It's Facebook after all, so of course there is no privacy there. Imagine using this service and with their total lack of privacy and having your preferences spilled out. Same as putting them on a billboard.
What could be worse is if the same patterns and culture of allowing targeting and monetization carry over to Facebook Dating from the rest of the Facebook platform and organization.
Combined with romance scams[0], it seems possible that Facebook Dating would provide narcissists, manipulators and fraudsters with a lucrative marketplace to operate in.
I don't really understand why services like these don't drop the pretense of keeping your private data private, and instead simply say "anything you write on our website will be published online publicly".
While there might be some user backlash, I don't think it would be that big, and would meet all the laws and regulations.
Interestingly, this might not necessarily comply with GDPR Article 25 (2):
> The controller shall implement appropriate technical and organisational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed. That obligation applies to the amount of personal data collected, the extent of their processing, the period of their storage and their accessibility. In particular, such measures shall ensure that by default personal data are not made accessible without the individual’s intervention to an indefinite number of natural persons.
The intent appears to be to prevent a scenario where personal data is "shared publicly" by default. Given the broad definition of "personal data" and the underlying principle of "privacy by default", it seems likely to me that a "default-to-public" sharing system would be non-compliant.
To be fair, it's somewhat more justified for dating.
Doing creepy psychological profiling to sell me ads for a few extra shekels? Very dodgy.
Doing creepy psychological profiling to find matches with traits neither party would otherwise voluntarily disclose on a public profile? I mean, yeah, sure.
It's not the case that people are concerned over Facebook having their innermost desires stored on some server somewhere, although they like to pretend so. The issue is more along the lines of whether natural persons they interact with IRL see them - this is why people are OK with using Tinder and Facebook messenger, but not with having private conversations over Twitter.
Of course, they'll use the profiling for both. But the end user arguably extracts more of the value than they do from getting sold more relevant ads.
Because there's a slur going back millennia against the Jewish people persecuting them as conspiring money-grabbers, and Zuckerberg has Jewish heritage and you were accusing him of being a conspiring money-grabber.
I think the other replies are correct, and this is nothing to be alarmed about. But I don't think you should be downvoted just for asking. Nazis are using new dogwhistles all the time, and infiltrating forums like HN. I don't blame you for having your guard up.
The Valentine Day is not a big event at this side of the Atlantic. There is some chance, the marketing has caught up with the younger generation, though.
Indeed, the 'tradition'/origin has the roots somewhere down the Roman Empire, 3rd century. Now it has been commercialized to a high degree.
My point was something like: take US holidays grade on the scale 1-10; Christmas 10, Halloween, Thanksgiving Day - 9, 4th of July, New Year - 8.... Valentine's Day - 4, Memorial Day - 2. (not all rated, obviously)
Germany - barely registers as anything; Spain, Sweden, Estonia - not a thing at all. There might be promotions, advertising, etc. but it's not an engraved thing for the decision to matter the date/proximity of Valentine's Day.
It's possible Firefox already does that via its enabled-by-default tracking protection. At least I don't seem to have an issue with the back button here.
Fixing the bug only fixes it for Firefox users, but disincentivizing it fixes it for everyone.
For me, uMatrix blocks it; it redirects through https://guce.advertising.com/collectIdentifiers. I could disable it or go through IA or whatever, but I really haven't the patience to deal with these websites.
EU doesn't want me to find a girl, how sad :/ still thinks this could be much more usable than what become of Tinder, especially when there is no filters, which when you live near border could be sometimes really bad. Not that I have something against other nations, it's just convenient to look only for locals.
Comments from FB are boatloads of bullshit, as expected. How nice to see that not everybody lets themselves get fucked over by them as a matter of course, like in the US. Cheers to Ireland.
Asbestos apparently kills 255,000 people annually (https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5982039/). How many people has Facebook killed? "Asbestos killed millions of people, and I don't like Facebook, so we should treat Facebook the same as asbestos" is not a valid argument.
Nobody made the claim we should treat fb the same as asbestos - I didn't say we should ban using it from all places, or that it causes cancer or w/e.
If your business has something that causes externalities and you dont pay for them, the government is going to(hopefully!) regulate you from screwing the rest of us over, or selling dangerous products to consumers for cheaper because of "choice".
If you claim that choice is impacted and that's a bad thing you actually need to prove the counter claim - that the activity you are doing is SO IMPORTANT to us as a society its worth going around our standard operating procedures.
>If you claim that choice is impacted and that's a bad thing you actually need to prove the counter claim - that the activity you are doing is SO IMPORTANT to us as a society its worth going around our standard operating procedures.
To me that sounds like a nightmarish world to live in, one in which you have no rights except what others choose to grant you. What about the principle of innocent until proven guilty? The burden of proof should be on the accusers claiming harm, otherwise we might as well just completely stop advancing as a species, because anything we change could possibly harm someone in some unspecified way.
So have many other companies, and even some governments have leaked citizen data. Do you really think the other dating sites currently working Europe have better OpSec or gather significantly less data than Facebook?
The data protection agencies will come around to them at some point. It's not like they stop with Facebook Dating and don't check anyone else in the future.
No, "we should ban X because we ban Y and Y is bad" is not a reasonable argument because "bad" is a matter of degree. That argument only works if we can show X is as bad as y.
No. "We should ban X because we know that X is bad and we have a long standing tradition of banning bad things. See Y, Z, etc. for examples of other bad things that were eventually banned."
Data protection laws have been in place in Europe for way longer than GDPR. They all basically say this: you must protect private and personally identifiable data of people.
Nearly every single tech company did nothing to protect that data. Especially the international behemoths like Facebook.
Then the EU unified the different data protection laws into a single one: GDPR. And said: up until now we were lax in protecting out citizens' rights. We're gonna stop doing that now.
logicchains on HN: oh my god, how can you even think of enforcing this against a poor company who offers users choice.
The same company that sells private data wholesale, tracks users even if they are not present on the site, regularly breaches privacy laws, explicitly targeted teenagers for behavioural research, prevents users from permanently removing records from the service, retains data on a people even after removal from service, exposes private and sensitive data to thousands of advertisers, tracks users' locations despite opt-out, aggregates users' health data without their consent, lobbies against privacy protections, etc. etc. etc.
Yes. That's exactly why GDPR exists and exactly why FB must comply with it.
