[HN Gopher] Italian watchdog bans use of Google Analytics ___________________________________________________________________ Italian watchdog bans use of Google Analytics Author : giuliomagnifico Score : 505 points Date : 2022-06-23 17:27 UTC (5 hours ago) (HTM) web link (www.gpdp.it) (TXT) w3m dump (www.gpdp.it) | current_thing wrote: | ottime notizie. vietare google e monetizzare le bellissime | spiagge, e mangiare pasta autentica. | nonsapreiche wrote: | e w la fica | ciarcode wrote: | You do maybe | ciarcode wrote: | I don't think you're really Italian ahahah | mrkramer wrote: | Google is sucking in so much data that at the end it will be | outlawed everywhere. | dclusin wrote: | Suppose I run a website in the us and a user in Italy connects to | it. Does this mean I'm now breaking the law serving them the | website? My connection logs now have pii. | | What if I use a cdn that has points of presence in Italy and | still pings my server with a head request and the end user ip? | | Am I also now breaking Italian law by using google analytics? | kmlx wrote: | https://en.m.wikipedia.org/wiki/HTTP_451 | | > After introduction of the GDPR in EEA it became common | practice for websites located outside EEA to serve HTTP 451 | errors to EEA visitors instead of trying to comply with this | new privacy law. For instance, many regional U.S. news sites no | longer serve web browsers from the EU. | Nicksil wrote: | https://en.wikipedia.org/wiki/HTTP_451 | peoplefromibiza wrote: | > Does this mean I'm now breaking the law serving them the | website? | | As the article specifically states: | | _The Italian SA found that the website operators using GA | collected, via cookies, information on user interactions with | the respective websites, visited pages and services on offer. | The multifarious set of data collected in this connection | included the user device IP address along with information on | browser, operating system, screen resolution, selected | language, date and time of page viewing. This information was | found to be transferred to the USA. In determining that the | processing was unlawful, the Italian SA reiterated that an IP | address is a personal data and would not be anonymised even if | it were truncated - given Google's capabilities to enrich such | data through additional information it holds._ | | So, unless you are collecting EU citizens user data, | transferring it to US and have the _capabilities to enrich such | data through additional information you hold_ , no. | curiousllama wrote: | IIRC, it basically only applies if you're actively doing | business in the EU, or courting future business. | | So, if you have a personal blog that grabs IPs? Not illegal. If | you start a merch shop for your blog (or put in ads/sponsored | content, etc.), then the whole site needs to be GDPR compliant. | encoderer wrote: | There is really no reason to use Google Analytics anymore. There | are many great alternatives now, mine is PanelBear.com. Other | people love Fathom and Plausible. It's great to see some | unbundling happen. | sixothree wrote: | Yeah, it was another one of those trojan horse programs. Offer | something incredibly useful to website owners; something so | compelling that they literally can't say no. An oh, it just | happens to track the activity of every web user anywhere in the | world. | | The alternative offerings at the time were fairly awful | compared to what google released. | quickthrower2 wrote: | I also believe (no proof though!) that you don't need all that | micro detail about your users and it is a distraction for a | business. | | A rough "how many came" is useful. At least to diagnose if the | site had problems. Just talk to people and make your thing | good! | scale8 wrote: | The reason we built Scale8.com - Time to replace Google | Analytics and Google Tag Manager :) | tin7in wrote: | We are based in Europe and self-host our analytics exactly for | this reason. I feel this is just the beginning. | V__ wrote: | Are you using a custom sotware or something like plausible.io? | tin7in wrote: | I've heard about Plausible but haven't tried it yet. We are | using Posthog which is a suite for product analytics. | stevoski wrote: | Plausible et al all are a pale imitation of GA. They all | offer a dashboard with some basic filtering. But they offer | little in the way of true analytics features, that allow | you to slice, dice, and compare data. | mhitza wrote: | I'm working on an web analytics project that gives users | more power over the way they slice/dice/compare analytics | data. Would you be interested in giving it a try when the | project launches in alpha? | | Send me a hello email at the address listed on my | profile, would be happy to send out an invite when ready. | quickthrower2 wrote: | Which is a good thing! | closewith wrote: | Unfortunately, you can't self-host the integration with Google | Ads or Search Console, which locks anyone who relies on Google | (or Facebook, Microsoft, etc) Ads into the use of Google | Analytics/Ads tracking. | quickthrower2 wrote: | Why not? Can't you still pass the campaign information via | the url? | rambambram wrote: | Congrats. We also chose to do the analytics ourselves. No | tracking, no cookie banners, and probably better stats as well. | One thing that Google did very cleverly was to only give GA | users the search terms that visitors used to end up on their | site. | guelo wrote: | Isn't the search term in the Referer header? | Taywee wrote: | Nope. They forward through an in-between that obscures it. | They argue that because search results are personalized, | being able to see the search terms can give you information | about the visitor that can compromise their privacy. Google | doesn't want anybody violating user privacy except for | Google. | mhitza wrote: | If you get your site setup on Google Webmaster tools you | will still have access to the search terms. Definitely | not as precise as with GA, but should suffice. Unless you | want to do per user funnel tracking starting from their | search term. Which is pretty privacy invasive. | closewith wrote: | Not for many years. The only way to get Google search term | data now is through the Search Console product, which | integrates with GA. | joshyi wrote: | Same here. We've been using goaccess for years on a 300M hits a | month. Self-host is the way to go for us. | Rygian wrote: | Self-hosting does not automatically make your analytics legal, | on the other hand. | | Processing of your users' personal data is legal only in the | few exceptional scenarios outlined in Article 6. | | https://gdprinfo.eu/en-article-6 | giobox wrote: | Our definition of "exceptional scenarios" is clearly not the | same... The list of scenarios in article 6 are common | business operations covering a huge range of legitimate | activities where processing might need to occur; there is | little exceptional about them. | Rygian wrote: | Processing of personal information is unlawful except in | the conditions listed in the article. | | So "exceptional" in the sense that they are exceptions to a | more general rule, as of opposed to the sense of being | extraordinary. | leephillips wrote: | Good. US citizens should be, at least, disappointed that their | government is so bad at protecting their privacy, that US law is | so far behind the times. | | To those companies and people who find these EU decisions | baffling or inconvenient: tough. If you had had respect for your | users this would not be an issue. You would already not be spying | on them. | | To website visitors: if you see a cookie banner, the site is | asking permission to spy on you. If that concerns you, close the | tab. | judge2020 wrote: | > You would already not be spying on them. | | Can you point me to the part of the ban that says it's about | protecting users from "spying in general" and not "protecting | users from spying by US companies instead of EU companies that | EU member states can obtain PII from at any time"? | mhitza wrote: | > "protecting users from spying by US companies instead of EU | companies that EU member states can obtain PII from at any | time" | | I want to quantify this quote. Each EU country can spy on its | citizens to similar extent as 3 letter agencies from the US, | but in a less analytical/big meta data way (part of it being | the US brain draining EU countries for those working in | tech). | | However, if EU country A wants to have access to its citizens | user date on website X located in EU country B, is not an | easy process; involving a strict judicial system between | those countries. | leephillips wrote: | I think your logic may be a bit muddled, or I misunderstand | your question (but, if I take it literally, my answer would | be "no".) | | Not spying = not using GA = this ruling moot. | dmix wrote: | > To website visitors: if you see a cookie banner, the site is | asking permission to spy on you. If that concerns you, close | the tab. | | I'd love to see how often people do anything besides click okay | anyway (I'd be very surprised if it wasn't 99%+). | lolinder wrote: | Unless there is a very simple "reject" button, I click okay. | Between Firefox's native protections, DNS-level blocking and | uBlock, I have a lot more confidence in my own protections | than I do in their honesty, and it's not worth it to me to | uncheck a bunch of boxes. | tick_tock_tick wrote: | If I thought the EU was doing this to protect privacy I'd be | all for it. They really don't give a fuck as seen by ever bit | of legislation they are pushing for. Yes I also do understand | that the EU in general view privacy from the government as | illegal rather then a right. | SahAssar wrote: | The EU has both enacted the most promising and some of the | most backwards, stupid and regressive privacy laws. I'm | guessing that it depends on what representative guides it and | forms it through the various processes, and what the courts | do with it. Overall I think they have moved the needle | towards more privacy. | | > Yes I also do understand that the EU in general view | privacy from the government as illegal rather then a right. | | That is absolutely not true, at least not by enough people | for anyone to be able to make that sort of blanket statement. | I'd also wonder what reasons you have for thinking that, it | seems to me like all of the 5-eyes used each other to spy on | themselves (besides all of the things done by normal police, | various levels of federal police, etc.) | whimsicalism wrote: | An equivalent regulation to the one banning GA in the US would | not ban GA because the data centers are in the US. | stjohnswarts wrote: | No one is asking for exactly the same law, just the same | results: more privacy. | scarface74 wrote: | Yes "we care about privacy. But we also want a back door to all | encrypted communications". | | https://appleinsider.com/articles/22/05/11/eu-plans-to-requi... | 2OEH8eoCRo0 wrote: | America is the LTS branch of Democracy. | hallway_monitor wrote: | Privacy improvements will be pulled in along with independent | political parties in the next kernel update. | baisq wrote: | If a modern democracy requires an ever-growing government I | think I will stick to Democracy Stable. | tclancy wrote: | Here in NH we have a group of people trying to compile | their own. I never thought of them as distro hipsters, but | it tracks. | feet wrote: | Europeans seem to have it pretty nice, social housing in | Austria is absolute fire and enables incredible stability | in the population | | In the US we put spikes on concrete so the dirty poors | can't rest | baisq wrote: | Thinking that the situation of the majority of Europeans | is the same as the propaganda that you read is a big, big | mistake. | jokethrowaway wrote: | Europe is the place where you retire after you lived your | life in the USA and earned some money. It's nice for | holidays. | | The economy is dead here and governments have enough | political willpower to keep leeching more and more money | of the profit-making people and keeping these zombie | countries alive for other 50 years before of the | inevitable, USSR-style collapse. | mxuribe wrote: | Agreed i'm not interested in "ever-growing"...not for a | distro nor a gov...but i am interested in an evolving one | for the better - i.e. improve effectiveness, and reduce | bloat if it adds nothing of value. ;-) | takethat wrote: | and global wealth. | nix23 wrote: | More like the bitrotting prototype ;) | SkinTaco wrote: | feet wrote: | I think the support contract ended a while back | peoplefromibiza wrote: | more like the archived repository on Github | googlryas wrote: | Pragmatically, to what extent do you believe the European laws | have protected Europeans above and beyond how American laws | have protected