this post was submitted on 24 Oct 2024
450 points (99.3% liked)

Technology

59673 readers
3200 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

The administrative penalties, which are worth around $335 million at current exchange rates, have been issued by Ireland’s Data Protection Commission (DPC) under the European Union’s General Data Protection Regulation (GDPR). The regulator found a raft of breaches, including beaches to the lawfulness, fairness and transparency of its data processing in this area.

The GDPR requires that uses of people’s information have a proper legal basis. In this case, the justifications LinkedIn had relied upon to run its tracking ads business were found to be invalid. It also did not properly inform users about its uses of their information, per the DPC’s decision.

LinkedIn had sought to claim (variously) “consent”-, “legitimate interests”- and “contractual necessity”-based legal bases for processing people’s information — when obtained directly and/or from third parties — to track and profile its users for behavioral advertising. However, the DPC found none were valid. LinkedIn also failed to comply with the GDPR principles of transparency and fairness.

top 22 comments
sorted by: hot top controversial new old
[–] COASTER1921@lemmy.ml 60 points 1 month ago (2 children)

LinkedIn has some of the most obfuscated and complex ad targeting settings I've encountered. There needs to be a retirement to have a one click solution to disable ad personalization.

[–] themoonisacheese@sh.itjust.works 33 points 1 month ago* (last edited 1 month ago) (2 children)

The button already exists and it's the install button on ublock origins page.

[–] dubyakay@lemmy.ca 14 points 1 month ago

I think the problem goes deeper. Their page tracks everything you do and then sells that data to third parties. UBO only blocks ads and tracking.

The only way to prevent linkedin from selling data related to you is to not use their site at all.

[–] COASTER1921@lemmy.ml 7 points 1 month ago (1 children)

I thought that without blocking cookies the tracking is still active, even if you're not being served ads from them. In those same LinkedIn privacy settings you're automatically opted into having your data used to train AI models.

[–] franklin@lemmy.world 1 points 1 month ago

uBlock Origin now has an option to block cookies as well.

[–] HK65@sopuli.xyz 8 points 1 month ago

There is in fact a requirement, and also that it's off by default.

[–] slowcakes@programming.dev 46 points 1 month ago (1 children)

I always wonder, how you can be fined hundreds of millions of dollars for breaking a law or multiple, but no one will go to prison. How is it not a serious crime to break peoples right to privacy and personal integrity on a massive scale like that.

If no one is jailed for doing it, it will never stopped they will just try to lobby to change the laws. They knowingly are breaking the law, but it's only fines so they don't give a shit, because they are also lobbying to change those laws...

What a bunch of idiots for politicians, they let these corporation walk all over our rights.

[–] NaibofTabr@infosec.pub 34 points 1 month ago* (last edited 1 month ago) (2 children)

I always feel like the solution is to make this sort of thing unprofitable. Rather than just having a cost-of-doing-business fine, the company should have to forfeit all revenue generated by the illegal activity. The fine should then be assessed in addition to the revenue forfeiture, making it a real penalty rather than a wrist-slap.

Businesses operate on cost-benefit analyses and risk assessments. If violating the privacy regulation risks the loss of all revenue for the ad business, they won't do it.

[–] slowcakes@programming.dev 16 points 1 month ago (1 children)

Sure but when they actively decide to break the law and the rights of millions people, they are criminals or part of a criminal Enterprise and you should be on trail. The people in position of power, choose to break the law because of profit motivation, of course they shouldn't keep the money because it was made illegally.

Why would they care about the consequences of fines, when they themselves don't have to pay it, they can just cash out and not lose a cent, its the company that gets fined.

Fuck em, they should face several years of prison and lose the right to run a business or having a position of power, for gross violations of human rights and shouldn't be trusted to hold power.

What stops Nvidia, intel or whatever to build the same kind of privacy violating technology directly in the hardware. I don't even know how our phones are even allowed to collect all the data that they do, what are you going to do in the future when every piece of electronics you buy, is collecting data. You wouldn't even need internet, they'll just send it to the nearest 5g tower.

In 5 - 10 years, we'll live in the era of mass surveillance (for your safety of course). AI combined with all the data available, will make the world a living hell for regular people. 1984 will no longer be science fiction, because we elect self serving clowns, total morons that aren't capable of doing anything because they are starstruck by rich people and tech bros.

[–] NaibofTabr@infosec.pub 1 points 1 month ago (1 children)

Why would they care about the consequences of fines, when they themselves don’t have to pay it, they can just cash out and not lose a cent, its the company that gets fined.

Because if you lose a company a substantial amount of money without generating profit for the shareholders then you won't get an executive position at any other companies.

