|
Condiv posted:if you think right-wing ideas are the only way to help the poor in this situation, you can go ahead and believe that. that doesn't change the fact that you're advocating for rightwing policies and are actually aligning with capital against the poor. What policy am I advocating for?
|
# ? May 27, 2018 14:56 |
|
|
# ? Jun 8, 2024 06:51 |
|
Wheany posted:You can still have ads on your GDPR-compliant web page. The ads have to be GDPR-compliant too.
|
# ? May 27, 2018 14:58 |
|
Jose Valasquez posted:What policy am I advocating for? keeping the status quo of companies being able to sell every bit of data they can gather in order to "help the poor" Jose Valasquez posted:if everything that is currently ad supported on the internet suddenly became subscription based it would be a huge blow to the poor. You can argue whether or not "regressive" is the right word but it would disproportionally affect the poor in a negative way do you really need to be reminded of what you're talking about jose? i mean, you do seem to have missed that the GDPR isn't doing away with ads (just with the notion that you can sell every piece of data you want without user consent), but i'd expect you to be able to keep track of your own arguments
|
# ? May 27, 2018 15:03 |
|
Jose Valasquez posted:What policy am I advocating for? when you unironically start deploying "realistic" as a qualifier for solutions you're essentially a centrist, hth
|
# ? May 27, 2018 15:06 |
|
Condiv posted:keeping the status quo of companies being able to sell every bit of data they can gather in order to "help the poor"
|
# ? May 27, 2018 15:09 |
|
Jose Valasquez posted:I said subscription based would be bad for the poor, not that selling data is good. You also said this: Jose Valasquez posted:What is your realistic replacement for the ad model of the internet that doesn't disproportionally negatively affect poor people? Let's not pretend like this doesn't mean "there is no other solution unless you want me to kill this poor person i'm holding"
|
# ? May 27, 2018 15:10 |
|
Jose Valasquez posted:I said subscription based would be bad for the poor, not that selling data is good. and then you advocated for sticking with the status quo and tried to claim it was leftist to do so seriously jose, you can't have forgotten posts you made like 30 minutes ago can you?
|
# ? May 27, 2018 15:19 |
|
Condiv posted:and then you advocated for sticking with the status quo and tried to claim it was leftist to do so to be fair I can't remember posts i made 30 seconds ago
|
# ? May 27, 2018 15:25 |
How does GDPR interact with network engineering and planning? Right now, if I'm running a stream service and see bitrates drop for some IPs, I can take a look at routing to those IPs and figure out what's going on, or if I see a bunch of DOS traffic from some IPs, I can drop that traffic. Do normal traffic monitoring/analysis tool outputs fall under protected data, or does it only count if you're correlating IP with other, more personal data?
|
|
# ? May 27, 2018 16:27 |
|
He went there. http://twitter.com/elonmusk/status/1000560049389907969
|
# ? May 27, 2018 16:38 |
|
a foolish pianist posted:How does GDPR interact with network engineering and planning? Right now, if I'm running a stream service and see bitrates drop for some IPs, I can take a look at routing to those IPs and figure out what's going on, or if I see a bunch of DOS traffic from some IPs, I can drop that traffic. Do normal traffic monitoring/analysis tool outputs fall under protected data, or does it only count if you're correlating IP with other, more personal data? quote:(49) The processing of personal data to the extent strictly necessary and proportionate for the purposes of ensuring network and information security, i.e. the ability of a network or an information system to resist, at a given level of confidence, accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data, and the security of the related services offered by, or accessible via, those networks and systems, by public authorities, by computer emergency response teams (CERTs), computer security incident response teams (CSIRTs), by providers of electronic communications networks and services and by providers of security technologies and services, constitutes a legitimate interest of the data controller concerned.
|
# ? May 27, 2018 16:47 |
|
He also liked this: https://twitter.com/martinengwicht/status/999590946647003136?s=21
|
# ? May 27, 2018 16:48 |
|
PT6A posted:There's nothing that will eliminate the concept of online advertising altogether in the GDPR, it just makes it illegal or difficult to use certain techniques. The funniest part of it is that as regards advertising, a lot of the stuff GDPR blocks is stuff that doesn't really make ads work better for the advertisers.
|
# ? May 27, 2018 16:51 |
|
Wow, I haven't heard about the Trilateral Commission since the 1980s. Curiously timely story quote:A report by an advocacy group in New York says Uber, Lyft and other ride-hailing services are virtually “useless” for people with disabilities because of the relative lack of vehicles equipped to handle wheelchairs and motorized scooters. Before you say "but taxis!", New York City regulations have you covered. https://www.nytimes.com/2018/01/24/nyregion/accessible-taxis-disabled-nyc.html posted:The Accessible Dispatch Program was started in 2012, when the Bloomberg administration was embroiled in a bitter feud with advocates for the disabled over the wheelchair accessibility of New York’s taxicabs.
