Data privacy In tech

Tealk

Active Coder
Jun 5, 2019
133
26
28
SysAdmin
Anzah.Tools
you don’t like google
It's less about me not liking it.

I think an important point here should also be clarification.
It is important that you as a programmer are aware of the consequences of using xy.

There are plenty of examples of a lack of digital conscience: through software manipulation, VW is deceiving millions of diesel drivers worldwide. Autonomous weapon systems will presumably soon decide life and death. Facebook algorithms determine what content a person is allowed to see. The social scoring system in China determines the social acceptance that fellow citizens have of each other. The triggers of such questionable developments are often not the computer scientists themselves, but they contribute to transforming these unethical visions into reality - regardless of possible (civil) social effects.

One may hardly believe it, but for computer scientists there are ethical guidelines like the Code of Ethics and Professional Conduct (ACM) or the Gesellschaft für Informatik (GI). Most computer scientists will probably not even know these or similar codes of conduct.
1.6 Respect privacy
[…]
Only the minimum amount of personal information necessary should be collected in a system. The retention and disposal periods for that information should be clearly defined, enforced, and communicated to data subjects. Personal information gathered for a specific purpose should not be used for other purposes without the person’s consent. Merged data collections can compromise privacy features present in the original collections. Therefore, computing professionals should take special care for privacy when merging data collections.

If computer scientists had followed the "Respect Privacy" guideline alone, there would be no data-collecting networks like Facebook that violate privacy at all today. If every computer scientist would commit himself to consider the possible consequences of his software in the development, the Google of today would not exist. What would our world look like today if computer scientists had followed these ethical guidelines? It's hard to imagine.
But we're currently working on putting what George Orwell described in 1984 into action.

The fact is that computers and algorithms are changing the world like never before. It is therefore essential that we as computer scientists finally become aware of our social and ethical responsibility and begin to draw consequences.



Hence my appeal:
Who, if not the computer scientists, should be able to assess the social consequences created by their own work? Who, if not the computer scientists, should take society by the hand and show alternatives to the surveillance capitalism driven by companies like Google and Microsoft? Who, if not the computer scientists, should set a positive example by boycotting data-collecting, anti-social networks like Facebook and creating alternatives? Who, if not the computer scientists, should question the development of inhuman algorithms? Who, if not the computer scientists, should question immoral or unethical guidelines in the context of their job and clearly name the resulting grievances?

Driven by false role models, power-driven protagonists and profit-driven decision-makers, we have already driven the digital world to the wall. The social consequences are not yet foreseeable. But together we can still manage to transform the digital world into a better one - if we as computer scientists finally take on responsibility! That would be true greatness. It is never too late to decide for the right thing.
 
Last edited:

Ghost

Active Coder
Moderator
Apr 19, 2019
234
94
28
This thread contains many of the recent posts originally made in the following thread...

The discussions here simply did not relate to the helpful tools/resources thread, so I have moved them here.
Please refrain from using the helpful tools/resources thread to continue our prior discussions.
 

Ghost

Active Coder
Moderator
Apr 19, 2019
234
94
28
It's less about me not liking it.

I think an important point here should also be clarification.
It is important that you as a programmer are aware of the consequences of using xy.

There are plenty of examples of a lack of digital conscience: through software manipulation, VW is deceiving millions of diesel drivers worldwide. Autonomous weapon systems will presumably soon decide life and death. Facebook algorithms determine what content a person is allowed to see. The social scoring system in China determines the social acceptance that fellow citizens have of each other. The triggers of such questionable developments are often not the computer scientists themselves, but they contribute to transforming these unethical visions into reality - regardless of possible (civil) social effects.

One may hardly believe it, but for computer scientists there are ethical guidelines like the Code of Ethics and Professional Conduct (ACM) or the Gesellschaft für Informatik (GI). Most computer scientists will probably not even know these or similar codes of conduct.



If computer scientists had followed the "Respect Privacy" guideline alone, there would be no data-collecting networks like Facebook that violate privacy at all today. If every computer scientist would commit himself to consider the possible consequences of his software in the development, the Google of today would not exist. What would our world look like today if computer scientists had followed these ethical guidelines? It's hard to imagine.
But we're currently working on putting what George Orwell described in 1984 into action.

