I look forward to the day when selling user's data requires the user's opt-in every single time a third party wants to access that data. No more "yes to all" or allowing blanket usage in TOS/EULAs.
People who use apps that sell their data should be bombarded with requests to use that data each and every single time, until they either decide the app isn't worth it or the app decides they should try a different business model.
And ad targeting should be included in that. Add a new notifications button to FB - companies that have requested advertising access to me. If I decline or don't answer, I never see their ads.
I don't think their consent is an outlier. Most users are somewhat ok with selling their data in exchange for free services. I mean I use Gmail, Google Search, Google Maps, etc. etc. knowing they hoover up my data because, in the end, I value the ability to have these services for free more than I care about Google's ability to collect useful statistics about me/its users.
> Most users are somewhat ok with selling their data in exchange for free services.
I think you're incorrect. I think most users recognize that they usually don't have a choice: they don't have money to provide for services that they need, so they are _forced_ to use services that are cheaper or free. And I think most users feel helpless to do anything about it because most politicians actively ignore them (because they're poor) or work against them (because not-poor businesses pay politicians), and also because most businesses providing free service do not provide any useful mechanism for human interaction. Ever have trouble with a free service? Your only recourse is to go on social media and complain and hope to catch enough public attention such that someone who works at the company will reply. And even then you're not guaranteed a resolution to your issue.
There's plenty of similarly priced alternatives out there that aren't as abusive as the big ad companies.
The problem isn't just that poor people are money poor. It's that they're also time poor. They're too busy making ends meet to care about this stuff. That Google collects so much of their data would probably not even be on their list of things to care about.
I think you're underestimating the average non-tech oriented user that simply uses. A lot of those considerations might be true for users conscious about data collection, but I'd imagine that's a very small subset of users.
> I think you're underestimating the average non-tech oriented user that simply uses.
While I certainly think it's possible, it doesn't echo with my personal anecdotes of friends and family. They all fit in with "I don't want to be tracked but I'm helpless to stop it!" crowd. All of my family, most of my friends.
> As a user who understands and consents to that request
They can't really consent, because no-one truly understands what it is that they are agreeing to. It is simply not possible to have informed consent about the use, re-sale, re-combination, re-identification, long-term storage, profiling, credit/employment/health/housing impacts, etc. It's not possible to consent because you can't tell what you are giving away about other people who you aren't aware that you're impacting, and don't have their permission to do so. There just isn't any way for someone to say 'I understand and consent' and have it be meaningful.
I do agree that this is probably the bigger issue. A lack of understanding of what exactly you are agreeing to. If that is solved, however, then a continual request for consent would be a non-starter for any service use, making the whole point moot.
Maybe you do, but the vast majority of people do not. In that respect you definitely are an outlier.
Most people don't understand the value that comes from user data, and the potentially damaging effects it might have on their life (Facebook can detect that you are homosexual through your Facebook usage, and if you live in a country where they kill homosexuals you are going to be in serious trouble). Almost no users understand the impact of the third-party doctrine.
There are all sorts of other issues. If you talk to someone suspected of being a terrorist, then you are labeled as a suspected terrorist. Since this bill is about browsing data, if you read articles If you read articles that are seen as being objectionable (imagine reading articles about communism during McCarthyism) then you might be labeled as such even if you were reading them for purposes other than indoctrination. There is a reason that a court order is required to get the borrowing records of a particular library user and libraries cannot sell that information.
> I'm pretty confident that I understand what i'm agreeing to.
Ok, let's explore that. Can you describe, completely, what it is that you are agreeing to? And just so we are speaking at the same level "I agree that you can do anything you want" isn't a meaningful consent.
I consent to my location data being tracked, to the extent that I don't turn it off. Sometimes I choose to, but usually I don't. I consent to Google scanning my email to serve me relevant ads and provide useful information to me about arriving packages and the like. I consent to them monitoring my search habits, to the extent that I choose not to use incognito mode, in order to populate my Google Now feed and again, better target ads to me. I could go on enumerating more things for more companies, but I think you get the point.
There was a time where people willingly consented to being sold as slaves. Did they truly understand? Or was the circumstances "forced" upon it due to having no other options?
If you had to consent for the use of an incredibly popular app, is it really understanding? Or is it capitulation disguised?
> There was a time where people willingly consented to being sold as slaves.
I'm not going to categorically say that that's false, but I find that somewhat hard to believe, except under very contrived circumstances that could hardly be called 'willing' (e.g. "we'll kill your family if you don't"). Do you have a citation for that?
