I also applaud this and personally would prefer to just pay for services instead of being the product, but I'm afraid this is not a popular opinion. People don't want to pay, at least not knowingly. I'm curious how this will play out.
I also applaud this and personally would prefer to just pay for services instead of being the product, but I'm afraid this is not a popular opinion. People don't want to pay, at least not knowingly. I'm curious how this will play out.
I love NOYB, please donate to them (recurring is better), they do very impactful work to safeguard our privacy.
It's incredible how such an important issue relies on essentially a single individual out of 300+ million.
Do you mean NOYB? Aren't they a team?
That ONE person out of 300m in the EU bothered to chase this topic.
It’s a bizzarely opaque statement since the population of the EU is over 400M. (Meanwhile the US population is over 300M.)
How many of those are 18 and over?
Oh, really? Even more opaque. You don’t need to be of voting age (??) in order to be an activist or political in some sort of way. I’m pretty sure that Greta Thunberg wasn’t when she became famous.
Schrems is so much more than a teenager activist.
Anyway, if this thread leaves you frustrated then maybe just don't participate in it?
The EU has 100's of millions of people, not all of them are in a position to bring this kind of effort because it requires bringing suit (which children may be able to do but don't generally do) and a very large chunk of a lifetime's worth of dedication. So in an attempt to roughly indicate the order of magnitude of difference between the number of people that could have taken action but didn't I used the 300 million figure. I haven't checked it for accuracy and Greta Thunberg notwithstanding the fact that you bring her up as an example is exactly because such individuals are so rare which is exactly the point that I was making.
Without Schrems for privacy and without Thunberg for climate change these subjects would get less attention than they do, and both of them have been instrumental in making meaningful change when in fact both of these subjects should concern the vast majority of that 300 million, give or take.
Yes, I'm asking who this "one person" is. This is being chased by NOYB, an organization of multiple people.
Not OP, but Max Schrems (and that's why the decisions related to this are called Schrems, Schrems II et al.). To be fair, he leads NOYB (so it's not just him), but he has a personal interest here.
We don't know the name, the article states that the org is putting itself in front. I am not surprised someone doesn't want to get entangled with Meta and use his/her own resources to fight this beast.
That ONE person out of 300m in the EU bothered to chase this topic.
Meanwhile, others of us in the EU simply delete their FB accounts and don't look back. (Right at 5 years ago, fwiw.)
Ultimately, there aren't that many people who have the technical knowledge, the ideology (that the internet should be for the good of the general public, not for corporations), the dedication and the time - and those who do exist are split between multiple issues (e.g. preventing the CSAM bill).
In this case, it's specifically that not all DPAs are doing their job correctly: some due to understaffing, others arguably due to ideological reasons.
I partially blame the GDPR itself - I still stand behind the spirit of that law, but it's IMHO not strict enough (or has too many loopholes): I think the selling of personal data to third parties should have been banned outright.
They're a team but if not for Schrems I doubt the whole thing would have happened.
Having done a fair amount of important-but-niche work.. yeah. There are genuinely very few incentives to do this sort of work. It's very much to the point where doing stuff like this necessitates being aggressive towards people who aren't used to that sort of interaction, which is socially extremely difficult to do. And that often even means being aggressive towards colleagues who tend to have softer opinions on things. The alternative is languishing in hidden problems. The folks who end up doing this work, IME, have been burned pretty hard in the past and have decided to continue to wade through the potential of being burned again. Not many people do that.
Have they said anything at all regarding TikTok? Search seems empty.
This is an interesting argument. I wonder how it would be handled if Facebook instead had a 2-tier system where both tiers were paid. So you'd have to pay a base fee to use Facebook (and get tracked) and then a premium tier to remove the tracking.
Putting aside the obvious ethical issues with such a system (that are obviously the reason why NOYB is filing), the "as easy to withdraw as it is to give" setup would be kept in such a situation I think.
Ethically, paying for privacy has in my opinion no place in a post-GDPR world (and I do support the GDPR) and it's shameful that several DPAs have tacitly approved of it for local newspapers. Facebook doing it will likely drag the practice to CJEU, which is the worst outcome for this scheme because CJEU tends to not like GAFAMs "it's not against the letter, but against the spirit" crap in the slightest. I personally wouldn't be surprised if CJEU ends up shooting down the scheme as violating the GDPR.
the "as easy to withdraw as it is to give" setup would be kept in such a situation I think.
