Tumgik
#data privacy
alwaysbewoke · 2 days
Text
23 notes · View notes
Text
Tumblr media
I deactivated my account late last night after seeing this, and they emailed me back saying one of my reviews didn't meet their guidelines. I won't be re-activating to 'appeal their decision' by changing it because I haven't used this site in forever. But my 'review' when I used to work for a problematic wellness retail chain was mostly about rampant micro-management, a lack of proper pay raises -especially since there was zero commissions for the amount of work you do in-store, to not being compensated properly for work outside of your duties (and the blurring of those responsibilities because I would often do things a store manager would do or an assistant even when I stepped down -like training). I wrote it very professionally, without profanity, so it makes me wonder what the hell I said that was so inappropriate.... interesting Glassdoor.
33 notes · View notes
zuko-always-lies · 20 days
Text
From instructions on how to opt out, look at the official staff post on the topic. It also gives more information on Tumblr's new policies. If you are opting out, remember to opt out each separate blog individually.
Please reblog this post, so it will get more votes!
46K notes · View notes
fallintosanity · 2 years
Text
psst, let me tell you a secret
are you listening? 
ready? 
Tumblr Blaze is the biggest fuck-you to Facebook, Twitter, Google, Amazon, and other advertising companies in basically ever
wanna know why? 
On Facebook, I could show this post only to white, politically undecided, lesbian college students aged 18-21 who live in zip codes 75023, 75024, and 75025 (yes, even after the changes Facebook recently announced). Anyone who interacts with the post, therefore, is extremely likely to be a white, politically undecided, lesbian college student aged 18-21 who lives in Plano, Texas. If this post was an ad, and you clicked the ad and bought the thing it was advertising, then I’d also know your name, physical address, telephone number, email address, and approximate financial status. 
You probably don’t want me to know all that about you, right? 
Do you want your health insurer to know? What about your employer? If you’re queer and not out to your family and friends, would you want them to know? What if you’re a domestic violence survivor, hiding from your ex-spouse?
All they need to do to get all that information is buy a Facebook ad for under $5.
And before you say that you don’t share all that on Facebook: too bad! Even if you don’t, Facebook (along with pretty much every ad company out there) buys, sells, and/or trades the data it collects about you with other companies. Facebook collects data about you even if you don’t have a Facebook account.
Wanna know what’s scarier? 
Bad guys can also buy targeted ads, and use them to convince you to do things like vote for a particular presidential candidate, or vote against unionizing Amazon workers. This is a very common tactic used by hostile foreign governments to foster extremism and isolate vulnerable minorities, and influence elections and other political and social events. Even the tech companies themselves can and do use this data to manipulate your emotions, making you happier or sadder according to their own whims.
(why do you know all this, Sanity? because I’ve worked in information security, fighting for data privacy and security, for over a decade)
Facebook, Google, Twitter, Amazon, and other advertisers claim that collecting all that data about you, and letting anyone target you with it, is absolutely, 100% necessary for the existence of the entire ad-funded Internet. They want you to believe that nothing bad could possibly come of it, despite proof to the contrary being in the news every other month. They want you to blindly continue letting them collect and use YOUR data to influence you to think, feel, and do what THEY want. 
But. 
BUT!!!
Enter Tumblr Blaze. 
Tumblr media
(from the Blaze FAQ)
Tumblr looked at advertising and said, you know what? we don’t need to target anyone. Targeted ads don’t actually work anyway. All that hyper-specific targeting is just an excuse for ad companies to raise prices and collect more data to use for their own purposes. 
Tumblr said, we bet people will pay real-life dollars to share their posts with up to 50,000 people, whether or not those people will care. 
Tumblr said, we’re going to blow up the entire online advertising industry.
That is fucking amazing, y'all.
15K notes · View notes
Text
The Supreme Court of Canada made a key privacy ruling Friday that means police must now first have a warrant or court order to obtain the numbers making up a person or organization's IP address.
The top court was asked to consider whether an IP address alone, without any of the personal information attached to it, was protected by an expectation of privacy under the Charter.
In a five-four split decision, the court said a reasonable expectation of privacy is attached to the numbers making up a person's IP address, and just getting those numbers alone constitutes a search.