|
# ? May 27, 2018 16:53 |
|
self unaware posted:You also said this: Condiv posted:and then you advocated for sticking with the status quo and tried to claim it was leftist to do so That was not the intention my posts. Overall I think GDPR is good and better than the status quo but may have some unintended consequences that negatively affect primarily poor people. I don't think acknowledging and discussing that is bad. If that makes me a centrist or right wing in your eyes then ok I guess?
|
# ? May 27, 2018 17:12 |
|
Jose Valasquez posted:That was not the intention my posts. Overall I think GDPR is good and better than the status quo but may have some unintended consequences that negatively affect primarily poor people. I don't think acknowledging and discussing that is bad. If that makes me a centrist or right wing in your eyes then ok I guess? GDPR is the text book example of "law written by people with good intentions who don't have a goddamn clue about what they are regulating". There is a lot of stupid things you could cut from it that wouldn't negatively impact people's privacy in any meaningful way, but would dramatically reduce the cost of compliance. It is convenient to hand wave the cost of compliance, but ultimately all costs are passed to the consumer.
|
# ? May 27, 2018 17:45 |
|
Why is Elon Musk freaking out about the press? Don’t they love him to bits? Is he just mad because they are mean to his buddy Trump?
|
# ? May 27, 2018 17:52 |
|
BarbarianElephant posted:Why is Elon Musk freaking out about the press? Don’t they love him to bits? Is he just mad because they are mean to his buddy Trump? No they dared to point out that his new car, which is several months behind production schedule, has bugs. Clearly it's a conspiracy.
|
# ? May 27, 2018 17:54 |
|
BarbarianElephant posted:Why is Elon Musk freaking out about the press? Don’t they love him to bits? Is he just mad because they are mean to his buddy Trump? After many years of production issues and massive quarterly losses, people started to report that investing in Tesla wasn't a good idea anymore. This makes Elon melt down, and he's been melting down about this "fake news" since late last year.
|
# ? May 27, 2018 17:56 |
|
Jose Valasquez posted:That was not the intention my posts. Overall I think GDPR is good and better than the status quo but may have some unintended consequences that negatively affect primarily poor people. I don't think acknowledging and discussing that is bad. If that makes me a centrist or right wing in your eyes then ok I guess? i've liked what i've seen of it so far. yeah, forbes doesn't want to let me read their articles without me consenting to them selling my data to a ton of different advertisers, but i could consent if I wanted to. if you'd like the list of advertisers they wanted me to consent to having my data sold to, here it is: https://pastebin.com/NFSq5xDR and yeah, handwringing about this does make you right-wing. the situation with PII is getting worse and worse by year, and advertisers are getting more and more intrusive (not to mention other companies, like repo people using automated camera systems to scan every tag near their car and sell the location data of the people they pick up to all sorts of places). the gdpr does the bare minimum of regulation and forces companies to actually justify the massive amounts of information they're collecting. that's good. that's bare minimum regulatory poo poo, stuff the government should be doing. Xae posted:GDPR is the text book example of "law written by people with good intentions who don't have a goddamn clue about what they are regulating". the good old "the government is incompetent and can't regulate!" argument. used to seeing it thrown out by tea partiers and the like, but i guess you've slid that far right
|
# ? May 27, 2018 18:41 |
|
Condiv posted:the good old "the government is incompetent and can't regulate!" argument. used to seeing it thrown out by tea partiers and the like, but i guess centrists keep slipping rightward. I think it's fair to say that the GDPR is a great start, and certainly much better than nothing, while acknowledging that there are some parts of it which could be improved.
|
# ? May 27, 2018 18:43 |
|
PT6A posted:I think it's fair to say that the GDPR is a great start, and certainly much better than nothing, while acknowledging that there are some parts of it which could be improved. The problem is that some people are broken brained and measure the effectiveness of legislation by how much it costs to comply with. So in their view something that is expensive is always better than something that is not expensive. Even if the less expensive version is as good or better at accomplishing the stated purpose of the law. They don't care about the issue the law is trying to address, they just want to use the law to poo poo on groups they don't like. They don't even care that it wouldn't accomplish their goal of making GBS threads on groups they don't like. They just want to pretend it would.