Debatable. Let’s say the base fee was 1€ and premium was 1000000€. Not many people could afford the latter. Even if it were 25€, or 10€, or even lower, as long as there’s any price discrepancy, one is not as easy as the other.
Who cares? No one is making you use Facebook. It is totally okay to walk away and say "nah, I don't want to be tracked."
You can consume alcohol and various drugs in the EU but can't say yes to consenting to tracking. Absolutely absurd.
There are plenty of jobs where not using Facebook is not an option. "You could just get a different livelihood" is generally above the threshold of when the legal system considers it "forcing" someone. Don't like working 14 hour days? Just get a different job... is not how worker rights work (at least in Europe).
No one is making you use Facebook
Did you ever hear about the network effect? An example: https://news.ycombinator.com/item?id=38954091
but can't say yes to consenting to tracking
You can. But how do you not consent?
Are you saying that it's OK for Facebook to break the law and violate users' privacy, because users have the option of not using Facebook? Like, it's OK to mug people in Brixton, because if you don't want to be mugged you can just avoid Brixton?
Anyway, Facebook tracks people who've never visited the Facebook website, via their fkin Like button. So yes: people are making me use Facebook.
There are things you can't put in food even though you can choose not to eat it.
Individual action does not work for some issues. This is one of them.
Tracking is everywhere. It is not just facebook. It is every website and there is no realistic alternative as an individual user except be excluded from majority of the internet.
could you please explain what those abbreviations mean? I know GDPR, but the rest are obscure to me.
NOYB: "None of Your Business", it's the site being linked. They're a customer rights activist group led by Max Schrems whose self-declared job appears to be "drag every business in the world to the attention of the DPAs to make sure they're both compliant and don't do any funny business with the GDPR".
DPA: Data Protection Authority. They're local to each EU country (including those that aren't full Member States but do follow EU laws) and it's their job to enforce the GDPR at a country level. Usually they're a government department. The one you hear the most in the context of GAFAM enforcement is the Irish one, which is infamously underequipped and overburdened because GAFAM has lobbied the Irish government to not take enforcement seriously so all GAFAM companies can put their EU headquarters there (which permits them to only have to comply with the Irish DPA, something called the "one-stop shop" solution.)
CJEU: Court of Justice of the European Union. Think SCOTUS but for the EU. While technically the CJEU doesn't operate on the concept of precedent (its main job is enforcing that Member States follow EU laws and directives correctly), their interpretations of EU law are the final interpretation of those laws. Usually once a case has gone through a DPA and isn't resolved satisfactorily (or isn't complied with), it ends up before CJEU. GAFAM has dragged basically all enforcement cases before CJEU to drag out the process.
GAFAM: An abbreviation referring to the five largest American tech giants: Google, Apple, Facebook, Amazon, Microsoft. Usually is used as a shorthand for the "big tech" side of the IT industry.
With Google->Alphabet and Facebook->Meta, we can now use MAAAM instead.
I personally would prefer MAMAA instead
Interesting, how many of the 100s of newspapers in the EU that are doing exactly the same thing as Facebook has he dragged into court for doing it? They've been doing it for a lot longer. I do see some cases against Conde Nast, but that's not for this behavior.
I do think it's good though when somebody will go and try to take the most extreme position of some law so that the lawmakers will maybe realize that they got it wrong.
Ethically, paying for privacy has in my opinion no place in a post-GDPR world (and I do support the GDPR) and it's shameful that several DPAs have tacitly approved of it for local newspapers.
Is that paying for privacy or paying with privacy?
Of course it does. I have noo idea what happens if I press "Save settings" on all these cookie banners. Pretty sure somewhere there is a hidden checkbox that allows everything. It probably still tracks, just makes you happy reading the giant popup list.
They invented "essential cookies for marketing purposes" anyway. And after there was this "You accept tracking ads or you pay to us" popup.
Similar issue with Reddit's privacy "settings" last I checked. I'd uncheck everything. Then I'd go back. Some stayed unchecked. Some didn't. Go figure.
