|
BlueBlazer posted:Rights need to be given to us by our idiot rear end law makers so maybe its time we started talking about what those could be. I think that allowing folks to request the deletion of data they have provided a specific company (and by this I would include things like search history, purchases, and Netflix viewing logs) would be a good first step. Realistically though, it's just going to lead to more companies operating as grey-market data brokers, and I'm not sure that is an improvement.
|
#
?
Apr 6, 2018 19:56
|
|
|
|
| # ? Jun 4, 2024 19:36 |
|
|
gently caress facebook and just let your profile rot. I guess I could delete mine but I'm not sure what kind of use anyone would get from outdated, now mostly incorrect information in terms of 'interests' dating back to over a decade ago, a dead email address, a dead phone number, and old college photos. Then again, I bet there's some group of people working for some ad company somewhere that have been looking for ways to continue to target decades old data on people as you can make some pretty decent inferences about what someone might be interested in buying now based on DOB, past interests etc.
|
|
#
?
Apr 6, 2018 20:30
|
|
|
Baronash posted:I think that allowing folks to request the deletion of data they have provided a specific company (and by this I would include things like search history, purchases, and Netflix viewing logs) would be a good first step. Realistically though, it's just going to lead to more companies operating as grey-market data brokers, and I'm not sure that is an improvement. i can't tell you how much i'm looking forward to GDPR Day. (my company is quite well prepared and p much everyone is on board with the aims of the GDPR, and also our business model is to get our customers to love us so we want them to be happy with us.) so many people i know are looking forward to sending variants on the GDPR Nightmare Letter to all manner of organisations. And we're British. We regard bureaucracy as our favourite blood sport.
|
|
#
?
Apr 7, 2018 01:17
|
|
|
BlueBlazer posted:Of course we should be worried, we have literally zero recourse as individuals at this point. Perhaps a bit semantic, but a right given is a right that be taken. Say rather that law makers should be held accountable for respecting our inherent rights.
|
|
#
?
Apr 7, 2018 01:57
|
|
|
Dylan16807 posted:There's a huge difference between "one of my friends revealed specific information about me on purpose" and "my friend clicked 'forward' in an app and that app got everything I have ever posted" It occurs to me that this is essentially the traditional UNIX security model writ large: The quiz is “running as” your friend so it has all the same permissions as your friend when it comes to what they have access to from others. There’s a reason modern operating systems use techniques like capability-based security and sandboxing rather than simple user ID checks. “Apps” running against social media platforms need to do the same thing, and not be allowed blanket access to all the same things the users running them do.
|
|
#
?
Apr 7, 2018 18:56
|
|
|
eschaton posted:It occurs to me that this is essentially the traditional UNIX security model writ large: The quiz is “running as” your friend so it has all the same permissions as your friend when it comes to what they have access to from others. Social media platforms do have capability-based permissions, it's just that no one pays particular attention to them. All those apps have to request access to specific info, but most people just click through without paying attention. Just like people install apps on Android without much critical thought about "hey, why does this fart noise app need access to my call history???" Before this scandal, I don't think much thought was given to the risks of allowing friends to share their friends' data to which they themselves have access. I think the answer is not to create a new "app capability" but allow each user individually to restrict access to any of their data from third-party apps without authorization. I think the problem is that "my friend's data to which I have access" was seen as information I can choose to share, whereas a better privacy model would be to recognize that my friend's data should be controlled solely by my friend, and even though I have access I should not be allowed to share it.
|
|
#
?
Apr 7, 2018 19:08
|
|
|
PT6A posted:Before this scandal, I don't think much thought was given to the risks of allowing friends to share their friends' data to which they themselves have access. I think the answer is not to create a new "app capability" but allow each user individually to restrict access to any of their data from third-party apps without authorization. Or you can just not allow users to give apps access to their friends' data since there's no legitimate reason to ever do that I'm no computer expert though so maybe relying on users to enforce their own data protection has a really good track record? Gum fucked around with this message at 19:40 on Apr 7, 2018 |
|
#
?
Apr 7, 2018 19:37
|
|
divabot posted:i can't tell you how much i'm looking forward to GDPR Day. ooh, this is similar to some HITECH material I worked with in the US several years back, but much...more so. I love this kind of thing, it drives institutions to the brink. I hope it leads to improved standardization and harmoniz-hahahahahahaah
|
|
|
#
?