Full article
Tagging: @politicsofcanada
341 notes · View notes
canadiancryptid · 20 days
Text
Tumblr media
Hey so just saw this on Twitter and figured there are some people who would like to know @infinitytraincrew is apparently getting deleted tonight so if you wanna archive it do it now
390 notes · View notes
apas-95 · 2 years
Text
Tumblr media Tumblr media Tumblr media Tumblr media Tumblr media
. [Link to NHS data sharing form]
3K notes · View notes
ahb-writes · 3 months
Text
Tumblr media Tumblr media Tumblr media Tumblr media Tumblr media Tumblr media
(from The Mitchells vs. the Machines, 2021)
260 notes · View notes
transformativeworks · 9 months
Text
The OTW is Recruiting for Volunteers & Recruiting Volunteers
Tumblr media
Are you great at admin and enjoy the satisfaction of completing short tasks and ticking them off to-do lists? Or do you have experience in HR, volunteer management, data privacy and other related areas? OTW is recruiting volunteers!  Help us signal boost or read more at https://otw.news/1a3858
374 notes · View notes
localcryptideli · 4 months
Text
Soooo instagram gave me a pop up this morning that since now the EU made it illegal to harvest personal data to sell to third party without the explicit user's consent, one can either tell them they can harvest and sell your personal data or pay a subscription to use their apps.
Tumblr media
Like this is not even about ads, they are still allowed to show ads to users. They just can't harvest and sell personal data without consent anymore, and are throwing a fuss about it
Bite bite kill kill
152 notes · View notes
discrotter · 5 days
Text
Before TikTok gets forced-Americanized, can we all acknowledge that it was fucking stupid, and also really racist, to have said shit like, "TikTok is so bad because it gives your private information to China" when EVERY platform has to give their private information to the US if they ask AND they can sell it to the highest bidder?
37 notes · View notes
Text
Local European law PhD person is breaking down why Twitter is in trouble with European authorities - bc we live in a dystopia and I am procrastinating my research.
TL;DR : Twitter is loosing all the experts required to actually make (good, but really any) decisions regarding data privacy in Europe, and it's even funnier because they picked the one(1) European country that would give them the most tax cut but it's also the one that is really into dragging Big Tech all the way to the highest instances in the EU to make knock them down a peg.
But also more under the cut bc this is hilarious and I CANNOT WAIT for Elon Musk to discover the EU. Very much going to be a unstoppable force meets unmovable object situation, because trust me, TRUST ME, there are few things as slow, inhert and full of bureaucrats who are NOT on twitter as the EU. Anyway here is too many paragraph of me putting my diploma to good use or something, my Masters Director would be proud.
Step 1: TF is the GDPR, like, actually.
Ok the the General Directive on Privacy Regulation is a European Union Regulation, which sets clear rule on what you can and cannot do with people's information/data, in order to protect their privacy. It is very wide and very cool and the US wishes it had it (Except you, California, you're doing great).
And what's cool is also that the moment you want your digital services to be available on European territory, you need to comply with the GDPR. Doesn't matter where you are based, if it's not GDPR compliant, you don't get access to that sweet sweet European market.
For example, after the GDPR was entered into force, there were a bunch of US News Media website I could not access, because they were not complying with the GDPR yet, and were not willing to take the risk to infringe on the GDPR. Doesn't matter if they are not Europe based. What matters is the market. Dw they are fine now.
Ok, cool.
.
Step 2: Twitter was doing ok so far - I know, I'm surprised as well.
So Twitter is a US-based company, but blue-bird had to comply with the GDPR like everyone else. So far, so good-ish, and by that I mean that Twitter was not really targeted by any European or national authority for not complying.
But let me tell you the thing about the GDPR: it is. a. mess. Getting to UNDERSTAND what's even required guaranteed my cohort of European Law major that we would ALL be employed in the upcoming years. It is atrociously difficult. THE REGULATION HAS ITS OWN WEBSITE imagine a law having its own website, what the hell honestly.
The GDPR is challenging for your local true crime book club handling the email addresses of its 12 members, ok.
IMAGINE WHAT IT'S LIKE FOR TWITTER.
Behemoth social media platforms require a massive amount of workforce and expertise to make sure they comply with the GDPR. Like, I cannot stress the absurd amount of work and constant vigilance it requires. But they were doing ok.
.
Step 3: Elon Musk is an authoritarian manchild and Twitter is bleeding experts
I know both things are related but trust me, it's important to mention them separately, you'll see in a second.
