Google's "infamous 'Web & App Activity' controls for paid users of Google Workspace" is "split up into two settings" …HOWEVER, "Google is taking advantage of this settings split to re-enable some tracking features, even if users have previously opted out"
arstechnica.com/gadgets/2022/0…
"The crux of those earlier privacy lawsuits was that having privacy settings bizarrely split across two switches was unnecessarily confusing. Now, with Search History, privacy settings are split across three switches" 🤡
"Regarding the promise to not use data from 'Workspace core services', Google's statement doesn't cover Google Search ... which is the primary vector for Google ads and data for Google ads. That's right—the 'Search History' setting from Google doesn't cover Google Search history"
Tbh, I don't understand all those settings in detail, who does?

Anyway, never ever believe Google when it claims to "put you in control". Google has long been systematically exploiting 'choice' as a cover and basis for its multi-billion data business #choicearchitecture
We shouldn't let platforms with such a massive infrastructural power design 'choices' that affect billions.

Actually, we shouldn't even discuss whether those 'choices' do what they claim to do. Google settings exegesis just plays into their strategy of using 'choice' as a cover.
If we continue to allow them to use 'choice' to make billions subject to their business model, we need to mandate by law defaults and the exact wording+UI.

But we shouldn't. Utility-scale services must be banned from exploiting data for purposes other than providing the service.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Wolfie Christl

Wolfie Christl Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @WolfieChristl

Feb 14
In a few cases, it is perhaps possible to discuss the 'value' of personal data in itself, e.g. data sets to train and validate ML models.

In many cases, however, the value an organization can extract from data depends on its capacity to directly or indirectly apply it to people.
I think, the value an organization can extract from personal data depends on its direct or indirect control over a sociotechnical system's capacity to *act on* individuals and groups, to decide about how to treat people, target them, mediate their choices or behaviors etc.
The most direct form of such a capacity to act on people based on personal data is the 'customer relationship', e.g. with loyalty program members, magazine subscribers, bank customers ...or users who registered at an online service, downloaded an app or bought a networked device.
Read 11 tweets
Jan 31
I want to share some more details about what we found in our investigation into gambling data that are highly relevant to GDPR enforcement and privacy regulation at large.

For example, this is how companies share personal data with each other during a bunch of 'cookie syncs'. Image
I guess rarely anyone has ever analyzed the data flows during only a few 'cookie syncs' at such a level of detail.

It's not about 'cookies' but about an ongoing exchange of personal identifiers that many data companies use to recognize, track and follow everyone across websites.
The chart shows data transmissions we observed during only a few visits to skycasino.com, which initiated requests to the adtech firm MediaMath, which shared the ID it uses to recognize a user with many other firms and initiated further personal data processing by them. Image
Read 31 tweets
Jan 31
We observed that a Sky Bet gambling site transmitted extensive personal data on gambling activities to FB, Google, Microsoft, Adobe and to the TransUnion subsidiaries Signal and Iovation.

When asked about it under the GDPR, they mostly failed to disclose what data they process.
For example, when a user deposited cash at Sky Bet, the website immediately informed FB, Google, Microsoft, Adobe, MediaMath and Signal (TransUnion) about the exact amount deposited.

Several third-party data companies including Google and FB received data on almost every click.
In total, we observed 2,154 data transmissions to 44 third-party companies during only 37 visits to Sky Bet gambling sites.

The TransUnion subsidiary Signal created an extensive digital profile about a person who was a heavy Sky Bet user and lost a lot.
Read 8 tweets
Jan 27
The online gambling industry can exploit data in the most harmful way, by monitoring and manipulating the behaviours of vulnerable people.

🆕 We examined how a major UK gambling firm tracks and profiles players, and how it shares sensitive data with many other data companies ⬇️ Image
We've been working on it for more than a year, probably the most detailed investigation into data flows in the online gambling industry to date, commissioned by @cleanupgambling

You can download our report (plus a technical report) here, published today:
cleanupgambling.com/news/cracked-l… Image
"A major betting company harvested troves of data from a suicidal gambling addict to target his weaknesses and predict his losses ... [and] to groom the high-value gambler that they wanted to win back"

The Daily Mail's story about it:
thisismoney.co.uk/money/markets/…
Read 40 tweets
Jan 25
Google/FB vs. 1000s of small firms in surveillance advertising is like 2 giant retailers selling toxic food and abusing their monopoly power vs. 1000s of small firms selling toxic food.

Helping the small firms to better sell toxic food so the giants lose power is not a solution.
Yep going after the small firms' toxic food sales may further increase the power of the giants selling toxic food.

But that doesn't mean going after the small firms is bad. It just means that, at the same time, going after the giants' toxic food sales and power is required, too.
Of course, small toxic food is a part of big toxic foods' supply chain.

Now imagine a new law would make it more difficult to handle toxic food for everyone. What should big toxic food do?
Read 14 tweets
Jan 16
Just tried to help a friend who runs a very small local business that has nothing to do with online marketing but uses a popular cloud-based website system to draft a GDPR-compliant data/privacy policy that makes sense. Almost impossible.
Of course, it's not the law that is to blame, but the cloud services provider, its invasive personal data processing plus third-party embeds that cannot be turned off, as well as the lack of GDPR enforcement against such services, which is why they still exist as they exist.
It's not the first time I've been struggling with such advice. Don't wanna name the system because I spent already enough time with it on a Sunday evening, but no, building a hand-crafted website or setting up a custom CMS is not an option for many.
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

:(