Apr 7, 2018 19:40
|
|
|
twodot posted:I suppose you've got a law or business proposal that will solve the problem of "I shared data with my friend, and then my friend shared that data with third parties"? Your friend didn’t share your data though, your friend took a quiz. The quiz shouldn’t be allowed to see anything your friend can see, the quiz shouldn’t even necessarily be allowed to see most of what your friend shares. When you run an app on iOS, it doesn’t have access to your address book, your GPS receiver, your photos, etc. unless (1) it specifically asks for each for some specific purpose and (2) someone in the approval process has affirmed that access is reasonable for what the app is going to do with that. And some access isn’t even possible to ask for, such as access to all documents, access to text messages and phone calls, and so on, and attempts to access this are blocked by the OS via capability based rather than ID based security. This can’t necessarily eliminate bad actors but it can make life a lot harder for them, especially when combined with other technical and business measures. (Such as the ability to insta-kill a bad actor.)
|
|
#
?
Apr 7, 2018 19:47
|
|
|
Gum posted:Or you can just not allow users to give apps access to their friends' data since there's no legitimate reason to ever do that Exactly. It’s just like iOS has no blanket “just give me access to the filesystem” entitlement that apps can ask for.
|
|
#
?
Apr 7, 2018 19:51
|
|
|
Gum posted:Or you can just not allow users to give apps access to their friends' data since there's no legitimate reason to ever do that An app that recommends jobs at places your friends work. An app that suggests restaurants based on ones your friends have rated. Plenty of other use cases that involve probing your friend group for recommendations. I'm not just making these up either, these were all apps that existed before Facebook removed the "Friends' Data" feature from their API in 2015. There were use cases, and Facebook kept the feature for years because it was valuable to developers and advertisers, and they prioritized those groups over your privacy.
|
|
#
?
Apr 7, 2018 20:03
|
|
|
”Advertising” is not a legitimate use case and most developers are bad. Facebook leadership is real dumb and prioritized short-term profit over long-term sustainability. gently caress ‘em. Bring on the regulation, heavy-handed as it may be. The industry is too stupid to save itself.
|
|
#
?
Apr 7, 2018 20:08
|
|
|
Baronash posted:An app that recommends jobs at places your friends work. An app that suggests restaurants based on ones your friends have rated. Plenty of other use cases that involve probing your friend group for recommendations. Yeah, I mean, we clearly know now that the risk-reward ratio in allowing that was all hosed, and it may have broken democracy, but that's because we have the gift of hindsight. It wasn't so obvious, before, just how risky that was.
|
|
#
?
Apr 7, 2018 20:21
|
|
|
eschaton posted:Exactly. It’s just like iOS has no blanket “just give me access to the filesystem” entitlement that apps can ask for. They also reject your entire app if it asks for a security permission and can't justify why it's needed. Or if you justify it but Apple thinks you're full of poo poo. Facebook could have implemented that model. It would have cost them money, though.
|
|
#
?
Apr 7, 2018 20:59
|
|
|
Kobayashi posted:The industry is too stupid to save itself. I think you mean greedy.
|
|
#
?
Apr 7, 2018 21:08
|
|
|
Discendo Vox posted:ooh, this is similar to some HITECH material I worked with in the US several years back, but much...more so. I love this kind of thing, it drives institutions to the brink. I hope it leads to improved standardization and harmoniz-hahahahahahaah it will lead to both really, it turns out keeping GDPR compliant is not actually hard unless your business model is to be a c*nt
|
|
#
?
Apr 7, 2018 22:35
|
|
|
divabot posted:it will lead to both I love how all these cunty SV companies are going to dump untold millions of developer hours into some half-assed firewall between EU and American dossiers instead of just accepting the winds of change. Half of them will still get sued and fined anyway, but hey burning obscene amounts of time and money to maintain the status quo is easier than adapting I guess.
|
|
#
?
Apr 7, 2018 23:38
|
|
|
Kobayashi posted:I love how all these cunty SV companies are going to dump untold millions of developer hours into some half-assed firewall between EU and American dossiers instead of just accepting the winds of change. Half of them will still get sued and fined anyway, but hey burning obscene amounts of time and money to maintain the status quo is easier than adapting I guess. My company figures other locales (Canada, California) are going to follow sooner or later so we're working on our compliance solution instead of half-assed kicking the can down the road
|
|
#
?