Americans? | | Basically, what class of badness are Americans subjected to due | to behind-the-times data protection laws, that Europeans are | protected from? | Adrox wrote: | Have you heard of Robo-calls? Basically there are no Robo- | calls in EU, because you can just add yourself to a | Government no-call list. If any company doesn't respect that, | they get a huge fine. | jacooper wrote: | European laws are pushing to end Chat providers control over | social interactions(which is something that shouldn't be done | for profit any way) in the Digital markets act, which forces | big apps to provide federation APIs. | | The EU with the GDPR made an incentive to not use trackers, | dont want that ugly tracker on your site ? Then stop selling | data, that's why private analytics like Plausible and Umami | have sprung to life. And also made it clear how much tracking | is on the web. | | There is also finally a movement to let the US host | everything because really, the US isn't trust worthy. | | So, the EU laws, gave better awareness about tracking, gave | incentives to not use trackers, and is now working on | improving the user experience by stopping the monopolization | of social interactions. | ApolloFortyNine wrote: | It's possible for a company, which is seemingly providing you | a service since you visited the site, to make money off a | targeted ad in exchange for free video | streaming/content/entertainment. | | The whole thing has always seemed overblown to me. Websites | make much more money off targeted ads, allowing them to do | things like allow anyone to upload a video of any length and | quality for free. And view other videos people upload. In | most cases it seemed to me like a fair trade to make. Yet as | people point out all the time, technically a website isn't | allowed to deny access to someone who refuses targeted ads | (through the cookie pop-up), so they're essentially being | forced to provide that user content at a loss. Untargeted ads | are often worth 90% less or more than their targeted | equivalent. | | Privacy privacy privacy though, as if someone at Google is | manually looking through your history laughing at you. | stjohnswarts wrote: | Give me the option to pay more if it lets me get more | privacy. Otherwise I keep using fake accounts, VPN, | antifingerprinting methods, ad blockers, etc. | trelane wrote: | Some places do. Many German news sites have a "Pur" | version you can subscribe to and not get ads. | cm2012 wrote: | You won't get a good answer to this because there isn't one. | These no realistic, practical harm to people that this EU law | is preventing. | aliasxneo wrote: | > To website visitors: if you see a cookie banner, the site is | asking permission to spy on you. If that concerns you, close | the tab. | | There was a recent ACM article on this. They found there was a | large number of sites that don't actually ask permission for | anything, they are simply informing you of the spying. Not | surprisingly, the ones that did allow modifying cookies were | all setup in a predatory fashion which discouraged the | disabling of tracking. | | The whole system is broke at the moment. | Swenrekcah wrote: | It's because they're allowed to use the word "cookies" for | it. | | If they were required to use specific wording, like for | instance "injecting surveillance artefacts" people would | probably care a bit more. | gattilorenz wrote: | Hardly. It's like the requests for administrative rights in | Windows Vista, or the installers with many browser addon | bars... | | Nice idea in theory, but if it's too frequent the awareness | will, at some point, just disappear. | aliasxneo wrote: | Not necessarily. The team that wrote the ACM article did a | small user-test using various versions of the "disable | cookie" banner. In all cases they concluded that the user | was indeed aware of the negative impact of cookies, | however, the need to just "get back to the content" often | overruled that distaste. | | Not surprisingly, the most effective banner they found was | the one which had a single "disable all cookies" button. It | was something like an 80% hit rate. So, people care, but | not enough to dig into another prompt to uncheck a bunch of | boxes. This is what the ACM writers referred to as | predatory (abusing human nature). | drstewart wrote: | What about Australian citizens? | BolexNOLA wrote: | My buddy is a manager at a chemical plant, and your comment | reminds me of a very astute statement he made recently. | | "I don't generally like unions. I've worked at both union and | non-union plants. But anytime someone else complains about | unions, I remind them that if they have a union at their plant, | they earned it." | feet wrote: | Sounds like a manager's take on unions, at least he sounds | somewhat reasonable. Good on him | saas_sam wrote: | When union plants are shuttered in favor of non-union plants, | did they earn that too? Or does this logic only apply in one | direction? | tbihl wrote: | Yes? Why wouldn't they? | jrajav wrote: | I think it's fair to say that most unions have been | established as a sole result of proportional human effort, | while the same cannot be said for the success of most | businesses. There are many instances where an existing | imbalance in power or resource ownership is a significant | factor in a business' success. | mattmcknight wrote: | > To website visitors: if you see a cookie banner, the site is | asking permission to spy on you. | | Or you know...count how many unique visitors they have and how | to make the site more useful. Do you avoid using cookies on | this site but still manage to log in? | [deleted] | leephillips wrote: | Do you know the difference between cookies and a cookie | banner? Do you understand why this site can have login | sessions, and even keep track of the number of unique | visitors, yet is not required to have a cookie banner? | tensor wrote: | Have you researched to know if this site is hosted on a US | server? I wouldn't be surprised if it is and I also | wouldn't be surprised if your IP address was additionally | stored in a log somewhere for a period of time. In the US. | Kovah wrote: | Cookies needed to properly provide user authentication, i.e. | user session identification, are counted as "technical | necessary" cookies and do not need a cookie banner. You only | need to ask for cookie consent, if you track visitors with | third-party services. And, to counter your unique visitors | claim: you don't need cookies, or any third party service, | for that. Everything can be done locally without | disrespecting user privacy. | leephillips wrote: | Exactly. HN doesn't need a cookie banner because they're | not spying on their users. No barrier to keeping track of | sessions. | tensor wrote: | If you feel this way I hope you do research before visiting any | website at all, because you might accidentally connect to a | server in the US and your IP address will be in the TCIP stack | of that server and probably the logs too. US servers that are | intended to serve US customers have no obligations to you. | encoderer wrote: | Well I'm not an expert but I think the main issue is that | American citizens have protections that non-Americans do not. | The government cannot spy on Americans without a court order. | darknavi wrote: | The word "spy" is so loose these days. I'd consider the vast | swaths of metadata other companies compile on me "spying" to | an extent. | skrtskrt wrote: | > The government cannot spy on Americans without a court | order. | | Have I got news for you. Specifically at least 100 years of | news. | SahAssar wrote: | Unless they have an intelligence sharing agreement with a | nation that happens to pick up signals from americans, from | who they can request that data. And maybe there exists a | network to share the raw data, wouldn't that be convenient? | Or you could have a secret court system (FISA) to bypass most | of the protections normally granted by due process? | sylware wrote: | I don't understand. | | They can host locally the data and remotely query it. | | What's important is the "intelligence" the data does provide: | giving critical and unfair advantage for those who have the whole | data. | | For instance, microsoft has an unfair advantage almost anywhere | because they have access to the whole linkedin database. | jeroenhd wrote: | European companies are not allowed to share PII with American | companies. That goes for companies with a headquarters in the | USA or subsidiaries that may be forced to share data thanks to | laws like the US Cloud Act. | | Previously, the EU exempted the USA through an "adequacy | decision". That was later deemed illegal under EU law as | American laws could not guarantee the privacy of EU citizens to | the extend the GDPR prescribes. Then the EU tried again, and | again such a decision was also overturned in court. The EU is | working on another attempt at letting the USA track PII of EU | users, but until they do that again (probably for another few | years) it's illegal to share PII with American companies in | almost all situations. | | This is the third time a data processing agency has declared | the use of Google Analytics illegal so it shouldn't really come | as a surprise to those following tech news. | | What's important is that the data is PII and that it's going to | a place that can't guarantee privacy to an acceptable standard. | Business advantage is irrelevant. The intelligence the data | provides is also irrelevant. European privacy laws serve | people, not businesses. | naet wrote: | As more and more country specific legal regulations are raised, I | wonder who will be the ultimate gatekeepers of the general | internet when certain actors behave against the "rules". The | current landscape is a complex system of seeming contradictions | straddling different levels of public and private, centralized | and decentralized, anarchical and moderated, etc. | | Will ISPs be forced to cut off traffic from certain areas? Will | centralized companies like Google and Reddit be forced to comply | with regulations or cut off services in certain areas? Will | governments set up firewalls? Will the buck of responsibility be | passed upwards to service providers like GA, or downwards to | individual site administrators? | UncleEntity wrote: | Nah, they'll just slap them with a fine now again as a | substitute for direct taxation and let them do what they do | basically unchanged. | | Once the Europeans have to use a foreign proxy to see the | regular internet, like the Chinese, then we will have a real | discussion on online privacy. | djbebs wrote: | Have you tried to go to rt.com hany time recently? | djbebs wrote: | We already do. | AdriaanvRossum wrote: | Regarding forbidden countries, it's not forbidden in the | Netherlands, yet. They will announce a verdict in a form of a | report by the end of 2022 [1]. | | To give people an option and pink something else over Google | Analytics, I have built an alternative, Simple Analytics [2]. | | It doesn't use cookies or any form of tracking and you get still | the useful data that 80% of the website owners need. | | [1] | https://autoriteitpersoonsgegevens.nl/nl/onderwerpen/interne... | (in Dutch) | | [2] https://simpleanalytics.com | jeroenhd wrote: | Worth mentioning that DPAs tend to work together to prevent | conflicting laws across the EU. Following Austrian, French, and | now Italian rulings, it's almost guaranteed that the Dutch | authority will come to the same conclusion. | aliswe wrote: | What is a watchdog in this case, isn't it a non-governmental | organization? | | in that case how can they ban anything and what does that mean? | gruturo wrote: | This is an English translation from "Garante" which is actually | a stronger word - more like Guarantor. It is an official | authority with teeth. | etagate wrote: | Exactly. Just to clarify, this is the authority responsible | for those multi-million dollars fines against faang | x0x0 wrote: | It's likely a bad translation. | | The Italian SA is the Italian Data Protection Agency (DPA), one | of the per-country European regulators | https://ec.europa.eu/justice/article-29/structure/data-prote... | . Which acts under the GDPR and predecessor data protection | laws, and is very explicitly a governmental regulator. | noneeeed wrote: | Certainly in UK English we use watchdog to mean any | organisation that has an oversight role, frequently government | ones. For example the Financial Services Authority might be | described as "the banking watchdog", it is very much a | government agency. | chrisseaton wrote: | Why do you think watchdogs have to be non-governmental? | | For example: | | https://www.theguardian.com/technology/2022/may/05/uk-watchd... | ryanmcbride wrote: | I've been using