Why the Trump Administration is going after #GDPR

Why the Trump Administration is going after #GDPR

This is not about Cybercrime. The maybe only good thing the EU did was place us a decade ahead of the rest of the world with privacy in regards especially to the massive datamining and social engineering by US companies and Intel agencies. Now its difficult to gather and sell info between each other for billions , or to intel agencies. this is Not about cybercrime. We are far from where digital rights should be,but miles ahead. US,Do NOT tamper with it.
Sincerely,
/A Free Range Human Being
Freerangehumanbeing@protonmail.com

Interesting that its timed roughly with the “Lawfull access bill” which would be a nuclear assault on encryption. Major sponsors or “pushers” are silicon valley giants (facebook and google named) Citing billions in lost revenue. And theres your answer as to the why,folks. As to how…
well the EU is known for bowing to its US counter-parts but can it afford to when the V4 utterly disregard them,brexit happened, greece and other less well off debt burden nations are extremely dissatisfied and in general the EU failed entirely with regards to its 2nd largest economy,Italy,during corona by doing NOTHING,a fact not at all forgotten nor forgiven.

Online privacy advocating is strong in europe, to give in and cause another fracture would truly add one of the last remaining bricks on the read to dissolution of the union ( a plus in my opinion,others may hold different views, i respect that and you ).

Sincerely,
/A Free Range Human Being
Freerangehumanbeing@protonmail.com

Both sides can claim they are fighting for “freedom”, the question is, whose freedom? GDPR helps individual freedom by restricting what companies and organizations are allowed to do. One kind of freedom traded for another.

Probably most of us on this forum think individual freedom is more important so then GDPR is good. But some politicians, not least in the US, think that companies’ freedom from regulation is the most important thing. (It may or may not be a coincidence that this also helps the very rich get even richer, and that many of those politicians are friends with and/or get money from the very rich.)

6 Likes

But ONLY in the U.S. and since most Internet services and servers for many web sites and Clouds are housed in the U.S., it goes without saying that the Stalk, Monitor, Record and Control (SMRC) tentacles of the U.S. reach well beyond it’s own borders and that leaves some country crying fowl as in spying.

I’m in Canada (at present) and my connection is hopped over 30 times from my desktop to wherever puri.sm is housed and most hops are through the U.S. Perhaps I should complain to my government that the U.S. is spying on me :wink: But then again, with the Canadian CSIS, RCMP and my ISP stalking me and the U.S. variety of stalkers too, I couldn’t be more safe :slight_smile:

Trump, Trudeau, Merkel, Putin et el can all make laws but they are only applicable within their own borders. Anyway, is he going after the GDPR instead of Twitter because it’s easier to spell?

Mapping it, my ride to puri.sm went from west coast B.C. Canada, east to Toronto, then south west (back to the west again, to Redwood City, back to Toronto in the east, and back again west to Santa Clara who houses puri.sm. A trek of 14,000 kms (8,700 miles) The direct route, (north to south) according to lord Google is 1,690 kms (1051 miles). That’s Internet routing making sense. Suffice to say,

Instead of the envisioned Internet breaking down borders and assisting world peace, the Internet did the opposite, more like politicians abused the Internet as a weapon against each other.

Just my angled view.
~s~
p.s. This is first post via a PureOS system

6 Likes

the www nowadays looks like the tower-of-babel “we shall build a tower so high that we will touch the sky” - look ma’ everyone is speaking English … "one language to rule them all

3 Likes

You should trace forums.puri.sm too then - as that appears to be in Germany, and hence could be subject to GDPR.

It is more complicated than that, for lots of reasons.

Some laws simply claim extraterritoriality. (In practice, in that situation, the law may only be as successful as the extradition proceeding, where it is intended to apply to an individual rather than a corporation.)

Information published on a web site outside a country by a party also outside a country has still resulted in defamation or group defamation actions in the country of an aggrieved party.

Try telling Julian Assange that laws are only applicable within the borders.

4 Likes

I like the explanations given thus far, as I’d just write this kind of thing under “lobbying”.

The original Politico source article mentions the whois-registry as the main problem. That was FUBAR by ICANN, who dropped the ball (see for example https://www.theregister.com/2018/07/06/europe_no_to_icann_whois/) and could have created a usable system (but change is hard). Like FRH said, it’s a smokescreen for wanting to slurp data to make money, something to leverage to weaken GDPR - hence “lobbying”.

There are opposite news too: https://www.theregister.com/2020/07/01/happy_privacy_enforcement_day_if/ which may end up being more effective in the long run. Or so we can hope.