> Most users are somewhat ok with selling their data in exchange for free services.
I'm far from convinced that this is true. Most users don't actually know the extent to which their data is being collected. I suspect that a large percentage of people, if they were informed (and believed it), would object mightily.
I think it's far more likely that people don't want to know. By now I think most people are aware that their privacy is being violated, but feel powerless to do anything and don't want to resist the temptations of using addictive social media etc. They pity themselves for it, and try to ignore that it's a problem.
I agree partly with you but I don't think most users know the extend of information collected from those services, if people saw their profiles as really used by google I believe almost all of them would freak out.
Causing incredible annoyance is obviously the idea. It would drive away users, making business models that relied on it less efficient. It's a great idea.
I really don't understand the extreme hostility to data collection and data markets. No one likes ads, but no one wants to have to pay a subscription fee to every single site on the internet. If I'm going to see ads, I'd rather them be something I might potentially find useful than something irrelevant. If I end up buying their product, the exchange is mutually beneficial and both parties walk away with value from the exchange.
What's really great is that it can really help small businesses and startups over large corporations. Brands like Coca Cola can afford to canvas the world with their logo, but a business with a handful of employees must use their marketing budget very carefully. User data and profiling makes it realistic to find those people naturally through their internet habits.
Even if this is being used by politicians, I don't see the harm. If you think people can't think for themselves in the face of political advertising campaigns, then I don't see why you'd also believe that those same people can be trusted with the responsibility of the vote.
I can understand the need for treating data carefully and making sure the data is sufficiently scrubbed for personal identification, but this issue is something different.
> no one wants to have to pay a subscription fee to every single site on the internet.
If we had a reasonable micropayments system so I could spend a few cents per article I read online from non-subscription sites, I'd be thrilled. I do not want to see ads, ever. I do not want companies collecting or selling my activity patterns. If I've signed up for something, I don't want my personal details sold to someone else in order to fund the service. I will gladly pay my proportion of what's necessary to keep the service running in order to avoid the "you're not the customer, you're the product" mentality.
I totally understand that probably most people don't think the way I do. They are happy to exchange their privacy for free stuff, and in some cases wouldn't be able to afford to pay if this wasn't an option. But it's just sad that's the case.
Right? This is always the false dichotomy that gets put to us. "Either accept the ads or pay me 5 bucks a month"
5 bucks a month??!?! You were making 5 bucks a month off JUST ME WITH ADS?!!!!
But it's not that at all. It's simply that credit cards are so heinously inefficient and unreliable and costly to manage that they need to charge that amount of money to not lose money on average. Dealing with fraud and charge backs and the cut the banks take and the cost per transaction. It's just how terrible of a payment system credit cards really are.
If we were getting charged the actual price of the product, most people would happily pay! Load your browser up with 20 bucks and you'll have unobstructed internet for months.
I think this goal is pretty much what Brave is going for, they get a lot of criticism for their implementation here. Of course I'm not shocked, this is a hard problem, and the demand for the solution is irrationally low.
The individual user isn't worth 5 bucks in ads. But if you have millions, then they are worth that amount in aggregate, but only in aggregate. If they offered any price for subscribing ad free, the potential loss from the ad value of nonsubscribers could be well more than the gains in subscriber fees.
Therefore, to offset this, subscription fees needs to be much higher than the average ad revenue per user.
Legislating such a micropayments system would centralize the monetization of internet services in a way unprecedented since the advent of the internet. If you're worried a lack of Net Neutrality would suppress free speech, this would strangle it.
You'd create two internets: a bourgeoisie sphere of corporate sites with enough influence to be included in the micropayment system, and the unwashed masses, the sites deemed unworthy of monetization, forced to survive on crippled ad market. The handful of large corporate microtransaction payment processors would get to pick and choose who gets to be on the "good internet" without any oversight.
Who said anything about legislation? There's no need for legislation around this.
The problems so far with micropayments infra is that publications don't believe their readers will prefer payment over ads. Which is unfortunately largely true, so anyone starting a micropayments company will have a lot of trouble developing the network effects (both on payer and payee side) to be successful.
I don't know the solution to this, but I'd hope it's not legislation. Well -- a possible solution might be legislation that makes it economically infeasible to run sites on ad revenue and selling data. If we make it onerous or impossible to allow sites to collect and sell data, and make it harder for ad networks to target people, sites will have little choice but to implement subscription schemes, or, hopefully, adopt a micropayments-type structure.
"I will gladly pay my proportion of what's necessary to keep the service running in order to avoid the "you're not the customer, you're the product" mentality."
