Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Targeted ads are already a serious leak of information.

If somebody looks over my shoulder and sees the ads presented to me, they can infer things about me.

Also, if a malicious actor targets an ad to a group of people, and some of these people buy the advertised items, then the actor can infer things about those people not necessarily related to the items sold.



At my last job the traffic was filtered through a proxy due to FINRA regulations. I’d see Portuguese ads for diabetes medication and there were 2 Brazilian guys in the office.

Seemed like a major HIPAA violation to me.


HIPAA only keeps healthcare providers from sharing your information. It's not an omnibus shield for your health information. If Alice tells her coworker Bob that she had diabetes, it's not a HIPAA violation for Bob to tell Charlie.


> HIPAA only keeps healthcare providers from sharing your information. It's not an omnibus shield for your health information.

Maybe not, but GDPR sure is.


Is it really? If Alice tells Bob she has diabetes and Bob tells Charlie, is Bob in violation of GDPR?


Are Bob and/or Charlie the name of a person or of a company?

How you're using it, it sounds like Bob or Charlie in your mind is a person. I might be wrong in interpreting it that way. If so could you give another example where Bob and Charlie are companies and the information of Alice is part of a transaction.


GP's comment paints Alice/Bob/Charlie as people:

>If Alice tells her coworker Bob that she had diabetes, it's not a HIPAA violation for Bob to tell Charlie.

I was responding to the parent comment's claim that it's not a HIPAA violation but rather a GDPR violation.


No, GDPR does not apply between 2 persons.


> Individuals can also face fines for GDPR violations if they use other parties' personal data for anything other than personal purposes.

https://www.coredna.com/blogs/gdpr-fines


It would have been a more funny story if it were ads for Viagra ;)


Because erectile dysfunction is funnier than diabetes?


Not really. Those sorts of ads are sent without targeting.


> If somebody looks over my shoulder and sees the ads presented to me, they can infer things about me.

You have to take some personal responsibility, though. If they saw your Youtube recommendations or your Spotify playlist, they'd probably make inferences as well. That porn link in your history you forgot to clear? Be aware of who's watching and browse anonymously if you're concerned.


I've had ads for sketchy shit I googled at home on my personal computer show up on my work computer at the office.


Connecting personal accounts (Gmail, Chrome browser profiles) on a work computer is something that you should only do with careful thought.


I've had ads for things that I only just spoke about, out loud, to someone near me like a friend or family member, show up on a computer in a different country.


I've had ads for things spoken about show up in FB. I have more of a libertarian mindset, but that really creeps me out and I think speech-based ads be outright banned due to privacy concerns. It's not so much the ads; it's being recorded and potentially having those recordings leak in a data breach.


Or it's just one of 100 coincidences that happen to you every day.

Easy to prove, store a log of all your network traffic, and record all the audio you speak, then when you see a match, go back, find the proof, become world famous


I stand corrected. I thought I had read this was actually happening, but it appears to only be speculation.


It was widely believed for literally years until the Senate Judiciary and Commerce committee hearing in 2018 where Zuck called it a 'conspiracy theory'. Since then it has been dismissed as such. My question is - if I personally observed it before I even heard about this 'theory', and thousands of others around the world also observed the same thing, why are we dismissing it as a 'conspiracy theory'? Just because Zuck labelled it as such? Why are we trusting him to tell us the truth again?


"somebody looking over your shoulder" can see a lot more than you ads, like your private messages, bank info, medical info, etc.


Not if I'm just showing them a random website. The problem with targeted ads is, they show up at random websites.


I dunno man. This reminds me of the time that someone at defcon said they found a vulnerability in my last company's product because it flashes a WiFi password to an iot device instead of making a user type it in.

"What if we capture the flashes and steal the password?"

Well, if you're positioned to capture the flashes, you're definitely positioned to just watch me type it in...


Would you be ok with it if your browsers at home, in the office and on your mobile phone always showed your bank balance on the top of the screen in a large font?

I assume most users would not. But they would be ok with their bank balance being shown if they specifically opened their bank website.


Why are so many people that paranoid. No one is gonna destroy your life because they saw your ads


Imagine someone giving a presentation to room full of co-workers and a web ad comes up saying something like "Resubscribe to Cannabis Weekly Delivery and get 10% off."

It's not hard to imagine a person's career being affected by something like that.


What if I was anti-abortion or pro-trump in a progressive tech company? Would my co-workers feel more comfortable destroying my life then?


if someone looked over your shoulder and saw you browsing HN they could infer things too


Yet, they choose to surf to HN.

They're not choosing to have targeted ads that share their info around the web and cause someone over their shoulder to infer things about them.

That's the point -- we should have that choice. And the default should be "no".


I understand the opt-in rather than opt-out, but does disabling Ads Personalization [1] not do what you're asking?

[1]: https://adssettings.google.com/authenticated?hl=en


No, a Google account shouldn’t be required.


Why not? How else would Google know who not to track? It's not like they can identify you and remember that preference without a Google account...


Yes, that's why targeted ads shouldn't be a thing unless it's opt-in (not necessarily my opinion but it seems to be the point the parent was making). At that point, to opt-in you can create a google account. Currently though, Google will attempt targeted ads on people without a Google account by trying to identify and track them through other means.

Ideally you would have site-specific or content-specific ads normally and personalized ads if you created an account and chose to opt-in.


My children tease me about "being a hacker", by which they mean unlawfully breaching security of internet systems, because they've seen me reading "hacker news".


Yeah, but HN is not shown as part of every website out there.


The problem is if the person looking over your shoulder has power over you.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: