Skip to main content

Sleep-walking to a Bloody Revolution

According to The Guardian, the EU is about to tighten legislation on user tracking to apply to other means than just cookies.

However, no-one reads those cookie popups or EULAs anyway and you can't do much on the net if you don't blindly accept them. And I mean "blindly" since even though you could read them (most of us don't), you can assume that most users don't have a combined law and computing degree sufficient to be able to understand the implications of them regardless.

I like to think that I understand the computing aspects of these things but I also know that new techniques are developed daily to try to leverage more revenue from the end-user and place more responsibility on them than I can keep up with (or have the mental capacity to understand).

The  likes of Google, Twitter and Facebook are continually trying to capture more data about us and do so through the development of what appears to be "free" services. These services may seem nice but; as always, there's no such thing as a free lunch. They're making a lot more out of the combined mass of data they're collecting on us than we get out of it - after all, they're not charities, they're commercial organisations.

They're not interested in developing this stuff for your benefit; I wouldn't expect them to, and whilst we seem to talk about how relaxed sheep people have become about privacy online, at the same time these organisations have become that much tighter in how they share the data they have on us - individually and in aggregate form (anonymised preferably).

They give you free email or chat services, you let them spy on you so they can feed you with the right ad at the right time in the right place to milk the maximum revenue they can out of you. The algorithms are tuned to this model and they're getting better. We'll soon be letting them install a camera in the bedroom for the benefit of a free daily cappuccino...

So those seeking to extend existing legislation to cover alternative means of tracking which simply relies on "valid consent from the user" are part of the problem. They provide a fa├žade of transparency where there isn't any. They are the lawyers and computer experts who understand the scope of the possible and should be defining the law such as to make some of these techniques illegal without sufficient transparency in what data is captured, how it is used and who it will be shared with.

Ultimately, we need to be paid for the value of the data we provide to these organisations to offset what is becoming a serious discrepancy between the data-rich and the data-poor. The use of vast amounts of data by so few is increasing the imbalance between rich and poor and ultimately will be a disaster for the real economy. That intelligence organisations across the world want to make use of this data themselves and that market leaning governments are ideologically crippled to the point of inaction means we'll not do anything about this until it becomes a real problem - yet another bloody revolution is on the horizon. To address this the law needs to change and no popup is going to help.


Popular posts from this blog

An Observation

Much has changed in the past few years, hell, much has changed in the past few weeks, but that’s another story... and I’ve found a little time on my hands in which to tidy things up. The world of non-functionals has never been so important and yet remains irritatingly ignored by so many - in particular by product owners who seem to think NFRs are nothing more than a tech concern. So if your fancy new product collapses when you get get too many users, is that ok? It’s fair that the engineering team should be asking “how many users are we going to get?”,   or “how many failures can we tolerate?” but the only person who can really answer those questions is the product owner.   The dumb answer to these sort of question is “lots!”, or “none!” because at that point you’ve given carte-blanche to the engineering team to over engineer... and that most likely means it’ll take a hell of a lot longer to deliver and/or cost a hell of a lot more to run. The dumb answer is also “only a couple” and “

Inter-microservice Integrity

A central issue in a microservices environment is how to maintain transactional integrity between services. The scenario is fairly simple. Service A performs some operation which persists data and at the same time raises an event or notifies service B of this action. There's a couple of failure scenarios that raise a problem. Firstly, service B could be unavailable. Does service A rollback or unpick the transaction? What if it's already been committed in A? Do you notify the service consumer of a failure and trigger what could be a cascading failure across the entire service network? Or do you accept long term inconsistency between A & B? Secondly, if service B is available but you don't commit in service A before raising the event then you've told B about something that's not committed... What happens if you then try to commit in A and find you can't? Do you now need to have compensating transactions to tell service B "oops, ignore that previous messag

Equifax Data Breach Due to Failure to Install Patches

"the Equifax data compromise was due to their failure to install the security updates provided in a timely manner." Source: MEDIA ALERT: The Apache Software Foundation Confirms Equifax Data Breach Due to Failure to Install Patches Provided for Apache® Struts™ Exploit : The Apache Software Foundation Blog As simple as that apparently. Keep up to date with patching.