Memories like this still have force in Europe. I have to believe that their history makes many Europeans queasy about the collection of mass information. It is also easy to see how these laws could be exploited by large companies in Europe for their own commercial interest. Still, these laws have a moral force and US companies are stupid to try to circumvent, belittle, or ignore them. The desire for privacy has deep roots; it is not a nuisance to be swatted away on the path towards maximal profits.
Need I remind everyone how another american company called IBM helped to collect information about people in Germany and how it ended, so it's not strange that germans are "not convinced".
I'm German and it's been a huge ordeal to get my closest friends to migrate to Telegram at least. Signal was debated, but the lack of a good desktop client killed it. XMPP and IRC and all, not with these guys.
Germany has some vocal proponents of privacy ideals, like the Chaos Computer Club, but we also have politicians who pull the very same crap as anywhere else.
I realize it's difficult to get people to change messaging platforms, but if you have such a chance again after sometime, I would suggest trying out Wire [1] sometime. I have been recommending it over the last few months for people to try because it has superior UX (though not on par with Telegram). It has desktop clients, all chats are end-to-end encrypted (there are no unencrypted chats at all) and messages are synced across devices. I'm guessing the end-to-end encryption makes it a bit slow to startup to sync messages. Notifications also seem a bit unreliable or not working as expected (that's why the after sometime before).
Wire also has cool features like doodling and allows voice and video calls too. All this said, Telegram is still the fastest in delivering messages, and keeps adding new features quicker than any other messaging platform I've seen in the last few years (WhatsApp is not a platform I monitor because I left it when it was acquired by Facebook).
[1]: https://wire.com
signal desktop (granted, stupid chrome plugin but official): signal.org/desktop
And the beauty is that these days, the guardians of State Security don't even have to do anything for all that metadata, all these photos, likes and heartfelt confessions of lust and ardour to be neatly digitized... they just have to sit back and (carefully) suck it all up.
Except this time around their "cabinets" are about 850 million times bigger:
It's at best naive and at worst hypocritical to pretend that Europeans care so much more about personal privacy than Americans do while that is going on.
Also, a lot of people feel that the government (in a Western/Northern European country) is mostly trying to protect its society even if some actions are misguided, while it's hard to make a statement about the benevolence of large corporations. Governments ought to be loyal to its citizens, while corporations only answer to their shareholders; their actions have no moral leeway nor are they beneficial to the majority of people. Facebook is not trying to protect society, it's trying to benefit from it.
In most EU countries you are entitled by law to request to see and even demand removal of any data any company has on you at any time. This has been problematic in the past but will clash hard in the future with companies based outside the EU wanting to do business – or whatever name you want to call the activities of internet giants – with EU citizens.
I don't think Europeans really care that much. As evidence I present the title of the article which conspicuously doesn't read "Facebook ordered to stop collecting data on Facebook users".
If people really cared about mass surveillance would they actively participate in Facebook et al?
I don't use Facebook, Twitter, etc, ostensibly because I'm not keen on mass surveillance. But if I'm truly honest with myself it's because I know I'll post things I'll later wish I hadn't.
The problem is: These people weren't using Facebook. They were using WhatsApp which promised to not send their data to Facebook.
I don't use either because I personally think it's silly to assume they won't sell your data to someone, but they did make the promise that they wouldn't.
Facebook has all of that and way more. They even know which sites you visit when you're not on Facebook (think Like buttons and logins and various JS libraries that your browser might request as you browse around the web).
Basically, I started with building bad, hacky clones of Google’s services for myself.
But the resulting set of data is so huge and powerful.
Not only can I find out just from my data where my friends were, and when, also with whom they talked, and when, with whom they’re interacting, etc.
And that’s just for my own data, if I had that set of data about every human... I don’t even want to imagine what’d be possible.
Even the supposed FB shadow profiles would be hard pressed to reconstruct habit information.
Leave facebook, you miss information your friends and family post to facebook because that's enough.
Leave whatsapp - you now can't message with encryption to a large number of your contacts.
But yes, absolutely you should have signal. Everyone should. That's not the reality we're faced with. Whatsapp message to Dad is better than plaintext - that doesn't mean facebook can be as crooked as they like when they provide that.
My hope is that the increasing outrage will drive users to one of the secure messaging applications.
Disclaimer: I have neither a Facebook nor a WhatsApp account.
The difference in this particular case is that Whatsapp made an explicit promise that they would not start sharing their data.