In 5 - 10 years, we’ll live in the era of mass surveillance

It definitely feels like that. In a lot of ways we're already there. Stingrays have been around for more than a decade - but of course they're technically legal.

Technology will always move faster than government, and unfortunately that means technology companies will always find ways to gather data on people with things that we don't have laws for. The only way I can think to slow that down would be to kill the demand for tracking data, but it seems like every government and major business is into collecting, buying and selling data on human behavior right now so I don't even have a theory as to how to actually reduce the demand for it. It's way out of hand.

The best option for individuals right now is to live in a place that has some decent legal restrictions, like the EU or California, and of course vote for politicians who favor privacy regulations.

[–] ExcessShiv@lemmy.dbzer0.com 2 points 1 month ago

As I'm reading this, stingrays are pretty ineffective if users are using E2EE messaging (or just a VPN), and can then pretty much only be used for location estimation.

[–] kambusha@sh.itjust.works 8 points 1 month ago (1 children)

Just jail the CEO. Maybe their salary will finally be justified, if they're willing to take the risk.

[–] NaibofTabr@infosec.pub 6 points 1 month ago (2 children)

Thing is, if the profit is high enough and the golden parachute is good enough then a business could probably find someone to take the fall as the CEO for them. Losing the CEO won't end the business or their exploitative behavior.

[–] P1nkman@lemmy.world 7 points 1 month ago (1 children)

Board of Directors. Entire C-suite on trial. People with 10% or more ownership of shares. That would change things.

Oh, emails were deleted and couldn't be recovered? CTO is at fault. Skip start, go straight to jail.

[–] NaibofTabr@infosec.pub 3 points 1 month ago* (last edited 1 month ago) (1 children)

Well... look, I'm all for punishing white collar crime, we should do more of that, but I'd much rather incentivize preventing this kind of thing in the first place than punishing people after the fact.

Taking away the revenue (remember revenue means all the income, not just the profit) from criminal behavior does that, because it means the business risks financial collapse.

For instance, in this case if LinkedIn's EU ad sales department violated EU law, then all revenue from the EU ad sales department should be forfeit, for the entire time period during which the violation occurred.

This would be a lot more effective than threatening rich people with jail time, because rich people can always make a deal to serve their time in a nice facility or house arrest or something. Instead, we threaten to wipe out the business financially.

[–] P1nkman@lemmy.world 3 points 1 month ago (1 children)

Oh, I totally agree, but if we use the example in the article, how would the EU be able to prove LinkedIn's revenue? These companies are shifting their money around so they don't have to pay tax.

[–] NaibofTabr@infosec.pub 2 points 1 month ago (1 children)

Ah, hah, I'm glad you asked, I have thoughts on that too.

Auditing. The government (every government) should employ a team of auditors. In a case like this, the auditors will be attached to the offending company for the purpose of reviewing their operational and financial records. The auditors will be part of (inside of) the company operations for as long as it takes to untangle the details and assess the total sum of revenue gained from the illegal activity, and if that interferes with running the business well that's too effing bad.

While the auditing is ongoing, the company will be responsible for paying the auditors' salaries and expenses, and providing office space and whatever other resources they need. There will also be a representative of the auditors assigned to the executive board, present at all board meetings, with voting and veto privileges. Effectively, the company is on probation and under observation until their debt is paid. Any other violations discovered during the audit will result in additional prosecutions.

If the company finds this too burdensome, or if they have tried to obfuscate their records, then they can simply forfeit the revenue of the entire department/operational area in order to expedite the audit.

[–] P1nkman@lemmy.world 2 points 1 month ago

Oh dang, I hadn't thought of about that, and it's a very good solution!

[–] kambusha@sh.itjust.works 3 points 1 month ago (1 children)

Tbh, you're probably right. It's the same reason that solar finally is seeing an uptick, and how cryptography works. Solar makes financial sense now, and cryptography is all just about how much money you would need to spend to crack a password.

[–] NaibofTabr@infosec.pub 2 points 1 month ago* (last edited 1 month ago)

This is really it. Businesses are about making money. If you want to change the way businesses behave, you have to change the financial incentives. You can condemn the capitalist greed motivation if you want, but that really only amounts to moralistic posturing, it doesn't accomplish anything practical. It's more useful to understand how businesses make decisions, and then adjust rules to incentivize the behavior you want and disincentivize the behavior you don't want.

An ounce of prevention is worth a pound of cure.

[–] SoupBrick@yiffit.net 13 points 1 month ago

https://www.businessofapps.com/data/linkedin-statistics/

LinkedIn generated $15.7 billion revenue in 2023, an increase of 7.4% year-on-year

[–] mannycalavera 4 points 1 month ago

Ireland taketh with one hand.... and give back (and then some) with another BEPS tax dodging scheme.