Apr 7, 2018 23:43
|
|
|
PT6A posted:Yeah, I mean, we clearly know now that the risk-reward ratio in allowing that was all hosed, and it may have broken democracy, but that's because we have the gift of hindsight. It wasn't so obvious, before, just how risky that was. Come on, Zuckerberg was pulled aside by Obama, told about the problems and he completely ignored what was going on. The only other person I can think of that completely ignored the advice of Obama and the IC like that is Trump.
|
|
#
?
Apr 8, 2018 04:21
|
|
|
Solkanar512 posted:Come on, Zuckerberg was pulled aside by Obama, told about the problems and he completely ignored what was going on. The only other person I can think of that completely ignored the advice of Obama and the IC like that is Trump. Very true, and that's on Facebook/Zuckerberg, but the problem wasn't known to exist until it already existed. Granted, it should've been fixed far earlier than it was, since it was noticed far before it became public. The problem isn't that Facebook didn't have perfect foresight of what malicious actors would do with their system, it's that they dragged their rear end when they found out. Focusing on the former distracts from the much more worrying problem of the latter.
|
|
#
?
Apr 8, 2018 05:04
|
|
|
Yeah, GDPR leaves a ton of interpretation space that can manufacture scenarios to threaten the viability of most segregated system implementations (remember it is not just data separation, but service, delivery, retention, etc... also expanded scope of EU protections around profiling and derived data along with strong language requiring legitimate legal business justification that adds teeth to regulation that has long been flaunted and insufficiently enforced) that , so many of the companies going this route are either entirely dependent on bubble status of US ad revenue, are banking on future viability of under-regulated developing markets, or are consumed with hubris and/or the inherent moral primacy of disruption. Everyone in the latter category and most in the previous will find themselves on the wrong end of an inquiry and realistically an ungodly amount of manhours have been spent on PRIVILEGED AND CONFIDENTIAL risk assessments and visible exposure mitigation strategies (including hoping, or ensuring, Facebook and Google serve as black holes of scrutiny). If you are a company that creates something of tangible social value, your biggest risk exposures are the gray areas of yet-to-be-litigated PII, an over-zealous marketing group indoctrinated in a landscape that has been increasingly merged with the lawless advertising hellscape, and strategy analysts who haven't come to terms with the idea that cowboy bullshit they do cannot always be protected as legitimate and legal just by placing it adjacent to an independent graph labeled "revenue." Oh, and "data scientists" and ML engineers who learned everything they know about statistical modeling as part of their Hack Week 2017 project entitled "Pile Of Useless Garbage: New Hotness Edition." Most well intentioned bad habits will be buried under the avalanche of management consultant process documents, as compliance with GDPR will require more concrete detail and actionable policy than the typical US regulatory frameworks. I honestly hope the EU is broad with interpretation and heavy handed in enforcement, and brings the US kicking and screaming along with it. I have little in the way of sympathy toward those businesses whose viability is threatened by GDPR enforcement.
|
|
#
?
Apr 8, 2018 06:04
|
|
|
PT6A posted:Very true, and that's on Facebook/Zuckerberg, but the problem wasn't known to exist until it already existed. Granted, it should've been fixed far earlier than it was, since it was noticed far before it became public. No, the problem really is that they didn’t model this blatantly obvious threat in their security reviews. It really is something that could be forseen: To use iOS as an example again, third party app development support premiered with pretty restrictive sandboxing, it didn’t start non-sandboxes and then restricted after-the-fact. (Though of course there were individual areas where sandboxing had to be added when things that were thought innocuous—or discoverable during review—turned out to need tighter restrictions after all.) Facebook should have never allowed apps access to any data but the user’s own, period. I’d be much more sympathetic to your argument if that was 80% the case and there were just a few specific friend-data pieces they had thought didn’t need restricting that later turned out to need it. Just saying “Apps run with all the same access as the user!” was lazy bullshit at the point when Facebook developed their third-party application model.
|
|
#
?
Apr 8, 2018 06:23
|
|
|
eschaton posted:No, the problem really is that they didn’t model this blatantly obvious threat in their security reviews. It really is something that could be forseen: To use iOS as an example again, third party app development support premiered with pretty restrictive sandboxing, it didn’t start non-sandboxes and then restricted after-the-fact. (Though of course there were individual areas where sandboxing had to be added when things that were thought innocuous—or discoverable during review—turned out to need tighter restrictions after all.) Because you're not describing a security threat but instead an explicit value-add for Facebook's customers. Remember, the users are not the customers.
|
|
#
?
