
Flattr now deletes your web browsing history within 3 months - d2wa
https://www.ctrl.blog/entry/flattr-gdpr
======
diafygi
I love how some of the tech industry is beginning to see data as a liability
rather than an asset. It dramatically reduces the ability for government mass
surveillance for two reasons:

1\. If companies only collect what they need (to reduce their liability),
governments can't demand more than that (or even hack in to get the data
illegally).

2\. If the industry culture is to limit data collection, governments can't
just say, "Well every company does it, so why can't we."

There's a wonderful talk, Haunted By Data, that covers a lot of the societal
downsides of treating data as an asset. Highly encourage watching/reading.

Text:
[http://idlewords.com/talks/haunted_by_data.htm](http://idlewords.com/talks/haunted_by_data.htm)

Video:
[https://www.youtube.com/watch?v=GAXLHM-1Psk](https://www.youtube.com/watch?v=GAXLHM-1Psk)

~~~
baxtr
Just to be contrarian: I’m not so sure if that’s a good thing... Data can be
used for great things, e.g. longitudinal data in healthcare. I think seeing
data as a liability might reduce the speed of progress

~~~
diafygi
In the talk, there's a parallel drawn between the nuclear industry 60 years
ago and big data now, where the nuclear was originally touted as a miracle
cure for everything, then disasters happened, then it never really got over
the stigma despite its huge potential.

Society decided, for now, the upsides aren't worth the downsides.

Oil is another parallel where society is currently just at the point where we
are starting to not value the upsides over the downsides.

~~~
Scooty
Seems like oil and nuclear energy are different because both can be replaced
with alternative sources of energy. What are the alternative sources of user
data?

~~~
tankerslay
Paper records, human memory....

Comparing growth in data storage versus energy usage per capita is
interesting.

Even if you look back to the founding of the U.S., the change in energy use
per person is actually only a few fold, definitely less than an order of
magnitude.

Harder to compare quantity of data storage but the change would seem much
larger. How much data is there, per U.S. person?

------
AnthonyMouse
I feel like this whole thing with the GDPR is people fighting each other for
the wrong reasons.

The people for it argue that gets large companies to behave better.

The people against it argue that it's unnecessarily complicated, poorly
drafted and burdensome to small businesses.

But it's _both at the same time_.

The issue is that it doesn't have to be. It's possible to get the desired
effect without using such a complicated system, and to mitigate the impact it
imposes.

For example, one of the major burdens on small businesses is the cost of
producing the data the company has on you -- but there is a simple way to fix
that. Require the requester to pay the cost of collecting the information,
similar to FOIA requests in the US. Then the requirement is no longer an
unfunded mandate and can't be used by griefers as a method of harassment.

Nobody bothered to use common sense like that when drafting it, so now in
order to fix it, it has to be thrown out and rewritten. But then the people
who support the spirit of the law end up fighting against the people who
oppose the letter of the law, even though everybody really wants the same
thing.

~~~
d4l3k
"cost of producing the data" seems really hard to strictly define. What's
stopping a company from implementing extremely tedious procedures and billing
$100 an hour to discourage people from requesting it?

In addition, GPDR says that getting access to data on you is a right and it
seems contradictory to have to pay for something that is your right to have.

~~~
AnthonyMouse
> "cost of producing the data" seems really hard to strictly define. What's
> stopping a company from implementing extremely tedious procedures and
> billing $100 an hour to discourage people from requesting it?

Government agencies have been known to do this when they don't want to release
FIOA information. Then they get sued over it by the ACLU or similar.

> In addition, GPDR says that getting access to data on you is a right and it
> seems contradictory to have to pay for something that is your right to have.

That is how all the other rights work. Freedom of the press isn't a right to
use someone else's printing press without compensating them.

~~~
ttoinou

       access to data on you is a right 
       Freedom of the press isn't a right 
    

Hence the classic liberal difference between rights to something and freedom
to do something

~~~
AnthonyMouse
By this definition all of the usual "rights" are really freedoms. Which leaves
me waiting for an explanation of why accessing data a third party has on you
should be elevated above the freedom of speech, travel, association and so on
as something private parties should be required to do for all comers without
compensation.

