Most active commenters
  • WesolyKubeczek(4)
  • throwhauser(3)

←back to thread

The old internet shows signs of quietly coming back

(cheapskatesguide.org)
622 points ColinWright | 16 comments | 25 Jan 22 22:24 UTC | HN request time: 0.21s | source | bottom
Show context
kstrauser ◴[25 Jan 22 22:58 UTC] No.30079330[source]
I sure hope that's right. It was the best feeling in the world to stand up an Apache server on my Amiga, and later my little FreeBSD server, and see my friends viewing the website I was hosting on my dialup connection. It wasn't pretty, it wasn't elegant, and it certainly wasn't fast, but it was mine. I made that. From installing the server to writing the HTML, I owned that service from end to end and had completely freedom to do whatever I wanted with it.

That's what I want the Internet to look like for my younger family and friends. It'll probably never happen exactly this way, but I can picture someone running an IPv6-only service on their phone to impress their friends. I know what their smile would look like because that was once my smile, too.

replies(14): >>30079383 #>>30079412 #>>30079441 #>>30079505 #>>30079550 #>>30079551 #>>30079596 #>>30079689 #>>30079823 #>>30080525 #>>30080756 #>>30080986 #>>30082530 #>>30085966 #
throwhauser ◴[25 Jan 22 23:20 UTC] No.30079550[source]
How can a small website cope with GDPR compliance though? The rules that sprang up to constrain the social-media behemoths seem onerous for anyone but them to comply with.
replies(3): >>30079576 #>>30079601 #>>30080059 #
1. WesolyKubeczek ◴[25 Jan 22 23:25 UTC] No.30079601[source]
By not collecting data it has no need for, and not passing that data on to third parties? By providing an ability to delete any user account, and for editing any personal information? By not using EBCDIC to store said information?

Are you making this more complicated than it needs to be?

replies(3): >>30079666 #>>30079754 #>>30138554 #
2. throwhauser ◴[25 Jan 22 23:32 UTC] No.30079666[source]
> Are you making this more complicated than it needs to be?

I'm not sure. I guess if one trusts the default logging settings on the server software to be compliant, and only uses static HTML, maybe that's adequate? But as soon as any third-party code or data provided by some other server gets involved, it's hard to know what might be logged elsewhere as a result of visiting your site.

I mean, would an old-fashioned web visitor counter be compliant? It's tracking something in order to provide that number.

replies(2): >>30079839 #>>30080264 #
3. lol768 ◴[25 Jan 22 23:42 UTC] No.30079754[source]
> Are you making this more complicated than it needs to be?

A large proportion of folks on HN seem to think GDPR is "out to get" everyone rather than a set of common sense regulations that should not at all be a concern for an individual who's serving a blog or personal site and doing nothing to collect PII/track their visitors.

I don't understand why this view is so prevalent.

replies(2): >>30079940 #>>30080144 #
4. jrochkind1 ◴[25 Jan 22 23:54 UTC] No.30079839[source]
You tell us you have no idea what third-party code you add might be tracking from users. And say this is a reason why you/they should be allowed to do it? (With "it" being... anything the third-party sites want to at all?)
5. reificator ◴[26 Jan 22 00:06 UTC] No.30079940[source]
> I don't understand why this view is so prevalent.

Fearmongering from those actually affected by these common sense regulations.

6. WesolyKubeczek ◴[26 Jan 22 00:31 UTC] No.30080144[source]
Companies whose bottom lines are affected by GDPR are screaming that it's too difficult to understand and apply. Many HackerNews, especially for some reason North American ones, are parroting what they hear in this echo chamber without giving it a glimpse of a thought.

I think we underestimate the power of PR way too often.

Last I've read GDPR itself it's been way clearer than any of the Terms of Service written by the very same companies who complain that GDPR is too incomprehensible.

replies(2): >>30080280 #>>30080362 #
7. corobo ◴[26 Jan 22 00:51 UTC] No.30080264[source]
You can +1 a database `views` column without storing anything at all about the user. If you’re just doing that you’re good to go
replies(1): >>30080403 #
8. ◴[26 Jan 22 00:53 UTC] No.30080280{3}[source]
9. rhizome ◴[26 Jan 22 01:07 UTC] No.30080362{3}[source]
I don't think "parroting" is very charitable. What I think is going on is that we have a bunch of people who are seeing the internet driven by ads that are only a synthesis of print ads and TV commercials. The fact that the medium of advertising (and business itself, evidenced by all the people who say that's the only way businesses can be run anymore) resembles the past so much means the value of participating in it at all for Computer Science and nerdly interests in general is contained on the backend, in the surveillance. I think the resistance to this (not to mention the suit against Google to prevent them from eliminating third-party cookies from Chrome) is because advertising becomes boring without the PII shenanigans. If you can't slice and dice people's activities into predictions about what they're going to click on if not buy, then what did I acquire these student loans for, to write HTML and JavaScript like a schmoe?

Of course reality is more particularized and varied, but in the big picture I think GDPR and other threats to surveillance advertising is treated as an existential threat to an entire class of skills, skills that can buy houses.

10. erulabs ◴[26 Jan 22 01:13 UTC] No.30080403{3}[source]
I mean, most "unique view counters" store the users IP address, so that would be right out. I'm fairly sure even being aware of what complying with a complex legal documents implies constitutes enough of a complication that it's worth mentioning.

It is a complication, but I believe it's worded so that small companies and individuals are immune from its consequences.

replies(3): >>30080494 #>>30083502 #>>30086229 #
11. ◴[26 Jan 22 01:26 UTC] No.30080494{4}[source]
12. martin_a ◴[26 Jan 22 09:35 UTC] No.30083502{4}[source]
You could always hash the IP on the client side before sending it to your counter. That way you have no information which you can backtrack to a specific IP and therefore a person.
replies(1): >>30089780 #
13. WesolyKubeczek ◴[26 Jan 22 14:58 UTC] No.30086229{4}[source]
As long as you can describe the full extent to which the collected IP addresses are being used and which data they are being correlated with, and use a language comprehensible without requiring a legal degree, you can very easily be compliant. Once you involve an undisclosed number of "trusted partners" and start using weasel words to describe what you're using the data for and who you're giving them to, not so much.

That said, an IP address is a shitty device to detect unique visitors. Session cookies, as long as you aren't trying to correlate them to usage patterns and such, are more reliable (you can tell that this is the same phone jumping networks, or you can tell apart users coming from behind multiple layers of NAT) and anonymous.

14. BenjiWiebe ◴[26 Jan 22 18:40 UTC] No.30089780{5}[source]
Except there's so few IPs (v4) you could just bruteforce it in not too much time.
replies(1): >>30092395 #
15. WesolyKubeczek ◴[26 Jan 22 21:46 UTC] No.30092395{6}[source]
There are different kinds of hashes. You can, for example, assign numbers to your incoming IPs. The first one to come in gets 1, the second gets 2, and so on. Numbers zero out at midnight, correlation between them and real IPs are at the load balancer. Good luck bruteforcing these.
16. throwhauser ◴[30 Jan 22 16:33 UTC] No.30138554[source]
Days late and this will probably go unread by anyone, but further evidence that GDPR compliance is complicated, and it's difficult to avoid fines:

https://news.ycombinator.com/item?id=30135264 "GDPR penalty for passing on of IP address to Google by using Google Fonts"

It's absolutely true that using Google Fonts will cause a user's IP to be shared with Google, and that this is a violation of the GDPR. But having to review content at this level of detail is burdensome for individuals or small organizations putting anything onto the internet.