The fact is that computers and algorithms are changing the world like never before. It is therefore essential that we as computer scientists finally become aware of our social and ethical responsibility and begin to draw consequences.



Hence my appeal:
Who, if not the computer scientists, should be able to assess the social consequences created by their own work? Who, if not the computer scientists, should take society by the hand and show alternatives to the surveillance capitalism driven by companies like Google and Microsoft? Who, if not the computer scientists, should set a positive example by boycotting data-collecting, anti-social networks like Facebook and creating alternatives? Who, if not the computer scientists, should question the development of inhuman algorithms? Who, if not the computer scientists, should question immoral or unethical guidelines in the context of their job and clearly name the resulting grievances?

Driven by false role models, power-driven protagonists and profit-driven decision-makers, we have already driven the digital world to the wall. The social consequences are not yet foreseeable. But together we can still manage to transform the digital world into a better one - if we as computer scientists finally take on responsibility! That would be true greatness. It is never too late to decide for the right thing.
I don't really see where you are going with this. Sure, Facebook and Google use data for profit... Just like most other free services do. That's a good business model. I understand that Google & Facebook & others use my data when I use their service... but I am not paying them, so that's the price we pay. That's fine with me. I didn't feel manipulated on Facebook during the elections for example, because I am able to check sources of information, read multiple perspectives, and discern the truth. I don't feel taken advantage of by Google when ads show up that relate to what I have watched/read/searched... that's actually a benefit in my opinion because I would rather see ads tailored to me than random ads that I don't care about.

All in all, I disagree with you that Google and Facebook are awful services that are evil or unethical. They are both incredible companies that have built their businesses on the foundations of capitalism, freedom of speech & information, and have provided services that could not be given to the masses for free like they are without some data analyzing & profiting.
 
  • Like
Reactions: OscarDeer

Tealk

Active Coder
Jun 5, 2019
133
26
28
SysAdmin
Anzah.Tools
freedom of speech & information
In my contribution I even wrote that this statement is not correct.
Facebook algorithms determine what content a person is allowed to see.
But if that's the general opinion here I'm probably in the wrong forum. I am of the opinion that ethical guidelines are an important part of programming.
Please read through ACM once.

All in all, I disagree with you that Google and Facebook are awful services that are evil or unethical.
There is no way to delete or prevent these companies from collecting your data. I am not and was never registered there but there are shadow profiles of me there. Do you find that ethical correct?
 

Ghost

Active Coder
Moderator
Apr 19, 2019
234
94
28
But if that's the general opinion here I'm probably in the wrong forum. I am of the opinion that ethical guidelines are an important part of programming.
Please read through ACM once.

There is no way to delete or prevent these companies from collecting your data. I am not and was never registered there but there are shadow profiles of me there. Do you find that ethical correct?
Facebook algorithms don't determine what content a person is allowed to see.
They remove content that is illegal or against the rules, and that's fine.
Their algorithms determine what content you are most likely to want to see, and that's a lot different than censorship. At the end of the day, there are massive improvements that must be made, but Facebook is nowhere close to being the Baidu of China or another platform engaging in outright censorship.

Why would you want them to stop collecting your data? If you do, just don't sign up for them and don't use them. Data is good... I helped one of our biggest clients collect information on millions of businesses & their owners. I am proud of that. We crawled the web, helped his business conduct legal cold calls, and use a variety of methods to get the best data for his needs. Data is $$$$ and I don't see a problem with it. Shadow profiles are just bits of data that are collected about you because you are using their service. Whether it's their ads on another site, their login forms, or their website themselves, you are using their "services" when you visit a site using Facebook (or something similar). For that reason, it's my opinion that they have every right to generate a shadow profile on you. The profile can be used to provide a high quality advertising experience across the web, and ensure your time using their services is smooth.

