I mean, if Disqus or facebook had been offering these as paid services, would we expect them to be respectful of privacy? When buy an android phone, amazon echo or whatnot... When we order stuff on amazon, subscribe to Spotify, download a paid app or even purchase a car... do these come with the expectation of privacy?
Increasingly, data gathering is just built into everything, free, paid or foisted. I think the "if you aren't paying, you're the product" trope is trite at this point. We're "the product" regardless.
Framing this in terms of "the problem with free" is off, IMO. It doesn't point to a solution. A paid facebook or google is neither realistic nor likely to solve anything. All it does is point the finger in the wrong direction, as if we, the ignorant masses, are selling ourselves willingly.
Corporate (and state) espionage is simply the default. Avoiding it takes effort, and compromise. Part of that compromise may be financial, or it may not be.
It's not. Paying to avoid advertising (which is the precursor to the modern "paying to avoid total surveillance") has been a thought-terminating marketing cliché since the days that "pay TV" was being introduced in the 60s. At this point, as you say, it just serves to blame the surveilled for the surveillance.
People using a free service make a lower-quality advertising target than people using a paid service, and people using a less-expensive service are a lower-quality advertising target than people using a more expensive service.
Think about that. If you go to ftc.gov to file a complaint about Google, Google will have a log of that interaction.
I trust that Google is honorable and does not abuse this privileged position, but it is unsettling to realize just how involved FAAMG has become in daily life.
Even Amazon prime plays stupid ads. Paid DVDs come with unskippable crap. Pay to remove ads never really worked.
Not necessarily, I would say it's just an outdated concept, since an expectation of privacy has been corrupted by marketing departments everywhere.
It _used_ to be the case that paying for something meant there was an expectation of privacy, but as you so eloquently put it, "the ignorant masses, are selling ourselves willingly", and these companies have realized that they can sell a product _and_ their users' info as a bonus.
...so I’m clued enough to notice, care and able to block most of it. But my mum and so many others sadly aren’t.
the problem with some devices however is that I might actually want them to connect to the internet, but I have little control about what payloads they might be sending and where.
and put it in /etc/
I use Unified. On FreeBSD and Linux, the OS handles the hosts file really fast, faster than ublock origin. Windows crawls to a halt with a large hosts file for some dumb reason.
I would, but it almost certainly wouldn't happen, knowing the way they work. This is one reason I won't sign up for allegedly privacy-centric iOS apps that ask you to create an account with the vendor/author.
Back in the late 1990s a friend working for the leading back card reported a conversation with another worker with defence experience. Defence's was talking of how an IC associate expressed jealousy over the size of the bank card's data trove: "you've got more information than we do".
I'm unsure how reliable this is, or was, but the conversation was at least a casual acknowledgment of the possibility at the organisation.
Facebook with a subscription fee could still have been shady, but a world where Facebook charges a subscription fee is a world where an alternative might have a chance to finance itself as the direct revenue potential of a social network would not be $0.
On paper, sure. You are right. Free makes any business model other than surveillance capitalism less viable (though I definitely would not say impossible).
In reality, "surveillance capitalism" is the most profitable regardless. So, even if we pay, we still get surveillance. The trope just lets the finger be pointed at the public, instead of at whoever is doing the surveillance. Even if you could get most people to prefer paid to free (you can't), it wouldn't do anything to mitigate surveillance in reality.
Just because paying enables nonsurveillance in theory, doesn't mean that it will actually result in non-surveillance in reality. In fact, it probably won't.
It gets more annoying when a random store clerk is unable to ring me up when I won't give her my phone number.
Like you said, it take a lot of effort just to avoid it. I don't know what it would take to actually nullify its impact on me.
As I have stated before, if I had a dollar for every time I've been told "XXX is a solved problem," I'd be rich. Since this phrase is usually bundled into a package, denigrating my own choice to "roll my own," in some effort, I get just a wee bit peeved, when I hear it. I know that I can come across as a cranky bastard that don't trust anyone (possibly because I am), but that doesn't make me wrong. Sometimes, it does mean that I ignore some very good solutions, because I can't bring myself to trust them.
Finding a dependency that does most of what we want, isn't hard. Vetting that dependency; especially in regards to embedded dependencies, is not as easy. This can be made more difficult by downstream dependencies burying ToS statements by upstream dependencies; requiring anyone that includes the dependencies to recurse the chain, studying each ToS.
Nowadays, data is currency. Every application seems to be some form of PID miner. This is why I get a solitaire app that requires me to sign up for an account.