I hate pollution as much as anyone but it’s hard to see how it might be a good thing that someone’s paper mill launch is being censored by the state.
I hate cancer as much as anyone, but it’s hard to see how it might be a good thing that someone’s tobacco advertising is being censored by the state.
I hate sex trafficking as much as anyone, but it’s hard to see how it might be a good thing that someone’s Russian bride catalog launch is being censored by the state.
——
I guess my point is that your broad objection to government interference is completely meritless without considering the specific harms and benefits under discussion. The problem with surveillance is that the harms are distributed and delayed. Meanwhile Facebook does everything it can to obfuscate what these harms might even be.
>I hate cancer as much as anyone, but it’s hard to see how it might be a good thing that someone’s tobacco advertising is being censored by the state.
Do you realise how absurd you sound? Have you any idea of how tragic it is for a family to lose a loved one to cancer, how many people millions of people have died unnecessarily from smoking? Comparing Facebook to that sounds completely out of touch with reality, unless you can point me to the millions of people killed by Facebook.
No one suggested that surveillance is as bad as cancer. All that was said is that blocking Facebook dating has a similar effect on surveillance (in kind, not in degree) as banning tobacco has on cancer.
Is that even true? Stopping smoking reduces the risk of lung cancer by like over 90%, blocking Facebook doesn't change the fact that the Chinese and American spy agencies are still doing everything they can to record all your emails and personal communication.
Degree matters, because the harm from censorship and restricting people's choices is a matter of degree, and if the harm avoided by the ban is a lower degree then it ends up as a net negative.
If it wasn't for companies like Facebook using and thus requesting that information to begin with, it would be a hell of a lot more difficult for American and Chinese agencies to get your data.
Nobody is going to suffer any noticeable or concrete harms because Facebook launch a dating site of all things. The reaction here is wildly out of proportion to the scale of the problem; assuming there's any problem at all (everyone with a Facebook profile made one, they wanted to be there, so there isn't).
>The problem with surveillance is that the harms are distributed and delayed. Meanwhile Facebook does everything it can to obfuscate what these harms might even be.
The harms of regulation are also distributed and delayed. The Backpage.com sex workers who were selling their services online have to go back to the danger of working the streets as a consequence of new online sex trafficing laws. People previously buying drugs safely online now have to go back to the streets, with dangerous dealers and worse infrastructure for testing drug safety. GDP grows a little slower, nobody notices for a while, until a couple decades later the standards of living in that country are lower than their neighbours and what they could have otherwise been. Some people miss out on meeting the love of their life who they might otherwise have met on Facebook Dating.
It's not enough to consider the benefits and harms of the thing you're considering banning, you also need to consider the harms of the ban itself, and of creating the political infrastructure to enforce the ban, that could be turned against you the moment a far-right government wins an election (may I remind you that the People's National Front won 33% of the vote at the last French election).
The harm of not allowing Facebook dating while it fails to meet privacy regulations is that people have to use alternative dating services that do meet privacy regulations.
Social harm: nothing.
The implication that any government ban is bad, because fascists, is silly. The concept that some bans have net negative consequences is fine, but there is nothing to suggest that is the case here.
A law that takes away people's rights to visit the websites they want to. Just because something's made a law doesn't automatically make it right. It also seems like it's being selectively enforced; is Ashley Madison banned in Europe? Do you think they have better privacy/opsec practices than Facebook?
Facebook isn't banned. Still, don't worry, the data privacy regulators will come for them too; FB is a priority for the sheer number of users and how pervasive it is.
If that was the problem, the government could just publish a registry: "companies that will violate your data and spill your privacy", broadcast it on public TV. And make the site display a warning upon opening it. That way people have the information and they still get to make the decision themselves.
I used to feel that way, but the older I get the more I realize that the average consumer is a moron and can't be trusted to even attempt to vet most services.
I don't know what the answer is, because I hate the idea of limiting the rights of those who are competent and responsible in order to protect those who are not.
There are various takes on that, which of course depend on values each person (and country) considers as the most important.
In my personal opinion, Europe (in which I live) as an "Amish bias" [1], i.e. by default being more cautious about introducing new technologies. I am already annoyed by the constant cookie pop-ups that significantly affect my browsing experience but on mobile.
Yes, there are risks with all technologies. But with the current mindset, Europe is setting itself way back comparing to the USA... which is much more cautious than China. Or in other words, Europe sets itself to be the World's calm countryside, in which people live as they used to.
Some (maybe even the majority) may like it. Personally, I am asking myself from time to time - when it is time to move to Asia.
How is Europe setting itself back compared to other superpowers? If anything, by enforcing privacy by design and default it is setting itself up to become the best place on earth to live if you give any value to your personal information
In Norwegian this is called "Føre var prinsippet" or the precautionary principle [1].
This does not apply only to tech but to everything and I personally think it is a good idea to not barge into something without considering it. We've done so much damage in the past by acting before thinking.
"We've done so much damage in the past by acting before thinking."
Where has this happened in Social Media?
Where is the EU's evidence that FB/Inta etc. have launched products that have caused individual, social harm?
We require 'lighting equipment' to be approved ahead of time because people could get shocked and die otherwise.
There's no such risk in social media products.
What's more, that the EU is being more conservative here, in no way implies that it's citizens are actually 'safer'.
For example, the OP's point about cookie notices: they have not materially changed anything other than creating a UI headache. Nobody has changed their behavior due to this notice. In retrospect, there are perhaps other ways this should have been implemented.
The EU should make regulations where harm is a real possibility, and ensure that companies are adhering to such laws, but that's a far cry from companies having to provide every country notice ahead of time of product features and services.
Every product or service involves the management of at least some kind of personal information, is Ireland prepared to 'review' every feature of every little startups SaaS app, or of the millions of niche little social apps?
No. Better to hire some people to investigate claims and breaches of privacy, and to develop good laws.
> Where is the EU's evidence that FB/Inta etc. have launched products that have caused individual, social harm?
You mean the complete loss of privacy? That's a harm. It's not something you'd consider harm, but it's something that might be prioritized in a country that isn't the US.
You're making his case for him. There's no evidence. Facebook is not harmful. The people who believe this overlap nearly 100% with people who believe conspiracy theories about "Russian meddling" (like the EU Commission).
