[HN Gopher] Data-Free Disneyland ___________________________________________________________________ Data-Free Disneyland Author : ohthehugemanate Score : 117 points Date : 2023-02-01 16:20 UTC (6 hours ago) (HTM) web link (www.optoutproject.net) (TXT) w3m dump (www.optoutproject.net) | jwagenet wrote: | I can't help but feel bad for the kids in this situation. I'm | sure while they are young it could be fun to play spy, but at | some point the extreme aversion to data collection just becomes a | new flavor of paranoid helicopter parenting. The author even | mentions these overprotective tendencies in the Public Books | companion! | petsfed wrote: | Like, when does it stop being "we're playing spy" and becomes | "daddy won't let me come over and play because he says your | toaster told google about me". The face painting in particular | (especially the OP's own admissions that its not clear how | effective it is) feels like putting on tin-foil hats. If | privacy concerns are _that_ great, then the OP has an | obligation to explain to his /her kids why they can't go to | Disneyland. | | There are sibling threads that provide some valuable context as | to who might actually need this degree of paranoia. Without | that context, this feels like a prequel to a story like this | https://www.newyorker.com/magazine/2019/05/06/my- | childhood-i.... | autoexec wrote: | > I can't help but feel bad for the kids in this situation. | | I feel worse for the kids whose parents don't care and have all | their information collected before they're old enough to know | better. They're handing children chromebooks and letting google | collect their kid's test scores so they can sort children into | 'smart' and 'dumb' buckets before they're out of primary | school, letting youtube and tiktok babysit them the way | previous generations did with television, making them carry | cell phones at younger and younger ages etc. | | I think there's some solid middle ground there, but those kids | will be much better off having been made aware of the issues | and having their information at least somewhat protected. | ojame wrote: | Can you provide a source for Google 'bucketing' kids based on | their test scores? | matthewaveryusa wrote: | I like the take on this, using a burner phone to blend in. | | At what point is the lack of signal the signal? If I were Disney | and my tracking system showed you as not ozzing out radio or AI | not ever labeling your stills as "person staring like a zombie on | the phone" I would red-flag the hell out of you. | LesZedCB wrote: | what do you mean red flag? do they track and mark people as | "whales" then market the hell out of them? | | i'm unfamiliar with the latest tech involved there. | labrador wrote: | Meanwhile his kids roll their eyes at Dad's obsession with data | collection while they're just trying to enjoy the experience | libraryatnight wrote: | We went to Disneyland end of 2021 and it was unpleasant. The | staff seemed stressed, there always seemed to be one or two | people being assholes about their masking rules (they were | outside off, inside on at that point), and the usual Disney level | of attention to every detail was just not there. We chalked it up | to pandemic stress, but also thought maybe new leadership was | going in a bad - like some conveniences previously available on | the app no longer available as they were about to transition to a | version where those services would be paid for or made more | expensive. Anyway, my following opinion is based on pre-pandemic | Disney. | | Disney for me is a little like Apple in that you're handing | yourself over to the corporate overlords and are reliant on their | benevolence. These companies take some freedom in exchange for a | clean and consistent experience. I don't like the surveillance | state either, but going to Disneyland with two families was easy | because of the app. We pre-booked rides, pre-ordered meals and | snacks, kept up with where groups went if there was a ride split. | It was easy to give kids some spending money we knew was only | going to get spent in either of the parks they had access to. If | you go further and pay for the hotels nearby they're even more | connected. And it wasn't creepy, because it's why we went. It was | what I paid for. That experience you're trying to opt out of is a | core part of their product. It's why their movies are on repeat | in houses all over. It's why people will hand their kids and | their grandparents alike and ipad. There's an expectation around | what these companies provide and a certain level of assumed | safety. | | Now, in Disney's case, since we are paying for it, if we could | just get some privacy guarantees when we surrender to their | systems I'd love that. I'd even pay extra for it. I'm so ready | for people to start selling me privacy tiers. I can pay to get | rid of ads, lemme pay to not have my data sold or tracked. I'll | vote and harass my reps accordingly, I'll use blockers and unique | emails across services, I'll teach my family to do the same, and | if I'm at a protest or driving someone to an abortion clinic sure | let's talk burner phones and face paint - but I also just don't | have it in me to miss out on experiences with friends or family | because of my objections. | kylehotchkiss wrote: | I visited a few months after you did, the masking rules were | gone at that point. Everything seemed pretty positive, other | than the park just being absolutely crammed with people. I | don't know how they'll be able to maintain quality