I'm super impressed. I have a Consumer Reports membership going back 25+ years, but I almost never use it unless I go to buy something. So maybe I'll log in once a year. I consider it a donation to them because I think they do good work.
I would not have expected this type of app to come from them, but it makes me appreciate my membership even more!
I'm not. Look at the privacy policy. Not only do they use all the usual vile e-stalking tactics, but they also share aggregated data with other companies. The whole thing is a data mining exercise to cross-link and identify the user accounts and devices of people who have become somewhat harder to track by other means. Sure, they're not sharing individual data records with other companies, but the conclusion that this is actually a consumer protection project is contradicted by the evidence.
How does aggregated data sharing allow tech companies to cross-link and identify individual user accounts/devices? (I ask as I have no idea if that's what happens)
I see language like:
"We do not sell your personal information in a way that most people would think of as a sale. However, we do participate in online targeted advertising and use analytics which allows tech companies, in exchange for our use of their services, to use user information collected from our App to improve their own products and to improve the services they provide to others."
and wonder what in the world that actually means?
Are they gathering data like
30% of our users are iPhone 12+ users?
I don't work in advertising so I can't say for certain what people do and don't do. But yes, that seems like one useful data point.
But perhaps more interesting is the ability to determine that User X is trying to clear their data for Wayfair, Amazon, and Home Depot, but not Target and not Lowe's. I could imagine some interesting analysis with that data, even if only in aggregate.
There's also no prohibition that I can see in the Privacy Policy against things like fingerprinting your device, building a shadow profile on you, and exposing that data via some API with an "anonymized" identifier. I suspect that the ability to determine something like "owner of mobile device 123455321 is privacy-conscious" might in and of itself be a useful feature for targeting ads.
> Data that advertising networks and social media companies already have about you, so they can identify you on their platform, such as your email address or user ID
I think this falls under the 'usual e-stalking techniques' that GP mentions. Very surprised to see CU doing this.
Installed on my M1 Mac. So it's an automated way to ask them to delete your account. If you have ongoing business with the company this is the only recourse the app offers you (perhaps it's by jurisdiction - I'm in CA).
Useful, but I'd love a way to tell these companies to stop assembling a profile of me without my consent instead (ideally as a threat).
Also would be useful if the app could suggest less invasive alternatives in the same market. Perhaps an idea for v2.
Hi! I’m not sure if I’m reading you question correctly but if you are asking why would companies comply with the data rights requests made through the Permission Slip app, then the answer is they would do it because it’s legally required under the California Consumer Privacy Act and request made by consumers through “authorized agents” (which is the legal role CR is taking in this case) are equally mandatory. Also, some companies have wisely decided to voluntarily respect such requests. There are more nuances but that’s basically the main answer.
I believe most users cannot reasonably manage requests to prevent the sale of their personal information and that apps like this empower them to make this process easier. Do you have evidence indicating otherwise?
Does anyone know how this compares to incogni.com ? I've seen a few sponsored slots for that from vloggers who seem to be pretty on the level. It's always possible that enough slick marketing and paid search results could thwart reasonable good-faith attempts at due diligence, so you can never be entirely sure. But it's a tempting idea.
(Of course ideally, we'd live in a world where we wouldn't need either, and that kind of service wouldn't be limited to those who were savvy enough to have heard of it, or well-off enough to afford it, but we don't live in that world right now, so I'm willing to consider it.)
maybe this is cynical, but my understanding of both these services is that its a lie, i could be wrong as this is based on my speculation
your data that's been sold is already hosted externally
plus, whose to stop either of these services from collecting information on what you deleted from every website? or that you wanted it deleted? its another layer of data that can be collected from you
it seems like it also has potential to be an aggregator of different streams of your personal information that might not have otherwise intersected
What would a busy person pay to have a service that provides USPS mail address with scanning, one-time or service-specific email addresses, and phone number for SMS? That would be maybe $100/month to make these problems go away. I guess few would pay that, though digital nomads might try it.
“We do not sell your personal information in a way that most people would think of as a sale. However, we do participate in online targeted advertising and use analytics which allows tech companies, in exchange for our use of their services, to use user information collected from our App to improve their own products and to improve the services they provide to others. Under some laws, this is considered our “sale” of your user data to third parties. You can opt-out of this as provided in the “How to Submit a Request” section below.”
I used to trust consumer reports. I subscribed to their magazine.
