GDPR is a massive inconvenience. in theory it sounds good, in practice you just have to click an annoying number of accept buttons. there should have been more debate around this set of rules not just a diktat top down that is disconnected from reality.
>These popups are entirely unnecessary, if sites would just stop tracking you and allowing third parties to track you.
Yeah, who needs money to operate a service anyway. Can't they just be happy that I'm even willing to consume their content?! These websites do that so that they can provide the website in the first place. If they didn't then there would be no website for you to complain about.
> If they didn't then there would be no website for you to complain about.
Oh no, my business model of selling everything I can glean about you in exchange for some recycled 'content' is under threat! Oh noes!
If you can't operate without tracking and you can't legitimately and consensually persuade people to participate in it without resorting to dark patterns and hiding controls, your business is no longer viable, sorry. Find a new model or make way for someone else that can.
And by "spy on users" you mean "show ads that might at least remotely be relevant to the user"? The world is a lot bigger than the US. If there was no targeting of any kind then half of the ads you'd see would be in languages you can't even understand. Hell, that's the situation right now if you live in certain places in the world and this is with some tracking!
> If there was no targeting of any kind then half of the ads you'd see would be in languages you can't even understand.
Given I have zero interest in seeing ads in the first place, this sounds like a 'you' problem.
I'm not trying to be snarky here - this idea that relevant ads are important to users seems to be some sort of industry delusion. Why should I care if the people trying to sell me stuff while I read a news article are less able to target me? The ads are already an attention-demanding annoyance, it hardly matters what they're for.
As someone implementing data pipelines & doing enterprise integration (along with web work), I massively disagree.
GDPR is the best "needle mover" in terms of "we don't care about xyz" in the last 15 years.
In a meeting, even as an external contractor, you can now much more easily highlight privacy/security issues without being told that you are "too caring", and it will actually have an impact (because there is a widely known law & control body).
GDPR is a pretty big thing. Cookies, and cookie consents is a tiny tiny bit of it.
If there is an annoying popup on a website it's not compliant. E.g. if you need to switch OFF multiple accept switches, then it's blatantly in violation (default must be off). I have no idea why sites would even bother putting up a noncompliant GDPR popup instead of just ignoring it.
You misunderstand policy making. A lawmaker is not (and should not be) interested in providing a way of how to implement things, but how things should be, they are only providing the normative side.
The executive and judicative branch of the state then specifies how things should be implemented.
Most GDPR implementations that are so annoying are actually wrong.
I agree that this is how most legislation does work: dream up something that would be great and ignore the facts on the ground and live with a predictable shitshow of implementations.
To me it's a stretch to say legislation ought to work like this.
Many of the "outlier good ideas" in legislation are those that integrate the facts on the ground and consider e.g. implementation complexity.
There are already 2 text coming that significantly change it. Mostly to make it more protective. Search for "ePrivacy".
On top of that, there is a wide range given to the DPA which they are using. It is just that the EU agencies prefer to try to educate first before hitting companies hard, which makes sense.
In practice, if it had not been for Covid, the UK DPA would have killed multiple adtech company during the Summer. They had announced having planned it earlier this year.
> in practice you just have to click an annoying number of accept buttons.
The vast majority of those aren't GDPR-compliant, they're just attempts at paying lip-service while maintaining the old ways, and they're usually illegal.
loads of pedos and criminals love hiding via that network, and those who run it likely know it, but they defend it as “privacy” and “freedom” yet this stat shows its being used in somewhat free countries.
Asking for opinions on pictures of one's private parts while avoiding someone connecting that to your identity. I mean asking "is that pimple on my scrotum an STD", not advertising them.
good example but few non technical people would even know about tor, i am sure there are better options that dont necessarily help criminals hide there tracks
Real strange that the mob here is downvoting you - you are right, tor is used by criminals. i’d stay away from it as it has nothing to do with being “anonymous” for...”privacy”.
Many providers in EU countries offer 1gbps fiber as an option, but the most sold option is more like 200-250mbit because the price is lower. And many of those are cable based which means only 25 or 50mbit uplink, not symmetrical like fiber. So that would require 100,000 endpoints participating.
But this was a reflection attack, so most of the bandwidth was coming from poorly secured servers. In datacenters those would most likely have 1 Gbps uplink speeds.
Not gigabit upload, but I got close at 700Mbps, and some cable providers offer gigabit upload speeds in some regions, cogeco for example offers gigabit symmetrical cable in Trois-Rivières.
France is widely offering 1 Gbps symmetric fiber in major cities. The 3 major ISP offer the same unique package for 35e a month with internet and phone and TV, not negotiable. That's gigabit fiber if your home is in a area covered by fiber.
Do the ISPs have enough outgoing bandwidth to the internet for all their 1 Gbps symmetric fiber customers to maintain a 1 Gbps sustained upload simultaneously?
But any given provider won't have a 2 Tbps uplink out of their own network. It would likely have to be highly distributed across many providers. ISP's don't build their networks to support all customers running at max at the same time, as most consumers will only push that 1Gbps limit for short bursts.
ISP infrastructure is symmetric fiber. A single fiber can do 100 Gbps without troubles. And when you have to bulldozer the road to lay the fiber, you don't put a single fiber but a pack of a hundred. There is no crosstalk between fibers unlike with copper, so one has interest to put as many as possible.
Sure. You can spread your attack over a few countries and as a result a good 20 ISPs. I assure you if your ISP offers cheap gigabit they have a 100Gbps uplink.