long term | until they can reduce the daily headcount, which means we'll | all be stuck booking further into the future, but at least | you'll be able to walk between rides in the evening. | mixmastamyk wrote: | Disgusting. A few year back we took the family to DL. I had read | that they were going to take our pictures and I thought "not a | chance" and prepared for a fight. | | But I knew deep down they had me over a barrel. Gonna turn around | and say no to the family (after an hour drive and $$$ spent for | parking) at the front steps of DL? Paying cash not practical | anymore either, was almost $500 for tix! | | For whatever reason at the moment we arrived they were not | prepared for pix and we walked in unscathed, and without apps. | Just like the good 'ol days of... 2010? | | Looks like I'll never be going back. | frietzkriesler2 wrote: | I've long given up on keeping my data safe. What I mean is I try | and restrict who has what data and provide junk when necessary | but after awhile, there's only so much you can do. | | So I've done the opposite: I've made it impossible for them to | use my data to target me. I block ads on all of my browsers, I | regularly reset my advertising ID, and I hope that the amount of | trash data I feed makes it even more useless. | | One day, I'll set up some sort of home server and use next cloud | or something and finally move off of Google's garden. | easton wrote: | One minor note from a Disney nerd: Disney World no longer gives | you the wristband (magicband) by default. You can buy one, but | they want you to either use your phone or a RFID card they give | you when you buy the ticket. | | The rumor is that they were never able to make effective use of | the long range data collection beacons that used the bands. | Alternatively (and more likely IMO), they realized that knowing | how many people were in an area was a matter of measuring how | many unique devices scanned for the Wi-Fi AP in that area, which | would work even if you didn't have a band or the battery in the | band died (the battery was necessary for the long range | functionality, you could still get in the park via RFID no matter | what). | | Since they never launched the bands at Disneyland, they probably | were able to do a a/b test and confirm that they didn't get | additional useful data from the bands (or that their data science | team wasn't able to use the data to improve guest experience, | anyway). | jacquesm wrote: | The best and simplest way to evade data capture at Disneyland is | to avoid Disneyland. | ocdtrekkie wrote: | I'm a privacy-focused person, but when we went to Disney World I | kinda just accepted I was going to visit their sandbox and they | were going to know everything I did while I was there. I don't | want them tracking my behavior outside the park, but in the park, | it's their territory, and there are countless strategies they can | (and do) use to monitor it. | | I think if I wasn't going with a wife and kid, it would've been | fun to try to avoid data collection as the author did, but if | you're also staying on resort as we did, your magic band is your | hotel key and stuff too, so it's really kinda a whole-hog thing. | We didn't exit Disney's municipal boundaries the entire time we | were there, so it's not like they could track us anywhere else. | | I guess I made my vacation to Disney World sort of a vacation | from being a privacy advocate, and just went ahead and cried at | the sight of my credit card statement when I got home. (Hot tip: | The "character dinners" that your vacation planner will recommend | are obscenely expensive, and they will definitely know you are a | Midwesterner if you dare ask for a takeout container when you are | leaving. It's really great when you spend like $60 a seat for one | person who's not feeling well enough to eat that much, and a kid | who's going to barely sample the food.) | none_to_remain wrote: | Wearing a fat suit and one of those Mission Impossible face masks | to the grocery store so the cashiers and security cameras can't | catch my true aspect | fragmede wrote: | Which sounds ridiculous to you and me, but if you're James | 'Whitey' Bulger living in Santa Monica, that's not so crazy. | | https://www.fbi.gov/news/stories/top-ten-fugitive-james-whit... | rsync wrote: | I think a lot about this subject and have a lot to say about | this. | | Rather than nit-pick, I want to showcase this particular item: | | "I ended up going for the Disney lot, although they learned that | they do have license plate readers. I was driving a rental car. | Certainly, my name and driver's license are attached to that car, | but that's through a different corporate database. A corporation | that Disney does not own or have data rights to or share board | members with ..." | | (and later) | | "Here I follow a different rule for obfuscation, which is to | store data across corporate databases where the corporations have | no prior relationship--or even an antagonistic one. I can be | reasonably sure that, failing an acquisition, that data won't | migrate." | | This is wrong thinking. | | Personal identifiers like phone number, license plate, address, | etc., are commodities that are collected, digested and sold _by | many different third party providers_. | | He's thinking about Disney somehow comparing their license plate | reader data with Hertz or something through some unlikely | corporate agreement. | | Far more likely is that _both_ Disney and Hertz employ a third | party data intel provider that gives them