Could just as easily be malicious or just bad developers.
From a compliance perspective, does the difference matter?
Not at all, malicious may even be preferable as that's easier to correct than "skill issue." But I would argue it does matter from the "$TECH_CO bad amirite" perspective.
An organisation is what it does. Not really relevant whether the CO is malicious or incompetent, if the result is the same.
I completely understand Meta finding profitable ways to skirt around the law - even breaking it subtly at times.
But I'm very surprised the apparent offsenses are so large and so obvious.
I was expecting them do do more subtle things like 'accidentally' asking users their cookie preference every time they use the site till they hit accept, and then never asking them ever again. When investigated, they can easily say 'oh, it was a bug because the fact the user rejected cookies was itself stored in a cookie'.
But I'm very surprised the apparent offsenses are so large and so obvious.
As long as it continues to be more profitable to go big when they break the law that's what facebook will do. Same as any other company. No need for facebook to even try to hide it because the fines/slaps on the wrist just don't matter. Try locking up CEOs or shareholders and watch how quickly they start following the law.
Meta missed the part where their reparation doesn't have to be an easy fix. They dug themselves into a hole
And why would they care when this will result in a fine that is less than they generate selling their user's lives to whomever.
Clear violation, yet so many online "newspapers" do it. Pay or get tracked and have ads shown. Despite a ruling that it's unlawful.
Which specific ruling? The DPAs of a couple of EU member countries, on "pay or okay"?
Are you talking about what online newspapers do in EU, US or where?
I haven't touched Instagram since they offered this ultimatum.
Hopefully I can wait it out. The only reason I might have needed to use it would be to reach people whose contact I only have on there.
Same with me and Facebook, I missed out on a christmas get-together among long time friends because of it :/
At least the group who did show up "blamed"* the host for only inviting to the event via FB, which I see as a massively positive sign of the culture slowly changing
*Not in a negative way, but in a "what did you expect, only inviting people via facebook" kinda way
The DPC (if it is legally an option) should go for the highest possible fines available to them at this point, since Meta has by repeated and wilful infringing made it pretty clear that they will try anything to get around these laws.
Like I have some sympathy for a legacy business that simply mismanages their GDPR obligations and buys some dodgy "compliance management" solution and ends up infringing - there a "slap on the wrist" light enforcement is appropriate.
But Meta has been entangled in GDPR enforcement since the beginning, repeatedly, who clearly understood the regulation to begin with and went straight out of the gates attempting to workaround and arguably being the reason the regulation was enacted in the first place.
I really want to see those 4% of global revenue fines piling on at this point.
The DPC is corrupt and does not want to go for the highest possible fines. They have been extremely lenient towards Facebook despite being able to impose harsher punishments.
I wish the EU would grow some balls and tell Ireland to fuck off with their shenanigans of letting these companies get away with everything.
Meta should be getting fined for every red cent they steal from users, 4% of global revenue doesn't even come close to the sort of fines that scumfuck of a company deserves.
Facebook should be forced to pay € 251.88 per year to all the user who consented to keep the symmetry. It's only fair if that's how much data violating basic privacy is worth to Facebook.
Deliberately leaving HTTP 402 reserved and undefined so Internet will stay free beer was a grave mistake.
I would never have expected it, it's such a nice company
If one reads the complaint, really all the complainant is trying to do is to change his subscription from unpaid to paid.
First he subscribes to Facebook and Instagram for free, an unpaid subscription where he agrees to receive targeted ads.
Next he tries to change his subscription to paid, presumably with terms where Meta agrees not to send targeted ads.^1
Signing up for the unpaid subscription can be done with a single click.
Signing up for the paid subscription cannot.
"When the complainant finally reached the correct page, he was confronted with two options. The first preselected and reflecting his current situation was to continue using Facebook with trackers (Kostenfrei mit Werbung verwenden). The second entailed the purchase of a 9,99 monthly subscription, in order to have access to the service without being tracked (Aboabschlieen und ohne Werbung verwenden) see screenshot below, left side."
There should really be a third option: unsubscribe.