I know we fundamentally disagree, but I am a huge supporter of Facebook & Google taking, storing, and using our data. It's one of the only things keeping free services alive. I do not want to imagine a world where there are less free services and networks because companies have no way to earn a profit without charging the customer. This is vital to having open communication across the world. A world without data collection (on FB/Google/etc) means we lose social networks (or people have to pay for them - again, not possible for everyone), we lose YouTube, we lose Google, we lose a lot of things. It would be detrimental to society. The more data corporations can have, the more free services the public can have. 100% privacy died a long time ago - If you want it, you can live off the grid and not use the internet. That's how it is, and how it always will be.
 
  • Like
Reactions: OscarDeer

Tealk

Active Coder
Jun 5, 2019
133
26
28
SysAdmin
Anzah.Tools
They remove content that is illegal or against the rules, and that's fine.
I can't find the post right now but there was something about gray-list and arbitrariness.

but Facebook is nowhere close to being the Baidu of China or another platform engaging in outright censorship
As already indicated with 1984 I do not see us far away from it.

Why would you want them to stop collecting your data? If you do, just don't sign up for them and don't use them.
As already described, I am not logged in there. I even blocked all known google and facebook domains via a PiHole, as well as uMatrix. Nevertheless, there is data from me although I never access their services.
That would be illegal in Germany.
Facebook forces a tracking pixel on people who use their advertising even if the advertising is already over. If you do not extend this advertising, these customers will get advertising from the competition displayed. I think that speaks for itself...

The profile can be used to provide a high quality advertising experience across the web, and ensure your time using their services is smooth.
I don't want to see any advertising.

100% privacy died a long time ago
It's not about percentages, it's about self-determination.
I remember a quote from Edward Snowden on her text:
Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say

But I'm actually interested in the programmer consciously dealing with these techniques
 

OscarDeer

Active Coder
May 24, 2019
251
64
38
github.com
@Tealk, I think there's one thing that you need to understand.

It's that in todays world, you're always going to have Information gathered and stored about you. You can't avoid Data-Collection. How do you think the Bank stores your Credit-Card Details? You give them Information about you in return for use of the Credit-Card. And the same applies to the Internet and big Corporations like Google, Microsoft, Facebook and Apple. You give them Information in return for their Services(Youtube, iCloud, Outlook etc.)

Now, I'm also very conscious about my Privacy and Information being stored by these Corporations. But I still use their Products and Services. I use Android and GMail which are made by Google and I use Outlook and Windows which are made by Microsoft. All I simply do is tweak a few Settings just to limit their Data-Collection about me and then I'm good.

100% privacy died a long time ago
And @Ghost is right about this. You don't have 100% Privacy in todays world.

And the thing is, if you want to use Microsoft Windows, Youtube, Facebook, iCloud or whatever other free Service is out there, you're expected to hand-over Information just for these Services. You can't escape Data-Collection. In fact, even Advertisements collect a small bit of Info about you.

Now, even if I am Privacy-Conscious, I still use the Products made by these Companies. In fact, I actually love Google and Microsoft Products. They're well made and of course, if I want to use them, I have to give-up some Info about me just to use them. Now while it does bother me a bit, it doesn't too much and I still continue to use them.
 

Tealk

Active Coder
Jun 5, 2019
133
26
28
SysAdmin
Anzah.Tools
It's still not about using the products.
For example, I don't use them but have to give my data to Google because fonts are loaded externally. I can prevent that only with expenditure.
This is the point where programmers come into play and e.g. can host the fonts locally instead of loading them from Google.
 

Ghost

Active Coder
Moderator
Apr 19, 2019
234
94
28
It's still not about using the products.
For example, I don't use them but have to give my data to Google because fonts are loaded externally. I can prevent that only with expenditure.
This is the point where programmers come into play and e.g. can host the fonts locally instead of loading them from Google.
Do you think you could explain that a bit better and in more detail.
Websites load maps, fonts, CSS, etc from Google or another provider.
Google or the other provider then sees an incoming request from your IP address / user-agent (browser, device, etc).
They can collect information about you like that, but they still don't have your identity unless they have data from another source, or you have signed up.

If you are using Facebook on a brand new computer at the library, Facebook has no clue who you are unless you log in to their site, or log in to a site that partners & shares data with Facebook. There's always the chance that your browsing history on FB or partner sites can give away who you are, but most of the time this new laptop/library connection scenario would lead to a new shadow profile being created. Of course, if you use that laptop on the same connection (or even not) - you will add data to that shadow profile - if you remove cookies/etc and use a different browser or spoof your user agent, it will mostly generate a new shadow profile separate from the first one.

