I never consent to give my data away or being tracked, but how do you deal with so called legitimate interest? I tried several times to untick them but it is a long list (in fact at the bottom there is a “vendors” link with even longer, much longer list. It took me 10 minutes to get to the bottom of it once).
My questions: -how can we trust these so called legitimate interests when they are self defined by companies whose business model relies on your data? -how can we find out what these legitimate interests are and what data it collects? -are such companies controlled in any way? -is this kind of consent form compliant with EU gdpr? (normally opt out is to be as easy as opt in, and there is no “refuse all” for these so called legitimate interests. -what are your strategies against such sites tracking you? Or am I just being paranoid?
The sheer amount vendors is daunting, the Internet really turned into crap
It’s their interest, not yours.
Have https://noyb.eu/en or https://www.eff.org/ or others never covered this ? If not it would be good to get them interested ?
And the “we play nice” respons of IAB: https://iabeurope.eu/iab-europe-tcf-and-noybs-war-on-cookie-banners/
Thank you, these were two very interesting read on the gdpr law, spirit of the law and the complexity of enforcing it (and how those data-thirsty suckers always find a way to carry on their wrongdoingds)
This is the exception to prove the rule that the other interests are definitely illegitimate. This is the website telling you that they give away your data for illegitimate purposes.
It’s not a surprise. We knew this was true. But seeing it’s spelled out like this is a little galling.
Illegitimate: not authorized by the law; not in accordance with accepted standards or rules
The website is basically admitting that they’re using your data maliciously, intentionally, by having this distinction.
While you’re right conceptually, this isn’t what the wording means in terms of consent dialogs. Legitimate interest means they can assume, legitimately, that you have an interest in aspects of the site (by you being there) that require X cookies, basically. Ie their product is providing functionality they can assume you’re interested in just by being there, and they’re “pre approving” the tracking/storage for that functionality.
I concur that it’s rubbish and used almost always in a manner that reeks of illegitimacy.
Do not question, just obey.
OP:
posts about tracking and not consenting to give data away
also OP:
uses Google Chrome
Wrong, that’s Mulch. Uninstalling and deactivating Google apps is the first thing I do. Android system webview is the tricky one, but Mulch has a webview too. Still the default one manages to creep in sometimes, and deactivating it breaks things that call it specifically
Mulch ain’t the worst, but there are better options. Generally, I would recommend a Firefox-based browser instead of Chromium, because it has full extension support (including adblockers). You can check out this comparison chart, or this one.
Bromite and Cromite are a thing too
Bromite? Not anymore. Cromite? Absolutely.
Yes I use Mull but this does not look like a Firefox-based browser
Mull is a firefox-based browser developed by DivestOS, Mulch is developed by the same team but it’s based on Chromium
I used cromite for a while, and in general prefer it to Mulch, but I stick to it for the webview. (only way that seems to have the webview replace Google’s is to define Mulch as default browser). I still often use cromite too
Use Firefox (or a hardened fork like Mull) with uBlock Origin and you’ll never see this BS again
Just autowipe cookies on pageloads. Use fast rotating vpn, tunnel through tor twice, run computer in ram only, remove all storage devices.
Ez
Amateur advice. Don’t own your own device. ask your friends to look up things for you on their devices, then print them out and mail them to your PO Box. Untraceable.
But how did you pay for the PO box? Using cash, think of the fingerprints. And don’t forget about the post office spies
Solution, don’t have an address or talk to anyone ever, scavenge your own food.
Untraceable
What about the cats?
The musical or the movie?
Honestly? I wouldn’t trust either.
Your honor, it was not a rape, it was my legitimate interest in sex.
I mean depending on the context it might be a decent defense
Your choice of words was absolutely terrible. There is no such thing as a decent defense of rape. Now, an effective defense in our busted legal system? That’s a whole different story. But “decent” does not apply in cases of sexual assault and violence. Ever.
If the person is innocent until they are proven guilty. Also it is entirely possible they were innocent
Your reply is completely unrelated to what I said. There is no such thing as a decent defense for raping someone. If they didn’t rape anyone, good! If they did, that is an indefensible act by its very nature.