There's zero need to regulate Facebook. It's about the least harmful company in the world today. Its products have no safety implications. If it has an extended outage GDP probably goes up rather than down as people stop goofing off work. It's half way to being an entertainment company.
The only reason this comes up at all is because the European political elites are immersed in a form of groupthink in which they cannot and will not engage with their citizens actual concerns (top concern by the EU's own polling: immigration). So they cast around trying to understand why anyone in the UK would vote to leave the EU and come up with some theory about how it's all Facebook's fault, despite that the EU always loses referendums when people are given a chance to object. So now anything Facebook does must be bad.
The EU will continue to be dominated by US tech firms that don't care about what the Commission think for the forseeable future. The only obvious change on the horizon is that a new generation of tech firms, having seen what happened to companies that hired too many employees in Europe, will simply choose to serve the market entirely from abroad where they can ignore EU law at will.
> Where is the EU's evidence that FB/Inta etc. have launched products that have caused individual, social harm?
That's the whole point of the precautionary principle, you need to consider it carefully before barging in. You need to find the evidence that it is ok not that it is not ok.
But in this case there is already evidence that social media can at least be a catalyst for increasing individual and social harm. I'll just link the first result from googling "facebook myanmar" [1]. There are also cases where leaking of data from dating websites (more relevant to the topic at hand) causes great individual harm [2].
" You need to find the evidence that it is ok not that it is not ok."
One of the leading causes of deaths of healthy people in every nation is cars!
Do you think we should put the CEO of Volvo in jail for mass murder?
Why are you not trying to get GM and Ford shut down immediately for all of the death they care to enable?
And consider the vast environmental impact!
This notion of 'proving something causes no harm' before using it is unecessary for anything other than literally dangerous products. So foods, chemicals, things that involve electricity, there's very good regulations for those things.
But are we going to ban 'Spotify' until you can figure out the long-term effects of that economic model and how it might affect the music industry artists?
No. Social Media is a new form of human interaction that has come about for a variety of reasons, and we're going to have to figure it out. People are not dying in the streets, more importantly, those who have challenges with it simply don't have to use it. In between those grey areas, we have to work things out - but this is not specifically a Facebook problem.
There are a number of thoughtful regulations that the US or EU could implement, but almost none of them are being suggested, and the example provided in this article proves this to some degree. Ireland is not protecting anyone or accomplishing anything at all with this specific regulatory apparatus.
There are regulations for vehicles, you can't just create a random thing with wheels. So why GDPR that asks you to inform people what you collect and for what purpose you collect is as bad, car manufacturers have a lot of things to put into the cars like mirrors, lights, safety features etc where software companies just need to inform the users and show how they protect the users data, also they have to report when the data is compromised.
Banning Facebook until they can 'prove they cause no harm' is ridiculous, i.e. the OP's reference to 'do no harm' or 'conservative principle'.
Also, though GDPR is mostly good, a lot of other regulations are not, for example, the one in this article wherein Ireland needs to approve Facebook's dating app.
The malaise from general social media is a new social problem, and almost nothing FB does will mitigate it. We need to learn to live in a new world where general social media products exist.
There was no ban though, Facebook was required by law to produce documentation on how they will handle the data and Facebook decided to delay the launch. Facebook has a large number of users and a reputation of poorly handling the private the data with "bugs" causing data to be stolen, FB is proud of moving fast and breaking things, ignoring the law (when they ignored the requirement of not to connect WhatsApp users with the FB accounts ) so I think is fair someone is asking them on what exactly are doing before not after they launch.
On dating apps you are not forced to put your real name and exact address but in FB people already have the full names, relatives, school and work colleagues so a bad actor that would find a lot about somebody compared to a random dating website where they can find your contry and region and your preferences.
Facebook is considered, by far, the most problematic major technology company active right now. There is so much content in this article that it has become unmaintainable:
" by far, the most problematic major technology company active right now."
This is ridiculous. Facebook is a social network that allows people to share information with one another, almost always in the terms that the user wants i.e. users have control over their own privacy level.
Unlike so many places, Facebook does not sell or share any data with anyone. They don't need to, because they have their own advertising engine.
That's it.
The list of concerns in this Wikipedia article are mostly misguided or misrepresentative.
Most concerns are actually critiques of social media in general, such as "Students have a hard time coping" because they're caught up in social media is a social commentary about new technology, not Facebook.
'Envy' 'Stress' etc. - this is 'Facebooks' fault for allowing people to share information about their lives?
The vast majority of people are able to handle their 'social media account', and there's a very easy answer for those who don't want to deal with it - which is to not have an account with Facebook, moreover, this is a general concern, not a Facebook-specific issue.
Almost all of the other issues in kind 'Tax Avoidance': FB pays 100% of the taxes they are owed, and don't pay taxes they don't need to. In the context of this article consider that the architect of the EU's ostensible loopholes was Jean Claude Junker (!!!) literally the Pres of the EU Commission who created all these shenanigan rules when he was PM of Tax Haven Luxembourg! It's 100% the EU's fault that their tax laws are wack. If they want a more thoughtful approach to taxation than they should change their laws.
Facebook is critiqued for some content moderation issues, as though it's 'their fault' that someone bullies some other person? Again, this is a general social media issue, not a Facebook issue, moreover, everyone would just like clarity on how to deal with the issue. Governments don't provide clear direction, and the press/twitterverse will be in outrage mode whatever happens one way or another.
Most hypocritically, the most popular 'solution' around here seems to be 'decentralization' - as if when there is no 'authority' modering content these problems will be solved? Just the opposite! A 'decentralized' social network will be the most unruly place imaginable where all these problems are considerably worse. Imagine ISIS with their 'execution' videos willy nilly, NAZI propaganda, ex-husbands and wives doing a terrible thing to one another, pedophiles, stalkers galore.
Facebook is a social network where people can 'share stuff' almost entirely on their own terms. They moderate, but not perfectly and there will never be perfect moderation because nobody can agree on what that is.
They are not a bad company, nor is it really even bad technology, like anything, most people use it for fairly benign, normative stuff like sharing cat and wedding videos.
Facebook stalks you even if you don't use the product yourself nor agree with their ToS/privacy policy.
They got websites and developers to embed their spyware like the tracking pixels, Like buttons, app SDKs everywhere so they can get IP address and device data which is enough to track you across apps and websites with very high accuracy.
