This is still a bit insane to me. If I understand correct, you have to fill a form with a justification why you object, and then Meta will decide if you can be removed from the detailed data collection ?
Privacy is a basic human right, and the strawman argument of "Well don't just use their services then" is ridiculous with their influence. Also them touting to "connected the world"
When in reality is "connecting to world, but only if we can record everything you do"
In terms of Facebook where I live, "Well don't just use their services then" is simply impossible. Almost all of my kids' sports activities and parent groups are on WhatsApp, I have to use it.
Even without the privacy issues it is insane that you are forced to do business with certain corporations in order to fully participate in society. But most people don't care or open alternatives would be more popular.
This isn't unique to WhatsApp/Meta though. Many banks require a smartphone running unrooted Android or iOS. Visa/Mastercard(and AMEX I guess) have a polyopoly(?) on cashless transactions, and have done for my entire life. Many government services here in the UK are provided by private corporations, and have been for a very long time.
Another way of thinking of it is that the value that Meta/Mastercard/Virgin/other companies that fit that description provide is so substantial that they have become intertwined with society.
In my opinion, "fine" is about as far as I'd go. It's neither good nor bad. The real cause for issues over the last 20 years is the lack of sustained funding, and that applies to both public and private corporations.
> for-profit healthcare was a step in the wrong direction.
Using the words "for-profit healthcare" is a distraction from the topic.
GP's have been private since the beginning of the NHS, they're the definition of for-profit healthcare.
On the flip side, Virgin operates many of the major healthcare provdiers as an NHS service provider. I'm not saying that they're incredible, but they're doing it.
The option isn't "public", it's public and sustained funding and investment. Given the govenment of the last decade in the UK, I'm not convinced the situation would be any better if the NHS was more public than it is.
> Almost all of my kids' sports activities and parent groups are on WhatsApp, I have to use it.
My company asked me to install WhatsApp once, but I explained to them why I don't use it, and they didn't have a problem with it. Sometimes, all people need to know is 'no' and most of the time they don't even need an explanation.
that's a nice company, but parent comment had a really important point about depending on Whatsapp for basic social interaction.
most informal social groups, parents included, now communicate mainly on whatsapp. You can naturally say no (i did) but then your kid is left out of most social events unless you're actively syncing with other parents every week to be in the loop (which is what i do and it's excruciating).
Whatsapp as a platform is extremely convenient, which is why other people will have a hard time understanding your reluctance to adhere, it's not uncommon to be seen as eccentric.
so again, congratulations on finding a great company, but there are real issues with the general social dependence on a single invasive platform.
Yeah, I totally understand your point. I had to be the stubborn one to leave WhatsApp and refuse any communication unless they contact me on Telegram.
Some didn't like it at first, but thankfully most of them now love Telegram. I have a “My way or the highway” kinda attitude when it comes to WhatsApp, it has certainly caused problems once or twice, but I'm very firm on my stance against Facebook apps.
Their track record is excellent. Pavel moved away from Russia (and his team of 20 something members too!) only because the Russian government pressured them into giving access to their servers.
WhatsApp is anything but privacy preserving. You have 0 transparency. You can't even prove if the E2EE exists for 100% of the time or just 50% of the time because the binaries are obfuscated. On top of that, their privacy policy and being owned by Facebook says everything one needs to know.
Telegram, IMHO, is the only app that does not compromise on user experience and still provides fantastic privacy control and respects the user data. Sure, it's not E2EE, but no E2EE app can ever do what Telegram is doing at this scale.
I get where you're coming from but Telegram is objectively better than WhatsApp due to several reasons:
- Privacy controls for each user.
- No hard requirement for a phone number.
- Cloud encryption.
- Open Source clients.
- Telegram's track record.
- Business model not revolving around selling user data.
WhatsApp is a black box and nobody has any good arguments for it other than 'supposed' E2EE that nobody knows anything about. The fact that WhatsApp's T&C forbid you from even reverse engineering the obfuscated binaries and Facebook being the force behind WhatsApp, I'm still surprised that people take their E2EE claim seriously.
It's like me promising you that I'm not looking at you, while I stand facing you, right behind you.
> With Telegram you have a guarantee that it is not E2EE in group chats and single chats if you don't opt into a way worse UX/features.
You're saying this as if you have a guarantee that WhatsApp's E2EE is 100% correct. At least with Telegram, I know what data the app is collecting, where it's going and how it's being stored on the device.
> True for Whatsapp as well, it's funded by business accounts and perhaps other parts of facebook
> I'm sorry, but that's not a good example. It doesn't even count as a legitimate client.
why not?
After all the client uses the multi-device API like the official client does
> You're saying this as if you have a guarantee that WhatsApp's E2EE is 100% correct.
I am not saying it like that. I am explicitly saying that with Telegram you have the guarantee that it is not E2EE, while there at least exist the possibility of WhatsApp being E2EE.
I do wonder about that: moving from WhatsApp to Telegram appears to be a case of moving from the frying pan into the fire. To Signal seems somewhere more reasonable.
