#global-privacy-control — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #global-privacy-control, aggregated by home.social.
-
TIL using Ghostery in Safari, the ‘Never Consent’ setting when enabled, send a GPC (Global Privacy Control) signal to auto-decline non-essential cookies on compliant sites.
Certainly see a lot less of those banners now!
-
QA: Should You Enable Global Privacy Control? #privacy #DoNotTrack #GlobalPrivacyControl
-
If you “honour” my #DoNotTrack* signal, why don't you just shut the fuck up, dear https://docs.spring.io? 🙄
* More accurately: #GlobalPrivacyControl header or #GPC
-
Efekt Kalifornii. Jak jedna ustawa zmusi Google i Microsoft do zmiany przeglądarek dla milionów
Na pierwszy rzut oka wygląda to na lokalną regulację, ale eksperci są zgodni: to prawo, które właśnie weszło w życie w Kalifornii, prawdopodobnie ustali nowy, ogólnokrajowy standard prywatności dla całego internetu w USA.
Mowa o ustawie Assembly Bill 566, która wymusza na twórcach przeglądarek, takich jak Google i Microsoft, wprowadzenie jednej, kluczowej funkcji.
Chodzi o uniwersalny „sygnał” opt-out, który automatycznie informowałby każdą odwiedzaną stronę, że użytkownik nie życzy sobie sprzedaży ani udostępniania jego danych osobowych. Giganci technologiczni mają czas do początku 2027 roku, aby zaimplementować tę funkcję w swoich flagowych produktach, takich jak Chrome czy Edge.
Dlaczego Kalifornia znów rządzi internetem?
Eksperci, tacy jak Emory Roane z organizacji Privacy Rights Clearinghouse, przewidują, że zmiana będzie miała „wpływ ogólnokrajowy”. Powód jest prosty: firmom technologicznym znacznie łatwiej będzie wdrożyć tę funkcję dla wszystkich użytkowników w USA, niż tworzyć skomplikowany system, który udostępniałby ją tylko mieszkańcom Kalifornii.
Co więcej, kalifornijskie prawo dotyczy mieszkańców stanu, niezależnie od tego, gdzie fizycznie się znajdują. Próba wykrycia, czy kalifornijczyk na wakacjach w Nowym Jorku nadal jest chroniony, byłaby dla firm prawnym i technicznym koszmarem. Dlatego najbezpieczniejszym i najtańszym wyjściem jest wprowadzenie tej funkcji jako standardu dla wszystkich.
Koniec z irytującym klikaniem na każdej stronie
Kalifornia już wcześniej, dzięki ustawie CCPA, dawała mieszkańcom prawo do rezygnacji ze sprzedaży ich danych. Problem w tym, że obowiązek ten leżał po stronie użytkownika. To użytkownicy musieli na każdej pojedynczej stronie szukać linku „Nie sprzedawaj moich danych” i klikać w niego ręcznie.
Nowa ustawa AB 566 przerzuca ten obowiązek na technologię. Zamiast setek kliknięć, Kalifornijczycy (i zapewne nie tylko oni) dostaną jeden przełącznik w ustawieniach przeglądarki.
„Jeśli musisz wchodzić na każdą stronę z osobna, aby kliknąć link, to tak naprawdę nie masz żadnych realnych praw do prywatności” – skomentowała Caitriona Fitzgerald z Electronic Privacy Information Center.
Warto zaznaczyć, że nie jest to technologia z kosmosu. Przeglądarki takie jak Mozilla Firefox już dobrowolnie oferują podobną funkcję (w ramach standardu Global Privacy Control), która wysyła witrynom sygnał „nie śledź”. Nowe prawo po prostu zmusza do tego samego największych graczy, którzy do tej pory nie byli tym zainteresowani.
Google po cichu walczyło z ustawą
Co ciekawe, choć Google publicznie nie sprzeciwiało się ustawie, dziennikarze śledczy z CalMatters i The Markup ujawnili we wrześniu, że firma działała aktywnie za kulisami procesu legislacyjnego. Google miało organizować sprzeciw wobec ustawy, wykorzystując do tego grupę biznesową, którą finansuje.
