Jump to content

Didn't give permission to share data? Still happens


S00perb

Recommended Posts

I have been saying for ages that just because you don't give permission fot your data to be collected, doesn't mean it doesn't get collected

http://www.theregister.co.uk/2017/11/22/permissionless_data_slurping_google/

Quote

 Android phones send location data to Google without you even knowing it.

Google received the data even if you didn't have a SIM card in your phone, and everything else was turned off.

 "Who is in control, here?" Firstly, can you turn it off? If you can't turn it off then obviously you are not in control.

Secondly, do you know it's happening? If you don't know it's happening, you're not even in a position to turn it off.

This entirely changes the terms of that human-machine relationship.

 

"But that is illegal" people say

Yep - still doesn't mean it doesn't happen

Edited by S00perb
  • Like 1
Link to comment
Share on other sites

And when you give ONE company permission to collect your data - they loose it and don't tell you about it for over a year:

 

Quote

"huge concerns about Uber's data policies and ethics" following a breach that exposed the details of 57 million customers and drivers.

http://www.bbc.co.uk/news/technology-42079937

Quote

The 2016 breach was hidden by the ride-sharing firm which paid hackers $100,000 (£75,000) to delete the data.

The company's former chief executive Travis Kalanick knew about the breach over a year ago

http://www.bbc.co.uk/news/technology-42075306

 

Link to comment
Share on other sites

Data protection is a gimmick, basically an exercise in liability protection. TPS say that once registered, firms MUST consult the data register before phoning the person/number.EXCEPT, where the person has given the number to the sales department. If I use one of web comparison sites for, say insurance, I  always type in 01234567890. If I accept the quote, I then phone the firm to correct the number with the stipulation that Marketing are informed that this number is for admin purposes only.

As for email address farming, I now use disposable addresses from my email site, and for other sites, I use site sensitive email addresses ( in the order of joe_M.bloggs@yahoo for a firm with first letter M.For online purchases I include a letter ( M in this case), in the  delivery address, so I can trace any selling on of customer data.

Link to comment
Share on other sites

Look, getting a fine is just another risk for a business.

The max fine for a DP breach (now) is £500,000.

 

That's not even a rounding error for Google or Uber.

If I can make £10B annually from exploiting your data illegally with a risk of a fine of £500k once a decade that'sa  pretty good business decision. Unethical clearly but economically sound.

 

Plus I've probably got access to enough lawyers and lobbiests to ensure that the fine never exits the courtroom paperwork.

 

GDPR will up fines to 4% of global turnover but again these companies can probable keep it in court for decades or threaten to withdraw from a region levering political influence to drop cases.

And if you want to use these services you need to hand over data.

 

And even if you don't they'll still get your data through 3rd parties.

 

 

  • Like 3
Link to comment
Share on other sites

On 23/11/2017 at 09:53, S00perb said:

I have been saying for ages that just because you don't give permission fot your data to be collected, doesn't mean it doesn't get collected

http://www.theregister.co.uk/2017/11/22/permissionless_data_slurping_google/

 

"But that is illegal" people say

Yep - still doesn't mean it doesn't happen

 

Well we all have a clear choice. Accept it or get off the internet.

 

 

Edited by camelspyyder
Link to comment
Share on other sites

32 minutes ago, camelspyyder said:

 

Well we all have a clear choice. Accept it or get off the internet.

 

 

Far from it............

You just need to be:

 - aware that data loss and data trading happens

 - willing to put some thought into how dangerous loss of your data is (e.g. identity theft)

 - willing to put a little effort into creating temporary alias identities

 

As a previous poster mentioned - for email: use Trashmail - https://trashmail.com/

This is an alias identity. once set up, all you have to do is right click in a box asking for your email and you paste a unique alias identity and you get emails to your real email address without the requester knowing your real email. If the requester looses data - you just delete that alias.

