[HN Gopher] Surveillance on UK council websites [pdf]
___________________________________________________________________
Surveillance on UK council websites [pdf]
Author : pier25
Score : 479 points
Date : 2020-02-05 15:10 UTC (7 hours ago)
(HTM) web link (brave.com)
(TXT) w3m dump (brave.com)
| MrAlex94 wrote:
| So I have read this report, but it would be good if there were
| some example URLs of where this is happening. Take for instance
| Lambeth's website (https://www.lambeth.gov.uk). I've browsed
| through a few public facing pages and the council tax payment
| pages.
|
| The report says Lambeth shows 1 real time bidding, 1 social and 5
| Google "trackers".
|
| From my network requests I see:
|
| -> Google Translate and its resources (CSS etc.)
|
| -> Google Font
|
| -> jQuery and a bunch of various modules
|
| -> leafletjs (OSS Map library)
|
| -> Google tag manager
|
| -> The social links at the bottom are just links, no requests or
| trackers.
|
| Note: None are blocked by PB, only cookies are denied)
|
| Nothing out of the ordinary here (although you could argue
| against GTM on a council website). I'm not seeing what's at risk
| here? And according to the report, the above requests should be
| ignored in the results?
|
| Caveat 1:
|
| > This is not a complete study. Third party tools commonly used
| by websites for chat bots, designing the page, soliciting email
| subscription, profiling visitors for the Council's own user data
| base, text to speech, CDN, fonts, non-Google analytics, etc. are
| not counted in this study. (See "table notes" on page 20 for a
| list of what is counted).
|
| > While these do expose a user's behaviour to the companies
| concerned, we exclude them here in order for simplicity.This
| study highlights what we view as the most dangerous third party
| data collection and profiling.
|
| To compare, the landing page that this report is hosted on has
| the following "trackers"/requests:
|
| -> Brave.com Analytics request that is blocked
|
| -> Google Fonts
|
| -> Google Tag Manager
|
| -> Google Analytics (blocked by PB)
|
| -> Mapbox
|
| -> Scorecard research (blocked by PB)
|
| -> Newrelic
|
| -> Slideshare (blocked by PB)
|
| -> Leaderapps
|
| -> Tableau
|
| -> Vimeo (cookies blocked by PB)
|
| Edit: Sorry - PB is Privacy Badger.
|
| As for my personal feelings, "widespread surveillance" makes it
| appear as though there is some sort of malicious intent here. I
| have a few friends (and mother) who have previously or currently
| work for local councils, there is no money for this sort of
| thing. At worst I believe any actual issues are due to ignorance
| (which isn't an excuse) but could be easily remedied. This is way
| too dramatic for what should be a "Hey ICO, these councils are
| _potentially_ not doing things properly, could you have a look?
| ". Instead you'd think Brave have uncovered a PRISM level
| conspiracy on the local government level.
|
| Poor taste IMO.
| gruez wrote:
| >From my network requests I see:
|
| >[...]
|
| >Nothing out of the ordinary here
|
| looks like you're not picking up a bunch of requests. maybe you
| have ublock? Here are some domains that aren't on your list:
| www.google-analytics.com script.hotjar.com
| cse.google.com vars.hotjar.com www.facebook.com
| stats.g.doubleclick.net static.hotjar.com
| connect.facebook.net
| MrAlex94 wrote:
| Hmm, not getting these. I disabled uBlock for my results.
| I'll see what else may be the cause.
| mpeg wrote:
| None of those really stand out as being problematic.
|
| Google Analytics, Hotjar are measurement tools. CSE is
| google's custom search endpoint, stats.*.doubleclick.net is a
| doubleclick for publishers endpoint (Google's ad server) and
| doesn't mean much by itself, it doesn't automatically show
| ads from third parties or send your data to anyone.
|
| The Facebook tags are sadly quite popular these days, I do
| agree those are not ideal but they are literally all over the
| net with like buttons, share buttons and "sign in with
| facebook"
| JohnFen wrote:
| GA is absolutely problematic. It's one of Google's main spy
| mechanisms. I know less about Hotjar, but it's reasonable
| to be nervous about any analytics package that is sending
| data off to a third party.
| ahel wrote:
| LOL you're in for a treat if you don't know hotjar and
| think that GA is problematic! Hotjar tracks(or used to at
| least) every mouse movement and click on a site so that
| you could analyze what happened to your clients or
| perspective ones.
