Many websites are free because they survive from ads. Ads make more money if you collect data. The EU law essentially cut the revenue of all these websites. Their choice is to not collect data (meaning less revenue) or show a popup (meaning more bounce rate, which means less revenue).
People who think this is a good thing are being short-sighted. That's because this law mainly affects websites that host information that visitors visit from clicking on links on the web. If a website is like Facebook or Youtube, where users must sign up first or probably already have an account, they will be able to collect data for ads with or without banners since they have their own ToS for creating an account, and they can infer a lot from how the user uses their services.
I'm not saying privacy regulation is a bad thing. It made countless businesses reconsider how they handle people's data. But it's clear to me that there are two problems.
First, this regulation hurts all the small websites that need to exist in order for we have to have a healthy "web." A lot of these are making only barely their hosting costs in ads, so there is no way they can afford the counsel to figure out how to comply with laws from another continent. If we had another way to support these websites, this wouldn't be a problem, but ads are really the lifeblood of half of the internet, and almost nobody wants to donate or pay a subscription.
Second, this regulation doesn't even really protect people's private data in the end, which may give users a false sense of security because they have the GDPR on their side. I forgot the name, but there was a recent gossiping app that required the user to upload a photo in order to sign up, which should be deleted afterwards, but they never deleted it and when the app was hacked the attacker had access to photos of all users. It's the same thing with GDPR. We can tell when a website is clearly not complying with the GDPR, but there is no way to tell if they actually complied with the GDPR until the server gets hacked.
Even the way they comply with GDPR isn't enough to protect users' privacy, e.g. if you have an account on Discord and you want your data deleted, they will simply turn every post your made into an "anonymous" post. This means if you sent a message that discloses your private information on Discord, that will never get deleted because its outside the scope of compliance. You could literally say "Hi, my name is XYZ, I live in ABC" and they won't delete that because you consented to provide that information, they will just change your username from "xyz" to "anonymous" or something like that.
I still wonder what are the actual benefits of GDPR with these cookie banners when 99% of the users just stay on Facebook and Youtube anyway.
> Many websites are free because they survive from ads. Ads make more money if you collect data.
My business is to get money out of other people's wallets and bank accounts. I could get make much money if you just logged into your bank account and approved transactions whenever I told you to, or screamed less whenever I took the wallet out of your pocket on my own.
That there's a way to earn more money does not justify it as legitimate thing to do, and if you can't figure out how to run a service in legitimate ways does not mean that illegitimate ways that attempt to violate its users in secret suddenly become okay.
Like I said, GDPR only stops the smallest websites from doing that, and in most cases they're barely a "business," they're just some website that gets paid only enough in ads to cover its hosting costs so that the webmaster doesn't have to pay money on top of time to publish information for free for everyone on the internet.
The largest websites will still "violate its users in secret." That's why I don't think GDPR is as useful as people purport it to be.
You're going to get force-fed ads optimized via collected data either way. The only question is whether small websites will exist that rely on third-party ad networks or only Facebook and Youtube will exist because they have first-party ad delivery systems. I don't think the latter is healthier than the former. Do you?
I feel like the #1 problem with the cookie law is that the vast majority of websites need to do something in order to comply while keeping their business model and the law hasn't provided a clear direction for how to comply with it.
If they had done that, nobody would be making cookie banners wrong.
I worry about that as well. I guess we assume nothing is going to happen because it's Google. But Google just dodged a bullet with Chrome which, if they had been hit, had a real chance to harm the entire web. Youtube could be next.
Isn't it a bit crazy that phishing e-mails still exist? Like, couldn't this be solved by encrypting something in a header and using a public key in the DNS to unencrypt it?
I'm not a top-level expert in cybersecurity nor email infra....but the little that i know has taught me that i merely have to create a similar-looking domain name...
Let's say there's a company named Awesome...and i register the domain name of AwesomeSupport.com. I could be a total dark hat/evil hacker/neverdoweller....and this domain may not be infringing on any trademark, etc. And, then i can start using all the encryption you noted...which merely means that *my domain name* (the bad one) is "technically sound"...but of course, all that use of encryption fails to convey that i am not the legitimate Awesome company. So, how is the victim supposed to know which of the domains is legit or not? Especially considering that some departments of the real, legit Awesome company might register their own domain name to use for actual, real reasons - like the marketing department might register MyAwesome.com...for managing customer accounts, etc.
Is encryption necessary in digital life? Hellz yeah! Does it solve *all issues*? Hellz no! :-)
Email is not relevant to a good encryption scheme. You could sign an email, an image you post on Insta, a chat message, anything really.
Thing is, where are the user's credentials stored. In a goverment's computer probably. Greece is taking some steps towards this [1].
A Greek citizen to obtain a digital signature, he has to go to a bank, the bank verifies him, he pays a fee and then the government can accept his digital signature. My guess is that the dictatorship banks established with the Covid excuse might start to bear some fruits finally.
