Posts by Pseu Donyme

The worst offenders come from the US ...

... because there has been no data protection legislation worth mentioning and so no impediment to their business model - essentially privacy violation for profit. Hence, what would really be needed would be proper data protection legislation (akin to the GDPR) on the federal level, and crucially, its vigorous enforcement (which has left quite a bit to be desired in the EU so far). I'm actually somewhat hopeful about this as Big Tech seems to have attracted the ire of just about everyone, including the current US administration and their political opposition.

A (conceptually) simple way to digital currency ...

.. would be automatically giving every natural and legal person in a jurisdiction an account in the central bank. These days it shouldn't be too difficult as a technical matter either, although how exactly transfers between those accounts would be carried out in practice would require some thought for this to be useful (and not, among other concerns, a privacy disaster). This would, at least, solve the problem of the 'unbanked' and eliminate a bunch of inefficiencies currently manifesting themselves in in banking and card fees (which include monopoly rents, the underlying monopoly at least partly being the current privileged access to central banks). Also, it would seem that this would go a long way to eliminating the need to prop up too-big-to-fail financial institutions (deposit guarantees could be eliminated as the central bank is always good for what it owes).

Granted, this would also make it easy to trace payments, but then this is the case already with money going trough the banking system as it is, so I'm not sure this is really a huge problem (at least as long as physical cash isn't completely eliminated and/or the legislation concerning this is up to scratch). Also, this would have a cost, but this seems trivial and could be easily covered by a fraction of the new money central banks create as a matter of routine to keep up with inflation (or to create some, actually, as a part of their mandate).

An obvious extension to the scheme would be allowing existing account holders easily (automatically) opening an account in another central bank where their 'home' central bank would vouch for their identity; this could (should) be combined with some sort of an automated, competitive market for currency exchange available to the small time punter.

The fine seems far too puny ...

... to act as a real deterrent for this particular company or others; the proper order of magnitude would be something that brings a company if not within an inch of its life then at least within a foot, the idea being that raking these in is not an option.

As the level where this happens while not resulting in an outright bankruptcy very much depends on circumstances, I'd suggest an alternate scheme where a company is forced to issue a substantial amount of new shares to be sold to the public with the proceeds going to government coffers: this should result in sufficient annoyance among existing shareholders to make a difference.

Another alternative could be a fine as a percentage of yearly revenue to be garnered from profits before any are paid out; this would also work companies other than LLCs, again without resulting in an immediate bankruptcy while hopefully getting the message trough.

In any case, while repeat offenses should attract higher penalties, the initial one must be substantial enough to act as a deterrent in itself; a token fine like this essentially means a license to ignore regulation until caught (and while appeals drag trough the courts, which is another problem, especially with well heeled companies with the resources to make sure this takes ages; with this in mind a fine should perhaps be a fixed percentage of yearly revenue or the combined revenue for the period in which there was an active violation, whichever is higher, for an incentive to fix things while waiting for the final verdict).

The Way of the Megacorp

"We are not people to Mark Zuckerberg, we are the product and we are being used against each other out of greed."

Unfortunately it looks like this is the essence of the de-facto American way these days; problem is that the two are deeply intertwined.

re: soverign immunity

Surely this also means that the contractual arrangements to limit their government customers' use of the product are unenforceable.

re: slowing down and delaying the ePrivacy Regulation

All the more reason to make on-line advertising explicitly and strictly opt-in in it then.

App stores are de-facto monopolies and should be treated as such

While having the ability to sideload on iOS would be an improvement it and 3rd party app stores can't really fix the root problem which is an inevitable tendency to de-facto monopoly. This is because of the network effect where app developers and users attract each other in a self-amplifying loop resulting in one dominating app store, a de-facto monopoly. This is what we have seen with Android where Google Play absolutely dominates. There is no reason to think that things would be different if competition was nominally possible on iOS, on the contrary, an upstart's prospects against the incumbent are dire, practically nil.

Monopolies - whether absolute or inescapable de-facto ones - ought to be run as regulated utilities. Ideally, perhaps, an app store could be a mutual non-profit corporation / co-op controlled by the developers. In practice regulating the current ones, most importantly limiting their commission towards making them non-profit entities, seems like a pragmatic approach.

re: consent

Assumed consent is not consent, never mind informed consent.

The mistake

... at the root of this - I'd think - is granting the constitutional right of free speech that properly belongs to a real person to a corporation (just a pile of paper, really, as opposed to a flesh and blood person); in the general case* this leads to a contradiction: when a corporation exercises the right it results on forced speech from the point of view of any shareholders who might disagree, on their dime**.

