Conversation
Notices
-
T man :sex: :puffgiga: :puffpowerroll: (epic music enjoyer) (theorytoe@ak.kyaruc.moe)'s status on Thursday, 13-Feb-2025 00:45:48 JST 
T man :sex: :puffgiga: :puffpowerroll: (epic music enjoyer)
@kravietz
gdpr exists because the EU wants to be the only one allowed to spy on their citizens- † top dog :pedomustdie: likes this.
-
kravietz 🦇 (kravietz@agora.echelon.pl)'s status on Thursday, 13-Feb-2025 00:45:49 JST 
kravietz 🦇
As JD Vance delivered his speech about “European overregulation” and criticized “endless compliance costs imposed on the US companies by GDPR” I have seen some voices from Europe who said something to the effect “I don‘t know a single EU company happy about #GDPR either”.
Well, it’s kind of obvious companies aren’t happy because GDPR was not made to make companies happy but to protect the privacy of consumers 😄
This regulation is based on fundamental differences between US and EU legal systems. In EU, you own and control your personal data. In US it’s owned by whoever managed to extort it from you, and then aggregate, personalise and resell to any other entity anywhere.
For example, if you want to pay higher insurance premium because you have genetic tendencies to diabetes or obesity - well, that’s the US way of doing business, but it’s not the only one, nor it’s somehow axiomatically “better”. And yes, high insurance premiums also have the effect of increasing overall country’s GDP, just as a house burnt and rebuilt also does this magic, yet somehow few people celebrate it 😉
Then someone asked me if I really “feel that my data is better protected thanks to GDPR”. And yes, as a matter of fact the most invasive behavioural profiling aren’t being rolled out by companies like Twitter or Facebook to EU specifically because of GDPR, while in US they just roll them out without asking anyone.
Anyone… of course except for the states which have regulations very similar or even more restrictive than GDPR, such as California. Yet, because California is “their”, these companies and their CEOs with high media presence simply shut up and make their apps compliant with CCPA without all this barking about “how GDPR kills out business”.
It’s the same with EU VAT, about which Vance also whined, whereas US sales tax accounting rules are not even harmonized across states. But hey, you know what? An US business that has to emply a tax consulting company to get multi-state accounting right also increases overall GDP! 😄
So effectively what in US is perceived as each state’s fundamental right, sign of their diversity and key part of their autonomy, in the EU is portrayed as something equivalent to Soviet Union style central planning. And when they post all the memes about “bottle caps” in EU, they of course never mention a gazillion of state-level archaic or absurd regulations which are nonetheless binding, especially if someone likes to build a class lawsuit around them.
And now as Tesla opened a new factory in #China, I’ve never seen Musk make a single critical remark about the overregulation in China, even though it’s even more complex than EU and US taken together due to its vast geographic and administrative diversity.
T man :sex: :puffgiga: :puffpowerroll: (epic music enjoyer) and Aral Balkan repeated this. -
divVerent (divverent@blob.cat)'s status on Thursday, 13-Feb-2025 00:46:09 JST 
divVerent
@kravietz My problem with GDPR is the opposite - namely how it harms big corporations least.
For example, me running a SSH server on my personal vserver became technically illegal as the SSH protocol does not support the necessary disclosures, and happily logs every login attempt to the system log (where it tends to age out after 7 days as no one ever looks there anyway unless something is wrong).
I am aware that this kind of log would be permitted under the GDPR if it were properly disclosed. I would also be required to disclose my home address to the entire world just because I run SSH.
IMHO the very least GDPR should have done would be an exclusion so entities that do not use data in a way that requires explicit permission do not need to comply with the disclosure, legal entity etc. requirements. Maybe further conditioned by not making any profit.
-
divVerent (divverent@blob.cat)'s status on Thursday, 13-Feb-2025 00:46:34 JST
divVerent
@samueljohnson @kravietz It's not been decided by a court, but:
- SSH port is open to anyone.
- Anyone who connects to it - and be it by entering http://ipaddress:22 in the browser address bar - will cause log lines to be written.
- The logging includes the source IP address, which is generally considered PII.