Respect for your privacy is coded into our DNA, and we built WhatsApp around the goal of knowing as little about you as possible: You don't have to give us your name and we don't ask for your email address. We don’t know your birthday. We don’t know your home address. We don’t know where you work. We don’t know your likes, what you search for on the internet or collect your GPS location. None of that data has ever been collected and stored by WhatsApp, and we really have no plans to change that.
If partnering with Facebook meant that we had to change our values, we wouldn’t have done it. Instead, we are forming a partnership that would allow us to continue operating independently and autonomously. Our fundamental values and beliefs will not change. Our principles will not change. Everything that has made WhatsApp the leader in personal messaging will still be in place. Speculation to the contrary isn’t just baseless and unfounded, it’s irresponsible. It has the effect of scaring people into thinking we’re suddenly collecting all kinds of new data. That’s just not true, and it’s important to us that you know that.
Make no mistake: our future partnership with Facebook will not compromise the vision that brought us to this point. Our focus remains on delivering the promise of WhatsApp far and wide, so that people around the world have the freedom to speak their mind without fear.
They "trust me"
Dumb fucks
/ https://en.wikiquote.org/wiki/Mark_Zuckerberg /
OTOH today I read a 10 minute article on an unrelated site about loneliness. When I got to the end of the article an in page popup appeared that said something along the lines of "Liked by 9571 people including your friend John Smith".
I was extremely creeped out. What right does FB have for knowing that I read some article on an unrelated website?
I immediately installed Ublock Origin, blocked facebook.com and messenger.com. My plan is to delete all my cookies and run a separate chrome profile for facebook. Not sure I'll be able to keep the discipline.
Yes I know Chrome saves some of the same data but you can optionally encrypt it and Google at least claims they aren't using for ads https://www.google.com/chrome/browser/privacy/
On the other hand Google's other services like analytics are probably tracking me but so far they haven't been as creepy.
The added friction of signing in every time to check Facebook has had the added benefit of stopping me visiting Facebook unconsciously. The amount of free time clawed back has been substantial!
I'd be interested to see the political pressure it would create. I think the network is strong enough that people won't switch to other apps instantly and there would be a pretty big "just gimme back my WA" outcry which politicians would probably need to respond to.
Obviously the Datenschutzbeauftragte are theoretically independent but I'm sure they'd feel the heat. At least I'd be interested in seeing this play out if a law is being discussed. It won't ever happen but I have a feeling people would want WA enough that it could theoretically be used as a strategy.
Saying "users don't have to use us" after there's already a massive, massive installed base is ridiculous and Facebook knows it. If it were just as easy as switching to another messaging service they NEVER would've paid that much money for Whatsapp. It brings almost nothing unique to the table outside of it's user base/momentum.
Sharing data is what these companies do. The only way to keep your data safe is to use open-source, e2e systems.
Even if you trust any company today, there's no reason you can trust said company tomorrow.
Which would of course limit what they can do with it. And I suspect it's commerical use, not consolidating, that Facebook are more concerned about. :)
The latter collect your data and sell it to third parties. The former collect your data, keep it a tightly-guarded secret, do not sell it to anyone, and use it to make their own product more profitable.
I think the difference is important to keep in mind.
Something on the lines of don't collect any data, besides name, password, email address. This information can never be sold.
I have weird feeling, in the near future, we will find that information/data has been abused. No just abused by marketing/big data, etc..
And I'm not even arguing about the obvious--personal privacy. Although personal privacy should be the number one reason for this hypothetical statute.
I have a feeling, it will be the next big financial insider trading scandal. It will involve people we talk about here-- Google/Bing/FB insiders(the ones who can see individual IP's, and their data.), took all that information, and traded stock upon it.
I have a hard time believing every email that Warren Buffet/George Sorrows/every sussessful trader makes isn't looked at by someone. And it's not just email; it collating search histories, in order to get a "feeling" of where the money to is to be made.
They are then using that info. to invest in stocks, bonds, real estate, etc..
And yes, they will claim we don't care about getting insider info. on investments--we make a killing selling the data to marketers. Why would we do such a thing? Because you can. I would have a hard time not looking at that information, and I don't have a penny to gamble.
I think it will be a huge story.
(Edit to a legitimate question about the poor websites that depend on advertising.)
Yes--I didn't bring up advertising. They could advertise like the old days, like newspapers did. They just couldn't target market their advertising--like they presently do at nausium. I still think they would make their nut. They would still be winners! And yes--I would pay for the right service, if they couldn't manage to compete by being hobbled with not targeted advertising. I paid for many websites before Google made advertising a science.
