This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[ripe-list] https://www.ripe.net/ inappropriate javascript

Previous message (by thread): [ripe-list] https://www.ripe.net/ inappropriate javascript
Next message (by thread): [ripe-list] https://www.ripe.net/ inappropriate javascript

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Nick Hilliard (INEX) nick at inex.ie
Fri May 3 12:47:21 CEST 2019

Randy Bush wrote on 03/05/2019 00:31:
> i am curious what technical and management decision processes which
> allowed this to happen.  something broke.

unless the ripe ncc has a hitherto unknown evil conspiratorial agenda, 
I'd assume this happened for the usual reasons: third party trackers 
allow incredibly detailed and useful telemetry information to be 
collected about the performance and usage characteristics of a web site, 
which provides invaluable feedback to the dev and mgmt team, and without 
which it would be really hard for them to do their jobs.

The downside is that all externally-hosted trackers do exactly that: 
they track, and then correlate individual usage profiles across 
different web sites to build up profile information about individual 
users.  And they provide no easy way of removing this information from 
their DBs, nor do they provide a consistent way of declining to 
contribute to this data pool.

In relation to the GDPR, the CJEU is in the process of trying to figure 
out where the privacy responsibilities lie in Case C‑40/17 - Fashion ID 
vs Verbraucherzentrale NRW.  Advocate General Bobek has made a 
non-binding suggestion to the court that this responsibility be shared 
between the web site and the third party tracker site, but no formal 
ruling has been made so far; nor is it clear what the practical 
implications would be for either party.

It would be interesting to see what the consequences would be of 
requesting GDPR requests in the context of this judgement.  How would 
the RIPE NCC handle a request from Jo Bloggs who wanted all her tracking 
data deleted and who wanted to opt out in future?  How would the tracker 
IDs be identified in a way which was comprehensible to the average user? 
  Did she provide informed consent in the first place, or does a footer 
notification at the bottom of the site constitute informed consent that 
she was ok about being tracked from the RIPE NCC to her favourite 
political web site, then to a civil rights site, then to an online 
store, then to a religious advocacy site before settling on her 
favourite online news sources? - at which point the tracker operator has 
gleaned more information about her than she probably knew herself.

The RIPE NCC can't fix this issue, but it would be a good starting point 
to note that the use of trackers raises deeply uncomfortable questions 
about online privacy, with no clear answers.

Nick

Previous message (by thread): [ripe-list] https://www.ripe.net/ inappropriate javascript
Next message (by thread): [ripe-list] https://www.ripe.net/ inappropriate javascript

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ ripe-list Archives ]