There are also addons like uMatrix (https://github.com/gorhill/uMatrix) which allow you to selectively block cookies by domain. By default it loads a bunch of ad blocking stuff too but you can turn that off if you really want.
Does this actually count as a third-party cookie if the sears page loads criteo in an iframe (which may be 1px by 1px, and tell criteo that it was invoked by sears)?
"Third-party" is based on the domain shown in your browser's address bar. If that shows sears.com, then domains which aren't sears.com are third-party.
> The CAN SPAM act actually allows direct marketing email messages to be sent to anyone, without permission, until the recipient explicitly requests that they cease (opt-out).
Ladies and gentlemen, let's get this fixed. Spam is not only a waste of resources (bandwidth, time, and money) but it also contributes to malware distribution.
Yeah, this probably isn't going to encounter first amendment issues. It's much more likely that corporate lobbying will be the cause of any resistance to changing the law.
That and the fact that any app you download now adds you to their newsletter list. Just because I wanted to try your app, it doesn't mean I want to get tons e-mails from your company. It's so frustrating I stopped trying apps, and instead only download what I really need and/or trust.
Have you ever tried to make a business out of selling an app online or in an app store? How did you get users?
I definitely don't agree with "tons" of e-mails but a few promotional emails is understandable. I also don't agree with the tactics used in the article, to be clear.
Why is the company's inability to get users my problem? Those emails get flagged and placed in spam, where they belong? Spam is never "understandable". Get an (explicit, non-dark-pattern) opt in or you're spam.
Until Marshmallow it had no permission system at all - every app gets access to everything it wants. That's every contact's full details, your full details, all your SMS messages, your location at all times, your email address (you could see a list of what they access, at least, but couldn't stop them).
It finally became more iOS-like in Marshmallow, but first your phone has to actually get the update, then the app has to actually update to target Marshmallow or above. It doesn't retroactively apply to older apps, and Google didn't enforce that apps start supporting it - they only have to if they want to use Marshmallow specific features.
(You do have the option of manually blocking access in Settings, but you have to actively do it for every app before the app ever runs, and you'll get warnings that the app might simply break).
It's something I've frequently pointed to when Android users said that "Android gets everything first". I was enjoying my permission system back in 2008.
It's the main reason I use an iPhone, it's actually why I switched back after some time using Android (after the iPhone finally got custom keyboards). Finally, as more and more apps update, Android will become viable for me again. However, I still take issue with having to put my real name on app reviews on Android.
Android pre-M had a permission system, it's just that the permissions had to be granted by the user when the app was installed (or updated, if there was a change). Many or most users didn't read the warnings or didn't care. I'd wager most users don't read the new permission dialogs, either, but what're ya gonna do.
It had a "permission system" that in effect did not provide the user with any practical choice. The non-choice was between "install this app and give everything it wants (even in the background)" and "piss off".
I did include that in my comment. The "system" was the list of things the app got access to if you installed it. And that's it. You couldn't grant or not grant permissions, it was just a warning of what was going to happen either way if you installed it. And essential apps like Facebook would ask for absurd permissions like phone.
The only choice you had was "install the app anyway" or "don't install".
Not 100% sure it was Amazon, but a month or two ago I actually got a physical junk mail letter after looking up a brand of dog treat online. (I don't have a dog, it was a random question I had about it.). I'm surprised it doesn't happen more often. You have to expect that nowadays every time you get online there's basically an AI sitting on the other side taking notes.
Amazon uses your Amazon history to target Amazon ads to your interests. That's not the same thing as giving your Amazon account information to a third party.
Maybe I added it at some point, but "criteo.com" is blocked by uBlock on my machine.
Anyway, it's baffling to me that people still defend web advertising. That "industry" is far sleazier and shadier than spammers, but for some reason people here will defend web ads.
I think most people here are defending "web ads qua web ads" (i.e. a picture in a box on a page that doesn't track you or start dancing around your screen), not the realities of most web advertising today. I think it's sad that business models that are based on non-intrusive web ads are becoming increasingly infeasible, but I certainly don't blame users for the current state of affairs.
Probably more evil than the practice described in the article is at the very end. In order to get them to stop, or not start in the first place, you have to give them your email address. So you have to trust them with the very thing you want them to stop abusing. No thanks. The real answer is a very strict ad blocker. On all your devices. Every time you browse.
The only way to keep your personal information safe is to not share it in the first place. Pass all the laws you want and require all the layers of security you can imagine but your data is still not safe; it will eventually get leaked. Either through the actions of hackers, intentional or unintentional leaks, security bugs, or utter incompetence of some human that has legal access to it.
> So you have to trust them with the very thing you want them to stop abusing.
"Fun" fact: I register on sites with addresses like "address-suffix@domain", with a different suffix for different sites. I won't name names, but I now receive viagra-level spam to several of them, which reasonable people would expect to be able to trust. haveibeenpwned.com confirms that one of them, off the top of my head, was part of a breach.
A company I worked for got its email list leaked when the email service they used was breached. The email service posted a "we're investigating" in a blog post on a blog that was soon mysteriously deprecated/taken down.
Microsoft sells the shit out of your email address. If you sign up for Dev Essentials you can't even opt out of emails from "partners" unless you leave the Dev Essentials program (and I'm sure leaving it wouldn't actually stop the emails). The only spam I get at my work email (with spam filtering turned off) is tied to that program.
Not to justify this behavior, but to explain: retargeting (a.k.a. remarketing) has very good conversion rates. As long as people keep "converting" based on retargeted ads, they will live on.
Perhaps it should be noted that Criteo can send the email on the behalf of Sears, without necessarily giving Sears your email address? Small distinction, maybe, but more squarely within the terms and conditions.
I completely agree that this is an abhorrent practice, but I don't believe that legislation is the answer. Just because someone annoys you, does not mean you need to involve legal precedent.
Privacy. Email considerably lacks it. So does web-browsing in general. I don't have an answer on how to get it, but it needs pointing out that this is the real underlying issue.
I wish uBlock knew how to block those. Sadly, I'm not sure you could write software that could blocking those without blocking useful things like a login prompt that pops up if you leave your session idle.
I suppose it could be done via whitelist or blacklist.
https://news.ycombinator.com/item?id=12335168 (615 points, 184 days ago)