>“The cookies and pixels we use are industry standard technologies and enable hundreds of thousands of businesses to grow their businesses and reach customers across the EU,” said Facebook’s VP of public policy for EMEA
If it is "industry standard", does that make it ethical?
I think the implication is more, "why are you only paying attention to us? If you think this is a bad practice, then you should be going after our competitors, too."
Corporations tend not to mind if you take away a business strategy of theirs, as long as you take it away from everybody else at the same time. If you only take it away from one corporation, that corporation will be temporarily outcompeted by the corporations you haven't yet taken the business strategy away from, so they heavily resist that.
> if it is "industry standard", does that make it ethical
Nope, not at all. Standard practice does not override ethics. Tobacco companies would consider advertising and promoting smoking as industry practice, but we cracked down down on that because encouraging people to do something that is demonstrably bad for their health was something we decided wasn't ethical and would be cracked down on.
Besides being a weak argument in such a context, it's disingenious. FB set the industry standard. Maybe half the standard along with Google.
FB's system is much more reliant on tracking though. Google's can at least work anonymously, eg searched 'dentists' in some area. FB's is almost useless without tracking.
>enable hundreds of thousands of businesses to grow their businesses
Seems innocuous enough until you really think about what they're saying. "But, tracking these people without their consent allows companies, including us, to make money off of them".
That's actually a pretty brazen thing to say; as if the fact that people can be monetized should trump their right to privacy.
It doesn't. And it is a mistake to take ethics for granted and think of it as a norm because the majority of people, including those who govern and implement businesses make unethical things every day. I hope this might change once but for today the only constructive strategy is to accept this fact and defend yourselves.
Looking forward to May (when GDPR officially comes into force). Provided that it doesn't end up like the cookie law (and there are explicit provisions in GDPR and ePrivacy to avoid that) this might shake up the ad industry:
* Explicit consent for non-essential data use, you always need to provide opt-out without degrading the service
* Opt-in/out separately for every activity (no more "research purposes")
* Data deletion and takeout. Maybe in the future EU will also introduce some standards for the takeout, which will allow us to migrate between services much easier (as we now can switch between banks or telcos in a semi-automatic way)
What we are seeing is that the ad providers are considering themselves "controllers" under the GDPR and the tracking of device ad identifiers as critical to their business. Hence, their plan is to inform of the collection via a privacy policy but not to offer users the opportunity to affirmatively consent to allowing their advertising ID to be tracked. It's dispiriting.
Can you elaborate on what you mean by "doesn't end up like the cookie law"? I'm an American and don't have much awareness of this other than I've noticed that sites in the EU like the Guardian tend to have annoying banners saying they use cookies at the bottom of their splash screens.
Explicit consent is the principle I'm most curious (and pessimistic) about. It's one of those things that are very easy to describe in everyday terms, but almost impossible for legal enforcement to work with.
There are rules about things banks have to inform you of, or pharmaceuticals. On the academic side, this can be effective. Disclosure and making information public. On the consumer side it is almost always disingenuous. Small print meticulously written by compliance officers and reviewed by regulators. No one seems capable of stepping back and asking "are consumers better informed."
When internet service X wants you to know your card is about to expire, they make sure that you are informed. When a regulator wants you to be informed about cookies.... we get small print, and a nag screen making us promise that we read it.
Note: the following questions are not because I'm trying to figure out how to work around GDPR. They are to help figure out just what the meaning of it is. Imagining hypotheticals that try to work around a law is a common method in legal circles for clarifying the law. My employer does not keep any data that would be problematic, and compliance looks like it will be pretty easy for us [1].
> Explicit consent for non-essential data use, [...]
This raises a bunch of questions. Anyone know the answer to any of these?
1. Suppose that the data is used to pay for keeping the site afloat? Does that make it essential?
> [...] you always need to provide opt-out without degrading the service
2. Suppose my site is presented as a site that has basic and premium content. The premium content is behind a subscription paywall.
On the paywall, it offers to waive the subscription fee if you consent to non-essential data use. If you either do not consent, or, after consenting later change your mind and opt-out, is it "degrading the service" if I no longer let you have access to the material behind the paywall?
3. In #2, does it matter if that's how my site works for people that I can identify as being the EU, but works different for people elsewhere (e.g., for people in the US it collects data on everyone and does not offer the option to pay)?