My post has nothing to do with advertising. I get advertising. Just leave my detailed, personal info. out of it.)
Would you then pay for the services in full that you now could use for free?
How many people will accept the deal, and why doesn't it already exist?
Or to ask a different question, will companies demand $20 for the services instead of offering it for tracking-as-payment? How will they fare against less polished services that are given away for free by people who run it on their spare time?
For example it is forbidden to take organs from people as payment. We could forbid taking certain private data from masses of people as payment.
To be honest I don't mind the mining so much, as long as I know there is some "protection" for my data - as is under discussion here. I do object to annoying poorly targeted ads though.
I don't use them free, I pay with my information. I just don't know exactly how much I'm paying.
I'm happy to pay in either form, as long as I know exactly what I'm paying.
Edit, clarification:
- this does not mean that I want to pay an monthly fee to use pro features on static apps. Anyone who does this instantly loses a star in the review as soon as I get around to it.
- however I also understand and appreciate that I sometimes can pay a higher up front price to support the developer(s) for apps that works offline without a service connection.
- feature keys or even donation addons etc to support further development are also well received. This nicely aligns the incentives for developers/users.
- and finally, for some select projects I would think it would be OK with a subscription that gave me all new features as they arrived.
But I can't see why a company like FB would be interested in offering a privacy enhanced version of this service. What could they reasonably expect a user to pay, 10 dollars a month? User data brings in far more revenue than that 10 dollars per user per month. I would think that 10 dollars is peanuts to them by comparison.
I still think they would make their nut. They would still be winners!
And yes--I would pay for the right service, if they couldn't manage to compete by being hobbled with not targeted advertising. I paid for many websites before Google made advertising a science.
(My post has nothing to do with advertising. I get advertising. Just leave my info. out of it.)
I have a similar prediction. There will come a time when companies with the USP of user data would be struggling to keep themselves afloat. What happens to user data, then? Will the organizations sell user data to keep them afloat?
https://medium.com/foursquare-direct/foursquare-predicts-chi...
Collect any data you want if and only if you have the informed consent of the user. This means explaining in detail what you're intending to collect and gaining permission first (opt-in).
> This information can never be sold.
Sell the information if you want (that was collected with informed consent of the user), but collecting data brings a responsibility of care for that data and liability for any problems that happen because those records were stored.
Doesn't this already satisfy your requirements?
It is, of course, well known that users never read TOS / EULA for software or services.
THERE IS NO ESCAPE. Unless you do what they themselves say you should do if you do not agree with the terms: don't use their services.
And if you've signed in once, it will continue to run, auto update, and collect your information.
Which means either WhatsApp is replaced by something else, or it becomes as regulated as any governmental media.
EDIT: A bank already replaced most of their support channels with a WhatsApp chat.
It IS a utility at that point.
Or as so many others have called out in the thread - you get legislative relief.
The solution here is obviously open-source and protocol based mediums. Proprietary social networks exist to extract data and sell ads. But let's ignore that and give politicians more power to regulate internet services as a whole. I'm sure the German government would love that.
The moment you connect to your WiFi, Google gets the SSID and can relate other devices using it. Possibly (?) the SSID is also known to WhatsApp.
Does it really help much?
You have to disable an obscure setting to get it to stop this behavior.
Here is a very simple idea: next time you talk to one of your friends who works at FB/Goog/etc. ask them pointedly how they can work at a place which obviously lacks any morals/ethics. Their first reaction would be to defend their actions, of course, but if a few people start doing this, my guess is that the message will start going up slowly but surely.
After all, what are they going to do? Stop having friends?
Those are the words that the head honchos at FB/Goog/.. etc are telling themselves about the viability of their privacy violations. At this point, no shame in turning it against them.
US data protection laws are a joke. EU leads the way. We'll see more in the future, I am positive.
Facebook said on Tuesday, after the order had been issued, that
it had complied with Europe’s privacy rules and that it was
willing to work with the German regulator to address its
concerns.
Using the messaging service is a voluntary decision, we have
not forced anybody to use it. Users have an option of opting
out of it.
[0] http://www.bloomberg.com/news/articles/2016-09-20/facebook-f...
[1] http://mashable.com/2016/09/23/india-delhi-high-court-whatsa...
Once a critical mass uses a messaging service, it's not a completely voluntary decision, especially when there is no open standard with interoperable competing apps.
Post office as well.