Among the many high-ranking people who left, we have:
The Chief Information Security Officer
The Chief Privacy Officer / Data Protection Officier
The Chief Compliance Officer (unconfirmed officially but I would bet on it)
So they are trying to do some emergency creative problem solving by apparently having data engineers be the ones certifying compliance with the GDPR (lmao as someone who works with a bunch of data scientist I would pay money to see that happening) and nominate people to temporarily take over all these positions. To be transparent the guy they nominated as "acting GPO" (lmao I'm really feeling the confidence right now) does not seem fully incompetent, but this is still hilarious.
.
Step 4: Haha it's funny because it's Ireland
Now, ok, here is the kicker.
Twitter so far has been using a system that the GDPR allows, which is the One-Stop Shop. OSS means that Twitter picked the authorities of a specific EU State to report to, when it comes to compliance to the GDPR, it's easier for everyone than massive online companies like Twitter going to 27 different states to report what they are doing.
So they picked Ireland, because their European headquarters are based in Ireland.
HA.
I. WONDER. WHY. IRELAND???
(spoiler: it's because Ireland is a tax haven).
Now. You might think there is ONE problem on the table, but get ready, there are TWO, baby.
Haha Twitter's GDPR person has left, mate, you want to explain how you're going to comply with the GDPR when you don't have you GDPR experts anymore??
Elon Musk is, as stated before, an authoritarian manchild and the GDPR is also not super super fond of that, mate if you want the OSS system you actually need to give minimal guarantee that the data-privacy-decision-making is happening in the State of the OSS. When clearly, right now, decisions are happening wherever the hell Elon Musk decided to have his morning protein shake, and I'm pretty sure it's not Dublin. And also around 50% of the Dublin headquarters have been fired, so I don't know who is supposed to take decisions over there, honestly.
AND YOU KNOW WHAT'S EVEN FUNNIER.
IRISH COURTS IS REALLY. REALLY INTO EU LAW AND EU DATA PRIVACY
Like the case about the guy who sued Facebook for violating the right to privacy in the way it handled data? It's the Maximillian Schrems v Data Protection Commissioner case, and it comes from Ireland. Irish Judges had no issue being like "Yeah, Facebook or not, we're choosing violence".
.
Step 5: Ok now what ? Aka I sit back and grab some popcorn
So right now, Twitter is trying to convince the DPC that it's totally absolutely doing GREAT.
Sure Jan.
Anyway, the question is whether the DPC is willing to buy it. We know there has been meetings, and the DPC is at least putting SOME form of pressure on Twitter.
Outcome 1: the DPC is feeling petty and does NOT buy it. Then I'll write another post, but I think the DPC would give Twitter some time to put things in order and give enough guarantees before going on the offensive.
Outcome 2: the DPC buys it (because Dublin LOVES its Big Tech companies, and they are driving prices up to the point where Dublin is experiencing a massive housing crisis, it's fine, this is fine) . And we wait for an individual/NGO to bring a formal complain to the DPC, for the DPC to refuse it, and for the individual/NGO to challenge that decision before the Irish Courts and that becomes a whole new story that will warrant its own post - and I get to show off some useless knowledge on EU procedural law.
473 notes · View notes
fallintosanity · 2 years
Text
So y’all wanted more rants about information security & data privacy? Let’s talk about the two main privacy paradigms that are currently competing for dominance in Big Tech. For the sake of not writing a full goddamn thesis I’m going to only talk about models that actually address user privacy (so NOT Facebook’s “privacy is no longer a social norm” bullshit), and only in the context of the USA with a light dip into GDPR. 
Very broadly speaking, Big Tech in the US is coalescing into two camps regarding privacy: “opt-out privacy” and “opt-in privacy”. Apple is the flagship and main driver for the concept of “opt-out privacy”. Over the last few years, they’ve leaned heavily into the idea that data should be kept private by default, and only shared under limited circumstances at the user’s request. In other words, the user has privacy by default, and must opt out of that default for data to be shared.
Google is likewise the flagship and main driver for “opt-in privacy”: the idea that data should be shared broadly for the benefit of both the user and the service provider, and sharing is restricted on a case-by-case basis at the user’s request. In other words, the user shares data by default, and must opt in to privacy where desired.
It’s not a coincidence that Apple and Google are the leading drivers for Big Tech’s privacy models. Mobile phones are the most personal devices most people own: your phone goes with you everywhere, and on average, most people check their phones 344 times(!) per day. If you’re like roughly half of US mobile users, you have at least one personal health app on your phone. And until very recently, nobody was stopping shady advertising companies from harvesting every drop of user data they could from people’s phones. All this has made mobile phones one of the primary battlegrounds for digital privacy. 