I would say from the frying pan into the kitchen bench. It's not perfect but it's not yet being cooked.
Telegram is a good compromise. Yeah it's not e2ee.
Signal isn't even a good compromise for most people. I don't know anyone who has stuck with signal in my circles. They've nearly all reverted back their previous service or find a new one.
Personally I treat everything that is sent over networks as public data. So I would never comm anything that needed e2ee via a message service full stop.
I don't think Signal has what it takes to combat Facebook's monopoly. It's more inconvenient than WhatsApp, why would people even switch?
Telegram on the other hand does not compromise on features and user experience and still is able to deliver a system that doesn't disrespect the user data.
I perhaps don't know what I'm missing with WhatsApp, but I use Signal with Android-owning friends (iMessage for everyone else), and no-one has voiced displeasure - indeed it was _suggested_ by many of them, both technical and non-technical as preferable to SMS, so I don't think it can be that bad.
I don't have special insight into either WhatsApp or Telegram, but I think given the founders and jurisdictions in which they operate, Telegram deserves at least the same level of scepticism and scrutiny as TikTok.
I don't think Telegram deserves scrutiny. Not after what they've been able to accomplish and follow.
> indeed it was _suggested_ by many of them, both technical and non-technical as preferable to SMS, so I don't think it can be that bad.
It's not bad of course, but it's extremely hard to get WhatsApp users to switch to Signal than Telegram. Both because of missing WhatsApp features in Signal and the additional hoops like PIN.
I'm Just speaking from personal experience. Signal was also my first choice.
In large swathes of the world, refusing to use WhatsApp means losing contact with the majority of people you know. It's the de facto communications method in many countries.
I live in a country where WhatsApp is used by almost everyone. I uninstalled it 2 years ago and told my contacts that they can find me on Telegram if they'd like to contact me. Most of my friends and family switched to Telegram, and I'm really grateful for that. I don't miss any updates, and I'm able to communicate on a platform I like. In the beginning, they found it odd, but eventually started to like it and some now even prefer it.
Yes, I continue to use WhatsApp because I have fear of missing out.
Missing out on conversations from my extended family, friends (only about 1/4 use Signal and all groups are on WhatsApp), work (the Health Service in Ireland literally runs on WhatsApp), voluntary undertakings (all of which are organised on WhatsApp), organising stuff for the kids (again all on WhatsApp).
So it's a valid fear based on the reality in my social circle and country. Unilaterally moving to Signal means self-imposed isolation.
Okay, fair enough. But presumably the WhatsApp groups are set up on an ad hoc basis by groups of staff - they're not being directed to use it by the HSE?
No, it's an official HSE communications channel. It was already prevalent before the cyberattack, but at that point, nearly all non-clinical comms moved to WhatsApp.
You just get added to the relevant groups by your manager (obviously there's also unofficial social groups) and that's where you'll get 90%+ of rosters, clinical updates, service bulletins, etc.
Taking the consequences works fine if you're not responsible for anyone but yourself.
"Sorry kids, you aren't going to your friends parties or playing sports with them because my ideals conflict with your reality" is not a tenable position.
> Taking the consequences works fine if you're not responsible for anyone but yourself.
Yeah, definitely. I'm just responsible for myself. The day I have to be responsible for others, I'll just immigrate to a country where everybody uses Telegram haha.
Not to worry your kids friends will share that they have a party. If you forbid your daughter from dating a guy they will find there way around that somehow.
I have done my research well and I still support Telegram. I don't think Signal has what is needed to rival WhatsApp.
Telegram is a much better option that does not sell your user data and still has the best privacy options. Where most people like to disagree is the security part, but E2EE is not as important to me as long as my privacy is respected.
I look at this as being more of a hidden blessing. The people I had been actual friends with, not just acquaintances, had no problems adding Signal. It was mostly for expat friends since in my part of the US we just SMS/iMessage, and we have group messages on Signal for the couple of mixed-location mutual friends. They still use WhatsApp for their other contacts but turns out this filtered for the people that cared enough if I were in their life or not.
Even after making the effort to keep up with the ones that only wanted to use WhatsApps, through email or regular text message, they couldn't be bothered. I guess I have moved into the point in my life where I prefer the quality of friends who wanted me around for more than being an extra body to fill out their party guest list (and similar).
Ignoring the red flag the company would require whatsapp, I can easily see a company not forcing you to use it and being okay.
But as op mentioned
> kids' sports activities and parent groups
Try telling your kids football team coach that you object to Whatsapp and your kids friends' parents that you will not join Facebook for privacy reasons, it's a much harder ask, they might say fine, but you can't expect other people to change their behavior based on your beliefs. No matter how right you are.
WhatsApp is the one app that I continue to use by them. Aren't they only able to collect meta-data on the conversations and not see any of the texts themselves? Also, no ads yet, so that's a win for me.
Everytime I've tried moving people over to Signal/Telegram, etc. we try it for a week and then go back to WhatApp because of so many other groups on there....
