Well, privacy is the big thing in the industry right now. People have started caring about it and are becoming more aware of how their data is being used. New companies with more transparent data policies are coming forward, but that's not enough. Most big companies we know still store alarmingly high amounts of user data, with or without our consent. Because let's admit it, most people don't read those long T&C documents.
So let’s say, the company where you work as a dev is doing something similar, and you are the one who is supposed to write such a module. What would you do?
For further actions, you may consider blocking this person and/or reporting abuse
Top comments (36)
Something similar to what exactly?
Well, Like how about your app is an voice converter app, so that give you access to microphone and now you have to write a module that record voice in background and search for keywords in speech and then send adds according to that. (Very hypothetically but still) 😬
Wouldn't say it's hypothetical. I'm certain stuff like this and much worse is already happening.
With the current situation (good job-market) I would certainly not continue on that project. (You know, were I smart enough to work on things like voice-detection in the first place 🙃)
I can't say how more dire circumstances would influence that, but recording voices in the background is already pretty unethical and I'd draw my line much earlier.
(I wouldn't work for ads/gambling/drugs/military.)
I already have mixed feelings about all the e-commerce-front-ends I worked on ¯_(ツ)_/¯
Good call man.
Well, in Europe it would be flat out illegal thanks to GDPR.
If you're on a mobile platform and have any kind of sensible quality assurance, it will get blocked there because it will kill the battery life of the phone, and there's no better way to kill your install base as an app developer than to be sucking up your users' battery.
you mean write a module that uses / reads such data ?
All stuff on Data policy and user consent is something that legal department/company lawyers / Upper management looks after and is much above the average dev's pay grade.
But again some time the same dev can be a user of another app that uses same methods to manipulate him in buying stuffs, Karma. 😀
It’s just about the culture we make. I concerned more about the transparency of these policies. Companies can be open about it no need to hide these things.
I don't think the fact that the targeted ad is super-effective is the issue. That just makes it a good ad. The issue is the actual data being listened to.
The good add is just an illusion bro. Data used to generate those good adds can be used for anything. Remember what facebook did.
yes, and people are still using it. It might be due to lack of awareness, no good alternative or any number or reason.
Unless something better comes up with same standard of User experience, people will keep using it.
@levelsio came up with No More Google
There is a many great alternatives to google listed there. Maybe something similar can be done for other platforms.
Sorry, but it's *ad, not add.
And what I meant by "ad" is only the part you see.
Even when loaded in the same
iframe
as the ad, or even when tracking the external-src image load, I would still address the tracking mechanism separately, as "the tracker".If you mean that the ad is "evil" because of how the data was obtained?
Well, in a lot of cases it was obtained pretty legitimately. But sure, we should be more aware of how much data we are publishing. Hence why I said:
Yeah that’s why i also started nomoogle
sarthology / nomoogle
🐻 Chromium extension to get rid of Google addiction
Nomoogle
A simple Chrome extension that can help you get rid of Google addiction.
Installation
Features
Strict Mode: Block the entire webpage completly, doesn't allow you to move forward.
Redirects: Automatically redirects the page to popular alternative.
Thanks to
License
MIT License
@priteshusadadiya @sarthology Don't you think that's a bit extreme?
What tangible benefit does an individual get by not using all the google products all the time?
of course all google products have their merits and they are obviously very good.
I am just saying , there might be equally good privacy focused alternatives that people might not know about.
In the end it really all comes down to individuals and their choices.
Exactly, thing is a good market competition.
Generally, when approached by someone to do something that "requires" collecting, holding on to and working with large amounts of data, I'll point them to this article about Datensparsamkeit
"It's an attitude to how we capture and store data, saying that we should only handle data that we really need."
Typically I'll follow that up with a mention of GDPR and how holding and working with all of this data increases our responsibility and risk, as well as the complexity of our system.
Usually, the "requirement" for giant datasets evaporates reasonably swiftly. But if they still want the data-heavy approach. I'll build it, very carefully.
Ethical.
Anybody "loyal", or as I call it, a brown-nosing egotistical dimwit, should be prosecuted. In fact I think my local law has provisions for employee responsibility. You are at least required to point out security issues to your employer.