clicky on a few of my sites and even though they | _assure_ me that it's totally compliant with gdpr I don't really | believe them, does anyone have a decent alternative for analytics | that respects people's privacy? I just want to see when I get new | vs returning visitors on a page. Cloudflare's analytics are okay | but I like how granular clicky can get, but if there's no good | way to do that I think I'm just gonna ditch clicky and make do | with the cdn analytics. Hell, I bet the cdn already does | everything I need and I just don't know how to use it right, or | I'm not paying for the right tier or something. | [deleted] | ClumsyPilot wrote: | matomo is something you can self host | tensor wrote: | Note that you must make sure that your host is not in the US | as well. | solar-ice wrote: | There's several self-hosted solutions, as well as several | GDPR-compliant SaaS solutions. They generally work pretty | well; I've seen people set up, for example, Plausible, in a | couple of hours on a cheap VPS. | onphonenow wrote: | At what point do operators just start blocking access from EU | countries. It's hard to imagine its worth jumping through all the | complexities here at some point. | phatfish wrote: | Bring it on. Anything that disconnects people from the American | tech industry and encourages domestic competition is a good | thing. | panzerboiler wrote: | Sure. Block access to 450 millions people because it is | inconvenient to respect their privacy. | reaperducer wrote: | The last time I checked, the Google Analytics' Terms of Service | explicitly prohibited its use on web sites involving healthcare | companies. | | That gives you an indication of how invasive it is -- that even | Google doesn't want to handle the personal information, because | it can't be made HIPAA-safe. | | Naturally, the majority of healthcare web sites use Google | Analytics, because nobody ever reads the Terms of Service. | paulcole wrote: | > The last time I checked, the Google Analytics' Terms of | Service explicitly prohibited its use on web sites involving | healthcare companies. | | You're missing a key part of the sentence you're remembering: | | > If you are (or become) a Covered Entity or Business Associate | under HIPAA, you may not use Google Analytics for any purpose | or in any manner involving Protected Health Information unless | you have received prior written consent to such use from | Google. | | Healthcare companies can absolutely use GA on their websites as | long as the website isn't involving PHI or ePHI. | zugi wrote: | I use NoScript and block Google analytics, facebook, etc. It's | nice that they use a domain separate from google.com, making it | easy to block. | leephillips wrote: | Yes. I have all their analytics and ad network domains blocked | in my hosts file. | humanistbot wrote: | From the article: | | > A website using Google Analytics (GA) without the safeguards | set out in the EU GDPR violates data protection law because it | transfers users' data to the USA, which is a country without an | adequate level of data protection. | | > Upon expiry of the 90-day deadline set out in its decision, the | Italian SA will check that the data transfers at issue are | compliant with the EU GDPR, including by way of ad-hoc | inspections. | | This follows similar decisions by France [1] and Austria [2]. | | [1] https://iapp.org/news/a/cnil-is-latest-authority-to-rule- | goo... | | [2] https://iapp.org/news/a/far-reaching-implications- | anticipate... | tmoneyfish wrote: | I'm building my own open source analytics solution exactly for | this reason. | iLoveOncall wrote: | Those decisions are good in theory, but in practice they will | kill the free web. | | The only people that have the work power to put equivalent | alternatives in place are the big corporations, that will anyway | find a loophole. | | I run my small blog, and I can't spend days or even weeks to | setup a subpar analytics solution. I won't even start talking | about self-hosting an analytics solution which would probably | double my monthly server cost for a website on which I earn 0EUR. | | In 2030, if we continue on that trend, websites will be in two | categories: belonging to huge companies, or running illegally. | It's baffling that people are applauding the end of the free web. | freeone3000 wrote: | Why does your small blog need an "analytics solution" in the | first place, if you earn $0? | iLoveOncall wrote: | Because I want to know where my readers come from, which | Google terms they searched, etc.? There's a million reasons | to want to know stats like this without earning money... | stevoski wrote: | > which Google terms they searched, etc. | | GA doesn't tell you which terms they searched. They mostly | stopped doing this in 2013. | | Google Search Console _does_ tell you the search terms, and | without any tracking on your website. | progman32 wrote: | As a user, I don't want to give this info. I'm glad the EU | is giving folks an avenue to express this preference. | iLoveOncall wrote: | I provide free tutorials and articles like this. If you | don't want to provide this info then I don't want to | provide you free content. | olalonde wrote: | That's the problem with GDPR. A lot of people are fine | with this arrangement, but the GDPR is basically making | it unlawful. GDPR is basically imposing the preferences | of other people (e.g. progman32) on us. | cardosof wrote: | Hindsight is 20/20 but wasn't it clear that the company selling | ads shouldn't be in charge of metrics for traffic and ads? Just | like the TV channels had to rely on media rating firms. | badkitty99 wrote: | youngtaff wrote: | Not sure an ad company should he in charge of a browser either | cardosof wrote: | Oh and don't forget a major OS | openplatypus wrote: | While I should be happy with narrative (I run | https://wideangle.co, GA alternative), let's be honest. It not | banned. Nor is it illegal. | | It is illegal to use it in such a way that results in Personal | Data being siphoned to the US. | | Is it hard? Yes. Outright illegal? Nah. | stevoski wrote: | It is good to see a GA competitor not resort to FUD as a | marketing tool. | nwellnhof wrote: | What's really puzzling is that Google Analytics never got banned | because of antitrust laws. It's the most obvious example of | predatory pricing I've ever seen. How is a smaller company | supposed to compete against a free product? | Wowfunhappy wrote: | Doesn't predatory pricing mean "we dropped our pricing below | profitability in order to kill competitors (and presumably | raise our own prices once they're dead)"? | | I think you'd have a _very_ good case against Amazon, and | probably Uber /Lyft, and I've long wondered why no one sued | them over it. But in Google's case, Analytics is profitable for | the same reason Youtube is profitable--Google makes money off | the data they gather. | permo-w wrote: | I did hear this in about 2014, so it could well have changed, | but I thought Youtube wasn't profitable, or at the very most | barely profitable | vkou wrote: | One broad view is that anti-trust is supposed to protect | _consumers, not competitors_. | | If a competitor can't produce a quality product that people | will pay for, consumers aren't being harmed by the prevalence | of a free good-enough product. | | In a consumer-protection world where a free and open source | Linux had 98% market share in the OS market, Microsoft or Apple | would have no leg to stand on to sue its developers over anti- | trust. In a competitor-protection world, they would. | | The US views anti-trust through a very consumer-focused | lens[1], the EU _sometimes_ views it through a more competitor- | focused one. | | [1] This doesn't mean I agree with it, and there are obvious | problems with trying to prove harm in a court of law, if no | alternative exists. | scarface74 wrote: | If we enforced a law that said no product can be sold at a | loss, we would get rid of almost every single startup and many | recently IPOd former unicorns, | tantalor wrote: | Lots of ways? Better features, better support, better | performance. | | If you can't beat the free offering, then go home. | reaperducer wrote: | _If you can 't beat the free offering, then go home._ | | In the real world of physical goods, there are laws against | this. But Google's a tech company, so anything goes. | minsc_and_boo wrote: | Which real world country? | | In the U.S. most antitrust law is based on protecting | what's best for the consumer, not protecting the | competition from a free alternative. | foota wrote: | It's not illegal to give things away for free unless it's | dumping. | reaperducer wrote: | _It 's not illegal to give things away for free unless | it's dumping._ | | Which is exactly my point. | | "[Dumping] occurs when manufacturers export a product... | at a price below the normal price with an injuring | effect. The objective of dumping is to increase market | share in... by driving out competition and thereby create | a monopoly situation" | | https://en.wikipedia.org/wiki/Dumping_(pricing_policy) | | That's exactly what's happening here. | | Google prices Analytics at $0 to prevent any competition | from starting up. | | While an argument can be made that Google doesn't need to | charge money for the product because that cost is made up | in other areas, there is no way of knowing that, because | those costs are not public. We don't know if it's fully | made up by other means, or partially made up by other | means, or not at all. | | Like you, IANAL, but it's my understanding that legally, | it's not about the price, it's about the intent. | wvenable wrote: | > Google prices Analytics at $0 to prevent any | competition from starting up. | | It's not dumping because, in the absence of any | competition, the price hasn't changed. It just turns out | the market price for this service is $0. | quickthrower2 wrote: | I would say it has more in common with the Microsoft | antitrust case. In that they gave IE away for free. | | I think you can show Google has monopoly on search and | search data and GA is the only analytics allowed to | connect with that. | | Is it dumping? Yes. They don't intend to raise the price, | but they get paid not in cash but in terms of increasing | their monopoly by having so much data on us. | | Now a lot of things are like this (anything where you | give your email for a discount code). But they are not | intended to get a global monopoly or make it impossible | for anyone else to do business competing with you. | xboxnolifes wrote: | > It just turns out the market price for this service is | $0 | | You can't come to this conclusion until you prevent | Google from using the acquired data to improve their ad | service. | jokethrowaway wrote: | What a horrible law. | | The market should just create a better solution or find | investors to call the bluff of the offending company and | make even more money | raviparikh wrote: | I co-founded a company called Heap that competed against Google | Analytics and we were quite successful. Amplitude, Mixpanel, | and others have also done so. GA's free pricing was not really | a big issue for us and customers were very willing to pay 6- | and 7-figures for a differentiated quality product. | Nagyman wrote: | Loved Heap (Analytics?). I advocated for it while working at | my previous employer :) I think we were early customers. At | the time, its automatic tracking of all events was a godsend | compared to hooking up specific tracking after the fact using | GA events. | plandis wrote: | The US should economically retaliate. | | GDPR and these other regulations in the EU exist because EU | cannot stomach the fact that they got beat on tech and instead of | innovating they are regulating to try and even the playing field. | gnuj3 wrote: | Hmmm, or maybe they exist because EU has a little bit more | respect for privacy of its citizens than US? | calibas wrote: | If I understand this correctly, the issue isn't Google Analytics | specifically, but "because it transfers users' data to the USA, | which is a country without an adequate level of data protection". | | So this could also apply to any company that sends PII to the | USA? | solar-ice wrote: | At present, there is no legal basis for a company covered by | the GDPR to send personal data to the US or a US-owned company. | The US needs to repeal the CLOUD Act, and maybe one or two | other things, in order to make this situation work again. | minsc_and_boo wrote: | Is that for US- or Italian-based users? What if this is an | Italian company running a global website with data from non- | GDPR country users? | jakubp wrote: | GDPR covers EU citizens. I don't think it says anything | about non-EU citizens. | quickthrower2 wrote: | Which is nebulous: someone whose grandad