Let’s look at Apple’s model first. 
(cut because this is 2k words and I don’t want to murder anyone’s dashes)
You’ve probably seen at least one variation of the recent iPhone privacy ads:
Tumblr media
And you’ve probably heard about all the features Apple has been introducing on iOS and the App Store to improve users’ control over who accesses their data, when, and why. Apple is going all-in on the idea that data sharing of any kind should be the exception, not the rule. They appear to be actively working to gut the advertising industry by methodically removing or blocking the mechanisms advertisers use to track users. 
Apple can afford to do this for a couple of reasons. First, they make the vast majority of their money by selling hardware, not data-fueled ads. While they do have an advertising business, according to Apple’s own privacy policy, “Apple’s advertising platform does not track you, [...] and does not share user or device data with data brokers.” They admit they do still perform some targeting, but claim they only do so if the targeted group contains more than 5,000 members - which is at least way better than Facebook’s ability to target a single person.  
This gets into the second reason why they can afford to gut the broader ads industry: Apple has a wealth of first-party targeting data (I’ll explain what that means in a minute), meaning that not only do they not need other advertisers or data brokers, but also that they’re in direct competition with those other advertisers and data brokers. So going all-in on privacy is good for Apple’s bottom line both from a user value perspective, and from a competitive one. 
Now let’s look at Google’s model. If you open your Google account, right on the first page of account management are two sets of privacy settings:
Tumblr media
Note the language used: “personalize your Google experience” and “choose the privacy settings that are right for you”. Google has two reasons to collect your data which are mostly tangential to each other. The first and most obvious is that Google-the-advertising-company needs your data in order to more effectively sell ads to third parties. This is what most people think of when they think about Google and privacy: Google wants user data to sell for profit. And, well, yes. Google has built its empire on the back of its ads business, and ads pay for pretty much everything else Google does. Google needs to be able to sell ads to keep funding all the legitimately cool shit it’s doing. 
Speaking of legitimately cool shit: Google-the-tech-company’s longest-standing desire has been to create the Star Trek computer in real life: a virtual assistant that “understands you, and [...] can have a conversation with you.” (That’s not just journalism speculation, either - it was explicitly the goal told by Larry & Sergei to employees when I worked at Google.) This is the second reason why Google needs your data: so it can be your own personal Star Trek AI assistant. As anyone who’s worked in an executive assistant role will tell you, you can’t provide useful assistance without having access to just about every component of your employer’s life. Similarly, if you let Google have access to your personal data, it can do a lot of genuinely useful things. 
This is why Google’s stance on privacy is so focused on choice: they’re trying to thread the needle between “if you give us your data, we can honestly improve your life” and “if you give us your data, we’ll sell it to third-party advertisers who do all kinds of unpleasant things with it”. The way they’ve internally resolved that ethical conflict is by believing - and trying to convince everyone else - that allowing them to sell your data for profit is a choice you willingly make in order to gain the benefits of Google’s technology. 
You can also see the split between opt-in and opt-out privacy in the two most influential laws regulating privacy and the use of user data. The California Consumer Privacy Act (CCPA), as currently enforced, uses the opt-in model: CA residents have the option to stop the sale of their personal data, but the law assumes that user data will be sold unless and until the user chooses otherwise. The CCPA even uses language similar to Google’s: on their website, they say the CCPA “gives consumers more control” over the collection, use, and sale of their data. 
The EU’s General Data Protection Regulation (GDPR), on the other hand, primarily uses the opt-out model. This reflects the EU’s stance that privacy is a basic human right, as codified in the 1950 European Convention on Human Rights. The GDPR holds that personal data may not be processed unless there is legal basis to do so, sets strict limits on what constitutes a “legal basis”, and requires companies to collect and use only the minimum amount of data required to fulfil the given legal basis. 
While the CCPA and the GDPR use opposite privacy models, the two of them combined with Apple’s insanely effective efforts to stamp out data harvesting (as well as another effort I haven’t talked about at all, which is the death of the cookie) are having an interesting effect on the entire advertising industry. To explain this, I need to sidetrack briefly into what I mean when I say “the advertising industry”. 
Most people think of Google and Facebook when they think of advertisers. And, yeah, those are two of the biggest ad-space sellers in the world - but there’s a lot more to the industry. Data brokers like Acxiom, Epsilon, and Oracle America are among the thousands of companies who buy and sell the user data that allows Google and Facebook to effectively sell targeted ad space. The reason you’ve probably never heard of them, however, is because (for the most part) they aren’t the ones who collect the data in the first place. 