enterprise wide | coverage and query for these, and other, identifiers _while | simultaneously_ acquiring the data to be made available _via API_ | to other "partners". | | A good example of this is Ekata and their reverse phone product | which, until recently, was available via Twilio API lookup: | /usr/local/bin/curl -s -X GET "https://lookups.twilio.com/v1/Phon | eNumbers/$number?Type=carrier&Type=caller- | name&AddOns=ekata_reverse_phone" -u $accountsid:$authtoken | | ... and would give you not only a reverse number lookup _but also | a list of "associated persons" as well as your address and number | history_. | | I feel assured that APIs like this exist for license plates, | SSNs, IMEI, etc. | | I also strongly suspect that Disney and Hertz are _both | contributors to, and consumers of_ these APIs. | cyberlyra wrote: | (Original author here). Yes I am aware of the identifiers that | are sold through a third party data provider. Reading further, | I also note that I decided not to care if Disneyland knows that | I went, it was more about continuing to obfuscate my family, so | I decided that was a risk I would accept. Of course, YMMV. | lalos wrote: | I've would be shocked to learn that Disney doesn't have the full | path taken by each individual inside the park. | euroderf wrote: | So what's the chance that this set of countermeasures set off | some red lights in the Disney master control room, and they put a | tail on him/them for the rest of their visit ? | its-summertime wrote: | And by opting out manually using these methods, they've gone from | lost-in-the-crowd to unique, including with a publicly findable | name, since the whole writing-an-article on it. | | Unless you tell the other side, "hey don't track me", they can | (and will!) legally use your aversion to tracking as another | data-point! | | of course, spreading tracking-avoidance methods helps with this! | (as long as we can all agree on which methods to use...) | [deleted] | birdman3131 wrote: | I am pretty sure blogging about this removes 90% of the supposed | tracking protections. | advisedwang wrote: | I suggest privacy advocates draw a distinction between | _potential_ sources of tracking and _likely_ sources of tracking. | | Tracking by a credit card: 100% happening. If that's a problem | for you you definitly should pay by cash or use a privacy | preserving card like the author does. | | The app looking at history of WiFi hotspots to expose you: Pretty | unlikely. Tethering to prevent "a record of a home wifi | connection point" is really low value work. | FearlessNebula wrote: | Yeah and what are the odds Disney is correlating their license | plate scanners with anything in the park? I'd assume the | license plates only get looked at if a crime occurs | advisedwang wrote: | They actually list specific uses in a separate policy [1] | | > our use of the ALPR Data is limited to the following | purposes: | | > * To enhance your experience while visiting such properties | such as, for example, by assisting in locating a lost | vehicle; | | > * To prevent unauthorized use of our facilities; and | | > * To detect, investigate and prevent activities that may | violate our policies, be illegal, or otherwise impact the | safety and security of our guests and/or third parties. | | [1] https://disneyland.disney.go.com/alpr/ | monksy wrote: | It's also probably the same reasons the casinos are using | them to. | | Verifying who is there, why they're there there, CYA for | when they screw up, and probably looking for reasons to | remove you. | [deleted] | croatiancoder wrote: | [dead] | salty_pretzel wrote: | I admire the author's willingness to stick to their principles, | but man it must be tiring. | cyberlyra wrote: | I'm the author of the original post. I'm happy to answer | questions in thread. | josefresco wrote: | How annoyed was/is your family at your privacy antics? | ezfe wrote: | There's some mistakes in this, most notably that the app is not a | requirement to go to Disneyland or Disney World. | | I've been to both and I can confidently say I could go without | installing the Disney apps. | | Tickets: At Disney World you can get a physical RFID card and at | Disneyland you get paper tickets to enter the park. | | Maps: You could download a map online, find a paper map, or just | ask around! | | Wait times: https://thrill-data.com | jjulius wrote: | >There's some mistakes in this, most notably that the app is | not a requirement to go to Disneyland or Disney World. | | As the piece notes, this is about the tech stack itself, not | the actual experience at the park. In the companion piece[1] | that is linked to at the very beginning of the article, it's | clearly stated repeatedly that the app is not required, but | that your experience may not be as "ideal" as you would like as | a result. | | [1]https://www.publicbooks.org/data-free-disney/ | fragmede wrote: | How do you access Disney Genie (nee FastPass) without an app? | Do you just wait in line? | davidcbc wrote: | You can use the website directly or go to customer service at | the park | easton wrote: | To my knowledge at Disney World there isn't a web client | for Genie like there was for FastPass+, since it's all day | of you're expected to do it in the park on your phone (I'd | be happy to be proven wrong). Guest Services can probably | still do it though, you're right. | davidcbc wrote: | You can book lightning lanes through the website (or at | least you could last February). It's the most reliable | way to get the ones that are very popular because