was Italian | living their whole life in the US might be a defacto EU | citizen. | solar-ice wrote: | You can find the scope of the GDPR in Article 3 of the | GDPR: https://gdpr-info.eu/art-3-gdpr/ | | Read these as individual clauses; the Regulation applies if | any one of them is met. An Italian company serving | customers anywhere in the world is covered by the first | clause. | throwawayjun21 wrote: | everyone should avoid google products/services like a cancer. | takethat wrote: | anyone runs self hosted matomo/piwik instance for analytics? | hbfdhfdhadfhnfa wrote: | Meanwhile, COVID-19 certificate app for Czech Republic citizen's | uses Google Analytics. We are not the same. Good job Italy! | lmkg wrote: | This is consistent with decisions from the Austrian and French | data protection authorities (DPAs). Note that Google is a | _Processor_ (for this product), meaning that Google itself does | not violate GDPR, but only the websites that use it. | | Following the Schrems II case, the "threat model" used by EU | courts on these matters is "American law enforcement can serve a | warrant to American companies." Long story short, any processing | that Google does _after collection_ is not considered to offer | any protection, because American law enforcement can just tell | them not to do that and they won 't. Hence, the "Anonymize IP | Address" setting in Google Analytics is not considered to have | value for GA. | | It might theoretically be possible to use GA compliantly by | proxying data through an EU-owned service which obfuscates | anything considered personal data, at minimum the IP address and | various cookie values. This scenario hasn't been confirmed by | anyone as compliant, but the regulators seem to always go out of | their way to dance around it rather than just saying "GA is non- | compliant, always, forever." Still, for the trouble to set up | such a service you might as well just stand up a self-hosted | first-party analytics solution. | | This particular decision on GA is purely about the cross-border | transfers, and doesn't seem to touch on whether using cookies for | analytics requires consent. That's a separate issue (technically | about a separate law). | V__ wrote: | > meaning that Google itself does not violate GDPR, but only | the websites that use it. | | This is so baffling to me. Google has subsidiaries in the EU. | The fact that it's ok to give a product to a EU client which | can't be used in accordance with the law, and the client is | responsible, is just idiotic. | humanistbot wrote: | To be compliant, Google can just set up data centers specific | to GA in one of those EU subsidiaries, so GA admins can | choose to have their visitors' data stored only in an EU data | center (and promise to not transfer that data to the US). | This wouldn't be that hard to do. | nisegami wrote: | It really makes no difference where the data is stored once | it's accessible by a US company: | | "The CLOUD Act primarily amends the Stored Communications | Act (SCA) of 1986 to allow federal law enforcement to | compel U.S.-based technology companies via warrant or | subpoena to provide requested data stored on servers | regardless of whether the data are stored in the U.S. or on | foreign soil." | | from https://en.wikipedia.org/wiki/CLOUD_Act | shadowgovt wrote: | Building out the infrastructure necessary for Cloud to be | compliant with region-stored data was a multi-year project. | | Huge swathes of Google's architecture (especially its | legacy architecture) have deeply-ingrained location- | agnosticism assumptions. It turns out to be extremely | complex and expensive to remove those assumptions given the | way Google handles data once it hits their datacenter | fabric. | | (Not impossible, mind, just that this assertion that it | wouldn't be that hard to do is in "I could build Twitter in | a weekend" territory). | robin_reala wrote: | It's coming up to a decade since Schrems I, six years | since GDPR, and four years since enforcement of GDPR. For | a company like Google the writing has been on the wall | for a lot longer than a weekend. They've simply been | gambling that they can get away with it, and now that | argument is collapsing. | shadowgovt wrote: | Oh, no doubt. They've 100% been gambling that they could | get away with it. The GDPR has deviated increasingly from | what their leadership assumed would be a reasonable | position (it continues to drift from the American | centroid belief on who owns what data; for Americans, the | notion that you can use other people's computers without | them keeping records of how you used their computers is | kinda weird, and Americans lack the direct historical | experience to have the kinds of concerns about mass- | citizen-tracking that Europe does). | | My prediction is that as things move forward, they're | going to find it isn't worth their money to offer | Analytics for European customers if the GDPR continues to | make that more onerous (especially since the monetization | story of Analytics for Google is so threadbare) and just | offer it for customers in other countries while Europe | does its own thing. Win-win. | openplatypus wrote: | As mentioned by other commentators, this is not enough. | Schrems II ruling exposed the risk here. If servers are in | EU but are undereffective control (even via proxy) of | country with inadequate control (US, RU, CN), then you | can't use data location as argument. | MrQuimico wrote: | The problem is not only the geo location of the | datacenters. As long as these subsidiaries are under the | control of a USA corporation, this is illegal, since the | USA corporation can be requested by the USA gov to share | any data they may have not matter where it's stored. Only | options are a 100% GDPR compliant solution (European or | from a country with similar laws) or self-host. Hopefully | another Privacy Shield like agreement will be in place | soon. | ClumsyPilot wrote: | > another Privacy Shield | | its real name should have been privacy hole | dylan604 wrote: | It wouldn't be hard for Googs to do this on their own so | that they comply with the rules/laws in the markets they | are operating vs giving it to the end user as an option in | the configs. Most people using GA probably wouldn't know | what any of that meant anyways. They just want the numbers | so their marketing people can tell them what to do next. | I'm talking the people running sites on Wix type sites vs | having an actual dev team that can push back against a | marketing department | gostsamo wrote: | No, they can't as far as I get it. The american cloud act | entitles US law enforcement to serve orders to US companies | and their foreign branches. So, if you are american with a | company in the EU, the important part is that you are an | american, not that the company is in a foreign | jurisdiction. | tempestn wrote: | Perhaps Google could license a third party in the EU to | host analytics for EU customers? | gostsamo wrote: | This is an option. I saw somewhere a news that they might | license the entire GCloud to a French provider but I | can't remember where and when. | ohand wrote: | You're remembering this announcement from last fall: http | s://www.thalesgroup.com/en/group/investors/press_release. | .. | closewith wrote: | Yes, specifically the CLOUD (Clarifying Lawful Overseas | Use of Data) Act, which was enacted following a case in | 2014 where Microsoft refused to hand over emails stored | in the EU (Ireland, in that case) on foot of a domestic | US warrant. | | The CLOUD Act expressly brings data stored by US-based | companies anywhere in the world under the purview of US | warrants and subpoenas. | | https://en.wikipedia.org/wiki/CLOUD_Act | gretch wrote: | What about Italian websites that serve customers outside of | Italy? | V__ wrote: | If they serve customers outside the EU, then they should | comply with those laws or not serve them at all. | leephillips wrote: | I don't find it idiotic. It was the client's decision to spy | on its users. I have no sympathy for companies who make that | decision. | V__ wrote: | > It was the client's decision to spy on its users. | | Calling it spying is a little far-fetched I think, when the | problem was the transfer ip addresses to US servers, not | Analytics itself. | leephillips wrote: | Like most people, I have an IP that is unique to me, and | will be for weeks, maybe months, until some event causes | my ISP to assign me a new one. Google can track and | correlate my activity across all the websites that I | visit that happen to use GA. In this way they can build a | profile. If I used Gmail, they could include information | from the content of my email, which they admit their | computers examine. With enough data it would be a simple | matter to detect when my IP changed, and continue to | amass the profile. If this isn't spying, then nothing is. | V__ wrote: | Oh, I think I wasn't clear. I meant saying that the | client is deciding to spy is a bit far-fetched. Google of | course. | rattlesnakedave wrote: | It was the client's decision to use the service. | leephillips wrote: | Which is a decision to spy on the users. | pessimizer wrote: | Why do you have to be sympathetic to the client in order to | also condemn Google? If someone was selling bleach as a | cure for autism through a network of distributors, do you | have to be sympathetic to the distributors in order to | condemn the manufacturer? | cm2012 wrote: | Another decision in a long stream that will make it much harder | for EU start-ups companies to catch up to American ones. With | absolutely no improvements to actual EU citizen well being. | peoplefromibiza wrote: | or maybe EU is starring to rely on their own startups. | | If I had to chose an analytics software for a customer's | website, I'd chose someone in EU for the sole reason that it | would be compliant in both EU and the rest of the World. | nathanaldensr wrote: | Maybe a race where the finish line is _maximum exploitation of | the digital population_ isn 't a race worth running. | iLoveOncall wrote: | Sure, because we live in the world of Care Bears. | waffleiron wrote: | So lets legalise child labour? Get rid of OSHA? | | Where you draw the line is cultural and personal, so don't | dismiss things like this so easily. | jimnotgym wrote: | Isn't this an opportunity for EU startups? By choosing to | enforce the law on US companies that EU companies are already | generally very compliant with, surely the EU has levelled the | playing field for EU companies? | jeroenhd wrote: | I can already see the taglines: "ConsentCo, tracking that's | legal in the EU, unlike Google Analytics" | cm2012 wrote: | A little advantage for EU analytics startups, disadvantage | for all other EU startups and SMBs who have less options for | figuring out what users like about their website and | offerings. | YetAnotherNick wrote: | So due to this legislations it is more costly/less profitable | for a company to have a European customer compared to US | customer. Things like GDPR/lawsuits/bad PR etc. doesn't come | for free for companies. So if some startup has more ratio of | European users it is at a disadvantage. | AdriaanvRossum wrote: | It is. Most startups in the EU have to use more and more | businesses in the EU. The selection is little, so way more | changes to succeed if your EU based and serve both markets. | | I run Simple Analytics [1], which is a privacy-first | analytics business from the Netherlands. I see a lot of | business from the EU just because we are from the EU as well. | | [1] https://simpleanalytics.com/?ref=hn | louhike wrote: | The CNIL in France is really pushing companies to not use Google | Analytics, and you better listen to them here. It seems US | companies should really make changes to how they host/manage data | to be able to able to work in EU in the near future. (It isn't a | criticism, simply an assesment). | f1refly wrote: | There's nothing US companies can do to make themselfes legal to | use here. The legal framework in the US allows dragnet spying | on every non-american and american companies are forced to | participate in that effort. | jeroenhd wrote: | They're perfectly legal if they don't process any PII. If a | US company serves static content there's no need to fear the | EU; they'll just have to disable illegal external | integrations like Google Analytics/Fonts/etc. | | A company doing business with other companies might find | themselves in a position where they can comply perfectly. Not | every company needs to collect PII, though these days every | company likes to pretend they do. | la64710 wrote: | This kind of ridiculous laws do not understand the boundless | nature of internet. If you want to protect privacy of netizens | simply make a universal law instead of