1. But does data collection still continue. Meta would probably argue it needs to track everything the complainant does while logged in to the Facebook and Instagram servers for "security" but without any restrictions on how they can use the data collected. We have already seen Facebook and Twitter getting caught using collected telephone numbers for commercial purposes when they were collected under the guise of being needed for "security". Even more, is Meta still allowed to track the complainant on the open web, outside of Meta's websites. The claims of "security" arguably do not apply there.
Is Meta still collecting and processing the complainant's data regardless of which subscription he chooses. If yes, then arguably he is only revoking consent to have ads placed on the Meta webpages that he accesses. The consent may not relate to data processing.
How does the GDPR define "data processing".
For example,
"Data processing is the collection and manipulation of digital data to produce meaningful information." French, Carl (1996). Data Processing and Information Technology (10th ed.). Thomson. p. 2. ISBN 1844801004.
Meta could still "collect and manipulate data [from the complainant] to produce meaningful information" but refrain from placing ads in webpages viewed by the complainant.
That cliché is no longer applicable (was it ever?) and repeating it only helps the worst infringers.
You can pay and still be the product. Consider the streaming services which charge you but still serve ads, or physical appliances that you buy but send your usage habits to the manufacturer (like TVs). Paying is not a guarantee that a company will treat you or your privacy with respect.
Here here. Paying no longer protects anything. If anything, you’re more valuable as a data brokered account if you’re KYC verified as a real person: so in fact the opposite case is now often the reality.
Consider that paying makes you prime rib for Sunday dinner from a data perspective: card verified PII.
And do not forget that you can be assigned an ID and disassociated from your data, which can then be tracked anonymously completely legally as a non-personally identifiable account. And let me assure you de-anonymizing a collected dataset is often not a very difficult problem in the modern data brokerage filled era.
We cannot pay out way out of this. We need rights to privacy and deletion enshrined in constitutional-style law, and soon. It must become a fundamental human right.
*hear hear
Thank you. The one that always bugs me on HN is folks “pouring” over something when they really mean poring, or to pore over something.
I don't think I've ever seen that one done correctly.
It’s pretty rare to find a good pour over too, but Peet’s does a decent one. /s
OK but really if you want good coffee dont go to national corporate chains go to your local roaster is is passionate about good coffee. Always better.
Naturally. I’m in full agreement.
Right up there with "weary" being used as an unintentional portmanteau of "leery" and "wary".
Oh man, that explains a lot of my confusion. I've seen people say weary and I thought they actually meant weary. Like they were tired because of the thing. But it never scanned correctly, so I was just confused.
Now it makes sense - they meant wary / leery.
Until they mentioned it, I wasn’t even aware of how many abuses of the English language lay in these hills. I’m spooked lol
I don’t assume that people who don’t know how to use weary correctly are that clever, but perhaps you’re just more grammatically optimistic than I am.
This is 100% true. The problem is not paying or not. The problem is that tracking, collecting and selling your data is irrelevant to the Facebook few. They will still trade you as a cattle. The only difference is that you won't be flooded with ads (BM - 15MM - ads playing in full volume because you dared to look away)
You can wear a seat belt and still die in a crash.
Nothing in life is a guarantee. It’s pure pedantry to hear someone say “I would rather pay than be the product” and to choose to interpret that as “I believe that paying always guarantees that the company will never also use indirect monetization”.
Preferring business with direct monetization models is risk mitigation, not a naive (and incorrect) belief in a magic bullet solution to a complex problem.
No, the naivety is in the belief that paying offers any privacy protection. It's not a seat belt; it's homeopathic snake oil.
So next time you walk down the street, if someone crosses your path give them you wallet, phone, laptop, sneakers, jacket because "hey they may pull a knife on me"(?)
I say that where money can be made, money will be made. But we have laws and regulations, and when the Metas of this world play dirty, you can stick it to them. (in most cases it will be too little - too late)(but the solution is not to roll over)
I pay for the ad-free experience on every service that offers it, and I still see ads. The 4 second hulu splash screen at the start of EVERY item I stream is still an ad. HBO, sorry MAX, showing 30s ads for other shows EVERY. TIME. I stream something, still an ad. At least those I can skip, but I shouldn't have to.
There was no real purpose to my post, I just needed to vent about that part your point.
I don't think you should continue using them if paying for them still has ads. We take collective action now or we end up with cable TV all over again.