4. Suppose I just say "the hell with this...I don't want to deal with GDPR", and have my site ask first time visitors if they are in the EU or EU citizens.
If they say that are not, I set a cookie that records this, and they get my normal site, which only follows whatever data collection rules my country imposes.
If they say they are, I just send them to a page that says EU people are not allowed to use my site.
What's the situation if someone inside the EU lies and tells me that they are not in the EU? Am I in violation of GDPR for keeping forbidden data on them, or does their lying to me count as consent?
[1] In fact, most of the data we keep on EU customers is data that we don't even want to keep, but the EU is requiring us to keep it for VAT MOSS reporting. Before VAT MOSS, all our EU sales went through a UK entity, and we paid UK VAT on all of them, which required much less information for reporting.
The jurisdiction stuff is disturbing. Having separate rules/rulings for Belgium, Turkey, Venezuela, etc... It's (a) not practical and will end up helping incumbents .(b) It really curbs the internet's ability to promote an open information norm.
Privacy is an issue and we need to do something about it. But, I have a real feeling cencorship, corporate-protectionism, copyright and other agendas will tag along, once the legislature-courts-enforcement complex is up and running. The sorry state of international law/governance isn't helping, including even the EU.
Meanwhile, the recent history of legislative action (eg, the "cookie laws") are not encouraging. I don't think legislators were even aware that it would amount to nothing more than nag screens and terms of use. Don't use incognito, or every site will nag you again, your consent is mandatory and stored as cookie, for extra irony.
Ultimately, these things would have been better dealt with at the standards/protocols/browsers level, but I think that ship has sailed.
I’m looking forward to the GDPR. It seems to target all the failures of the cookie law.
The GDPR will not allow blanket consent statements, it will not allow “permission bundling” (eg. allow acces to everything or you can’t use the site).
The changes Twitter rolled out in preparation of the GDPR look like a good thing.
We’ll see how it turns out, but I think the GDPR will actually force companies to change, beyond cosmetic changes. And since it is valid for all “data subjects” in the EU, companies will have to consider that. The EU is too large a market that companies can ignore it.
The jurisdiction stuff is disturbing. Having separate rules/rulings for Belgium, Turkey, Venezuela, etc...
It's (a) not practical and will end up helping incumbents .
(b) It really curbs the internet's ability to promote an open information norm.
I find it disingenious of FaceBook to be serving all the EU equally, then claim that Belgium's jurisdiction doesn't cover them because they're based in Ireland. That sounds like having your cake and eating it.
> The jurisdiction stuff is disturbing. Having separate rules/rulings for Belgium, Turkey, Venezuela, etc... It's (a) not practical and will end up helping incumbents
I don’t think so. Only really large corporations are able to serve all areas anyways. Most small companies in the world already cannot afford to serve multiple jurisdictions.
Having jurisdictional restrictions on things like tracking cookies and other invisible forms of surveillance doesn't prevent the internet from working, it does interfere with malicious business models though.
One of the good things about HN is that the engineers working and building these features are likely reading these posts too, I'm curious how one implements these things. Are engineers (some of the brightest ones) not realizing that some of their actions are ethically questionable, or is the big picture not visible to the average engineer in a large company like FB? I assume that many have the exact same reaction and don't think it's okat when discussing this topic - can hardly see anyone defending the current status quo.
In an ideal world, engineers would be perfectly ethical. But, you know, said hyperbolically, sociopaths can be engineers too. You should not induce from your own values to people in general.
Even apart from people without any values.. most engineers don’t hang out on HN, and don’t care much about global scale politics. They care about things that affect them in a very immediate way - family wellbeing, friends, coworkers, and how to pay the bills. I think many don’t infer how much of an impact their actions actually have, since they are „only spokes in the wheel“.
Was about to post the same. Ghostery for me reports 22 trackers on the website, 3 of which are from facebook, including the "pixel" tracker that is mentioned in the article.
What is Facebook's end game here, I don't get it. GDPR is around the corner, it certainly won't fly under GDPR so why the jurisdiction argument even, the days for tracking people without consent is numbered - a rational organization would realize this.
I would think just say ok we stop doing it because we're going to have to stop doing it anyway. But they're not stopping, what is the plan?!?