They had a firewall between themselves and the manufacturers of products they review. They would buy cars themselves, then review them instead of getting a "perfect" car loaned and managed by the company that created it.
I also got an online account
But online, that firewall came down, and it got worse. They had funnels to sell you the products they reviewed and they had cookies and they got money for sales.
so I lost my trust in consumer reports.
Now they're releasing an app to help, but they've still left the barn door open.
When you look at that page, look at the Privacy Policy.
They clearly are in bed with advertisers - there is no firewall, they don't support themselves financially.
Even their privacy policy links to the ad networks to opt-out, which is a confusing mess.
If they were serious, they would have a button on their OWN site to prevent your browser from ever contacting third parties.
>But online, that firewall came down, and it got worse. They had funnels to sell you the products they reviewed and they had cookies and they got money for sales.
I don't really care if they have affiliate links to sell products, they include links for multiple sellers and I see no sign that they are steering people to the most expensive product since most times their top rated product is not the most expensive one.
> They would buy cars themselves, then review them instead of getting a "perfect" car loaned and managed by the company that created it.
That's a very expensive way to do reviews, and apparently digital subscriptions don't pay all the bills and affiliate links help close the gap.
> They clearly are in bed with advertisers - there is no firewall, they don't support themselves financially.
Why do you say that? They have no advertising (unless you call the affiliate purchase links "advertising", but their relationship with Amazon isn't going to make them recommend Ford over Chevy.
Affiliate links are an obvious conflict of interest for Consumer Reports. Affiliate links pay them a percentage of the sale, so their direct incentive is to recommend the higher-priced product as they make more money that way. So if you're in the market for a toaster and there's a perfectly good $30 model on Amazon they might instead recommend a $100 model because they make more money that way.
I don't buy it. The laws of supply and demand are an effect for affiliate links just like they are for the makers of the product. Sure, they might make more money per click. But there might very well be many more clicks if they recommended a cheaper one. Not saying there is just that it's more complicated than just recommend higher price. Get more money
>They had a firewall between themselves and the manufacturers of products they review. They would buy cars themselves, then review them instead of getting a "perfect" car loaned and managed by the company that created it.
This is still very much the case for all the products they test, cars or otherwise. According to people I know who work there, they don't even order products to their office, lest a company sees the address and ships a superior product.
My parents had a subscription long ago and recently I thought I would grab it. A print magazine with no ads and relevant content?
The intro offer was "10 issues for $20 plus TWO FREE GIFTS" (emphasis theirs). I got a renewal notice and did the math, realizing I was only getting 8 issues. Support told me this was correct, they did a combined issue this year they're counting as two. I point out that there's only 9 then, and they tell me the "Annual Buying Guide" listed as one of the free gifts counts as an issue for the intro offer despite not counting as an issue for an annual subscription.
It's such a tiny bit of false advertising, but it's enough that I can't trust them on anything and immediately unsubscribed.
I tell myself – at least when it comes to loyalty schemes – it's like wiping your disk and reinstalling everything annually. (The analogy's imperfect, wouldn't be surprised if your information was still retained, anyway.)
Assume that any data you give any online company or service will be sold and monitized and retained forever, and that "delete my account" only deletes your access to it. Make your choices accordingly.
Is this a whitelabeled version of saymine? Seems like the same type of service.
For what its worth, I think you need to go much farther than this. Saying "delete my account" does not do what you think it does for the vast majority of services.
For instaince, take reddit or discord. When you 'delete your account' it does not actually delete your data. It just removes your email and changes your account handle to 'deleted' - but all of the messages you sent are still there, able to be read and recalled by anyone you have interacted with.
This is a big reason I created https://redact.dev back in the day- I wanted to full delete my skype account because I didnt use it anymore. But when I went through the process, I found out (at the time) that it could simply be reactivated at any time by anyone who got the password. On top of that, all the messages I have ever sent will also be available for whoever logs in. So literally the only solution to actually delete your messages is to one by one go in and individually delete every message.
Also, to be clear- Most of these data broker removal services these days are making use of a mechanic where they simply email a request on your behalf to be removed. I am seeing first hand that more and more data brokers are refusing to honor these requests because they feel legally they are covered by making a 'opt out' page available to the end user. The rise in 'data broker removal' companies has no doubt accelerated that as well.
The best solution is to not go the email route, but to use the automated removal forms. Of course, these guys cant automate that so they dont do it.