I think there's a lot of legitimately well-done, truly free stuff. A lot of it isn't popular or flashy. Maybe there's an opportunity for someone to create a dependency index that rates things like privacy of dependencies, and unwinds dependency hierarchies, sort of like GitHub does with security issues.
But duplicati is very big and doesn't do exactly what I want to do (which is not backup as such but more like archive). Also this way I had everything in standard formats that I know I can still open in 30 years if I want to. I've been bitten by commercial backup software formats before, had to install a Windows 95 VM to load really old backups :)
I also wrote many mini applications in work that have been used for many years at no cost, eventually being replaced by off the shelf stuff which did much more than we need and as such was much more complicated for the users.
The IT world is really too focused on off the shelf products right now. Homebrew can be a really efficient way too.
What's funny, is that a popular package manager for Apple systems is called "Homebrew".
I am a dependency skeptic, but not a full-on "curmudgeon" (although I am often accused of being one).
If you can prove that a dependency is the way to go, and I am satisfied with its provenance and support, I'll probably let it in.
One of the big problems with a lot of these efforts, is that the documentation is atrocious. It often has a fancy-ass, big-header, scroll-forever Web site, with God-awful information architecture, no ToC or index, and lots of fancy CSS (like video backgrounds -always a win for a documentation page). There's the obligatory "step and repeat" page, with all the logos of every company that has ever sent them an email, and cute, tongue-in-cheek bios of the team, but it can be difficult to find out how to call a function properly.
Wow. Deep down the page is a nugget about suntrust just giving away your username and password. Big reminder to use unique passwords of every site.
Third party marketing data agreements, especially with anything dealing with money, are a usually bulletproof and opt-in.
This was actually a case of being too tech savy. When I setup spartapride I had all my tracker blockers on and because of that disqus was not loading (hence the like 30 more trackers not loading)
Needless to say the nice people at themarkup contacted me and we had a nice interview/talk.
I allowed the discus tracker through and saw the other 30 being loaded and was just like, "Yep.. that's not worth it" and I ended up removing discus from the site. :)
Considering the sensitive nature of your topic and audience I personally wouldn't include them just for the sake of a like button :) If I were a transsexual in a highly homophobic organisation, even seeing a facebook like button on a website covering this topic would scare me off.
But anyway at least the like buttons make it clear to your users that you do it. Much better than using transparent pixels and hidden cookies etc.
Hands are tied on those two things.
This way, only the users who actually want to use the buttons are tracked.
My site costs me essentially nothing* to host (netlify and aws serverless technologies that are mostly under the free tier).
*My highest cost so far was when I was debugging serverless websockets and had a bug in my code that caused constant messages between the browser clients I was testing (which I left open for a day when I started work). That cost me $7 dollars.
I have my own service-hosted playground using little more than git and a few cli tools.
We need to rebuild the ad-free web.
It makes me wonder if some form of data (anonymous or not) scraped from folks like Netlify is slated to be sold off to advertisers or SaaS products looking to find customers. As they do things like process your HTML they could pull out textual content looking for signals.
Now where did I put my tin foil hat...
Even Terry Tao uses wordpress.com. Life is short, and not everyone enjoys building their own houses or tuning their own cars.
But that doesn't mean it has to include all the tracking plugins.
Also, there are plenty of site builders like wix.com, squarespace, etc. that can launch a site in minutes.
Using those tools doesn't necessarily imply ads or tracking. (But I would agree it would be impossible to know for most uses if it did have tracking in the background.)
And yes, I wrote my first web page in the 90s, but that doesn't mean we don't have nicer tools that anyone can use now. (Wow, I'm trying to remember how I figured that out as a teenager. I think my dial-up isp had a tool on their website and instructions for creating a path and uploading your own web files.)
Agree but how do you pay for? Will it be a government owned, taxpayer funded free internet?
If one has something to say one can host it. Hosting a small website yourself cost peanuts and simple websites should cover most non commercial use.
The walled gardens are killing the independent small scale websites. Facebook and Reddit essentially are eating every community site and those doesn't make much admoney anyway.
I’ll pay to host my own content - but if it’s just static content - that’s essentially zero.
Also, I’ll make tools to make it easy for anyone to create their own self-hosted website.
No ads needed.
And if I make a product or service of value, I’ll sell it - without ads.
Word of mouth recommendations are great. Somebody can make a review or a blog post about it because they like it.
Others can find it when they search for it - because they need it.
Think about it - how many things/services do you buy because you saw an ad versus because you had a need and sought out the best product that could fulfill it.