As such, it quite obviously falls into the scope of the GDPR.
As for the logging of the IPs itself, that clearly falls under "legitimate interest" as per Article 6(1) GDPR - so that is fine per se.
Art. 13 GDPR is the real problem with SSH - the right to be informed. The protocol doesn't even provide a _way_ for the connecting individual to be informed about these things.
Clearly the authors of the GDPR did not _intend_ to place 20 million EUR penalties on private individuals who happen to run a vserver with SSH access. And I also presume it won't actually be _applied_ like that. But ultimately it depends on whether someone will file a GDPR compliant, and how the DPA will treat that report. I suppose unless a wild #Gravenreuth appears, people should be safe. -
SamuelJohnson (samueljohnson@mstdn.social)'s status on Thursday, 13-Feb-2025 00:46:35 JST 
SamuelJohnson
@divVerent @kravietz Running SSH on your own server is illegal? Got a credible citation for that?
T man :sex: :puffgiga: :puffpowerroll: (epic music enjoyer) repeated this. -
kravietz 🦇 (kravietz@agora.echelon.pl)'s status on Thursday, 13-Feb-2025 00:49:07 JST
kravietz 🦇
And that’s fine, I personally prefer to be spied upon by one country rather than the whole world including US, China, Cyprus, Seychelles and Russia.
-
T man :sex: :puffgiga: :puffpowerroll: (epic music enjoyer) (theorytoe@ak.kyaruc.moe)'s status on Thursday, 13-Feb-2025 00:52:53 JST
T man :sex: :puffgiga: :puffpowerroll: (epic music enjoyer)
@kravietz
again its more of "what happens when they violate it and are outside the eu"
if the eu blocks a site because of that thats basically orwellian teir action. of course ive never heard of anything like that because the eu is on cordial terms with the us...
but what happens if say a us company is given reason to not care? bureaucracy wont matter if nobody views you as a bureaucratic threat...
also gdpr seems to be arbitrarily enforced, as with most eu tech law† top dog :pedomustdie: likes this. -
T man :sex: :puffgiga: :puffpowerroll: (epic music enjoyer) (theorytoe@ak.kyaruc.moe)'s status on Thursday, 13-Feb-2025 00:54:22 JST
T man :sex: :puffgiga: :puffpowerroll: (epic music enjoyer)
@kravietz i wont claim that im an expert either because i clearly am not
because the claim of "you own and control your data" never seems to actually hold up in reality at least from what ive seen -
kravietz 🦇 (kravietz@agora.echelon.pl)'s status on Thursday, 13-Feb-2025 01:05:15 JST
kravietz 🦇
Do you know that US enforces US income tax against all US citizens regardless of whether they live physically? And Russia enforces Russian censorship laws against any website globally regardless of whether it’s hosted or what language it’s published in?
Countries just do this and there’s nothing surprising in this, but the whole concept of jurisdiction implies that we may not give a shit about Russian or Chinese censorship laws if you live in EU or US because we are outside of their jurisdiction.
That is, unless you start doing business with them, which is why Musk politely registered Twitter International in EU so that he can process his EU income there, and this is why Apple complies with Russian censorship requests for the same purpose.
So if you run an US website you don’t need to care about EU regulations - and Russian, and Chinese, and Australian ones - as long as you start generating income in these countries.
-
7666 (7666@comp.lain.la)'s status on Thursday, 13-Feb-2025 01:06:51 JST 
7666
@divVerent @kravietz @samueljohnson >run ssh scanbot on all IPs announced by an ASN
>generate thousands of lines of logs on anything listening
>ask for log lines to be removed under GDPR
>network operator tells you to fuck off
>sue for damages
>rinse and repeat
time to get rich off the backs of europeans bois† top dog :pedomustdie: likes this. -
Johnny Peligro (mischievoustomato@tsundere.love)'s status on Thursday, 13-Feb-2025 01:11:30 JST 
Johnny Peligro
@theorytoe @kravietz > but what happens if say a us company is given reason to not care?
friend told me that their company just stopped giving service to EU clients when gdpr rolled out. -
Phantasm (phnt@fluffytail.org)'s status on Thursday, 13-Feb-2025 01:12:15 JST 
Phantasm
@theorytoe @kravietz It never holds up, because the protections the EU citizen is supposed to have thanks to GDPR can be mostly avoided through TOS/EULA wording. One of the very few that is always enforceable is the right to be forgotten, but even that can be made to be ludicrously annoying to do, so you just give up.