| JohnFen wrote:
| Yes, I'm aware of that aspect of Hotjar. What I meant was
| that I don't know what Hotjar does with the collected
| data (beyond what they offer to the sites that use it).
| jey wrote:
| What's PB?
| polyvisual wrote:
| Privacy Badger (probably!)
|
| https://www.eff.org/privacybadger
| cameronbrown wrote:
| Privacy Badger?
| everdrive wrote:
| Privacy Badger
|
| https://www.eff.org/privacybadger
| MrAlex94 wrote:
| Apologies - Privacy Badger
| shermozle wrote:
| One of the examples, Enfield, gives me 44 trackers according to
| Tag Explorer: https://imgur.com/a/NoOjoev
| grsmto wrote:
| Your comment was making sense until you started comparing a
| council website with a marketing product (Brave.com).
| MrAlex94 wrote:
| It doesn't invalidate what I've found though? Also Brave
| themselves market as being privacy friendly, blocking ads and
| trackers etc... is it not fair to judge them as well if they
| are reporting this as egregious?
| grsmto wrote:
| No it's not fair because what they report as egregious is
| not the tracking themselves but the context! Council
| websites are public services. And it says in the report
| "citizens are entitled to expect that public services do
| not allow private companies to surveil them on their
| websites.".
|
| Other than that, you are right that it's hard to find
| what's wrong with that Lambeth website. However the GTM
| could be a gateway to any kind of data tracking (visited
| pages, button clicked, etc.) idk if you can actually find
| out from the console.
| MrAlex94 wrote:
| > No it's not fair because what they report as egregious
| is not the tracking themselves but the context! Council
| websites are public services. And it says in the report
| "citizens are entitled to expect that public services do
| not allow private companies to surveil them on their
| websites.".
|
| Ah I see. Agreed there.
| ajor wrote:
| Privacy Badger says that "Yellow" sites where it blocks cookies
| do appear to be trying to track you, but are necessary for the
| site to work[1]. That makes 5 trackers PB has identified on
| Lambeth's website.
|
| [1] https://www.eff.org/privacybadger/faq#What-do-the-
| red,-yello...
| MrAlex94 wrote:
| I see - thanks for the info. So all relating to Google from
| what I'm getting on the website request.
| dijksterhuis wrote:
| I'm getting these additional requests. They're being blocked,
| so result in a warning message in the console. Didn't see
| anything in network requests for them.
|
| - https://static.hotjar.com/c/hotjar-1043047.js?sv=5
|
| - https://cse.google.com/adsense/search/async-ads.js
|
| - https://connect.facebook.net/en_US/fbevents.js
|
| Also, the site is setting a cookie even though I've not
| consented.
|
| EDIT: Also, one of the lambeth.gov js scripts was written by
| "rob" in 2015. Hi Rob!
| wopian wrote:
| Is the cookie used for the site to function (or a component
| of it) or for tracking/ads. Only the latter needs consent.
| Nextgrid wrote:
| According to the GDPR even an IP address needs consent, and
| those are inherently transmitted when loading a third-party
| library regardless of cookies. Given that social media
| sharing isn't a necessary function of the website, they
| should be asking for consent before loading the libraries,
| or just using a locally-hosted icon pointing to a sharing
| link, so that the target social network gets the data only
| when the button is actually clicked.
| dijksterhuis wrote:
| Is a session cookie with datetime of access (and last visit
| somehow), so probably fine.
|
| not up on cookies and Gdpr tbh, I deal with other types of
| data normally.
| frou_dh wrote:
| Invisible trackers aside, it's simply gross that local government
| sites have banner ads on them. Have some pride and/or taste!
| mpeg wrote:
| When you actually look at the sites, it's clear Brave hasn't
| done their homework or don't really understand the online ad
| ecosystem.
|
| For example, Enfield council ( enfield.gov.uk ) is using
| Google's ad server (DFP) set to show only internal ads. All
| their advertising is for cross-promoting projects and sites
| that Enfield council is involved with, including pest control,
| social lettings, a publicly-funded golf course, school meals...
|
| It's not showing ads from GDN (Google Display Network) or
| elsewhere, it seems to only show these internal promotions.
| eclipxe wrote:
| Brave's business model is fear mongering.
| tssva wrote:
| And extortion.