* i.e. public LLCs whose business and purpose is other than journalistic or political***; those getting involved in such things by buying shares should expect such corporations to exercise the freedom of the press and/or free speech rights on their behalf

** on any controversial subject such disagreement is guaranteed in any sizeable population of shareholders

*** in the US - I understand - much of what would be an association with a political purpose elsewhere is set up as a certain kind of a LLC

App stores are monopolies

... whether absolute or de-facto ones* and ought to be run as regulated utilities; a mutual non-profit company / co-op owned and controlled by app developers might do the trick.

* e.g. Google Play is nominally outside the dictionary definition of a monopoly** but it still is a de-facto one due to the network effect***; in general "monopoly" is used in economics and competition law in a less strict sense for a good reason: a controlling market position has much of the disadvantage of an absolute monopoly; Google Play's position in its respective market is so overwhelmingly dominating that it is really indistinguishable from an absolute monopoly (like Apple's App store).

** a particular product or service has only one provider

*** developers and users attract more of each other which results in one store ending up in an overwhelmingly strong market position from which it is virtually impossible to dislodge; the end result is a natural monopoly of a sort (in the sense of being due to the nature of the beast)

I liked the graphics, especially the cutesy character sprites. In general the game (on Switch) was well worth the price. Still (as above) things didn't totally click: it seems I had better things to do than the endgame after all the eight storylines had been brought to a conclusion. This could be due to exposure to the embarrassment of riches which is Zelda on the Switch, then again I could have used (even) more of Fire Emblem Three Houses which seemed to have that certain something (hard to put a finger on, also in the Eye Of The Beholder).

Monopoly -> Regulation

App stores are natural monopolies (or close enough) so they really ought to be run as regulated utilities. That competition turns to monopoly (or close enough for practical purposes) in the general case is due to a version of the network effect: the nature of the beast is that app developers and users attract each other which tends to result in one store becoming more and more dominant over time akin to the emergence of the de-facto monopoly of Windows. Also, developers and users having to deal with more than one app store per platform is wasteful; not the same but similar to 'traditional' natural monopolies where the waste would come from the unnecessary duplication of a physical network (e.g. an electrical one).

It is still a profile and therefore subject the GDPR* which should mean opt-in consent.

*GDPR Recital 72 : "Profiling is subject to the rules of this Regulation governing the processing of personal data, such as the legal grounds for processing or data protection principles." (https://eur-lex.europa.eu/eli/reg/2016/679/oj)

According to the Dutch DPA merely failing to notify those whose data was leaked in a timely fashion was worth a fine:

https://www.theregister.com/2021/04/01/booking_dot_com_fine/

In this case the number of persons affected is orders of magnitude higher and so should be the fine.

re "empowers your organisation to deliver operational excellence and delight every customer"

Amply convinced me that Microsoft is not using it.

App stores are natural monopolies (or close enough) ...

... so they really ought to be run as regulated utilities. That competition turns to monopoly (or close enough for practical purposes) in the general case is due to a version of the network effect: the nature of the beast is that app developers and users attract each other which tends to result in one store becoming more and more dominant over time akin to the emergence of the de-facto monopoly of Windows. Also, developers and users having to deal with more than one app store per platform is wasteful; not the same but similar to 'traditional' natural monopolies where the waste would come from the unnecessary duplication of a physical network (e.g. an electrical one).

A related thought

A rating scheme won't do much good where there is no competition; a sore lack thereof with Windows on the desktop. An idea to remedy that to some extent would be a requirement that government systems must run on other platforms as well, where the government could do itself and - even more importantly - others a favor by boosting Linux (the OS itself and - importantly - applications running under it) by such a requirement. Since there are already distros with commercial support this wouldn't necessarily need much else. With mobile devices, however, a relative pittance of money directed in the way of an alternate Android distribution (such as LineageOS) would go a long way (with a stipulation that any devices bought with government funds must be flashable with an alternate). Also, the EU would be well advised (actually, moreso than the US) to take this sort of a scheme under consideration (as it has been demonstrated that US technology can be withdrawn at the whim of a US president: see China / Huawei & others).

Interest-based ad-targeting sounds good.

Provided no interest is the default and means no ads.

The writing is on the wall

GDPR* recital 72 explicitly subjects profiling** to GDPR so it is hard to see how targeted ads based on user profiles could survive in the long run, especially under GDPR's consent regime***. I suppose it will take quite a while for this work its way trough the courts though if Facebook's efforts to obstruct**** are any indication. The first significant blow to Google seems to be coming sooner though:

https://noyb.eu/en/data-transfers-us-and-insufficient-cookie-information-noyb-files-complaint-against-european.