I made no comment at all on whether or not any specific individual is guilty or not. So I’m really confused what your point is here…?
You are saying that they don’t set a defense. No matter the crime, you deserve defense. No one, not even sexual predictors, deserve to be stripped of constitutional rights. Such things also are related to prejudice.
No. Read it again. I never said allegation. I never referenced court proceedings. I said the act of rape is indefensible.
If you commit rape, there is no “decent” defense. If you didn’t, then my comment doesn’t apply. Simple as that.
There is no excuse for sexual violence, and there never will be.
I’ve seen judges let offenders off light on worse arguments. Unfortunately.
I’ve scene abusive and insane spouses that accuse there husband of abuse and even rape
No u haven’t 🤥
“If it’s a legitimate interest, the browser has ways to try to shut that whole thing down”
How was the browser dressed?
IANAL, but if you’re in the eu, iirc legitimate interest is not legal basis for data processing but they may still store it for later use if you ever agree to one of these
I am like 90% sure they use it regardless.
fair enough, i have a legitimate interest in always blocking trackers and advertisements in every device i own too
Your browser can block cookies.
Your browser cannot block server-side abuse of your personal data. These consent forms are not about cookies; they’re about fooling users into consenting to abuse of their personal data. Cookies are just one of many many technological measures required to carry out said human rights abuse.
Use a script obfuscator. I’ve been using one for about a decade now and it’s extremely easy to tell when companies are doing illegal spying. Looking at YOU ebay. My full name is not GKDSLGFJDS ZKGWKDSF, you fucking assholes. Enjoy the cement shoes when the advertisers you sold to find out that information is nothing but strings of randomly long random characters.
I use temporary container tabs in Firefox. (Desktop, dunno if that works on mobile)
Every new tab I open opens in its own temporary container unless I’ve chosen otherwise (like for sites I want to remember logins )
So, even if I accept all the cookies, they all disappear with the temporary container after browsing, and don’t connect to any other container - only tabs started (e.g. by clicking links) in the same container.
-
Depends on the threat model but usually you don’t trust them. It’s as simple as that
-
I think the legitimate intetest has something to do with giving the data to the government when legally required but it can have other meanings too. Good luck with finding out. Some of them won’t tell the truth even if officially asked (unless you work for the government)
-
Everything is somewhat controlled but in terms of data collection it is absolutely not (e. g. the users’ HIV status data on Tumblr or whatever the thing is called)
-
Idk about that
-
Regular protection like Tor, VPN, anti-fingerprinting etc
-
I wouldn’t say you are being too paranoid
-
Yes the internet has turned into a horrible place
- It’s not gdpr compliant in the way shown here or IAB TCF uses it.
Legitimate interest is a sort failsafe which can be used to cover certain exceptions.
- the datacontrollor must have an exceptional situation, so not on a regular basis.
- the balance between personal and business interest must be considered carefully under case by case basis.
- the dataprocessor isn’t the one doing the consideration
Automating all this is kind off against all the above.
Legitimate interest is just an out to get around tracking users.
I wouldn’t be surprised is many data trackers don’t pay attention to any of the permissions and agreements. It’s hard to validate they aren’t in compliance and it’s hard for most people to even challenge these businesses.
Even if these businesses where legally challenged they can just close the business. Then take the same software and start a new business doing the same thing. If you look at the amount of companies you information is shared with under legitimate interests it can be in the order of hundreds.
Not hundreds but thousands. I saw one app that claimed to share the data with like 815 partners
This is the worst one I’ve been subjected to so far. Was on some gaming-related site, don’t remember which one
New high score. Nice
What?
So the gaming dite/high score connection wasn’t intended? Oh well 🤷
I wouldn’t be surprised is many data trackers don’t pay attention to any of the permissions and agreements. It’s hard to validate they aren’t in compliance and it’s hard for most people to even challenge these businesses.
organizations like la quadrature validate and challenge those businesses. Europe is relatively strict on this subject.
-
what are your strategies against such sites tracking you?
Close and never go there again. If I’m bit enough times, it goes in the hosts file for blocking. If I really need the stuff on there, I try archived versions on web.archive.org or archive.today