| wnoise wrote:
| Extortion would be threatening to reveal bad acts, in
| order to gain something from those threatened. If they
| always reveal bad acts, and don't even try to gain
| anything from the bad actors -- well, that's just plainly
| not extortion, nor even criminal in any way.
| tssva wrote:
| That would be blackmail. Extortion is "the practice of
| obtaining something, especially money, through force or
| threats." Brave extorts websites by threatening to block
| the site's choosen revenue stream and to instead earn
| revenues from visitors to the site unless the site uses
| Brave to funnel their revenues.
|
| I don't have an issue with ad blockers or alternative
| payment methods but the way Brave combines the two in my
| opinion amounts to extortion.
| wnoise wrote:
| Sure, I was focusing on the blackmail subset of
| extortion, because (a) this posting was discussing their
| releasing of information and (b) they can't actually use
| any _force_ or threats of force. Helping their users
| decline to provide tracking information on unless they
| and their users get a cut is also not extortion, because
| the website owners don 't have a right to that
| information.
|
| You seem to believe that owners of websites have a
| natural right to their chosen business model, even if
| others don't wish to help enable that business model.
| gowld wrote:
| What's the difference betwen fear mongering and educating
| about risks?
| endorphone wrote:
| The difference is the beholder. If the beholder's income
| is threatened when people are educated about risks,
| they'll invariably declare it fear mongering.
| weekay wrote:
| You are missing the fact that Enfield council has RTB House ,
| Criteo retargeting , Tru Optik demand side platform , OpenX ,
| Districtm, msecnd , doubleclick , omnitag integrated as 3rd
| party. This doesnt make sense if the intent was purely to
| show internal ads. The implementation here seems to be no
| different to any other news site. As a visitor to the council
| website , I would expect that the same privacy levels and UX
| as that of gov.uk sites.
| velox_io wrote:
| GDS are bringing them together, slowly... I recently
| applied for Personal Independence Payments (PIP). And
| despite being a new 'system' plus the assessments are
| carried out by two large IT outsourcing companies (Capita &
| Atos). It is entirely paper-based (drive.google is blocked,
| they don't take emails...). If you request a copy of the
| report they photocopy the physical file and post it. They
| are so backwards it is unreal.
|
| Plus there's no provisions for an alternative format to the
| 30 page paper form. Not very independent if handwriting is
| an issue (the target demographic is people with
| disabilities).
|
| Don't get me started on the actual assessment/ assessor.
| (it's been a long day going through this stuff).
| rtb wrote:
| I think they understand it fine. As you say, the website is
| using Google's ad server. So it is sending detailed
| identifying info about each user to Google.
|
| Just because that has become normal for "the online ad
| ecosystem" over the past few years doesn't mean that it
| should be acceptable or that we cannot try to stop it.
| mpeg wrote:
| What is the alternative here? Should Enfield spend tax
| payer money creating an alternative tool to show banner ad
| cross-promotions and re-training their teams?
|
| Where do you stop? Is Google Analytics evil too? What about
| Twitter feeds?
| rtb wrote:
| The alternative is to not show ads.
|
| Yes, Google Analytics has many of the same problems. The
| alternative to that is to analyze the server logs or to
| simply not track your users' behaviour in detail.
| chriswarbo wrote:
| > Where do you stop? Is Google Analytics evil too?
|
| Absolutely.
|
| > What about Twitter feeds?
|
| In what context? Including/embedding Twitter cookies
| and/or Javascript in pages paid-for by citizens, which
| citizens are required to use to exercise their rights?
| Absolutely.
|
| As a non-exclusive outlet to disseminate information via
| an independent site (twitter.com), which anyone is free
| to avoid and ignore? That's fine.
| mpeg wrote:
| In reality, what happens is lots of council services
| (including police) use twitter as the main real-time
| source of information for citizens.
|
| Should they use an alternative platform? probably not,
| because twitter is the biggest and best known, so you
| could argue you can reach the most people with it.
| JohnFen wrote:
| > use twitter as the main real-time source of information
| for citizens.
|
| So they're excluding people who don't use twitter? Why
| can't their web pages be the main source of real-time
| information?
| Hoasi wrote:
| > Is Google Analytics evil too? What about Twitter feeds?
|
| Yes. Both bad.
| dboreham wrote:
| Sounds like a great business opportunity especially if we
| can lobby politicians to require "surveillance-free"
| services be used.
