> It uses LiveRamp's clean room technology, which lets companies aggregate their data in a privacy-safe environment, without sharing or seeing each other's raw or personally identifiable customer information.
It's apparently not that they directly sell your PII at least.
Lawyers I work with, especially small shops, are extremely excited about AI potentially helping them focus on their clients and automating some of the non law related work they often have to do that keeps them from helping more people or reducing their rate.
I’m assuming they’re only losing money in the hard sense, not in the “soft” sense considering the unimaginable wealth that comes from manipulating millions of people.
If one didn’t have an account with meta they just wouldn’t get the visa then or how does it work?
Does the government have any direct link to meta re what accounts people actually have. I’m surprised people aren’t up in arms about this, I guess it affects mostly visitors and immigrants but the fact that the government needs to see your activity on a private company’s web app is wild to me.
I don't think you want to try that argument with immigration officials, although it might just keep your incorrect answer from being straight up fraud or willful misrepresentation.
Knowing that, it's crystal clear HN falls strictly within that definition of "social media", although it might not be as clear if you don't know what that particular site is.
Googling 'site:gov "justpaste.it"' also brings endless results of government documents mentioning the site in the context of terrorism.
I somewhat doubt US immigration authorities thwarted any would-be terrorists by asking for their justpaste.it username, but what do I know, perhaps this was an important breakthrough in the global war on terror.
You'd be surprised at the number of people who willingly give up their social media accounts, only for immigration officials to find comments in support of terror attacks in the Middle East.
It's pretty easy to think it's harmless if you live in a country where that viewpoint is not uncommon.
That's not surprising at all, but I think the people who could get caught by the justpaste.it thing are not the same people casually praising Hamas on Instagram.
If you're putting terrorism related content on justpaste.it, you're probably pretty deep into the whole thing.
It can be an easy charge of “lying to the government on an official form” when they discover you have a user account somewhere that you didn’t disclose, even if they can’t get anything else to stick.
It does. Most privacy laws are based on time-from-discovery. If they immediately sprung into action at the moment they were informed and remediated the issue, they're in compliance.
Right, that's the problem. There need to be standards that govern what can ever be released to customers/the public in the first place. When violations of those are discovered, the penalties should be based on time from release, so the longer it was out in the wild, the greater the penalty.
But you can't remove something from the internet once it's there, so once it's released, it's expected that it always will be.
It's also impossible to guarantee a 100% secure infrastructure, no matter how good your product team is.
In the grey is a term of art: "best efforts."
If data is leaking, and it wasn't because hackers bypassed a bunch of safeguards, if it can be shown that you didn't use Best Efforts to secure said data, there is liability.
A charitable way of interpreting "best effort" is that it's similar to what I said: we need standards. But the problems with our notion of "best effort" are:
1. The standards aren't clearly defined (i.e., you must specifically do this).
2. They are defined in terms of efforts rather than effects. It is like saying "every car sold must be made of steel" rather than "every car sold must be capable of withstanding an impact against a concrete wall at 60mph with X amount of deformation, etc." We want the rules to determine what level of threat is protected against, not just what motions the company went through. In the case in the article, it wasn't because hackers bypassed a bunch of safeguards; the company didn't protect against even basic threats.
3. It's not enough to have "liability". That puts the onus on individuals to sue the company for their specific damages. We need criminal penalties that are designed to punish companies (and the individuals who direct them) for the harm they do to society by the overall process of rushing ahead selling things instead of slowing down and being careful. We need large-scale enforcement so that companies actually stop doing these things because the cost of doing them becomes too enormous.
4. Our laws do not adequately take account of the differential power of those who cut corners, and the differential gains reaped. We frequently find small operators on the wrong end of painful lawsuits and onerous criminal penalties, while the biggest companies and wealthiest individuals use their position to avoid consequences. Laws need to explicitly take this into account, lowering the standard of proof for penalties against larger, wealthier, and more powerful companies and individuals, and also making those penalties exponentially higher.
So is that true if they find out when the public does too? It seems that disclosing it privately has some upside (protecting the users) and no downside.
> It uses LiveRamp's clean room technology, which lets companies aggregate their data in a privacy-safe environment, without sharing or seeing each other's raw or personally identifiable customer information.
It's apparently not that they directly sell your PII at least.
reply