-
30 votes
-
Google researchers find serious privacy risks in Safari’s anti-tracking protections
9 votes -
I'm planning to enable the "mark new comments" feature for everyone - any major concerns?
Something that's come up in discussions a few times recently is how important it is to have good default settings. Even users who are quite technical and involved don't always explore which...
Something that's come up in discussions a few times recently is how important it is to have good default settings. Even users who are quite technical and involved don't always explore which settings are available, and that's totally fine—they shouldn't need to. The default setup should be as good as possible, with changing settings mostly for specialized cases.
One particular place on Tildes where this isn't currently being done well is for the "mark new comments" feature, which has always been disabled by default. I think it's one of the best features on the site and makes it much easier to follow ongoing discussions here than on other sites with similar comment systems, but overall, not many users have enabled it.
For example, Tildes got some attention on Hacker News again yesterday, and about 80 new users have registered so far from that. Only 9 of them enabled "mark new comments", even though the welcome message strongly encourages it. Looking at longer periods of time, this seems typical: only about 10% of users ever enable it.
As it says on the settings page for the feature, my reason for disabling it by default was out of privacy concerns. However, I've been doing some review of the data that Tildes stores lately and realized that this was kind of misleading and inaccurate. Because I have HTTP request server logs and some other related data (which is all only kept for 30 days), I effectively have topic visit records from the last 30 days for all users anyway, whether they have the feature enabled or not. The data is more convenient to access for users with the feature enabled, but it's available either way.
Because of that, and because the data will be very useful to combine with some of the upcoming changes I mentioned in the last ~tildes.official post, I'm planning to enable this feature for everyone. Here are the general plans:
- Data about which topics' comments pages a user visits will be stored (for 30 days), along with when and how many comments were there at the time. This enables displaying which topics have new comments since your last visit, and marking those new comments.
- There will no longer be a setting to disable this, but you can still choose whether previously-seen comments are collapsed when you return - the same as the existing checkbox on that page for "Collapse old comments when I return to a topic".
- I will probably implement some sort of "stop informing me of new comments in this topic" feature (separate from the new Ignore one) to stop having the info about new comments in a topic showing up for you.
Please let me know if you have any thoughts or concerns about this. If nothing major comes up, I intend to make this change later this week.
82 votes -
Can you defeat the privacy chicken?
16 votes -
Apple dropped plan for encrypting backups after FBI complained
21 votes -
MNT Reform open source, modular laptop crowdfunding campaign launches in February
9 votes -
The secretive company that might end privacy as we know it
23 votes -
App tracking alert in iOS 13 has dramatically cut location data flow to ad industry
21 votes -
Billions of medical images available online
10 votes -
Fifty countries ranked by how they’re collecting biometric data and what they’re doing with it
11 votes -
Are there any personalized recommendation engines/sites that you trust?
In the 2000s I used to use a service called last.fm (originally called Audioscrobbler) that would track the music I listened to and give me recommendations based on that. It was able to give me...
In the 2000s I used to use a service called last.fm (originally called Audioscrobbler) that would track the music I listened to and give me recommendations based on that. It was able to give me some really great personalized suggestions, but that came at the expense of me handing over significant amounts of personal data.
In prioritizing privacy, I feel like I've stepped away from a lot of the big recommendation engines because they're tied to data-hungry companies I am in the process of disengaging with (e.g. Goodreads is owned by Amazon). I can still find stuff I like, but it's often the result of manual searching that turns up popular recommendations that work for me, rather than less well-known or acutely relevant things. last.fm was good at giving me less "obvious" recommendations and would find music I was unlikely to find on my own. I want that, but for all of my media: books, movies, etc.
There's a second concern in that I also feel like I can't trust platforms like Netflix, who seem to prioritize their content over that of other studios. Their recommendations feel weighted in their favor, not mine.
What I want is an impartial recommendation engine that gives me high quality personalized suggestions without a huge privacy cost.1 Is this a pipe dream, or are there examples of this kind of thing out there?
1. I don't mind handing over some of my specific interest data in order to get good recommendations for myself and help a site's algorithms cater to others, as I get that's how these things work. I just don't like the idea of my interests being even more data for a company that already has thousands of intimate data points on me.
18 votes -
Release of over 100,000 leaked documents from Cambridge Analytica has started, showing the company's work in sixty-eight countries
14 votes -
The last tracker was just removed from Basecamp.com
16 votes -
Promiscuous cookies and their impending death via the SameSite policy
10 votes -
On privacy versus freedom
9 votes -
How NIST tested facial recognition algorithms for racial bias
5 votes -
Colleges are turning students’ phones into surveillance machines, tracking the locations of hundreds of thousands
35 votes -
Messaging app ToTok has been removed from the Apple and Google app stores following claims the United Arab Emirates government was using it to spy on people
12 votes -
What we know about you when you click on this article—Vox has a pretty typical privacy policy. That doesn’t make it great.
