Observer1199

This is not ok

https://lemmy.ml/post/5536310

This is not ok - Lemmy

Saw this today and now I’m reconsidering if Boost is right for me. I’m really hoping this is shitty boiler plate that was accidentally copied and over looked because that is some bullshit to say “unless we decide we want to use your personal data for whatever we want”. I know “legitimate interest” is a phrase from the cookies law but there is no legitimate interest justification for this. My data is my data and advertisers can fuck off, as can Boost if this the direction it’s going.

Sep 26, 2023 at 10:02amWeb
Show threadEl BartoSep 26, 2023

Funny I’m seeing this after me googling what legitimate interest meant.

A user should be able to turn off legitimate interest cookies.

I also considered checking out Boost, but this is definitely a deal-breaker to me.

Show threadassassin_aragornSep 26, 2023

They need to be harsher on companies invoking legitimate interest. It should be impossible for a user to use a service/product if they deny the information that falls under a legitimate interest – because by definition, the service/product needs that information to work. Like if I’m scheduling a delivery to my place, my address is a legitimate interest because they can’t deliver it otherwise.

There just needs to be a crackdown on what’s being claimed. If a user can turn off “legitimate interest” cookies and tracking, and they can still use the website just fine, those cookies and tracking were not legitimate interests.

Show threadEl BartoSep 26, 2023

I don’t think it’s that cut and dry. A cookie that registers your address may have your address in your computer, and the access it just to autofill the shipping form. No address is being stored or tracked on their end. That would be a legitimate “legitimate interest” cookie. If you deny the use of such cookies, then the website will simply ask you to fill out your address every time. The site can still function in this case.

Don’t get me wrong - I hate legitimate interest cookie abuse, but I just wanted to clarify that point about “if rejected, then legitimate interest cookies would break the site, and if they don’t then they’re tracking you!”

Show threadNeshuraSep 27, 2023
tbf I think it’s in Google’s best interest to do as little legitimate interest fuckery as possible. If they stretch the use of that clause too far the EU will just banhammer the new practice again with stricter terms and higher fines.
Show threadEl BartoSep 27, 2023
Heh. Best interest not to do that? An ad company?
Show threadNeshuraSep 27, 2023

Sounds paradoxical but long term they get more value out of just barely overstepping bounds than by, for the brief period until regulation catches up, massively overstepping.

Doesn’t mean they’ll do that, I fully expect them to abuse the ever living shit out of it, if mega corpos had a brain for long term planning they wouldn’t be caught in this banner mess in the first place

Show threadObserver1199Sep 27, 2023
I feel a big part of my concern is addressed by the dev’s explanation and I now know it’s a problem with Google’s ad network with its terms and conditions though they’re all pretty similar in that regard unfortunately. I feel comfortable enough purchasing the app now which removes the rest of my concern because that removes any tracking associated with ads in the free version.
Show threadEl BartoSep 27, 2023
Sure, but I’ve never used Boost before. How can I test it without buying it? I can’t. Google will track me and I’ll have no choice.
Show threadQ67916tJ6Z0aWMSep 26, 2023
Scum bags everywhere. Time to go back to private hosted BBS.
Show threadmattomatticSep 26, 2023
How about we do anyway…fuck you. We don’t actually need your consent. We need to present the perception that we care about you. This is just a round about way to actually get consent and scrape every fucking piece of data you give.
Show thread4amSep 26, 2023
It’s required by Google to run the ad network or else they won’t publish the app.
Show threadjackSep 26, 2023
Oh, so they have no control, right? Aw, poor developer…
Show threadmattomatticSep 27, 2023
Required by Google. Yeah we gathered that much. Deceptive is what it is. It’s not a “yes or no”. It’s a “yes or yes” shifting the burden of the GDPR law on the user.
Show threadShoSep 26, 2023
Oof…bad look boost
Show threadGiantFloppyCockSep 26, 2023
legitimate interest is a shitty data privacy loophole
Show threaddrolexSep 26, 2023

Hi could you give me your name, address, social security number, browser history, sickness history, political affiliation, sexual orientation, pay grade please 🥺

I have a legitimate interest! It’s identity theft

Show threadCurlyMoustacheSep 26, 2023
TIL that some people have identity theft as a hobby
Show threadFlihpFlorpSep 27, 2023
You never just buy a yacht for yourself in someone else’s name as a gift for yourself to reward yourself for finally learning that new skill?
Show threadCurlyMoustacheSep 27, 2023
I only subscribe to porn sites. As a hobby, of course
Show threadMurvelSep 26, 2023
It’s a clause within GDPR which is usually misinterpreted and sometimes (as is most probably the case here) abused.
What does ‘grounds of legitimate interest’ mean?

Grounds of legitimate interest is a legal ground for processing data, but conditions have to be met under EU law.