the app | is too slow, it's better to log in on a laptop from the | hotel first thing in the morning. | dom96 wrote: | Shameless plug: I'm fighting back against Disney's data capture | by capturing their data right back[0] | | 0 - https://mousetrack.co.uk | tonetheman wrote: | [dead] | fragmede wrote: | The cheapest method for defeating car licence plate recognition | systems is just don't give them the plate to begin with. Just | pull over and tape over the license plates right after you get | off the freeway with two pieces of duct tape. Or remove the | plates. Illegal, obviously, but weigh the chances of getting | pulled over, vs those cameras in the Disneyland parking lot which | don't take breaks. If you're white, and also not a drug dealer or | a criminal on the lam, they'll just give you a ticket. | | If you're dedicated to the cause, here's a device available via | Amazon Prime that will hide it on demand. Not sure how easy it | would be to install on a rental car though, given that it needs | power and you don't have a garage. | | https://www.amazon.com/license-plate-hider-gadget/s?k=licens... | | For more plausible deniability, there's the leaf-shaped license | plate hider: | | https://crast.net/161243/they-warn-of-a-leaf-shaped-magnet-t... | advisedwang wrote: | Both this article and the non-tech companion article [1] skip | over talking about why the author wants privacy. The failure to | outline her objections makes the countermeasures seem untethered | from any motivation; I think that is why so many comments here | react negatively to the valuable anti-surveillance work she's | doing here. | | This could be a issue by issue analysis. For example: "I don't | want targeted ads -> prevent collecting targeting data -> use a | privacy credit card". This is the easiest way to argue for | privacy and can cover a lot of ground, however I worry it's too | limited. This gives us the world of the "opt out" button which | can fix a specific issue but somehow still leaves a really nasty | taste about the surveillance world we are in. | | I'd love to see more writers make on-the-principle arguments for | privacy. This author clearly has that depth of feeling so it's a | real missed chance. | | [1] https://www.publicbooks.org/data-free-disney/ | cyberlyra wrote: | Original author here. I'm also in favor of more writing about | privacy motivation, even if editors don't always want that all | in the text they publish. I'm writing more about it at The Opt | Out Project in addition to other places: for instance, the | famous Pregnancy Experiment, where I kept my data about my | (unborn) children away from digital detection: | https://time.com/83200/privacy-internet-big-data-opt-out/ | m463 wrote: | I went to disneyland and didn't want them to take my picture. | | That was a pain, but they finally relented. | giantg2 wrote: | Seems they left out a huge point - they had a spouse/family | amenable to this. My wife and her family don't give a shit about | data collection. They have no imagination of how it could be used | in the future, at which point it would be too late. Even the | slightest inconvenience (like the marginally beneficial switching | to DuckDuckGo, Private Browsing, turning off location, or broken | links due to PiHole) are met with annoyed resistance. It's | actually a struggle to get them to even lock the door when they | leave the house... | kylehotchkiss wrote: | I care about privacy and find switching to DuckDuckGo to be | annoying! As the one also trying to take care of privacy | concerns in my home, I try to go for the lowest-friction | options: Adblockers, paid Google accounts which have history | tracking turned off and aren't supposed to be monetized, trying | to be Apple-product exclusive, keeping social media accounts | private, etc. I'm not going to win any further compromises and | am content with these good-enough solves. | no-dr-onboard wrote: | Fun-ish story (for me, at least): I worked with a fellow who was | incredibly privacy conscious. Now, that means many things to many | people. I've worked in academia where people had time to do | things like dynamically tunnel connections to their home VPN | concentrator only to be piped out through their handrolled | nameserver. That was old hat compared to this gentleman. During | one engagement, he and I were holding a seminar on location about | secure coding practices. He insisted on using HDMI cables without | ethernet connections, piped to his own projector of his choosing, | and spent about 10 or so minutes finagling device drivers to get | the projector to work with his librebooted OS. After that we | spent 10 or so minutes trying to setup a cellspot router to | extend his phone signal so that he could phone home to a | concentrator setup like I mentioned earlier in order for him to | pull the handout pdfs from his home server (also librebooted btw, | thanks for asking). Every bathroom break, and there were only 2 | over 8h, he would disassemble his getup and take it with him into | the stall of the bathroom. | | I don't know where this person is today, but I can only assume | that the extent of his privacy consciousness has only continued | to sink its roots deeper into his life. It struck me as a sort of | paranoia that likely started off proper and good but grew | malignant and degenerative over the years. | fragmede wrote: | OTOH if this person were Edward Snowden, that sounds more than | reasonable! | autoexec wrote: | Needing to go to extremes to avoid having their lives ruined | can be reasonable