Twitter Accused of Obliterating Its Users' Privacy Choices (eff.org) 102
The EFF's staff technologist -- also an engineer on Privacy Badger and HTTPS Everywhere, writes:
Twitter greeted its users with a confusing notification this week. "The control you have over what information Twitter shares with its business partners has changed," it said. The changes will "help Twitter continue operating as a free service," it assured. But at what cost?
Twitter has changed what happens when users opt out of the "Allow additional information sharing with business partners" setting in the "Personalization and Data" part of its site. The changes affect two types of data sharing that Twitter does... Previously, anyone in the world could opt out of Twitter's conversion tracking (type 1), and people in GDPR-compliant regions had to opt in. Now, people outside of Europe have lost that option. Instead, users in the U.S. and most of the rest of the world can only opt out of Twitter sharing data with Google and Facebook (type 2).
The article explains how last August Twitter discovered that its option for opting out of device-level targeting and conversion tracking "did not actually opt users out." But after fixing that bug, "advertisers were unhappy. And Twitter announced a substantial hit to its revenue... Now, Twitter has removed the ability to opt out of conversion tracking altogether."
While users in Europe are protected by GDPR, "users in the United States and everywhere else, who don't have the protection of a comprehensive privacy law, are only protected by companies' self-interest..." BoingBoing argues that Twitter "has just unilaterally obliterated all its users' privacy choices, announcing the change with a dialog box whose only button is 'OK.'"
Twitter has changed what happens when users opt out of the "Allow additional information sharing with business partners" setting in the "Personalization and Data" part of its site. The changes affect two types of data sharing that Twitter does... Previously, anyone in the world could opt out of Twitter's conversion tracking (type 1), and people in GDPR-compliant regions had to opt in. Now, people outside of Europe have lost that option. Instead, users in the U.S. and most of the rest of the world can only opt out of Twitter sharing data with Google and Facebook (type 2).
The article explains how last August Twitter discovered that its option for opting out of device-level targeting and conversion tracking "did not actually opt users out." But after fixing that bug, "advertisers were unhappy. And Twitter announced a substantial hit to its revenue... Now, Twitter has removed the ability to opt out of conversion tracking altogether."
While users in Europe are protected by GDPR, "users in the United States and everywhere else, who don't have the protection of a comprehensive privacy law, are only protected by companies' self-interest..." BoingBoing argues that Twitter "has just unilaterally obliterated all its users' privacy choices, announcing the change with a dialog box whose only button is 'OK.'"
Any of the FANGs (Score:1)
Re: (Score:3)
Since Twitter is a private web site, which no one is required to use, you always have the "privacy choice" of just not sending your data to it. Not super-complicated...
Re: (Score:2)
Re:Any of the FANGs (Score:4, Informative)
You have two options:
Move to a GDPR jurisdiction, if they would have you
Get your legislature to pass privacy protection laws instead of serving Big Advertising
Re: (Score:2)
Three, there are three options. The third option is stop using social media. They can't track me if I choose not to play.
Re:Any of the FANGs (Score:5, Interesting)
In theory. Zoom recently got called out [nypost.com] for sharing data (apparently unknowingly) just by using FaceBook's SDK. FB (and Google) put out a lot of "free" libraries that many developers use. Wouldn't take much to further turn up the dial on spying by way of updating these libraries.
Re:Any of the FANGs (Score:5, Insightful)
Three, there are three options. The third option is stop using social media. They can't track me if I choose not to play.
2 words: Shadow profiles. At this point it's virtually impossible for anyone living in a Western state to not have the social media companies have some sort of profile/tracking of them.
Re: (Score:2)
Don't you expect your government to protect it's citizens right to privacy? Alas, your government consists of a bunch of millionaire and billionaire self-centered bigots. There is no one to help you with your 'want to hide' from the likes of any of the 'social media' platforms. The way they see it: If these idiots are willing to do away with their privacy in the name of being virtually social, then they don't deserve privacy.
And I agree.
Re:Any of the FANGs (Score:4, Insightful)
Three, there are three options. The third option is stop using social media. They can't track me if I choose not to play.
That's not a totally reliable option these days. If you have family, friends, or colleagues who are on social media, then those social media companies know at least some things about you by proxy. At least in Europe, under GDPR, there are legal restrictions on what they can do with that information.
Re: (Score:2)
That's really not true. They might not know your name, but they're still tracking you by loading tracking cookies on you across multiple sites. Given that only one of the conspiring websites needs to leak your identity for this "metadata" to become personally identifiable data, we might as well assume it's identifiable already.