Since both are complementary and independent revenue streams, why do you assume that you paying cash for something does not mean you will be monetized in other ways as well?
That would be the deal. Either I "pay" via targeted ads, or I pay with cash. If you want to mix the two, then you've lost a potential customer (and I just continue to use my ad blocker).
> I really don't understand the extreme hostility to data collection and data markets.
I can easily explain my extreme hostility to this: that it happens without my consent and that companies put so much work into actively evading the defenses I put up against it.
> No one likes ads
This isn't about ads. This is about data collection. If ads existed without the spying, I wouldn't have an issue.
> What's really great is that it can really help small businesses and startups over large corporations.
No, that's not really great. I'm all for helping small businesses, but not by allowing them to abuse me.
> I can understand the need for treating data carefully and making sure the data is sufficiently scrubbed for personal identification
That's important too, but it doesn't address the issue of consent.
If data is being collected about me or my use of my machines without my informed consent, that's spying, period. I will treat anybody doing that as the attackers that they are.
Please correct me if I'm wrong, but you're saying your only issue here is consent? Surely you could just not use the sites and services that evade your consent then?
I'm sympathetic to the fact that "don't use services that track you" is easier said than done, but all the same, you do have that option.
"Surely you could just not use the sites and services that evade your consent then?"
No, really, you cannot.
FB maintains shadow profles, even for nonusers.
Google tracks virtually all Web traffic. And most email.
Amazon backs or provisions a tremendous amount on online sevices.
Comcast, TimeWarner, AT&T, and Verizon have absolute local, and effective national, monopolies on point-of-presence service across the US. Indigenous telco monopolies operate similarly elsewhere.
Cloudfront, Limelight, Akamai. and other CDN, DNS, and interconnectivity providers see requests and traffic aggregated across huge opulations.
Visa and Mastercard see a huge fraction of financial activity.
And this doesn't even start to touch the vast B2B data services markets in advertising, marketing, finance, credit, risk, tol collection, healthcare (denial) systems, licence plate scanner, retail backends, payments processing, debt collection, and more.
There really is no effective possibility of opting out. Even with denying yourself an effective role in modern society.
You haven't convinced me that the data they collect can harm you as an individual. How is your life actually negatively impacted? How is this a more rational concern than conspiracy theorists thinking the government is monitoring their private phone calls?
Because it's rife with bad actors due to a lack of regulation. And even the good actors are kind of forced to be bad actors in order to compete. Lacking better regulation it's just a horrible business model for consumers, with really no exceptions since anyone who plays nice will ultimately lose out to less scrupulous players.
I naively consider(ed?) Google a good actor. I still kind of buy that they want to be at least. I'm sure others think differently though and I'm definitely not going to defend them. (Android, Dragonfly)
Privacy mainly and ownership of data. Something along the lines of GDPR in spirit. I also think the details / fine print matter or loopholes will be found.
I think though that appropriate regulation is going to seriously hamper if not utterly destroy the business models of some really big players.
My problem at least is the fog behind it all, let me make the choice of whether I let you sell my information or pay you directly, don't make me assume that everything free comes with strings attached.
It's not a problem with ads. It's a problem with tracking and data collection.
I do not want any company can follow my habits and have a list of my preferences, at least without my consent.
I like general ads (with moderation), not customized based on my past purchases, where I can find out something new and interesting. Like it is on magazines.
It has been one year since the EU's GDPR law went into effect. What they did and why they did it is described in the PDF linked below. Some of their rationale is spelled out in Section 1.1.1. Key principles in Section 3.
There are plenty of opportunities for abuse here in the US, and we're all reminded of them constantly. The proliferation of ad-blockers and anti-tracking software shows that 'extreme hostility' is widespread. I have yet to see any substantial animus in the EU over the reasonable measures they've taken. Hopefully action on a state-by-state basis in the US will encourage the industry to demand explicit legal restrictions.
I agree and this points to the problem of "high level, usable TOS/EULA". Today's EULA "culture" is so hopelessly broken. Whereas the software is interactive and intuitive, using readable labels and buttons, the EULA is a couple dozen pages of non-interactive legal fine print. Companies will continue to get away with evil until we come up with better requirements for this nonsense.
People who use apps that sell their data should be bombarded with requests to use that data each and every single time, until they either decide the app isn't worth it or the app decides they should try a different business model.
And ad targeting should be included in that. Add a new notifications button to FB - companies that have requested advertising access to me. If I decline or don't answer, I never see their ads.