December 12th 2009
A post currently going on (and on and on...) in the WPTavern forums illustrates the way that some people don't really get the whole privacy thing. That isn't a criticism, they just don't see what the fuss is about. This post is to explain my general position.
I think a big part of people's failure to understand privacy concerns is the point where they start their logic; their default position.
My default is this: Information that relates to me, in any way, is mine.
The only exceptions to this statement involve an abuse of my rights. It is a common occurance and given the abusers I have little choice but to accept it. Nonetheless, they are in the wrong.
If I use a piece of software that you have produced, if you want to know something about me then you must ask. Whatever it is. Even if that data is in the public domain. Even if that data is printed on my website.
Note the difference here between ask for and notify about taking.
The issue being discussed about WordPress is trivial and not one I really care about, but the arguments being made do matter, a lot. You see, a lot of those arguments are of the sort that ask those concerned with privacy why they want to restrict the data. They ask what harm could come from them having that data, what evil could possibly be done with information that is already in the public domain in most cases anyway? These are entirely the wrong questions and really miss the point that any privacy advocate is trying to get across.
So here is the key point of this whole thing. The basic concept that you need to understand. By default the data is mine. I don't have to have a good reason to deny you access, you need to have a good reason for me to provide you with access. The burden of justification is always on you, the person that wants the data, in all circumstances, so you need to convince me that I should give it to you.
It doesn't matter what the data is, it matters that it is mine.
2 Comments
December 1st 2009
For a little while now I have been following a post on Ronald's blog about the Fort Hood shooting that took place in November. Ronald's poll asks a simple question, was the Fort Hood shooting a terrorist act? The answers many people give underlie one of my key concerns with the fight against terrorism: that it is misapplied.
History is full of situations where a particular label or attitude against a label has been hyped up within the population for political aims. Whether it is the vilification of communism in cold-war America, the attitude toward the Jews in Nazi germany or the fight against terrorism now, these cases all represent a propogandist and unfair generalisation, in some cases bordering on hysteria.
It concerns me that there is an almost automatic labelling of religiously motivated acts as ‘terrorism’ by a large number of people. This not only obscures the real reasons for an individual's actions, making it difficult or even impossible to establish any kind of rational debate, but also gives weight to a non-specific political umbrella under which all kinds of actions, both good and bad, are carried out in our names and further fuels the hysteria that permits and even promotes behaviour that we should be equally alarmed by.
A killing based in religion, without specific political aims, is no more a terrorist act than any other delusional mass murder. A person may be pushed towards action by peoeple with terrorist aims either directly or indirectly but to dismiss the thoughts and fears of that individual by attaching the cover-all boogieman label of terrorist means we fail to see the difference between all of the possible permutations and throw away any hope of limiting future actions through anything but warfare.
At the very least the label should not be automatically applied and where it is it should be treated with caution instead of being used to dismiss the situation as the actions of ‘evil’ men.
0 Comments
November 9th 2009
I've been reading a fair few posts recently about the EUs planned changes to the law relating to storing cookies on user's computers. Most of these posts suggest that the rule is moronic, prohibitive, and illustrates a complete lack of understanding on the part of the law makers. I'm not so sure though.
Now, I'm neither a lawyer, nor an expert in this field, so I can tell you only what it appears to mean to me (I have quoted the relevent part of the proposed amendment below).
As I understand it you will not be alowed to store information, or access information that has been stored, on a user's computer without their explicit consent, with the exception of cases where access to that information is strictly necessary for the provision of services that the user has explicitly requested.
So what are the instances where a web-site owner will want or need to store cookies?
Firstly there are cookies to used to identify the user during their session. If they have registered and logged on, or are using a service such as a shopping cart then I think you could argue that these are needed to perform the service they have requested.
Secondly, there are cookies used to track the user for analytics purposes. I think these are debateable. You could argue that analytical data is needed for the operation of the site that, by visiting, they have requested access to, but I don't think this holds much water really. It may be that the analytics software would have to do what it can using referrer data and IP address information instead.
Finally, you have cookies used to track which advertising a user has previously seen across one, or multiple sites. I don't think it is possible to argue that this is a service that has been requested, so consent would be required.
Are there any I've missed?
It could be that I am missing something here but, actually, I like the idea that I have to consent to being complicit in creating information about my habits and movements for the benefit of third parties. It is, perhaps, a tad hyprocritical of the EU given that the trend among government's is to try and make ISPs track our activities for their own uses, but anything that reduces the flow of information about us is a good thing isn't it? It is the reason why so many virus checkers consider advertising based cookies to be bad and so remove them isn't it?
I will be looking out for more information to find out why this is such a bad idea, but in the meantime I remain unconvinced that it is as incompetent, or ignorantly produced, as some suggest.
There is of course an irony in this post in that I am tracking your movements right now, and using cookies to do it.
The following has been quoted from: Out-Law.com: Proposed changes to cookie laws
Article 5(3) shall be replaced by the following:
Member States shall ensure that the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information, in accordance with Directive 95/46/EC, inter alia about the purposes of the processing. This shall not prevent any technical storage or access for the sole purpose of carrying out the transmission of a communication over an electronic communications network, or as strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service.The Proposed Recital
(66)Third parties may wish to store information on the equipment of a user, or gain access to information already stored, for a number of purposes, ranging from the legitimate (such as certain types of cookies) to those involving unwarranted intrusion into the private sphere (such as spyware or viruses). It is therefore of paramount importance that users be provided with clear and comprehensive information when engaging in any activity which could result in such storage or gaining of access. The methods of providing information and offering the right to refuse should be as user-friendly as possible. Exceptions to the obligation to provide information and offer the right to refuse should be limited to those situations where the technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user. Where it is technically possible and effective, in accordance with the relevant provisions of Directive 95/46/EC, the user's consent to processing may be expressed by using the appropriate settings of a browser or other application. The enforcement of these requirements should be made more effective by way of enhanced powers granted to the relevant national authorities.
1 Comment