Re: (Score:1)
Re: (Score:2)
You're wrong. GDPR is applied based on residence in the EU. You're only covered by GDPR if your legal residence is within the EU. If you're a EU member citizen, but work in the US and are a permanent resident there, GDPR does not apply to you.
Re: (Score:2)
Stop using Twitter
Stop using FaceBook
Stop using Zoom
Stop spending all of your time on line
Get a life
Re: (Score:2)
Welcome to the real world, naive netizen:
https://www.dailydot.com/uncli... [dailydot.com]
And bless your heart!
Re:Any of the FANGs (Score:4, Informative)
Re: (Score:2)
You control your computer and what it does, don't you? You can get fancy and sophisticated and install an ad-blocker extension, or just set twitter's domains to localhost on your network, or point your DNS to any number of ad-blocking services, or anywhere in-between.
Why would you let some random web-site determine which other computers your computer exchanges data with?
Re: (Score:1)
You control your computer and what it does, don't you?
No you don't. Have you ever been infected by a virus? Received a phish? Total control of your computer is no different than total control of your life - a fantasy.
Re: Any of the FANGs (Score:2)
Nope, they've never taken over my computer and forced me to visit Twitter.
I've cleaned up plenty of other people's computers, though. They weren't being forced to send their private data to Twitter, either.
Re: (Score:2)
No you don't. Have you ever been infected by a virus?
Not since the XP days and even then not since I changed my ex-wife's account to a limited rights user.
Received a phish?
I get them all the time. Don't open shit that you haven't verified out-of-band. Don't click on email links. Run ad blockers and uMatrix. I toggle off javascript going to new sites. Turn off email auto-render. Even my youngest boy knows better and he loves to screw with the repair guys from "Windows".
Re: Any of the FANGs (Score:2)
I move on. If it's only on Twitter and I can't access it from a private browser window, then I move on. I seem to be surviving just fine. If I really wanted access to the content, Iâ(TM)d complain to the content owner. I've survived this long without subscribing to Twitter, so I'm not going to start using it now.
Re: (Score:2)
That's why you use uMatrix in your browser to block such scripts. The same with Facebook and Google.
I thought this was a tech site?
Re:Any of the FANGs (Score:4, Insightful)
Since Twitter is a private web site, which no one is required to use, you always have the "privacy choice" of just not sending your data to it. Not super-complicated...
right. now you only have to educate several million people on this ...
the problem with this kind of stuff is not that much the direct impact on individuals, but how it acts on entire societies. which mid/long term will have an impact on all individuals. nobody is really safe from this, and that's why a bit of sensible regulation is appropriate.
Re: (Score:2)
Re: Any of the FANGs (Score:2)
Private, as in privately owned, as opposed to a site you are required to use by the government.
Re: (Score:3)
Re: (Score:2)
It's a 50/50, since the acronym is usually FAANG, though I guess now it's TFAANG?
Re: (Score:1)
Privacy is important to me. The little truck I have with social media is aliased. I don't use Google for searching. But I'd be existing like a beast if I didn't have access to E-commerce. People can't always get out. We don't have enough time. We get old. We get injured. We get sick. Yes, you too, Libertarians.
Imagine Covid-19 could be spread via the Internet. We'd see just how many people are capable of social distancing.
Re: Any of the FANGs (Score:1)
Better to say, any Surveillance Valley company funded by the Sandhill Road money cartel.
Re: Any of the FANGs (Score:2)
Netflix is not selling your info. Their profiles of viewing behavior is one of their value props, so there's good reason not to sell your info. And they don't run ads, so there's no anonymized data being used for targeting by third parties.
Almost all privacy problems come from ad-based business models. Avoid ads, and you mostly avoid privacy problems.
https://www.fool.com/investing... [fool.com]
Re: Any of the FANGs (Score:2)
And actually, Apple's in the same boat. Along with Netflix, that's 40% of FAANG.
Re: (Score:2)
Netflix isn't selling viewing data to Hulu and the like because doing so would undermine their market position. What makes you think they won't sell that to amazon and the like so they can sell you more gadgets if you watch Sci-Fi, or more weapons if you watch zombie movies?
Re: Any of the FANGs (Score:2)
You bother to read the article I linked to?
Re: (Score:2)
Well color me shocked (Score:3)
Big data providing take privacy settings but doing whatever the hell they want anyway? Wow, I sure didn't see that one coming...