I tried Optery (YC 22W) from an HN announcement and thought it would let me see data associations based on my email/handles from across the web and what data brokers are doing with it but the way the system, as in dealing with Data Brokers through some freedom of information as a service like Optery, works is like a yellow pages whois lookup based on your name/birthday/mailing address pairing which is completely ass backwards imo. I'm not interested in what details you have associated with my name I might share with 50 other people, I want to see everything connect to my online id's and if that includes my name phone numbers etc I want to exercise control over who has what and why. I still think it should be us, the consumers, who issue the Terms of Service to the users of our data not the other way around.
Hello fellow hackers - I work with the Permission Slip team closely (on a related and partly overlapping team) at Consumer Reports Innovation Lab. Happy to answer any questions or get answers if you stump me.
My own work is on the connected initiative called Data Rights Protocol which is aimed at providing a common open source API so processing the legally required data rights requests by Consumer through the Permission Slip app can be faster, cheaper, and better. That’s at DataRightsProtocol.org I think that protocol addresses some of the questions and ideas expressed in this thread.
I would probably pay a thousand dollars if you could get NPG Van, Action Network, and Act Blue to never text or email me again.
I’ve aggressively replied STOP and “delete and report spam” and unsubscribing from all communication for literally years and they keep coming. I’ve emailed action network several times and they:
1) Claim they don’t have the capability of putting me on a global “do not contact” list. (Just because they refuse to build such a feature doesn’t mean it is impossible to build)
2) Claim it’s their clients that are emailing and texting me, not them (but they control the infrastructure, and allow their clients to add me to campaigns I’ve not opted into and they’ve not verified my participation)
3) Cannot give me any contact information about the people directly messaging me because that would “violate trust” (literal lol, their business model is founded on trust violation)
Anyway. I have given up all other hope. I get multiple texts a week, sometimes multiple a day. It’s very disruptive to my life and there’s nothing I can do to meaningfully stop it.
Any tips? Any advice? I’m kind of desperate. I want to donate money again, but I also want to not be constantly digitally harassed.
Yeah, definitely do not donate money to Democrats (or Republicans, I assume), at least not with any real contact info whatsoever, as they will spam and worse, sell your info forever. Even still I still get occasional random requests like “I’m Mike Bobson, and I’m running for state assembly, 4th district in South Carolina.” Like, wtf, no I’m not going to fund literally every race in the country.
I did find a way to get NGP VAN to F off though!
From the email response I got from them:
> … If instead, you would rather not receive email from any of our customers, we can offer to add your email address to our "blocklist." This will prevent an email sent by our customers, using our email product, from being delivered to you. This will not completely eliminate our customers' ability to email you, and it will not delete your data from their systems. For instance, if our customer uses another system to send bulk email, then our “blocklist” would not stop them from emailing you through that system. Please note this is an all or nothing approach – we do not have the ability to apply the “blocklist” to individual customers using our email tool. If your email address is added to the “blocklist” you will not receive communications from any of our customers using our platform.
Then there was a link which unfortunately seems to have my email embedded in it so I can’t share it directly.
I started this process via making a request on yourdigitalrights.org. Best of luck and lmk if I can be of any help.
I think every PAC is legally required to list its officer(s) in their public incorporation documents. I tracked down the officer for one spamming me and publicly asked the guy (on Twitter I think) along with a screen-cap of the email to remove me from their lists. I never heard back, but it’s been a long time since I’ve been harassed. It might have to hit their doorstep…
I have the number of mail rules for the stuff like this. While you can do this in any client, I also keep thunderbird client open constantly on one of my media servers because it provides some features other rule machine engines do not, like an option to block by any header. I successfully blocked legitimate spam that way, the one that was somehow passing gmail. This works perfectly.
Another way is to use throw away email address per subscriber. You can for example use mailcare :)
I got this response from a member of the Permission Slip team:
“this has definitely come up in discussions. Non-profits were initially exempt from complying with data requests, but are set to kick in. We’re keeping a close eye on it.”
When I unsubscribed from CR I found they had a (not selected by default) opt-out "don't sell my information to third parties" checkbox in the account settings which you wouldn't know exists unless you log in (an uncommon act for a print subscription). It's weird, it feels like the kind of thing they would have had an article about.