In fact, I think it would be awesome if a new search engine could step up - ad free web search (excludes any website that uses ads).
"The information age" should really be called "the age of colored noise".
- Adfree Only (No Ads or Tracking Allowed on the domain)
wiby.me - looks like this is a 1990s website generator
Not only the data can be subpoenaed, but it's also being intercepted by the usual 3-letter agencies.
If you care about user privacy find a smaller hosting in a country with good data protection.
Even better, host the site in somebody's home in that country.
And keep in mind that this is still not enough.
My site is just a blog with a bunch of prototypes and games.
My goal is an ad-free Internet.
If the client is worried about surveillance then it would be up to them to use an appropriate vpn - but if a three letter agency cares about who reads my blog, I‘ll probably have a lot more problems then a visitor.
This is part of why I've taken to blocking things at the network level (with pihole ATM). Ignorance does not absolve them of blame, but I can't expect every site to know (or even care) about the issue so I have to take measures myself (or decide not to care).
I build an affiliate marketing site a few months ago and when I started, I decided to build the thing from scratch rather than using Wordpress. Some people gave me a hard time about this because I was wasting time I could be spending writing for the site but whenever I see an article like this I remember why I put in all the extra work. I know exactly what my site is doing when, exactly what information is being send to the user and what info is being posted from the user.
But yes, one of the significant main reasons for avoiding WP and its ilk is the allure of plugins and the work needed to verify what they are up to. If I'm going to have to make my own parts to avoid the things I don't want, I might as well create from scratch anyway.
The business models of website/page-builder platforms are based on gathering a long tail of small businesses, and then selling the audience attention via ad networks and data mining.
Looking at the ecosystem from a distance, it's creating financial value, but there are technical means to provide the same actual business value in cheaper and more privacy-preserving ways.
(By "actual business value" I mean that a person can view the menu at a local cafe in their area -- a valuable interaction for both parties -- without that lookup being intermediated by a platform and N different third parties where a kind of "shadow market value" is extracted)
But the spirit is right. Just do it on a real computer at home on a landline. A static website is easy, incredibly safe (compared to, say, browsing with JS turned on), and useful.
Moreover, even if everybody is a scrooge who can't just eat a negligible annual cost without worrying about it, you don't need everybody. You just need a few extra nodes to provide redundancy for you. Which could be your sister and your best friend and your father in law rather than some strangers you have to pay in a way that requires you to file weird tax paperwork.
You have a cafe/small business owner who already owns a smartphone: that device has a decent chunk of data plan allowance, CPU and memory.
They'd like a small site to promote their business online; so they install the web server app and it allows them to add, edit and publish basic content - a few images, some blog posts, etc.
Self-hosting like this means they don't have to sign up for a monthly subscription, their users aren't subject to any tracking (assuming there's none embedded in the content generated by the app), and service provision scales until they need to upgrade to a dedicated host.
The questions about radio and battery usage are totally valid, so perhaps those need more consideration (user superkuh has some suggestions there).
In short: the resources and capacity already exist and we've already paid for them. The question is whether we can re-use those rather than being sold more of the same.
Imagine a collection of independent storage pools managed by various entities that control access, e.g. the IT guy of your family, your employer, some free software collective, some small business association. You join one (or more than one) based on a referral or personal relationship or whatever criteria they want to use. Then you have an account with a quota in excess of what any ordinary person is going to require but which doesn't allow Bob to dump 500TB of garbage into the pool without first negotiating with the administrators.
At which point the altruistic donations, i.e. the idle capacity of the devices of everyone in the pool, are enough to handle everybody's non-abusive workloads.
Discoverability and routing is certainly a question too. Something like ngrok could help there, with good network sandboxing on the user's local device.
There'd no doubt be times when the site would become popular enough that a single smartphone wouldn't be suitable and load-balancing the requests could be required.
ngrok only works because there's a company willing to proxy someone's traffic for free. In that sense "using ngrok" doesn't solve the issue, it only pushes the problem to someone else.
Sometimes you have to make do with what's available currently while preparing the future possibilities.
Phones are not servers.
Even ignoring this issue, it would open your phone up to getting DDoSed by strangers on the internet.
The only real solution is selling little boxes for less than 50 dollars that you can plug into your router and make it dead simple to host a website without any technical knowledge.
I've run some internal-facing websites on a Raspberry Pi, also a low-cost system, but have never tried publishing them on the wider web.
