amuck-landowner

Privacy as performativity

HN-Matt

New Member
Verified Provider
Continuing on from -

Are 'privacy policies' mere old timey, atavistic, decorative amendments to your Professional Business Websites or 'actual legal concepts' embedded in the hypertext with weighted 'real life' consequences?
But yeah customer privacy is something this industry has small to mid sized problem with. I see customer screencaps and data that companies shouldn't be saying to customers too often.
I've started reselling dedicated servers from DataShack this month, in step with America's recent nation-wide rejection of the Confederate flag. One of the things that impressed me about them was this particular proviso in the "Security/Abuse" section of their ToS:

2. We do not participate in any government mass collection of data. If this provision disappears you will know we have been involuntarily compelled to take part in such a program.
The proviso may seem misplaced, as in, "why doesn't it appear in the Privacy Policy instead?" At the same time, I think "Abuse" is an apt way to contextualize the prospect of being involuntarily compelled to partake in such programs of mass collection. Or, even worse, being subject to the invisible silences and ongoing exploitations of said collection without any knowledge of the who/what/where/when/why & hows of it.

IMO such provisos should be a given or an industry standard when it comes to web hosting, yet I don't recall ever seeing anything similar in any other host's ToS. Since the sentiment obviously doesn't go without saying in today's world, I think the reason for its general absence at the level of ToS agreements is probably very fascinating, to say the least.
 

DomainBop

Dormant VPSB Pathogen
2. We do not participate in any government mass collection of data. If this provision disappears you will know we have been involuntarily compelled to take part in such a program.
IMO such provisos should be a given or an industry standard when it comes to web hosting, yet I don't recall ever seeing anything similar in any other host's ToS. Since the sentiment obviously doesn't go without saying in today's world, I think the reason for its general absence at the level of ToS agreements is probably very fascinating, to say the least.
Not common with web hosting providers but "warrant canaries" like that are used by many VPN providers who operate in the US (example: https://www.ivpn.net/resources/canary.txt )
 
Last edited by a moderator:

HN-Matt

New Member
Verified Provider
Special note should be taken if these messages ever cease being updated, or are removed from this page. However this scheme is not infallible. Although signing the declaration makes it impossible for a third party to produce arbitrary declarations, it does not prevent them from using force to coerce IVPN to produce false declarations.
Interesting. I can see why open engagement on the subject might be more of a focus or politically urgent in the VPN world. Still, that isn't much of a reason for its absence in other areas of hosting.
 

HN-Matt

New Member
Verified Provider
“You will certainly understand that the panel’s request doesn’t appear justified at all,” Hacking Team’s CEO David Vincenzetti wrote in a response in February to the UN. “Each further request from the panel appears to be a violation—unjustified and unjustifiable in any way—of the right of commercial confidentiality which we consider a primary right, worth the largest protection from the law.”
 
Last edited by a moderator:

drmike

100% Tier-1 Gogent
I've started reselling dedicated servers from DataShack this month, in step with America's recent nation-wide rejection of the Confederate flag. One of the things that impressed me about them was this particular proviso in the "Security/Abuse" section of their ToS:


The proviso may seem misplaced, as in, "why doesn't it appear in the Privacy Policy instead?" At the same time, I think "Abuse" is an apt way to contextualize the prospect of being involuntarily compelled to partake in such programs of mass collection. Or, even worse, being subject to the invisible silences and ongoing exploitations of said collection without any knowledge of the who/what/where/when/why & hows of it.


IMO such provisos should be a given or an industry standard when it comes to web hosting, yet I don't recall ever seeing anything similar in any other host's ToS. Since the sentiment obviously doesn't go without saying in today's world, I think the reason for its general absence at the level of ToS agreements is probably very fascinating, to say the least.
I am glad someone is reading docs for a change.  Congrats!

Now, I am going to stop you right there.

What caught your eye is this:


We do not participate in any government mass collection of data. If this provision disappears you will know we have been involuntarily compelled to take part in such a program.