Can phone operators sell the social graph of users to 3rd parties, then?
It's so dumb...
Indeed. But the difference is that it is legal (and possible) to program a very open (and privacy-conscious) messaging service.
On the other hand, it is completely illegal (in the US by FCC ruling) to develop a completely free and open baseband processor and use it. It is also nearly impossible to set up an alternative cellphone network since you need licenses for using the parts of the spectrum.
This is where the difference is.
When my kid's school requires What's App in order to submit required documents, then there might be a claim that What's App rises to the importance of the Post Office or the telephone.
Yes, it is voluntary, but it would be socially alienating not to be on that service. Here's a relevant talk [0] by Moxie Marlinspike talking about that.
[0]: https://www.youtube.com/watch?v=eG0KrT6pBPk&feature=youtu.be...
On the other hand: Do people who care about privacy very much really get along well with people who don't and force you in subtile ways to use such a messaging service? I rather think it's the completely different mindset of these two classes of people that is socially alienating and the message service is just a symptom (I believe I know what I'm talking about since I think I am one of these very privacy-caring people).
to be honest, if the pressure was just from two individuals, I'd also say something like Facebook.
The real problem here was quoted as "misdirection of the [whatsapp] users and the public" because WhatsApp stated that there wont be any data exchange between them and facebook, when they were accuired two years ago.
It's an interesting ethical debate where the lines in the sand should be drawn (or if there should be any lines at all for that matter) but traditionally some lines exist and there are some things governments feel they need to control on behalf of consenting adults.
Additionally it's a question of discrimination laws in certain countries. If WA gave you the option of opting out but in return not being able to use their service at all that could be seen as discrimination. If you take the stance that personal information are a very essential good that isn't all that unreasonable (once again I'm not making a value judgment only a logical one).
I believe in most societies there's a somewhat solid majority support for the idea that government sets some rules for the marketplace. How many/if there should be any is open for debate but these frameworks exist and are typically backed by majority votes.
The idea that contracts between adults are sacred is basically a libertarian philosophy. Many countries (incl Germany) often limit what contracts can do.
You can also make a case that people did not "freely consent" to transferring data. A click-through multi-page legalise doesn't count as "consent"
Coming from Syria myself, I'm well aware that many countries do not respect people's freedom to contract freely. Doesn't mean that they are not tyrannies. Also, the Whatsapp TOS pretty much says that they can update their TOS whenever and however they want, so when you first try to use it, you should not expect any kind of control over your data, if you care about that, use an open source alternative. I will never understand people who consent to proprietary software TOS and then complain about these TOS changing in certain ways when this is what they are all about. I mean this has been Stallman arguments against proprietary software for like 40 years now. Want complete control? Use free/open source software. Don't care about that, use proprietary software such as Whatsapp. What makes less sense to me is using something such as Whatsapp and demand and expect what only free open source software can deliver.
In my experience, many people don't argue against the war on drugs due to being against any imposition on consensual transactions but because it harms the people intended to help. They'd be fine with it otherwise.
Personally, I have some sympathy for your view, but I'm of the opinion that contracts require meeting of the minds, and that it's plainly obvious that many, possibly most users have no real idea of what they're trading away, evidenced by the fact that the T&C conditions of these services are unreadable and not even expected to be read.
> isn't that the definition of tyranny? Seems more like just the definition of government. The German government seems like both the underdog and the less capricious actor in this case.
I stopped using WhatsApp the moment I read that facebook bought it.
[1]: FT article, looks like it paywalled, link to google cache: "Brussels to tighten grip on web services in telecoms shake-up" https://goo.gl/MFYaIx
Would you rather your child learned which items are hot by scarring themselves each time?
Free markets also include the spread of information and signaling. People can learn from the mistakes from others. It is precisely in a free market where the information gets to be spread out the quickest.
Free market has regulators. This IS the free market deciding.
Edit: My point is that you will not automatically have your privacy violated when a service is acquired by Facebook and most importantly your privacy will not automatically be safe on a service merely because they have not been proven to violate privacy for the time being.
* free,
* end-to-end encrypted
* text and voice chat
* with pictures and group chat and what have you,
* using the Signal/OpenWhisper protocol,
* with desktop and web clients,
* open source (GPLv3, and on github [2]),
* signup with phone number or email,
* based in Switzerland,
* what else can you ask for?
Signal itself of course is pretty good, secure (recommended by Ed Snowden, famously), but not quite as fully featured it seems to me.