If Facebook's business model is built around collecting and selling personal data, and more than 4% of their revenue globally comes from EU citizens, then they could decide to wilfully flout GDPR and just pay the maximum fine every year.
Another way they could deal with it is by disputing the EU-US privacy shield[1] or disputing the decision that overturned the original privacy safe harbour[2]. IANAL so I have no idea how they would do this, but it will be costly for ECJ and FB.
What's even worse is that they are effectively shafting everyone using their pixel to track sales through Facebook. If my understanding of GDPR is correct, Facebook's clients are liable under GDPR because they are giving their customers' data away (Facebook is data processor in that case). Facebook maintains 100% radio silence over it, and even if they come up with something tomorrow, it's too late for many to become compliant in time.
Any delay is money, so Facebook doesn't have an incentive to comply early.It makes more sense for them to appeal until all legal options are exhausted, even if it is clear that they will lose the lawsuit.
a sale or merger of the company. maybe a company like MSFT or Google would buy it, along with all the data. just think of the integration opportunities!
By saying "cookies and pixels" they are trying to downplay what they are really doing.
On a website where facebook pixel is installed, they track pretty much every form submitted and even the contents of those form submissions.
I think you dramatically overestimating the value that you might get from form submissions, provided you are intending to commit identity fraud. Which literally no-one is suggesting ad tracking is doing.
In order to make these decisions enforceable we need to collaborate with ISPs to anonymize traffic. Government action is necessary.
I've contemplated far too long on this problem and there's no other solution. You can make them say that don't store your data, but that's pretty much always a lie. We can build browsers that reject cookies, but you can't get rid of your IP. All these services can simply track you through your IP. A significant change in networking infrastructure is required, and I'm hopeful that quite a few countries will resort to that soon for reasons of national security.
There are many situations, think university or corporate networks, where you cannot rely on the IP address for tracking. There are ISPs that don't have enough IP addresses for users so they many-to-one NAT them and most users won't even notice.
Even behind an ISP or corporate NAT with cookies disabled, there are other ways of tracking. If JavaScript is enabled, browser fingerprinting can be very disturbing in its ability to single you out, depending on your configuration.
More generally, I always found this obsession with tracking non-users one of the creepier aspects of Facebook when I finally used it circa 2011 - 2012. The amount of information it had about me that could only have come from web browsing before I had signed up, such as local takeaways and restaurants I had used, was impressive but unnerving.
What do mean? Isn’t this verdict a pretty good example of how the law actually is enforceable?
For Facebook to lie in such a lawsuit would require hundreds of their employees being willing to lie under oath. It just doesn’t make sense, considering they would risk harsh criminal sanctions and have only their usual salary as an upside.
As for IP-based tracking: if it were as effective as cookies, websites would use IPs and not cookies.
Good thing the EU exists as a human rights and consumer watchdog, even if some may argue the protectionist angle, as the US is sure to do f all about it.
My question is, will I be able to use gmail without my google searches being tracked?
Google did a great job to "bundle" its ToS into a single generic agreement for all the services under that "Your Google account" umbrella.
I would love to opt out of that agreement, retroactively, and still be able to use gmail.
It would seem that GDPR requires this ability to exist. Let's wait a few months and see what actually comes out of this and how Google will handle that; AFAIK they haven't laid out how exactly they will comply.
You can't interact with Google in any way without being tracked. Use DuckDuckGo and another mail service like ProtonMail or your own self hosted solution.
I would also strongly recommend not using Gmail. Google sifts through your e-mails, which compromises a cornerstone of your digital identity. People needing to send you an e-mail will also seldomly appreciate their e-mail being read by Google.
To answer your question, though, if you live in the EU, then the GDPR, due to be enforced on the 25th of May, does make this practise of Google most definitely illegal. So, in like two years from now, when the lawsuit regarding this concludes and Google is actually forced to follow the law, then you should be able to.
If you still cannot be convinced to drop Gmail, there might be a technical solution to your problem, too.
For Firefox, there's an official extension called Multi-Account Containers, which allows you to have different sets of Cookies in different groups of tabs. And you can tell it to always open certain webpages in certain containers.
Then click the new Multi-Account Container button in the toolbar and from there open a new tab in a Container (you can also create a Container specifically for this, if you want).
Then in this new tab, open up Gmail and log in, and again click the Multi-Account Container button in the toolbar and tick "Always open this website in ...".