So this is to provide a canary in coal mine sign is it? Hrrmmm.

There are other interesting ToS entries worthy of umm review.  Lots of prohibitions and some over the top.

Now I recall Aaron in relation to ARIN matters having a quote that shook me to my spine.  It in essence said that he had 'special' permission to sell to Iranians.  This happened years ago.  The embargo always existed and selling still to Iran isn't legal.  Enforcement is another story.  It wasn't him saying I don't give two craps about the embargo and implications, it was him in ARIN matters saying his shop was EXEMPT.

Now the exemptions aren't just handed out nicely just cause.  You have to apply for such and Treasury Department is nothing to go about lightly with an application.   Or there is some other side story to the exemption like operating a honeypot network.

I don't see this mattering as it is buried in terms anyway.... Not like they promote it or have an active site they maintain. Is it good face value? Sort of.

PS: I realize you are on the Confederate hate bandwagon.... Datashack / Wholesale is a gun totting shop.  Guys there pack heat and have been public prior about that.  If that's on the naughty list... just saying.
 

HN-Matt

New Member
Verified Provider
Now I recall Aaron in relation to ARIN matters having a quote that shook me to my spine.  It in essence said that he had 'special' permission to sell to Iranians.  This happened years ago.  The embargo always existed and selling still to Iran isn't legal.  Enforcement is another story.  It wasn't him saying I don't give two craps about the embargo and implications, it was him in ARIN matters saying his shop was EXEMPT.

Now the exemptions aren't just handed out nicely just cause.  You have to apply for such and Treasury Department is nothing to go about lightly with an application.   Or there is some other side story to the exemption like operating a honeypot network.
 Made me think of that 'Cuban twitter' scandal.

PS: I realize you are on the Confederate hate bandwagon....
Not really, see

Datashack / Wholesale is a gun totting shop. Guys there pack heat and have been public prior about that. If that's on the naughty list... just saying.
Yeah, it says that openly in their Terms. I may have certain opinions, but I don't think it's for me to tell people I've never met how to live or behave. I like the internet because it allows for experimenting remotely through/with different countries and places, but I don't care to step on toes or try to impose a sense of morality on somewhere I'm not from. I simply provide a means for anyone to receive a 10% discount on servers priced >= $49 from DataShack's already low-priced offers. People can do their own research and take it or leave it, no skin off my back either way. (By the way, I wasn't even aware of all the Confederate flag hysteria going on when I started offering their servers. An interesting coincidence, I guess?)
 
Last edited by a moderator:

joepie91

New Member
I'd like to see more datacenters including warrant canaries. For them to really work, they need to run up to the top of the chain.
 

HN-Matt

New Member
Verified Provider
@joepie91 true, it's probably kind of a symbolic gesture or 'beau geste' at best. Still, even that is better than the total absence of the willingness to express the thought in public at all, imo (as seems to be the norm with most providers). I guess the thought is that it's better to just sit passively/idly, don't say anything, and hope it isn't happening rather than preemptively confronting it.
 
Last edited by a moderator:

HN-Matt

New Member
Verified Provider
e56985fbfe9acd32b58ba542d429892f.jpg
 
Last edited by a moderator:

HN-Matt

New Member
Verified Provider
Damn, this guy got 13 years apparently.
 

'Specifically, Ngo admitted that he offered access to PII (personally identifiable information) for 200 million U.S. citizens, and that more than 1,300 customers from around the world conducted more than three million "queries" through the third-party databases maintained on his websites,' the Justice Department said in a press release, according to NBC.
 

HN-Matt

New Member
Verified Provider
I didn't mean to single him out. Apparently he was unlucky enough to have been caught. Gotta love the endless dramathread bitchfests re: LowEndHost69's tiny client database being passed around everywhere, Forum Lords constantly making such an insane, exaggerated fuss about it, meanwhile an entire country's collective identities are effortlessly plundered and siphoned by those who are untraceable and will simply never be caught. The extent to which it seemingly happens on a daily basis (and in broader contexts beyond the largely irrelevant hosting milieu) feels astonishing and sublime to me is all.
 