>Aren't they only able to collect meta-data on the conversations and not see any of the texts themselves.
After seeing the lengths various govts will go to for full text access, I highly doubt it. There is also no way to reliably prove the e2ee claims of WA, so I would remain skeptical.
> Aren't they only able to collect meta-data on the conversations and not see any of the texts themselves? Also, no ads yet, so that's a win for me.
Ha!
I so don't trust Meta.
I wouldn't put it past them to double encrypt your messages and split it off at the server.
Edit: Clarification: Encrypt your plaintext twice, append it, split it off at the server. Send your message on to recipient and decrypt it themselves for their processing enjoyment.
"Simply impossible" is relative once you don't use whatsapp anymore. People will just adjust to send you sms or call you instead for important information.
> People will just adjust to send you sms or call you instead for important information.
Or they won't and you will be left out of things.
Not even out of malice! Obviously your closest friend and family will adapt and keep you in the loop. Bigger looser groups are more dubious. I'm a member of a book club for example. There are of course the scheduled meets, organised well in advance. But also sometimes someone just feels like hanging and posts a message on a whatsapp group that they will be at this or that location and whoever is free is welcome to join. Schedules don't always permit it, but when it works out it is fun!
Now of course if someone from the group so want to meet with specifically you/me they will remember to send a one-on-one message, but there is a power in the broadcast nature of some of these things for organisation.
In my experience this is not true at all, especially in huge groups. I was participating in a co-housing project and after a few weeks the obligatory WhatsApp Group was forming. Immediately some people refused to join and proposed Signal / Threema instead. End of the story, the WhatsApp Group is still alive and the biggest of them all. If you are not part of it you will miss important information. Sometimes it gets forwarded to Signal but it is a rare occurrence.
It only works reliable for messages directly addressed to a person. Then people remember, oh he does not have WhatsApp. I will tell him via signal.
I complained that a sailing club I was a member of used Facebook to organise the weekly activities. They offered WhatsApp as a compromise! It was almost impossible to participate without it, because you needed a safety boat operator on site to sail. In the old days I guess they simply agreed a rota, now everyone is 'too busy' to do that, so a Facebook group is the answer, 'anybody sailing today'.
Anything involving a group is planned through WhatsApp here. It’s also used to push information to large group of people. It’s my main source of news about my extended family and how I learn about spontaneous after work gathering for example.
If I leave these, people are not going to reach out to me about them. I will just cast myself as an outsider and will be left out of the loop.
This is what I call a load-bearing "just". People don't "just". Getting people to change their workflows and habits is difficult. And they certainly won't do it for the single person who decided to opt out of common communications channels. It'll be up to you to actively maintain that relationship. After all, you're the one that opted out of the social contract.
I've encountered this everywhere, even with myself. I'm bad at keeping in touch to begin with. Anyone decided not to use normal means to communicate with me are likely to get missed among the hundred plus other people I know.
I'm not on Facebook, so I'm left out of the majority of my family's communication. The only reason I know anything is I regularly call my parents to get the summary. (It's also a good excuse to call. We always have something to talk about.)
That isn't true, but it's more than that anyway. Even if I don't use any fb service, my friend circle does, and that is enough for fb to build a profile on me, without my consent.
That doesn't sound impossible. Your kids don't even have to play sports. We act like privacy is that important to us but then we go ahead and do things like this.
I'm not on Meta side on this but I actually don't use a lot of services that I'd like to and have real inconveniences because a certain level of privacy is actually important to me.
"Have to" is quite strong isn't it. It is a bit hard to believe. Okay, do what I do if there's something you don't use often and you don't trust it: install it in a VM and spin it up only as necessary.
Jesus christ. What about a random person who doesn't have the tech know-how to do that? Should they just give up on privacy? Privacy is a human right, not a technologically-advanced-person right.
And before anyone says "Well, sucks to not know basic tech stuff", consider the fact that in a world where no-one has privacy, the person using Facebook from a VM is eminently more trackable than in a world where privacy is enforced globally.
I was talking to you specifically, not generally to random people. You're right; that would not be good advice to the average random person. But TARP probably wouldn't care. I hope you would and would have that ability.
> Privacy is a human right, not a technologically-advanced-person right
Yeah I suppose it is, but I'm starting to give up on the idea because all the people who whinge here on HN and elsewhere about privacy won't actually do anything about it, like give up exactly the things that they are willing to pour their life's details into. TL;DR people have to put some effort into securing their privacy and >95% of people won't.
Stop blaming the companies for stealing your privacy when you're giving it away willingly.
I’m not even the OP. Regardless, your entire post is way too defeatist . We can and have made changes that meaningfully improve end-user privacy. For example, Apple’s changes on iOS led to massive reductions in data collected from user apps. This was pushed by people inside Apple.
Similarly, governments can and have pushed for privacy regulations. Not all of it has been successful, but we’re at the first wave of these efforts.