They also track who knows you based on other Facebook users (often unintentionally, thanks to dark patterns) share their contacts list with your number in there. They can basically infer your entire social graph without you even being aware nor consenting to it.
That has nothing to do with Facebook or social media.
I would love if someone passed a law or made some relevant and intelligent regulations concerning this, but's completely beyond Facebook making a dating app.
Facebook is not a malicious company. They're just a big social network with all the crap that comes along with that.
As a European, I don't feel at all behind the USA.
Even less so since a few years, since I see all the very-USA-specific stuff that's been fed to us as "universal", while it was actually more because most of the production/distribution/media means were sourced from there.
And by extension a government, see the Nazis (invoking Godwin's Law here), but also the Snowden revelations - you can safely assume the NSA and co have access to all data held by the big tech companies. If Trump or his even more extreme successors decide that a certain demographic needs to be rounded up, they can requisition a dataset from Facebook and they'd have the list of people matching that description. Combine that with the military + the militarization of the US' police force and you realize you're only one executive order away from genocide. And I don't know if the world will go to war with the US over that.
So the problem with Facebook is that powerful governments might use their data to do horrible things, and the solution is to give governments even more power over our lives by letting them dictate what sites we're allowed to visit? If there wasn't so much of this "oh no, a problem, better get the government to solve it" thinking in the first place, the US government would never have gotten as powerful as it has.
Yes but governments also cause problems, and if they get big enough the cure can be worse than the disease. E.g. if all governments in Europe had not had the power to override citizens' freedom of choice by drafting them and taking their factories to make bombs, there'd have been no WW1, saving tens of millions of lives. If Russian and Chinese governments in the 20th century had not had the power to override their citizen's freedom of choice and expropriate their property, Stalin would not have been able to conduct his purges, Mao would not have been able to conduct his great leap forward, the great famine would have been avoided, saving close to a hundred million lives.
As the quote goes, "A government big enough to give you everything you want, is a government big enough to take away everything that you have.". People think "oh it couldn't happen here"; well that's what people in Germany thought in the 1930s.
I think there's definitely weight to this assertion. I suppose the question is, where does government responsibility (for the digital privacy of citizens) end and where does personal responsibility begin? I dont have a source for this, but the general trend Ive noticed is that the younger demographic is shifting away from FB to other platforns and the older demographic is still growing on FB. What percentage of this older demographic truly understands the risks they incur by posting a large amount of their personal info on FB?
>where does government responsibility (for the digital privacy of citizens) end and where does personal responsibility begin?
I do not see a problem here, EU forces websites to inform me and ask for permissions, I can click agree to everything and I am in the same boat as Americans. So it seems Facebook was lazy and did not prepared the documentation.
It's definitely possible to perceive Europe as moving a little slower in terms of technology adoption; it's also possible to argue that that's not a bad thing.
A common narrative in western news is that surveillance in China is developing too quickly and that social credit and other systems are being introduced rapidly, introducing societal risk.
It's possible that's true - and that the U.S. and sillicon valley in particular - while good at developing technology rapidly - are actually on a similar risk trajectory. Within the tech news bubble it's all communicated very differently, of course - it's about innovation, improving lives, and changing the world by disrupting old industries. But perhaps the systems that are being implemented are, in fact, similar.
And to look at the situation from another angle: despite all of these advances in technology, how much has life really changed? We all still have family, friends, education, work, accommodation, food sources and requirements.. there is "nothing new under the sun".
There's a lot to be said for taking some pause and seeing how technology develops, and after careful consideration, selecting the options which lead to clear improvements, while avoiding the options which seem to introduce large negative impacts for individuals and society.
Well, it is common that it takes years to get services and products that are available in the US. For example, to get a sensor to measure my ECG I needed to:
- use US credit card in an app store,
- ask a third party to resend me a device.
I am not aware of many innovative products or services that are first available in the EU, and it takes more than a year to appear in the USA (examples are welcome).
I do not say that the EU is bad, as there are quite a few things in which it is progressive (human rights, environment).
> despite all of these advances in technology, how much has life really changed?
For some, a lot. If it weren't for the internet, most likely I would end up living very lonely and miserable. (Well, it give me a window to discover people having different religion than my family and neighbors, to discover that I am not the only weirdo, but there are much more neurodivergent people, etc).
Each single things progress is not a life changer.
Collectively, they change the way we live.
Yes, I am aware that one should weight the pros and cons.
Just, IMHO, in Europe it is tilted to "way too conservative" (in its original meaning, "preserving"), with the approach more of a government plan (acting in years or decades) than hackathon/startup, where it is an order of magnitude faster.
I am the most afraid of slowing the progress of medicine, which do require data.
> I am not aware of many innovative products or services that are first available in the EU, and it takes more than a year to appear in the USA (examples are welcome).
Do you have anything like Klarna yet? They let ordinary people buy stuff online on invoice and handle the risk for the merchants. This makes buying stuff online very convenient. It is a Swedish company which has been active in Europe for almost 15 years.
Spotify, while not as innovative, also took many years before they entered the US market. It is pretty normal for Swedish tech companies to focus on the EU market first before entering the US market many years later.
I am not convinced that trading users privacy for any sort of latest and greatest tech necessarily sets you back. This might be true, but it's not a given. If someone shows that the benefits outweigh whatever is gained by such privacy measures, by all means talks about how Europe is falling behind.
"I am not convinced that trading users privacy for any sort of latest and greatest tech necessarily sets you back. This might be true, but it's not a given"
True, but why on earth is the government deciding on your behalf what this trade-off is?
It's the government's job to make sure the trade-off is apparent, within reason, and then let people decide for themselves.
For example, I don't want to be on Facebook ... so my magical solution is that I don't use it.
Um sorry to disappoint, but you most likely have a shadow profile at Facebook built from all of those like/share/comment with FB boxes on all the other pages you're visiting.
Facebook SDKs are embedded in apps (even paid ones) and they report a lot of data including IP address and device info (very useful for fingerprinting).
Facebook also collects other user's contacts lists (thanks to dark patterns) which means they can infer his social graph based on his other friends who do use Facebook even if he himself doesn't use it.
The government's job is whatever we, the electorate, decide it is. The government represents us and we've empowered it to reign in large companies and moderate the influence they can have on us and it's exactly what they're doing.
