[pas]

Is there a non-underground FightClub? :)

Also, fighting back against ... what exactly? Ads? The Big FAANG?

This is not the way. It's either beat them at their game (not likely), or building/supporting/using alternatives (eg. Signal, Mastodon, maybe substack? nebula? Librem/microG/LineageOS?), but ultimately it's politics. If "HN thinks" they are too powerful, then "HN has to" influence and persuade people in order to get laws, policies, regulations enacted that control/diminish this power. (Of course if such a grassroots movement gets powerful enough to influence legislation/policy probably at that point the market would respond too, eg. maybe Google would offer a no-track version of their services for cash, or serious competitors would emerge.)

The cynical take is of course a simple good luck, after all "HN" doesn't even have to fortitude to ditch Chrome.

(I hate ads with a passion, and use uBlock, but I don't care about tracking. Sites can and will implement it in their own backend anyway. GDPR/CCPA is the correct level to address the real problem which is handling of personal data [not IP address]. Now it's up to the market and consumer/user behavior to adjust. All these obnoxious consent forms are ripe for "disruption", yet it seems the economic/market value of not being tracked is so low, that it's hard to build a business on it. Though NextDNS is trying, but it's such a small niche, and basically solves nothing ... still, I wish them luck.

If the policy changes regarding "news" in UK/Germany/Australia were not due to bullheaded Murdoch/NewsCorp and regular old media/publishers lobbying, then that issue could be a starting point on which to build something better. But ultimately if every simple view has to be compensated, it has to be tracked.)

[nuker]

> fighting back against ... what exactly?

Personal data harvesting. Its like feeding frenzy right now.

> This is not the way. It's either beat them at their game (not likely), or building/supporting/using alternatives (eg. Signal, Mastodon, maybe substack? nebula? Librem/microG/LineageOS?), but ultimately it's politics.

This is the way lol. Beating them is the only way that actually works, right now. Politics will takes decades, and will lead nowhere, like stupid cookies consent popups. Networking and web tech is too complex to put it into laws anyway.

Lets build better personal defence tools, browsers, routers, blockers, distributed VPNs that are not as easy to outlaw as Tor exit nodes. For example - https://github.com/Eloston/ungoogled-chromium. Add ignoramous CNAME backdooring ways to uBlock-Origin. That kind of ways.

[pas]

Users are willingly giving away their info, they don't care. The vast majority won't ever install an adblocker. And piHole and other complicated defensive tech is great, but irrelevant.

There's no need to put tech into laws. The law is about privacy and consent. Do not call/spam/contact me without my consent, and don't even store/put my contact into a database without my consent. ( https://en.wikipedia.org/wiki/Nothing_About_Us_Without_Us )

Sure, the next step is culling those mindless consent popups.

> Politics will takes decades [...]

It's the only way that really works. Informing people and building a movement.

Otherwise just hiding in the noise makes no real difference to our lives. (Because our friends, family, neighbors, coworkers, etc. will be still tracked, targeted, etc. They won't setup a piHole.)

[nuker]

> It's the only way that really works. Informing people and building a movement.

I see. You underestimate or don't think that tracking today is the issue. Whats leaked cannot be unleaked. So far big tech only uses it for ads. Tomorrow it'll use it for banking, insurance, job applicants assessments, like Social Credit System in China today. Data sources are enormous, movement, friends, calls, chats, emails, purchases, searches and so on. "Person googles for drinking problems periodically since 2014."

So when it does become an issue in real life, it'll be too late, all data is already collected and processed into profiles.

And not only our data. Every school kid with Chromebook and Google account.

PS: Did you see this episode? If not, its my favourite, fun and scary at same time :)) https://en.wikipedia.org/wiki/Nosedive_(Black_Mirror)

[pas]

I typed a long reply, then haven't sent it for a few days ... and now this happens: https://news.ycombinator.com/item?id=26367747

Basically my view is that we urgently need to focus on the real world outcomes, what GDPR actually did. Consent about any storing and processing, so consequences all the way up and down the chain. Data controller, processor(s) and sub-processor(s), and so on.

The technology of data-drivenness is here to stay. Businesses will use it. Consumers will consent to almost anything for a few cents of discount. And that's the next problem. So it'd be great to simply make a few basic marketing data techniques opt-out and very much make the rest require a review/permit from some authority.

----

That said I don't have much to compare "tracking today" against or with. I don't like advertisements in any form. (Billboards, TV/radio/podcast/youtube ads, native or not. Targeted or not.)

Also there are already profiles, databases, and they would be without adtech too. (Just look at China, there is no Google, but they have a surveillance state. Sure, baidu/qq/tencent/alibaba are all having their adtech, and probably the central government have access to whatever they want.)

Big tech or not, there are already fewer protected classes (in labor law) than there should be. Plus if an employer wants to fire someone, they will find some bullshit reason anyway.

Similarly, banks already require a lot of data, a signed paper to verify employment, past transaction history, and there's the whole positive-negative credit score. (And people gladly give consent to receive a small fractional percentage better interest.)

You are likely aware that many non-protected data categories correlate very highly with the protected ones. This puts many people at a disadvantage. (Yet at the same time not everyone has the same income, so not everyone has the same ability to service a loan. Of course the problem is very deep, because we know that the huge income inequality is also very much not because some of us happens to value income a lot more than free time, while some of us value free time more than income, which would lead to a "natural income inequality distribution".)

Tech (big or not) is simply manifesting deep(er) problems. Sure, this is not a reason to not regulate tech. (Quite the contrary.) But I still think keeping things in perspective is important.

[nuker]

https://news.ycombinator.com/item?id=26302019 :))

[Daho0n]

> [not IP address]

Are you saying an IP isn't / can't be personal data or am I misunderstanding the sentence?

[pas]

Kind of yes. In case of a single site storing their own visitor logs (with or without some kind of correlation cookie) is not personally identifiable. At best it's a device.

It could becomes PII or personal data if that same IP then gets correlated to name, address, birth date, etc.

I'm aware that the GDPR for example considers anything personal data that is "related" to an identifiable natural person, but cookies and IP addresses can only become that "indirectly" if someone watches you and your network traffic. (Or retroactively, if someone with that IP and session cookie provides more information during that session.)

Essentially I argue that in a system that doesn't do profiling, doesn't even have the ability to ask for more personal data (eg. name), cannot link IP to a person. So in that system IP address is not personal data.