Finally, open up a new (non-Container) tab and log out from Google there.
Morals and ethics are just a temporal deterrent in a social markup. We should grow out of that fallacy and start facing issues directly. Until this is not technicaly impossible to achieve, we will keep going down this path.
It seems like there have been many recent setbacks for FB on the privacy side. When do these setbacks begin to have material impact on the stock price?
I'd be surprised, if it hasn't yet had an impact. As you say, there's been a lot of losses for Facebook recently. I think, we're now up to 4 rulings of Facebook's data use being illegal in the past two weeks.
People considering to buy stock and people owning stock should hopefully be informed enough that noticed this.
There's also the GDPR upcoming in May. I cannot imagine that Facebook won't make losses when that hits. They might be able to defer the impact by mostly ignoring the law until they get sued, but ultimately it really just seems like it's going to be downhill from here on, which is not what anyone looking to buy stock is after.
You know, I am a pretty staunch supporter of minimalistic restrictions on corporate behavior, putting faith instead in markets. But this seems like the kind of problem I'd consider looking to solve through legislation.
Although I should say, not without hesitation, given the extreme discrepancy between rates of change in tech and law. I would hate to see seemingly well meaning legislation passed for something like this and then turned against us by our friends at the NSA, for example.
If you're a supporter of minimal legislation then what's wrong with the courts handling it, as in this case?
A major tech company tracking users across the web beyond their own limited use-case platform is a relatively new phenomenon but now that it's been established in the courts as a big financial and PR risk then there is a big deterrent from future companies doing it. And often courts in other western countries take note of precedence defined in major foreign courts to define their own.
Formalizing this in legislation always seems to sound like a good idea in the short-term. But in practice it's often really hard to define preemptive regulatory systems that work efficiently (and relevant to todays realities), especially in technology, as well as more expensive to enforce via agencies/auditors, and will likely end up wastefully crossing over into many areas/situations which are totally harmless in practice or having negative side-effects which outweigh the benefits, such as harming innovation.
I'd rather we deal with negative behaviour on a case-by-case basis.
We have lots of restrictions on corporate behavior because markets do not solve human problems, they solve corporate problems.
The corporate response to long hours and low pay is to put up suicide nets. In the U.S. we have minimum wage, hourly restrictions, break, and overtime laws.
You can't trust the market to weed out bad players when the bad players are the ones with enough money to buy public perception and government influence. You have to force them to do the right thing through legislation.
>Although I should say, not without hesitation, given the extreme discrepancy between rates of change in tech and law.
The law is already far behind in this case. It implicitly assumes all databases allow for a CRUD workflow. But now we have blockchains/distributed databases where the UD part of CRUD is literally impossible. It will be very interesting to see how the courts deal with personal data stored in this manner...
> You know, I am a pretty staunch supporter of minimalistic restrictions on corporate behavior, putting faith instead in markets.
Why don't you put your faith in data? If you're a engineer that's presumably what you're already doing in every other respect of your life. It doesn't seem to me that starting out already having decided on what the best approach is will lead to the best decisions.
Minimalistic restrictions work if you also help to ensure a working marketplace with healthy and robust competition. When few players dominate the marketplace, even if they are not technically "monopolies," the market is dysfunctional.
I'm genuinely surprised that in this thread we're not seeing the usual idea that this is just the oppressive EU trying to exploit poor American companies.
Is it because the article relates to evil Facebook and not Google?
So if a court in country X finds the fact that tracking non FB users is illegal the Americans should side with the criminal because X!=USA, Google and FB are the biggest companies that do this illegal things so it is so obvious that citizens and organization with sue this big companies and not some obscure forum in country X(if there is such small company that can even track users outside it's own website)
Also give me examples of EU companies that track users on most of the internet.
I think it's because most people in this community (hopefully) see invasive tracking as being a terrible thing, which is why most of us run ad-blockers.
Even if thousands of businesses across Europe depend on tracking users, I do not think it's enough of a reason not to fight against it, and i would be very happy if those businesses go belly up tomorrow if tracking is outlawed. A business so dependent on completely immoral, outright evil intrusive surveillance does not deserve to be kept alive by exploitation of our rights.