Last edited by a moderator:

HN-Matt

New Member
Verified Provider
Who's afraid of the hauntological human research subject's impossible reincarnation Big Bad Consent? (cue the wretched 500th legion of unconsciously self-satirizing MRA vloggers, etc.)

https://www.eff.org/deeplinks/2016/01/more-needs-be-done-strengthen-protection-human-subjects-scientific-experiments

[...]


One of the most controversial elements in the proposed regulations is how researchers conduct secondary experiments on biospecimens. Under the current rule, researchers do not require informed consent for secondary research performed on 'non-identified' biospecimens. In lay terms, researchers don’t need your permission to run tests on specimens taken for other reasons, such as the leftover blood or tissue from a routine doctor’s visit, as long as the specimens can’t be linked to you. However, as TechInsider explains:

But that "stripped of your personal information" bit is tricky—and easily bungled. Researchers have shown that today, they can use genetic testing and information on the internet, for example, to re-identify samples that were supposed to be anonymous. Nobody imagined that could happen back in 1991.

 [...]


Consent in the Age of Big Data


We disagree with HHS’s assertion that it may not be as important to require informed consent in research that involves algorithmic analysis of “big data.” Instead, we argue, that while “big data” does make research easier, these technological advancement can also enhance the rights of human subjects. HHS also should be wary that “big data” can reproduce and exacerbate existing inequalities and injustices.


As we write:

First, computational and data-storage advances have increased the ease with which researchers can receive, track, send, and enforce fine-grained consent on the same databases they will be manipulating to perform their research.

Second, this ease of data transfer has had a paradigm-shifting impact on the ability of entities to aggregate deep databases on individuals—the disclosure of which have much more of an impact on patient privacy than the disclosure of databases did in the past.

Broad vs. Granular Consent


While the proposed rule would require informed consent for secondary research on “non-identified” biospecimens, the type of consent HHS envisions is not enough to protect subjects:

Unfortunately, the updated Rule would implement this requirement via a broad consent for future research, under which any such research would be “exempt” research that would not require annual continuing review by an IRB. We seriously question this approach. First, broad consent to future research is arguably the least meaningful form of individual consent. The human subject will not know what the future biospecimen research entails, how it will affect him or her, how the biospecimen or research data will be shared, or which biospecimens they can expect to provide in the time period that this consent is presumed valid for.  
        
Second, while genomic-related research and technology is of great potential benefit, its rapid evolution also presents significant risk and uncertainty to privacy and social control, especially given the increasing use by law enforcement and government of genetic identification. And quite apart from the concerns about government access, use or disclosure of genetic data raises ethical and privacy issues for individuals in the employment and other private-sector contexts.

The proposed rule is based on the assumption that “individual tracking” of test subjects is too much of a burden for researchers. We obviously disagree; individual tracking can be easily accomplished with modern technology, such as APIs. As we explain:

For example, if the specimens may only be used if the researcher reports which specimens they are using and which information they intend to extract, then the researcher can query the database for fields that record a more fine-grained consent for secondary research. An individual could therefore offer consent for only certain kinds of experiments, and could require that information to be received by researchers before they undertake any experiments. And before a person undertakes research on the specimen, they could be required to confirm that their study fits into the permission granted from the human subject, and to check with the original specimen-collecting researcher to confirm that the cumulative information gathered from the tests will not surpass the human subject’s individual de-anonymization threshold.

[...]


Intelligence Activity Exemption


The proposal includes exemptions for intelligence surveillance activities. Since the intelligence communities have long histories of using creative interpretations of the law and regulations, we believe that any exemption should be subjected to heightened review. As we write:

[The policy] offers practically no limitation to an intelligence community with a history of expansively interpreting limited exemptions.

[...]





https://www.eff.org/deeplinks/2015/12/human-research-loopholes-alive-and-well

Deadline Approaches

#pray4HumanZooKeepers
 
Last edited by a moderator:
Top
amuck-landowner