|
# ? May 27, 2018 18:53 |
|
PT6A posted:I think it's fair to say that the GDPR is a great start, and certainly much better than nothing, while acknowledging that there are some parts of it which could be improved. he didn't acknowledge any such parts though, nor did he say it was a great start he said it was poor regulation by incompetent government and left it at that. his criticism is completely substanceless Xae posted:The problem is that some people are broken brained and measure the effectiveness of legislation by how much it costs to comply with. So in their view something that is expensive is always better than something that is not expensive. Even if the less expensive version is as good or better at accomplishing the stated purpose of the law. case in point. he says it's just a harmful regulation that exists to inflict pain on poor innocent companies. no mention of what actually is costing a lot to comply with, and why the cost is onerous, just moaning about being regulated Condiv fucked around with this message at 18:56 on May 27, 2018 |
# ? May 27, 2018 18:54 |
|
Condiv posted:the gdpr ... forces companies to actually justify the massive amounts of information they're collecting. Lol, not in the least. It just requires dumping ever more poo poo no one will read inside TOS and Privacy Policy documents that 99.9999% of the users will never read.
|
# ? May 27, 2018 18:55 |
|
fishmech posted:Lol, not in the least. It just requires dumping ever more poo poo no one will read inside TOS and Privacy Policy documents that 99.9999% of the users will never read. not in my experience, having dealt with sites that are trying to comply with the gdpr. but if it's that simple, i wonder why people are whining so much about having to comply with it
|
# ? May 27, 2018 18:58 |
|
Condiv posted:not in my experience, having dealt with sites that are trying to comply with the gdpr. but if it's that simple, i wonder why people are whining so much about having to comply with it my first assumption would be "because they're shitheads afraid it will cost them money not to abuse their customers." so far that's been about 100% of the case. but! let's Debate & Discuss it! what are the specific cases of difficulty in compliance? what specific parts of the GDPR could and should be lost? change my mind!!
|
# ? May 27, 2018 19:05 |
|
fishmech posted:Lol, not in the least. It just requires dumping ever more poo poo no one will read inside TOS and Privacy Policy documents that 99.9999% of the users will never read. Compliance wise there are two general parts of the bill. The first is about what data you are collecting and how you are using/selling it. The GDPR doesn't do anything meaningful here other than require more documentation and making sure your privacy policies are up to date and you're spelling out what you're doing. Which most companies already are. The net effect is that the big players (Amazon, Facebook, Google, Apple, Microsoft) and similar have to rewrite some documentation. This is what most people care about the bill doesn't impact things in a meaningful way. But it really doesn't impose a cost either. The second part is the "Right of Erasure" or "Right to be Forgotten" which is a complete clusterfuck where the majority of the cost and almost no benefit comes into play. The concept of "delete use accounts when they ask" makes sense and is pretty easy to implement, in theory. The problem comes into play in the volume of documentation required and that the GDPR requires all data, including backups, and transient logs to be purged. So now companies have to restore all backups of their systems "without undue delay", purge a users data and then create a new backup. They also have to review their logs from their ETL and monitoring systems to make sure it isn't lingering in there. So if row #123465690 errored out in some backend process and got dropped into a log, you have to delete that as well.
|
# ? May 27, 2018 19:09 |
|
A lot of these things are reasonably simple when the system is designed in advance to account for them, but considerably more difficult when trying to adapt an existing system. As much as I can sympathize with what a pain in the rear end it's going to be to comply with these requests in the short term, in the long term I expect it will become a non-issue and there are certainly very valid reasons to do it.
|
# ? May 27, 2018 19:14 |
|
PT6A posted:A lot of these things are reasonably simple when the system is designed in advance to account for them, but considerably more difficult when trying to adapt an existing system. As much as I can sympathize with what a pain in the rear end it's going to be to comply with these requests in the short term, in the long term I expect it will become a non-issue and there are certainly very valid reasons to do it. yep. if PII is hard to remove for "right to be forgotten" then you're not doing due diligence in the first place to protect it from being stolen the oddest thing about people complaining about having to reorganize their records to accommodate this is that they've had about 2 years to do so, and most companies didn't bother until just recently Condiv fucked around with this message at 19:23 on May 27, 2018 |
# ? May 27, 2018 19:19 |
|
Condiv posted:yep. if PII is hard to remove for "right to be forgotten" then you're not doing due diligence in the first place to protect it from being stolen It’s hard because by some interpretations it requires destroying your backups.