How is that of any relevance to mention an "Amish bias" and go on a grandiloquent tangent about the merits of precaution vs. quick adoption of new technologies, when this is about a dating feature which (obviously) has privacy implications?
As an American living in Europe, I actually think that Europe is ahead of the curve with respect to privacy and security. US culture is informed by a laisez-faire approach to business and customer protection, but European governments are generally more proactive in thinking on behalf of its citizens.
I don't know why you're getting downvoted so bad. Your opinion is valid and well stated, even though I disagree.
Amish or Luddite? No.
Underinvestment in technology? Yes.
Poor bureaucratic response? More yes.
The US is leading in eCommerce with FAANGs. With this trade comes very valuable data mining and 'Surveilance Capitalism' where intimate user behaviours and trends are translated into further competitive advantage.
When you look at the FAANGs. The US gets all the upside (as well as some of the downsides), but the EU gets only downsides. e.g. Amazon will hollow out retail and logistics, as well as computing infrastructure, the economic efficiencies are returned to the US as well as the rich user data.
The EU is struggling to respond in a contructive way. It really needs to create a few tech hubs, and promote new ventures.
Instead, its doing what the EU does best. Kicking the can down the street, and adding bureaucracy to appear to be doing something.
EU and its governments set the tone, though. The USG attacks tech firms only rarely, and only when there's pretty overwhelming evidence of some sort of specific wrongdoing. The EU seems to pretty routinely attack the tech industry even when there's no demonstrable harm. So tech entrepreneurs in Europe receive a pretty strong message that if they get big they're going to meddled with and certainly not celebrated. US founders don't get the same.
I think you're correct that there's an "Amish bias" at work here. I don't see that as a negative either -- I have a bit of that perspective myself. I certainly prefer a "calm countryside".
Overall I'm unsure if the EU is doing good here or if it's just posturing and getting in people's way. I guess the truth is somewhere in between. There are clear advantages to the way the US handles this stuff but perhaps the EU will dodge a bullet or two.
I do think it's a wholeheartedly positive thing that the US and the EU take different approaches. It would be truly awful if there were no differences in our attitudes toward technology and its adoption.
I like that the "consent" URL doesn't actually ask for consent - it just immediately redirects to "collect identifiers" - it's possible they already assume they have my consent, but since this was checked with a cookie-less cURL command, that seems unlikely. Since my adblocker is blocking the guce.advertising.com domain, I guess I don't get to visit TechCrunch.
I got 18 hits on PrivacyBadger, 12 his on NoScript, 19 hits on AdBlockPlus. I configure all 3 manually, and every now and then I check them to see if there is anything new in the ad/tracking domain, and block it immediately.
I don't know what my HOSTS file is blocking, but I assume it also cuts off some of the ads/trackers.
Are you outside the EU? It probably decided they don't need your consent, as I did get a consent page. It was convoluted, impossible to decline (I'm still looking around) and illegal under the GDPR, but I did get it.
EDIT: Yeah, it doesn't seem possible to withdraw consent. I stopped after ten clicks that only led to "informational" pages where sentences stopped mid-way.
GDPR is a regulation enforced on a per country basis. The EU wrote it and the EU guarantees / enforces that all member states enforce it.
Therefore, talk to your local DPA. For example, in The Netherlands, you'd talk to the "Autoriteit Persoonsgegevens" (translated: Personal data protection agency"). All EU countries have some sort of governmental institution, usually named something along the lines of 'data protection agency'. As per the article, the one in Ireland is called "Irish Data Protection Commission (DPC)" – and they took the lead on blocking FB Dating.
yes, and no. Some sites use DNS to route traffic to different servers for different regions. For instance you could have you site hosted on 2 different data-centers. 1 in EU and 1 in US. And then make US-centric DNS route traffic for your site to the US-datacenter and he EU-centric-dns to EU-data-center.
I'm glad I'm not the only one who couldn't figure out how to decline consent. I gave up; now, when I see "guce" at the beginning of the hostname, I bail.
I always find it baffling that news pages are amongst the worst offenders regardings tracking (at least that how it feels). Here in Germany we have news pages like Spiegel Online, whose journalists criticise Facebook et al. in quite harsh words, but you can't read any of these articles without loading a bazillion tracking cookies on your browser.
This probably stems from the seperation of webpage tech, advertising and newsroom, but it strongly feels for me that these newspapers are not living by the values they preach.
> it strongly feels for me that these newspapers are not living by the values they preach.
This isn’t as big a problem as people make it out to be. Their role is to report. If they are corrupt but still report on corruption, then they haven’t failed as journalists, merely as an organisation. If they violate privacy, but still report on it, same deal. We can denounce them while still appreciating their actual reporting.
Problems arise when their nefarious behaviour affects the actual reporting. But, ironically, the more hypocritical they are (i.e. the more they report on the thing they do wrong) the less likely that is.
I’d say with every damnation of a news organisation for their privacy violations, we should in parallel celebrate their dedication to report on that which they are guilty of. The alternative of total silence would be worse.
> If they are corrupt but still report on corruption, then they haven’t failed as journalists.
In this specific case, yes, I think they have failed. It's different when you're a non-vegan writing about veganism and critizise non-vegans.
It's not okay to be corrupt and condemn corruption in your article. I can't take your opinion seriously if you don't live at all by the values you seem to protect or preach for in your writing...
“ Tu quoque (/tju?'kwo?kwi, tu?'kwo?kwe?/;[1] Latin for "you also"), or the appeal to hypocrisy, is an informal fallacy that intends to discredit the opponent's argument by asserting the opponent's failure to act consistently in accordance with its conclusion(s).”
A moral framework is only useful if it can be adhered to. If we define "good" as a standard that can't be maintained it ceases to be a valuable definition.
Sometimes "whatabouism" is just trying to make sure that the standard being demanded is based in reality and can be maintained by others who find themselves in the same position.
Hypocrisy has value in instances like addiction. As an addict I could advise against certain behaviors or whatever.
This is different. They are taking part in the same behavior they are calling out as detrimental while being detrimental to the people they supposedly giving advice to.
It’d be like a addiction counselor selling addictive substances to people the counselor is advising about addiction.
10 years ago there was a lot of loud voices calling for the news industry to join the 21st century in regards to their technology and publishing practices.
They have.
I’ve think we’re all in glass houses on this one because we’ve helped make Google and Facebook into absolute juggernauts by letting them track the hell out of us while continuing to use their products. It shouldn’t be surprising that a struggling industry like journalism would follow suit.