I'm normally the one accusing other people of being defeatist! My problem is that at root, people don't care enough. They'll write reams of text about how unfair it all is what with their privacy being stolen from them, but they won't actually uninstall those very things they complain about. FYI, I don't use any social media except this one, pseudonymously.
If people actually cared enough to do something this would be solved very quickly indeed but they don't.
> governments can and have pushed for privacy regulations.
Depends. The EU has done not badly at all on this, the American government on the other hand…
Even if you avoid it their trackers are on so many sites that its very hard to not have them collect data on you. Even after opting out I doubt they can actually follow through and not know anything about you.
I'm pretty sure it's already been decided that Meta's data collection is a breach of EU laws. Which if true, this opt-out still isn't really going to do anything.
FB doesn't comply with what EU wants, then block it on whole continent. 1 or 2 weeks of annoyance and then we can use whatever alternative is out there.
FB would be hurt so much more by this than EU users (market bigger than US, and other countries would follow), especially long term that they will quickly reconsider their uber-arrogant behavior. Really, who the f*k do they think they are, just another greedy corp run by sociopathic a-holes that will sooner or later be just part of history.
The EU DPO is going to find that Meta doesn't comply with the regulation and it's going to hit them with huges fines. It's more productive than blocking it. If they don't pay up, the court will most probably order asset freezes and cessation of operations in the EU, including blocking thir services. They are legally required to keep EU users' data in the EU anyway.
Remember when they got the biggest fine ever, like 5B (EUR or USD can't remember) and the moment this decision was made public the stock went up as traders had thought the fine is even bigger.
It took 4 years for Facebook's data collection and GDPR bypass mechanism to be ruled illegal. Give it another 4 more and maybe we'll actually see a decent fine?
> They are legally required to keep EU users' data in the EU anyway.
It's not about what you are legally required to do, it's about what happens in practice when you don't. In this case, not much happens, so why would they bother complying?
Going to the toilet is also a basic human right, yet many places don’t have widespread free public toilets. It doesn’t seem like a basic human right has inherent allowances.
There is no right to privacy, you either have it, or you don't. You either stay inside or go out, dress or stay nude, play with data collecting company products or dont. You may build a whole elaborate burocrazy to keep your "rights" intact, but they will corrupt and be captured by financial interest as it always does over a large enough timeline and all you will have is the illusion of privacy accompanied by the incompetence of the machination proping it up, at large expense.
If you want privacy, seek it out, refuse those that take it from you. Incuding Meta.
The violations of these are not the responsibility of the victim. In this case they are the responsibility of Meta.
You seem to be talking about it more in line with if it was a privilege and not a right. Consider a passport, its a privilege and indeed not a right to get one. So you need to seek it out.
Rights however are not sought out, or require some kind of process to achieve them. They're available from birth.
The right to travel freely feels as much a natural right as any, if we are going down that path. In reality the only rights you have are what you are willing to fight for (and win!), or run away to another jurisdiction for. Natural rights are a fiction to make us feel better.
> strawman argument of "Well don't just use their services then" is ridiculous with their influence
I do not use any of facebook's apps or websites
But from what I can see from DuckDuckGo App tracking protection multiple apps load Facebook trackers. Basically there is no escaping facebook even if you don't touch any of their apps.
Have you considered not using their services if you don't want to pay with your data in exchange for their computing power, data storage, engineering time, etc?
> yet most sites still attempt to load FB tracking scripts.
(Emphasis mine)
So yes, they do, and all that's irrelevant victim blaming because it's really unacceptable that this is something the user should have to bother with. It also requires an unusually high level of technical competence just to not get stalked, which is likewise unreasonable.
Aaand another case of big tech acting stupid, misinterpreting the law, just to continue acting like they do, violating the law, a liiittle bit longer, milking that cash cow of mining illegally obtained data as long as possible. No signs of remorse to be expected there. Hopefully this blatant violation goes into the next law suit against them and makes the outcome a bit worse for them.
Meta is way out of line. There is absolutely no way that the EU is going to allow Meta to break the law at scale without regulators throwing a fit. They might even get to be made into an example of what happens when you repeatedly try to knowingly break the law.
> when you repeatedly try to knowingly break the law
IANAL but I'd add "blatantly", "brazenly" or some such here. This cannot be in line with things like "it must be as easy to opt out as to opt in" (paraphrasing GDPR) and they know it.
IMHO this (like, sadly, many examples before from Meta) could be a perfect occasion to pierce the corporate veil. Whoever signed off on this should never be left in charge of customer data again.
> This is the sort of thing that I'd be happy if it wasn't dumped into HN.
I agree with you but the OP has a bit of a point when it comes to the Irish privacy regulator. It's not the EU as a whole but the way they can pick the country that most suits them.
Ireland gets a substantial portion of its GDP from big tech so they are pretty receptive to their point of view and often Ireland has to be persuaded to give higher fines and to perform investigations in a timely manner. Facebook picked Ireland as their base of operations so the Irish regulators are responsible for the entire EU.