Oh that’s cool, where are you from? 😮
I'd rather not disclose that, but GDPR mentions employee responsibility
So employees have obligations.
That’s good.
I think this presumes a developer knows the law around privacy. I have a passing familiarity with the privacy act in New Zealand, and so I know that collecting data that isn't necessary to do business isn't legitimate, but that is a pretty wide definition.
Generally you will be given a specification and it is up to the company to determine the legal implications in detail.
However, if you are asked to do something you are aware is illegal don't do it. Sometimes it isn't illegal but just very ill advised. For example, when you are given a requirement which is very difficult to do in a secure way but easy to do by 'relaxing' security.
In such situations you need to make it clear to the management what the problem is, what the risks are, and have them make the decision. Clients have asked me to do some ill advised things sometimes. I've always been direct in my communications and usually they reconsider.
Not everything needs to be built like Fort Knox, but certainly weight needs to be given when you are storing critical or confidential data. Sometimes having the client take explicit responsibility for a decision is needed. In one occasion I walked away from a project rather than be implicated in what might follow.
The real question is what happens when the data becomes of interest to law enforcement in a criminal case. That gets interesting from a integrity point of view.
I think that’s the reason government also try to be soft in making these laws. After all it’s the easiest way to track people for them.
Almost all organisations, including governmental bodies, have privacy leaks in some form.
There are also companies with transparent policies that say all the right words, but with internal processes and applications that don't match their empty promises.
Here's why I feel that most will choose loyalty over whistleblowing (though I would call it self-preservation instead of loyalty):
After all, it's still ethical to care for yourself first before trying to take care of others.
Your real questions are in your comment about your "crazy idea" app: Would it be useful? Should you make it? Would we use it?
Whistleblowing is already a thing, but uncommon. Glassdoor is a company review website that allows honesty (though still very different).
More opportunities for whistleblowing = good, and I believe people would use it.
But someone will eventually try to hold you personally responsible, with reasonable success (see Julian Assange & Wikileaks), for the data you process, the information you get & publish, damages caused, anonymity of sources, validating your information, ...
So the answer to your question is: Are you an activist, or are you something else?
Well, I want it to be an open source application. Build and ran by developers community. I want to be just a maker helping who wants to make some change in their company or society.
Note:
This discussion is to get a perspective about how much we care about user privacy. I also understand that Job and Money is also important.
I was thinking, I know this may sound absurd to you guys, what if there is an app to expose these big tech who exploits user privacy that can be used by the employees. They can use app Anonymously. Just a crazy idea 😬😬😬
Being in the UK, and still under GDPR (for now), both companies I've worked for during this period have taken GDPR incredibly serious. Thankfully it's the punishment is so severe that I imagine a large number of companies are scared of it.
But if they weren't, I'd certainly look for another job and likely anonymously report them.
That’s bold man. 😊
Thankfully I'm not in this position but if I were I would plead my case the the higher powers to try to make a convincing argument to create value without the security or privacy risks.
Now, let's say that failed and now we're in the sprint where this module has to be written. Single me probably would quit and look for a new job. Married with children me does not have such a luxury. Even though the job market for developers is great, it's still not easy. Let's be real, even an experienced developer has to do serious refreshers to pass some of these interviews. There's also tons of crappy companies out there to sift through. So I would likely have to continue doing my work until I found a new job at which point I'd be free to blow the whistle. I wouldn't be able to quit on the spot though. I think the ease of getting a senior level developer job is not quite as easy as people make it sound in bootcamp advertisements.
I understand your point also man. Clearly it’s a problem. But what if there is a way to keep your job as well as do good the world. By blowing the whistle Anonymously. 😈
For me, there is a huge divide between:
I think the first kind should not face any prosecution. It's the default. How dare you lose your company data that they could analyse? It's simply not your call as the designer of the product.
It's one of the reasons we use patterns such as Event Sourcing - to avoid losing potentially valuable data.
The second kind is definitely fraud and should be dealt with at a technical, societal, and legal levels with extreme prejudice.
Finally, there are provisions to the for example GDPR(Ew, disgusting.) other than consent/privacy, such as that the users must be able to download their data. I don't think this should be a legal requirement, but I do think this is a nice-to-have, and the market will reward a feature like that when it's convenient.