keeping content that they "deleted" and can't access themselves
tracking users on other domains via embeds
just trading data with other services
Obtaining more data unethically:
Plain old violating agreements, especially informal ones. I don't care what the T&C says, if the front page says "Your X data never leaves your device" without an asterisk, it better not leave my damn device.
Something like what @niorad got as a response, turning on the microphone when not in use. Ditto with camera/location.
Searching the user's media and files from other applications.
I think the first kind should not face any prosecution. It's the default. How dare you lose your company data that they could analyse? It's simply not your call as the designer of the product.
It's one of the reasons we use patterns such as Event Sourcing - to avoid losing potentially valuable data.
The second kind is definitely fraud and should be dealt with at a technical, societal, and legal levels with extreme prejudice.
Finally, there are provisions to the for example GDPR(Ew, disgusting.) other than consent/privacy, such as that the users must be able to download their data. I don't think this should be a legal requirement, but I do think this is a nice-to-have, and the market will reward a feature like that when it's convenient.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
For me, there is a huge divide between:
I think the first kind should not face any prosecution. It's the default. How dare you lose your company data that they could analyse? It's simply not your call as the designer of the product.
It's one of the reasons we use patterns such as Event Sourcing - to avoid losing potentially valuable data.
The second kind is definitely fraud and should be dealt with at a technical, societal, and legal levels with extreme prejudice.
Finally, there are provisions to the for example GDPR(Ew, disgusting.) other than consent/privacy, such as that the users must be able to download their data. I don't think this should be a legal requirement, but I do think this is a nice-to-have, and the market will reward a feature like that when it's convenient.