for a lot of people depending on where they | are and the kind of oppression they live under. Someone might | be a whistleblower like Snowden, or in the witness protection | program, or a homosexual, or have an abusive ex or stalker, | or be seeking an abortion, or be a protestor/freedom fighter, | etc. | | All the data collection pushed on us, even if it's only for | marketing, leaves a lot of people vulnerable. | vorpalhex wrote: | Depending on his threat model that isn't overwhelmingly | paranoid, that is fairly sensible. | rippercushions wrote: | Even the bit about taking the gear into the bathroom with | him? The only threat model that thwarts is somebody | physically tampering with it, which seems very paranoid to | me. | pixl97 wrote: | > The only threat model that thwarts is somebody physically | tampering with it, | | They way you state 'the only' seems to present a total | misunderstanding of the fact that physical access is the | number one easiest way to compromise just about any type of | computing device that exists. If for example you went to | any data center and attempted to get physical access | without permission you would quickly find yourself accosted | by armed personnel as to prevent the physical tampering | you're talking about. | | In my work I must keep my laptop on my person, or otherwise | locked up when I'm not using it to prevent physical access | by others. This is in now way unique in the computer | security industry. | rippercushions wrote: | You seem to have a total misunderstanding about the | threats _this_ person faces. | | If your job is running seminars about IT security to | random companies, taking the _projector_ with you to the | bathroom is ridiculous and your clients will think you | 're a tin foil hat weirdo to boot. | | Of course, if you're Snowden or Assange, your threat | landscape is quite different and this would not be | paranoid at all. | OkayPhysicist wrote: | For the vast majority of threat models, having someone | you have a little bit of rapport with watch your locked | computer is perfectly adequate. Realistically the bigger | threat is someone stealing the laptop to sell, not as | part of some targeted assault on your security. | | For that not to be adequate, your threat model needs to | include field agents establishing a false sense of trust | through some relationship, then leveraging that into an | attack physical security. At some point you're getting | really close to the "It's easier to | bribe/blackmail/kidnap you" territory. | pixl97 wrote: | In some businesses the risk of being blackmailed is high, | but it also comes at significant risk of the blackmailed | working as a double agent. If the affected agent has no | idea they've been compromised it is unlikely they will | change their behaviors in any manner. | | https://en.wikipedia.org/wiki/Evil_maid_attack | | I mean in the case of desktop hardware, it's | exceptionally easy to inline a USB key capture dongle. | jacquesm wrote: | You have a poor understanding of what kind of things are | possible with hardware under your control for a couple of | minutes, say the length of your average bathroom break. | | I once had to hand in my laptop to some busybeaver | borderguard who wanted access to it (impossible: wiped | clean Chromebook, only to be re-installed on destination), | I told him that if he took it out my sight he might as well | keep it because it would be useless to me. | jacquesm wrote: | I know two people this story could easily apply to and for both | of them that's not at all paranoid. Both of them have had the | resources of various nation states thrown at them on multiple | occasions and they are both still walking the earth last I | checked. | | To describe this as malignant would require you to be | intimately familiar with everything they've been up to. There | was a short period where I myself had very good reason to be | that paranoid (and more, in fact) and it's not a memory I like | to revisit much. Being paranoid is one thing but to actually | know that you may be - for whatever reason - a legitimate | target changes things considerably. | OkayPhysicist wrote: | What do you have to do for "nation state sending ground | operatives to do hardware-level attacks against your | security" becomes part of your threat model as an academic? | nehal3m wrote: | They could tell you, but they'd have to kill you? | JohnFen wrote: | Depending on the nation in question, it can be something as | simple as posting a comment somewhere critical of the | government. | jareklupinski wrote: | pretty much any mathematician researching novel | cryptography | | maybe nuclear research | gazpachotron wrote: | [dead] | aliqot wrote: | risk profiles, like musical tastes, vary | nfinished wrote: | This must be what having schizophrenia is like | FearlessNebula wrote: | What the heck is Disney doing with location data inside the park? | And why facial recognition? To fight crime? | zucked wrote: | On one end of the spectrum you have the people who don't give | privacy any thought - they've downloaded and logged into every | app under the sun and generally don't care that they're being | surveilled. They mindlessly consume hours of curated TikTok | videos and go about their day getting a barrage of targeted ads. | | And on the other end, you have... this. Buying burner phones and | wearing facepaint to avoid facial recognition at a theme park. | Imposing that on your _family_. | | As an academic exercise I guess it's interesting, but living this | way must be truly