It's not just about privacy either. The EU ruled that Apple owed Ireland 1 billion in back taxes they illegally avoided. Ireland fought tooth and nail not to receive this money.
Clearly the EU rule that multinationals can choose the privacy and tech regulator to work with for the whole EU by choosing their main host country is helping them to cherry pick those that are most on their side and this is not helping the effectiveness of these laws.
That's a very far cry from the claim that the EU serves at the pleasure of US megacompanies, in fact it documents the opposite: the US megacompanies try everything they can to game the system but end up being fined by the EU in amounts that definitely move the needle. The GDPR is EU law, not country law.
Whether member states are able to act effectively with companies playing both ends against the middle is another matter entirely and is exactly why the EU is serving its purpose: it forces the whole to act as a bloc rather than as individual states that you can drive wedges between, of course that won't stop parties from trying.
EU anti-trust and EU privacy law has so far served its purpose very well and if they really were in the pocket of big tech I am pretty sure I would have noticed.
google analytics has been deemed illegal by several EU countries, both the data regulators but also courts.
whats happening? where is the EU fining companies and users(companies) left and right?
the safe harbour/privacy shield agreements were invalidated by EU courts, yet data transfer happens in amounts that are unchanged, where is EU? nothing has changed. the EU ignores everything here because they dare not do anything to upset these US megacompanies. Sure, a fine here and there, doesnt change anything.
Yes that's why I said I agree with your overall point.
But laws such as GDPR are only as good as their enforcement. It would be better if there was a European privacy regulator directly under the EU instead of big tech being able to cherry pick the country that gets to supervise them.
But no the EU is not serving the US big tech industry no. I'm just remarking that the system isn't perfect and there doesn't seem to be a whole lot of drive to improve it.
So far most of the rulings have followed the pattern predicted before the GDPR was enacted, and the fines have been rising steadily for repeat offenders.
FB is asking to be made into an example. And yes, you are right, an EU privacy regulator would be good to have but the EDPB is doing a reasonably good job of supervising the member states so far and as the law becomes more settled (and respected) I would expect differences between countries to be leveled. Time will tell.
When the GDPR was rolled out, the message was very clear: our goal is compliance, not maximum fines. So first someone has to complain. Then they investigate. If things are not OK, you first get a warning, and if you get your act together, all is good. If you don't, you get a fine, and the fines will escalate.
So it takes a bit, by design and intention. But it will get there, and 4% of global revenue is nothing to sneeze at...
Is there some sort of inside information about EU process around Facebook that you want to share here, or is this just generalized bashing of people who have negative outlooks on particular institutions as cynics?
Trolls will troll I guess. Let's reverse that: how about you show us how the EU is controlled by Facebook instead?
Seriously, the degree and number of dumb comments on HN has been going through the roof lately and I'm getting quite fed up with it. You can have a negative outlook on the EU (assuming you're informed enough to have that outlook in the first place) but to make a blanket claim that (US!) megacompanies control the EU is beyond ridiculous and then to have to defend against even dumber comments like yours in the style of 'when did you stop beating your wife' takes the cake.
The person who makes the outrageous claim gets to defend it, not the other way around.
> meta knows that they are far far more popular in the population than politicians, and politicians know that if they were to effectively stop facebook, the blowback would be immediate.
I'm not convinced that's true. I think most people quite dislike Facebook these days. And I know hardly anyone (of any age demographic) who uses it regularly. Popular opinion on Instagram is less negative but declining. People do still use WhatsApp and Facebook messenger, but I don't think switching would be seen as a big deal if these were banned (just like everyone suddenly installed Zoom in 2020). The only reason they have sticking power is because of network effects.
>meta knows that they are far far more popular in the population than politicians, and politicians know that if they were to effectively stop facebook, the blowback would be immediate.
If Facebook doesn't want to operate in a region where they're unable to accept payments from local residents that's their business.
what do you honestly think would happen? facebook says "we cannot serve the EU because your politicians made it illegal". People would immediately demand facebook be put back, and the politicians would have to comply, or be replaced. They would comply
You are so naive. EU residents aren't stupid and don't particularly like it when foreign companies try to manipulate them, much less ignore the law. Should Facebook choose to pull their services out of the EU the world will keep turning, and people will find alternatives.
> meta knows that they are far far more popular in the population than politicians
Not sure where you live, but in Europe people are generally - with acknowledged caveats and exceptions - but generally speaking behind their governments. Politicians are indeed far more popular than Meta.
Lol no.
That is a great way to have the European Parliament and the Commission to have a thorough look into your data harvesting practices. And lose yet another lawsuit.
Only if it gets applied. And even then it seems to be only based on a year’s worth of revenue, so it may still be a good deal if you can break the regulation for multiple years and only get fined on the basis of a single year, as Facebook has done.
“GDPR sets forth fines of up to 10 million euros, or, in the case of an undertaking, up to 2% of its entire global turnover of the preceding fiscal year, whichever is higher”
Generally speaking, GDPR violations won’t be addressed with a slap on the wrist, apparently
Close, but that 2% is actually half of the maximum:
"The less severe infringements could result in a fine of up to €10 million, or 2% of the firm’s worldwide annual revenue from the preceding financial year, whichever amount is higher."
