• 0 Posts
  • 15 Comments
Joined 1 year ago
cake
Cake day: June 11th, 2023

help-circle






  • They’re not doing that. They have different ways of tracking you and don’t need to listen to your real-life conversations, because they all (hopefully) know that if they were caught doing that, people would actually (hopefully) be upset enough to demand reform.

    Take for example your location data. Is Google storing your location data? Yes. Are they selling it? I doubt it. Instead, big companies at one point were able to track your movement within stores by using your bluetooth beacon address. IDK if that’s still possible, but that’s more in line with the way these things pan out. Also keep in mind some companies have incentives to keep data to themselves, usually when said company peddles ads themselves. You’re still being tracked and are the victim of targeted advertisement, but your data is more siloed than you think.


  • Reminder that confirmation bias can be really hard to see around. It’s literally one recommendation. About a submarine. Which you probably didn’t talk about for very long. And is something you can’t buy or have a choice in supporting. Let’s be real, Discord and YT as corporations have little interest in furthering the Military Industrial Complex, and anybody who says otherwise better have solid evidence.

    As for the other comment, I don’t see a source that says anything about Discord selling conversational data directly to advertisers. Discord is certainly not a privacy-focused application, but it’s not in their best interest to sell your conversations directly like that.

    As for what they put in their TOS, it’s pretty standard fare. Almost all user-generated content services will have clauses like that so that they don’t get sued, because they’re hosting your data. (reminder: this is not legal advice.)

    The clearest forms in which you will be advertised to are when you search for products, or visit sites with trackers. But even then, your data isn’t necessarily being sold. Google, for instance, is generally not in the business of selling data to other advertisers, because they themselves are an ad business and having their own data gives them a competitive advantage. I tell you this to help you understand why companies are motivated to track you. Youtube, quite frankly, doesn’t give a crap. For YT ads, expect to receive personalized ads, but for video recommendations, it’s far easier for them to just do it based off of other stuff you’ve watched and what other people are watching. I’d be surprised if their algorithm uses external tracking data, because why would they? They have all they need in-house.

    If you and your friend really care about privacy and never want to worry about this again, you’ve got a lot of work to do. Stop using Chrome/chromium/blink/webkit. Use Firefox or one of its more privacy-focused cousins. Disable Javascript on as many sites as possible. Have as few accounts as possible, and delete your Google/AMZN/FB/reddit/YT etc. Use Tor or a VPN to prevent IP-based tracking. Make sure your DNS is 1.1.1.1 or 8.8.8.8, or better yet, AdGuard DNS. And of course, stop using Discord or any cloud-hosted software. Teamspeak, IRC, and Signal/Matrix are good alternatives. Also shoutout to Quassel for a semi self-hosted IRC setup.






  • You know captchas? They’re there because bot activity can be really hard to moderate. So those are there to test if there’s an actual human talking to the website: They try to give a test that only a human can do. The problem is, now that machine learning models can actually do some of those things, like read handwritten words and identify cars vs bikes, we need a new test that only humans can pass. Also, these captchas are annoying to users, and if you’re a website that runs off of clicks and ads, a captcha might piss off a user and they leave, and you get to show fewer ads.

    So, the people running a website have a need to stave off bot traffic, but also not piss off real, legitimate human traffic. One solution is “attestation”, which basically means getting someone else to attest, or plead on your behalf, that you are running on an unmodified device. In a perfect world, Apple would like their phones to be so incredibly locked down that you can only do things that they allow. One of those things would be using an iPhone to do bot stuff. So, since Apple controls what software runs on your iPhone, they can (in theory) prevent you from running bot software. This means that iPhone users would be (in theory) guaranteed safe human traffic. But if you’re a website owner, how do you know that the request is actually coming from an iPhone? Simple. Request the device ID from the iPhone, and ask a question that only an iPhone would know the answer to. This is essentially what web attestation is. From the article: “a way that web servers can demand your device prove it is a sufficiently ‘legitimate’ device before browsing the web” and “your treatment on the web depends on whether Apple says your device, OS & browser configuration are legitimate & acceptable.”

    This has significant implications for the openness of the device you use, as well as the control that you as a user have over how you use the web. The primary example would be adblockers. Apple and Google get to say whether you’re human or not, so if you have an adblocker, Google can just say “no, I won’t attest that this user is human” and you’ll get treated differently. It’s not difficult to imagine a world in which Youtube would just refuse to serve users who aren’t 100% trustworthy, given their recent adblocker experiment. And this is the case for every link in the chain, from the device, to the OS, to the browser (and other stuff you might have on your system), and browser extensions. There are concerns that this will hurt competition in all of these spaces. Built your own computer? Well now you might be considered non-legitimate. Developed your own browser? Haha, definitely can’t get attested.

    tl;dr: Instead of captchas, ask the device if it’s real and unmodified. See above for why this is bad.

    Also see #why-is-attestation-bad-generally from the article. In summary, be especially concerned if you:

    • Use an adblocker or extensions that Google or Apple might not like
    • Built, repaired, or modified your computer/laptop/phone/smart fridge
    • Use an older, less-supported computer/laptop/phone, or one from a smaller brand/manufacturer
    • Like open-source software
    • Like competition & free market for the hardware/software of computers and phones and browsers
    • Don’t like the monopoly of Chrome
    • Don’t like Cloudflare or similar services

    Worth noting that if all this comes to pass, these people aren’t stupid. They will toe the line to make sure not too many people are pissed off. But if you are pissed off, better make noise now, as they almost certainly won’t change their minds later.


  • Transcription:

    Four-quadrant meme

    Upper Left: Chrome Browser Logo; PayPal Honey logo; VeePN Logo.
    Upper Right: Laughing Men In Suits (And Then I Said meme)


    Bottom Left: Fennec F-Droid app icon; Privacy Badger logo; UBlock Origin logo; Decentraleyes logo.
    Bottom Right: “Afraid to loose money stock photo”: Stock photo of middle-aged white male on couch holding three US hundred dollar bills with a mildly frightened facial expression.

    edit: also thanks to the peeps who identified the logos so I didn’t have to reverse image search every single one of them