One of the big selling points for GDPR was that transfer of your data to 3rd parties had to be disclosed. So what did the companies do? They've put those connections on page 60 of their TOS/EULA that literally nobody reads. Part of GDPR successfully avoided.
On a related note. The mandated cookie banners and their option buttons aren't supposed to have "dark patterns" (bright color for the "fully agree" option and a normal bg color for the "Allow only essential" option). Goes how many of those cookie banners actually follow this rule... Basically none of them. Or another option to bypass this rule is to create payment options for your site related to ad tracking for example, make all the buttons have the same shape and color. That's it, now everybody will agree to the "full" tracking, because other options are behind a paywall.
Basically every EU law related to tech is a joke similar to this.† top dog :pedomustdie: likes this. -
T man :sex: :puffgiga: :puffpowerroll: (epic music enjoyer) (theorytoe@ak.kyaruc.moe)'s status on Thursday, 13-Feb-2025 01:14:04 JST
T man :sex: :puffgiga: :puffpowerroll: (epic music enjoyer)
@kravietz
again, none of it matters if you literally dont care what anybody else says. Russia can get away with getting ignored because they actually have big infrastructure to work with. The EU? the moment the US stops caring about the EU, the moment the eu will be technologically crippled because of their dependence... -
T man :sex: :puffgiga: :puffpowerroll: (epic music enjoyer) (theorytoe@ak.kyaruc.moe)'s status on Thursday, 13-Feb-2025 01:14:32 JST
T man :sex: :puffgiga: :puffpowerroll: (epic music enjoyer)
@phnt @kravietz
yeah this
every kind of eu law in tech seems to be some form of reaction to something happening in the market that the EU doesnt like so they law it away, but it only really ends up hurting those who had nothing to do with it in the first place -
SamuelJohnson (samueljohnson@mstdn.social)'s status on Thursday, 13-Feb-2025 01:16:08 JST
SamuelJohnson
@divVerent @kravietz An IP address does NOT identify a person. At best it identifies a device or an Internet connection at a particular moment. It itself reveals nothing about a specifically identifiable person.
I suggest you also look up exemptions from application of GDPR. Individuals and entities not subject to GDPR are not "technically" breaking the law when it simply doesn't apply to them.
-
divVerent (divverent@blob.cat)'s status on Thursday, 13-Feb-2025 01:16:09 JST
divVerent
@samueljohnson @kravietz My reference for IP addresses generally counting as personal identifiers is https://gdpr.eu/eu-gdpr-personal-data/
Maybe gdpr.eu isn't a credible source... ;)
One could argue whether the identifier _itself_ counts as personal data, too, though. This is somewhat unclear. -
SamuelJohnson (samueljohnson@mstdn.social)'s status on Thursday, 13-Feb-2025 01:16:10 JST
SamuelJohnson
@divVerent @kravietz Your assertion that an IP address is "generally considered PII" is entirely false and you cannot provide a citation from any credible source to support that proposition.
I suggest you look up some definitions of PII and then consider the many reasons why an IP address is never included.
Better not to spread misinformation.
-
divVerent (divverent@blob.cat)'s status on Thursday, 13-Feb-2025 01:16:37 JST
divVerent
@samueljohnson @kravietz From what I understand, no GDPR exemption applies to "I want to use SSH to access my own server" or "I want to run a Quake server that does not log".
