I was definitely not asked for consent on being tracked online for advertisement purposes. Consent needs to be explicit, specific, unambiguous and freely given. Hiding this behind sugar coated language is illegal in the EU.
I very much appreciate the work on NOYB to remind companies that privacy is not optional.
P.S. While "building something useless" is not illegal, I find the usage of this information shitty. "You bought X, we'll display ads for X for the next two weeks." How likely is one to buy another bike? Or another pram? Why is the AdTech industry insisting on collecting information that it can't use and is invasive?
The complaint isn't that you're actually being tracked nor that the ID is being used without your consent. The complaint is that the (resettable) ID exists at all.
These IDs (Android and iOS) were introduced to push apps off of using globally unique device identifiers that couldn't be reset like the IME number.
They were a massive improvement over what previously existed, and on their own don't do any tracking nor contain any user data. This complaint feels like it's a stretch, and if the complaint succeeds the inevitable alternative is much worse for users.
It's like the cookie dilemma. Get rid of them and fingerprinting will become the norm (and user's lose the ability to reset them). I don't know how much fingerprinting you can be done within a JVM, but I imagine it's a lot.
Just as no amount of technical implementation will save the environment, I now believe that no amount of technical implementation (by itself) will enable privacy.
GDPR is clear: Any data that allows an individual to be directly or indirectly identified is personal data. Fines are now targeting "lower hanging fruits", i.e., more obvious violations. However, as the landscape shifts, I'm looking forward to the first fine related to non-consented fingerprinting.
But right now they aren't targeting improper usage of identifying data, but instead that identifying data exists at all. This doesn't seem like a GDPR violation at all?
Collection of identifying data also needs consent. It would be perfectly legal to have an AAID and never disclose it to anyone, but that wouldn't be very useful. :)
Right, but they aren't complaining about collection of identifying data. Google/Android (or iOS) isn't collecting the AAID themselves in an unauthorized way.
The complaint is purely that the AAID is generated, fully independent of whether or not it's ever used.
Generating UUID and persisting them on a device is perfectly fine. However, once you send this UUID to a server (i.e., the owner of the server collects it) without consent, that becomes illegal.
> Why is the AdTech industry insisting on collecting information that it can't use and is invasive?
- The "dumb" approach to targeted advertising is good enough, they're stuck in a local minimum. When they try to be more clever, ROI drops.
- That might change in the future, so it's better to have the data than to not have it.
- A lot of that data is also useful for the problem of ad attribution - i.e. determining who should be paid and how much if a person buys something somewhere (possibly off-line).
If you read it you would know it isn't a debate post but information about a Complaint filed to the Data Protection Authority by someone who has done so against big corps before and won multiple times. This will likely end up with both Apple and Google getting fined by the EU. Again.
No, Apple is not tracking its users to a greater extent. You wish that were true, clearly, but you can't support it. As for "flashing custom ROMs", well, if you could support your main argument, you wouldn't be trying to change the subject three times.
I have a huawei with no google services on it and I never go to Chinese sites. It's stupid but I feel less watched with China getting my data than with a normal android :D
a) no, not the same thing
b) no, not being used the same way by Apple, so not comparable
c) this is 5 months old and pre-dates Apple's current privacy initiatives
Of course. All cell phones are inherently trackers. That is how the cell phone system works at all. The base stations use increasingly accurate clocks to multi-laterate the handset position and decide which base station will handle it. This is accurate to about 50m these days. And since a handset pings out it's existence every 30s or so while it's on and telcos store the data for 2-5 years (in the USA) they have a very accurate record of your movements to sell for commercial profit. And then those companies can re-sell the data to the government.
The idea that anything you do in the userspace of a phone can make you 'safe' from tracking is just ignorant. The greatest danger will always be the baseband modem which you will never have acess or control of due to FCC regulations.
36 comments
[ 5.9 ms ] story [ 70.3 ms ] threadThis article also sounds like GPT generated text optimized for mild outrage. It offers nothing substantial to the issue
I very much appreciate the work on NOYB to remind companies that privacy is not optional.
P.S. While "building something useless" is not illegal, I find the usage of this information shitty. "You bought X, we'll display ads for X for the next two weeks." How likely is one to buy another bike? Or another pram? Why is the AdTech industry insisting on collecting information that it can't use and is invasive?
These IDs (Android and iOS) were introduced to push apps off of using globally unique device identifiers that couldn't be reset like the IME number.
They were a massive improvement over what previously existed, and on their own don't do any tracking nor contain any user data. This complaint feels like it's a stretch, and if the complaint succeeds the inevitable alternative is much worse for users.
GDPR is clear: Any data that allows an individual to be directly or indirectly identified is personal data. Fines are now targeting "lower hanging fruits", i.e., more obvious violations. However, as the landscape shifts, I'm looking forward to the first fine related to non-consented fingerprinting.
The complaint is purely that the AAID is generated, fully independent of whether or not it's ever used.
- The "dumb" approach to targeted advertising is good enough, they're stuck in a local minimum. When they try to be more clever, ROI drops.
- That might change in the future, so it's better to have the data than to not have it.
- A lot of that data is also useful for the problem of ad attribution - i.e. determining who should be paid and how much if a person buys something somewhere (possibly off-line).
At least on Android you can still block ads, block internet access to apps you don't trust and flash custom ROMs.
https://www.forbes.com/sites/kateoflahertyuk/2020/11/16/appl...
I will see this as hypocritical
No, the alternative is GNU/Linux phones.
Many Android apps should work in Anbox nevertheless.
Besides you can reset it as you would know if you read TFA.
Does it matter the choice of hardware?
Does it matter if one were to use google services on lineageos ?
The idea that anything you do in the userspace of a phone can make you 'safe' from tracking is just ignorant. The greatest danger will always be the baseband modem which you will never have acess or control of due to FCC regulations.
https://news.ycombinator.com/item?id=26723355