There is no extradition in civil offences. For example extradition under Europe Arrest Warrant require criminal offence carrying maximum panelty of >=1 year [1].
GDPR only fines and sanctions. Dont hold EU assets and you would be ok.
Meritocracy means your elevation within a group is not influenced by your ancestory, wealth, socail status, who are your friends with, how much you were/are-being oppressed, charisma or twitter followers.
The group has a mission. You help with mission, you go up. You work against the mission, you go down. Thats meritocracy.
The radical group pushing these language changes are explicitly opposed to meritocracy.
They don't think they should have to justify their positions or their influence, they get it by having the 'right' politics.
They are committed to advancing their own personal and political power and influence by language enforcement, then use of secret code of conduct proceedings, all of which are subject to abuse.
Even where open source has failed to be inclusive and diverse empowering a fringe minority and instituting authoritarian language policing and secret proceedings will not advance inclusion or diversity.
They make no substantive contribution to diversity or the project.
> The group has a mission. You help with mission, you go up. You work against the mission, you go down. Thats meritocracy.
Honest question. Do you think you've cleared anything up with this definition? I don't think you've gotten anywhere closer to the truth. If only it were so easy to know what the mission is or what is in service of the mission. In life, in software, there are enough derelict projects, aspirations, visions, dreams to fill a graveyard. That should serve as a warning that it's not so clear.
And anyway, does the mission really have to say "We are a 'help the mission'ocracy"?
> If only it were so easy to know what the mission is or what is in service of the mission.
This is how you get evaluated on a quarterly (or yearly) basis at a job. You had goals. Did you achieve them? Did you fall short? You were given tasks and a timeline (perhaps you even helped set the timeline). Did you complete the tasks? Were there excessive bugs? Were you on time?
These are all relatively simple things to measure, which is why they're used so often. If you tie merit to your performance in relation to stated goals (and I think that's reasonable), it's pretty straightforward to measure.
If only it were so easy to know what the mission is or what is in service of the mission
Seems pretty straightforward to me.
An engineering team's goal is to take a problem and implement a solution. That is the mission. Anything that leads towards the completion of the problem their team wants to solve is in service of the mission. I don't understand what is complicated about that, what are you seeing that we're not?
In life, in software, there are enough derelict projects, aspirations, visions, dreams to fill a graveyard
Once the mission is no longer worth pursuing or becomes muddled, teams fall apart and motivation crumbles. My github has plenty of repos I've stopped working on because I stopped seeing why it was worth my time to work on those projects and moved on to things that would be of greater benefit to me. That's how things should be.
If the group does not have enough consensus on what mission is or what is in service of the mission, then group cannot advance anywhere and can only be disbanded.
>>If only it were so easy to know what the mission is or what is in service of the mission.
If only.. Maybe we could call it hmmm a Mission Statement... Yea that would work...
Now let see what Mozilla's mission statement [1] is
>>>Our mission is to ensure the Internet is a global public resource, open and accessible to all. An Internet that truly puts people first, where individuals can shape their own experience and are empowered, safe and independent.
Seems like it pretty easy to understand that the mission of Mozilla is and from that it would be fairly easy to say if a person is working for or against said mission.
Nah its just stupid programming from Google. You will spook GMail if you try to access from different country. It will lock you out. Good luck trying to remember details about your decade old email account.
You thought knowing and maintaing strong password is enough to guarantee access. Well Google disagrees with you.
It is nothing stupid/spooky. Remember Google develops for mainstream. They are happy. Just enable 2FA all your issues will go away. Oh, try not to use shady VPNs.
The trick with Google's 2FA is to keep a copy of the setup code and/or QR picture somewhere -- preferably printed and in your fire safe.
Personally I've also got it floating around one of my Linux devices with a small program I can run against it to display the codes, which came in handy when I switched phones and forgot to reload the GA app. (Yes, I know that this defeats some of the security of the second factor, with it supposedly being "something you have" that can't be easily reproduced).
It's a good thing that using a single factor doesn't put you at any increased risk of "losing my account again" as a result of it being easily stolen...
Ive never had issues with losing my Google-password nor having my long, complex password guessed over a more than 10 year period of having that account.
I’ve almost lost my Google account twice in less than a year due to Google’s terrible 2FA implementation.
- PII is Personal Data.
- If a user has PII, then all of the userdata is Personal Data.
So HN posts would not be Personal Data for the users that have email field empty. And even email (and any other user-entered data) can be made non-PII if ToU explicitly required to be so.
My advice would be to legally and technically isolate PII and other_userdata. GDPR/etc compliance become quite easier this way.
ToU don’t change what PII is or isn’t under the GDPR.
The GDPR also states that consent alone isn’t a legal reason to collect or process PII and “advises” against relying and structuring terms of service to collect PII.
Basically you can’t build a service ask people for their data and then relying on their consent for the legal reasoning of having that data.