The point I want to make is that Facebook, Google, etc, have pretty lengthy, detailed, and transparent terms of service. They are opt-in services and shadow profiles are for the benefit of tech as a whole, not a malicious or unethical attempt at getting your data. We use "shadow profiles" in some of our projects to see what pages unique visitors visit, what they do, what products they are searching for, etc. If they sign up, we have the "shadow data" to accompany their new sign up! :)
 
  • Like
Reactions: OscarDeer

OscarDeer

Active Coder
May 24, 2019
251
64
38
github.com
Ah, thank you for explaining that, @Ghost.

I have heard of Shadow-Profiles and I do recall watching a Video about them. It just seems that I have forgotten about them :|

Thanks again.
 

Tealk

Active Coder
Jun 5, 2019
133
26
28
SysAdmin
Anzah.Tools
They can collect information about you like that, but they still don't have your identity unless they have data from another source, or you have signed up.
You are aware that a browser has a fingerprint and with just a few other data you can follow you through the whole internet.

browsing history on FB or partner sites can give away who you are,
And who gave you the right to read my browser history?

or spoof your user agent
Never edit the user agent, this makes you in combination with the fingerprint only clearly assignable.

have pretty lengthy, detailed, and transparent terms of service.
Are you serious? o_O

They are opt-in services
I was just wondering if you've ever dealt with the subject. None of these companies uses opt-in but only opt-out...


It almost sounds like you're getting paid for positive publicity. Think about what this data can do for harm. Maybe not today but in the future.
It's a German text but I think with a translator you can understand that. Perhaps then the danger is better recognizable.
 

Ghost

Active Coder
Moderator
Apr 19, 2019
234
94
28
You are aware that a browser has a fingerprint and with just a few other data you can follow you through the whole internet.
Yes, the user agent. It doesn't tell me your name or address, etc. I can see your browser, device, connection type, etc. I can use your IP to track you or geolocate, but 9.99 times out of 10 I still can't find your name or address, etc. They can follow you, but it still doesn't actually invade your privacy.

And who gave you the right to read my browser history?
When you visit a site, they of course can see that you have visited. If you visit partner sites, of course they can see you are the same person. They can't see you on sites they are not partnered with. For example, Google can't see me visiting a site unless that site uses Google services. I don't see the problem with this.

Never edit the user agent, this makes you in combination with the fingerprint only clearly assignable.
You can spoof the user agent to match someone else's. For web crawlers, occasionally we spoof user agents so that sites don't block us as quickly :) It's not illegal to provide a different user agent.

Are you serious? o_O
Yes, the terms of service on Google/Facebook/etc are all available for you to read. That makes them transparent. They tell you how, when, and what they use your data for.
They are detailed and explain exactly what they are doing.

I was just wondering if you've ever dealt with the subject. None of these companies uses opt-in but only opt-out...
They all use opt-in. You opt in when you agree to their terms of service and join their website. You can opt-out of specific agreements in your account settings, but nobody is forcing you to sign up for an account in the first place. You opt-in when you visit a website that uses Google/Facebook/etc services. If that site does not disclose that Google/FB/etc is tracking you, that's the third party site's problem - not an issue with FB or Google. Shadow profiles are a grey area, but they are used for security & the benefit of the end user with advertising. There's no invasion of privacy with shadow profiles. You opt-in to shadow profiles by going on sites that are connected to FB/Google/etc. You dont have to use those sites. If the sites don't disclose that they use FB/Google services, it's not the fault of FB/Google.

It almost sounds like you're getting paid for positive publicity. Think about what this data can do for harm. Maybe not today but in the future.
It's a German text but I think with a translator you can understand that. Perhaps then the danger is better recognizable.
I am not being paid, I am just sharing my opinion. I create websites for a living and many of our clients pay us to track their users. We use their IP to find their approximate location, we use APIs to find more information about their name/IP/email/phone numbers, and we do a lot of things to get as much data as we can. If someone shares their website with us, we use WHOIS data to fetch their name, email, phone, etc unless they have it hidden. I am a supporter of data collection, but not a paid supporter of it.