This is a discussion - right? If not, then ignore my ramblings and jump to last paragraph :wink:
For posterity, search bumps playing Google’s popularity contest, and perpetuity, I did and:

The .sm TLD is the Republic of San Marino, a mini-state in southern Europe surrounded by Italy.
The domain name is puri
The “forums”. prefix normally would be hosted on the same server as the domain name “puri”. but forums.puri.sm is a trip to Germany (server unknown but located at Lat: 51.2993 Lon: 9.491) but puri.sm is a visit to California.

So, the forums.puri.sm IP 138.68.253.24 is hosted at Santa Clara, Cal, and forums.puri.sm IP is 138.201.228.33 hosted in Germany. That is odd. I presume that it is for privacy reasons and perhaps aimed at your and my rights under the GDRP. If that was on purpose, I LOVE IT!.

I would risk it all and bet that forums.puri.sm is affected by the GDRP, but if I don’t live within the boundaries of the GDRP, do I have the same tight to be forgotten as do Europeans? And, puri.sm is not affected by the GDRP, unless puri.sm wants in the GDRP good books.

Thank any deity that we are not inundated with a half of the web page announcing the GDRP Cookie policy like some web sites extort privacy with “Agree” or ‘get lost’.

I’ve seen some privacy oriented web sites, such as Fediverse hosted with the .IO British Indian Ocean Territory TLD.

But, I digress, so I wonder why Trump administration would attack the GDRP. Save 'mericuns tax money shooting at it’s feet and and just amputate at the knee :slight_smile:

It seems privacy groups can’t find a suitable country web host that isn’t directly, or indirectly gagged, threatened, propitiating old glory, cajoled or paid by the US, Canada, Australia, New Zealand, U.K, and U.S. (the “Five Eyes” (FVEY))., or censored by Google, Apple (more Apple and Google block dozens of Chinese apps in India :see_no_evil: today), advertisers and Facebook. It didn’t take corporations and government long to FUBAR the Internet.
It appears there is another wall going up, only it’s the U.S. walling the U.S. by letting Trump - well, be Trump. He has to be told he can’t pull the World Wide Web plug. He can only the make the U.S. the U.S. Wide Web - the USWW.

As far as the intricacies of cross-border W(?)WW goes, governments ignore what they want, when they want, and change what they want and the WWW will go on - with or without the U.S., akin to, as @reC said, the Tower of Babel but I fear that countries are starting to fence in their Internet borders - everyone going off with their own rules. Google is way ahead on the game - everything I “google” is for sale just a few blocks away from me. (Yes, I know boolean operands - why doesn’t Google remember?)

Second-LAST PARAGRAPH:
How will this affect PureOS, Librem products, and places within the realm of Fediverse? We may just see privacy head underground. Investigative reporters, journalists, activists, whistle blowers, white hats, etcetera, use the Deep (note NOT ‘dark’) web to share their take on world events. But, I have faith in Librem products as being on the right track. It’s easy to convince the 35 - Up age group to opt out of surveillance and in to privacy, but our children are being assimilated at a alarming rate and it is for them that I fear the worst; and they won’t/don’t even know what hit them.

The Real LAST PARAGRAPH:
They; the Stalk, Monitor, Record and Control (SMRC) deviants can only SMRC devices that let them. If we stop buying the devices {for them}, they will, are and do find other ways, and invent new laws, to SMRC us. All for our protection - of course. The sci-fi of the 70’s is here. Most know this, does anyone know - - - will Purism be the solution? Will Purism even be allowed?

~s~

1 Like

I would contest the statement that it would “normally” be that way. For a small company, yes, maybe split the services by domain for future administrative convenience but host it all on the same server v. for a growing company, nah, eventually it will have to be on different servers.

It would be nice to know the exact thinking from Purism but then …

this is a good question. With a company, a host and a customer all (potentially) in different countries, the world and the law are complicated.

Hah hah, yes. It is pointless and annoying.

apropos to your “internet-hops” measurement … for my GNU/Linux distribution the “best” mirror for updates is listed as being located in Singapore … and i’m in the EU - wtf ?

by the way all updates happen over plain http or ftp (as far as i can tell by looking at the mirrors) - why no encryption ?

Good question. Is it possible the files are encrypted till they reach our device? Does sending a encrypted file mean the site must be httpS? Witgh PureOS default Firefox installed, there is a version of Electronic Frontier Foundations “HTTPS Everywhere” option. TheEFF site states:

HTTPS Everywhere can protect you only when you’re using sites that support HTTPS and for which HTTPS Everywhere include a ruleset.

But the Google site states:

Google version says …"HTTPS Everywhere is an extension created by EFF and the Tor Project which automatically switches thousands of sites from insecure “http” to secure “https”.

So, would that make you more secure with the updates?
I think we shouldn’t have to resort to that, that those update hosts would encrypt. Hmmmm.