European Commission
Show threadjj4211Sep 26, 2023

Ok, that is informative. Without that specific context, that message is utterly empty and useless.

Of course, it still feels weird, that “legitimate interest” seems a subjective term and maybe they could have found some better phrasing to reflect this sentiment…

Show threadGestridSep 26, 2023
From the dev has said, it sounds like it’s Google’s language, not his. So he probably doesn’t have any control over the phrasing.
Show threadjj4211Sep 27, 2023

Right, I was thinking not the developer, not the ad network, but all the way back to the wording of GDPR.

In fact, it feels like an ad network cannot have a “legitimate interest” in personal information of someone who opts out. If they count targeted advertising without consent as “legitimate interest”, seems like GPDR is significantly less useful.

Show threadCarighan MaconarSep 26, 2023

Well the “loophole” exists for a reason.

For example my company requires the position and some identifier of people to do what people use our system for (tracking logistics units, and there is an option to do that via a mobile app for smallest clients not owning dedicated hardware). That’s what legitimate interest is about. Or well, is supposed to be about. Some data processing is the point of some applications, and hence they would naturally not be usable without processing that personal data.

Show threadGiantFloppyCockSep 26, 2023
True, should have clarified - it’s something that is abused and treated as a loophole by shitty companies.
Show threadstellaSep 26, 2023
wouldnt that fall under “essential cookies/data” or something like that? which is usually presented separately from “legitimate interest” in these forms and rightfully cant be turned off
Show threadutubasSep 26, 2023
This is big no no for me.
Show threadObserver1199Sep 27, 2023
I feel a big part of my concern is addressed by the dev’s explanation and I now know it’s a problem with Google’s ad network with its terms and conditions though they’re all pretty similar in that regard unfortunately. I feel comfortable enough purchasing the app now which removes the rest of my concern because that removes any tracking associated with ads in the free version.
Show threadutubasSep 27, 2023
I have to agree. I also bought the ad-free version.
Show threadB0NK3RSSep 26, 2023

The illusion of privacy…

I would say a majority of us come here to get away from this shit. Just no.

Show threadNorgurSep 26, 2023
GDPR says no
Show threadelgordioSep 26, 2023

Actually GDPR says yes. “Legitimate Interest” means things like security, anti fraud etc.

https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/lawful-basis/legitimate-interests/what-is-the-legitimate-interests-basis/

What is the ‘legitimate interests’ basis?

Show threada4ng3lSep 26, 2023
It’s much broader than that and generally an organisation can do a balance of interest assessment and decide that a processing activity falls under legitimate interests… kind of like giving the monkey the key to the banana storage…
Show threadSpawn7586Sep 26, 2023
Exactly, I remember that while studying GDPR an example for legitimate interest was a company that self-advertises to you: I get your email from the purchase you just made because I have legitimate interest in continuing my business and I want to be able to advertise myself to you again to survive in the market. But trust me, I’ll just use it for the legitimate interest!
Show threada4ng3lSep 26, 2023
Yeah some of those are very atrocious and would absolutely not sustain an objective review. At any rate anything that gets money to a company in the broadest sense is vital to it soooo….
Show threadassassin_aragornSep 26, 2023
They need to crack down on what businesses are claiming is a legitimate interest. If the user could disable it and have their product/experience largely unchanged, it really isn’t a legitimate interest.
Show threada4ng3lSep 26, 2023
But that’s the whole thing; there needs to be a balance between users - who are largely customers or the product or an hybrid of both- and commercial interests otherwise there won’t be a lot of product / experience to be enjoyed. My personal take on the topic is that transparency is where it’s at. Knowing exactly wtf a company is doing with my data worries me much more - I can choose to be part of the game knowingly or skip if I don’t want some processing to happen. That they claim legitimate interest or not I couldn’t care less.
Show threadNorgurSep 26, 2023
Since the regulation is so broad, it's super risky to do that though. Especially for smaller companies who can't adequately defend themselves if some data protection agency comes for them.
Show threada4ng3lSep 26, 2023
Yeah but at the same time smaller companies generally don’t see privacy authorities barging in like in larger ones ;-) Also by following the gdpr tracker one can see what’s generally acceptable and align rather easily.
Show threadOtterSep 26, 2023

Since there have been a few posts and comments about this and people are speculating

@[email protected]

lemmy.world/u/rmayayo

Could you clarify how the ads trackers and privacy policy works? Does it all go away when you pay for no ads?

Show threadRubénSep 26, 2023

The consent dialog is required by Google AdMob to show ads, and it is shown when the ad network is initialized.

When the app launches, first it checks for the remove ads purchase, and if it is not present, it will initialize the ads sdk. The ad network is not initialized if the remove ads purchase is detected.

Show threadOtterSep 26, 2023

Amazing, that’s great to hear!