Teraz, gdy ustawa została podpisana, aktywiści już patrzą w przyszłość. Skoro udało się to w przeglądarkach, następnym krokiem może być podobne prawo zmuszające inteligentne urządzenia (Smart TV, głośniki) oraz nowoczesne samochody do respektowania sygnału opt-out i zaprzestania zbierania danych o użytkownikach.
Koniec z prywatnością? Modyfikacja za 60 dolarów pozwala wyłączyć diodę nagrywania w okularach Meta
#AB566 #CCPA #GlobalPrivacyControl #GoogleChrome #GPC #Internet #Kalifornia #MicrosoftEdge #news #ochronaDanych #prywatność #usa
-
AB 566 (#globalPrivacyControl mandate for browsers) is now the law in #California (now we get to see if the Big Tech companies will sue over it I guess?)
https://www.gov.ca.gov/2025/10/08/governor-newsom-signs-data-privacy-bills-to-protect-tech-users/
-
Implications of Global Privacy Control
https://developer.mozilla.org/en-US/blog/global-privacy-control/
#HackerNews #GlobalPrivacyControl #PrivacyRights #DataProtection #OnlinePrivacy #DigitalSecurity
-
One of the best lies of the anti-privacy internet is "We do not know how to react if someone's browser signals us 'Do Not Track'"—I mean, could this be more literal?
It's like a bank robber saying "What do you mean: 'Don't take the money'? I don't understand. What do you expect me to do? Work? That's ridiculous! Best I can do is taking your money"
#DNT #DoNotTrack #privacy #GDPR #GPC #GlobalPrivacyControl #privacyMaters #MyPrivacyisNoneOfYourBusiness #surveillanceCapitalism #dataCapitalism
-
#DoNotTrack is dead. Long live #GlobalPrivacyControl!
Of course, Google #Chrome/#Chromium, Microsoft #Edge and Apple #Safari still don't give a shit about #privacy
https://www.theregister.com/2024/12/12/firefox_do_not_track/?td=rt-3a
-
So apparently the #DoNotTrack (DNT) signal is legally recognized in #Germany, citing the #GDPR and arguing that DNT is a "valid objection" to the "processing of personal data". IANAL, but I find this ruling potentially problematic. :sakuya_think:
We know that IP addresses are "personal data"; it is explicitly included as an example by the GDPR. This along with the ruling has some chilling ramifications. If my understanding is correct, it means a website cannot use a CDN to optimize serving its content based on the user's location, because that would be "processing of personal data" (the IP address). And it's not like a website could just "opt-out" of Germany; even the very act of opting-out would be a GDPR violation, because again you're processing a user's IP address in order to show the geolocation notice of content being blocked for Germany. Show the content if the German user has signalled DNT? Still a GDPR violation (the DNT signal can act as an identifier which makes it "personal data" along with the German IP) :TenshMelt:
This ambiguity of how to interpret DNT makes me happy that #Mozilla is finally going to ditch it in #Firefox in favor of #GlobalPrivacyControl (GPC) which has a clearer and limited definition while still covering what privacy-conscious users really want in the first place: not wanting their data sold and shared to advertisers. It's just legally difficult to "prohibit tracking" when a user says so; should ETag not be included and performance be sacrificed because they can be used for tracking like a cookie? But then if an ETag is not included that would create a data point that can be tracked then? :TenshMelt:
Let tracking be defeated by technical solutions (private browsing/incognito mode, content blockers like uBlock Origin, and proxy software if you really need it). Political solutions are much more appropriate elsewhere like the selling and sharing of data. :seija_coffee: -
@TechCrunch they did add #globalPrivacyControl though--technically similar but sites are required to act on it in more and more jurisdictions
-
you know you've been doing #privacy nerd stuff for too long when someone posts an actual working Lego Turing Machine, and your eye jumps to the #globalPrivacyControl link in the cookie banner
https://ideas.lego.com/projects/10a3239f-4562-4d23-ba8e-f4fc94eef5c7/updates
-
Interesting GPC (Global Privacy Control) reaction.
-
@carnage4life Blocking AI crawlers with robots.txt and "noai" HTTP headers and tags currently seem to depend on ToS being enforceable.