That article is not a good example. The registry in use is not to blame. The Nazis are to blame for that misuse. Sure, data can be misused by bad actors, but that doesn't mean the data itself is bad in every case. If Google uses their data to target African Americans, that makes Google a bad actor... it doesn't mean people should suddenly stop sharing pictures of themselves or disclosing their race/ethnicity. You are technically correct that sharing data can lead to bad actors misusing that information, but a world without sharing data is quite boring. Even with encryption, you can't have social networks, text messages, phone calls, search engines, forums, or any other site without data collection. If you had it your way, the internet and all data passed through it would be 100% encrypted at all times, there would be no public pages, no identities displayed, and advertisements would never be relevant.
 

Tealk

Active Coder
Jun 5, 2019
133
26
28
SysAdmin
Anzah.Tools
Could you please change the title? It's not just about the web. Also apps or any kind of programs.

Yes, the user agent.
The user agent and the fingerprint are not the same.

They can follow you, but it still doesn't actually invade your privacy.
If someone is following me on the street, I can also take legal action against it. But not on the Internet.

Yes, the terms of service on Google/Facebook/etc are all available for you to read. That makes them transparent. They tell you how, when, and what they use your data for.
They are detailed and explain exactly what they are doing.
there's a lot that's not listed.

They all use opt-in. You opt in when you agree to their terms of service and join their website.
...
forcing you to sign up for an account in the first place.
Visiting a page and creating an account cannot be compared and it is not an opt-in that the EU has already decided.
After the visit a conscious decision must be made which data may be processed.
If I click on no, the website is not allowed to use any data from me, no matter if user agent, fingerprint or IP address. That would be Opt-In.

You opt-in when you visit a website that uses Google/Facebook/etc services.
So do I agree to conditions that I can only read after I have visited the website? That doesn't sound logical. If I buy something I agree only after I have read the terms and conditions and not before.

That article is not a good example.
If you program something you have to think about what can come out of it.
I can't build a bomb and believe that it will never be used. And that's what it's all about because every programmer has to become aware of what he's doing.

Shadow profiles are a grey area, but they are used for security
So I don't feel safer about just being persecuted.
I'd like to know how that's gonna improve security. It sounds like everyone should leave the front door open so that less terrorism can take place.

You dont have to use those sites. If the sites don't disclose that they use FB/Google services, it's not the fault of FB/Google.
You don't seem to understand the problem. I don't know if Google is used there because I only find out after a visit and then it's too late.

If you had it your way, the internet and all data passed through it would be 100% encrypted at all times, there would be no public pages, no identities displayed, and advertisements would never be relevant.
It is not about the fact that everything is always 100% encrypted but each person should be able to decide for himself. This is a basic right in Germany.
And yes, when I read that login data has been stolen and stored in databases in plaintext, I wonder if the companies have ever heard of encryption.

I rather pay with money than with my data. Unfortunately one cannot do this with 99% of the web pages/Apps.
 
Last edited:

OscarDeer

Active Coder
May 24, 2019
251
64
38
github.com
Could you please change the title? It's not just about the web. Also apps or any kind of programs.
While you are right about this, it's mainly the Web that we are focusing on right now. As for Apps and Programs, it's mainly Mobile-Apps that collect the most Data about you. Of course, you can simply just go into the App-Settings and enable and disable any Permissions or Data-Gathering that you don't want them to do or have. You can also make it so that the App only collects Information about you while you're using it but it will still collect Data about you but that's only when it's being used or running in the background.

Going back to the Web and big Corporations like Facebook, Google, Microsoft, Amazon and Apple, no matter what, they're still going to gather Informaton about you. Even if you try to limit their Data-Collection, they'll still collect a small, tiny bit of Information about you. I myself limit the Data-Collection Microsoft and Google collects about me. Even then, I still use their Products while knowing the fact that they're still collecting small bits of Information about me.