To vastly oversimplify a stupidly complex industry, you essentially have two types of data brokers: first-party and third-party (with the user themselves being the second party). First-party entities are the ones that collect user data directly for their own purposes; third-party entities buy data from first parties and sell it to other third parties. One company can be both a first- and a third-party entity depending on the situation. For example, Facebook collects your data as a first-party entity, and sells it to a third-party marketing company (let’s say Acxiom). Acxiom combines Facebook’s data with data it’s purchased from other first- and third-party companies and uses it to sell ads. Amazon collects your data as well, making it a first-party entity on its own website. But if Amazon buys Acxiom’s datasets, Amazon becomes a third-party entity for that data. (Cookies are part of this whole data collection and usage ecosystem, but how they work is another entire essay.) 
Where the fuck am I going with all this? Back to CCPA, GDPR, and Apple. While they’re all going about it in different ways, the end result is turning out to be the same: a noose around the neck of third-party advertising. If companies are allowed to collect user data for their own legal purposes, but not sell it, then suddenly all those third-party entities become irrelevant and having first-party data is critical. This is what I meant earlier when I said Apple has access to a wealth of first-party data for its own ads business. Apple doesn’t need to sell user data because it makes money from hardware sales, and it doesn’t need to buy user data because it has its own. 
Google also has huge amounts of first-party data, but the difference between them and Apple is that Google makes the vast majority of its revenue from selling ads, which depend in part on all that juicy third-party data. Honestly Google is probably going to be okay here still; they have enough else going for them (including their move into hardware sales via the Pixel) that the loss of revenue from selling user data to advertisers won’t hurt them much. But companies who rely entirely on advertising and the sale of user data, like Facebook, will and already do see a huge revenue impact from the move to restrict access to user data. 
So what does all this mean for you, the user whose data is in question? 
It’s too soon to say for sure, but the good news is that it looks like Apple’s moves are forcing Google to shift further toward opt-out privacy than Google might otherwise have preferred. And for the vast majority of companies, it’s more cost-effective to comply with the various existing and incoming US privacy laws (including CCPA) by using GDPR as a baseline - meaning opt-out privacy may soon be the de facto standard. 
This doesn’t mean all companies are actually going to comply in good faith, or at all - already reports are showing “loopholes, bypasses, and outright violations” of Apple’s measures; and GDPR enforcement, especially against Silicon Valley, is painfully low. But privacy industry experts generally agree that the trend is toward stronger protection for users against the unwanted use and sharing of personal information. 
As a user, you can help this trend along by actively enforcing your privacy rights wherever you can. If you’re in the EU, take advantage of the GDPR and file complaints against non-compliant companies. If you live in California, exercise your CCPA rights by digging through the privacy policies and settings of your accounts until you find the “do not sell my personal data” toggle. Whether you have an iPhone or an Android, go through your device’s settings and enable every privacy protection measure you can. Likewise, if you have a Google account, take five minutes to go through their privacy checkup feature. It’s actually quite well done, and will give you a better idea of what Google is collecting about you. 
The more of us who do this, the stronger the signal we send to both Big Tech and legislators that we want these protections and we will use these protections if we have them. For too long, companies (like Facebook) have argued that users don’t really want privacy - but they’re dead wrong. We just have to prove it to them.
1K notes · View notes
Text
If you've ever used 23andMe to learn more about your family ancestry, you could be eligible for compensation due to a class-action lawsuit against the company.
Law firms in Toronto and Vancouver launched a class-action lawsuit against 23andMe this week in response to a data breach that exposed users’ highly sensitive and valuable personal information earlier this year.
"The action alleges that contrary to their promises, statements and representations, as well as the privacy regulation and industry standards applicable to them, [23andMe] did not introduce, implement or maintain proper or adequate data retention and data protection practices," reads the lawsuit.
Full article
Tagging: @politicsofcanada
148 notes · View notes
canadiancryptid · 20 days
Text
New privacy setting just dropped! Its turned off by default!
Tumblr media
Its under blog settings, for each individual sideblog. Bottom of the page. Don't know if you can get to it from app but you definitely can on desktop mode
61 notes · View notes
frownatic · 20 days
Text
Tumblr media
Apparently, if you opt out right now, chances are high that tumblr won't sell your info, but if you decide to do so later, you have to trust big AI companies to honour your request, there isn't a guarantee or regulation for it in place
39 notes · View notes