------
bcoates
"Ads on this site don’t track or stalk you. Please disable your blocker."

According to my blocker those are Google ads so...

~~~
d2wa
Google AdSense on Ctrl blog is configured to only show non-personalized ads to
any users with the Do-Not-Track (DNT) setting enabled or European Economic
Area (EEA) citizens. AdSense still uses cookies for rate-limiting and fraud
prevention, but not ad personalization or tracking.
requestNonPersonalizedAds=1 is part of AdSense’s GDPR APIs.
[https://www.ctrl.blog/entry/adsense-gdpr-
consent](https://www.ctrl.blog/entry/adsense-gdpr-consent)

You also only see that particular message if your browser sends the DNT
header, and an adblocker is detected.

~~~
ocdtrekkie
In my case, I don't use an ad blocker, but I do use Privacy Badger, which is
only supposed to block tracking, and should only block ads if they can't have
their tracking disabled. It looks like Privacy Badger decided
"pagead2.googlesyndication.com" should now be blocked as a tracking domain.

Perhaps Google should split off their nonpersonalized ads service into a
different domain so such services can easily distinguish between the two?

~~~
d2wa
Actually, this is something that should be fixed in Privacy Badger. They can
detect the URL parameter that flips ads from personalized to non-personalized
(npa=1) and block accordingly.
[https://github.com/EFForg/privacybadger/issues/2046](https://github.com/EFForg/privacybadger/issues/2046)

~~~
phicoh
That doesn't make any sense. The point of privacy badger is to prevent cookies
that track you across different domains.

Allowing tracking cookies just because a certain parameter is present is
asking for abuse.

If you are serious about not tracking people, don't use tracking cookies.

~~~
d2wa
Cookies is just a tool it all comes down to how you use it. Not all knifes are
stabbing-people-to-death knifes.

~~~
phicoh
Privacy badger is quite specific in what it blocks. It blocks third party
tracking cookies that track you across multiple domains.

First party cookies are no problem. Third party cookies that are only used in
one domain are no problem. Third party non-tracking cookies are no problem.

So it does block the equivalent of bringing a large knife to a bar.

------
oblong
> install the company’s browser extension which collects their browsing
> history

Yeah I think I'll pass thanks. What person would install such a thing?

~~~
d2wa
Well, … people choose to install and use Google Chrome … It all comes down to
who you trust with your data.

~~~
oblong
It's hard to use the internet or live without a web browser, I suspect most
people get along just fine without letting a startup with a cool name scrape
their browsing history.

------
dvh
Wtf?! Why is micro payment processor even recording browser history?!

~~~
ihuman
From the article:

"Flattr subscribers make a voluntary payment from 3 USD/month, install the
company’s browser extension which collects their browsing history, and then
Flattr divides their subscription fee out among the creators and websites they
spent the most time on."

~~~
maxxxxx
That could be done in a totally anonymous way. Add up total number of
donations and total number of visits and distribute money accordingly. There
is no need for them to ever store personal information for this.

~~~
CydeWeys
(a) How do you get the total number of visits.

(b) This doesn't correctly distribute funds because there is a correlation
between how much someone is willing to give per month and what kind of sites
they frequent.

~~~
maxxxxx
You can calculate the numbers as soon as the data about visits come in and
then immediately discard all data. You certainly don't need to store the
browsing history. You need the payment amount though and even that you can
discard after a month. I am going through this at work right now where we are
working data collection about a medical device. First we wanted to suck up all
data and figure out what to do with it later. Now we have to think about the
data use upfront and get that data in the least intrusive way. I requires more
thinking but we get the same benefit with only a fraction of the data. GDPR is
a good thing because it causes companies to rethink their data collection
strategies.

~~~
daveFNbuck
There isn't enough data to calculate numbers as soon as the visits come in. If
I pay $3/month and visit your site, the amount you get depends on how many
other site visits I accumulate during the month. If I visit 2 sites, you get
$1.50. If I visit 20 sites, you get $0.15.

You also need to store browsing history to avoid scammers redirecting other
users donations. This happens on similar platforms like Spotify. You register
for Flattr and just run a script to constantly visit your site. With
aggregated statistics, this shifts a bit of everyone's donations to you and
can be extremely lucrative. With session history, you just get your own
donation back, minus fees.