having different laws in | different countries. | adfm wrote: | Since the Internet is not a fiefdom, universal law is moot. | Nation states will draft tracking laws that are only only | enforceable through tracking in an attempt to gain their slice | of authoritarian pie. Pointing to the Google or US is typical | strawman BS and gives people a false sense of security because | they should assume everyone, not just the Google, is tracking | them. Getting people to own their data is an uphill climb, but | is ultimately what will curb the negative behavior we're | witnessing. | pessimizer wrote: | Other countries may not want to protect privacy at all. | Italians are making rules to protect Italians. | IncRnd wrote: | How does one "simply make a universal law"? | tgv wrote: | I'm afraid it does understand the boundless nature of the | internet, and it wants the owner of the server to do something | about it. | rkagerer wrote: | These guys are my heros | corywatilo wrote: | Italy is the 4th in a string of recent decisions across the EU. | | (We're tracking these cases on isgoogleanalyticsillegal.com along | with details for each.) | | Note that it's not illegal to use GA entirely, just illegal to | use in its default state which transmits PII to the US. | stingraycharles wrote: | That is an extremely important nuance which is not obvious from | the title. | [deleted] | minsc_and_boo wrote: | Isn't it already against Google Analytics' policy to put PII in | the platform to begin with? | | https://support.google.com/analytics/answer/6366371?hl=en#zi... | rgbrenner wrote: | Gdpr uses a more expansive definition of personal data, and | it includes the IP address and geolocation data, for example. | [deleted] | [deleted] | [deleted] | [deleted] | [deleted] | [deleted] | lmkg wrote: | > just illegal to use in its default state which transmits PII | to the US | | As I mentioned in a sibling comment, this is technically true | but complying with GDPR takes more than unchecking a few boxes. | I've never seen any GA set-up that would remotely approach | compliance. At minimum, you need to mask IP's _before_ they | reach Google, which means standing up a non-Google server to | proxy all the hits. That is more complexity than 99+% of GA | installations. | naet wrote: | My current understanding of google analytics and GDPR | compliance is that you can use it in a GDPR compliant manner | without that much trouble. On the older UA there is a simple | flag that enables IP anonymization and on the new GA4 there | is purportedly no need for it as they don't collect or store | the IP at all. | | For many clients I have set up a cookie compliance tool like | Onetrust, which blocks loading of GA and other scripts with | one of the consent popups. With this combined configuration | (and having verified nothing sneaks through before someone | gives consent) most company legal / compliance teams I have | worked with have deemed this to be a fully compliant setup. | Of course, this might not be actually compliant, but the | company legal team has done some research and arrived at this | as the most advantageous position currently available. | | I think using a compliance based tool like Onetrust also | gives a sense of legal security in that if our configuration | is properly set up they are advertising that we then get | compliance as part of their service, and so responsibility of | a violation could potentially be passed to them in a legal | setting. | | ref: | https://support.google.com/analytics/answer/2763052?hl=en | majewsky wrote: | > For many clients I have set up a cookie compliance tool | like Onetrust | | Every time I've seen a cookie popup from Onetrust, it was | obviously illegal because "Reject all" was not the easiest | option. It's fine if "Accept all" is as easy as "Reject | all", but nothing is allowed to be easier than "Reject | all". Have they fixed that yet? | jeroenhd wrote: | I'm not so sure your take on IP address anonymization. The | source states: The Italian SA found that | the website operators using GA collected, via cookies, | information on user interactions with the respective | websites, visited pages and services on offer. The | multifarious set of data collected in this connection | included the user device IP address along with information | on browser, operating system, screen resolution, selected | language, date and time of page viewing. This information | was found to be transferred to the USA. In determining that | the processing was unlawful, the Italian SA reiterated that | an IP address is a personal data and would not be | anonymised even if it were truncated - given Google's | capabilities to enrich such data through additional | information it holds. | | The Google documentation says: The IP- | anonymization feature in Universal Analytics sets the last | octet of IPv4 user IP addresses and the last 80 bits of | IPv6 addresses to zeros in memory shortly after being sent | to Google Analytics. | | IANAL but I'm pretty sure the IP anonymization setting is | no longer an acceptable way of getting GDPR compliance. It | may have been acceptable under Austrian or French ruling | before, I don't know about those, but from 90 days from now | you'll have to explicitly require consent for _at least_ | all Italian users. | | As a side note, OneTrust has the worst of the worst cookie | banners, to the point that I no longer even open websites | that have that crap installed. It's also illegal by making | it harder to reject tracking than to opt-in, there just | haven't been any specific lawsuits about this party yet. | closewith wrote: | That's a very common implementation of serverside GTM/GA in | the EU. If you advertise, you'll still be sending GCLIDs, | though. | Nextgrid wrote: | If only ad clicks send back tracking parameters (and | nothing else) it might actually fall into legitimate | interest. | closewith wrote: | The current issue isn't the lawful basis for the | processing, as compliant companies already only use | Google Analytics once they have consent. The issue is | that without an adequacy decision from the EU to allow | data transfers to the US, and with the global reach of US | authorities thanks to the CLOUD Act, there's no way to | keep personal data safe from US law enforcement. | [deleted] | clairity wrote: | i'd support any legislation that booted google, fb, ms, adobe, | salesforce, and a whole host of other surveillance tech | companies from any and all levels of government. it's literally | as important as the separation of church and state. in fact, | i'd love to see a constitutional amendment explicitly | separating corporate interests from governmental ones, in all | facets of civic life (e.g., campaign finance). | hulitu wrote: | They tried with the church and did not succeed. Why do you | think they can succeed with SW. | saiya-jin wrote: | Not only state... I see absolutely 0 reason for my swiss | ebanking in the secured web interface to se google analytics | and similar trackers. I can clearly see them being blocked by | the likes of ublock origin and ghostery in my firefox. Why | the f*k should google know where I go in such private matters | (and there are tons more, ie if you are lgbtq+ in one of the | many restrictive locations, have some less mainstream | political preferences etc.). The data once acquired have no | reason to be deleted, ever. Too juicy info, and 7 billion | humans is not that large group to aspire to track. | | I get why google et al want it for their growth/sales, but | they are a private entity not owning internet in any way, | extremely foreign to Europe with no clear friendly | intentions. One of few times I can say I am proud to be | living on old continent. | clairity wrote: | exactly, we need to decentralize power, and knowledge | (information) is power. it seems innocuous when we each | leak a little here and there, but surveillance tech is | vacuuming up every tiny bit of it. | | living in europe doesn't much matter, given the reach of | these companies and their interweaving into government | systems, along with reciprocal surveillance agreements | (however-many-eyes countries). | adamrezich wrote: | > in fact, i'd love to see a constitutional amendment | explicitly separating corporate interests from governmental | ones | | I don't think you comprehend the scope of what you're | suggesting. | | I work for a school district and I'm currently migrating our | system from using one commercial bus routing service to | another... using Windows, SQL Server, Teams, etc. from | Microsoft... using a laptop, dock, three monitors, keyboard, | and mouse from HP... and today the elevator was broken so we | called a repair company to come fix it... oh, and some | company makes the school buses, and the networked phone on my | desk, and the printer around the corner, and all of the paper | in it... the fluorescent bulbs above me don't grow on | trees... | | you can't just expect governments, even at the national | level, to roll their own _everything_ without interfacing | with corporations in any way--this is a hopelessly naive view | of the world. I am just as uncomfortable as you are with data | being shared with corporations, but you 're going to have to | figure out a more realistic set of political goals than what | you've outlined here. | clairity wrote: | it's not really aimed at governments, so much as | corporations that feel entitled to sneak in ancillary | interests into their products, like surveilling the public. | basically, it's to force companies like microsoft to remove | all that other shit and provide just the core software, if | they want access to government largess. this has beneficial | externalities for us, the residents of said governments. | adamrezich wrote: | sure, and like I said, I agree completely. but you can't | just say "i'd love to see a constitutional amendment | explicitly separating corporate interests from | governmental ones", unless you're proposing that all | corporations should be state-owned and -operated, and | that's not really a viable solution, plus it introduces a | whole host of other problems. | | but even if you just mean to say "government should not | share citizens' data with corporations", well, there are | presently two (until our license with one is up at the | end of summer) separate corporations that both know where | every kid in my school district lives, what their special | ed needs are, what their parents names are, what their | parents' contact information is, if they live between | multiple households, and so forth, because that is the | explicit purchase of their business, and that why we | purchased their software. the same goes for another piece | of SaaS we recently purchased a license to involving food | service management for the school system. when designing | the data export we opted to not follow the part of the | schema that wants SSNs for the students (because why | would they need that?!), but that might not be the case | for other districts using the same software. | | my point is there are a lot more interconnected corporate | software services sharing citizen data at play in | contemporary government systems than you probably think, | and, once again, even though I agree with your position | with regards to sharing citizen data with corporations... | I think that ship might've pretty much sailed sometime in | the past few decades. | clairity wrote: | i wrote a few sentences on a large civic concept, not a | treatise, so let's not jump to ideological conclusions | quite yet. | | but yes, i'm explicitly against governments sharing | private data with corporations, no matter how convenient | it might seem to be for workers. governments have run for | centuries without those conveniences, so it's not a | dichotomous choice of share all the data or not have | schools (for instance). a lot of data sharing is driven | by the misguided desire to control (that is, to | centralize power), whether it be teachers, students, or | administrators, not for actual educational outcomes, | despite the latter being the nominal impetus. | adamrezich wrote: | > a lot of data sharing is driven by the misguided desire | to control (that is, to centralize power), whether it be | teachers, students, or administrators, not for actual | educational outcomes, despite the latter being the | nominal impetus. | | I have yet to see this occur. instead, it's all about | bureaucratic convenience. why hire more people for | Student Transportation to keep bus routes straight, and | deal with printing out & distributing paper passenger | lists to bus drivers, etc. etc., when you could use a | piece of software to handle it all for you? nobody at the | bureaucratic levels we're talking about here care about | hoarding personal information for power