[sbr464]

I’m upvoting and agree in the realistic point you are making, but feel this isn’t the most popular point of view right now? I personally believe info just shouldn’t be captured period, beyond reasons for authentication protection purposes/identifying malicious/off pattern use of my login/auth token. We are releasing a new business/info mgmt product soon that has no GA/full story/user tracking whatsoever. It’s not clear why everyone enables a floodgate of tracking just ‘cause. We are implementing better feedback/reporting channels instead.

[fipple]

One thing that people constantly praise Spotify for is the quality of their music recommendations. You can find so many testimonials of people saying that their "Discover Weekly" playlist suggested them songs which they felt they had been searching for their whole lives.

Needless to say, such accurate recommendations of music, which even close personal friends have trouble doing, is based on building as complete of a psychological profile of the user as possible. There wouldn't be any way to do it without gathering lots of information about your very personality.

Surveillance isn't always bad -- after all, what is a baby monitor?

[xg15]

> Needless to say, such accurate recommendations of music, which even close personal friends have trouble doing, is based on building as complete of a psychological profile of the user as possible.

And then an innovative "security contractor" or "data research agency" makes a backroom deal with Spotify and copies their database of complete psychological profiles. Win-win?

[sbr464]

I definitely agree that certain products create value from tracking, and those should be the exception, as long as everyone involved is ok with it. I don’t really use the recommendations in Spotify, but I don’t think there is a way to use the service in an anonymous/tracking free way (not that it bothers me). I don’t think maintaining a private /purchased collection should be the only alternative to full tracking.

[kungtotte]

GDPR isn't about removing all tracking, it's about empowering users and allowing them to decide for themselves how their data is used.

If someone wants to avail themselves of Spotify's recommendations they have to opt in by sharing their data. So they make an active, informed, decision about what data Spotify gets to use. They also have legal recourse if it turns out Spotify is misusing the data (selling it to record labels, let's say).

We have had an analogous law here in Sweden for ages: if you apply for a permit you're allowed to set up security cameras pretty much anywhere on your property but you have to put up signs informing people that they're being filmed. This is so people can opt into surveillance. 99% of the time it's no big deal that you're being filmed, but it's never secret.

That's a good thing.

[logifail]

At some level, I think one should have privacy concerns with baby monitors ... did your baby choose to opt-in?

(Three kids here, and no, we never used a baby monitor...)

[fgonzag]

I hope the sarcasm is flying over my head here...

[robbiemitchell]

> I personally believe

> It’s not clear why everyone enables a floodgate of tracking just ‘cause.

Have you worked in marketing, product development, or customer support? There are plenty of services that are used to help people generally do their jobs, identify problems, figure out what to build, improve the product, and to enable support folks to support customers.

But yes, there are all sorts of other, third-party trackers and cookies that are not as directly relevant.

[sbr464]

Yes, I have. It’s a tough argument/longer conversation I realize. I feel it’s getting out of hand overall. As technology/saas products make it easier to simply capture everything, including user actions/playback/screenshots, to the point that someone in marketing at X startup is watching my private usage of their app on their MacBook Air somewhere without really caring or realizing how intrusive they are being. I realize 99.9% don’t intend to abuse or don’t even realize the intrusion, there needs to be a reset where companies take a stand and find greater value in simply not engaging in this low hanging fruit.

[robbiemitchell]

I wonder whether there's also a security compliance component here. For example, if you're SOC 2 compliant, does that preclude casual data review like that? If so, perhaps this will lead to greater demand for that kind of certification.