Since running a business costs money, the only result that will satisfy organisations like noyb is that companies like Facebook disappear from the EU. You will read many people here in HN openly saying how they would like social media to disappear, not only for themselves, but for everybody else, including those who enjoy it.
They should charge a fair price for their product and deliver something good to customers.
No one is forcing Facebook to not charge for their service. They just can’t do it without slurping your data. If they can’t have a business without invading people’s privacy, they shouldn’t have a business. It is baffling that people still shill these practices from big corporations. It’s like saying “I can’t make money without robbing you, so it should be legal for me to rob you”.
This is absolutely not true and frankly reads like an argument in bad faith. noyb’s position is clear: don’t invade people’s privacy.
There is the option to pay for Instagram (and probably also Facebook I assume, but not sure) instead of sharing your data in the EU. https://glamsham.com/world/technology/meta-faces-new-eu-comp...
As per the article (in the bold part at the top):
The whole point of the article and this discussion is precisely that you can’t make privacy protections a separate “feature”.
You can still show ads. Literally nothing in the EU prevents you from showing ads.
Edit: You can still charge for your services. Literally nothing in the EU prevents you from charging for your services.
NOYB is not inherently opposed to Facebook and other social media. It does fight against unlawful (and arguably unethical) tracking. If a company can't find a solid business model that works within the bounds established by law, that's not NOYB's problem.
NOYB is perfectly fine with companies making money by placing ads (as long as they preserve your privacy).
I don't understand this argument. Meta makes its money from selling adverts. Meta grabs bucketloads of personal data from us. Meta shows us adverts when we access their systems. NOYB is objecting to Meta grabbing bucketloads of personal data from us. This doesn't stop them selling adverts or showing adverts to us, therefore it doesn't stop Meta making money. There's no reason for Meta to disappear - just for them to stop violating our fundamental rights.
This is incorrect, or at least incorrect if you generalize it beyond noyb.
All I want is for the true costs of using a product to be understood. Businesses can and should make money! But it’s wrong to present a product as “free” when it is not. It’s no different than having a fine print click license granting Facebook permission to come take stuff from your garage.
Yes, businesses cost money to run. No, that does not mean that all business models must be permitted regardless of consumer and social harm.
There is no fundamental right to a profitable businesses; if a business cannot be profitable within the bounds we choose to set, oh well.
(And I say this as a huge EU policy skeptic that thinks they are way over-regulating)
That’s fairly recent. It was (and is) normal to pay for having a phone number. Paying more for making a phone call was normal, too, as was paying for such services as a phone line that told you the current time or a weather prediction.
It was also normal to pay for having an email address, and most people, to this day, pay for having internet connectivity.
I think it’s more that people object to moving from ‘free’ to paid. If most people pay for a service, they’ll accept that as the way it is.
For example, I think people would happily pay $1 of more a month for GPS, if it never hadn’t been free.
No, it's not. In the early days, everything on the internet was free. Before 1996, commercial activity on the internet was forbidden.
I ran one of many commercial ISPs in 1995 and we founded ours out of frustration with the available commercial ISPs before us.
AFAIK the first commercial ISP dates to around '89.
But I don't think the fact the internet once had restrictions on commercial activity really makes much difference to the argument above other than in the details, given the argument was broader than about the net.
Oh, by "on the internet", I meant internet services. Sure, it cost money to get connected!
So I read the argument above as being about internet services; not hardware or connectivity, that would make it hard to understand.
There were commercial services on the Internet before that too, but note the comment also talked about e.g. phone services, and so more broadly about paying for services, not just internet.
I think the price point was meant to discourage people from paying. It's on par with streaming services, but with the content produced by the users. Do they get 200+ dollars in ads for the average user?
For example, I considered paying but I have a semi-inactice Facebook account which isn't worth that to me. I'm also not convinced of Facebook's integrity to honor the deal and not process the data anyway.
The price might actually be adequate - they're not getting 200+ dollars in ads for the average user (IIRC it was something like 50+), however, these aren't average users; if someone is the type of person who's willing to pay 200+ dollars for Facebook, then showing ads to them can easily be worth 4x as much as the average user, that is the kind of disposable income for random conveniences that many advertisers want to get and are willing to pay a premium for.
