Tag: comments

Gab’s Dissenter receives your entire browsing history; bonus: it can be tied to your unique user ID

I fully support the intent behind Gab’s Dissenter platform. The ability to comment on any website is a wonderful move for free speech. What I can’t get behind is the major privacy problem it poses, a problem which unfortunately is very hard to avoid in any “comment on any site” concept.

Gab’s Dissenter stores and retrieves comments by URL. This requires Dissenter to send EVERY URL YOU VISIT out to the Dissenter platform to check for user comments for that URL, and obviously to submit your own comments as well. Since you’ll probably be logged in to Gab to use Dissenter, these URLs may also be sent with your Gab user ID which easily ties them all together. Regardless of what the Terms of Service may say about their data collection and retention policies, there is the possibility that Gab is effectively collecting and storing your entire browsing history while using the Dissenter extensions or app.

Even if they say that they don’t do this sort of collection and retention, you must choose whether or not to trust them. Consider a similar privacy-protecting service: VPNs. Several VPN service providers that claimed to be “no-log VPNs” (meaning they don’t store any information about your activities on their services) have been caught storing logs once police subpoenaed them for logs and they were forced to comply. It’s even possible for data to be retained in places not specifically meant to retain that data; for example, a server debugging log may contain all user requests made during the time period that the debug data was enabled, and that log is then readable to computer hackers/crackers or to law enforcement through a lawful subpoena.

How far are you willing to trust Gab with the data they necessarily must receive from you to keep their service working? It’s your choice. All I want is for you to make an informed choice, not an ignorant one.

It occurred to me shortly after writing this that there is one other possibility, but it’s not really much better. The only other way to do it without sending the URLs directly would be to hash the URL on the client side and send the hash instead, but unlike passwords, an unsalted hash of a (probably public) URL is fairly easy to come up with. Law enforcement, for example, could easily ask Google to provide a hash list of every URL in their database and it’d take Google less than a day to generate such a list. Even a casual hacker could build a simple web spider that follows URLs and hashes them to build that list. It’d be sort of like copy protection: it protects against completely ignorant users making copies, but hackers and pirates will break the protection easily and do as they please. Likewise, any method to conceal the URLs sent to Gab’s Dissenter would only count as obscuring the URL and could be easily cracked. If you think about it, there’s simply no other way to do it: how else can Dissenter know what comments to store and retrieve?

Getty Images “Lucy” responds: “I find these comments hilarious”

Here we go again on the Getty Images merry-go-round. An individual claiming to be “Lucy” working for Getty Images (email mungous1983@aol.com, I ask my readers to verify that this is a legitimate Getty Images employee and not a mere troll and let me know) posted this in response to what has become a massive post of mine, “The Getty Images Extortion Scheme:”

I work for Getty Images (“the enemy”). Just thought I would point out that the Getty family no longer have anything to do with the running of the company. Mark Getty is a director by name only.
I find these comments hilarious by the way – I wonder what you would be saying if you were the photographer whose work was being used with credit/payment?
I agree the letters can be a little aggressive, but they are standard letters sent out whether you are an individual or a big corporation. There are so many infringements that we simply do not have the time to personalise each letter. However, if anyone who recieves one simply calls the number on the letter and explains the situation, you will find things a lot more human and reasonable.

In response to her, I posted this lengthy comment, which deserves its own post. Getty Images execs, listen up, because you are all fools if you don’t pay attention!

Lucy, unfortunately, you seem to have missed the point AND approached this matter with the same attitude that everyone here is complaining about. The problems with the letter are many and varied, but the largest problem that it takes the immediate approach of threatening to sue. Unfortunately for your company, if someone removes the images you claim to be infringing, all the screenshots in the world will not help, as they can easily be forged and by the time your lawsuit made it to court, all Internet caches of the supposedly infringing site would have long since been purged. As a matter of practicality, your letter is equivalent to the “pay up or else” notices sent by such unscrupulous firms as USCG and CEG.

But that’s not the REAL problem. The problem is that you are hostile towards customers. “I find these comments hilarious.” YOU might find them to be hilarious, but the person you’re demanding $1500 from under threat of lawsuit for an image whose licensing costs a tiny fraction of that amount does not see the funny side.

Lucy, I spoke to a lady in Great Britain OVER THE PHONE (not online, a real human voice) who had a tiny “psychic” website and received a Getty threat letter. She was almost crying because someone else designed her site and she didn’t know they had used a potentially infringing image, and her husband was bedridden with cancer and she was broke…AND she didn’t even operate the business any longer, she just hadn’t had the site taken down. She was freaking out because of the letter you think is so very reasonable and generous. This is what people like you, who have little consideration for others, do to people when you don’t give a damn and send blanket threat letters like this. To be perfectly honest, it’s unconscionable at best.

The simple remedy is to change the threat letter from “WE WILL SUE YOU IF YOU DON’T PAY US THOUSANDS” to a friendly request for customer conversion. Assume that the person who put up the site is not acting in bad faith and simply request that they license the image properly, and make it easy to do so, at the price they’d pay if they had searched for and licensed the image themselves. Getty would never have built such bad mojo if this approach had been taken from the start, and their customer base would likely have grown, as well as become more educated. When you take the threatening approach to copyright enforcement, though, you can expect nothing more than the digital equivalent of “get off my property.”

I will continue to advise people to thwart your moronic potential lawsuits and brush off your foolish customer-hating letters until I am advised that you have corrected this bad business practice, and you can’t do a damn thing about it, no matter how “hilarious” you think the backlash against your company is.