In fact, the latter distributes usernames and in-game chat to other players, and that alone is data processing and sharing. -
Phantasm (phnt@fluffytail.org)'s status on Thursday, 13-Feb-2025 01:17:12 JST
Phantasm
@theorytoe @kravietz They only serve as a way to go on witch hunts against Apple/Microsoft/Google. Those are basically the only three tech companies whose non-compliance usually gets enforced. Although for laughable fines. -
T man :sex: :puffgiga: :puffpowerroll: (epic music enjoyer) (theorytoe@ak.kyaruc.moe)'s status on Thursday, 13-Feb-2025 01:18:02 JST
T man :sex: :puffgiga: :puffpowerroll: (epic music enjoyer)
@kravietz @phnt @mischievoustomato
>delete cookies on exit -
kravietz 🦇 (kravietz@agora.echelon.pl)'s status on Thursday, 13-Feb-2025 01:18:03 JST
kravietz 🦇
I never click Accept all if there’s Refuse All or Necessary Only, which is like 90% cases.
-
Johnny Peligro (mischievoustomato@tsundere.love)'s status on Thursday, 13-Feb-2025 01:18:04 JST
Johnny Peligro
@phnt @kravietz @theorytoe Did the cookie banners do anything but make people blindly click "accept all" every time? I think there's an extension that does that -
menherahair (menherahair@eientei.org)'s status on Thursday, 13-Feb-2025 01:19:04 JST 
menherahair
@theorytoe @kravietz >also gdpr seems to be arbitrarily enforced, as with most eu tech law
it has to be enforced by countries and not actual eu which just supplies leverage, so in most places you can kill yourself because they love bigmac and not spending money on intercontinental legal shit more than they hate discord pedophiles and failed login attempts in 2 days worth of syslogs -
Johnny Peligro (mischievoustomato@tsundere.love)'s status on Thursday, 13-Feb-2025 01:22:20 JST
Johnny Peligro
@kimapr @kravietz @theorytoe @phnt I don't want anything to be randomly broken and I genuinely don't give half a shit about cookies T man :sex: :puffgiga: :puffpowerroll: (epic music enjoyer) repeated this. -
T man :sex: :puffgiga: :puffpowerroll: (epic music enjoyer) (theorytoe@ak.kyaruc.moe)'s status on Thursday, 13-Feb-2025 01:22:20 JST
T man :sex: :puffgiga: :puffpowerroll: (epic music enjoyer)
@mischievoustomato @kravietz @phnt @kimapr
and as far as the relative privacy gain? not really that much depending on if you accept or not -
kimapr (kimapr@ublog.kimapr.net)'s status on Thursday, 13-Feb-2025 01:22:23 JST 
kimapr
@mischievoustomato @kravietz @theorytoe @phnt that sounds like a stupid extension. why not make one that clicks "accept none" instead (or whatever fucked up convoluted equivalent the corpos concoct) -
waifu (waifu@mai.waifuism.life)'s status on Thursday, 13-Feb-2025 01:24:07 JST
waifu
@mischievoustomato@tsundere.love @kimapr@ublog.kimapr.net @kravietz@agora.echelon.pl @theorytoe@ak.kyaruc.moe @phnt@fluffytail.org wtf but cookies are awesome sometimes they have chocolate chips
T man :sex: :puffgiga: :puffpowerroll: (epic music enjoyer) repeated this. -
T man :sex: :puffgiga: :puffpowerroll: (epic music enjoyer) (theorytoe@ak.kyaruc.moe)'s status on Thursday, 13-Feb-2025 01:26:17 JST
T man :sex: :puffgiga: :puffpowerroll: (epic music enjoyer)
@kravietz @phnt
>It never starts from “EU doesn’t like”, it’s always “EU citizens don’t like”.
you missed my point earlier, its even been about the EU citizen, it never was
if it was about EU citizens, the EU would be making in-house software or contracting eu companies to make software that actually respected the rights of citizens rather than writing pages of legal bullshit to fine US companies whenever they feel like it.
if you go the the point of "I only want to be spied on by the EU", you miss the whole point of trying to have privacy in the first place! the government can do whatever the fuck they want with your data regardless of what you say because they are the government... -
kravietz 🦇 (kravietz@agora.echelon.pl)'s status on Thursday, 13-Feb-2025 01:26:18 JST
kravietz 🦇
It never starts from “EU doesn’t like”, it’s always “EU citizens don’t like”. I’m EU citizen and I don’t like my every move being tracked, analyzed, monetized and resold by some shady company running in Seychelles. And I don’t give a shit about the business profits of an US citizen running a company in Seychelles any more than he gives about mine.