"The more serious infringements go against the very principles of the right to privacy and the right to be forgotten that are at the heart of the GDPR. These types of infringements could result in a fine of up to €20 million, or 4% of the firm’s worldwide annual revenue from the preceding financial year, whichever amount is higher."
> Background. The GDPR allows to process personal data if a company complies with at least one of six legal basis in Article 6 GDPR. Most of these six options are irrelevant for advertisement. While most companies require users to consent ("opt-in") for the use of personal data for advertisement, Meta (Facebook and Instagram) have tried to bypass this requirement by arguing that the use of personal data for ads is "necessary under the contract" when the GDPR became applicable in 2018. noyb has instantly filed a series of complaints and ultimately won them before the European Data Protection Board (EDPB) in December 2022. Meta got until April to stop the practice.
> One illegal practice replaced by next illegal practice. Now Meta announces to give in against the pressure by noyb, but instead of switching to an "opt-in" system, like Google or Microsoft, they now try to argue the next unlawful option, by claiming that their "legitimate interest" to process user data would override the fundamental right to privacy and data protection of users. This was tried by other companies before, but rejected by the regulators multiple times (see e.g. the Italian DPA on TikTok or the Belgian DPA on the IAB TCF at para 441).
Came here to say this. NOYB are doing incredible work and if you have some spare money, I think it is a good option for a small monthly donation, as I do it.
Hopefully at some point the lever of big monetary sentences will be made use of from regulatory enforcement.
People are much more adaptable than you can think of.
The thing is most people would probably choose the wrong alternative, i.e. telegram, whose communications aren't endtoend encrypted by default, as a replacement instead of more decent alternatives. It wouldn't be a win over whatsapp.
That is the case, but banning it just for a few weeks will change that without much disruption.
Most people are aware that Signal exist and switch the moment WhatsApp stops working.
That was unexpected and unannounced. Saying "WhatsApp will go offline from the 1st of next month" would be very different.
Especially because WhatsApp _uses phone numbers as identifiers_. Switching to Signal or Telegram, which also use phone numbers, would be completely feasible: recreating the same groups would be the biggest annoyance, but you have all your contacts as soon as they install the app.
People will of course be very bothered by losing their chat histories (can you decrypt the backups it creates in Google Drive?), but it won't be an actual show-stopper. And it will teach a valuable lesson on relying on cloud.
… how disconnected from reality must you be to think this is an okay thing to impose on hundreds of millions of people who rely on a specific communication channel to talk to their loved ones? "Oh they'll figure it out and install another app" -- wtf?
I agree it's not great that this is all controlled by Meta but this is what it is now. It will take a long time, or some heavy nationalization, to fix the situation. This mentality of "let's break it and people will figure their shit out" is i.n.s.a.n.e.. You know that "move fast and break things" is a BAD thing when you're affecting the lives of so many, right?
At what point did I say that people would have to figure it out on their own?
For the sake of this argument, assume the premises that (a) Meta, a foreign corporation, controlling the private conversation of hundreds of millions of citizens is not simply "not great" but unacceptable, and (b) that it is necessary to put WhatsApp permanently offline (as opposed to making it somehow safer).
Steps to a post-WA transition:
(1) Publicly gather a list of messaging services that can be verified to satisfy the requirement to act as WA replacements:
- E2E encryption
- Interoperable under the Digital Services Act (critical)
- Phone number-based IDs
- Fully hosted in the EU and controlled by European companies
- Sufficient operational resources to serve > X number of users
(2) Mass send the message to all WA users "Due to new European privacy rules, WhatsApp will shut down on ${today + X months}. You will be able to continue talking with all your contacts through any of the following apps: [ list apps sorted by capacity, click to install ]. You will need to recreate any groups of which you are currently the admin.". Plaster the same message everywhere, send SMSs, etc.
Compared to switching to a whole new currency, or moving a shitload of bureaucracy fully online during Covid, this seems a very reasonable task for a European government.
Ars Technica is not much better. Here are the "always active" non-choices from their own GDPR pop-up ("Powered by OneTrust"). That is to say, you cannot opt-out of these:
Match and combine offline data sources: Always Active
Link different devices: Always Active
Receive and use automatically-sent device characteristics for identification: Always Active
Ensure security, prevent fraud, and debug: Always Active
Technically deliver ads or content: Always Active
If you don't open their "show purposes" window and "Confirm my choices" from that window, then you are also agreeing to:
Store and/or access information on a device
Personalised ads and content, ad and content measurement, audience insights and product development
Use precise geolocation data
Actively scan device characteristics for identification
I see a lot of comments where they prefer telegram over WhatsApp. Surprising part is whatsapp is end to end encrypted by default for all conversations but telegram is not.