Some comments were deferred for faster rendering.
fouc|8 years ago
If it is "industry standard", does that make it ethical?
derefr|8 years ago
Corporations tend not to mind if you take away a business strategy of theirs, as long as you take it away from everybody else at the same time. If you only take it away from one corporation, that corporation will be temporarily outcompeted by the corporations you haven't yet taken the business strategy away from, so they heavily resist that.
FridgeSeal|8 years ago
Nope, not at all. Standard practice does not override ethics. Tobacco companies would consider advertising and promoting smoking as industry practice, but we cracked down down on that because encouraging people to do something that is demonstrably bad for their health was something we decided wasn't ethical and would be cracked down on.
dalbasal|8 years ago
FB's system is much more reliant on tracking though. Google's can at least work anonymously, eg searched 'dentists' in some area. FB's is almost useless without tracking.
unclebucknasty|8 years ago
Seems innocuous enough until you really think about what they're saying. "But, tracking these people without their consent allows companies, including us, to make money off of them".
That's actually a pretty brazen thing to say; as if the fact that people can be monetized should trump their right to privacy.
onetimemanytime|8 years ago
Industry here is essentially Google and Facebook. The other "players" fight for the crumbs. Ethical? They need growth, every quarter.
rhizome|8 years ago
gregknicholson|8 years ago
Very much not an excuse. It's up to the business to work out how to do this within the law.
> and reach customers
If I am not a Facebook user I am not your customer.
qwerty456127|8 years ago
zaarn|8 years ago
A bit like when you wait for the green light to walk over the street; if you see someone walking the red light, you walk it too.
Of course you still get flattened by a semi-truck doing 50 kph.
unknown|8 years ago
[deleted]
quickben|8 years ago
gsich|8 years ago
I also don't see any advantage for the user, getting ads is not in their interest.
adamnemecek|8 years ago
EU doesn't care about this. Like this argument works only in the US.
dennisgorelik|8 years ago
Yes, tracking cookies is ethical. If some internet users do not want to get tracked - they can run their browser in Incognito Mode.
mziel|8 years ago
* Explicit consent for non-essential data use, you always need to provide opt-out without degrading the service
* Opt-in/out separately for every activity (no more "research purposes")
* Data deletion and takeout. Maybe in the future EU will also introduce some standards for the takeout, which will allow us to migrate between services much easier (as we now can switch between banks or telcos in a semi-automatic way)
nrjames|8 years ago
lbarrow|8 years ago
dalbasal|8 years ago
There are rules about things banks have to inform you of, or pharmaceuticals. On the academic side, this can be effective. Disclosure and making information public. On the consumer side it is almost always disingenuous. Small print meticulously written by compliance officers and reviewed by regulators. No one seems capable of stepping back and asking "are consumers better informed."
When internet service X wants you to know your card is about to expire, they make sure that you are informed. When a regulator wants you to be informed about cookies.... we get small print, and a nag screen making us promise that we read it.
tzs|8 years ago
> Explicit consent for non-essential data use, [...]
This raises a bunch of questions. Anyone know the answer to any of these?
1. Suppose that the data is used to pay for keeping the site afloat? Does that make it essential?
> [...] you always need to provide opt-out without degrading the service
2. Suppose my site is presented as a site that has basic and premium content. The premium content is behind a subscription paywall.
On the paywall, it offers to waive the subscription fee if you consent to non-essential data use. If you either do not consent, or, after consenting later change your mind and opt-out, is it "degrading the service" if I no longer let you have access to the material behind the paywall?
3. In #2, does it matter if that's how my site works for people that I can identify as being the EU, but works different for people elsewhere (e.g., for people in the US it collects data on everyone and does not offer the option to pay)?
4. Suppose I just say "the hell with this...I don't want to deal with GDPR", and have my site ask first time visitors if they are in the EU or EU citizens.
If they say that are not, I set a cookie that records this, and they get my normal site, which only follows whatever data collection rules my country imposes.
If they say they are, I just send them to a page that says EU people are not allowed to use my site.
What's the situation if someone inside the EU lies and tells me that they are not in the EU? Am I in violation of GDPR for keeping forbidden data on them, or does their lying to me count as consent?
[1] In fact, most of the data we keep on EU customers is data that we don't even want to keep, but the EU is requiring us to keep it for VAT MOSS reporting. Before VAT MOSS, all our EU sales went through a UK entity, and we paid UK VAT on all of them, which required much less information for reporting.
dalbasal|8 years ago
The jurisdiction stuff is disturbing. Having separate rules/rulings for Belgium, Turkey, Venezuela, etc... It's (a) not practical and will end up helping incumbents .(b) It really curbs the internet's ability to promote an open information norm.