~~~
CydeWeys
Thank you. The scammer aspect is exactly what I was getting at. Without
allocating any given user's donations fairly across the sites they have
individually visited, I don't see how it works. It'd be susceptible to massive
click-fraud.

------
zerostar07
Except its not ‘in practice’ because gdpr does not require such thing. In
spirit, maybe

[i.e. _practically_ they wouldn't be fined for this]

~~~
notafraudster
It might be reasonable to conclude that, in practice, GDPR has caused a number
of companies to their re-assess data collection and retention hygiene (even
beyond the minimum bounds of the law). In particular, this change seems to be
a very charitable or expansive reading of the requirement under the GDPR for
companies not to collect more than is necessary -- as the post ends by noting.

~~~
merinowool
I think hygiene was mostly in place, but there was no PR points to score.
Before GDPR an information that company stores something for 3 months would be
a non-news. GDPR doesn't in any way protect people from data leaks.

~~~
jdietrich
>GDPR doesn't in any way protect people from data leaks.

Article 32:

 _Security of processing

Taking into account the state of the art, the costs of implementation and the
nature, scope, context and purposes of processing as well as the risk of
varying likelihood and severity for the rights and freedoms of natural
persons, the controller and the processor shall implement appropriate
technical and organisational measures to ensure a level of security
appropriate to the risk, including inter alia as appropriate:

(a) the pseudonymisation and encryption of personal data; (b) the ability to
ensure the ongoing confidentiality, integrity, availability and resilience of
processing systems and services; (c) the ability to restore the availability
and access to personal data in a timely manner in the event of a physical or
technical incident; (d) a process for regularly testing, assessing and
evaluating the effectiveness of technical and organisational measures for
ensuring the security of the processing._

Recital 83:

 _In order to maintain security and to prevent processing in infringement of
this Regulation, the controller or processor should evaluate the risks
inherent in the processing and implement measures to mitigate those risks,
such as encryption. Those measures should ensure an appropriate level of
security, including confidentiality, taking into account the state of the art
and the costs of implementation in relation to the risks and the nature of the
personal data to be protected. In assessing data security risk, consideration
should be given to the risks that are presented by personal data processing,
such as accidental or unlawful destruction, loss, alteration, unauthorised
disclosure of, or access to, personal data transmitted, stored or otherwise
processed which may in particular lead to physical, material or non-material
damage._

GDPR also mitigates the impact of leaks. Art. 5 requires that data is stored
for no longer than necessary for the purposes for which it was collected. Art.
33 requires that the supervisory authority must be notified of any data breach
within 72 hours. Art. 34 requires that data subjects be notified of any breach
without undue delay. All of this is enforceable with heavy fines.

[https://gdpr-info.eu/art-32-gdpr/](https://gdpr-info.eu/art-32-gdpr/)

[https://gdpr-info.eu/recitals/no-83/](https://gdpr-info.eu/recitals/no-83/)

~~~
merinowool
I can't see how this protects people. You can evaluate risks all the time you
want, but unless you have exceptional security team, you won't get your
situation improved beyond what's already been established in the industry.
Unless you think about companies leaving their databases facing the public
without password - but then I still can't see how GDPR would help there.

Requirements for post mortem actions are quite sensible though, but given
arbitrary rules that is likely only going to be a cash cow for the
governments, as even a second of the delay is undue.

~~~
namibj
The criteria for when such a delay is undue in Germany ("ohne schuldhafte
Verzoegerung"), is if it would have been within your power and not incurring
gross risks/costs (unless it's your fault for creating a situation where there
are gross risks/costs) to have done the required action at an earlier time. It
is not undue delay if you needed to sleep, or if your ISP just cut you off and
you need to go into the city and get some other ISP to get you a connection,
but it is your fault if you then sit around for a month, waiting for the ISP
to get it ready, without the ISP getting the connection up soon enough. They
would require you to go to the city and get a permit to string fiber across
from the next hub to your building, if there was no other way to get it done
sooner, due to e.g. there not being anyone with free time to dig up the street
and fix the cable, or whatever.