[1] https://wire.com
[2] https://github.com/wireapp
EDIT: added license, web client
Developer of Signal says:
> Wire does not use Signal Protocol. They used some of our code, but created a protocol of their own devising that we do not recommend.
It was hard enough to make some people switch to telegram, but at least some of my frequent contacts arrived there. On signal I've been lonely ever since, no Idea how to make people switch again. For PGP I lost my passphrase because no one ever supported it and OTR doesn't work with my phone and nobody uses it...
A problem indeed, that's why I'm begging everyone to install it...
I wanted to use it instead of Hangouts, but I can't if it's 3x slower. They need to do something about it, and they need to do it soon. This has happened since they launched the desktop client, but at first I thought I'd just give them sometime to fix the initial bugs. But it's still as slow as ever.
My guess is their HTML5 app code sucks, so if I were them I'd scrap it and start over with a higher-performance alternative.
That's a fair point. I don't use WhatsApp, so did it asked to accept new privacy policy, terms & conditions or smth? Anyway, I'm happy to see that institutions in Europe take a stance against big corps to protect its users lately.
they played a trick on everyone by hiding the relevant question/info behind an "extra info" button that nobody will ever click
Because the response, from the court order, is always "Facebook and WhatsApp are separeted companies, you are asking Facebook (that has a office in Brazil) to answer for WhatsApp (that hasn't), Facebook doesn't have access to any meta-data from WhatsApp (including which user talked to another one)".
Do you have another link?
The ads could have been much worse.
You may need to find a sane browser for that. Opera 12 does that job fine for me.
It is this last point that I find best remedied by articles like this appearing in widely available media publications. When a discussion is on HN I might learn a lot and reflect upon my choices. When the nytimes and German privacy commissioner start a conversation, I consider that even more valuable.
Hopefully a balanced outcome will occur, but I don't see that as important as the inevitable education that comes with such public debate.
I'm very happy paying 1$ a year for privacy and security.
Whatsapp just re-iterated that they will say anything to fool its users and break their promise.
Facebook should definitely get a fine in billions and should be made to apologize publicly for breaching privacy.
Facebook's data mining allows it to form a profile of your preferences, which political groups you belong to, where you spend most of your time, and who you associate with. This is all potentially damaging information - especially under the right circumstances like the political tumult happening in Turkey.
His opinions and rulings are not always held up by the courts, and the other states' data commissioners (there are fifteen more, plus a federal one) quite often don't agree with him.
Maybe NY State where I live will pass some privacy laws.
It’s a bit like when a restaurant starts out good or bad, and changes under new management: it’s “the same” restaurant and yet it’s really not the same anymore, and consumers may or may not have gotten the memo. And it almost doesn’t matter if it goes through 3 managers, from good to bad and back to good, as the brand has already been tarnished and the damage is done.
I believe strongly that the hard work of hundreds of people shouldn’t be easy to screw up just because the wrong people bought you out, and yet this happens frequently: good projects are killed, and excellent work may end up going nowhere. This is why open-source projects have so much value: they are very difficult to screw up because there is always the option to fork it from a good spot and keep all the good work alive.
If the premise of the complaint is that users connecting with a facebook account didn't explicitly give permission to use the data associated with it then I imagine a swooping change will have to happen with all services that use Facebook, google sign on as they'll have to explicitly gain user's consent to use the exact information they're mining.
You might go, oh well they already do, I doubt it honestly and they likely rely on implicit consent but I can see this having major shockwaves
Lets take the extremes as a beginning..
1. Lets assume every action a person takes is logged. That means every keystroke, cough, heartbeat, meal, path taken etc... for everyone on the planet is tracked somewhere in some system.
2. On the flip side lets say that nothing is logged and we stop using systems that track our behavior altogether.
- What are the costs and benefits to either extreme and where would the people of the future prefer to lie on that extreme? Is there a realistic middle ground?
If the question is about informed consent then I am afraid it's a losing battle. Consumers do not understand even the basic externalities of different behaviors - and even if you printed them on the label it would mostly be noise. So to expect that people will understand all possible negative externalities with sharing data is a bridge too far.
I personally think that more accurate lifestyle data, provided by users to Machine systems, with the purpose of affecting behaviors, based on stated and revealed preferences of the users would be the best long term outcome. Offloading decision making to a machine is the best decision we will ever make as a species - and that requires a lot of training data and other data to optimize.
Otherwise we might as well just go back to everyone being a farmer.
Except for the privacy intrusion from all the other tourists, I suppose :-)