So, I've looked at Permission Slip, and I'm a long-timer CR subscriber. I didn't see anything there that wasn't better done by DeleteMe or Optery, and I saw a lot of improvements that needed to be made.
I like that CR has interests that are more aligned with mine, and that this is a space they're working on, but they need to do better. Much better.
I've also looked at Incogni, and it came much closer to what I get with DeleteMe and Optery. But they're still better.
Between DeleteMe and Optery, the former has been around for a while, but doesn't provide nearly as much coverage. Optery has a baseline level that is free, but not as good as DeleteMe. Optery also has more expensive options that include human processing to delete your data off way more sites, but is much more expensive.
So, I'm kinda torn between DeleteMe and Optery. I'm leaning towards the latter, but I don't have any final conclusions yet. I need to wait and see how they both do over the longer term.
Every data category is given away to affiliates. Several categories are sold to ad networks.
And also the part on that page where they very explicitly say "To request to opt out of our future sale of your Personal Information and/or our “sharing” of your Personal Information for purposes of cross-context behavioral advertising, or any future processing for purposes of targeted advertising, click here to go to the web form or email us at permissionslip@cr.consumer.org."
And also the part where they say a giant middle fingered FUCK YOU to everyone not protected by force of law, "We may decline to honor your request where...there is no legal obligation with which CR must comply." Which is buried so far down that it may as well be in the back of a disused lavatory marked beware of the leopard.
>dazzaji 13 hours ago | next [–]
Hello fellow hackers - I work with the Permission Slip team closely (on a related and partly overlapping team) at Consumer Reports Innovation Lab. Happy to answer any questions or get answers if you stump me.
Never answered a single question. This whole thing stinks-- I'm a little heartbroken if not disgusted CR is in the game in this way. They used to be good guys back when the bad guys were a lot more innocent.
Way to trash your brand in a never forget kind of way!
You are correct, I was a victim of the weekend! But I did quickly get a reply from someone on the Permission Slip team and posted it as a reply up-thread this morning. Here, again, is what I got:
“this has definitely come up in discussions. Non-profits were initially exempt from complying with data requests, but are set to kick in. We’re keeping a close eye on it.”
Did the Permission Slip team say anything about why they think it's okay for an app of this nature to itself allow/perform what appears to be pretty egregious harvesting and selling of user data?
The folks at Consumer Report normally behave more sensibly so the fact that they only offer us a mobile app (no desktop/browser version?) with a snoopy sign-up process seems out of character, maybe even suspicious?
97 comments
[ 3.5 ms ] story [ 181 ms ] threadI would not have expected this type of app to come from them, but it makes me appreciate my membership even more!
I see language like:
"We do not sell your personal information in a way that most people would think of as a sale. However, we do participate in online targeted advertising and use analytics which allows tech companies, in exchange for our use of their services, to use user information collected from our App to improve their own products and to improve the services they provide to others."
and wonder what in the world that actually means?
Are they gathering data like 30% of our users are iPhone 12+ users?
Or something else?
But perhaps more interesting is the ability to determine that User X is trying to clear their data for Wayfair, Amazon, and Home Depot, but not Target and not Lowe's. I could imagine some interesting analysis with that data, even if only in aggregate.
There's also no prohibition that I can see in the Privacy Policy against things like fingerprinting your device, building a shadow profile on you, and exposing that data via some API with an "anonymized" identifier. I suspect that the ability to determine something like "owner of mobile device 123455321 is privacy-conscious" might in and of itself be a useful feature for targeting ads.
> Data that advertising networks and social media companies already have about you, so they can identify you on their platform, such as your email address or user ID
I think this falls under the 'usual e-stalking techniques' that GP mentions. Very surprised to see CU doing this.
Disclosure: I donated a little and later met the founder of the nonprofit.
Useful, but I'd love a way to tell these companies to stop assembling a profile of me without my consent instead (ideally as a threat).
Also would be useful if the app could suggest less invasive alternatives in the same market. Perhaps an idea for v2.
Are you lost?
You however, seem dead set on missing the obvious and blaming everyone else.
I, a real human, also love it when $app_name empowers everyday users.