Privacy is an issue and we need to do something about it. But, I have a real feeling cencorship, corporate-protectionism, copyright and other agendas will tag along, once the legislature-courts-enforcement complex is up and running. The sorry state of international law/governance isn't helping, including even the EU.
Meanwhile, the recent history of legislative action (eg, the "cookie laws") are not encouraging. I don't think legislators were even aware that it would amount to nothing more than nag screens and terms of use. Don't use incognito, or every site will nag you again, your consent is mandatory and stored as cookie, for extra irony.
Ultimately, these things would have been better dealt with at the standards/protocols/browsers level, but I think that ship has sailed.
jakobegger|8 years ago
The GDPR will not allow blanket consent statements, it will not allow “permission bundling” (eg. allow acces to everything or you can’t use the site).
The changes Twitter rolled out in preparation of the GDPR look like a good thing.
We’ll see how it turns out, but I think the GDPR will actually force companies to change, beyond cosmetic changes. And since it is valid for all “data subjects” in the EU, companies will have to consider that. The EU is too large a market that companies can ignore it.
kitd|8 years ago
the_mitsuhiko|8 years ago
I don’t think so. Only really large corporations are able to serve all areas anyways. Most small companies in the world already cannot afford to serve multiple jurisdictions.
pjc50|8 years ago
- single Internet jurisdiction, overriding national sovereignty; in practice this means letting America run the Internet
- National Internet jurisdictions, which potentially come with some sort of virtual border policing; Great Firewall(s)
- lawlessness, which libertarians will like but produces outcomes increasingly unacceptable to the public
te_chris|8 years ago
majewsky|8 years ago
If you dislike that, you should be happy about the GDPR since it's harmonizing data protection law across 28 EU member states.
kome|8 years ago
That's like saying that democracy is disturbing, but it's the best we have got. FB should respect laws in Belgium, that's it.
I don't trust "governance", I trust "government": because it is only at a national level that we see a bit of democratic accountability.
kerng|8 years ago
dnate|8 years ago
From that sample size I'd estimate the percentage of engineers who don't care about ethics to be at least around 10%.
manmal|8 years ago
Even apart from people without any values.. most engineers don’t hang out on HN, and don’t care much about global scale politics. They care about things that affect them in a very immediate way - family wellbeing, friends, coworkers, and how to pay the bills. I think many don’t infer how much of an impact their actions actually have, since they are „only spokes in the wheel“.
anaganisk|8 years ago
YeGoblynQueenne|8 years ago
Giroflex|8 years ago
gkya|8 years ago
fwdpropaganda|8 years ago
bryanrasmussen|8 years ago
I would think just say ok we stop doing it because we're going to have to stop doing it anyway. But they're not stopping, what is the plan?!?
cantagi|8 years ago
Another way they could deal with it is by disputing the EU-US privacy shield[1] or disputing the decision that overturned the original privacy safe harbour[2]. IANAL so I have no idea how they would do this, but it will be costly for ECJ and FB.
[1] https://en.wikipedia.org/wiki/EU-US_Privacy_Shield [2] https://en.wikipedia.org/wiki/International_Safe_Harbor_Priv...
lambdadmitry|8 years ago
wsy|8 years ago
juststeve|8 years ago
halukakin|8 years ago
lotu|8 years ago
StreamBright|8 years ago
sure, I guess the entire tech industry would be dead without tracking users
John_KZ|8 years ago
dpwm|8 years ago
Even behind an ISP or corporate NAT with cookies disabled, there are other ways of tracking. If JavaScript is enabled, browser fingerprinting can be very disturbing in its ability to single you out, depending on your configuration.
More generally, I always found this obsession with tracking non-users one of the creepier aspects of Facebook when I finally used it circa 2011 - 2012. The amount of information it had about me that could only have come from web browsing before I had signed up, such as local takeaways and restaurants I had used, was impressive but unnerving.
shaki-dora|8 years ago
For Facebook to lie in such a lawsuit would require hundreds of their employees being willing to lie under oath. It just doesn’t make sense, considering they would risk harsh criminal sanctions and have only their usual salary as an upside.