or centralization | or anything like that, it's purely for convenience and | streamlining of bureaucracy. | | one might say, ok, sure, but why does it have to be a | third-party SaaS that you're SFTPing data back and forth | with, why can't it just be a traditional piece of | software that you install and manage locally? again: | convenience, for all involved. that's one less thing for | our sysadmins to worry about dealing with, and when you | get enough of these things then you'll need to hire and | retain more sysadmins (who we're frequently cycling | through as is due to failure to compete with corporate | salaries). the software developers of the third-party bus | routing software don't have to worry about platform | compatibility if the platform they're targeting is the | web. parents can easily log into the website to see their | child's bus routes and if they're delayed or whatever | (apparently this is a real thing real parents demand...). | but also, hey, we're already using Office 365, so "what's | a few more SaaS solutions to problems we have, at this | point?" | | what I'm getting at here is the rise of SaaS and the fall | of self-hosted solutions to things like this is pervasive | everywhere in the corporate world, so if you don't want | your tax money "wasted" on even keeping school district | student data in-house and secure, this is the world we | have to live with now. I'm not saying it doesn't suck | ass, another piece of software we replaced is all web- | based (albeit locally-hosted) and strictly inferior to | the end-of-life Java-based software it is replacing. | software kinda just keeps getting worse, and the further | stratification of everything into SaaS is definitely not | good in the long run. but... that's the current state of | things everywhere, so why should government be any | different? | | if this bothers you about public schooling in particular, | then the solution (which I'll likely be doing, but not | for this reason) is homeschooling your kids. then their | data is only stored in the district database and only | transmitted to and from the state and local governments, | for reporting purposes. | | but more broadly speaking, what's the use in calling out | governments transmitting personal information to | corporations when corporations are already taking so much | of your data themselves? I bought my fiancee a hat with a | soda logo on it last week and she was getting ads for | that specific soda the next day. how it happened, I have | no idea. shortly after I moved back to my hometown, I | picked up some groceries for my mom _using her credit | card_ , including a can of Red Bull I got for myself, the | first I'd had in months. later that day, ad for Red Bull | on my social feeds, first I'd seen... in months. whenever | I buy booze, I get (different) booze ads on Twitter for | days--when I don't buy any booze for awhile, the ads | stop. | | there's already so much personal information being | trafficked between corporations everywhere without our | consent, what makes the government sending it to | corporations for legitimate purposes so specifically | offensive? maybe I'm being too cynical but it seems like | the genie's just kind of out of the bottle now for | personal data in general. TFA is sticking a finger in one | of many finger-sized holes in the hull of a ship which is | sinking mostly not due to the finger-sized holes but to | the person-sized ones that we're just kinda ignoring. | dragonwriter wrote: | > i'd love to see a constitutional amendment explicitly | separating corporate interests from governmental ones | | How is that possible, since corporations are, by definition, | creations of government through law? | clairity wrote: | i mean, that's like asking how is it possible to | compartmentalize anything. as elaborated elsewhere, it | isn't about literally separating all interests, just those | that harm the public. it's about removing the negative | externalies that companies like google impose on us via | such government contracts. | ta_5628952 wrote: | > just those that harm the public | | But it's not that simple. What harms the public? Many | would argue being able to use data google collects | (legally through subpoenas or grey-legally through any of | the number reports that have come out since Snowden) | helps government agencies by increasing public security-- | thus the opposite of harm. Being | clairity wrote: | in that case, it's pretty simple. the snowden leaks | elucidated the government's desire to create a | surveillance state with the help of corporations, not | that a surveillance state would be a net-good for | society. | skrebbel wrote: | FWIW I think the "church and state" analogy is genius, it | totally resonated with me. I'm going to steal that! | abarwick wrote: | This is just naive. Government offices/agencies are so | tightly coupled with packages like office 365 that forcefully | separating them would require home built solutions which | would always be terrible, less secure, and more expensive to | the tax payer. There's a lot of good these products can | provide, granted they are properly audited and have high | security requirements. | einpoklum wrote: | > are so tightly coupled with packages like office 365 | | Are they though? Do you know this for a fact? I mean, sure, | MS Office is very popular in government settings, but does | this really go beyond the possibility of just replacing it | with LibreOffice if they so decided? | TurningCanadian wrote: | Sharing a link to a document that others can edit in the | cloud is much more convenient than emailing around a | _final_v3(2).docx document. | abarwick wrote: | I obviously can't speak for all, even most, but back in | my consulting days I can say the many US federal and | state agencies use Azure AD and a litany of AWS services | that are core to vital work streams. Enough that having | to shut them down would neuter the department. | daniel-cussen wrote: | Russia has that. Just typewriters and stationary. | jcelerier wrote: | Idk here in France there are cities and state-wide | administrations with free/libre stacks based on Linux, | LibreOffice, Zimbra and others and things seem to | JustWork(tm). For instance the french Gendarmerie, the | cities of Rennes and Arles... | spoonjim wrote: | Are there any high functioning large companies that use | Linux/LibreOffice/Zimbra? I suppose governments rarely | aspire to be high functioning. | pyrale wrote: | Arles is getting suckered by Microsoft, sadly [1]. | Unfortunately all it takes is one idiot to get in office | once to kill this kind of successful initiative that has | been running for almost two decades. | | [1]: https://larlesienne.info/2022/02/22/la-municipalite- | de-carol... | clairity wrote: | ah, the _ad hominem_ , never a good sign for the proceeding | argument. | | there are a number of other office suites that are entirely | adequate for bureaucratic organizations to build methodical | processes around (which is what bureaucracies do). the | capabilities of the underlying tools don't matter much in | this regard. | | also, audits aren't meant to prove anything (like | security), but instead to shift liability. | scarface74 wrote: | The average large organization uses over 100 SaaS | products | | https://www.statista.com/statistics/1233538/average- | number-s... | | I would love to see you replace all 100 of those with | open source software. | | Have you ever dealt with large technology migrations? | quantum_magpie wrote: | And if no one does anything, in 5 years it will be a | 1000, in 10 years 5000. As it is right now, the only | voice governments hear is that of corpos, and corpos want | to preserve the influence of corpos. That's why we need | to force the ban on corpo influence. I'd rather pay 1% | gdp for a one-time migration to open and free software | than pay .01% gdp per corp per year. | scarface74 wrote: | Are you going to also train staff to use the new open | source software? Where is the open source SalesForce | equivalent? Workday? Concur? Device management? Email | service? ServiceNow? Time tracking? Photoshop? Are you | going to also force every employee to use Linux instead | of Mac and Windows? Are you going to tell them to rewrite | all of their software and business processes written on | top of Oracle and SQL Server? Should they also rewrite | all of their bespoke mobile apps to support open source | mobile operating systems? Are you going to migrate all of | their Office documents and SharePoint? Are they going to | move all of their project management processes from | Microsoft Azure DevOps (aka Visual Studio Online)? Are | they going to move all of their call center software to | open source? For school systems are they going to move | their fuel procurement software? Many education systems | are partially funded by the lottery. Are they going to | move their backend systems from GTech? Their lunch | programs payment systems for students use a third party, | are they going to move that too? Their ATS? LMS? Grade | tracking software? | abarwick wrote: | Simply training government workers to use open source | tools would shut down governments for weeks. | rapind wrote: | 100 SaaS products in one org sounds like a security and | logistics nightmare. | [deleted] | clairity wrote: | not sure that it's relevant and 'large' is subjective, | but yes, i stewarded the technology migration of a core | product suite for a prior employer, which incidentally | had government agencies as a prominent customer segment. | | i'm not suggesting that governments can only use | internally developed or open-source software, i'm saying | corporate interests should be firewalled away from | goverment. so a locally-installed office suite | incorporating no surveillance tech doesn't have the | ancillary corporate interests attached to qualify it for | being firewalled. | scarface74 wrote: | You migrated _a_ product. Were you involved in migrating | the _entire_ infrastructure of an entire state? | | Yes, I speak from experience, migrations and | modernizations are kind of my job. | [deleted] | throw827474737 wrote: | so just assuming you have an overpriced stinking pile of | sh*t, is this an argument to stay with it forever? | scarface74 wrote: | So do you think open source or the government producing | their own software will be better? | Jcowell wrote: | > ah, the ad hominem, never a good sign for the | proceeding argument. | | GP never says that _you're_ naive, but the comment was. | clairity wrote: | either way (intent can also be multi-modal), it signals a | triggered response and is entirely superfluous and | distracting. it's worth setting that aside, even after | writing it, and examining the emotional underpinnings | that led to the response in the first place. we learn a | lot about our own subconsciousness that way. | ska wrote: | >, ... it signals a triggered response | | This is, at best, a stretch. | simonswords82 wrote: | I have no idea what it is you're trying to say but I did | laugh that your username is clarity! :) | clairity wrote: | excellent, my diabolical plan to rule the world via dry | humor is working as designed. | mmanfrin wrote: | > ah, the ad hominem, never a good sign for the | proceeding argument. | | An ad hominem means using an insult _as the basis for | rejecting an argument_ , e.g. 