(Of course ideally, we'd live in a world where we wouldn't need either, and that kind of service wouldn't be limited to those who were savvy enough to have heard of it, or well-off enough to afford it, but we don't live in that world right now, so I'm willing to consider it.)
your data that's been sold is already hosted externally
plus, whose to stop either of these services from collecting information on what you deleted from every website? or that you wanted it deleted? its another layer of data that can be collected from you
it seems like it also has potential to be an aggregator of different streams of your personal information that might not have otherwise intersected
What would a busy person pay to have a service that provides USPS mail address with scanning, one-time or service-specific email addresses, and phone number for SMS? That would be maybe $100/month to make these problems go away. I guess few would pay that, though digital nomads might try it.
“We do not sell your personal information in a way that most people would think of as a sale. However, we do participate in online targeted advertising and use analytics which allows tech companies, in exchange for our use of their services, to use user information collected from our App to improve their own products and to improve the services they provide to others. Under some laws, this is considered our “sale” of your user data to third parties. You can opt-out of this as provided in the “How to Submit a Request” section below.”
They said no, and still don't provide that option. I guess whatever it takes to get you to install their app so they can harvest and sell your data.
They had a firewall between themselves and the manufacturers of products they review. They would buy cars themselves, then review them instead of getting a "perfect" car loaned and managed by the company that created it.
I also got an online account
But online, that firewall came down, and it got worse. They had funnels to sell you the products they reviewed and they had cookies and they got money for sales.
so I lost my trust in consumer reports.
Now they're releasing an app to help, but they've still left the barn door open.
When you look at that page, look at the Privacy Policy.
They clearly are in bed with advertisers - there is no firewall, they don't support themselves financially.
Even their privacy policy links to the ad networks to opt-out, which is a confusing mess.
If they were serious, they would have a button on their OWN site to prevent your browser from ever contacting third parties.
I have not regained my trust in consumer reports.
I don't really care if they have affiliate links to sell products, they include links for multiple sellers and I see no sign that they are steering people to the most expensive product since most times their top rated product is not the most expensive one.
> They would buy cars themselves, then review them instead of getting a "perfect" car loaned and managed by the company that created it.
That's a very expensive way to do reviews, and apparently digital subscriptions don't pay all the bills and affiliate links help close the gap.
> They clearly are in bed with advertisers - there is no firewall, they don't support themselves financially.
Why do you say that? They have no advertising (unless you call the affiliate purchase links "advertising", but their relationship with Amazon isn't going to make them recommend Ford over Chevy.
This is still very much the case for all the products they test, cars or otherwise. According to people I know who work there, they don't even order products to their office, lest a company sees the address and ships a superior product.
The intro offer was "10 issues for $20 plus TWO FREE GIFTS" (emphasis theirs). I got a renewal notice and did the math, realizing I was only getting 8 issues. Support told me this was correct, they did a combined issue this year they're counting as two. I point out that there's only 9 then, and they tell me the "Annual Buying Guide" listed as one of the free gifts counts as an issue for the intro offer despite not counting as an issue for an annual subscription.
It's such a tiny bit of false advertising, but it's enough that I can't trust them on anything and immediately unsubscribed.
I would actually like to "reclaim" it before it's deleted, as I try to do with every service.
For what its worth, I think you need to go much farther than this. Saying "delete my account" does not do what you think it does for the vast majority of services.
For instaince, take reddit or discord. When you 'delete your account' it does not actually delete your data. It just removes your email and changes your account handle to 'deleted' - but all of the messages you sent are still there, able to be read and recalled by anyone you have interacted with.
This is a big reason I created https://redact.dev back in the day- I wanted to full delete my skype account because I didnt use it anymore. But when I went through the process, I found out (at the time) that it could simply be reactivated at any time by anyone who got the password. On top of that, all the messages I have ever sent will also be available for whoever logs in. So literally the only solution to actually delete your messages is to one by one go in and individually delete every message.
Also, to be clear- Most of these data broker removal services these days are making use of a mechanic where they simply email a request on your behalf to be removed. I am seeing first hand that more and more data brokers are refusing to honor these requests because they feel legally they are covered by making a 'opt out' page available to the end user. The rise in 'data broker removal' companies has no doubt accelerated that as well.
The best solution is to not go the email route, but to use the automated removal forms. Of course, these guys cant automate that so they dont do it.
My own work is on the connected initiative called Data Rights Protocol which is aimed at providing a common open source API so processing the legally required data rights requests by Consumer through the Permission Slip app can be faster, cheaper, and better. That’s at DataRightsProtocol.org I think that protocol addresses some of the questions and ideas expressed in this thread.