| shaoonb wrote:
| Why does Enfield council need to use adtech tracking to
| optimise their ads for other services? It's not like they are
| competing with anyone to deliver the most efficient services
| by fractions of a percent. Surely basic keyword targeted or
| completely untargeted ads are all they need.
| frou_dh wrote:
| In the PDF, this is the example of the banner ad they show:
|
| https://i.imgur.com/qwuU5Sx.png
|
| So the banner ads being strictly council related is certainly
| not universal.
| jszymborski wrote:
| Right, but are you suggesting that the Google ad servers are
| not going to use that information to sell to these visitors
| on other websites that are showing ads from the GDN?
| eclipxe wrote:
| Correct
| ulimn wrote:
| Incorrect
| mpeg wrote:
| I'm not a Google fan by any means, but DFP is the #1 ad
| server in the world and an industry standard, and I
| definitely don't think they would use DFP data to populate
| GDN segments because it would be a privacy nightmare.
|
| You have to consider DFP is a software tool, it would be
| like Slack selling your data so other SaaS can target you
| when you are talking about buying a new CMS.
| jszymborski wrote:
| "it would be a privacy nightmare."
|
| Right, but being a privacy nightmare is their business
| plan
| sandwell wrote:
| Especially since they are publicly funded, so UK citizens are
| paying to have their data transmitted to unknown parties and
| advertised at. Oh, and if you don't pay it? Fuck you. The
| government will send bailiffs to seize your property to pay the
| bill, or imprison you for up to 3 months.
| thomasedwards wrote:
| Probably something to do with the fact that central government
| has cut budgets for the last 10 years and if putting some
| banner ads on their website contributes to keeping a library
| open, it's hard to say no.
| Animats wrote:
| Here's the service promoting advertising on Government web sites
| in the UK.[1]
|
| From their FAQ:
|
| Q: _" Could the data collected be used to exploit individual
| circumstances?"_
|
| A: _" There is no intention to do this. In all forms of
| advertising, companies want to appear in front of the people most
| likely to buy their products or services."_
|
| _" Just as an advertiser will choose an ad space in a
| publication because of its readership and relevant editorial
| content, so an advertiser online will use data from cookies to
| target their ads to people who would be most interested."_
|
| _" So, a user browsing for information on a benefits webpage
| might be shown ads relevant for people on a budget, like for
| reduced price travel or supermarket price cuts on everyday items
| or a comparison website to find the best tariff on gas and
| electricity."_
|
| The Enfield council's cookie disclosure page includes cookies
| from most known trackers.[2] This is an amusing read.
|
| [1] https://can-digital.net/generating-income-from-council-
| websi... [2] https://new.enfield.gov.uk/privacy-notice/#6
| Nextgrid wrote:
| Seems like they aren't aware of the law or explicitly violating
| it and hoping to get away with it (which unfortunately isn't a
| bad strategy considering Google and Facebook are still around).
|
| The thing with the law (the GDPR in this case) is that it
| applies to everyone equally. It doesn't matter whether your
| intentions are good, if the law says you can't collect certain
| data without explicit user consent then you shouldn't be doing
| it regardless of how good your intentions are.
| throwawaylolx wrote:
| The title of the submission seems very much like a clickbait: the
| context makes it sound like it refers to government surveillance,
| not sending data to private American companies to serve ads.
| tomlong wrote:
| In the appendix table, South Oxfordshire is listed as South
| Oxfordshite.
| zionic wrote:
| Well that's just depressing. Having the fact that you accessed a
| government addiction help website packaged and commoditized then
| sold to the highest bidder just screams moral bankruptcy.
| blibble wrote:
| I suspect the root cause of this issue is the average web
| developer not realising that including any third party javascript
| gives total control of the page to whoever controls the included
| URL
| choathedolls wrote:
| The average developer knows this even if you're an absolute
| lover of all things JS.
|
| Whether or not the developers were forced to include them due
| to certain constraints is another issue.
| Grumbledour wrote:
| I am kind of sick of this excuse.
|
| While I suppose every developer here was in a situation where
| they had to include something they did not want, I also know
| that none of my colleagues would care or even think about
| including external scripts, trackers or other crap.