The personal data of a user who pays is more valuable than that of a user who doesn't pay ;)
Especially since you have to dox yourself in order to pay. They might have a pretty good idea exactly which individual you are before you pay but they definitely do after.
Why do you applaud this? What's it got to do with making a pay option?
I pay for a lot of services and I don't pay for many more of other ones. I also don't use a lot of free services. I'm sure that I'm a product of a lot of services I pay for, despite I'm paying for them. They are probably selling my data with or without my consent. There are so many fine prints and different ways to interpret the terms of contract.
You’re always the product, even if you pay. As long as it’s legal and profitable (or perhaps even illegal), you’ll always be the product.
If you pay them, you don't cease being the product, you actually become an even better product. Now they know you have more than enough disposable income to pay them not to annoy you with advertising and tracking noise. That's actually the exact sort of person whose attention advertisers want. People with surpluss money and the willingness to spend it on stuff they don't actually need.
The answer to advertisers and suveillance capitalists is technological blocking of their monetization attempts while simultaneously leeching their "free" services. You want the value they extract from you to be zero or negative. It should cost them money until they cease and desist.
Yes me too, mostly.
Through it should be noted that GDPR requires no tracking but not no ads, and companies try to lump that together to pretend there is no reasonable solution.
E.g. a lot of newspapers use approaches similar to Meta (and similar not lawful) i.e. either you get tracked and ads or you pay and get neither ads or tracking. But this is illegal as opting out is noticeable more complex then opting in (account creation requirement is already illegal, money requirement more so). What would be legal would be a choice between "ad(personalized with tracking)" or "ad(no tracking)" and "no ad but account + cost money". You also still can choose ads based on the article/site content etc. (Also another problem with account requirement for no adds is that it often deceptively sneaks in the permission to track when creating the account making it de-facto no option to not be spied on!)
Another problem is that it can be easily too expensive for many people (not just very poor ones). Especially if like currently there are no "supper cheap but also very limited accounts".
I mean consider YT Premium Lite is 5.99€, no ads but you still get tracked. Twitch has no Lite version (and some non YT-lite premium features are actually for free) cost 11.99 (YT non lite is 12.99). Most news papers and similar are between 3€ and 8€ or so, commonly 5€. Of most of them I only read ~1 article per moth or so, often less and often not even the whole article sometimes I just look for a link to the original source and often I realize I just got click baited and bail out. Like you could easily end up 80+€ a month that's just ... to much for many.
And in pretty much all case paying means no ads but not no tracking/selling your information, at best a bit less tracking.
I know this is a startup incubator (whatever that is) forum, but I’m tired of this Market Strategy-first framing.[1] Companies like Meta clearly gave away access to their platform in order to build an effective monopoly in some niche.[2] And companies will do whatever within the Law to increase profits. I’m sure all the CEOs here will agree. Anything less is leaving money on the table.
This worship of the Market Strategy was bad enough before when there wasn’t much talk of actual laws defining how much of a “product” they can make their users. But now there are! And this submission is about unlawful practices. And we’re still going to frame this as Meta just being effectively forced by the horrible consumers who refuse to “pay for services”? Ridiculous.
And I haven’t even really gotten into how much of a fallacy the specific belief is that if you just “pay for services” then you won’t become a “product”. But thankfully there are a lot of other reasonable posters on this forum about tech company profit-maximization.
[1] The Company’s perspective is the prime one. The Company doing shady stuff is merely because the consumer’s are stingy or difficult in some way. If the consumers are inconvenienced by the Company then that is just because the Company had to adopt a market strategy which is not as wholesome as the one they could have used if the consumers were better in some way.
[2] And do we have to retread the hopelessness of making a social network where you have to pay to use it when no one else is using it (at the start)? That’s a complete dead-end.
People pay for lots of social gathering type places - community centers, libraries, gyms, clubs and such. But they only do so if the prices are reasonable. And prices are usually reasonable because the club in question is not trying to grow till it takes over the world. It is a roughly fixed size place, where subscription fees pay for keeping the place running.
The cost of running most social media is only about a $1/year (yes year not month) [1]. Social media companies when they want to charge $50-100/year. People are not stupid. Why would they pay more than $2/year.
[1] https://news.ycombinator.com/item?id=38291427