Apr 8, 2018 06:42
|
|
|
eschaton posted:No, the problem really is that they didn’t model this blatantly obvious threat in their security reviews. It really is something that could be forseen: To use iOS as an example again, third party app development support premiered with pretty restrictive sandboxing, it didn’t start non-sandboxes and then restricted after-the-fact. (Though of course there were individual areas where sandboxing had to be added when things that were thought innocuous—or discoverable during review—turned out to need tighter restrictions after all.) Apps don't run with the same access as the user, though. They do a capability-based model, and the user must allow those apps access various bits of information that the user has access to. One of the things that a user has access to, though, is other friends' info. I agree in retrospect that sharing that needed to be more locked down, but I don't think it was as obvious as you make out, and as posted in the thread, there were some apps that used this data for what might be termed "legitimate purposes." I'll also point out that a lot of people were and are pissed off at iOS's sandboxing, to the point that they jailbreak their phones to get around the protections that Apple put in place -- many of which were criticized for forcing the user to use Apple's own apps for critical functions. So, no, I don't think that security model is obvious and without its own disadvantages. I think overall it's a good thing, and Facebook definitely deserves criticism for not fixing problems once known, but again, I don't think better security modelling beforehand would necessarily have fixed the problem. You can only defend against threats you realize exist.
|
|
#
?
Apr 8, 2018 13:12
|
|
|
Even if Magic Leap’s goggles suck, it can probably still make money off them This was apparently on the MIT Tech Review website until it was deleted. Embedding this URL isn't working very well, so just copy-paste to get the cached version: [url]https://webcache.googleusercontent.com/search?q=cache:NqqgNEFIzV4J:https://www.technologyreview.com/s/...ent=firefox-b-1[/url] My Tech Crunch is apparently plagiarizing, because there's no attribution to the TR author, Rachel Metz.. Here's the tweet where I first learned about it: https://twitter.com/ID_R_McGregor/status/982730690864312320
|
|
#
?
Apr 9, 2018 13:34
|
|
|
I always assumed that: a. everything I ever posted was going to be available to anyone who cared enough to try and find it and somehow monetize it, forever. b. all that big data stuff just didn't work. I mean, I've been using the internet since 1994 or thereabouts, without ever being really paranoid or trying very hard to hide who I am and I can count on the fingers of one hand how many times I've clicked on an ad on purpose, and that's being generous. Sure, I once posted to Facebook that I was going to Japan, and all the ads I saw on the guardian suddenly became adverts for flights to Japan, and hotels in Tokyo, but I had already booked the flight and was staying with a friend, so while that was creepy and informative, nobody made any money off it.
|
|
#
?
Apr 9, 2018 14:19
|
|
|
yaffle posted:I always assumed that: The ads were probably because you booked the flight and hotels, not because of Facebook.
|
|
#
?
Apr 9, 2018 14:32
|
|
|
That seems like an overly clickbait title. It's just saying that if the product isn't actually good it is made up of specific technologies that could still be valuable. Like they absolutely might release the magic leap and everyone might say "boy, this thing is a bad product" with a bad price point and no software and a bad UI or whatever that comes in ugly colors that is uncomfortable to wear and smells bad, and then they still might make money selling their lens designs and stuff to someone else that makes a better product, because they put money into hard science R&D optics stuff that (potentially) makes for valuable patents and not just fluff look and feel stuff.
|
|
#
?
Apr 9, 2018 14:42
|
|
|
Owlofcreamcheese posted:That seems like an overly clickbait title. It's just saying that if the product isn't actually good it is made up of specific technologies that could still be valuable. Basically this. As someone who literally works in Hololens R&D for microsoft, there is a lot of cool tech in it even if the end product ends up not being good.
|
|
#
?
Apr 9, 2018 14:46
|
|
|
Andrast posted:Basically this. As someone who literally works in Hololens R&D for microsoft, there is a lot of cool tech in it even if the end product ends up not being good. Yeah, there is a million ways the actual product they release could be a failure. But like, they at least are trying to make real research in optics and diffraction lenses and someone somewhere probably can find a use for a diffraction lens that projects at multiple depths of field. Even if it turns out unsuitable for the device they make. http://stks.freshpatents.com/Magic-Leap-Inc-nm1.php
|
|
#
?