Thank you for sharing the details

Show threadCarighan MaconarSep 26, 2023
That reminds me, the app is a separate purchase from the Reddit app, right? (I don’t mind, just want to make sure before I hit purchase again)
Show threadinfinitepcgSep 26, 2023
Yep, I bought both.
Show threadBurn_The_RightSep 26, 2023
I’ll be sticking with Connect for Lemmy. I like Connect better than I liked Boost back in the before-times at that other place.
Show threadgressenSep 26, 2023
What’s the privacy situation with Connect?
Show threadBurn_The_RightSep 26, 2023
I have seen no evidence of any privacy concerns so far.
Show threadRogueBananaSep 26, 2023
That sucks, I liked boost :(
Show threadassassin_aragornSep 26, 2023
Boost apparently had this already for Reddit.
Show threadRogueBananaSep 26, 2023
That doesnt excuse it tho, i have only started to be more privacy concerned after joining lemmy
Show threadassassin_aragornSep 26, 2023
Fair enough
Show threadDeusHircusSep 27, 2023
“Privacy concerned” aka following every knee-jerk reaction of the crowd. At least I see you walking back your concerns after seeing real evidence above, keep your head on straight. The “privacy concern” in this thread is like the tech version of the juice-cleanse, health-nut craze. People spewing ill-informed or straight up wrong information and the privacy crowd is gobbling it up
Show threadObserver1199Sep 27, 2023
I feel a big part of my concern is addressed by the dev’s explanation and I now know it’s a problem with Google’s ad network with its terms and conditions though they’re all pretty similar in that regard unfortunately. I feel comfortable enough purchasing the app now which removes the rest of my concern because that removes any tracking associated with ads in the free version.
Show threadRogueBananaSep 27, 2023
Ah given the informal message I assumed it was by the dev, thats assuring. Might came back and check boost later after fully degoogling.
Show threadmikkoSep 26, 2023
Afaik this was in Boost for Reddit as well. Not saying it’s okay, but it was already there. In general you will run into this legitimate interest loophole on most websites and apps unfortunately :(
Show threadjackSep 26, 2023
Only on proprietary apps
Show threadeatham 🇦🇺Sep 26, 2023
Why is that even legal. Either way, you can just use open apps for lemmy at least.
Show threadObserver1199Sep 27, 2023

Ad lobbying dollars got law makers to water down privacy legislation to allow this “legitimate interest” bullshit.

For what it’s worth, I feel a big part of my concern is addressed by the dev’s explanation and I now know it’s a problem with Google’s ad network with its terms and conditions though they’re all pretty similar in that regard unfortunately. I feel comfortable enough purchasing the app now which removes the rest of my concern because that removes any tracking associated with ads in the free version.

Show threadcleverusernameSep 26, 2023
Yeah ouch, you can easily block the ads but I was still going paying to support the dev, but not until this is clarified.
Show threadfrogfruitSep 26, 2023
It’s been clarified. The dev confirmed in this comment that ad trackers & data collection are removed when you pay ($3.49) to remove ads: lemmy.world/comment/3811201
This is not ok - Lemmy.World

Saw this today and now I’m reconsidering if Boost is right for me. I’m really hoping this is shitty boiler plate that was accidentally copied and over looked because that is some bullshit to say “unless we decide we want to use your personal data for whatever we want”. I know “legitimate interest” is a phrase from the cookies law but there is no legitimate interest justification for this. My data is my data and I decide who has a legitimate interest in it so advertisers can fuck off, as can Boost if this the direction it’s going. ------ Edit to say this blew up. I didn’t realise I was kicking as big a hornet’s nest and haven’t read all the comments yet. To be clear, what I don’t like about this and other provisions in the terms is the language and implications around data use. I’ve no problem with ads being shown - I want developers to get paid for the work they do and that makes it possible for users to have “free” access to software if they can’t afford to purchase. I also want to add the response from Boost’s dev below to make sure it’s visible. You’ll see that it is boilerplate but required by Google and was present in Boost for reddit. I just hadn’t seen it because I purchased it immediately based on a recommendation. It doesn’t make me happy about it but does remove some doubts I was having about the direction Boost is heading. I will be purchasing the app to support the dev because I do like Boost but I understand not everyone can afford everything so you’ll see some other suggestions in the comments below that don’t have any ads if you’re not happy with the free version and ads with their associated loss of data privacy. ------ > Dev here. > The dialog and its content is not created by me, it is a standard solution from Google to comply with GDPR and other laws. More info here: https://support.google.com/admob/answer/10114014?hl=en [https://support.google.com/admob/answer/10114014?hl=en] > The consent dialog is also required by Google AdMob to show ads, and it is shown when the ad network is initialized. > When the app launches, first it checks for the remove ads purchase, and if it is not present, it will initialize the ads sdk. The ad network is not initialized if the remove ads purchase is detected. > Boost for Reddit was using the very same ad networks and consent dialog.