Implications of Global Privacy Control
https://developer.mozilla.org/en-US/blog/global-privacy-control/
#HackerNews #GlobalPrivacyControl #PrivacyRights #DataProtection #OnlinePrivacy #DigitalSecurity
#GlobalPrivacyControl
@fasnix und Ablehnen nur ein klick, ohne #Nudging oder #DarkPattern.
Scheint nicht zu funktionieren, ich bin dafür, dass das ab sofort nur noch opt-in geht, das "in" darf von mir aus in der Fußzeile der Webseite zu finden sein. Alternativ könnte sich "die Industrie" auf einen Standard zum Opt-In auf Browserebene einigen, ich wette das wird schneller funktionieren als #DoNotTrack oder #GlobalPrivacyControl 😉
@peaceout @br_data
One of the best lies of the anti-privacy internet is "We do not know how to react if someone's browser signals us 'Do Not Track'"—I mean, could this be more literal?
It's like a bank robber saying "What do you mean: 'Don't take the money'? I don't understand. What do you expect me to do? Work? That's ridiculous! Best I can do is taking your money"
#DNT #DoNotTrack #privacy #GDPR #GPC #GlobalPrivacyControl #privacyMaters #MyPrivacyisNoneOfYourBusiness #surveillanceCapitalism #dataCapitalism
#DoNotTrack is dead. Long live #GlobalPrivacyControl!
Of course, Google #Chrome/#Chromium, Microsoft #Edge and Apple #Safari still don't give a shit about #privacy
https://www.theregister.com/2024/12/12/firefox_do_not_track/?td=rt-3a
So apparently the #DoNotTrack (DNT) signal is legally recognized in #Germany, citing the #GDPR and arguing that DNT is a "valid objection" to the "processing of personal data". IANAL, but I find this ruling potentially problematic. :sakuya_think:
We know that IP addresses are "personal data"; it is explicitly included as an example by the GDPR. This along with the ruling has some chilling ramifications. If my understanding is correct, it means a website cannot use a CDN to optimize serving its content based on the user's location, because that would be "processing of personal data" (the IP address). And it's not like a website could just "opt-out" of Germany; even the very act of opting-out would be a GDPR violation, because again you're processing a user's IP address in order to show the geolocation notice of content being blocked for Germany. Show the content if the German user has signalled DNT? Still a GDPR violation (the DNT signal can act as an identifier which makes it "personal data" along with the German IP) :TenshMelt:
This ambiguity of how to interpret DNT makes me happy that #Mozilla is finally going to ditch it in #Firefox in favor of #GlobalPrivacyControl (GPC) which has a clearer and limited definition while still covering what privacy-conscious users really want in the first place: not wanting their data sold and shared to advertisers. It's just legally difficult to "prohibit tracking" when a user says so; should ETag not be included and performance be sacrificed because they can be used for tracking like a cookie? But then if an ETag is not included that would create a data point that can be tracked then? :TenshMelt:
Let tracking be defeated by technical solutions (private browsing/incognito mode, content blockers like uBlock Origin, and proxy software if you really need it). Political solutions are much more appropriate elsewhere like the selling and sharing of data. :seija_coffee:
@TechCrunch they did add #globalPrivacyControl though--technically similar but sites are required to act on it in more and more jurisdictions
you know you've been doing #privacy nerd stuff for too long when someone posts an actual working Lego Turing Machine, and your eye jumps to the #globalPrivacyControl link in the cookie banner
https://ideas.lego.com/projects/10a3239f-4562-4d23-ba8e-f4fc94eef5c7/updates
Interesting GPC (Global Privacy Control) reaction.
@carnage4life Blocking AI crawlers with robots.txt and "noai" HTTP headers and tags currently seem to depend on ToS being enforceable.
But companies already have to act on an "opt out preference signal" under several state #privacy laws—so I'm working on extending #globalPrivacyControl to make it work from server to client, not just client to server. The law and the robots header+tag are already there, so not much work needed for sites to add it https://blog.zgp.org/x-robots-tag-for-gpc/
@jensimmons Support for #globalPrivacyControl would help us give Safari users a much less confusing #consent experience--people can turn it on once and sites just do the right thing (more and more of them anyway)
@mhoye good idea. For example we have #globalPrivacyControl for browsers but it should be possible to apply the setting to all software that communicates on your behalf
Technical protections alone won't be enough to protect web users from #surveillance. Legal protections are also necessary, and simple tools are needed to help people exercise their rights. For example, it's time to standardize the #GlobalPrivacyControl. https://cdt.org/insights/deprecating-third-party-cookies-a-small-step-towards-a-more-private-web/
imho #GlobalPrivacyControl is too good to be kept just on the web
https://blog.zgp.org/gpc-all-the-things/
(also if the web has it but other communications media don't, companies will try to force or nudge you off the web and into native apps or buy buttons on appliances or whatever)
I've been studying #AB3048 which is the #California #GlobalPrivacyControl mandate bill
The really good thing about this bill is that it covers "a device through which a consumer interacts with a business" and not just browsers
If you make a direct connection to a server you can pass #GlobalPrivacyControl (GPC) in an HTTP header. That doesn't work out of the box in a federated system.
IMHO ActivityPub needs a way to pass header info (such as GPC and noai) in objects. http-equiv?
good design work by whoever did the #globalPrivacyControl popup on https://mazdausa.com/ -- it really makes GPC look like a high-end luxury feature. I'm impressed
I think this is the first time I've ever seen this. Might have the popup blocked at home though.
@jwildeboer even better, respect #DoNotTrack and #GlobalPrivacyControl headers for automatic opt-out!
@mastodonmigration If you connected directly to a server owned by that company, you could set a #globalPrivacyControl header (which has legal effect in some places)
What if ActivityPub were extended so that GPC (and other opt out headers) could travel with the objects they apply to?
How do you do #globalPrivacyControl for the Fediverse?
I'm thinking about one way that it might work that also addresses the likely comment that if ActivityPub is going to have GPC then it should also have #noai. And probably opt-out headers I haven't heard of.
Just filed an issue, will be interesting to see what people think
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst