiting to happen

- ad funded is not really free: the cost is added to the price of products and services; content providers could actually be paid somewhat more if the admen in the middle were cut out

0
0

French authorities raid Google's Paris HQ over tax allegations

Pseu Donyme

Re: Google doesn't have sales in France

> ... it does appear to be legal.

Presumably the French authorities disagree (hence the raid at dawn).

9
1

Half of EU members sidle up to EC: About the data-sharing rules. C'mon. Chill out

Pseu Donyme

Re: More barriers please

I quite agree, although instead of mere barriers I would insist on insurmountable bulwarks against any commercial use of personal information* without freely given, informed consent, revocable at any time; business models must be compatible with data protection (i.e. privacy), not the other way around.

* any data about a natural person, unless it is strictly impossible ever, under any circumstances for the holder of the data or a third party to identify the person to whom the data is related

4
0

EU mulls €3bn fine for Google

Pseu Donyme

While this is a worthy pursuit in its own right - Google has a dominant market position* which it is busy abusing - the really big deal is Google's business model of, essentially, privacy violation for profit on massive, unprecedented scale. For the latter I wouldn't, at all, mind seeing them driven out of the EU (if not existence) by humongous fines (or whatever means, really)**. It is worth noting that the issues are intertwined: ignoring EU privacy / data protection law has given Google a substantial and rather unfair competitive advantage to EU-based outfits having to abide by the same.

* not only with search, but with Android and web advertising, at least

** sadly, the likely outcome is that current arrogance and foot-dragging is replaced with enthusiastic bootlicking once it dawns to Google that serious monies are at stake and with this they emerge relatively unscathed, just a couple of $ billion poorer

0
0

The EU wants you to log into YouTube using your state-issued ID card

Pseu Donyme

From a privacy point of view the idea of using national id cards for logging on to the likes of Google (=Youtube) or Facebook is remarkably clueless. Instead there ought to be an explicit ban against letting them anywhere near the real identity of their users, or, actually, any information which could possibly be used to deduce the same by them or a third party (possibly with a narrow exception to enable investigation of serious crime by allowing IPs to be kept for a limited time for that sole purpose, only to be disclosed by a court order).

4
0

Page:

Forums

Biting the hand that feeds IT © 1998–2018