I'd add that WhatsApp is mandatory in some parts of the world. Where I live it's probably installed on 99.9% of the phones. All your family, friends, coworkers and customers are on WhatsApp. You want to book a haircut? They will confirm the appointment on WhatsApp. You want to get a quote for anything? They will send the file to you on WhatsApp. You want to know what was your covid vaccine number? The only way is to ask to a bot on WhatsApp. This is actually insane.
I think data collection on the scale of what Meta is doing should just be illegal altogether, or at the very least it should be mandated as opt-in with the opt-in process being filled with warnings and never being the easiest way to get rid of a banner. It should be hidden away under a menu and there should be no banner at all.
The dark patterns used to trick people into opting in need to end. I religiously opt out on every GDPR banner, but even I've accidentally opted in sometimes because the button layout is intentionally designed to be confusing.
If I see a pop-up, especially from "OneTrust", I immediately close the tab and re-open the site in Private/Incognito mode. There are some sites I just reflexively open that way. "Ars Technica" is but one example.
Closing the tab is good, but is it safe to assume, that they wont use fingerprinting, to map your "consent" (more like extortion) to future visits? Also they would still be tracking your incognito browser, if fingerprint is unique?
Linking devices is one of the standard permissions normally. So if you give permission in one window and don't say anything in another, it probably counts as permission for both.
The "if it's free" trope comes up on the regular in these threads. There are numerous examples out there, but off the top of my head, I pay for my cell service, my car's gas, airline tickets, and my rent, and all of those push advertising on me anyways.
While there is an argument for a product needing a revenue stream to survive, paying for a product clearly does not save you from ads and data collection. The company is there like Bilbo Baggins, holding the One Ring, and asking itself, "After all, why shouldn't I have both revenue from the customer and the ad revenue?"
Well, I wasn't the GP but I see their point. Because today, buying a product isn't enough. Subscriptions and rent-seeking is where it's at.
Once you've bought a smart TV, it shouldn't really be any of Roku's business what you watch, but you basically have to airgap any brand of "smart" TV to avoid data collection.
Cars are much more computerized nowadays, so it would not be a stretch to imagine they have data harvesting software somehow (especially in light of Volkwagen's emissions test cheating); but if I've bought a car, it's mine, so why allow that? And then there's Ford's idea to have self-driving vehicles drive them back to the dealership if you miss a payment, which is a lot less time-gracious than missing utilities or anything like that.
The last time I paid for a laptop with Microsoft on it I still got ads shoveled in my face, and of course there's all the telemetry to deal with. Apple had that drama a few months back with people not being able to launch certain apps because some connection to their servers wasn't being made that would allow it, and Apple products go for premium.
It would seem rather prudent to assume that if you buy a product and it is electronic, there is probably some mechanism to transmit data to the manufacturer, because IoT and profit and why the fuck not.
No, this form is about right to object. It isn't about consent because consent is not needed for legitimate interests, which in this case is to offer personalized advertising.
This form lets people object to the use of their data for a legitimate interest.
I find it incredible that they are bold enough to try to pass this as legitimate interest when the Internet Advertising Bureau (IAB) is currently neck deep with the Belgian DPA over that very matter.
Legitimate Interest is supposed to be used for thinks like fraud prevention, not for added value things like highly target advertising that requires building a profile of a user.
I agree. From reading the text it appears legitimate interests was not intended to cover tracking for advertising purposes. However some government implementations specifically talk about it as likely allowed (uk) and in practice it seems to be on all the ridiculous popups now. If it is allowed for this expanded scope it completely defangs a lot of the gdpr.
I think some major differences between Meta and IAB is that IAB was sharing the data with other companies where Meta keeps your data to themselves. Additionally as a part of personalizing the non ad posts on ones feed the data is already being collected and processed. Showing a relevant ad isn't much different privacy wise than showing a relevant post. Tracking how you interact with a post isn't much different from tracking how you interact with an ad post.
This is a completely circular argument which also happens to completely miss the point.
1. They want to show personalized adverts
2. So they collect and process the data to do so
3. And therefore because they've collected the data, they must be allowed to show personalized adverts.
Aside from it being complete nonsense, the contention is around the 2nd point. They should NOT be allowed to collect and process the data for that purpose without permission, which EU courts have repeatedly stated.
GDPR obliges them to delete your data upon request. But I'm not sure how well Facebook/Meta complies with this. This post from 4 years ago doesn't sound encouraging: https://ruben.verborgh.org/facebook/ Does anyone know if they've improved since then?
I'd deleted my Facebook account years before, but after that begrudgingly signed up to Facebook Messenger because my friends insisted on using it (which are separate accounts apparently).
At some point, a couple of years ago, I decided enough was enough (probably when they forced me to accept some new anti-privacy EULA which otherwise blocked me from using Messenger Lite).
There was no delete account option in the app that I can remember. I searched and searched for at least an hour. Facebook's support site was a labyrinth of circular links that edged around actually deleting my account. I had no Facebook account, so I couldn't log in to delete it on the website's account settings.
I just wanted an email I could send the request to.
