Hacker News new | ask | show | jobs
by 1718627440 221 days ago
> As long as you're on _my (online) property_ and using _my services_ I can of course see EVERYTHING you f do

That's fine, but you are not allowed to send me malware, that runs on _my property_ and snoops on _my data_.

Also data doesn't stop being mine, just because you have it. You also can't take photographs of random people and claim this is yours now. That's an important difference between the USA and European countries.
1 comments
dragochat 221 days ago
Well, we'd probably agree on most things... and re the photography example, afaik model release forms work similarly in the EU and US, right?

Now website code does typically run on your device, but I'd say that once you're a paid logged in user you clearly accepted to run it, under the conditions of it staying in its browser sandbox so... if you think it's "malware" then just stop being a customer. Otherwise software has a right to monitor its own operation.

...but yeah, maybe I missed the context a bit, a tracking pixel style tool will likely be used to track not customers but leads, so I do get your point, it gets trickier there and maybe privacy laws have a point there (as long as they stop there... hint: they usually don't!)

link
1718627440 221 days ago
> under the conditions of it staying in its browser sandbox so

I consider fingerprinting my browser, by running programs and measuring the timings and characteristics of the browser to be a side-channel attack on the browser sandbox.

> Otherwise software has a right to monitor its own operation.

If websites would only "monitor its own operation", we would hardly have any discussion.

> if you think it's "malware" then just stop being a customer.

Easier said than done, when >90% of websites do this. Show me a mainstream corporations website, that work without Javascript. You can hardly pay for a train ticket and make an appointment to government services, without these crap.

Also there must be some rules what software vendors are allowed to do, since the average user can hardly reverse-engineer all the websites they (need to) visit. This is what regulations like GDPR try to enforce.

> and re the photography example, afaik model release forms work similarly in the EU and US, right?

It's not about contracting a model, it's about doing a random photoshot in public. People have the right to their own picture here, irregardless of who takes that picture and who posses it.

link