T man :sex: :puffgiga: :puffpowerroll: (epic music enjoyer) repeated this. -
Phantasm (phnt@fluffytail.org)'s status on Thursday, 13-Feb-2025 01:26:19 JST
Phantasm
@waifu @theorytoe @kravietz @kimapr @mischievoustomato
>clicks accept all
>cookies have been dispatched to your location, enjoy -
T man :sex: :puffgiga: :puffpowerroll: (epic music enjoyer) (theorytoe@ak.kyaruc.moe)'s status on Thursday, 13-Feb-2025 01:26:50 JST
T man :sex: :puffgiga: :puffpowerroll: (epic music enjoyer)
@phnt @kravietz @waifu @mischievoustomato @kimapr
cookie dronestrike -
T man :sex: :puffgiga: :puffpowerroll: (epic music enjoyer) (theorytoe@ak.kyaruc.moe)'s status on Thursday, 13-Feb-2025 01:29:22 JST
T man :sex: :puffgiga: :puffpowerroll: (epic music enjoyer)
@mischievoustomato @kravietz @phnt
>china copies
I mean they have innovated more than the us has in recent years -
Johnny Peligro (mischievoustomato@tsundere.love)'s status on Thursday, 13-Feb-2025 01:29:23 JST
Johnny Peligro
@theorytoe @kravietz @phnt
> if it was about EU citizens, the EU would be making in-house software or contracting eu companies to make software that actually respected the rights of citizens rather than writing pages of legal bullshit to fine US companies whenever they feel like it.
america invents, china copies, europe regulates -
T man :sex: :puffgiga: :puffpowerroll: (epic music enjoyer) (theorytoe@ak.kyaruc.moe)'s status on Thursday, 13-Feb-2025 01:34:57 JST
T man :sex: :puffgiga: :puffpowerroll: (epic music enjoyer)
@kravietz @phnt
>“the government can do whatever the fuck they want with your data”.
who is stopping EU from doing such a thing... the law? they *make* the law they can tweak it however they want to... Sure people wouldn't like it, but since when has that been a deterrent for any government? Historically speaking, not many.
again, if youre a schizo about privacy these things are obvious outright -
kravietz 🦇 (kravietz@agora.echelon.pl)'s status on Thursday, 13-Feb-2025 01:34:58 JST
kravietz 🦇
I don’t know what “the government” you’re talking about because, thanks to GDPR, I have no idea who you are and where you’re from. From your rather pessimistic stance, I imply you must be living in Russia or North Korea… Neither in US nor EU “the government can do whatever the fuck they want with your data”.
-
T man :sex: :puffgiga: :puffpowerroll: (epic music enjoyer) (theorytoe@ak.kyaruc.moe)'s status on Thursday, 13-Feb-2025 01:37:24 JST
T man :sex: :puffgiga: :puffpowerroll: (epic music enjoyer)
@sun @kravietz @phnt
from some hunting on official sites, not explicitly... -
Angry Sun (sun@shitposter.world)'s status on Thursday, 13-Feb-2025 01:37:25 JST 
Angry Sun
@theorytoe @kravietz @phnt does the gdpr apply to government, i didn't think it did -
7666 (7666@comp.lain.la)'s status on Thursday, 13-Feb-2025 01:53:08 JST
7666
@kravietz @theorytoe @phnt oh yeah? Did EU citizens not like E2E encryption too? because if so y'all can fuck right off
https://www.forbes.com/sites/larsdaniel/2024/12/19/eus-chat-control-the-end-of-private-messaging-as-we-know-it/ -
T man :sex: :puffgiga: :puffpowerroll: (epic music enjoyer) (theorytoe@ak.kyaruc.moe)'s status on Thursday, 13-Feb-2025 01:53:50 JST
T man :sex: :puffgiga: :puffpowerroll: (epic music enjoyer)
@7666 @kravietz @phnt
my point stands... -
Johnny Peligro (mischievoustomato@tsundere.love)'s status on Thursday, 13-Feb-2025 01:54:45 JST
Johnny Peligro
@kravietz :gura_sus: 1e+6 litres :flag_china: likes this. -
T man :sex: :puffgiga: :puffpowerroll: (epic music enjoyer) (theorytoe@ak.kyaruc.moe)'s status on Thursday, 13-Feb-2025 02:05:46 JST
T man :sex: :puffgiga: :puffpowerroll: (epic music enjoyer)
@kravietz @7666 @phnt
"instead of making a cultural precedent for parents to control and limit their children's activity online we will instead make vague laws that can be arbitrarily enforced with no repercussions" -
kravietz 🦇 (kravietz@agora.echelon.pl)'s status on Thursday, 13-Feb-2025 02:05:47 JST
kravietz 🦇
Chat Control is probably the only example of an EU digital regulation that I disagree… except it’s not a law and it’s far from it That’s how every democratic country works - some people see a problem and propose a fix, and then they’re having a debate. There certainly is a real problem in what Chat Control wants to fix, the debate is about whether the fix is proportional and doesn’t cause more problems. So far it seems it’s not proportional and it does cause more problems, which is why the law is being discussed.