This seeks to enforce the recent ECJ 'Schrems II' judgment (in a nutshell: data transfers to the US are illegal due to insufficient data protection over there); the thing is that this particular complaint is on fast track to the ECJ (instead of the usual detour via national courts) because it is against the European Parliament (for an internal website apparently making use of Google Analytics, among other things).

* https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN

** defined as: "any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements" (Article 4(4)).

*** Article 7, in particular Article 7(4): "When assessing whether consent is freely given, utmost account shall be taken of whether, inter alia, the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract."

**** 7.5 years so far, might be coming to an end relatively soon though: https://noyb.eu/en/irish-dpc-agrees-decide-swiftly-facebooks-eu-us-transfers

In the general case ...

... of Google as a data processor I can't help but suspect that the plan might be to use nominally GDPR compliant* contracts between Google and EU data controllers as an end run around the GDPR: Google pretends to comply and the controller pretends to believe that while enjoying their free (or at least cheap) products and services (actually paid with the data of us EU plebs).

* for certain values of 'compliant' (such as 'not quite in blatantly obvious violation')

Systematic customer abuse, really

The site (amazon.de) has become a minefield where you need to be constantly on guard lest you are sold something you don't want. This started with pushing Prime at each checkout which was annoying enough. Now recurring orders on some items are the default and modal popups spring up when you put something in the basket. These push additional items Amazon for some reason seems to think I would like (with dismal accuracy, I might add) and/or extended warranty insurance (which should, in general, be banned as fraud, if you ask me) even when I'm trying to buy an usb memory stick worth a couple of €. Also, the last time I used the .co.uk version (before that becoming impractical due to Brexit) I was dismayed to notice that Amazon has gotten into the Dynamic Currency Conversion scam (i.e. a "service" which consists solely of giving its user a worse exchange rate than the VISA/Mastercard rate). This too as default, of course.

In summary: what used to be a very convenient web shop has become a drag to use. Also, prices aren't necessarily that great either, it seems I can often find the same product cheaper elsewhere.

Socialism: an application note

As natural monopolies (due to the network effect) app stores ought to be run as independent non-profits*. In practice these could be co-ops of developers who'd get access to the app store by buying a share**. The non-profit nature could be enshrined in the co-op bylaws, as could a prohibition of any party voting with more than a handful of shares (the goal being that the mutual non-profit stays that way).

Further inspiration for regulators (hopefully) sharpening their knives in anticipation of slicing and dicing the likes of Google (Alphabet): compensation for eminent-domaining app stores to convert them to co-ops could come from extra heavy fines to the monopolist, deserved in any case.

* i.e. these would siphon enough fees from the sales to keep them going in the long run but would not pay dividends

** the share price should be nominal or at least low enough for one-man-shops and even non-profit hobbyists

[Okay, sure, this might not be proper socialism as the ownership is not fully public, but by a group that could expected to manage the store in the public interest as it aligns with their own, nor does this apply to all means of production so Marx would see it as a step in the right direction at best; I just couldn't resist putting it in the title. :) ]

The more I think about it the more convinced I become that the only way to fix the mess that is the current internet is to revisit the original sin of ad-funding. As in eliminating it completely and replacing it with something else, such as micropayments. The current ad-funded arrangement is a nebulous mess in which consumers not only pay with their money (1) but also with a loss of privacy. Moreover, consumers are denied the benefits of straightforward markets - where a consumer pays for a service and has several competing options to choose from - and so suffer additional losses - monetary and reduced choice - as a result.

A conceptually simple fix (2) would seem to be banning all advertising delivered over ip or similar network where there is any change of anyone receiving it unsolicited, that is, unless the consumer has made an explicit request for information about a specific product or service within the last five minutes. The means of making such a request could be a search engine as far as finding the product/service information goes, but it would be essential that search engines were restricted to receiving payments from end users only as that would make the end users the customers, not products; a straightforward market for competing search engines could emerge and be sustained. Also, search engines should be specifically required to be separate, independent entities, not owned or in any way controlled by another entity (i.e. the the likes of Alphabet owning Google search should be illegal).

(1) the money for advertising has to ultimately come from higher prices of products and services

(2) the practical consequences are another matter, of course, but as the rot is systemic so is any real fix

re cookie banners, a conjecture

These ultimately emanate from a handful of central sources - such as Google - who deliberately design them to annoy end users with the goal of turning them against data protection regulation; the fairly frequent posts in on-line forums such as this one blaming the EU for these is astroturfing to ascertain the intended reaction (the obvious solution of using only strictly necessary cookies with no banner has been available all the while, it is just incompatible with a business model with privacy violation at its core).