this post was submitted on 25 Apr 2024
373 points (98.4% liked)

Privacy

31628 readers
775 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
373
Legitimate interest? (lemmy.world)
submitted 5 months ago* (last edited 5 months ago) by [email protected] to c/[email protected]
84 comments fedilink hide all child comments
 

I never consent to give my data away or being tracked, but how do you deal with so called legitimate interest? I tried several times to untick them but it is a long list (in fact at the bottom there is a "vendors" link with even longer, much longer list. It took me 10 minutes to get to the bottom of it once).

My questions:

-how can we trust these so called legitimate interests when they are self defined by companies whose business model relies on your data?

-how can we find out what these legitimate interests are and what data it collects?

-are such companies controlled in any way?

-is this kind of consent form compliant with EU gdpr? (normally opt out is to be as easy as opt in, and there is no "refuse all" for these so called legitimate interests).

-what are your strategies against such sites tracking you? Or am I just being paranoid?

The sheer amount vendors is daunting, the Internet really turned into crap

Edit: when clicking Preferences at the bottom the content of the legitimate interested is spelled out for each vendor, so this replies one of my questions.

(page 2) 34 comments
sorted by: hot top controversial new old
[–] [email protected] 5 points 5 months ago (1 children)

When the government takes your data they will call it legitimate

load more comments (1 replies)
[–] [email protected] 9 points 5 months ago* (last edited 5 months ago) (1 children)

IANAL, but iirc if you're in the eu, legitimate interest is not legal basis for data processing but they may still store it for later use if you ever agree to one of these

load more comments (1 replies)
[–] [email protected] 26 points 5 months ago (7 children)

OP:

posts about tracking and not consenting to give data away

also OP:

uses Google Chrome

[–] [email protected] 28 points 5 months ago* (last edited 5 months ago) (1 children)

Wrong, that's Mulch. Uninstalling and deactivating Google apps is the first thing I do. Android system webview is the tricky one, but Mulch has a webview too. Still the default one manages to creep in sometimes, and deactivating it breaks things that call it specifically. Edit: there is a system webview setting under Developers tools, but Mulch's does not appear there

load more comments (1 replies)
load more comments (6 replies)
[–] [email protected] 12 points 5 months ago (7 children)

https://github.com/cavi-au/Consent-O-Matic

load more comments (7 replies)
[–] [email protected] 20 points 5 months ago

There's no such thing as legitimate interest. Reject what you can, block everything else with adblockers.

[–] [email protected] 2 points 5 months ago (1 children)

This is the exception to prove the rule that the other interests are definitely illegitimate. This is the website telling you that they give away your data for illegitimate purposes.

It's not a surprise. We knew this was true. But seeing it's spelled out like this is a little galling.

Illegitimate: not authorized by the law; not in accordance with accepted standards or rules

The website is basically admitting that they're using your data maliciously, intentionally, by having this distinction.

[–] [email protected] 7 points 5 months ago (1 children)

While you’re right conceptually, this isn’t what the wording means in terms of consent dialogs. Legitimate interest means they can assume, legitimately, that you have an interest in aspects of the site (by you being there) that require X cookies, basically. Ie their product is providing functionality they can assume you’re interested in just by being there, and they’re “pre approving” the tracking/storage for that functionality.

I concur that it’s rubbish and used almost always in a manner that reeks of illegitimacy.

[–] [email protected] 1 points 5 months ago

That's not quite what it means. Legitimate interest is a term from the GDPR, and is one of the legal bases on which a company may process your personal data. Essentially the company has a "legitimate interest" (i.e. reasonable purpose) for which your data must be processed.

Typical examples of legitimate interest are: fraud prevention, direct marketing, or ensuring network/information security of their IT infrastructure.

The rest of your comment is essentially correct though. Notably, the examples above are not exhaustive: legitimate interest is fairly vaguely defined. And there is a process in the GDPR to object to your legitimate interest claim. This has resulted in essentially all data collection companies claiming a generic legitimate interest on your data, and it's up to you to object to all of them individually. This undermines the general "you must opt in to tracking" principles of the GDPR, but until privacy agencies of the EU get around to some enforcement that's how it is.

[–] [email protected] 0 points 5 months ago* (last edited 5 months ago)

Use a script obfuscator. I've been using one for about a decade now and it's extremely easy to tell when companies are doing illegal spying. Looking at YOU ebay. My full name is not GKDSLGFJDS ZKGWKDSF, you fucking assholes. Enjoy the cement shoes when the advertisers you sold "my information" to find out that it's nothing but strings of randomly long random characters, kinda like what happened to twitter when they started lying and saying everyone who used their platform was SUPER into crypto (Yes, this was pre-Elon. All Musk did was bring the nazism of the platform to the surface. For an example of what twitter was really like you need look no further than BlueSky where you need to go out of your want to "disable nazis" because the CEO is convinced the average person wants to see hitler apologia)

[–] [email protected] 115 points 5 months ago* (last edited 5 months ago) (2 children)

Legitimate interest is just bullshit.

Can I have your:

  • wallet
  • emails received
  • telephone number
  • pin code
  • visa card numbers
  • browser history
  • home address
  • dates you won't be home
  • alarm code

I too am legitimately interested in this data.

[–] [email protected] 9 points 5 months ago

Hey, these faceless corporations deserve your info. /s

[–] [email protected] 38 points 5 months ago* (last edited 5 months ago)

Why are you asking for their consent? You're using their personal data on the basis of your legitimate interest.