But companies already have to act on an "opt out preference signal" under several state #privacy laws—so I'm working on extending #globalPrivacyControl to make it work from server to client, not just client to server. The law and the robots header+tag are already there, so not much work needed for sites to add it https://blog.zgp.org/x-robots-tag-for-gpc/
-
@jensimmons Support for #globalPrivacyControl would help us give Safari users a much less confusing #consent experience--people can turn it on once and sites just do the right thing (more and more of them anyway)
-
@mhoye good idea. For example we have #globalPrivacyControl for browsers but it should be possible to apply the setting to all software that communicates on your behalf
-
Technical protections alone won't be enough to protect web users from #surveillance. Legal protections are also necessary, and simple tools are needed to help people exercise their rights. For example, it's time to standardize the #GlobalPrivacyControl. https://cdt.org/insights/deprecating-third-party-cookies-a-small-step-towards-a-more-private-web/
-
imho #GlobalPrivacyControl is too good to be kept just on the web
https://blog.zgp.org/gpc-all-the-things/
(also if the web has it but other communications media don't, companies will try to force or nudge you off the web and into native apps or buy buttons on appliances or whatever)
-
I've been studying #AB3048 which is the #California #GlobalPrivacyControl mandate bill
The really good thing about this bill is that it covers "a device through which a consumer interacts with a business" and not just browsers
-
If you make a direct connection to a server you can pass #GlobalPrivacyControl (GPC) in an HTTP header. That doesn't work out of the box in a federated system.
IMHO ActivityPub needs a way to pass header info (such as GPC and noai) in objects. http-equiv?
-
good design work by whoever did the #globalPrivacyControl popup on https://mazdausa.com/ -- it really makes GPC look like a high-end luxury feature. I'm impressed
-
@jwildeboer even better, respect #DoNotTrack and #GlobalPrivacyControl headers for automatic opt-out!
-
@mastodonmigration If you connected directly to a server owned by that company, you could set a #globalPrivacyControl header (which has legal effect in some places)
What if ActivityPub were extended so that GPC (and other opt out headers) could travel with the objects they apply to?
-
How do you do #globalPrivacyControl for the Fediverse?
I'm thinking about one way that it might work that also addresses the likely comment that if ActivityPub is going to have GPC then it should also have #noai. And probably opt-out headers I haven't heard of.
Just filed an issue, will be interesting to see what people think
-
@kopper #DoNotTrack mainly failed due to legal unclarity combined with the commercial desire to harvest as much data as possible. This is nicely summed up here: https://law.stackexchange.com/questions/37468/is-it-legal-to-ignore-do-not-track-for-data-subjects-who-fall-under-the-gdpr
The new mechanism #GPC #GlobalPrivacyControl is designed to fix these shortcomings, hence it is in the same place. Basically it is DNTv2.However a recent courtcase in Berlin about the original DNT might fix it after all based on the #GDPR https://wideangle.co/blog/do-not-track-gdpr-opt-out
This means website operators can no longer safely ignore DNT signals.Having privacy laws is great, pitty that it takes decades of legal proceedings before any meaningful enforcement happens.
-
#ConsumerReports "Permission Slip" mobile app for #CCPA Authorized Agent opt outs launches today
(part of a privacy "complete breakfast" with #globalPrivacyControl, each one addresses different situations)
-
Enable Global Privacy Controls in your browsers.
Do it NOW!
https://globalprivacycontrol.org
Personally I use Firefox however installing the EFF Privacy Badger Extension enable the same functionality as in Firefox 😀
This is the main topic of discussion in this weeks episode of Security Now (Episode 934)
-
At first the latest from @themarkup looks like just another surveillance dystopia story...but check it out, Xandr is owned by Microsoft.
So (If you're in the USA) all you have to do is
(1) get a #globalPrivacyControl browser or extension
(2) use your GPC browser to log in to your #gitHub account if you have one
(3) Problem solved -- and $MSFT has already agreed to respect #CCPA/#CPRA opt outs nationwide
-
At least the Macy's marketing department must be working straight through at work, and not wasting time reading Supreme Court PDFs (like I do sometimes instead of working)
"Life-stage targeting around weddings and babies has clear potential value" -- yes, in Texas it can be worth $10,000 #PostRoePrivacy
anyway, check your #globalPrivacyControl or send an opt-out/objection to
[email protected]