I’ve aggressively replied STOP and “delete and report spam” and unsubscribing from all communication for literally years and they keep coming. I’ve emailed action network several times and they:
1) Claim they don’t have the capability of putting me on a global “do not contact” list. (Just because they refuse to build such a feature doesn’t mean it is impossible to build)
2) Claim it’s their clients that are emailing and texting me, not them (but they control the infrastructure, and allow their clients to add me to campaigns I’ve not opted into and they’ve not verified my participation)
3) Cannot give me any contact information about the people directly messaging me because that would “violate trust” (literal lol, their business model is founded on trust violation)
Anyway. I have given up all other hope. I get multiple texts a week, sometimes multiple a day. It’s very disruptive to my life and there’s nothing I can do to meaningfully stop it.
Any tips? Any advice? I’m kind of desperate. I want to donate money again, but I also want to not be constantly digitally harassed.
I did find a way to get NGP VAN to F off though!
From the email response I got from them:
> … If instead, you would rather not receive email from any of our customers, we can offer to add your email address to our "blocklist." This will prevent an email sent by our customers, using our email product, from being delivered to you. This will not completely eliminate our customers' ability to email you, and it will not delete your data from their systems. For instance, if our customer uses another system to send bulk email, then our “blocklist” would not stop them from emailing you through that system. Please note this is an all or nothing approach – we do not have the ability to apply the “blocklist” to individual customers using our email tool. If your email address is added to the “blocklist” you will not receive communications from any of our customers using our platform.
Then there was a link which unfortunately seems to have my email embedded in it so I can’t share it directly.
I started this process via making a request on yourdigitalrights.org. Best of luck and lmk if I can be of any help.
I change my phone number every 90 days, it de-links tracking like this. Your phone number is like your primary key for data brokers these days.
Another way is to use throw away email address per subscriber. You can for example use mailcare :)
I have been tearing my hair out over the Act Blue spam. I would crawl naked across hot coals to make it stop.
“this has definitely come up in discussions. Non-profits were initially exempt from complying with data requests, but are set to kick in. We’re keeping a close eye on it.”
https://actionnetwork.org/subscriptions
...but as of this month, it's a 404. Great. Edit: False alarm! You have to be logged in.
https://permissionslipcr.com/privacy.php#Data%20Processing,%...
Edit: soneone mentionned yourdigitalrights, had a look at their policy : https://yourdigitalrights.org/privacy
Honestly yours make your service look like a honeypot ...
I like that CR has interests that are more aligned with mine, and that this is a space they're working on, but they need to do better. Much better.
I've also looked at Incogni, and it came much closer to what I get with DeleteMe and Optery. But they're still better.
Between DeleteMe and Optery, the former has been around for a while, but doesn't provide nearly as much coverage. Optery has a baseline level that is free, but not as good as DeleteMe. Optery also has more expensive options that include human processing to delete your data off way more sites, but is much more expensive.
So, I'm kinda torn between DeleteMe and Optery. I'm leaning towards the latter, but I don't have any final conclusions yet. I need to wait and see how they both do over the longer term.
why?
Way to erode trust, CR. I had a subscription and I've just cancelled it because of this.
Here
https://permissionslipcr.com/privacy.php#Data%20Processing,%...
Every data category is given away to affiliates. Several categories are sold to ad networks.
And also the part on that page where they very explicitly say "To request to opt out of our future sale of your Personal Information and/or our “sharing” of your Personal Information for purposes of cross-context behavioral advertising, or any future processing for purposes of targeted advertising, click here to go to the web form or email us at permissionslip@cr.consumer.org."
And also the part where they say a giant middle fingered FUCK YOU to everyone not protected by force of law, "We may decline to honor your request where...there is no legal obligation with which CR must comply." Which is buried so far down that it may as well be in the back of a disused lavatory marked beware of the leopard.
Never answered a single question. This whole thing stinks-- I'm a little heartbroken if not disgusted CR is in the game in this way. They used to be good guys back when the bad guys were a lot more innocent. Way to trash your brand in a never forget kind of way!
After all, we need time to sharpen our pitchforks before we use them.
“this has definitely come up in discussions. Non-profits were initially exempt from complying with data requests, but are set to kick in. We’re keeping a close eye on it.”
Did the Permission Slip team say anything about why they think it's okay for an app of this nature to itself allow/perform what appears to be pretty egregious harvesting and selling of user data?