Yet HN never misses the opportunity to dogpile on anyone who points this out: data trasfer costs, battery usage, jokes about the Silicon Valley sitcom.
As if most phones weren't connected to wifi and power for 10+ hours a day.
I don't know of a single US mobile network that provides publicly addressable IP space, v4 or v6, it's all behind more than one layer of NAT.
AT&T doesn't even allow direct internet access, every single connection goes through their horrendously bad transparent proxy that breaks TLS 1.3, breaks ESNI, causes a SSL_RX_RECORD_TOO_LONG connection reset if you negotiate only modern ciphers, and sits in the middle of every connection to prevent things like obfsproxy.
 = https://ipfs.io/
 = https://scuttlebutt.nz/
An interesting notion, but would only work until someone's site became very popular. Then it all goes pear-shaped. And I expect that most people would want their sites to be very popular, or it wouldn't be worth their time.
There's a lot of unused computing power on phones that are charging and doing nothing overnight. If only there was a way to harness that computing power and forward the results once a day or something.
There's no need to get tracked just for the like/share buttons. These don't need any JS or third party cookies, just a specially formatted link to the "social" website.
Unfortunately for her and the users of the site, the mere presence of those buttons would be enough for the FB/TW to link their accounts to visiting that website, if they were logged in on the same browser.
The 30 other trackers from discus were loaded because of discus. When I setup the site originally my adblock/tracker blocker actually blocked discus so I never saw the other trackers being loaded.. When themarkup pointed it out to me I ended up allowing discus through and saw all the other trackers being loaded.
Thanks to them, I removed discus from my site. :)
I'm not a web developer, the server is running ghost blogging platform with a theme.
So right now it's pretty much a "Win-Lose" situation as website publishers try to force privacy-invading trackers on users, which clearly have no interest in being tracked. Current consent management solutions are (IMHO) not a great solution for this problem, as consent managers that use dark patterns (e.g. each tracker needs to be disabled by hand, decline buttons are hidden two or three layers deep, ...) are not compliant and consent managers that give users a free choice have bad opt-in rates (which is not surprising). On our own site for example, about 50 % of users decline consent (live stats here: https://kiprotect.com/klaro/demo), based on consent requested via our own, user-friendly consent manager (it's open-source btw: https://github.com/kiprotect/klaro).
Another dilemma is that most publishers don't want to force invasive tracking on users, but they don't have much choice as the tracking/analytics market is highly concentrated and there aren't many privacy-friendly options that can deliver the required functionality and visibility.
The first example in the article shows this. A small publisher who wants to add commenting / discussion functionality on their website. They settle on a turn-key solution provided by Disqus. All they have to do is embed 5 lines of HTML and boom: fully fledged commenting. There's no need to invest time and money setting up and maintaining their own infrastructure to host comments.
The problem here is that the solution is that the publisher doesn't pay for the privilege of leveraging Disqus. Of course, there's no such thing as a free lunch and so Disqus will generate revenue by passing along trackers from partners who deal in advertising.
Most "solved problems" for small publishers work in similar ways, leveraging embed code and outsourcing hosting of content or complex functionality: YouTube, Instagram, Facebook widgets,... You want search on your website but you don't have time, expertise or budget? Google Site Search will give you what you need for free. The downside is that anytime you embed these third party widgets on your website, you also expose your visitors to the host of trackers that will invade their device through that embed code.
Now, imaging a Web where none of these convenient affordances existed and you will understand that small publishers would be hard pressed trying to build and deliver similar user experiences compared to what is possible today. Hosting video clips, or setting up a fully fledged search is prohibitively expensive if you don't have the resources and/or the expertise to do so.
You could also look at this from a different perspective: So many non-technical people are now able to publish content and provide rich user experiences to large audiences because of the widespread availability of these tools. Both the availability of "free" tools, and the influx of non-technical people over the past decade feed into one another.
Case in point: The wide-spread success of YouTube or TikTok where millions can just stream from their phone anytime anyplace, even though streaming video independently online (e.g. through a bespoke solution) is still very much prohibitively expensive.
People buy into these tools because they are convenient, and so easily accessible, and always available. As with most things, they don't consider the hidden but massive costs that come with it.
And so, I think that the amount of tracking only partly depends on how well funding covers the design, development and upkeep of a website. Plenty of massively expensive projects have this feature request "As a content manager, I want to be able to embed a YouTube Video in my copy." Boom. Trackers again.
At this stage, the reality is that if you want to avoid trackers on your website, it inevitably needs to be a conscious choice or strategy.
