Hacker News new | ask | show | jobs
by SpaghettiCthulu 666 days ago
> FWIW, it's practically impossible to provide that guarantee because the API necessarily provides at least the data point of, "Did they select an option in the permission notification?" ("If yes, what option was selected?" etc.)

Wrong. The status of permissions should not be visible to the page in most cases. Instead, fake data should be returned from them. That would be practical.
2 comments
autoexec 666 days ago
It's always better to give no data (aside from leaving them with "we couldn't collect that data") than it is to give fake data because that fake data will be used against you just as often as real data would. Don't hand companies extra ammo to use against you, or think that you're safe just because they've written an incorrect assumption about you on the bullet. You're still going to be taking the hit.
link
lcnPylGDnU4H9OF 665 days ago
This gives me the idea to add features to target specific types of advertisements and pages for clicks and visits. Actively try to use the data in your favor to convince whatever algorithm that you’re a healthy eater with an active lifestyle.

To your point, unfocused fake data can be harmful to the faker but it seems focused fake data can work against the collectors.

link
autoexec 664 days ago
It really might in some ways, but it's risky. Nobody is using the data they collect on us to help us. They use it against us to help themselves. You could limit the harm caused by one system, but expose yourself to new harms by another. It's also a safe bet that faced with conflicting data, companies and their algorithms will favor whatever information they think would make them the most money. It's still worth considering though, especially if you can get privileged information on how a specific system is using people's data.
link
paulryanrogers 666 days ago
I've heard that fake data, like from AdNausium, just becomes noise as the advertisers know the patterns to filter them out.

Assuming that's true, it seems to waste everyone's time and bits to fake it instead of just not answering or a minimal denial.

link
autoexec 666 days ago
> I've heard that fake data, like from AdNausium, just becomes noise as the advertisers know the patterns to filter them out.

It's actually much worse. That fake data is dangerous because data brokers don't really care how accurate their data is. Even the fake data AdNausium stuffs into your dossier will be used against you eventually, just like the real data will be. If you get turned down for a job, or your health insurance rates go up, or you have to pay more for something than you would have otherwise, you won't even be told that it was because of data someone collected/sold/bought. You sure won't be told if it was fake or real data and you won't be given any opportunity to correct it.

link
greiskul 666 days ago
> If you get turned down for a job, or your health insurance rates go up, or you have to pay more for something than you would have otherwise

It must suck to live in a capitalist dystopia. Dunno why Americans put up with it.

link
adastra22 666 days ago
We don’t. Individualized health insurance rates like that are illegal.
link
autoexec 666 days ago
We do.

> Insurers contend that they use the information to spot health issues in their clients — and flag them so they get services they need. And companies like LexisNexis say the data shouldn't be used to set prices. But as a research scientist from one company told me: "I can't say it hasn't happened." source: https://www.propublica.org/article/health-insurers-are-vacuu...

See also:

> Is it legal? As explained by William McGeveran, University of Minnesota professor of law, and Craig Konnoth, University of Colorado associate professor of law, it is — largely because federal law hasn’t kept pace with the modern, technological world in which we live. source: https://www.chicagotribune.com/2018/08/29/help-squad-health-...

Another important takeaway from that second article is that none of your "protected" HIPAA data is prevented from being sold as long as it's "anonymized" which is a total joke since it's often trivial to re-identify anonymized data. It's about as secure as requiring companies to ROT13 your data before they sell it. It will be used to identify and target you individually.

link
jgraettinger1 666 days ago
> which is a total joke since it's often trivial to re-identify anonymized data

HIPAA doesn't say ROT13 or anything else in particular counts as "anonymized". It's an after-the-fact assessment. If your "encrypted" data is accidentally released, and there's any reasonable suspicion inside or outside the company that it's crack-able, then it's a YOU problem and you need to notify a bajillion people by mail and per-state press release plus large fines.

I think you're being overly pessimistic on the strengths of US regulations on this with regard to preventing deliberate malfeasance, and that most of the stupid we see in stories is really just by accident or individual actors.

link
digging 665 days ago
> Dunno why Americans put up with it.

Have you seen the guns that enforce it?

link
chrisweekly 666 days ago
Where do you live, that sucks less?
link
justinclift 666 days ago
Australia seems significantly better in most quality of life metrics. Many EU countries as well.

The UK doesn't seem so good any more from recent reports though. :(

link
zx8080 666 days ago
It's the democracy. The big capital one.

/s

link
HappMacDonald 664 days ago
> That fake data is dangerous because data brokers don't really care how accurate their data is.

This makes me think that people could make bank by doing nothing at all but generating 100% fabricated data to sell to brokers then. Why bother even collecting it, just have some GPT clone hallucinate some gigabytes of formatted BS. xD

link