Paypal is another form of alias (though deleting the account and starting a new one is not so simple yet. Still easier than restarting your bank account and credit rating from zero)

 

The main thing to remember is NEVER give out your REAL data unless you absolutely have to.

e.g. My electricity supplier does not have my date of birth. They ask - they don't get. They don't need it, so I refuse to give it. They want paying, so they relent. Likewise for anyone that wants my mobile number, unless I want them to phone me of course, but I don't give ity out to just anyone that asks. I have lost count of the number of times I have been told "we can't set up you account without you email and phone number", I say "I don't have one", they manage to set the account up!

 

The real art is getting yourself REMOVED from data sets that are traded. A subject covered in an upcoming book that I will be sure to let you all know about when I have finished it!

 

But just to help out now:

A human can spot a typo. A computer rarely can. A database simply can’t see that John Smith and John Smth are the same person. A postman with your post code can deliver your mail to 1 farm place or 1 farn place or 1 tarn place – a computer sees 3 different addresses

 

The key is - never give out your real data unless you really have to - and you very rarely have to. Keep using the internet, just beware.

 

 

Link to comment
Share on other sites

52 minutes ago, camelspyyder said:

 

Well we all have a clear choice. Accept it or get off the internet.

 

 

 

I don't think that's a fair comment any more. Services are increasingly digital only, interaction with government is almost certainly going to be via the web only in the future.  A large portion of UK Gov uses Google mail services. Then you have the NHS selling processing your data through Google's Deepmind AI with insufficient data protection within the contract.

 

So you have to avoid Government and the NHS which is hard.

If you go private for your healthcare you can be sure they will be actively monetising you. Plus the Gov will hunt you down to get your data.

 

Most CCTV will be getting hooked up to facial recognician and if you don;t want you picture taken they'll just grab it from your passport or driving license submission.

All smart phones have tracking technology built in and there is a limited amount within basic phones too.

 

Basically getting scanned into the internet is to all intents and purposes impossible to avoid now.

Link to comment
Share on other sites

5 minutes ago, S00perb said:

The main thing to remember is NEVER give out your REAL data unless you absolutely have to.

e.g. My electricity supplier does not have my date of birth. They ask - they don't get. They don't need it, so I refuse to give it. They want paying, so they relent. Likewise for anyone that wants my mobile number, unless I want them to phone me of course, but I don't give ity out to just anyone that asks. I have lost count of the number of times I have been told "we can't set up you account without you email and phone number", I say "I don't have one", they manage to set the account up!

 

 

 

 

Under the GDPR it will actually be illegal to ask for more data than is needed. But that's only within the EU and other complying regions (UK will/must comply post Brexit).

 

Unfortunately most big businesses will defer to US law which practically has no real DP for consumers.

 

Edited by Aspman
Link to comment
Share on other sites

Just now, Aspman said:

 

Under the GDPR it will actually be illegal to ask for more data than is needed. But that's only within the EU and other complying regions (UK will/must comply post Brexit).

 

 

Its currently not legal to retain data that is no longer in use. Not one company that I have worked with has adequate systems in place to comply with this law.

Take action yourself, don't rely on laws. The law makers are far too old to understand what is actually going on with data.

  • Like 1
Link to comment
Share on other sites

13 minutes ago, S00perb said:

Its currently not legal to retain data that is no longer in use. Not one company that I have worked with has adequate systems in place to comply with this law.

Take action yourself, don't rely on laws. The law makers are far too old to understand what is actually going on with data.

 

That is true and oddly hard to comply with. We have large systems built by major companies like Northgate or Seimens which have no facility to delete data.

But also it's not valid to collect more data than you need now as well. So I shouldn't need to provide a DOB, Sexual preference and inside leg to pay a bill but they still ask.

 

What remains to be seen is how sharp the teeth of GDPR will be. 2018 will be a bit of a false dawn the ICO will go easy for a while.

Link to comment
Share on other sites

  • 3 weeks later...

Someone mentioned phone numbers. On compare sites, I use 01234567890 .then if I accept a quote, I'll ring them up and give correct number, but never the house number. Always a PAYG mobile.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Community Partner

×
×
  • Create New...

Important Information

Welcome to BRISKODA. Please note the following important links Terms of Use. We have a comprehensive Privacy Policy. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.