'that is wrong because you | are [attack]'. Saying an argument is naive and then | explaining why is not an ad hominem. | clairity wrote: | arguments can have multiple lines of reasoning, one of | which can be an _ad hominem_ all by itself. | lovich wrote: | A car has multiple parts, but it's still difficult to use | if you only use/look at each one separately | clairity wrote: | if you look carefully, the 3 sentences are disconnected. | they don't form a line of reasoning. | | if it had been starter, engine, and transmission, maybe | you'd have a point, but instead it's corroded battery, | door handle, and tailpipe. | lovich wrote: | I looked at it carefully, and I'm not seeing what you're | seeing unfortunately. I interpreted the naive comment as | a separate summary of their opinion, and then the rest of | the paragraph was the supporting explanation. He didn't | dismiss the idea because it was naive, it's the reason it | is naive is why he was saying it wouldn't work | robertlagrant wrote: | None of it was ad hominem. | wutbrodo wrote: | None of the lines of reasoning were an ad hominem. From | your other comment[1], it seems like you think "ad | hominem" just means "being rude to someone". I recommend | reading the GP comment's description of ad hominem again: | it means making a logical argument that depends on the | speaker's personal characteristics. | | "You're European, so your argument is biased and wrong" | is an ad hominem. "Your argument is naive, here's why I | think that" is not. The latter is logically downstream of | the argument, while the former is upstream. | | [1] https://news.ycombinator.com/item?id=31854644 | clairity wrote: | no, an _ad hominem_ need not be literal. do you really | not understand nuance in language? we 're not computers | operating only on singular data and deterministic | instructions. | | see how those three sentences go together? that's a line | of reasoning. the subject comment doesn't have that | throughline. it's disjointed; the parts are only | tangentially connected. | Terry_Roll wrote: | Rubbish, there has been a concertive effort by the US to | undermine other countries including so called NATO allies | in order to dominate the world, its been going of for | decades. | | I refuse to use the NHS here in the UK because of the | widespread use of Microsoft everywhere. | alsetmusic wrote: | I didn't read it as government can't use commercial | products. Just that the corps couldn't influence politics. | But I'm not the OP, so I can't speak to what was intended. | scale8 wrote: | More around the storing of data. This is why Scale8.com | is on EU servers... | throw827474737 wrote: | less secure? can it get worse than ms, outlook and active | directory foo? they incepted their own industry around | their unsecurity, lol. | | terrible and more expensive is also a joke, but not as big, | you still could got to ibm or oracle if you want to pay | more for less, admitted | itronitron wrote: | Most developed countries have several offices/agencies that | already run 'home built' solutions, they just don't get | talked about much. | [deleted] | jacquesm wrote: | They get talked about incessantly at the local Microsoft | HQ. | sam0x17 wrote: | Sounds like it would create jobs too, that's a plus not a | minus lol | tvink wrote: | "Creating jobs" to inefficiently solve a solved task is | not a good thing, it is society burning it's tax income. | It is only good to create jobs when the output of those | jobs is increased value. | the_other wrote: | Slowing the flow of money out of the public purse and | into a very small number of barely accountable global | megacorps and private equity funds, whilst improving the | employment prospects of the local population, sounds like | it's worth the cost of repeat work. | | Also, nature loves a bit of redundancy. And capitalism | loves competition. You can't have competition under a | monopoly. | cscurmudgeon wrote: | > . And capitalism loves competition. You can't have | competition under a monopoly. | | And the govt. is the biggest monopoly of all. | | Somehow, restrictions against US firms are praised but if | US imposes restrictions that is condemned (e.g. TikTok). | tildef wrote: | > Somehow, restrictions against US firms are praised | | By whom? | | > if US imposes restrictions that is condemned (e.g. | TikTok). | | By whom? | majormajor wrote: | How far does "separating corporate interests from | governmental ones" go? | | Can the government purchase a car? Hire a private corporation | to build a road? Hire a consulting company to check the | security of their (now-free-and-without-a-support-contract | FOSS?) computer setup? | clairity wrote: | where to draw the line is a fair question in any policy | debate, and one i'd expect to draw plenty of lively | discussion. it's pretty clear to me that surveillance tech | is on the outside of that line, but i'm open to reasonable | arguments otherwise. | Noughmad wrote: | It's actually quite simple. The government can buy things | services from specific providers, but it cannot force you | to buy services from specific providers. In other words, it | can buy BMWs for government use, but it cannot say "you | have to buy a BMW to enter the municipal office". | | The same applies to websites. If a government website uses | Google analytics, it is essentially requiring you to do | business with a specific company (in this case Google) in | order to use a government service. | inlined wrote: | And if the government uses Cloudflare or GoDaddy or aws | it's requiring you to do business with those companies. | This goal is impossible to achieve with any government | run service. | killjoywashere wrote: | > cannot force you to buy services from specific | providers | | But government can impose requirements, like TAA | compliance (1) and SHB requirements (2) on its service | vendors, forcing those vendors to purchase from a fairly | constrained number of hardware providers. | | https://www.dtra.mil/Portals/61/Documents/Business%20Docs | /ev... | | https://www.afcea.org/site/sites/default/files/files/2-Co | lLi... | Arainach wrote: | If the government takes your data and runs an analysis on | an old IBM mainframe, are they forcing you to do business | with IBM? | Phrodo_00 wrote: | Is this a bad faith argument? I can't see how the | difference of google having the data vs the government | (or whatever entity you interacted directly with) is so | easy to miss. | l33t2328 wrote: | Can the government own a BMW bus? | feet wrote: | The gov is forcing me to pay the crony corporations | through taxing me | jollybean wrote: | This analogy does not apply. | | The gov. is using some service and therefore some citizen | data is subject to the T&C's and that's it. | | If Google were a German or UK company it would be the | same thing - everyone subject to those T&C's. | wutbrodo wrote: | Could you expand on the definition of "doing business | with" an entity that you're using here? It seems quite | non-standard. | | If you open the door to a govt office, are you doing | business with the company who installed the doors? If you | use the toilet, are you doing business with the company | that janitorial services are contracted out to? | Levitz wrote: | No, when you leave that govt office you don't have any | link to those companies. | | When you visit a site with Google Analytics, they still | have your data after you leave. | 1vuio0pswjnm7 wrote: | Here are the URLs for those who disable Javascript (from | https://github.com/PostHog/isgoogleanalyticsillegal.com) | | https://gdprhub.eu/index.php?title=DSB_(Austria_-_2021-0.586... | | https://www.cnil.fr/en/use-google-analytics-and-data-transfe... | | https://www.gpdp.it/web/guest/home/docweb/-/docweb-display/d... | | https://noyb.eu/en/austrian-dsb-eu-us-data-transfers-google-... | | NOYB is the primary source tracking these cases and generally | was also responsible for filing the complaints that led to | them. All the details are available from NOYB's GDPRhub wiki, | https://gdprhub.eu. GDPRhub attempts to provide information on | all the European DPAs including how to file complaints. At the | least it provides contact info for all the DPAs and English | translations of DPA decisions. | | As stated in 13 Jan 2022 announcement on noyb.eu, these | decisions are generally the result of the "Max Schrems II" | decision. After that decision, Schrems filed 101 complaints to | DPAs, and now the chickens are coming home to roost. | | Note that the "legality" of Google Fonts, under the default | configuration, is also in question. Arguably use of Google | Fonts is even more widespread than use of Google Analytics. | digitalengineer wrote: | Some time ago Google gave EU admins the option to select a | local regional (EU) server. This means the data is not send to | the US. But! It's still nog fully legal as the Google HQ (and | thus the US government( can still access all the data. | googlryas wrote: | Why is that not fully legal? Wouldn't the same law prevent | Google USA from querying PII data from Google Italia? | digitalengineer wrote: | If Google US can access the data, that means the US | government by extension can also. This is exactly what GDPR | doesn't want happening. More details in this open letter by | Max Schrems " the Court has clearly held that US | surveillance laws and practices violate Article 7, 8 and 47 | of the Charter of Fundamental Rights" | https://noyb.eu/en/open-letter-future-eu-us-data-transfers | marcosdumay wrote: | Italian laws do not apply to Google USA. | lovich wrote: | The Italian market doesn't have to apply to Google USA | either. | | Companies can always choose to ignore a specific nation's | laws[1], they don't still get access to that nations | markets. At the borders the nation state is the one with | the guns and firewalls | | [1] unless you piss off a nation that can project global | power, lol if you piss off China or America | connicpu wrote: | But someone will have to foot the bill when their branch | in Italy is fined by the government for violating Italian | law | googlryas wrote: | Not generally, but they do apply to Google Italia, who | would not legally be allowed to respond to requests from | Google USA for European PII. | kixiQu wrote: | if anyone is curious about why that gives the govt. access: | | https://en.wikipedia.org/wiki/CLOUD_Act | | (God willing they repeal it, _even_ if only for the | international commerce implications...) | [deleted] | mro_name wrote: | yeah, like 'swimming pools only bear a danger of drowning when | wet'. | rightbyte wrote: | Empty pools are probably more dangerous. | Forge36 wrote: | I hear they attract skaters. | hnarn wrote: | That analogy makes no sense at all. | yrgulation wrote: | Time to get off my arse and write a self hosted privacy oriented | analytics tool. Whatever happened to awstats. The question is - | how to monetise on it? | tqi wrote: | 2008-2018: Banking reform | | 2018-202?: Data privacy | | I wonder what the next trendy thing government officials will | pretend to care about/fix in order to garner media attention. | Something crypto related, maybe? | scale8 wrote: | This is why we built Scale8.com ! | | An open-source and privacy-friendly alternative to Google | Analytics & Google Tag Manager :) | | GA is simply not compliant... | | https://scale8.com/blog/is-ga-gdpr-compliant/ | tannhaeuser wrote: | Well HN, how about a badge for links indicating whether it uses | ga? We have to start somewhere don't we? Or we'll continue to see | the web decline. Actually, from my PoV, it might be too late | already. Maybe it's just me or people in EU being harassed with | banner popups, but I hardly go to any link anymore, and so do | many other people I know. It's just not worth it. | ronsor wrote: | I'm an American, but I occasionally use an EU VPN. I don't | understand how EU residents can tolerate the number of | cookie/privacy/GDPR/whatever popups every site has, even on the | sites of EU companies. | iLoveOncall wrote: | We don't. Outside of a few greybeards the vast majority of | the population would gladly send all of their data including | dick pics and credit card numbers to remove those popups. | | The law was absolutely useless because 99% of the websites | have an illegal implementation and still added a major | annoyance in the form of the popup / banner. | jokethrowaway wrote: | We Europeans are generally used to do whatever the government | tell us. | | We don't have the same culture as Americans. | | Don't get me wrong, you had a pretty bad deal as well: | without much fanfare, your government grew up so much in the | last 200 years that it became the largest employer in the | world. You pay loads of taxes (even more than several EU | countries) and get very little benefits. | | And yet, I'm sure that if we will get to a political solution | to the ever-growing cancers that governments are, that | solution is more likely to appear in the states than in | Europe. | | Europe is a hopeless - albeit beautiful - land. The people | gave up change 50 years ago. | tannhaeuser wrote: | Err, just to avoid further misunderstanding: I'm pro-GDPR | ;) and think it's right to confront users with the hydra | behind the crap on the web. What I think has destroyed the | web is attention economy, monopolies, the race to the | bottom, and lack of incentive for quality content. | | Agree though that Europeans could do with more | libertarianism and less trust in state; it's something | that's been a big issue for me since at least CoVid | hysteria. | [deleted] | butterNaN wrote: | A bit individualist solution but you can block it with NoScript | on your browser | de6u99er wrote: | 15 years ago Google Analytics was cool. But ar some point Google | ditched the "Don't be evil" culture and tried to get as much out | of Google Analytics for themselves, that it became unethical. | | As long as they haven't died ... | olalonde wrote: | I wish GDPR compliance would have been opt-in. For example, a | GDPR compliant website could have sent a custom header indicating | compliance, which the browser could have displayed in the address | bar (a bit like HTTPS). Consumers would then have been free make | the decision to not use websites which aren't GDPR