exhausting. Me? I'll continue to be somewhere | in the middle of these two polar opposites. I participate in | society, but I don't willingly or knowingly give away more | information than is required. I obscure or block what I can, but | still sign up for and use accounts that can be tied back to me. I | consider success as making it difficult to tie my data together - | either such that I don't fit the majority pipelines and need | extra attention, or I break hamfisted techniques altogether. | dylan604 wrote: | Just be an uber fan and wear a Goofy mask, and your family can | wear other character masks. | | Security: "um sir? we have an unusual number of Goofies today. | i think something is going on!" | philsnow wrote: | Adults aren't allowed to wear costumes in the park. You can | wear clothing and accessories that strongly suggests a | character[0], but no costumes. | | (I guess this is because they want to avoid "Goofy" or | "Donald" spouting crazy talk.) | | [0] and this is apparently a big thing that enthusiasts do, | on the level of cosplaying, see https://disneybound.co/ and | search term is "disneybounding" | oneoff786 wrote: | I believe there is only one goofy at a time, ever. | thewebcount wrote: | > living this way must be truly exhausting | | Maybe, but so is constantly being bombarded with ads, offers, | etc. when you're trying to do something else. And the tracking | is mainly to power those things. | DougN7 wrote: | I very much doubt you get fewer ads - they're just less | personalized. | capableweb wrote: | Which, in the second place, most ads fucking suck at | "personalization" anyways. | thewebcount wrote: | Part of blocking tracking is just outright blocking ads, so | yes, I definitely get fewer ads. Also, I'm able to see more | content. My spouse often finds they can't access some | random article (or not all of it) but it works fine for me | with my extreme blocking. | monksy wrote: | > As an academic exercise I guess it's interesting, but living | this way must be truly exhausting. Me? | | I agree with the gist what what you're saying. My concern | involves the invasive data collection of biometrics [face data] | and IDs. It's a concern over why is it needed, and why are they | so forceful in collecting it. | | Face rec- The TSA and the airlines are trying to push this as | if it's required. (There a lot of documents and internal | communication showing it's not). Why do they need this, or are | our IDs not secure enough? Was their existing process not | enough? | | Porn- Lousiana is trying to push for auths via your id online. | | Other orgs are trying to get copies of your license. Is this | important for their operation? Is it important for them to keep | access to this info just for the "societal harm" that is | claimed over content that is age restricted? | | Another piece why is my data being non-consentually gobbled up | by the creeps over at Clearview AI? Why is the MSG | entertainment group trying to look for a reason to ban me | before I enter? | | All of this demonstrates a one sided demand for this data | without having any usable benefit for the people that the | consent is being taken from. | vorpalhex wrote: | You're missing another approach: use legal coercion to clean up | your data trail. | | Disney is in California. You have a right to request your data | be deleted. Pay a firm to send them a formal deletion request | every 90 days. | zucked wrote: | I'm not a California resident so as far as I understand, that | technique is not applicable in my use case. | vorpalhex wrote: | It's not as dead as you think it is. | zucked wrote: | If I read between the lines, you're suggesting that I | abuse the system and request my data be deleted anyways? | No thanks. | rndgermandude wrote: | Why would it be abuse if you just asked for the data to | be deleted? As long as you do not misrepresent things and | do so politely, of course. | | If Disney wants to spent time and money and reputation to | figure out if they _legally_ need to delete the data they | collected about you and only do so when that 's the case, | then that's their choice. Same as it was their choice to | collect data in the first place. | | If they instead want to be nice and consumer-orientated, | as they like their public image to suggest, or at least | save some bucks, then they will hit the delete button. | They gotta have such button by now anyway for legal | requests from Californians. | Saturate7246 wrote: | In all fairness, it's a stretch to call it "abuse": it's | not uncommon for companies to preemptively extend a | legally required service to those outside of the | technically required jurisdiction due to the simplicity | of not needing to account for who is where and if that's | acceptable within their jurisdiction _at this time_ | | It's also not unreasonable to expect that more | jurisdictions may eventually follow suit, and so having | to dedicate resources to ensure every request comes from | an applicable jurisdiction that they legally are required | to handle... | | ...might just be less preferable than fulfilling some | "delete data" requests from less demanding areas. | | Besides, the idea that large corporations have free | unaccountable reign to abuse systems of all sorts, while | individuals should be quaking in their boots or snubbing | their nose at the mere possibility of inconveniencing an | hourly worker under faceless brands is a little over the | top, IMO. It's just a request that can be denied. | khazhoux wrote: | Reminds me of RMS. Pulling at the extremes. | | (this