> Here in Germany we have news pages like Spiegel Online, whose journalists criticise Facebook et al. in quite harsh words, but you can't read any of these articles without loading a bazillion tracking cookies on your browser.
There is some good part about this: There is some amount of separation of journalism and business. The journalists should be free to report anything they consider worthy to cover and the business running the site and going out to advertisers etc. doesn't influence this. This is good as it prevents big advertisers from preventing bad reporting. Of course it doesn't fully work, but in Germany it is better than in many other places in that regard.
1. HN's upvote/downvote system. This allows posts that the audience finds more interesting to move to the top. If you don't want to see something, downvote it. If it's on the top that means other people want to see it.
2. The little [-] icon allow you to close an subtree of conversations with a single click.
I absolutely want to hear about these things but maybe in a little tangents section. Though that means more UI complexity. Hiding the thread works well too.
It's gotten to the point where I assume that the top comment on every story about privacy by a news outlet will be about their hypocrisy. It's pretty disappointing. (Almost like tech workers feel defensive and want to change the subject, or that maybe these upvotes aren't in good faith? If the HN audience actually got organized around this kind of thing certain organizations stand to lose quite a bit.)
Surely it just demonstrates the level of feeling at HN that the privacy issue is actually important, and can people please stop posting articles like this. Post a link to outline.com or the internet archive instead if the content is particularly important.
Even if your system doesn't block guce.advertising.com, when you visit this site, you get an obnoxious page saying that you now have a choice whether to grant consent to tracking or "manage options", and then if you select "manage options" it says that there is no option - you must consent in order to view the web site.
This is illegal. Simple as. Flag the post and move on. Complain to the Information Commissioner if you feel like it.
Why is it illegal? If I understand gdpr correctly tracking is okay if it’s necessary for business purposes. If a publisher’s business model is ad-supported then it seems necessary.
> If a publisher’s business model is ad-supported then it seems necessary.
If that were true, everyone would simply claim "tracking is essential for my business" and the law would be toothless.
If they want to show ads for Ford in the car section of the newspaper, that's fine. If they want to show targeted ads provided that I agree with it, that's also fine. But showing targeted ads with no way to opt-out is not allowed.
Laws maybe, though these are set at the EU level (and one might argue about the greatness of GDPR).
Still, the rest of the EU (or at least Germany) is quite unhappy with the enforcement of these laws in Ireland. It is absurd that the Irish Data Protection Commissioner is supposed to control the privacy of most larger tech corporations for the whole EU.
A few years ago, they only had 22 employees and their only office was literally co-located with a supermarket in the suburbs [1]. They got a second office since then and apparently are now at around 100 employees [2], but that is still quite small if you have to control giants like Google, Facebook and more.
So, from the outside it looks like Ireland's "strange relationships" also include privacy matters.
This stuff should be handled at a union level. Seems like low-hanging fruit to me.
As in: I don't think many EU citizens would object to having this being taken from the national level to the union level.
Create a single, strong EU data protection authority, placed somewhere in the union, after the typical competition. I'd suggest Sweden, but would also be happy with Denmark, Germany or the Netherlands.
No, but the Ireland government would surely object, because their cozy and soft relationship / taxes agreement with the tech giants is the only thing that's keeping them in Ireland.
I agree that the Irish government can be too cosy (and too slow on data protection) with big companies but the idea that that is the only thing keeping them in Ireland is ridiculous.
Companies like Apple, Microsoft, Intel, Pfizer and IBM have been in Ireland for decades. They may come for the tax but they stay for the people. It has a highly educated workforce that is very flexible and easy to manage/work with. I've lived and worked all over the world and Irish employees are the easiest and most fun to work with - even compared to the UK. It's pretty simple to get visas for companies. Accommodation can be a bit tricky to sort in Dublin but it's nowhere near as expensive or bad as San Fran etc. People generally don't mind moving to work here as the work/life balance is good and it's a super safe/friendly place for foreigners and families.
It has some industries with significant clusters (pharma, data, aircraft leasing, finance, tech, marketing) a stable political and social environment. It's civil service is generally efficient and isn't corrupt, it's easy to pick up the phone to them or a politician if you have a problem and need advice - even as a small business.
It's also the only native English speaking country in the EU now, cheap to jump on a plane to anywhere else on the continent or the US and has good internet connectivity.
a) you speak Irish English (~English), which is easily understandable by most English speakers
b) Ireland has consistently offered insanely low tax rates to american companies wishing to establish themselves in Europe. (This is coming to an end.)
You seem like you have a bee in your bonnet. Have you spent or worked much in Ireland? You seem to be an expert on both our use of our national second language and what working in the country is like. Or are you you just firing randomly on HN today because you aren't willing to engage with the other points that I made? (I agreed about companies coming to Ireland for tax but staying for other reasons remember)
I thought quite a bit about that line. I ended up editing it to "~English" in the end, perhaps ten minutes before you commented. Don't you think that's fair? Irish English, to me, seems like a distinct/unique language. Very similar to English, sure.
I mean.. I don't think americans are speaking English, typically, if that's any help. They're speaking American, which is a fork of English from some point in time.
"They're speaking a sort of English" certainly sounds demeaning to me. The people in Ireland (and the US, and India, and Singapore) are speaking English -- different dialects of English. And FWIW, many of the divergences between American and British English, such as dropping the 'r' at the end of syllables, are actually changes on the British side after the colonies were formed.
Thank you for being a tool fixating on that one point to distract from the main issue: Hint: it's always about the money, and in this case particularly so.
Fortunately this is not the place where these things will ultimately be decided.
Not agreeing with the parent commenter, but the differences are much less trivial than you’re making them out to be. I used to live with a Scottish guy, and he had to make a considerable effort to be understood at all in America. If we were out and he wanted to say something to me privately, he’d just say it in his normal Scottish English, and nobody else would have a clue what he said. “Singlish” is also very different. I’ve travelled with friends to Singapore who absolutely could not communicate with Singlish speakers.
Oh, no, don't get me wrong. I moved to the UK over a decade ago, and when I first moved here people couldn't understand me. And even after having been here for a year I still occasionally ran into people that I just couldn't understand at all. Even once you get over the accent, there's just an endless list of things that have different names.