| Possibility would be high they would be the ones suggesting
| it. And I have met many developers who think that way. And
| looking at a plethora of open source projects, which many
| would assume should have many developers more conscious of
| these kind of issues suggest this is more than anecdotal
| evidence.
|
| Most people, developers included, probably even most
| developers on hacker news, don't care at all. We should not
| always try to push responsibility on someone else when it is
| us who builds this kind of crap often without even
| protesting.
| oefrha wrote:
| A better link would probably be the actual report, "Surveillance
| on UK council websites" https://brave.com/wp-
| content/uploads/2020/02/Surveillance-on...
|
| At least that report doesn't start every sentence with "Brave".
| dang wrote:
| Ok, we've changed the URL above to that from
| https://brave.com/ukcouncilsreport/. Thanks!
| nottorp wrote:
| [quote] This report should spur Elizabeth Denham, the UK
| Information Commissioner, to finally enforce the GDPR. It is 17
| months since formal evidence from Brave and complaints about
| breaches of data protection laws were filed before the ICO.
| [/quote]
|
| Oh really? Hello BRexit?
| gniv wrote:
| > Hello BRexit?
|
| I was curious about this and searched a bit. According to this
| website [1] the GDPR is still in force until the end of the
| year, and in addition there is a UK-GDPR law, very similar to
| the EU GDPR, which took effect on Feb 1st. So there are two
| regulations now, not zero.
|
| [1] https://www.cookiebot.com/en/uk-gdpr/
| 627467 wrote:
| I don't want to be overly critical here but If we rush to call
| this 'widespread surveillance' (intended or not) I worry that
| we'll quickly start losing words/expressions to describe the
| stuff that snowden unveiled or whethever the government does in
| China...
| shadowgovt wrote:
| The source for the story clearly has a specific political bias
| regarding its interpretation of privacy.
|
| That political bias doesn't impinge on the facts of the report
| though (merely that Brave believes it's worth surfacing
| loudly).
| alharith wrote:
| So the right to privacy is a political agenda item now? I
| don't get what you are saying, can you please clarify?
| licebmi__at__ wrote:
| Yes, anything related to the life on society and how we
| regulate it or not is "politics" and a particular political
| subject is pushed by any individual or group is a
| "political agenda item". If we act like politics is a dirty
| word, only the worst of us will involve in politics.
| shadowgovt wrote:
| Whether pseudonymized background data collection
| constitutes a violation of right to privacy is a hot-button
| political topic. The GDPR has put a stake in the ground on
| this but is not the final say on the matter.
| salawat wrote:
| How ya figure? It's same in type. Pervasive monitoring/metadata
| collection is an attack.
|
| PRISM/CALEA/ubiquitous surveillance via facial recognition,
| social credit scoring don't just magically stop being
| linguistically addressable because we've tossed another
| specific example into the generic bucket. It just means that
| we're getting better at identifying exploitative forms of
| unnecessary data collection.
|
| Unless I'm reading your statement wrong, I'm just not seeing a
| here your worry comes into play. There's no Orwellian language
| leak there, and I'm usually pretty sensitive to that just
| because it does drive me nutswhen people try to do that
| intentionally.
| pier25 wrote:
| Sorry for the editorialized title but it was too long...
| dang wrote:
| That wasn't editorialized, that was a gallant attempt to fit
| both the site guidelines and the 80 char limit. The only thing
| I'd have done differently was take out "Brave" from the title,
| since it's in the domain next to the title, and since they
| provide enough mentions of "Brave" themselves. (Submitted title
| was "Brave uncovers widespread surveillance of UK citizens on
| UK council websites".)
|
| It's moot now because we switched to the pdf and taken its
| shorter title.
| pier25 wrote:
| > that was a gallant attempt to fit both the site guidelines
| and the 80 char limit
|
| Well thank you kind sir
| motohagiography wrote:
| It's quite likely a contracted web developer is using a "free"
| library that had these trackers built into it.
|
| It's also possible this is corruption, as it's a question of
| where the revenue from that data was going. If it's going to some
| web developer's account that's a problem.
|
| The RTB aspect of this story makes it clearly disingenuous, but
| getting interaction data to improve services is something you
| would expect a progressive public service to do. Crying wolf on
| this could do a lot more harm than good to the risk averse
| cultures of public services. I hope they've got the story right.
| shadowgovt wrote:
| "This report should spur Elizabeth Denham, the UK Information
| Commissioner, to finally enforce the GDPR."