The issue is in how that consent is obtained.
So, today, the Internet has become the primary medium for most transactions. Whether it's booking a flight, ordering food, buying books, making a restaurant reservation, reading the news or applying for jobs. The biggest societal change of the past 20 year is the reliance of our daily life on the Internet. If you don't have access to the Internet today, you are at a huge disadvantage.
The big problem is that with any of those cases I just mentioned, you are required to access on line services and, in doing so, implicitly consent to the fact that your visit will be tracked and analysed by (a) the operator of the website or platform (e.g. American Airlines) and (b) any third parties that track you through embed codes.
Moreover, you don't know in advance whether or not you will be tracked until you open up the website and be confronted with a YouTube embed and a set of AddThis buttons, at which point it's already too late to retract your consent.
This is the very reason why the EU has issued the GDPR regulation forcing website operators to explicitly ask consent from visitors on their own behalf, and the behalf of third parties tracking through embedded widgets.
One downside of the GDPR is that end user is confronted with a pop-up before they get to the actual content.
Another downside is that some website operators tend to make consenting explicitly obtrusive unless you, as a visitor, hit the big green, flashy "Accept All" button that brings you directly to the content. Which is anything but what the GDPR envisioned.
A final downside is that the GDPR is difficult to enforce. As one is required to file a formal complaint if one feels that their rights aren't respected by website operators, which is generally not something most individual consumers are willing to spend time, money or effort on.
Even so, despite these downsides I feel that the GDPR is a step in the right direction, as it forces website operators to think about consent.
Consent to divulging personal information is only one part of the equation. I think the other part, the really problematic part, are the ends to which personal data are harvested and in whose hands that data ends up. While I agree with the statement that tracking in itself isn't evil per se, I think that scandals such as Cambridge Analytica, and how harvested data is used by advertisers to accurately target consumers, well, that is completely problematic. I think that far more regulation and, above all, enforcement of that regulation, is needed in this area.
Context very much matters. Personally, I don't mind being tracked across several e-commerce shops to provide me with relevant offers. I do mind being tracked on websites that absolutely have nothing to do with e-commerce, only to notice how that information ends up being used/abused in totally unrelated and, frankly, unwanted/undesirable contexts.
The Blacklight tool is great in that it gives a user visibility into the actual privacy cost of a given website. Whereas they maybe thought their general interest in a topic was the only thing traded, they can now see in how much detail the tracking goes. Far beyond what most likely anticipated.
* the user perceives that giving up a few details about themselves doesn't seem like it would benefit the ad company that much. This is the marginal benefit (to the ad company) per user.
* the company builds a database of user data and gets some total benefit. From this you calculate the average benefit per user.
The problem is that the average benefit per user is much bigger than the marginal benefit per user. So each user doesn't see the danger, but collectively there is a big problem.
Pragmatically, however, it's very rare and 'free' correlates very closely with privacy violating business models. Talking about how free services violate privacy is fine when 99% of those services do exactly that. Those businesses shouldn't get a free ride on harvesting and selling personal information just because a handful of other businesses manage to be better.
The only mildly entertaining thing is that the website reporting on this isn't packed filled with trackers of its own (just BlueKai, which unsurprisingly isn't reported by its "one-of-a-kind" tracker detecting tool).
The tool does pick up Oracle DMP, which is what Oracle renamed kinda sorta renamed BlueKai to. For example, see The New Yorker's site (scroll down and expand the Oracle heading): https://themarkup.org/blacklight?url=newyorker.com
Oh, hah, I suspect whatever tool you're using is picking up this image, which uBlock origin is flagging it for me: https://mrkp-static-production.themarkup.org/graphics/blackl...
I meet this girl in real life, so it's not like they tracked my web activity. I've always felt like they read your messages, the people you interact with , and then build a model of you.
I've always wondered how it weighed my preference and my apparent relationship status.
42% of people on Tinder are already in relationships. I view these as Validation apps as most people don't meet anyone . In that case even if your happily married you might still seek validation for the low low price of 35$ a month.
In fact it could be as simple as knowing her ethnicity and then seeing we used to message each other a lot, and then suddenly stopped sending messages to each other.
See how Cambridge Analytica literally seated public opinion with this data. And that wasn't even targeted at individual users.
I had been thinking of getting rid of that for a while, but this is the last push I needed.
These anti-privacy organizations (I include ALL ad companies and the like) do not give a fuck what you want... it's all about them and their customers.
The only solution is war. By this I mean, countering all their attacks by disabling all their weapons.