What most people don’t understand about EU is that it’s not some single commission sitting in Brussels, it’s 27 Member States with delegates to the European Commission, then dozens of technical commissions and bodies, and then 700+ elected people in European Parliament.
Of course there’s debates and proposals being raised all the time, including ones we don’t like.
At the same time the typical news cycle of an average EU critic looks like this:
- Not giving a shit about the regulation while it’s being proposed and debated for five years
- Seeing a random article hyping moral outrage from an organisation that has a vested interest against this particular wording that has been agreed
- Post some angry “stupid EU wants X” comments online, sign a petition
- Back to item 1
-
T man :sex: :puffgiga: :puffpowerroll: (epic music enjoyer) (theorytoe@ak.kyaruc.moe)'s status on Thursday, 13-Feb-2025 02:28:20 JST
T man :sex: :puffgiga: :puffpowerroll: (epic music enjoyer)
@kravietz @7666 @phnt @ElDeadKennedy
ah yes "I want to infringe human rights" is comparable to this... -
DulceKennedy (eldeadkennedy@shitposter.world)'s status on Thursday, 13-Feb-2025 02:28:21 JST 
DulceKennedy
@7666 @kravietz @theorytoe @phnt huh eu citizens like weird stuff -
kravietz 🦇 (kravietz@agora.echelon.pl)'s status on Thursday, 13-Feb-2025 02:28:21 JST
kravietz 🦇
I read in Alabama it’s illegal to dress as a priest for Halloween, but I wouldn’t generalize it as “haha stupid US citizens can’t dress as a priest”. Different people say different things. That guy on video isn’t the sole authority on the EU law and he’s expressing his opinion. You may agree or not, but it’s not binding.
-
Phantasm (phnt@fluffytail.org)'s status on Thursday, 13-Feb-2025 02:28:52 JST
Phantasm
@7666 @kravietz @theorytoe Because basically every member state treats EU elections as a way to get rid of politicians they don't want at home. Failed politicians get payed more compared to being in a government/opposition and the voters don't have to deal with their stupid ideas at home. It's basically a win-win situation. And that's why EU proposals are mostly stupid, because they are made by largely stupid politicians nobody wants in their own government.
The problem is that this voting behavior potentially exposes everybody to even more stupid ideas that are above laws of every member, but nobody cares about that. Eventually this problem will solve it self. The question is when. -
7666 (7666@comp.lain.la)'s status on Thursday, 13-Feb-2025 02:28:57 JST
7666
@kravietz @theorytoe @phnt why does it take the EU five years to figure out that their shitty idea is shitty -
Debacle (debacle@framapiaf.org)'s status on Thursday, 13-Feb-2025 23:13:36 JST 
Debacle
"And I don‘t know a single #sweatshop happy about #labour safety laws either."
"And I don‘t know a single #pimp happy about #sexworkers rights either."
"And I don‘t know a single chemical #waste dump happy about #environment protection rules either."
If #JDVance criticises our #GDPR, the #EU did the right thing!
All 076萌SNS content and data are available under the