|
| What is the status of GDPR in the UK now that Brexit has
| occurred? Is the UK still beholden to the terms of the law, or
| does the UK have a parallel law that applies now that they're no
| longer part of the EU?
| rux wrote:
| GDPR is currently entirely valid and enforced until December
| 2020. After that point it is believed that an entirely
| compatible law will continue to exist - currently the
| understanding is that the UK will be considered to have
| adequate equivalency therefore making it a safe third party
| country to transmit data for processing. No hard guarantees
| until the end of the year though.
| throwawaylolx wrote:
| The entire article and "report" are so aggressive that it makes
| it difficult to extract any nuance out of it other than that I
| should use Brave.
|
| Is the core issue that council websites are using real-time
| bidding for their ads? Is this specific to the UK?
| sandwell wrote:
| > Is the core issue that council websites are using real-time
| bidding for their ads?
|
| Yes. These websites are used to support a variety of public
| services, e.g. disability, poverty, drugs, or alcoholism
| services.
|
| Brave believes that sending tracking information about people
| accessing this information is a breach of privacy.
| throwawaylolx wrote:
| And is "real-time bidding" an otherwise uncommon ad strategy
| that is relatively specific to the these websites? If it is,
| then I can understand the alarmism, but otherwise this news
| can be compressed to "UK council websites use targeted ads,"
| right?
| farazbabar wrote:
| No. The issue is the means used to target ads on this site
| are transmitted back to ad servers and used outside this
| context which is a nightmare scenario.
| throwawaylolx wrote:
| Is this not how targeted ads are expected to work?
| komali2 wrote:
| Why are there ads on a website funded by taxes?
| scarejunba wrote:
| In order to easily cross-promote other services with
| suppression and retargeting. Someone able to edit some
| content can do it rather than requiring the CMS to
| support this and training the council staff on this.
| chriswarbo wrote:
| > is "real-time bidding" an otherwise uncommon ad strategy
| that is relatively specific to the these websites?
|
| The alarm does not come from the technology being uncommon,
| it comes from _these sites_ being uncommon. In particular,
| there aren 't many sites which millions of people may rely-
| on/be-directed-to in order to exercise their rights (e.g.
| to healthcare and social services), or even for their life
| or their friend's/family's.
|
| The argument of "if you don't like it, don't use it"
| doesn't apply here. It's especially egregious that these
| sites are built and operated using public money, so we're
| paying for it regardless.
| whalesalad wrote:
| I guess the irony of a 'tweet this' href after every single
| bullet point was lost on the author.
| awinter-py wrote:
| I've been on government sites (ny.gov, IIRC) that use google-
| provided captchas for form submissions
|
| sucks but not sure it's immoral -- submission fraud is a hard
| problem to deal with and if captchas help, .gov should use them
| CommanderData wrote:
| Interested in some of these comments, no doubt places like these
| are getting astroturfed more and more.
| toyg wrote:
| Council are the victims here. They are forced to debase
| themselves because central government, in the Tory era since
| 2010, simply offloads competencies to local authorities, without
| allocating extra funds or even slashing existing ones. So the
| priority has become to keep the lights on and find every way
| possible to monetize anything remotely monetizable, from parking
| to this (as well as cutting tons of jobs, closing libraries and
| so on). Councils are literally going bankrupt, but voters can't
| make the link and keep voting for "low taxes" in Westminster and
| "the Council should do everything" at home, then complain when
| pigs can't manage to lift off and fly.
| mattlondon wrote:
| The tax burden is high. They could certainly do with reducing
| it in my personal opinion.
|
| A leaflet comes through the door every year or so telling me
| how much they spend in the local council. Usually the highest
| amount is not on schools, not on libraries, not on health, not
| on sweeping the streets or maintaining parks and playgrounds
| etc, but on "adult social care" (1) which as far as I know is a
| euphemism for benefits handouts for the baby-boomer generation.
|
| It feels to me like an unrealistic burden is being placed on
| the current working generation to gold-plate the retirements of
| the current pensioners (because they tend to vote a lot), who
| frankly have got it pretty fucking good (not just free
| university education, but they got _grants_ (i.e. free money),
| were able to purchase cheap and decent quality housing at
| relatively low salary multiples (e.g. detached 4 bed in nice
| areas for 3x average salary in the 60s & 70s), excellent
| pensions (often from the public sector), free travel, free tv
| licenses, jumping to the front of the queue in the NHS, free
| money for heating their homes etc etc, the pension triple-lock
| of a guaranteed 2.5% increase at a minimum etc, when working
| age people are lucky to get _anything_ in their gig /zero-hours
| contract etc).