As for IP-based tracking: if it were as effective as cookies, websites would use IPs and not cookies.
pishpash|8 years ago
Monk_NT|8 years ago
dschuetz|8 years ago
jwilk|8 years ago
sxates|8 years ago
2aa07e2|8 years ago
PeterisP|8 years ago
Sir_Cmpwn|8 years ago
Sylos|8 years ago
To answer your question, though, if you live in the EU, then the GDPR, due to be enforced on the 25th of May, does make this practise of Google most definitely illegal. So, in like two years from now, when the lawsuit regarding this concludes and Google is actually forced to follow the law, then you should be able to.
If you still cannot be convinced to drop Gmail, there might be a technical solution to your problem, too.
For Firefox, there's an official extension called Multi-Account Containers, which allows you to have different sets of Cookies in different groups of tabs. And you can tell it to always open certain webpages in certain containers.
So, you would install the extension: https://addons.mozilla.org/en-US/firefox/addon/multi-account...
Then click the new Multi-Account Container button in the toolbar and from there open a new tab in a Container (you can also create a Container specifically for this, if you want).
Then in this new tab, open up Gmail and log in, and again click the Multi-Account Container button in the toolbar and tick "Always open this website in ...".
Finally, open up a new (non-Container) tab and log out from Google there.
sirmoveon|8 years ago
unknown|8 years ago
[deleted]
obblekk|8 years ago
Sylos|8 years ago
People considering to buy stock and people owning stock should hopefully be informed enough that noticed this.
There's also the GDPR upcoming in May. I cannot imagine that Facebook won't make losses when that hits. They might be able to defer the impact by mostly ignoring the law until they get sued, but ultimately it really just seems like it's going to be downhill from here on, which is not what anyone looking to buy stock is after.
billysielu|8 years ago
anentropic|8 years ago
JepZ|8 years ago
Just awesome...
xtf|8 years ago
vpribish|8 years ago
allthenews|8 years ago
Although I should say, not without hesitation, given the extreme discrepancy between rates of change in tech and law. I would hate to see seemingly well meaning legislation passed for something like this and then turned against us by our friends at the NSA, for example.
dmix|8 years ago
A major tech company tracking users across the web beyond their own limited use-case platform is a relatively new phenomenon but now that it's been established in the courts as a big financial and PR risk then there is a big deterrent from future companies doing it. And often courts in other western countries take note of precedence defined in major foreign courts to define their own.
Formalizing this in legislation always seems to sound like a good idea in the short-term. But in practice it's often really hard to define preemptive regulatory systems that work efficiently (and relevant to todays realities), especially in technology, as well as more expensive to enforce via agencies/auditors, and will likely end up wastefully crossing over into many areas/situations which are totally harmless in practice or having negative side-effects which outweigh the benefits, such as harming innovation.
I'd rather we deal with negative behaviour on a case-by-case basis.
mtgex|8 years ago
The corporate response to long hours and low pay is to put up suicide nets. In the U.S. we have minimum wage, hourly restrictions, break, and overtime laws.
You can't trust the market to weed out bad players when the bad players are the ones with enough money to buy public perception and government influence. You have to force them to do the right thing through legislation.
bobcostas55|8 years ago
The law is already far behind in this case. It implicitly assumes all databases allow for a CRUD workflow. But now we have blockchains/distributed databases where the UD part of CRUD is literally impossible. It will be very interesting to see how the courts deal with personal data stored in this manner...
fwdpropaganda|8 years ago
Why don't you put your faith in data? If you're a engineer that's presumably what you're already doing in every other respect of your life. It doesn't seem to me that starting out already having decided on what the best approach is will lead to the best decisions.
pishpash|8 years ago
fwdpropaganda|8 years ago
Is it because the article relates to evil Facebook and not Google?
simion314|8 years ago
Also give me examples of EU companies that track users on most of the internet.
s73v3r_|8 years ago
nukeop|8 years ago
madshiva|8 years ago
[deleted]
Kenji|8 years ago
j1mb0|8 years ago
[deleted]
hindifire|8 years ago
[deleted]
polskibus|8 years ago
michaelmrose|8 years ago
simion314|8 years ago
Maybe send the army or CIA to change some governments, some citizens dare not have FB accounts, they must have something to hide /s