You need an actual legal basis e.g. a regulatory requirement or a business requirement to collect that data, and in all cases the requirements unless stated in law must be evaluated against the best interests of those you collect data from.
> ToU don’t change what PII is or isn’t under the GDPR.
ToU can by prohibiting user from entering any PII. In case of email, ToU would say that only non-identifying email can be used.
For the rest of your comment, I dont see any relevance here. There is no need for consent for non-PII userdata. All PII userdata is behind legal and technical wall and cannot be accessed by the processor/controller of non-PII userdata.
Are you serious? the fact that your email isn't yourname@mailprovider.com doesn't make it any less identifiable.
My IP address is 192.168.1.1 identify me...
It also doesn't matter if you think the information is identifiable or not what matters is how the GDPR defines it.
The GDPR defines PII and there isn't anything you can do about it you can't ask users to make a throwaway email account and hope that you can pass GDPR by claiming that it's not PII this isn't how regulation works.
What matters isn't that the email address reveals your name is that someone can use it to identify additional information about you such as if you are subscribed to a specific service or not.
>So the website says dont give PII. User still does. And GDPR would penalize the website ? Citation please.
If the website asks for an email address that is PII under the GDPR.
IP is not a user-entered data and cannot be freely selected, unlike email addresses.
> the fact that your email isn't yourname@mailprovider.com doesn't make it any less identifiable.
The only official guidelines about email I could find are in here [1]. It does not say all email addresses are PII. It just says "name.surname@company.com" type addresses are PII and "info@company.com" type addresses are NOT PII. So even "yourname@mailprovider.com" may be non-PII.
> someone can use it to identify additional information about you such as if you are subscribed to a specific service or not.
Thats not enough. The service need to have PII. That is, if none of the services has PII, the email address is not PII.
> you can't ask users to make a throwaway email account
Throwaway is not needed. At best an individual need 2 email accounts. One address for the services where he is identified (eg bank website) and one address for where he is not (eg random forum).
So this is not an onerous condition at all. If thats the case you are making.
> If the website asks for an email address that is PII under the GDPR.
There is nothing you have said that a business who can potentially be fined to death, rely upon.
The fact that every response to the criticism of GDPR being too ambiguous, is ambiguous, only proves critics right. EU lawmakers picked worst combination: huge fine + huge ambiguity. This all could have been done with more certainity. So sad.
Ambiguity is the way to deal with a changing landscape and changing technologies.
And I agree it sucks, but it sucks less than the alternative (which is to be rigid and say something that becomes meaningless one year after the law is published)
This argument can be used to justify any form of government as long as some share of extortions get invested for the benefit of extorted.
But I agree all of this is great if I only have to pay <$5K yearly but not so much otherwise. Not to mention having to emigrate to cancel "the services". That sucks too.
It can be both. Responsibility is not a conserved quantity. Entities who take on private data should be considering the effects of that data becoming released, including what others may use it for.
Does this essentially force companies to charge for services in the EU then? The only reason FB, Google, etc even offer "free" services is because they make money on the backend utilizing the data they collect. If everyone can say "don't collect my data but also keep my service free", I'm not sure how a business can remain viable in the EU without charging some type of subscription or micro-transaction fee.
Maybe this is how the whole web-based fee structure should have been setup in the first place but it's not the current deal we have in place. How difficult will it be to shift an entire industry (and consumer mindset) to a vastly different fee structure?
Yeah, that's a good point. If the whole advertising landscape forcibly moves away from direct targeting, presumably the same players retain the same position in the marketplace they have now (with the possible exception of ad dollars moving to other media if web is seen as less effective in general without direct targeting).
Why wouldn't advertising still work without pervasive tracking? If targeting ads based just on content works for TV, radio and print media, why wouldn't it work for online advertising?
In short, much of Megaupload’s servers were located in the U.S. This, for the purpose of jurisdiction, means two things. First, much of the alleged crimes took place physically in the United States. The infringements, the payments, etc. took place, at least in large part, in Virginia even if the people orchestrating it were scattered all over the world.
More importantly though, courts in both the U.S. and now New Zealand have ruled that these servers provide sufficient contact with the U.S. to give it jurisdiction over the criminal case. While jurisdiction alone doesn’t mean a person can be extradited, it’s a crucial step and this also explains why a man who never set foot in the U.S. can be extradited to it for a crime committed online.
However, this isn’t the first time the U.S. has used the server argument it’s been using it for years to combat securities fraud in the country.
> First, much of the alleged crimes took place physically in the United States. The infringements, the payments, etc. took place, at least in large part, in Virginia even if the people orchestrating it were scattered all over the world.
This logic is twisted and does not follow at all, except if you have a purely old world way of thinking (i.e. pre-internet), or are morally flexible when it suits your narrative.
The lesson is clear though, stay away from American servers.
GDPR only fines and sanctions. Dont hold EU assets and you would be ok.
https://en.wikipedia.org/wiki/European_Arrest_Warrant