|
| There has been talk of inter-generationalfairness a bit (at
| least before brexit took over). I hope something is done.
| </bitter>
|
| 1 - https://engage.barnet.gov.uk/1730/documents/1919
| [deleted]
| Scoundreller wrote:
| That kind of fiscal << downloading >> is also a way to keep
| wealth within your council, and poor areas can just get bent
| because they'll have more needs, but the least ability to get
| revenue.
|
| (If council's primary revenue source is council tax within
| their own council).
| adwww wrote:
| That would be nice... but councils can only increase tax by
| <2% per year, and most of their revenue comes from a 'grant'
| by central government, which has been cut ~40% in the last
| decade.
| weekay wrote:
| What is interesting is the fact that none of the revenue / income
| from advertising if any, is showing in the accounts of the
| council. Checked a few at random and none of the account
| statements mention income from ads. Begs the question then not
| just of moral bankruptcy but of accounting this. If it's not
| implemented for income to the council then why ?
| asdfasdf1231 wrote:
| > If it's not implemented for income to the council then why
|
| analytics? To better serve you? to think-of-the-children?
| godelski wrote:
| Careful, some people may not pick up on that sarcasm.
| gowld wrote:
| Did you cross-reference to the councils whose websites are
| serving ads?
|
| Perhaps the ads are run by 3rd party web hosting providers.
| Just a guess.
| jsmith99 wrote:
| They would be unlikely to report an income stream seperately
| unless it was material. Materiality is a matter of judgement
| but most auditors would use about 1% of revenue.
| pier25 wrote:
| Maybe there is a document somewhere that enforces certain
| practices when making websites for public institutions?
| lbriner wrote:
| Unfortunately not, otherwise it would be easier to enforce
| consistency. The simple truth is that councils like many
| companies are not specialist developers but are expected to
| run high-quality web applications. Add in some Consultants
| who may have conflicting interests or lack of knowledge,
| semi-skilled staff, a friend-of-a-friend who told you to use
| X on your site, third-party web developers and a marketing
| team who need the "analytics" and you end up with this mess.
|
| Like many companies, GDPR seems right down the list. The most
| troubling part of all for me was that the ICO acknowledged
| the illegality but didn't follow up. Sums up Britain to a
| tee!
|
| (I'm a Brit)
| butler14 wrote:
| This is one of the downsides of using an ad-blocker
|
| It's literally never occurred to me, as a user of these websites,
| that local government websites would even have adverts on them --
| let alone Google AdSense / junk from Google's Display Network.
| gumby wrote:
| How is that a downside?
| butler14 wrote:
| I thought that was self explanatory.
|
| But lozaning has done a perfectly eloquent job of explaining
| above.
| basilgohar wrote:
| How is this a downside to using an ad-blocker? I think it's
| quite the opposite. An ad-blocker would prevent most of this
| external JS from being loaded.
| pavel_lishin wrote:
| Can't wait for the bite if you don't hear the bark.
| lozaning wrote:
| I've so successfully created a personal technology
| environment that hides ads, that I have no situational
| awareness about what these companies are up to.
|
| If someone out there is selling my healthcare data and
| running ads around it directed towards just me, I'd never
| know, but I'd want to.
| JohnFen wrote:
| So block tracking, not ads.
| dspillett wrote:
| Unfortunately the two are often intimately linked, so
| that is not really practical.
| JohnFen wrote:
| I'm not sure what you mean. You're right that the two are
| usually intimately linked. What I've found by blocking
| tracking is that as a result of this intertwining,
| blocking tracking usually also blocks the advertising
| engaging in the spying.
|
| I don't use an adblocker. I block tracking. It's pretty
| nearly as effective as an adblocker, so that seems
| practical to me.
| dspillett wrote:
| A key concern I have (though it doesn't stop me blocking ads)
| is that I won't know if a site is normally full of the worst
| sort of ads (malware install attempts, auto-playing video &
| audio, tracking up the wazoo & back, ...) and I could send a
| link to people who _are_ going to be affected because they
| are not protected by similar blocking.