The thing about todays world is that you can't live privately anymore. You have to give Information for Services, including Real-Life Services, just to use them. Even the Government and their Services take Info about you and store them just so you can use their Services or if they need to get into Contact with you. It's the same with Online-Services. You give away your Information in exchange for a Service and in case the Developers/Company need to get into Contact with you. Of course, the Information they store isn't just used to let you Login to your Account or get into Contact with you. They may also use your Information and Search-History to provide Products, Services and Offers for things that you may be interested in. Of course, providing these things based on your Information isn't just beneficial to the Company. It may also be beneficial to you because maybe you were looking for a certain Product but you couldn't find it. Based on what you've Searched, you'll be provided with Advertisements and Offers to use that Corporation's Services and in return, you get what you were looking for.

And as I said, I myself use Google and Microsoft Products on a regular-basis. I use Windows and Android, I use MS Office and Google Chrome and all I simply do is limit the Data-Collection and I'm good to go. Yes, I'm aware that they still collect tiny bits of Information but I still use their Products without any problems what so ever.

Now unless you want to disconnect yourself from the Internet and any other form of Technology or want these Companies to go away then goodluck. The Internet is probably your best source for finding anything and what you may be looking for may not be at the local Library. And as for Google, Microsoft, Amazon, Facebook and Apple, they're not going away anytime soon. Their Products are used by billions of people and since they recieve a lot of money from people who provide their Information in return for the Service, they have enough money to keep afloat and won't go bankrupt.
 

Tealk

Active Coder
Jun 5, 2019
133
26
28
SysAdmin
Anzah.Tools
Of course, you can simply just go into the App-Settings and enable and disable any Permissions or Data-Gathering that you don't want them to do or have. You can also make it so that the App only collects Information about you while you're using it but it will still collect Data about you but that's only when it's being used or running in the background.
I just read a report yesterday on how all these attitudes are bypassed. Very interesting how much criminal energy is used to collect data.

As for Apps and Programs, it's mainly Mobile-Apps that collect the most Data about you.
Don't underestimate that. I have a PiHole in my home network and I am always surprised how much my TV communicates with the outside world. Also programs I use want that again and again.


I am aware that you can't be 100% invisible, I almost exclusively use free/open source software and don't do anything the big corporations produce. I don't have any disadvantages in my daily use so much I find even better.

What annoys me is that there is no way to disagree with the collecting frenzy of the companies.
Clearly when I use there services "for free" I have to assume that they use my data to earn money.
I do not use these services but if I am on a website on which Google is integrated I will be followed by google unasked without me noticing. That is what I condemn.
 

Ghost

Active Coder
Moderator
Apr 19, 2019
234
94
28
You bring up some extremely fair points, but the issue I have with your points is that it's very difficult to provide a solution to them unless companies are willing to sacrifice their entire business model, unless technology is willing to sacrifice security protocols (tracking) for data privacy (no tracking), and unless there are serious overhauls to the way the internet works. I think you are a bit too focused on Google/Facebook/etc... CodeForum has the same ability to track you as any other service. You are on this forum right now, which gives us the following options if we were maliciously trying to store/use your data:
  1. We know your IP address, so we can try to resolve it to a general location
  2. We can see how long you spend on the site and at what time, to possibly confirm the timezone of your approximate location
  3. See how long you are away from the computer on average, possibly figuring out your school or work schedule
  4. We can see all of your posts, possibly figuring out enough information about you to use some social engineering to grab your email, domain, or another account
  5. We have your footprint, user agent, and other shared information from your computer
  6. We can see what websites you come from, possibly allowing us to identify a personal profile page of you or someone you know if you click a link from there
  7. We could put a simple keylogger on the login form to grab your password/email and try it out on other networks
  8. We can see what threads interest you, what you write, and then sell your email address & product/software preferences to an advertising company
  9. Reverse image search to find your other profiles (maybe)
All of this is possible because of data you submit. It's extremely hard to stop tracking people without telling them to stop using the internet.
There's always going to be people attempting to use your data, and we can't just tell companies that they're not allowed to store information about their customers/clients/users. What do you propose for a solution?
 

