[nycbug-talk] Scary Ubuntu privacy junk

Fabian Keil freebsd-listen at fabiankeil.de
Thu Nov 1 15:29:18 EDT 2012

Pete Wright <pete at nomadlogic.org> wrote:

> On 10/31/12 10:10 PM, George Rosamond wrote:
> > On 11/01/12 00:42, David Lawson wrote:

> >> The Quantal release version of the Amazon lens encrypts the queries,
> >> though the beta version did not.  It also anonymizes the queries
> >> prior to Amazon seeing them, which has always been the case to the
> >> best of my knowledge.  Mark has addressed both of those points on his
> >> blog.
> > Oh, he certainly does address it.
> >
> > markshuttleworth.com/archives/1182
> >
> > I especially like replies to "Why are you telling Amazon what I am
> > searching for?"
> >
> > ..."Ern, we have root."
> >
> > Great way to inspire people to use OSS, aint it?  "I have root on your
> > box so screw you."
> >
> > "Preserving anonymity" by trusting that project is laughable, at best.
> > Anonymity is not preserved by trust or policy, it's preserved *by
> > design*.  Look at Tor, GPG, etc.
> >
> > And it takes little statistical hacking to deanonymize data like that.
> > Give an Amazon your IP and queries, and it's not anonymous.  Remember
> > the "anonymized" AOL data a few years back?
> this whole debacle was pretty interesting to me - esp the initial 
> reaction/disregard for privacy from shuttleworth.
> regarding anonymizing data that is actively being mined - it really is a 
> loaded term.  In Germany for example, you can't store IP addresses and 
> associate them with cookies(1) if the user requests so.

Actually you (legally) need the user's consent. Of course you are also
obligated to allow users who consented to the data mining in the past
to opt-out again, but users who never gave consent in the first place
do not have to request anything (§4 I BDSG).

The referenced article is grossly misleading, probably because they didn't
get their information from the actual law, but trusted a (ridiculous)
press release of the "data protection authority of the German federal
state of Hamburg", which has no authority to decide under which conditions
the use of "Google Analytics" is lawful in Germany.

>                                                          Yet once an 
> adnetwork has dropped a cookie on your system the IP is almost a moot 
> point, they can deduce your geolocation and mine your browsing habbits 
> w/o a full IP address.

This isn't really a loop hole, though, because it requires consent as well.

The main problem with the German (and European) privacy laws is that they
are rarely enforced and thus there's no strong incentive to respect them.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://lists.nycbug.org/pipermail/talk/attachments/20121101/597dae4c/attachment.bin>

More information about the talk mailing list