11 votes -
One nation, tracked : An investigation into the smartphone tracking industry
15 votes -
NIST study evaluates effects of race, age, sex on face recognition software - Findings included that many algorithms had false positive rates 10 to 100 times higher for non-Caucasians
7 votes -
What does your car know about you? We hacked a Chevy and found that automakers collect data through hundreds of sensors and an always-on Internet connection
22 votes -
How tracking pixels work
13 votes -
Canadians travelling to or through U.S. should pay close attention to their withering rights: Latest changes to Preclearance Agreement give U.S. officials dangerously extended power on Canadian soil
11 votes -
Ten years ago, DNA tests were the future of medicine. Now they’re a social network — and a data privacy mess
10 votes -
FTC weighs seeking preliminary injunction against Facebook over antitrust concerns related to how its apps interact
3 votes -
Apple’s ad-targeting crackdown shakes up ad market
22 votes -
How to fight back against Google AMP as a web user and a web developer
28 votes -
Behind the one-way mirror: A deep dive into the technology of corporate surveillance
9 votes -
The citizen scientist who finds killers from her couch: How CeCe Moore is using her genetic knowledge to expose murderers
8 votes -
Multiple Fortinet products communicate with FortiGuard services while only "encrypting" sensitive user data using XOR with a hardcoded key
9 votes -
A new tracking technique using CNAME aliases to circumvent third-party cookie restrictions is blockable using a Firefox DNS API, but not in Chrome
18 votes -
The voting on topics and comments now ends when they're 30 days old and all individual vote records are deleted, retaining only the count
This is a privacy-related update that I've always intended to implement on Tildes, and I finally spent some time on it this week. Keeping eternal records of everything that every user ever voted...
This is a privacy-related update that I've always intended to implement on Tildes, and I finally spent some time on it this week.
Keeping eternal records of everything that every user ever voted on is some of the most sensitive data that sites with a voting system have. Your voting history says a huge amount about you, your interests and opinions, and can even serve as a decent proxy for showing what times you were active on the site, what posts you were reading, and how long you spent reading the comments on each of them. In exchange for these major privacy implications, you get the tiny benefit of being able to tell which old posts you voted on (if you even go back to old posts).
So now, to match up with Tildes's general approach of deleting as much sensitive data as possible after 30 days, the voting on posts closes when they're 30 days old. After a post's voting is closed, the records of which individual users voted on that post are deleted, but the count of how many votes there were is kept. So old posts will continue showing their same "scores" exactly the same as before, but there will be no record of which individual users cast those votes.
However, this isn't a purely positive update: the main downside is that the voting does need to be closed (otherwise there would be no way to prevent people from voting again after their first vote is deleted), which prevents the occasionally useful ability to vote on old topics or comments. Overall though, voting on older posts is extremely rare, with less than 1% of the votes on Tildes ever made on something that was over 30 days old at the time of voting.
When the "delete old sensitive data" job runs for the first time after this update later today, 97% of the voting data in the database will be deleted. That's a massive decrease in the amount of sensitive data the site is retaining, and something that most sites would never consider doing, because of the value of that data for behavior analysis and ad-targeting.
121 votes -
Private Internet Access VPN acquired by Kape Technologies for US$127.6 million
30 votes -
Android exploit of system camera apps enabled a malicious app to record and upload photos, video and audio with only "storage" permission
10 votes -
Would you pay for social media platforms and search engines if it meant they would not have any advertising or data collection?
(Someone posted a thread like this but for triple-a videogames rather than software and people said no so I wonder if software is gonna be different.) If you would or not, why? If you would, how...
(Someone posted a thread like this but for triple-a videogames rather than software and people said no so I wonder if software is gonna be different.)
If you would or not, why? If you would, how much? What would be the side effects of this change if it was applied on a mass scale? What would be the potential drawbacks?
Edit: Can also apply to video-sharing platforms or forums or instant messengers any software as long as it serves a general purpose and complies with what's mentioned above.
26 votes -
Firefox’s fight for the future of the web: With Google’s Chrome dominating the market, not-for-profit rival Mozilla is staking a comeback on its dedication to privacy
49 votes -
Google is an emerging health-care juggernaut, and privacy laws weren’t written to keep up
14 votes -
YouTube is requiring all new and existing videos be marked as "Made for Kids" if they're intended for children, which will disable personalized ads, end screens, comments, and more
16 votes -
Interpreting GDPR data requests: Why does British Airways need to know that I'm 98% LGBT?
10 votes -
What half of iPhone users don’t know about their privacy
18 votes -
Google’s secret ‘Project Nightingale’ gathers personal health data on millions of Americans
12 votes -
Smart TVs collect data for political-advertising use
16 votes -
Give Firefox a chance for a faster, calmer and distraction-free internet
27 votes -
In China, surge in students informing on professors
8 votes -
Almost 7000 pages of leaked Facebook documents show how they leveraged user data to fight rivals and help friends
15 votes -
Two former Twitter employees charged with spying on behalf of Saudi Arabia
9 votes -
The fantasy of opting out
16 votes -
“Affordances” - A new science-fiction short story by Cory Doctorow about algorithmic bias
7 votes -
ISPs lied to Congress to spread confusion about encrypted DNS, Mozilla says
15 votes