But, people on the internet might want something more advanced, more secure than some COBOL computers storing their identity. Then we save digital certificates and digital identities on the blockchain, making essentially the blockchain the heart of the internet.
When a person from a company sends a message to a client, he can sign the message with his own identity and the identity of the company. Problem solved. No one get's confused when the cryptographic signatures are not verified. The message is invalid and it is redirected to the spam folder.
True! But, the possibility exists that enough % of victims do not indeed check the OV cert. Also, are we 100% sure that every single legit company that you and I do business with, has an OV cert for their websites?
This honestly doesn't feel like it should be the case.
There aren't that many websites. The e-mail provider could have a list of "popular" domains, and the user could have their own list of trusted domains.
There is all sorts of ways to warn the user about it, e.g. "you have never interacted with this domain before." Even simply showing other e-mails from the same domain would be enough to prevent phishing in some cases.
There are practical ways to solve this problem. They aren't perfect but they are very feasible.
My previous comments were merely in response to your original comments...so really only to point out that bare use of encryption by itself is not sufficient protection - that's all.
To your more recent points, i agree that there are other several protections in place...and depending on a number of facotrs, some foks have more at their disposal, and others might have less...but, still there are mechnisms in place to help - without a doubt. But yet with all these mechanisms in place, people still fall prey to phishing attacks...and sometimes those victims are not lay people, but actual technologists. So, i think the solution(s) to solve this are not so simple, and likely are not only tech-based. ;-)
I might be missing the joke, but there are several layers like SPF and DMARC available to only allow your whitelisted servers to send email on the behalf of your domain.
Wouldn't help in this case where someone bought a domain that looked a tiny bit like the authentic one for a very casual observer.
100% solved and has been for a very long time. The PGP/GPG trust chain goes CLUNK CLUNK CLUNK. Everyone shuts it off after a week or so of experimentation.
It's depressing how much of the web didn't work the way it was supposed to. Attention is centralized on news websites because news can be posted on social media feeds every day. Those news articles never link to other websites due to arbitrary SEO considerations. Google's pagerank which was once based on backlinks can't function if the only links come from social media feeds in 3 websites and none of them come from actual websites. On top of it all, nobody even knows for sure if those SEO considerations matter or not because it's all on Google's whim and can change without notice.
The web works fine it's just PACER and stuff that is garbage because there is no competition in the trash people create for the government and public apathy (or corruption, take your pick) is high.
Many Boomers may have heard something along the lines of "Many kids in Japan are starving and would love to have that food" even, bringing this somewhat full-circle.
Not Japanese, but I feel if you translated it that way you would risk people reading the article into assuming the sentence could be used in ways that match the sense of "enjoy" in English that could never match the sense of the word used in Japanese, e.g. the staff enjoyed a movie later.
Many websites are free because they survive from ads. Ads make more money if you collect data. The EU law essentially cut the revenue of all these websites. Their choice is to not collect data (meaning less revenue) or show a popup (meaning more bounce rate, which means less revenue).
People who think this is a good thing are being short-sighted. That's because this law mainly affects websites that host information that visitors visit from clicking on links on the web. If a website is like Facebook or Youtube, where users must sign up first or probably already have an account, they will be able to collect data for ads with or without banners since they have their own ToS for creating an account, and they can infer a lot from how the user uses their services.
I'm not saying privacy regulation is a bad thing. It made countless businesses reconsider how they handle people's data. But it's clear to me that there are two problems.
First, this regulation hurts all the small websites that need to exist in order for we have to have a healthy "web." A lot of these are making only barely their hosting costs in ads, so there is no way they can afford the counsel to figure out how to comply with laws from another continent. If we had another way to support these websites, this wouldn't be a problem, but ads are really the lifeblood of half of the internet, and almost nobody wants to donate or pay a subscription.
Second, this regulation doesn't even really protect people's private data in the end, which may give users a false sense of security because they have the GDPR on their side. I forgot the name, but there was a recent gossiping app that required the user to upload a photo in order to sign up, which should be deleted afterwards, but they never deleted it and when the app was hacked the attacker had access to photos of all users. It's the same thing with GDPR. We can tell when a website is clearly not complying with the GDPR, but there is no way to tell if they actually complied with the GDPR until the server gets hacked.
Even the way they comply with GDPR isn't enough to protect users' privacy, e.g. if you have an account on Discord and you want your data deleted, they will simply turn every post your made into an "anonymous" post. This means if you sent a message that discloses your private information on Discord, that will never get deleted because its outside the scope of compliance. You could literally say "Hi, my name is XYZ, I live in ABC" and they won't delete that because you consented to provide that information, they will just change your username from "xyz" to "anonymous" or something like that.
I still wonder what are the actual benefits of GDPR with these cookie banners when 99% of the users just stay on Facebook and Youtube anyway.
reply