is a compliment) | triyambakam wrote: | Regarding exhausting, here's a quote from a different blog post | of theirs describing how to avoid surveillance in person | purchases: | | > I once took about 20 minutes at a Target checkout trying to | get enough cash from the till to buy Christmas gifts for my | kids and nephews. Then there was the time I held a bunch of | kids' books at the counter at Barnes and Noble and drove around | for 15 minutes until I found an ATM open on a Sunday evening in | NJ. Getting cash out before a kid-related purchase is basically | second nature to me now. | triyambakam wrote: | I find it weird to even go to a theme park at all if this is | their threat model. | graphe wrote: | I think it was excessive. He didn't need a burner phone, or | worried about his car. He could have probably gone there, said | I only have a flip phone or had paint to look like he was old | and can't use a phone. | | Honestly this sounds like fun to impose on your family. We're | going to hide from Disney tracking! We're getting a fancy Uber, | everyone gets a radio, and we're painting our faces! Yes you | can pain your arms too kids! | altacc wrote: | I'd add to your list: being aware of how this data is used and | thinking before interacting with algorithmic content & | advertising. Having worked in advertising during a younger & | less jaded period of my life, knowing the aims and tactics they | use helps reduce their effectiveness. | | Eliminating tracking for other, more nefarious uses, is very | difficult and largely impractical against a motivated enough | opponent. This is where we need governments to reign in | corporate interests and human rights & privacy advocates to | reign in the governments as much as possible, as they will | happily increase surveillance as much as they can, in the name | of security and a quite life. | autoexec wrote: | > Having worked in advertising during a younger & less jaded | period of my life, knowing the aims and tactics they use | helps reduce their effectiveness. | | It's best to be aware of what they're doing and how, but I'm | not sure how much it helps protect us. I can't seem to find | it now, but I'm pretty sure I've seen research saying that | awareness doesn't offer much defense. Our brains are simply | susceptible to certain attacks and like an optical illusion | that can't be unseen even when you know what's wrong, we're | still influenced to some degree by the kinds of manipulations | commonly used by advertisers. | ohthehugemanate wrote: | yes it sounds amazingly hard. but then , opting out doesn't | have to be an all or nothing. And it doesn't have to be all at | once. Small steps are much better than no steps! | | this post (same author) talks about how to he strategic and | selective about your opt outs. Not everyone has to be an | extremist! | | https://www.optoutproject.net/the-secrets-to-my-success/ | cyberlyra wrote: | (Original author here.) Yes, living this way is sometimes | exhausting. I don't expect others to do what I do. I often go | to extremes to reveal how complicated opting out actually is, | in an effort to point the way to an alternative path that | doesn't require all this surveillance. There's more about that | here: https://www.optoutproject.net/about-the-opt-out-project/ | russdill wrote: | Surveillance technology will only improve. Trying to live | this way will become impossible. The only solution is | regulation. | genocidicbunny wrote: | > As an academic exercise I guess it's interesting, but living | this way must be truly exhausting. | | Especially because it's not sufficient against a motivated | adversary. Disney wants the data, but they're not going to | expend extra effort to catch the few people that slip through, | it's not worth it to them. For example, Disney could be using | gait recognition in addition to all the other stuff they do, | and that could significantly help to tie together activities; | But this is not economical to implement right now, | beenBoutIT wrote: | As an academic exercise it's interesting as a solo project or | as an adventure with a fellow researcher. With the kids it's | effectively spoiling their vacation while teaching them | things they shouldn't have to know or understand for at least | a few more years. | ye-olde-sysrq wrote: | > gait recognition | | Luckily the British have been preparing for this via decades | of funding for the Ministry of Silly Walks | zucked wrote: | I could imagine that certain people would have a risk profile | that might necessitate this kind of behavior -- but that kind | of person wouldn't turn around and blog about it 1.) calling | attention to it 2.) giving Disney more pieces to the puzzle | if they were motivated enough to solve it. | | You're right - the average person doesn't need to have that | kind of stance. Even if they were a real target, much higher | value targets slip through the cracks _all the time_. We 're | not nearly as good at data processing as we think (yet). | mixmastamyk wrote: | Just wait, this is not the final stop at the train, by any | means. Certainly D could afford it, price is not a problem. | graphe wrote: | Why is it exactly economical for China, but not Disney? They | already have the video. They can do it at any time. They have | night vision and lots of other tech so I doubt expenses will | stop them. | orangecat wrote: | The Chinese government is particularly interested in | identifying people who are trying to avoid being | identified; Disney isn't. | [deleted] | babypuncher wrote: | Disney is profit-motivated. Doubling the cost and | complexity of your surveillance system to capture 5% more | data _at best_ is probably not worth it. | genocidicbunny wrote: | China isn't interested in it being economical. They have | different goals with their systems. | | Notice I also said that its not economical _right now_. In | the future it may very well become that. | | I'm not aware of the actual state of b2b offerings for this | kind of tech, but I'd imagine that when someone starts | offering a reasonably priced turnkey solution for this sort | of thing, Disney will start using it; Along with everyone | else. | splitstud wrote: | [dead] | pixl97 wrote: | To rephrase this another way | | What is the potential economical cost of a dissenter? For | Disney it's not likely much. For a government it could be | loss of control. | zdragnar wrote: | I don't think Disney is really an adversary in this | scenario (where an adversary is not purely economically | transactional); the recognition is primarily geared towards | (a) analyzing general patterns to optimize (b) selling you | more things you would be interested in buying. Their | motivation is entirely economical. | | These detection tools aren't perfect, and there is a | diminishing return on getting that last few percent of | people who slip through the cracks. At some point, it isn't | worth the effort. | | China, on the other hand, is motivated by more than mere | economics. It is also interested in analyzing general | patterns- they are a partial-command society given the | extensive centralized planning that goes into the economy | and social behaviors. However, the people who attempt to go | unseen are precisely the most important people to observe- | the bad actors, the malcontents, those most likely to cause | trouble (Luan ) to an otherwise harmonized society. | JohnFen wrote: | > Their motivation is entirely economical. | | That doesn't mean it's not adversarial. | GauntletWizard wrote: | Viewing everyone trying to sell you things, particularly | the ones who you are actively seeing out to buy | entertainment from, as adversaries is a pretty self- | defeating approach. | nehal3m wrote: | Setting up a surveillance system to part you from your | money sounds adversarial to me in the combative sense. | That said, adversarial doesn't necessarily imply | hostility, does it? | autoexec wrote: | Companies Wanting to sell people things isn't the | problem. Using the most mundane details of our life to | manipulate us, and to extract as much money from us as | possible is a problem. So is failing to secure that data. | | https://www.foxbusiness.com/lifestyle/disney-responds-to- | all... | | https://finance.yahoo.com/video/disney-responds-data- | breach-... | | https://chipandco.com/the-walt-disney-world-dolphin- | hotel-wa... | oarsinsync wrote: | What do you consider a smart TV vendor who advertises to | you on your own TV? | graphe wrote: | There isn't an opt out for things like facial tracking, | and it doesn't bring benefit unless your goal is to be | sold things based on being calculated. If they had a way | to automatically track you for your benefit like | emotional distress, lost kids, etc it is not adversarial. | My goal is to not be sold things I don't need or to add | to their data, so I don't go to Disneyland. | | Is there any benefit to the end user if they're not | interested in being sold to? If I don't get one is | adversarial and they are my enemy. | JohnFen wrote: | You're right. But I'm not doing that. I view the data | collection and the use the data is put to as adversarial, | not necessarily the efforts to sell me things. | | Although that can be very adversarial, too, depending on | how the sales effort is conducted. | JohnFen wrote: | > but living this way must be truly exhausting. | | Indeed. I care a lot about this stuff, but my solution isn't to | go to extremes to evade it. I just avoid it. For instance, | there's zero chance I'd set foot on a Disney property, | specifically because of these issues. | brmgb wrote: | > I care a lot about this stuff | | Honest question, why? | | I am generally favourable to limiting the tracking we allow | companies to perform at the legislative level because I'm | pretty sure they are going to end up doing something | nefarious to some group at some point going after a quick | buck. I don't think the government should hold more than | necessary because I fear what they can find in the aggregate. | | But on a personnal level? What do you gain from going to | extreme to avoid the surveillance you think you know? It | seems to be a hassle with no upside. | mixmastamyk wrote: | Yes, and much less exhausting than a day at a theme park. But | I'm sad for the kids, who don't deserve this surveillance or | else. | beenBoutIT wrote: | Intelligent systems look for outliers and evaders as | potential threats. This guy going so far out of his way to | evade detection most likely got him flagged and monitored to | an extra degree. | | What kind of meaningful data is Disney going to gather on | people based on their limited range of actions within the | theme park context? This dad drinks Coke and never drinks | Pepsi, dislikes the tea-cup ride... | winterqt wrote: | > Unlike an iPhone, my phone doesn't learn much about who is | tethering to it, nor does it relay to the access point what is | going on or who is accessing it. | | Anyone know what they're referencing here? ___________________________________________________________________ (page generated 2023-02-01 23:00 UTC)