Re: (Score:2)
Yet another reason why I'm glad that I've never joined the twits on Twitter. Anything more complex than the recipe of a sandwich deserves more than 280 characters to be worth reading.
Well, Twitter is optional (Score:1)
Re: (Score:2)
Your life isn't going to end if you stop using Twitter. It's ok to vote with your feet by closing your Twitter account and never using them again.
Nah, upload a few TB of stuff, and never quit, just don't ever log in.
Re:Well, Twitter is optional (Score:4, Insightful)
How do I make Facebook, Google or Twitter close that shadow profile that they are building on me without me ever registering with them?
Re:Well, Twitter is optional (Score:4, Interesting)
Move to GDPR-land and submit a Data Subject Access request. See what they have on you and then submit a further request to have them delete the data and never process data about you again. Then file a complaint with your newly local data protection authority because they processed your data without your permission or any good reason.
Re: Well, Twitter is optional (Score:3)
Californias CCPA just came into effect as well. Its not as strong as GDPR but for people in the US state of California its worth becoming acquainted with your rights under CCPA.
Re: (Score:2)
> How do I make Facebook, Google or Twitter close that shadow profile that they are building on me without me ever registering with them?
Invent a couple fake names, pay for things with cash, and stop using your computer.
You don't get to be a slave to this stuff AND get it for free.
Re: (Score:2)
Says the SlashDot user who is afraid to post under his username. Got it.
Re: (Score:2)
For those who want the store discounts associated with the 'loyalty' card but don't actually want to be tracked, use the following phone number:
321 123 4567
Works almost everywhere, and there are several hundred (at least) of us using it. (Safeway used to take it out of the DB occasionally so we kept putting it back in until they gave up.)
Re: Well, Twitter is optional (Score:2)
Blocking third party cookies and JS is a really good start.
Re: (Score:2)
As they used to say about Hotmail, "If the service is free you aren't the customer, you're the product."
GDPR works (Score:5, Insightful)
Previously, anyone in the world could opt out of Twitter's conversion tracking (type 1), and people in GDPR-compliant regions had to opt in. Now, people outside of Europe have lost that option. Instead, users in the U.S. and most of the rest of the world can only opt out of Twitter sharing data with Google and Facebook (type 2)
Shows you that GDPR actually works to protect people's privacy, even though naysayers had been claiming it won't for years.
Rather than wasting effort to try to yell at Twitter, better spend it to get GDPR-like legislation in your own country.
Re: GDPR works (Score:2)
Fuck that. Privacy protection isn't worth the "accept cookies" popups. We can do better than the EU. Stop trying to develop privacy protections and focus on data ownership. We don't need a system where we opt-in or out of collection. We need an open market where people can monetize their data and use FB and others to collect income.
Re: (Score:2)
Fuck that. Privacy protection isn't worth the "accept cookies" popups.
America in a nutshell. You happily sell out yourself just so you don't need to click a button.
Re: GDPR works (Score:2)
Personal responsibility seems to be a uniquely American value. I'm ok with that. I disable cookies. I disable JS. GDPR wouldn't do shit for me even if I was in Europe.
Except of course the ever-present "allow cookies" button fucking everywhere. It's a fucking nightmare. Because I disable cookies, I can't get the overlays to go away. And because I am aging, I zoom in text all the time, which means the overlays sometimes cover half the view.
Fucking stupid regulation serves no goddamned purpose. ESPECIALLY in E
Re:GDPR works (Score:5, Insightful)
Such effects, should they exist, do not outweigh the unintended negative consequences of GDPR, which was never subjected to the democratic processes of the nations it is imposed on.
To the contrary. The GDPR is basically the legislation the people wanted and is a development and standardisation of the legislation that almost all European countries had individually and the GDPR has actually been implemented by democratically chosen legislation in each country. The lack of privacy legislation is what oligarchs like those running Google want, Microsoft, Facebook and Twitter would like. This shows that the European Union is and actual effective democracy - ruled according to the wishes of the people that live there. Compare, for example, the United States has been shown to act like an oligarchy [bbc.co.uk] and it's easy to see why very popular privacy measures keep getting blocked there. What's really interesting is that the EU is probably the only place where the privacy laws protect people from the governments that write the laws. E.g. China, Russia etc. have pretty strong privacy legislation but their governments just get to ignore that.
Re: (Score:1, Troll)
"The people" didn't ask for GDPR. In the UK, I expect it will be pulled apart in the next few years.
>> " lack of privacy legislation"
False. We had no such "lack". The UK had the perfectly adequate Data Protection Act.