[–] [email protected] 65 points 5 months ago

They’re legitimately interested in your data.

[–] [email protected] 18 points 5 months ago

Legitimate interest is a way for the vendors to not need your confirmation. In general, your right to privacy is valued against the vendor's right to operate. The most often used example is advertisement: in general, vendors are allowed to advertise, as they want to operate and sell their products. But you have a right to your data (e.g. mail adress, home adress, interests...). So courts have to value what is more important. Another example that most people would agree is that clubs want to show what happens in the club, so they publish pictures from their activities (interest of club to show they are active vs personal right to your image). As not every case goes to court, most vendors see their interest as more important and interpret "legitimate" interest rather loosely. So in general, the idea of legitimate interest is compliant with the GDPR, although I believe most sites use it too liberal.

[–] [email protected] 2 points 5 months ago (1 children)

I use temporary container tabs in Firefox. (Desktop, dunno if that works on mobile)

Every new tab I open opens in its own temporary container unless I've chosen otherwise (like for sites I want to remember logins )

So, even if I accept all the cookies, they all disappear with the temporary container after browsing, and don't connect to any other container - only tabs started (e.g. by clicking links) in the same container.

load more comments (1 replies)
[–] [email protected] 5 points 5 months ago* (last edited 5 months ago)

If it won't let me untick all but the essential cookies easily - close tab, move on.

Recently I realised that some "reject all" options still don't reject the "legitimate" bullshit, so I now avoid those sites too (and no, I don't trust that extensions that claim to reject all for me will actually reject all).

I've got better things to do with my time than scrutinise these cookie pop ups and/or go through lengthy lists individually unticking options. Fuck that noise - don't have minimal respect for users? Then I'm definitely not providing you any of my data (the sites that make it the hardest rarely hold information you can't easily find elsewhere)..

[–] [email protected] 12 points 5 months ago (2 children)

Your browser can block cookies.

[–] [email protected] 10 points 5 months ago

Your browser cannot block server-side abuse of your personal data. These consent forms are not about cookies; they're about fooling users into consenting to abuse of their personal data. Cookies are just one of many many technological measures required to carry out said human rights abuse.

[–] [email protected] 1 points 5 months ago

I just accept all cookies. But I use Firefox Focus which deletes all cookies and browsing history every time I close it!

[–] [email protected] 8 points 5 months ago* (last edited 5 months ago) (1 children)

Have https://noyb.eu/en or https://www.eff.org/ or others never covered this ? If not it would be good to get them interested ?

[–] [email protected] 3 points 5 months ago

what are your strategies against such sites tracking you?

Close and never go there again. If I'm bit enough times, it goes in the hosts file for blocking. If I really need the stuff on there, I try archived versions on web.archive.org or archive.today

[–] [email protected] 1 points 5 months ago

Is that in an Android app? I also hate how there's no refuse all button, and it can take 15 minutes to opt out from all manually. I just use Rethink DNS to block ads and trackers and hope that that's enough.

[–] [email protected] 6 points 5 months ago (1 children)

I thought legitimate interest meant you were legitimately interested in giving up your data to those vendors????

[–] [email protected] 9 points 5 months ago

Nope.

And now hand me over your wallet. You can't deny it, I have legitimate interest.

[–] [email protected] 28 points 5 months ago* (last edited 5 months ago) (2 children)

  1. Depends on the threat model but usually you don't trust them. It's as simple as that

  2. I think the legitimate interest has something to do with giving the data to the government when legally required but it can have other meanings too. Good luck with finding out. Some of them won't tell the truth even if officially asked (unless you work for the government)

  3. Everything is somewhat controlled but in terms of data collection and sharing it is absolutely not (e. g. the users' HIV status data on Tumblr or whatever the thing is called)

  4. Idk about that

  5. Regular protection like Tor, VPN, anti-fingerprinting etc

  6. I wouldn't say you are being too paranoid

  7. Yes the internet has turned into a horrible place

[–] [email protected] 5 points 5 months ago
  1. It's not gdpr compliant in the way shown here or IAB TCF uses it.

Legitimate interest is a sort failsafe which can be used to cover certain exceptions.

  • the datacontrollor must have an exceptional situation, so not on a regular basis.
  • the balance between personal and business interest must be considered carefully under case by case basis.
  • the dataprocessor isn't the one doing the consideration

Automating all this is kind off against all the above.

[–] [email protected] 15 points 5 months ago (2 children)

Legitimate interest is just an out to get around tracking users.

I wouldn't be surprised is many data trackers don't pay attention to any of the permissions and agreements. It's hard to validate they aren't in compliance and it's hard for most people to even challenge these businesses.

Even if these businesses where legally challenged they can just close the business. Then take the same software and start a new business doing the same thing. If you look at the amount of companies you information is shared with under legitimate interests it can be in the order of hundreds.

[–] [email protected] 6 points 5 months ago

I wouldn't be surprised is many data trackers don't pay attention to any of the permissions and agreements. It's hard to validate they aren't in compliance and it's hard for most people to even challenge these businesses.

organizations like la quadrature validate and challenge those businesses. Europe is relatively strict on this subject.

[–] [email protected] 8 points 5 months ago (1 children)

Not hundreds but thousands. I saw one app that claimed to share the data with like 815 partners

[–] [email protected] 10 points 5 months ago (1 children)

This is the worst one I've been subjected to so far. Was on some gaming-related site, don't remember which one

[–] [email protected] 6 points 5 months ago (5 children)

New high score. Nice

load more comments (5 replies)
load more comments
view more: ‹ prev next ›