~s~

Discussing this thing…

[quote=“kieran, post:9, topic:9574”]

It is why I said “normally”.

But {outsourcing} is the big mistake people made when the Internet was getting started, we’ve circled back.
Now-a-days, all the generic cut & paste template websites built now have wads of Googleware built into them calling out to a variety of places for a little of this, then off to another server for a little of that, and another for some of those and soon, the site loads on the visitors page.
Having newer and faster servers baking up web sites from a variety of places, doesn’t help our security woe, and further erodes our rights to privacy… IMO
~s~

1 Like

From my understanding of the apt package management system the Servers hosting the packages always use http. The security of the packages is a result of the PGP signed InRelase files containing the hash values of the files served by the Repository. This seems to be the info on how it’s done by the Debian Team.
The security of the *.deb packages is based on a PGP and hash based chain of trust.
That is one of the reason package repositories can be replicated that easily like sonic did for pureos.
I hope this reduces your worries caused by not using https.
Regarding the Question if the firefox addon “HTTPS Everywhere” would make the connection more secure. That’s not the case since apt is not using the Browser to download but does it directly or uses one of the Linux tools like wget or curl.

On the other hand, downloading them in plain http lets everyone see what you are downloading. It is only a matter of time, when some piece of software will be considered improper in some way, and someone will lose their job over downloading it to their private computer. Things like this are already happening with what people say in private. I see no stop to this, and you should be wary what books you buy and what software you download, unless you are financially independent and can laugh the politically correct off.

So yes, Debian would do good to offer packages over https, the technicalities for that are sorted out, and the only bit missing is an actual deployment of that.

3 Likes

yes maybe a local mirror helps to alleviate fingerprinting with plain http … SOMEWHAT

if everybody is using the main http server then it’s much easier to fingerprint > En-Masse !

I disagree with the GDPR on this issue. I think that the whois data should be publicly accessible. Everyone should be able to know who owns domain names. It will stop a lot of abuse, and the owners of domain names (like me) should be forced to publicly identify themselves to prevent abuse.

You shouldn’t be legally obligated to dox yourself to host a website. Abuse happens with or without forcing domain owners to be identifiable, and usually happens at the company level (Godaddy parking domains when you search for them for instance).

Enforcing anonymization for whois data is a purely positive change imo.

Not from the perspective of the average internet user, who wants to identify who owns a domain name. The right of internet users to identify who owns a web site is more important than the right of domain name owners to be anonymous.

There is a huge amount of spam and malware distributed through domains, where the owner doesn’t feel any responsibility, because he/she can remain anonymous, so the GDPR is encouraging this bad behavior.

As the owner of domain names, I have run into this problem. Some Chinese company bought my domain name after I let it expire, and I couldn’t even identify who owned it due to GDPR, which is frankly ridiculous.

To be blunt, the average internet user doesn’t care who owns a domain. Your examples are far from a typical end user’s perspective. Not to say that it’s an invalid perspective, but that it’s not a common one.

Per spam and malware, that’s what the whois abuse system is for. You don’t need to know who randomhacker69 really is to report their domain as serving malware or acting as a C&C. Not to mention these are the types of individuals who are likely going to be using stolen identities anyway, so your anger will potentially be directed towards a victim rather than the perpetrator.

Per someone sniping a domain after it expires, that’s in-line with what I mentioned about similarly nasty practices of other companies like Godaddy. Know which shady company is doing it won’t do you any good either, it’s not like complaining to them directly will do jack, and for reporting abuse you can use existing channels that don’t rely on compromising people’s identities 24/7.

Your issues aren’t with anonymity, it’s with domain registry abuse, and that can be solved without destroying privacy. (Not to say it’s very effective currently, but the solution still isn’t doxxing all domain owners, it’s improving those systems.)

1 Like

It will stop some abuse but it will also cause extra abuse.

I receive a zillion spam emails on the email address that is publicly available because the domain information is public information for one domain - whereas a number of other domains that I own are “hidden” by the registrar (so they get the spam instead of me - which suits me just fine).

NB: From the point of view of criminality this is OK. If I use a domain to commit a crime, the government can surely get the information from the registrar. It is just hiding me from every random idiot on the internet.

Could the spam problem be solved? Yes. It would be possible for the domain owner to be identified without making an email address public.

Anyone who is really shady though can easily register a domain in a company name and then (depending on your country) the company information is not directly available or in any case not useful. (I’m thinking governments that set up front companies here.)

There are many situations where exposing a person’s home address would expose them to all kinds of problems. I am unconvinced that you should have to put your personal safety at risk in order to publish independently on the internet.

What if anything this has to do with “the Trump administration going after GDPR” I am not sure.

1 Like