>> "protect people from the governments that write the laws"
That's another way of saying prevent people from using our democratic national governments to change laws.
You have that backwards (Score:1)
You have that completely back to front.
UK was in the driving seat on GDPR, its DPA laws being the model for it. GDPR merely made EU-wide the DPA legislation of UK and other leading members of the EU who already had strong consumer laws and protections, and made the rest of the world aware of our DPA compliance needs through the unifying banner of "GDPR".
As a result, when GDPR became EU law, it required no change at all within the UK, other than replacement of text referring to "DPA" by "GDPR". This is li
Re: (Score:2)
> "The people" didn't ask for GDPR. In the UK, I expect it will be pulled apart in the next few years.
You man pulled apart by the Tories. Who you well know "the people" didn't vote for.
> False. We had no such "lack". The UK had the perfectly adequate Data Protection Act.
False. The DPA was entirely inadequate. It was large, complex and lacked the teeth to make penalties anything more than a very minor cost of doing business.
> That's another way of saying prevent people from using our democratic nat
Re: (Score:1)
The people did indeed vote the Tories, and have been doing so for the last decade.
The DPA was perfectly adequate. It did what we need, and avoided the overreach and unforeseen side-effects of GDPR.
Having a legislature able to make laws isn't a "disaster". The alternative is a non-democratic state, of the kind we in the UK keep rejecting.
Democracy isn't "volatile". Your language betrays your fear of other people.
Re:GDPR works (Score:5, Insightful)
Such effects, should they exist, do not outweigh the unintended negative consequences of GDPR, which was never subjected to the democratic processes of the nations it is imposed on.
That's strange. I directly elected a representative that helped propose and negotiate the GDPR legislation through the EU parliament before it was passed to the EC where the democratically elected leader of my country had his say on the proposal including the right to veto it.
I guess "democracy" in America means "do whatever the corporations tell you".
Re: (Score:2)
Using DoH doesn't mean you have to give your info to Google or Cloudflare or anyone else. Anyone can run a DoH server and (as far as I am aware) there is nothing in any of the browsers that suppport DoH which prevents the user from changing the DoH server to whatever they want.
Re: (Score:2)
Using DoH doesn't mean you have to give your info to Google or Cloudflare or anyone else. Anyone can run a DoH server and (as far as I am aware) there is nothing in any of the browsers that suppport DoH which prevents the user from changing the DoH server to whatever they want.
Hey look I have this server here that performs DNS queries and proxies the responses to http clients... It's the very best of both worlds... use of insecure DNS transport AND everything over HTTP..... ??? I don't understand.
Then.Stop.Using.It (Score:3)
Who needs Twitter anyway?
To follow the president's latest rant about Russia/China/Greenland?
Re: (Score:2)
Who needs Twitter anyway?
The mainstream media. Its their entire existence now.
Re: (Score:2)
And here I was under the impression that the "alternative" media needs it more, having no outlet themselves.
Re: (Score:2)
The "alternative media" as you call it, is...
Joe Rogan (Podcast, Youtube)
Dave Rubin (Youtube)
Jimmy Dore (Youtube)
Tim Pool (Youtube, Minds)
Steven Crowder (Youtube)
Ben Shapiro (Podcast, Youtbube)
These are the most popular of them afaict, on both sides of the isle, and none of them rely on twitter. Some of them do tweet, such as Jimmy Dore. His tweets are always roasting those that rely on tweets.
Re: (Score:2)
Twitter, Youtube, Reddit, ... you think any of them gives a fuck about your privacy? Not to mention that some of the people you list there aren't exactly the paragons of sensible journalism, protection of sources, independence and seriosity, and don't really give two shits about the privacy of their targets either.
It's very simple: Leave Twitter (Score:3, Informative)
When all this virus shit is over and done with, be 'social' with people in real life.
So-called 'social media' has tricked everyone into believing that 'being social' on the internet is equivalent to actually 'being social' with actual people; it is emphatically not. As a result people have had their actual social skills sabotaged. Also, by using fake-ass 'social media', you open yourself up to being fed misinformation and outright lies by people and organizations who wish to foment chaos in our society.
Leave social media, now. If it's not clear enough to everyone by now that they wish you no good whatsoever then I can't imagine what it'll take to get it through everyones' heads.
Re: (Score:3)
Leave Facebook and all other so-called 'social media' while you're at it. You don't need it. Use email, texts, phone calls, or write letters and mail them instead..