You are just $$$ to them and they will take from you whatever they can.
When do I need to self-isolate?
You should self-isolate if:
• You have Covid symptoms - a new continuous cough, high temperature, or change in sense of taste or smell
• You test positive for Covid-19
• You live with someone who has symptoms, or is ill
• You arrive in the UK from one of a number of countries which aren't exempt from quarantine rules
• You are contacted by NHS Test and Trace to say you have been in close contact with someone who has tested positive
Check more updates on - https://dailyuknews.com/
Companies always buy ads that are not personalized: on live TV, in stadiums, on billboards, on highways and so on.
So it is possible to have ad-supported business without invading privacy. But invading privacy brings a lot more revenue. So I don't agree with the argument that a privacy-respecting free services have to invade privacy.
Also in the report, it also says that many paid services like banks and others were also invading privacy.
It's so bad it basically makes untracked ads unviable. With billboards it's simply the most lucrative option available.
By the way in Belgium people already found face tracking display billboards so even untracked billboards will soon be a thing of the past.
But the EFF's Privacy Badger does exactly this. It's possible that I'm missing something, but how is Blacklight "one of a kind"?
Privacy Badger deems scripts either "Potential tracker", or "Your Badger hasn't decided yet if these domains should get blocked", while Blacklight has 7 categories each with a short headline and a long description.
Putting all that aside, maybe it's one of a kind in that it can be run on their infrastructure first, without risk to you.
Sounds like an opportunity to sell privacy-respecting analytics software ?
No relation to the organisation, I've just seen them talk on this forum a lot.
Cloudflare also just announced yesterday a "privacy-first" focused analytics offering.
It kinda looks saturated already to me but I'm sure there's plenty of room for smaller players!
There ain’t no such thing as a free lunch.
These services don’t operate out of thin air - they have overhead that has to be paid for - one way or another.
You can see more details here: https://data.disqus.com/
One alternative to Disqus, Commento, suggests that Disqus isn't even GDPR compliant.
She tells a story about a small town in England who tried to stop the Google Streetview car coming through and I thought to myself "what were they actually feeling"? Because I doubt I would have felt that as pertaining to my privacy and yet of course it is.
I think a lot of people like me find it hard to quantify what that thing is and where their boundaries for it are and as a result we are obviously wide open to having it exploited.
The Wikipedia opening line is interesting:
"Privacy is the ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively." 
Other dictionary definitions:
"someone's right to keep their personal matters and relationships secret" 
Now personally I think privacy != secrecy. It's more like obscurity or vagueness or indeterminacy. Like not being pinned down, rather than having any specific information hidden.
"A state in which one is not observed or disturbed by other people" 
I think that's a bit closer but it lacks the idea from Wikipedia of "being able to expression themselves selectively"...
This is the problem with social media such as FB. You do, in principle, have the ability to express your selectively, but the friction of creating and maintaining lists and only showing certain posts to certain lists is way too difficult.
Messengers like Whatsapp are much better because group conversations are selective and maintenance is much simpler - akin to real life interactions. I do notice the same person behaving differently in different groups, which is really hard ton FB.
> people like me find it hard to quantify what that thing is
Privacy is [REDACTED]. Intelligence is not privacy.
Recently I cleaned some olde books I don't need anymore and there were a bunch of them on info security, so I skimmed them good bye, and they all stated the same vague definitions like no one knows what privacy is, there's no agreement, etc.
Actually there're definitions of privacy and intel, they are just sad and unethical, hush shush.
And recently, a couple of days ago, a bunch of German publishers started a concerted action. They are asking every known mar tech company (I guess from the official TCF vendor list) to give detailed information about tracking cookies, tracking urls and so on.
It's pretty clear that publishers don't really have an idea what they are implementing on their sites, when e.g. adding the GA containers or selling their assets. The mar tech universe is huge and complex, consisting of hundreds and hundres of different companies, using tracking technologies, piggy-backing pixels, transfering data between each other.
In the beginning there were three main stake holders: Advertisers, Publishers and Users. When mar tech companies arrived, the amount of participants increased tremendously. Just to improve the delivery of ads.
And GDPR? Either you'are facing dark patterns or you have to select between "ad supported" and "paid content". GDPR will not reduce the complexity of the system. Best two evidences:
The TCF. An industrial standard from the industry for the industry. It's not designed to be understood by end users. The user is facing mar tech buzzwords, dozens of purposes and hundreds of vendors. How does that help?
And plugins that hide / skip consent banners automatically, because people hat them.