I am planning on doing this with my medical record.
Or credit card details ;)
Readit NewsDead Comment
Dead Comment
_o_ commented on I put all my personal data on eBay olifro.st/blog/data-on-eb... · Posted by u/olifrost
_o_ commented on California Eyes Data Privacy Measure npr.org/sections/alltechc... · Posted by u/joubert
I think that the basic issue here regarding privacy is that only the ones breaking it are writting. There are literally millions that wont give upvote but want it.
Google and Facebook already launched their lobbyists there and are trying to undermine it, I wonder what they will do to Japan.
_o_ commented on Show HN: Trackless - A GDPR-Friendly Google Analytics Opt-In Button github.com/ascorbic/track... · Posted by u/ascorbic
Sorry, but it's not that simple. A lot of the fuss about the GDPR is because it introduces significant uncertainty combined with the potential for severe penalties if your interpretation differs from the regulators. It is not unreasonable to look for concrete, actionable guidance to reduce that uncertainty.
The modern web depends on embedding third party content for many reasons, most of which have nothing to do with invading anyone's privacy and many of which are directly in the visitor's interests. It is not helpful to undermine that whole ecosystem and expect everyone to start having formal contracts in place before they can take advantage of any of those services. Nor is it reasonable to expect services offered for free that aren't doing anything shady to take on significant liability and/or other commitments anyway through formal agreements with their users. Why would they do that, instead of just (as obviously quite a few places already have) geoblocking the EU to remove themselves from the scope of the onerous rules?
Silhuette, I am sorry, I have tryed to help you, thank others, maybe you/others will believe a lawyers in following months, but they wont be free. (And special thanks to HN, preventing me to answer with its policy of "answering too fast", I had an explanation for you, but I was unable to answer)
To the morons (no, it is not insult, it is empirical fact) downvoting me, it is not me, it is GDPR, face the reality, it is not my fault that you are too reluctant to understand it and biting people trying to help you out wont help. Downvoting me wont change GDPR or change anything, you will just loose a valuable source of information as you did just now. Go to the first psychiatrist and it will tell you that a reality will be as it is even if you close your eyes (or shoot the messenger =/).
Don't forget to upvote me, when you figure out I was right and you get a warning/fine.
_o_ commented on Show HN: Trackless - A GDPR-Friendly Google Analytics Opt-In Button github.com/ascorbic/track... · Posted by u/ascorbic
That is one possible interpretation, but like many things around the GDPR, it is not what the regulation literally says nor how the technology actually works in practice, so other reasonable interpretations are also possible. I am asking whether there is any official, authoritative guidance on this.
Look, GDPR is not about technical means, it is about a concept. If the ICO proves to you that you are conceptually violating the GDPR by enabling 3rd party to violate it and you don't have your back covered, you wont have much to defend you with. You need to have a proof that you have done everything in your power to defend your users right to privacy and you were cheated by 3rd party. This is why all the fuss about GDPR was in last 6 months, you can't downplay the concept as it isnt saying anything what "script" or "service" (or cookies as an ultimate abuse of "concept of law" and an example why GDPR was written this way) you can use or not, it is just talking about user right to privacy and for you as data contoller, it is your duty to defend it.
Yes there is a guidance, it is called GDPR, it is THE only guidance, just take the concepts, I can give you this link, it is the best I was able to find, it will help understand the GDPR, but for each and every site, owner needs to decide on its own: https://www.youtube.com/watch?v=-stjktAu-7k
_o_ commented on Show HN: Trackless - A GDPR-Friendly Google Analytics Opt-In Button github.com/ascorbic/track... · Posted by u/ascorbic
If you're embedding a JS library from a CDN, then you have a lawful basis for passing the IP address of your user to a third party under Art. 6(1)(f).
But if you're embedding a JS library from a CDN, then as a matter of fact, you aren't passing any data about your user to the third party at all. The user's browser is doing that as part of its normal operation.
Moreover, as another matter of fact, you cannot have either any knowledge or any control over what happens next regarding any personal data the third party is collecting or how it is being processed, unless you have some separate arrangement with the third party that goes well beyond mere linking or embedding.
Logically, it doesn't seem to make much sense for you to be either the controller or the processor in that instance. However, if the third party plays either role, they may have no mechanism to communicate with your site visitor to fulfil their obligations either.
You don't understand it. It is your site, your users. If you enable 3rd party illegal tracking of your users by ANY means, it is your responsability too. To cover your back, you need to sign a legally valid contract (or they need to send you conformation) that they respect GDPR and assess their way of doing it (at least in this early stages, as very often, they are just trying to workaround it, which puts you in danger) to be absolutely sure about them. Analyitics, ad providers, CDNs, SaaS... all of them.
Take it as, "I control the door to a bank vault, if I allow robbers in, I will be a complice to a crime as the crime couldn't be commited without your help". Negligence or direct intent, it can be costly. Assess your 3rd party sources very carefully, I have already removed GA and replaced them with local analytics (https://matomo.org/) as I can't trust them, they are trying to downplay GDPR and there is already a complaint written against them (https://noyb.eu not for GA though), and I have read the PDFs, they are right and quite objectively, they are guilty. I dont want to be in a same boat with them.
_o_ commented on Show HN: Trackless - A GDPR-Friendly Google Analytics Opt-In Button github.com/ascorbic/track... · Posted by u/ascorbic
> Google Analytics provides an IP anonymization feature.
The &aip=1 feature - in spite of it's name - does not provide any useful anonymity! As you can see in Google's own documentation (your 2nd link), when aip=1 GA claims that "the last octet of the user IP address is set to zero".
At best this can only group your IP with the neighboring 255 addresses. Google still logs the upper 24-bits of the address, which is probably enough to discover e.g. your ASN and geolocation. In practice, IP addresses usage is not perfectly uniform, so your actual "anonymity" is less than the theoretical maximum of 1-in-256. In general, the HTTP headers, cookies, etc will have at least 8 bits of unique entropy that more than makes up for losing the least interesting 8 bits of your IPv4 address.
This feature isn't designed to provide actual anonymity. The documentation even suggests the feature was designed to minimally satisfy certain legal or contractual obligations:
>> This feature is designed to help site owners comply with their own privacy policies or, in some countries, recommendations from local data protection authorities, which may prevent the storage of full IP address information.
Notice that this mentions pre-GDPR "recommendations" and that compliance is the goal, not user anonymity.
(side note: that documentation doesn't even acknowledge IPv6. Does the aip=1 feature even exist for IPv6?)
That is exactly I was afraid of, google will have hard time defending this.
Check my post below, I would be glad if you have some idea, but as far as I am concerned, anonymising IP to keep getting uniform result is tehnically impossible.