I don't think this is enough of an answer. In my fishing (lets say) club and my pigeon racing club we use the internet to coordinate. You need somewhere for people to announce events. In both they have some kind of forum software. In one of them it's good and well integrated with email / notifications etc. so it ends up working. In the other one it's a bit clunky and the life has been sucked out of it by other people moving to facebook. If you don't follow any social media then you won't hear about an
Re: (Score:2)
There needs to be something that's independent free and better. Preferably something that's completely distributed.
TANSTAAFL. Look that up if you're not familiar with it. 'Social media' sells you down the river. Any so-called 'free' 'service' is going to do the same. Hosting costs money. So do domains. So do peope to keep t
Re: (Score:2)
Re: (Score:2)
You do realize that SlashDot and other online forums are 'social media', don't you?
Re: (Score:2)
Leave Facebook and all other so-called 'social media' while you're at it.
How do you leave social media when every website you visit runs their scripts, every news story you link embeds a twitter feed, and most relevant information is often shared on social media first?
Twitter allows not opt out! (Score:4, Informative)
In reality everyone can opt right out of using twitter if they push unreasonable things.
Be honest! Is Twitter like air, food, sleep and water?
Just my 2 cents
Re: (Score:2)
Be honest! Is Twitter like air, food, sleep and water?
Yes. Everywhere you go you will continue to be exposed to twitter, and unless you white list all code you come across while online you too will be running some twitter code on your computer. You effectively can't function normally on the internet without stumbling across some direct link to twitter.
By the way is that a social link to Twitter I see second from the left under ever Slashdot story? I hope your browser doesn't pre-fetch content.
Re: (Score:2)
I just blacklist twitter (and others) in my hosts
It's hilarious that you think this prevents them from having data on you.
Did Donald Trump Click ? (Score:2)
Donald Trump uses Twitter daily. Did HE click accepting this policy? If so, did he accept it only on behalf of himself as a private citizen (already ruled not applicable), as himself as President of the United States (likely, and if so does this apply to future POTUSs?) or was it accepted by a minion using his account (against Twitter T&Cs) and which accepted (against Twitter T&Cs) the change?
What other rights did he give up... or forge if it is was a flunky?
When I sign a contract, I'm expected t
Fuck Twitter (Score:3)
California Consumer Privacy Act of 2018 (Score:2)
While users in Europe are protected by GDPR, "users in the United States and everywhere else, who don't have the protection of a comprehensive privacy law, are only protected by companies' self-interest..."
What about California's Consumer Privacy Act of 2018? Doesn't that law required Twitter to provide users an option to opt out of having their data shared with third parties?
Which is worse? (Score:2)
"Obliterating" it, or just ignoring it like everyone else? At least Twitter is upfront about not giving a flying fuck about your privacy concerns.
s/at/as/ (Score:2)
Yeah, I proofread. Didn't help a thing. Nurse! More coffee please!
P.S.: Trigger-based moderation again. (Score:1)
Was the humor too crass for you, moderators?
From past experience, I must say, that sadly, here on Slashdot, you really have to drive an argument in with a sledgehammer, for them to have any chance of getting it. Otherwise, only circle-jerking in the filter bubble ever passes.
The cost of vanity (Score:2)
Privacy policy of our IoT system, 0 information le (Score:1)
Cool (Score:2)
" last August Twitter discovered that its option for opting out of device-level targeting and conversion tracking "did not actually opt users out.""
Cool.
"after fixing that bug, "advertisers were unhappy. And Twitter announced a substantial hit to its revenue..."
Awesome.
So they not only proved they owe at least civil damages to users, they helped establish a substantial baseline amount for those damages.
What if I just never ever click an ad? (Score:2)
The way this is described, *IF* I click a Twitter ad for a mobile app, the app owner is informed of the conversion.
If I never click such ads -- and I never will, mostly because I only use Twitter from the browser and only with browsers that provide adblock -- then nothing about me will ever be shared.
Am I reading this correctly?
Mass changing of "online" citizenship (Score:2)
I'm wondering how difficult it would be to tell Twitter/Facebook/etc that an individual is now a citizen of the EU or wherever they choose, which would force said companies to apply whatever laws that area enforces. Wouldn't it be interesting if millions of Americans suddenly because "Belgians" in a short timeframe?
Re: (Score:2)
No, because they are in the EU, i.e.GDPR
Twitter Broken (Score:2)
When I go to any twitter page it says "Your security is too strong for us to penetrate. Please turn off all security and try again".
I will not turn off security in order to view twats on twitter (twitter is where all the twats hang out).
Nothing lost in my opinion.
Re: (Score:1)