But you have but to drop yourself in Iceland or Denmark or Germany or France to realize how close all of our languages really are.
(b) has largely already come to an end. And yet still they come (though if you buy something from Amazon these days the money probably goes via their Luxembourg subsidiary, not the Irish one like it used to...)
Not just that, but there's a good pool of tech talent due to relaxed immigration laws and being an attractive destination and an English speaking country (for the most part).
a) the ability to recruit competent professionals depends a lot on the location (topical example: in Ireland you can easily hire a lot of competent phone support people speaking various European languages, translators and accountants familiar with tax planning).
b) every union member country wants that union money fed into their economy
Which office? Facebook's or the data protection agency's?
EU (more or less) has rules that the countries are primarily responsible for execution of the law and it makes sense that if a local shop causes privacy issues they should be handled by a local authority.
Now companies like Facebook play the system a bit. As first line of defense they claim that their European offices are just resellers of ads etc. and the actual operations are done by Corp U.S. (or Corp Bahamas or something) and for a second line of defense pick the country with the "best" enforcement and taxation track record. That can be done as in order for not each country trying to go after their local subsidiary the country with the European headquarters can go after that HQ for all larger cases.
Now the Irish government is smart - they see that 1% taxes on all of European business of Corp is better than 40% of only Irish business, thus they don't employ overly strict oversight.
Does it make sense for corporations like Facebook? Probably not. But for changing this this requires a unanimous change of EU law in the EU council and getting Irish to agree to that is tough, essentially meaning to pay them subsideries for their farmers or something to compensate.
Also, why to U.S. corps go there besides taxation? Language and common law. Essentially going to UK and Ireland is the easiest for U.S. lawyers to work with, as legal traditions and language are closer than on the continent ... and especially now after (formal) Brexit the choice is simpler ...
It seems like the other replies are missing the point of your question in the context it is asked. Every country within the EU has its own guidelines for enforcing the GDPR, and a regulator appointed to oversee privacy cases. So if you hold infringing data in a German AWS region, it is subject to the German regulator's authority. In a weird kind of statistical anomaly among all other EU countries except Luxembourg, Ireland's regulator has never issued any fines for GDPR violations, and seems to be twiddling their thumbs on incoming cases.
What the other commenter is proposing is a single regulator for the entire EU. Sure, that may be a solution, but it's not the law that was agreed upon.
The Irish regulator has been more active than most, particularly in investigating multinationals. Overall, though, it's unfortunate that this is left up to national bodies; it should really be centralised.
It was garbage anyway. I used it briefly during the first week it launched in the United States and, at least here in Indy, about every fourth girl was blatantly in a relationship. Some even had kissy-face wedding photos in their profiles. Facebook only gives you the option if your profile is set to single but that's just a toggle.
That first week it was also already full of blatantly fake profiles. You're telling me there are three women that look identical to Kevin Smith's daughter and just happened to be at the same red carpet event, with the same dress, in the exact same pose? And then despite me having it set to female it showed me several men that I'm 99% certain were not trans and were either idiots and set their Facebook profile up wrong, or intentionally input things wrong to try and obfuscate their data profile.
It also made the promise (I think they did anyway) of not showing you people you were friends with. It didn't, but it did show me a bunch of my graduating class from 16 years prior and gobs of friends of friends. I saw considerably more people on it that I knew/knew of than I ever did with Tinder/OkCupid/Bumble.
As stated in the article:" Which is either extremely careless or, well, an intentional fuck you to privacy oversight of its data-mining activities. . . . . ". I vote the latter.
The snark isn't helping him as far as I'm concerned. I've filed a couple dozen FOIA requests and I would never write anything like he did. I would consider FOIA requests to be similar because the agency you're requesting information from typically doesn't want to give it up.
Ruben would do well to cut the snark and figure out which regulator he needs to contact. I've had quite a few FOIA requests not get anywhere until I file an appeal. I don't think appeals exist in the GDPR, so contacting a regulator is the next best thing. Ruben has kept reasonable documentation so hopefully it'll be easy for a regulator to send some inquiries to Facebook that could get the request fulfilled.
The snark shouldn't be harming him, so it doesn't matter if it isn't helping him. You can be snarky all you want. If someone is breaking the law, they're not suddenly allowed to do it just because the person calling them out on it did so in an insulting way. This sort of thing is essentially victim blaming: "Well, why didn't you ask them more nicely? Don't you want to get what you are legally owed?" Come on now.
Technically correct. But I think the parent comment was pointing out that, given the way the world is, he's more likely to get his information if he cuts out what feels like grandstanding.
Yes, you're making exactly my point, I think we're in agreement: "Given the way the world is, if the woman didn't dress that way, and didn't walk down that alley at night, maybe she wouldn't have gotten raped."
The requester being snarky is obviously not a valid legal reason for Facebook to not follow the law. But the people who fulfill these requests are human, so you should expect that acting like a jerk probably won't help.
Further, Ruben is mostly being snarky to lower level Facebook employees who probably have little say in Facebook policies. Don't shoot the messenger. This is like being rude to phone support staff because the product is bad. It's not the phone support people's fault. Let's assume good faith on the part of the low level employees. Ultimately the people fulfilling these requests are probably not given enough resources to fulfill all valid requests (this is true for FOIA requests in my experience), so they have to think of (literal) nonsense to deny them. They might even have a quota. Do you think snark is going to help in this situation? I don't. And I think reality is close to this situation. Ultimately the higher level people who set the policies and the budget for the GDPR/FOIA/whatever department are responsible. (And I don't think being snarky to the higher ups is going to help either, incidentally.)
I have zero interest in harassing people. Unconventional replies cause escalation; Facebook’s current staff on this is on a higher pay scale than most.
I’ve made my mails impossible to ignore to the point of there being no plausible deniability; the entire GDPR department is aware by now. Given what you and others wrote above, it should probably be clear what real actions are going on behind the smoke and mirrors on my site.
Not in my experience with FOIA requests. They likely have a process. Your request will be fulfilled either if they can't find a reason to deny it or if fulfilling it is easy for them. Since Facebook is making up a bogus reason and won't bulge, you need to figure out which regulator is responsible and contact them. Your snark is honestly impressive. However, if snark was going to work, it would have worked already. Facebook probably thinks that all you're going to do if they deny your request is reply with snark, so there's no reason for them to do anything in response at present. Words alone can't hurt them.