|
| So not a downside directly, but a risk of lacking awareness.
| choathedolls wrote:
| Most extensions show a badge with how many ads have been
| blocked. From there, some of them also include loggers or
| similar tools to see exactly which scripts, assets, etc. are
| being blocked (personally, uBlock's "overview panel" is
| fantastic for this). All without having to disable your
| adblocker to check.
|
| So no downside, other than being even more frustrated with the
| current ad-hellhole.
| dspillett wrote:
| _> Most extensions ..._
|
| This is fine for client based blocking, but it not possible
| for network level blocking, such as using a pi-hole instance
| as your main local resolver.
| Nursie wrote:
| It's hardly news that most of the UK government websites, either
| at the local or national level, report all your activity to
| foreign corporations, particularly google analytics.
|
| I've raised this with the website creators through their helpdesk
| system, and on here when they've posted, but been either told
| that it's fine (they anonymise the data! We trust them!) or just
| ignored. It doesn't seem to sink in that giving such a company
| complete and unfettered access to details on how the UK public
| interacts with its own government might be a problem.
| Normal_gaussian wrote:
| It may be hardly news to you; but it is to me.
|
| ---
|
| I've just taken a look around my local councils site. I've gone
| onto the benefits pages, the disability pages, and a few random
| pages.
|
| There are literally zero trackers here. I have a first party
| cookie set to the value "1". All images and JS are served first
| party, with the exception of typekit (adobe) fonts. All images
| and JS are, without a deep dive, benign.
|
| https://www.testvalley.gov.uk/
| dboreham wrote:
| Pretty hard core to invent a whole local government for test
| purposes..
| Nursie wrote:
| Ha, this came up the other day. Non technical guy suggests
| we just insert 'Test' into the distinguished name of
| certificates we want to mark as 'not for production'.
|
| We pointed out that one of the many reasons that's a
| terrible idea is that the Test Valley exists.
| salawat wrote:
| Humorous solution: Add test_not_the_valley to all non-
| prod certificates.
|
| I'll see myself out.
|
| On a more serious note:
|
| Add "testing", "dev", "qa", "internal", or "non-prod"
| instead. At least those are my goto's for establishing
| multi-environment separation of configuration data
| through namespace separation.
|
| It isn't an inherently bad way of going about things as
| long as you keep it consistent and do your best to
| automate it.
| Nursie wrote:
| Get in the sea!
|
| I prefer to make sure we use a different signing
| authority, just to be sure. But I didn't give enough
| context to clue in the reader that that was an option :)
| Nursie wrote:
| Perhaps my turn of phrase was less than ideal there.... but
| yeah, I've been pissed off about this for a while but got
| nowhere.
|
| Some of the stuff in this report is worse, of course, than
| just including GA.
|
| (edit - Just looked at test valley site there, it brings in
| google analytics, though seems clean otherwise. Also Hey
| neighbour! I'm based in Southampton at the moment)
| Normal_gaussian wrote:
| Ahh, the part after the hyphens is something I wrote after
| the initial comment I didn't mean it to sound so abrupt.
|
| Notably my test method was completely and utterly flawed -
| I used a Firefox Private Browsing window forgetting it
| blocks content-trackers (like GA). Still, having now
| visited it properly it is as you say.
|
| And Hey! I'm down in soton every week :D
| foxyv wrote:
| Advertising is starting to edge towards the side of "Universal
| Evil." We need some serious regulatory controls on this stuff
| because it is getting out of control. GDPR is a step in the right
| direction, but sites and advertisers are pretty much flouting it
| at this point.
| eclipxe wrote:
| Why is it starting to edge towards "Universal Evil"?
| JohnFen wrote:
| Because its spying tentacles keep expanding to more and more
| places.
| paulcarroty wrote:
| UK has the biggest number of cameras per m^2 in world. Sadly,
| it's common pattern.
|
| Cool business idea: Mr Robot style hoodie with tracking
| protection.
| theseadroid wrote:
| And only by then you'll realize how many people don't really
| care and the ones wearing the hoodie will be singled out with
| special attention from state.
| dnh44 wrote:
| Well someone has been fined for disorderly behaviour for
| covering their face.
|
| https://www.dailymail.co.uk/news/article-7036141/Police-fine...
___________________________________________________________________
(page generated 2020-02-05 23:00 UTC)