I finally found one for a data protection officer or some sort. Sent them an email, got another one back redirecting me to the website.
Obviously that wasn't helpful, so I sent them one of those GDPR deletion templates.
Didn't hear back, and checking a few months later, my account was still accessible.
The EU has now made clear that this isn't compliant. A data removal request does not have to be via a form - it can be to any employee via any communication method, and does not have to use any special legal wording. [1]
You can show up at one of their offices and tell their janitor, and they should still comply.
That's why most companies now train every employee how to handle users requesting deletion (usually by forwarding the request to someone whose job it is to action them).
If you have documentation about your process (which the email sent to their DPO should be enough) get in contact with the Data Protection Agency of your country for them to start procedures on your behalf.
I've got some help from Sweden's IMY for a similar case, asked for the removal of my data by emailing a GDPR template, got no answer and no resolution by the company in a few months and contacted IMY who solved it (and fined them).
Data which is not personally identifiable does not fall under the GDPR. Meta will use this excuse for most data which isn't tied to an active facebook account.
"Tracking" is a bit different, if I go to a big news site, that happens to also serve FB ads - than going to FB directly and complain that they track what I do at their place.
And like I said, if I use a adblocker preventing to load FBs add in the first place, then how can they meaningfully track me in any way?
Do you know if the social media icons that people put in their email signature can also be used to collect data on sender and recipient? I tried searching for information on this a while back but all I got in the search results were tutorials on how to add the social media icons in the email signature 'block'. :/
No, that is already part of the software framework with which the palantir-cattlerattlers drive the large crowd along the "golden path" on the scenario tree.
The cattle does not get to object, reject it or vote on it. The wellfare of the rancher is all that matters and any attempt to disucss that or just turn around, will just "never work out" because of unavoidable infighting. But dont worry, we are not in chicago yet.
Who could have imagined, that stripping your brain naked would make you hackable and controllable, thus turning you into a organic component with an API for behavioural crowd simulations.
deMoohCrazy has begone! And all that is a best-case-scenario.
I don't see it as stupid. I see it as an intentional delay tactic to maneuver around a regulator which, so far, acts far too slowly and imposes weak fines in response to flagrant privacy lawbreaking.
As long as Facebook can treat the fines as a cost of doing business they're happy. That, and as long as their (bullshit) value proposition of personalising ads by collecting as much personal data as possible is unaffected.
It hasn't for 5 years, and if their business is inherently incompatible with the regulation, then making some money from spiting the regulation for as long as possible is better than complying and not making money to begin with.
I don't see how this flies as even Google was recently forced into compliance by the French recently to have an actual functional top level reject all.
Have they completely lost it? I kept a facebook account just to stay in touch with people, but following this madness I will simply find other means to do so and completely shut it down. This is ridiculous.
When the EU introduced the ability to opt out of being forced to save cookies on devices, malicious or lazy companies adopted hostile user unclicking forms.
The same is now true of Facebook. Capitalists will always be against the convenience of users.
The user-hostile forms aren't actually compliant with the regulation - any form that makes it easier to accept than to decline is against the GDPR and would not count as valid data processing consent, thus you may as well not have one and track by default.
The reason those forms proliferated is because a few snake-oil vendors (TrustArc, etc) sell fake compliance solutions that merely look compliant but actually annoy most people into accepting which is preferred by their (scummy) customers instead of actually-compliant solutions (would put them out of business or force them to severely trim down the marketing/advertising teams).
Since there is no significant enforcement of the regulation, these practices persist.
In a world where Meta uses user cookies to run targeted advertising: Users see ads they're interested in, and experience no other downsides from that targeting.
In a world where Meta doesn't use cookies to run targeted advertising: Users see lowest common denominator boring ads. None of their life is different in any other way, there's no harm they avoided.
This whole issue is baseless. If the EU wants to purposefully degrade services that half of EU citizens use every day, that's their prerogative, but you're making the world slightly worse.
> In a world where Meta uses user cookies to run targeted advertising: Users see ads they're interested in, and experience no other downsides from that targeting.
So your argument is that you don't believe privacy has any value, and you only care about second-order effects. First: Since you believe that, can I install a camera in your shower? Don't worry, you won't experience any downsides. Second: Users would do in fact experience downsides, because targeted ads exist to get them to spend more money and distort their selection (i.e. if I'm shopping for cameras, I want the best/cheapest camera, not the one that paid the most to get shoved in my face).
What terrible bait, like I'm speaking directly to a man who's sold ads for three decades. "Boring" ads? No one wants to be served ads that manipulate them with "fun" (and we know that what you really mean is "serve the most attention-stealing customer-conversion media"). I won't believe that people consume digital ads by the Meta corporation for fun.
I don't want targeted ads. I'm not interested in anything they have to offer. I will search for things I think I need by myself when I think I need then.
Privacy is a basic human right, and the strawman argument of "Well don't just use their services then" is ridiculous with their influence. Also them touting to "connected the world"
When in reality is "connecting to world, but only if we can record everything you do"