> Facebook’s current staff on this is on a higher pay scale than most.
What matters is who sets the policies for the company and the budget for the GDPR department, not how much individual employees who respond to the requests are paid. I doubt the people in the GDPR department set their budget and Facebook's GDPR policies on their own.
> I’ve made my mails impossible to ignore to the point of there being no plausible deniability; the entire GDPR department is aware by now.
I agree that Facebook's employees probably aren't ignoring you in the strict sense that they don't even read what you say. Maybe they forward your emails internally with comments like "Get a load of this guy!", but I don't think that's helping you. If anything, it hurts you because they have more people thinking of ways to deny your request.
> Given what you and others wrote above, it should probably be clear what real actions are going on behind the smoke and mirrors on my site.
If by this you mean that you've contacted a regulator or lawyer, good, I'm happy to hear that. I don't see a reason to hide that, however.
Just not putting all my cards on the table for them to see yet, but I will eventually. The tone drew attention to the case from press and local authorities, which resulted in the right people reaching out to me. It's unconventional, but there's a method in my madness.
The snarkier he becomes, the more Facebook employees are going to follow their interpretation of the letter of the law. Ruben disagrees they are doing that.
His solution is to continue to insist that he is correct. He insists they see things his way. They decline, and basically tell him to take it up with the regulators if he doesn’t like their response.
He continues emailing Facebook.
Look, if you tell me I have to do something, and I disagree, you only have two options. Let it go, or escalate. Instead, he continues the exchange, possibly in order to get enough material to drop an outrage bomb.
This is kind of ridiculous, tbh. He has no idea why FB behaves the way they do, except his own personal story about the company. This is the kind of guy who uses Hooters for discriminating against men - maybe they’re technically in the legal area, but they come across as a complete asshat.
Ok, I assume it would help if he could state his demands in more formal and legally actionable form instead of joking and telling fun stories of meeting FB employees at a conference, but regardless:
> Facebook has not replied after three months, even though they are legally required to answer within one month
So, I'm ready to accept everything else is a subject to some legal debate, but this seems like pretty straight-forward violation of the law, isn't it? I mean, shouldn't they be actually punished for it by, like, paying money?
Facebook seems to believe (understand?) that it is part of the new reality where due to their size and revenue the law only loosely applies to them, and mostly at their convenience.
That's not new reality. That is the world we live in. If you're big enough/your product is widespread enough then you get to set the rules. From a practical point of view it even makes some sense. It's up to the authorities (most likely a DPA) to actually do something about Facebook not adhering to the rules.
The guidance on this is clear. Pre-GDPR companies were really good at creating complex processes to deter subject-access requests. So under GDPR any request for your data from a company is a GDPR request subject to all the regulations.
The problem is that the law involved is flawed and doesn't actually allow you to sue and ask for damages.
The best you can do is report them to the country's privacy regulator (ICO in the UK), and well, Facebook, Google and thousands of websites with intentionally non-compliant consent prompts and dark patterns are still around, so clearly they couldn't give a shit.
My personal experience is that they're quick to tell you when your complaint isn't valid or should be referred to another agency, but when it is and they actually have to do their job, it's just radio silence even a year later.
Those are strong assumptions :-)
And the snark has a purpose, it’s what draws the attention of readers and people who follow suit. Dry legalese is seldom read.
Also, note that this was the Irish national regulator. One big problem with the GDPR is that the quality of protection you get is quite dependent on which regulator has jurisdiction, in practice. As Ireland is the EU headquarters of many multinational tech companies, the Irish regulator has a lot of experience with this stuff and is pretty effective.
I'm personally thinking it's sad such resources and effort are expended over something as frivolous as a dating app. If there are significant irregularities it's better to just fine them a couple of billion later. Better for the wallet, too.
When Ashley Madison leaked their entire dataset, not only marriages were in peril, but some people did fear for their lives: LGBQT+ people from states that prosecute people for sexual orientations that deviate from cis. And even in Germany, I could see that some closeted people would feel threatened by having their sexual orientation exposed by a leak.
Dating apps handle data related to what many regard one of the most intimate parts of our identities. You and me, we might not care if our dating habits were exposed, but other people do. So dating apps needs to show that they're up to par.
Not better for anyone who ends up being stalked and/or raped as a result of a badly monitored/regulated dating app, though.
There's a public safety issue here: dating requires interpersonal negotiation for personal intimacy with consent, which in turn implies that a dating app needs to be "safe space". Facebook is notorious for leaking personal information to third parties (typically but not always advertisers). I have no knowledge of specific risks associated with Facebook's dating app, but the precautionary principle should apply in those cases where personal safety is at risk, and the sheer scale on which Facebook operates means that a dating app backed by the big F needs oversight.
It's not good for a lawful state to ignore law and try to get fines afterwards. The role of the state is not that of a profit center, but for upholding the law.
Are they going after the 40+ dating market? Surely the dating app demographic isn't on Facebook anymore, though maybe Facebook is still popular in the 18-30 age range in Europe? I just don't know.
In the UK its certainly not popular with the late 20's crowd. There are still some people hanging on in there but most people seem to have (thankfully) given up on it for anything other than messages and the occasional event.
Facebook was not "blocked" - they voluntarily halted the rollout of the feature themselves. NOBODY told them to do this.
Reading between the lines, someone at Facebook's legal department was asleep at the wheel and forgot to provide the authorities with the required documentation. The DPC nudged them a bit and Facebook hit the panic button.
> Facebook was not "blocked" - they voluntarily halted the rollout of the feature themselves. NOBODY told them to do this.
It sure sounds like the DPC told them to:
> the Irish Data Protection Commission (DPC) — using inspection and document seizure powers set out in Section 130 of the country’s Data Protection Act — had sent agents to Facebook’s Dublin office seeking documentation that Facebook had failed to provide.
That's like saying that I voluntarily left someone's premises after the police told me to leave before I got arrested for tresspassing.
That's how the EU works. You get a warning/advisory, and then you're expected to do the right thing.
If they hadn't done this voluntarily, THEN they would have been fined.
We try to regulate before it goes wrong, instead of running after them. It works better that way.
But if you want to believe that FB voluntarily halted the rollout of the feature, for no other reason that they believed it fell short of privacy guarantees ... Yeah no. FB couldn't give a shit about that, without external motivation.
reply