HackerLangs
TopNewTrendsCommentsPastAskShowJobs

dessant

no profile record

comments

dessant
·3년 전·discuss
Maybe they were referring to my extension :), as of now you can still access the old search results.

https://github.com/dessant/search-by-image
dessant
·3년 전·discuss
The classic reverse image search results from Google will not be around for much longer, I've been getting reports about my browser extension no longer working with Google Images in some regions.

Yandex Images also possibly going away or becoming heavily censored is also an issue for journalists and researchers, since it is the best performing publicly available reverse image search engine.
dessant
·6년 전·discuss
I think you're still missing the point. Google transmits personal data to their servers without user consent. The value of x-client-data is personal data, because it is associated with an IP address during transit, due to how HTTP requests work. The nature of the data, what is being done with it on the server, and the location of the server are all irrelevant in this instance, the only important part is that personal data has left the browser in the form of a request, and it reached a Google server.

This data collection would only be exempt from GDPR if the data would be required for the service to function, but that is not the case with x-client-data.
dessant
·6년 전·discuss
An IP address is itself personal data, it does not have to be associated with other personal data.

https://ec.europa.eu/info/law/law-topic/data-protection/refo...

> Collecting IP address alone, and not associating it with anything else, is completely fine (otherwise nginx and apache's default configs would violate GDPR), and through them basically every website would violate GDPR.

See my comment about consent not being required when the data is needed to provide a service. Logging is reasonably required to provide a service.

> and furthermore, even if it did (I see conflicting reports), if you collect IP Address and another pseudonymous ID and don't join them, the ID isn't personal data.

The transmission of data is already covered by GDPR, you don't have to store the data to be bound by the law.
dessant
·6년 전·discuss
GDPR treats an IP address as personal data. The data is not transmitted through an anonymizing network, so Google has access to the user's IP address when they receive the data.

Anything that is associated with personal data also becomes personal information, therefore Google is transmitting personal data without user consent, which is illegal.

Asking for consent is not required under GDPR when the data collection is needed for a service to function. This is not the case here, Google services function without receiving that header, the data is used by Google to gain a technical advantage over other web services.
dessant
·6년 전·discuss
Apple is not engaged in illegal data harvesting to gain a competitive advantage over other services in the same space. Google's collection of personal data with the x-client-data header without user consent is illegal under GDPR.
dessant
·6년 전·discuss
I think the Widevine CDM request is needed for the service to function, though they could certainly delay it until a website requires DRM. GDPR allows the use of personal data without consent when it is required to provide a service for the user.

The personal data collected with the x-client-data header is not required for Google sites to function. Google uses the data to gain a technical advantage over other sites on the web, this is why the data collection in this case requires consent.
dessant
·6년 전·discuss
This is the equivalent of a protest, people are objecting to Google's illegal data harvesting practices in places that receive engagement, since that's the most effective way to get the word out and warn others.

Google's reasoning that this is not personal data is meaningless in the face of GDPR, which considers an IP address personal data. Google has access to the IP address when they receive the data, therefore they are transmitting personal information without user consent and control, which is illegal.
dessant
·6년 전·discuss
I think extensions can filter out the x-client-data header, though Google should definitely make this data collection opt-in.

GDPR is very clear about this data being personal information [1], since Google has access to the IP address on the receiving end, which has been repeatedly tested in courts as being personal data.

Google is engaging in personal data harvesting without user consent and control, and no amount of mental gymnastics presented in their privacy whitepaper [2] will save them in courts.

[1] https://ec.europa.eu/info/law/law-topic/data-protection/refo...

[2] https://www.google.com/chrome/privacy/whitepaper.html#variat...
dessant
·7년 전·discuss
You don't have to inform anyone about your content not being redistributable, that is not how copyright works.
dessant
·7년 전·discuss
This is the best thing to have happened to open source since GitHub has launched. Thank you to whomever has internally pushed for it!