compliant. | Consumers who are more concerned about privacy could have set | their browser to automatically block any non GDPR compliant | website. | eropple wrote: | _> Consumers who are more concerned about privacy could have | set their browser to automatically block any non GDPR compliant | website._ | | It may not be your intent, but defaults matter and what you're | wishing for here is de-facto scuttling of the GDPR. | olalonde wrote: | Are you implying that the vast majority of consumers aren't | concerned with their privacy and would keep using GDPR- | compliant websites? If that's the case, isn't the regulation | somewhat against the spirit of democracy? | peoplefromibiza wrote: | > Are you implying that the vast majority of consumers | aren't concerned with their privacy and would keep using | GDPR-compliant websites? | | False premise. | | Users simply aren't aware, but once they learn about it, | they become concerned, | | > If that's the case, isn't the regulation somewhat against | the spirit of democracy? | | That's a really weird argument. | | Anyway, that's _not_ the case. | closewith wrote: | Bizarre idea. Should websites be allowed to opt out of anti- | fraud legislation? Anti-money laundering? Human rights | protections? | nnq wrote: | Yes? ...this was the original dream of non-national | cyberspace and we almost had a hope at getting it. Then the | second chance with web3 but this was also spoiled by people | getting too greedy and too nasty too fast. | | A parallel anonymous-and-free-for-all-but-with-payments- | included, smth. like Tor-but-powered-by-IPFSv9-and-Etherv7, | will probably emerge in a couple decades done right after a | couple failed iterations. Some techs need hardware to catch | up to be cheap enough, and only after a few failed attempts | they manage to grow a trend... and it will probably will last | until it's used to finance a proper starting of WW3 and by | then banning it will be too late. | | Anyway, we'll enjoy the hell out of ourselves on the new | patreons-but-for-snuff-p03n, so it will all have been worth | it :) | peoplefromibiza wrote: | > this was the original dream of non-national cyberspace | | cyberspace was about freeing the people and the flow of | information between people, not the corporations that silo | the data in their data centers for ptofit. | progman32 wrote: | I believe your argument simply boils down to "laws | shouldn't apply to people". Am I mistaken? | nnq wrote: | Besides the missed irony, I mean that _we need to have | and we 'll inevitably have a separate internet layer / | set of protocols / etc. where information will be freely | broadcastable and exchangeable without enforcement of any | laws_. We de-facto have it now too, but it's practically | geek-only hence no real "broadcast" to masses of people | function can be achieved. | | And that once such tech becomes usable by a large percent | of the general population (by eg. allowing "unsecure" | websites to "do anything") and we make the mistake to add | a truly functional and anonymous money transfer | technology to this layer of information tech, we're | royally screwed as a species. | | I obviously don't want a lawless and free for all | regular/default internet because on the regular internet | we exchange real money and we have real identities. I'm | perfectly OK with having lawless layer of information | exchange and broadcasting (it's just a natural | generalization and globalization of "free speech" and I | think it's crucial for humanity) and even working to | making them usable by the general population, as long as | we don't allow any serious kind of money transfer and | commerce to happen through them. Eg. A psycho posting a | killing video once a decade is no biggie and would happen | anyway, let's at least enjoy it / groups of psycho | creating a market and industry for their "products", not | ok. Two random guys planning to meet to exchange some | guns for some money is no biggie and already happens | anyway; trading weapons on scales to supply real wars not | ok. Etc. | | De-facto "having sites op-out of anti-fraud legislation" | or of "human rights" protections is already happening, | and is less obvious because of the centralized nature of | our current internet. A less centralized internet will | just allow it to happen in the open in theory. Only it | won't because since they're already doing other more | serious illegal stuff and don't want to draw attention. | | PP's "Bizarre idea. Should websites be allowed" thinking | was just funny and ridiculous at the same time: there's | nothing bizzare, thing are already happening (naturally) | like this, and ofc it's happening discretely (eg. having | telegram or other messaging app groups instead of http | websites but performing similar functions etc etc) and in | the silence bc ppl doing them do even more illegal stuff | and nobody wants attention from authority or ppl | concerned with morality ...and I couldn't help make fun | of it a bit. It's the kind of guys that argue against | free speech and yell the "but think of the kids" argument | at us all the time, and it's tiresome to have to trick | them all the time since reasoning with them doesn't | work... | | So suggesting that maybe we should bring what's already | happening anyway in the open, base it on more open | standards technology, have it be indexable by search | engines etc. :P I'd rather have a legal:any flag that I | can add to a google search when I want to go off the | beaten track then to have to switch the program/protocol | I'm using (and the browser should make sure as hell I | don't leak my identity and don't pay for anything on such | unsafe sites), and _that 's the crux of it, the browser | would know that a site is unsafe and needs total | sandboxing simply because the site owner has decide to | "opt out of the laws" - you realize that longer term when | s settles down it's a win win situation for everyone if | you just twist your mind out of the default narrative the | current tech-corporate establishment is brainwashing you | with..._ | | (Or the "let's make a decentralized and truly free | internet layer" into a real and usable thing... or the | crypto-crimies will beat us to it and do a version that | also has payments, generates obvious disasters/wars etc., | and then is taken over by big gov and turned to a | totalitarian nightmare with social credit tracking extra | features" argument.) | progman32 wrote: | Thanks for clarifying your position. | olalonde wrote: | No, just GDPR? I don't see any valid reason a user might want | to "opt out" of anti-fraud legislation but I do see a reason | why a user might want to access the non-GDPR web. | peoplefromibiza wrote: | How would you write such a law? | | You can't make exceptions based on what's convenient for | some business. | | Why should GDPR be opt-in but not the consumer minimum | 2-year guarantee against faulty products? | | > ? I don't see any valid reason a user might want to "opt | out" of anti-fraud legislation | | To commit frauds, for example? | olalonde wrote: | > Why should GDPR be opt-in but not the consumer minimum | 2-year guarantee against faulty products? | | I also believe that should be opt-in. | | > To commit frauds, for example? | | Fraud implies an unwilling party, a victim. Not | comparable at all to what I'm suggesting. | peoplefromibiza wrote: | > I also believe that should be opt-in. | | But that is irrelevant, we European citizens are happy to | have it. | | And actually fought to have it. | | It's a consumer _protection_ law, what you want is | consumers with less or no protections. | | > Fraud implies an unwilling party, a victim. Not | comparable at all to what I'm suggesting. | | I'm quite sure the majority of users visiting a website | that hosts GA are giving away their data unwillingly. | | Would you opt-in theft too? | olalonde wrote: | > It's a consumer protection law, what you want is | consumers with less or no protections. | | Yes, indeed. I don't believe the government should | mandate specific protections consumers should receive, | because it just serves to reduce consumer options. And | this is also why I wish GDPR would have been opt in, | giving more options to consumers. | | For example, in a world with no government mandated "2 | year warranty", some manufacturers would offer a product | with "2 year warranty" and some other manufacturers would | offer the same product "without warranty", but at a lower | price. | | Consumers would then be free to chose if they want to pay | the cheaper price without warranty or the higher price | with the warranty. There are two options for consumers in | this world whereas in the world with mandated warranty, | only the "higher price with warranty" option is | available. | | It's the same with GDPR, GDPR compliance has a cost. Some | websites have started banning EU IPs for that reason. | | Of course, the above assumes that consumers are not | mislead and that transactions are voluntary. Therefore, I | do think there should be laws against fraud, theft, | misrepresentation, etc. | peoplefromibiza wrote: | > Yes, indeed. I don't believe the government should | mandate specific protections consumers should receive, | | What you believe or not it's completely irrelevant. | | In my Country consumer protection is in the Constitution, | at article 41. [1] | | So the government is duty bound to protect the consumers. | | Thanks God I was born here and not in olalonde-land. | | [1] _Art. 41_ | | _Private economic enterprise is free. It may not be | carried out against the common good or in a way that may | harm public security, liberty, or human dignity._ | | _The law determines appropriate planning and controls so | that public and private economic activities may be | directed and coordinated towards social ends._ | | > "some manufacturers would offer a product with "2 year | warranty" | | Or, realistically, all the manufacturers would offer zero | days warranty and only luxury brands would offer life- | long warranty to people who can afford their products | (e.g. less than 1% of the population). | | Example: Apple, which is not exactly a cheap brand, only | offers one year warranty in the US, while it's 2 years | mandated by the law in EU. | olalonde wrote: | You have the extra year protection, but you are | (forcibly) paying for it. | | iPhone 13 Pro USA price: 999$ | | iPhone 13 Pro Italy price: 1250$ | | PS: In the US, you could probably get that extra year of | warranty from Apple or from a third party (for like 20$). | But you don't _have to_. | peoplefromibiza wrote: | > You have the extra year protection, but you are paying | for it. | | which anyone understands that is not the same thing. | | You can also buy 2 of the same items for redundancy, I | wouldn't call it "warranty" though. | | > iPhone 13 Pro USA price: 999$ | | > iPhone 13 Pro Italy price: 1250$ | | The price on Apple's U.S. online store website is before | taxes | | But anyway that's a completely meaningless comparison: | | Parmigiano Reggiano in Italy Euro ~10 / Kg | | Parmigiano Reggiano in USA $ ~20 / pound AKA $ 44.4 / Kg | olalonde wrote: | Of course the price premium is not exclusively due to the | warranty (probably a good chunk of it is due to import | tarifs and taxes). But do we agree that increasing the | warranty period costs Apple more? Do we not agree that a | business will tend to increase the price of its product | when the cost of its product increases? | peoplefromibiza wrote: | > Do we agree that increasing the warranty period costs | Apple more? | | I don't. | | On the contrary, I believe they should thank us for | encouraging them to make better and more durable | products. | | If I am spending 12 hundred euros on an electronic | device, the least the manufacturer can do is give me the | warranty that it won't break on its own before 2 years of | usage. | | Anyway, Xiaomi makes perfectly valid products at 1/3 of | Apple prices. | | Maybe it's not the 2-year warranty the issue here... | eulenteufel wrote: | The Venn diagramm of the websites that have a Cookie-Popup | right now and the websites that would choose to not be GDPR- | compliant is a circle. | | This change would mean most website couldn't be used by privacy | concious people anymore and that the websites in turn are free | to track the sh*t out of everyone else. From my perspective | that sounds a lot worse. | | The web is a mandatory part of public live for most people by | now and it's good and healthy that corporations get push back | for not respecting privacy. | kmlx wrote: | > This change would mean most website couldn't be used by | privacy concious people anymore | | wouldn't the market react? ___________________________________________________________________ (page generated 2022-06-23 23:00 UTC)