Apr 9, 2018 15:11
|
|
|
Owlofcreamcheese posted:Yeah, there is a million ways the actual product they release could be a failure. The whole "VR/AR is failing and Magic Leap is a disaster" thing is pretty common when it comes to new tech. For example, CD-ROM based video game consoles: https://venturebeat.com/2017/03/19/magic-leap-the-virtual-reality-backlash-and-the-arc-of-technology/
|
|
#
?
Apr 9, 2018 17:42
|
|
|
VideoGameVet posted:The whole "VR/AR is failing and Magic Leap is a disaster" thing is pretty common when it comes to new tech. i see it more as a utility problem than a hardware problem. why have a VR headset when there's not much to do with it right now? top vr sellers on steam are gimmick games and special editions of skyrim and fallout 4, big whoop whoever figures out how to make games that really leverage VR will win the jackpot - the playstation was successful because it had so many good games, phillips had some nintendo knockoffs like that stupid rubber faced link fmv game and not much else  i think some kind of period soap opera adventure game with multiple overlapping narratives you could explore would be a hot seller. think tacoma mixed with downton abbey
|
|
#
?
Apr 9, 2018 17:52
|
|
|
A well-done VR flight simulation would seem to be the way to go, but I suppose I'm a bit biased there.
|
|
#
?
Apr 9, 2018 17:54
|
|
|
PT6A posted:A well-done VR flight simulation would seem to be the way to go, but I suppose I'm a bit biased there. it would have to be a portfolio of good games. flight sims are a bit groggy but if you could go from "land a 747 at jfk" to "fly the imagination glider through an asteroid field" that would work
|
|
#
?
Apr 9, 2018 17:57
|
|
|
Just speaking for myself, but I think the only thing I've seen that made we want a VR headset was "Gorn".
|
|
#
?
Apr 9, 2018 18:05
|
|
|
boner confessor posted:it would have to be a portfolio of good games. flight sims are a bit groggy but if you could go from "land a 747 at jfk" to "fly the imagination glider through an asteroid field" that would work If you could combine X-Plane with VR and get it certified as a flight training device, you could sell them at the most amazing profit you've ever seen, because everything comparable costs high five figures at the very least.
|
|
#
?
Apr 9, 2018 18:08
|
|
|
pangstrom posted:Just speaking for myself, but I think the only thing I've seen that made we want a VR headset was "Gorn". Superhot VR was a blast also. My company gave me a Vive last year and while I absolutely love playing around with it, it definitely doesn't have enough high-profile games right now. The other issue is that until you try it, you have no idea how badly smooth-movement causes motion sickness for you and it's dependent on the individual. If you find yourself prone to it, your available game library plummets hard. There are quite a few I just can't play because they make me sick.
|
|
#
?
Apr 9, 2018 18:18
|
|
|
PT6A posted:A well-done VR flight simulation would seem to be the way to go, but I suppose I'm a bit biased there. Just do Counter Strike in VR and do it WELL. Seriously, I am amazed that this has not yet happened.
|
|
#
?
Apr 9, 2018 18:22
|
|
|
VideoGameVet posted:The whole "VR/AR is failing and Magic Leap is a disaster" thing is pretty common when it comes to new tech. This article is basically survivorshipbias.txt. VR could absolutely have some previously unforeseen use cases, but I think it's telling that the reaction hasn't been "everyone will want this for all of their games" and instead has been "well, it's nice for flight simulators and certain games that really work to incorporate it." There is a strong possibility that VR remains a fairly niche market.
|
|
#
?
Apr 9, 2018 18:30
|
|
|
|
| # ? Jun 4, 2024 19:36 |
|
|
Baronash posted:This article is basically survivorshipbias.txt. VR could absolutely have some previously unforeseen use cases, but I think it's telling that the reaction hasn't been "everyone will want this for all of their games" and instead has been "well, it's nice for flight simulators and certain games that really work to incorporate it." There is a strong possibility that VR remains a fairly niche market. AR and VR seem like things people very obviously want and companies will keep making until someone actually makes it well. There isn't really any chance it's ever going to be dropped as a concept no matter how many times any specific company fails. Pretty much everyone wants AR and VR if it worked well enough.
|
|
#
?
Apr 9, 2018 18:44
|
|