Tealk

Active Coder
Jun 5, 2019
133
26
28
SysAdmin
Anzah.Tools
We know your IP address, so we can try to resolve it to a general location
Only if it is my real IP address ;)

See how long you are away from the computer on average, possibly figuring out your school or work schedule
I also imagine that to be very difficult, at least for me.

We have your footprint, user agent, and other shared information from your computer
We can see what websites you come from, possibly allowing us to identify a personal profile page of you or someone you know if you click a link from there
I wish you a lot of fun with that, too. I doubt you can do much with the data I leave behind.

We could put a simple keylogger on the login form to grab your password/email and try it out on other networks
That's why I never use the same data. I even thought about using a separate trashmail for each page.

All of this is possible because of data you submit.
The difference is that I decided to do this voluntarily, but if, for example, Google is advertising on the website, I have not voluntarily decided that google gets data from me. I can't know if this is included.

What do you propose for a solution?
But you could force them to install an opt-in. By that I mean real opt in. You enter the page and confirm the tracking. Similar to the cookie hint.
You could force them to store everything encrypted so that no more data can be leaked.
 

Ghost

Active Coder
Moderator
Apr 19, 2019
234
94
28
Only if it is my real IP address ;)
Well yes, Pi hole & Netcup VPS do wonders.

I also imagine that to be very difficult, at least for me.
Yes, I agree.

I wish you a lot of fun with that, too. I doubt you can do much with the data I leave behind.
Maybe, but the internet has a lot of public data available.

That's why I never use the same data. I even thought about using a separate trashmail for each page.
As long as you don't disclose your personal name or email, you're probably fine. Phone & email search on social networks, or even app contact imports can reveal a lot.

The difference is that I decided to do this voluntarily, but if, for example, Google is advertising on the website, I have not voluntarily decided that google gets data from me. I can't know if this is included.
I suppose that you are right, but then I think the solution is that the website should be required to disclose the tracking or at least the services used & a link to the related TOS page. Then users should be forced to confirm they allow it to continue. Or, in an ideal world they could disagree & those services would be disabled.

But you could force them to install an opt-in. By that I mean real opt in. You enter the page and confirm the tracking. Similar to the cookie hint.
You could force them to store everything encrypted so that no more data can be leaked.
Yes, exactly ~ woops, I wrote my little reply for the last quote above before I read this last part. I think we're on the same page here :)
 

OscarDeer

Active Coder
May 24, 2019
251
64
38
github.com
CodeForum has the same ability to track you as any other service.
@Ghost is right about this.

When you Sign-Up for a Forum, you're giving away your Email, Name, Date of Birth(This is required due to COPPA) and Gender. Then of course, as any other Website, they store that Info inside a Cookie for you to login and out of your Account.

But you see, behind what seems like minimal amounts of Data-Collection on a Forum, they're also collecting other forms of Information about you. This includes:
  • IP Address(Which can be traced to your Location)
  • What you Post and what you Read
  • Other Forms of Information that you've written on your Profile(Like your Social Media Accounts and Interests)
those are some examples of what Information is being gathered and stored about you on a Forum.

Now, I myself, used to own a couple Forums and I was able to see every Member's IP-Address. Just think about that for second. I could've used the IP Addresses to track you down. But of course, I didn't track you down. I just stored the IP Address associated with your Account and just let it be.

And the thing is, you're on a Forum right now. So the people who run and moderate this Site have access to see things like your IP Address and hundreds of Logs that print out every single thing you do.

Only if it is my real IP address ;)
I'm assuming that you're using a VPN? If so, what if the VPN-Provider's Database got leaked or broke down. Your IP would be exposed for every Website to see.

I wish you a lot of fun with that, too. I doubt you can do much with the data I leave behind.
You do realise that there is a lot we can do with your Information. We can give it away to the Authorities, sell it on the Deep or Dark-Web, use it to Track you down and trace it back to any other Accounts. And there is plenty more that can be done with your Information. Even if the Information you leave behind is very minimal, we can still use it.
 

Tealk

Active Coder
Jun 5, 2019
133
26
28
SysAdmin
Anzah.Tools
Or, in an ideal world they could disagree & those services would be disabled.
That would be the optimal solution.