|
# ? May 27, 2018 19:24 |
|
PT6A posted:A lot of these things are reasonably simple when the system is designed in advance to account for them, but considerably more difficult when trying to adapt an existing system. As much as I can sympathize with what a pain in the rear end it's going to be to comply with these requests in the short term, in the long term I expect it will become a non-issue and there are certainly very valid reasons to do it. Every database that handles customer data in existence must do a custom rewrite core utility functions in the underlying vended product. Double the storage your company uses and employ a couple dozen people who restore, purge and then backup data again. There isn't a way around it. That is why it is super dumb. The people who required that all backups be purged simply didn't understand how backups work and that most of them are permanently offline sitting on an encrypted tape in some re-purposed nuclear bunker. In other words almost all the cost is for doing something that will have a next to zero impact on privacy. hobbesmaster posted:It’s hard because by some interpretations it requires destroying your backups. All compliance training and products I've seen has said that backups and transient data are covered. Xae fucked around with this message at 19:27 on May 27, 2018 |
# ? May 27, 2018 19:24 |
|
Condiv posted:not in my experience, having dealt with sites that are trying to comply with the gdpr. but if it's that simple, i wonder why people are whining so much about having to comply with it You're within the specs of "justifying" your use, under the GDPR, simply by slathering something in about how "giving access to all your info enables enhanced brand experiences". Xae posted:Compliance wise there are two general parts of the bill. Right the thing is the second part has nothing to with justifying use (although you as a company can provide justifications for why Hans Borgerson's specific data on access log #4959 does not in fact need to be deleted because x, y, and z and so on). Condiv posted:yep. if PII is hard to remove for "right to be forgotten" then you're not doing due diligence in the first place to protect it from being stolen This is a bit ludicrous. You can't "steal" a publicly shared picture, even though it would be a piece of identifiable information by design, and within the gdpr could be something you demand to be deleted. A lot of things you might demand to have removed in the process of removing all of "your data" removed are things which wouldn't be considered sensitive information that needs to be protected. It's like, your public profile photo and your full national identification card info are both personally identifiable, but usually you would only treat one of those as needing to be on a super secure system if you're going to keep it at all.
|
# ? May 27, 2018 19:29 |
|
hobbesmaster posted:Its hard because by some interpretations it requires destroying your backups. you just gotta structure your backups properly. not a huge problem if you took advantage of the 2 year headstart you were given on that and actually kept good track of PII instead of leaking it all over the place dunno if this has been posted yet, but it's just one more reason why the gdpr is great https://twitter.com/paulcalvano/status/1000094415485132801
|
# ? May 27, 2018 19:30 |
|
Condiv posted:you just gotta structure your backups properly. not a huge problem if you took advantage of the 2 year headstart you were given on that and actually kept good track of PII instead of leaking it all over the place How do you remove PII from off site offfline backups?
|
# ? May 27, 2018 19:38 |
|
hobbesmaster posted:How do you remove PII from off site offfline backups? structure your off site, offline backups properly so that PII can be disposed of on request. or even better, don't keep PII floating around in offsite, offline backups unless you're legally required to, at which point right of erasure doesn't apply.
|
# ? May 27, 2018 19:45 |
|
fishmech posted:You're within the specs of "justifying" your use, under the GDPR, simply by slathering something in about how "giving access to all your info enables enhanced brand experiences". No you’re not, the consent has to be specific to the function. The NOYB cases linked above outline this really clearly.
|
# ? May 27, 2018 19:53 |
|
Total Meatlove posted:No you’re not, the consent has to be specific to the function. The NOYB cases linked above outline this really clearly. You appear to have no idea what justifying means. Why don't you try looking it up and then go back to this post and figure out where you went wrong. Condiv posted:structure your off site, offline backups properly so that PII can be disposed of on request. or even better, don't keep PII floating around in offsite, offline backups unless you're legally required to, at which point right of erasure doesn't apply. You really seem to have a bad habit of not understanding what personally identifiable information is.
|
# ? May 27, 2018 20:01 |
|
i mean, you guys can look at what right to erasure involves: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-erasure/ it's really not that onerous at all: quote:Individuals have the right to have their personal data erased if: basically
Condiv fucked around with this message at 20:06 on May 27, 2018 |
# ? May 27, 2018 20:04 |
|
Condiv posted:yep. if PII is hard to remove for "right to be forgotten" then you're not doing due diligence in the first place to protect it from being stolen I agree with you in general on what you've said with respect to GDPR so far, but this is a bit of an overstatement or generalization, I think, depending on your definition of "hard." For example, if you've got a very large dataset that isn't indexed by a user identifier. I don't think that makes PII any easier to steal, but it can be difficult or expensive to address in an existing system. Caveat: certainly keeping the PII you are now supposed to delete makes it easier to steal. But if you're referring to due diligence in protect PII in general, I don't think it is true in that example. Also, of course, in that case you just suck it up and change the system, and I don't think it's too onerous a requirement. I just don't see that example as an indicator of previous lack of due diligence for data security.
|
# ? May 27, 2018 20:11 |
|
|
# ? Jun 8, 2024 06:51 |
|
Steve French posted:I agree with you in general on what you've said with respect to GDPR so far, but this is a bit of an overstatement or generalization, I think, depending on your definition of "hard." i'll cop to that
|
# ? May 27, 2018 20:17 |