Now, I myself, used to own a couple Forums and I was able to see every Member's IP-Address. Just think about that for second. I could've used the IP Addresses to track you down. But of course, I didn't track you down. I just stored the IP Address associated with your Account and just let it be.
I don't know if it's a German or an EU regulation. But an IP address can only be stored for a short time and then has to be deleted.

I'm assuming that you're using a VPN? If so, what if the VPN-Provider's Database got leaked or broke down. Your IP would be exposed for every Website to see.
Exactly for this reason I do not use VPN ;)
I'm not saying it's impossible to locate me either. But I think it's a lot more work than a 0815 user.
 
  • Like
Reactions: OscarDeer

OscarDeer

Active Coder
May 24, 2019
251
64
38
github.com
I don't know if it's a German or an EU regulation. But an IP address can only be stored for a short time and then has to be deleted.


Exactly for this reason I do not use VPN ;)
I'm not saying it's impossible to locate me either. But I think it's a lot more work than a 0815 user.
As for the IP Address, I'm sure it's an EU Regulation. Something to do with GDPR. Now you see, all of my Forums used SimpleMachinesForum. Unfortunately though, I'm not aware with what happened to the IP Addresses. I did also use a modified version of SimpleMachinesForum(https://createaforum.com). This modified version of the Software of course, letted you easily set-up a Forum but it also came with some Settings related to GDPR.

Again, I'm not aware with what happened with the IP Addresses, but I'm guessing that SMF did do some background stuff. Besides, the Site's never had that many Users(Between 2 - 5 Users they had).

And I would've thought you used a VPN. Turns out I was wrong.
 

Ghost

Active Coder
Moderator
Apr 19, 2019
234
94
28
That would be the optimal solution.
I don't know if it's a German or an EU regulation. But an IP address can only be stored for a short time and then has to be deleted.
I don't think it's a regulation in the US. I did read this on StackExchange just now though...
" An IP address in isolation is not personal data under the UK Data Protection Act, according to the Information Commissioner. But an IP address can become personal data when combined with other information or when used to build a profile of an individual, even if that individual's name is unknown. "
 

OscarDeer

Active Coder
May 24, 2019
251
64
38
github.com
I don't think it's a regulation in the US. I did read this on StackExchange just now though...
" An IP address in isolation is not personal data under the UK Data Protection Act, according to the Information Commissioner. But an IP address can become personal data when combined with other information or when used to build a profile of an individual, even if that individual's name is unknown. "
Ah, so the IP Address does not count as a piece of Personal-Data unless it's combined with other Information(E.g. Email, Name, DoB). I don't believe that deleting IP Addresses is a US-Regulation either and I don't believe it does apply to US-Citizens. I think the IP Regulation only applies to the EU and from what @Ghost said, the UK.
 

Ghost

Active Coder
Moderator
Apr 19, 2019
234
94
28
Ah, so the IP Address does not count as a piece of Personal-Data unless it's combined with other Information(E.g. Email, Name, DoB). I don't believe that deleting IP Addresses is a US-Regulation either and I don't believe it does apply to US-Citizens. I think the IP Regulation only applies to the EU and from what @Ghost said, the UK.
Well, I think it's basically saying that an IP address is NOT personal information until paired with other information.
For example, you can store IP addresses without personal data laws coming into effect if you are simply storing the IP for security purposes, Apache logs, whitelist/blacklist (banning) purposes, etc... but if you start pairing the IP with other data it becomes a "personal profile" of sorts where the IP acts as a personal identifier and less of a technical number used for things like banning/logging... and when that happens you must treat the IP address like personal information, so it follows those laws.

Here's an article about the EU allowing websites to store IP addresses for security purposes:
 
  • Like
Reactions: OscarDeer

OscarDeer

Active Coder
May 24, 2019
251
64
38
github.com
Ah, thanks for that. It makes a lot more sense. So if I were to build a Profile out a User's Data, I would have to treat their IP like all of the other Data on that Profile?
 

Ghost

Active Coder
Moderator
Apr 19, 2019
234
94
28
Well yes because the IP stores location data and becomes part of profile. BUt you could have a user profile, and still keep raw apache logs of IP access for security reasons.
 
  • Like
Reactions: OscarDeer