| ▲ | Imustaskforhelp 2 hours ago |
| > Stichting 113 likely violated the General Data Protection Regulation (GDPR) by sharing this data. The GDPR states that extra care must be taken regarding the security of medical personal data, which includes contact with an anonymous suicide prevention hotline. This is quite sad to think about in multitude of ways :-( What I am not understanding is the case of why, why would dutch government or website do this, is it out of honest mistake/(incompetence?) or malice. There are so many competent & great dutch engineers and engineers in general, I refuse to believe that they couldn't find anyone ethical enough to take extra care regarding GDPR and sensitivity of the data in general. > “At this moment, we are investigating what happened, how this could have occurred, what the potential impact has been, and what our next steps are,” the spokespersons aid. They didn’t say whether the trackers would be turned on again I hope the investigation that they are saying in the articles goes swiftly to really find out the real reason as to why this ended up happening in first place and the reasons behind it are made public sooner rather than later. |
|
| ▲ | mettamage 2 hours ago | parent | next [-] |
| See my comment. My hypothesis is: ignorance and apathy that results in incompetence. Using GA4 is just the normal thing right? Look in a room full of marketing experts and they will say yes or shrug. Look in a room full of tech people and you'll see all security experts and security adjacent people screaming HELL NO or simply giving a nuanced answer that ultimately comes down to "no". Some will do funny little dances, some probably even just praying to a sun or rain god because they just lost it at that comment. I know I would. To answer: no GA4 is not just the normal thing. There is no normal. It's the dominant thing and it invades privacy like hell and the whole thing needs to be thought about in a different way. I'd advice almost everyone to stop smoking that Google crack pipe and roll your own or find an analytics friendly vendor. Yea I got a bit rhetorical there, apologies for being a bit fed up with this situation. |
| |
| ▲ | Imustaskforhelp 2 hours ago | parent | next [-] | | Yes, my comment was published just one minute after yours so I only saw your comment after mine and I appreciated reading your comment (& upvoted it) > Look in a room full of tech people and you'll see all security experts and security adjacent people screaming HELL NO or simply giving a nuanced answer that ultimately comes down to "no". Some will do funny little dances, some probably even just praying to a sun or rain god because they just lost it at that comment. I know I would. But if that's the case, are we saying that when the website was being created, it was being created with no-one who was security expert or let alone security adjacent people? This is what I had refused to believe because in my opinion, more due diligence within the structure should've taken place and if there was no-one competent within the team, then why not hire one who is? I can't help but feel frustrated, this is probably gonna negatively impact people who have talked on such suicide prevention websites. Literally these websites is to create a safe space and for a person to be heard, if one introduces the concept of tracking or even feeling tracked, I can't help but feel frustrated as to why, why not hire people who know about security especially for such websites and especially with these laws. I am unable to understand this to be more specific. | | |
| ▲ | foolswisdom 2 hours ago | parent | next [-] | | Marketing people like the features they're getting, and Google and Meta are dominant, so big that they're the default, in the same way that we talk about github being the default option, and "no one ever got fired for choosing IBM / (big tech company of your choosing)". I wouldn't dream of saying they should choose something else, without researching and guaranteeing that nothing they'd ever want from GA (and they may not know everything they'll want in the future right now) is missing in the alternative. In a role (marketing) that's completely out of my wheelhouse. So I don't even bother. | |
| ▲ | mettamage an hour ago | parent | prev [-] | | Not all websites are created with IT in the loop. And sometimes even if IT is in the loop, then they aren't privacy/security conscious enough. I got to see this first-hand being part of a marketing department. IT was explicitly left out of the loop. Though that was a Fortune 500 company. I'm not saying it's the same situation for the organization of this article. My point simply is: IT is not always in the loop when a site gets created. And I bet "not always" is putting it mildly. Tribalism is a thing. Or at least, I call it tribalism. "Show me the incentive and I'll show you the outcome". It's that kind of stuff, unfortunately. |
| |
| ▲ | embedding-shape 2 hours ago | parent | prev [-] | | > See my comment. No, I refuse being told what to do. | | |
| ▲ | mettamage 2 hours ago | parent [-] | | It wasn't meant that way as a comment ;-) Everything in life is optional. |
|
|
|
| ▲ | SockThief 2 hours ago | parent | prev | next [-] |
| > Stichting 113 has temporarily disabled all measurement and analysis tools. It seems that it is only temporary. > “We realize that visitors must be able to trust that their privacy is protected and regret that concerns have arisen regarding this.” They also regret that "concerns have arisen". No other regrets have been mentioned. |
| |
| ▲ | RHSeeger 2 hours ago | parent [-] | | Right? "We don't regret that we did this, just that people are mad about it" |
|
|
| ▲ | embedding-shape 2 hours ago | parent | prev | next [-] |
| > What I am not understanding is the case of why, why would dutch government or website do this, is it out of honest mistake/(incompetence?) or malice. There are so many competent & great dutch engineers and engineers in general, I refuse to believe that they couldn't find anyone ethical enough to take extra care regarding GDPR and sensitivity of the data in general. Ask 100 random developers to setup a website, and to make sure the website owner should be able to see how many people visit the website, and probably 90 of those developers will default to setting up Google Analytics, just by "instinct". People generally just continue with whatever they've learned, not revisiting the default choices they make, and it's been ingrained over decades that "Google Analytics is the best way to optimize your sales funnel" or whatever the marketers drink nowadays, so it'll take some time for these folks to revisit their decisions. |
| |
| ▲ | foolswisdom 2 hours ago | parent | next [-] | | Not just instinct, I'd need to be able to justify the choice against any potential downside of not choosing the default option. | |
| ▲ | Imustaskforhelp 2 hours ago | parent | prev [-] | | > People generally just continue with whatever they've learned, not revisiting the default choices they make, and it's been ingrained over decades that "Google Analytics is the best way to optimize your sales funnel" or whatever the marketers drink nowadays, so it'll take some time for these folks to revisit their decisions. Perhaps you are right but what the duck does sales funnel mean in a suicide prevention website? I mean, perhaps Google analytics might make sense anywhere else except this but perhaps you are right that there might be many dev's who don't know anything except G.A. But I personally used to (still do) have the habit of searching open source alternatives to software themselves. https://alternativeto.net/software/google-analytics/?license... https://openalternative.co/alternatives/google-analytics There are many alternatives present which value gdpr and can be self hosted easily. I am unsure of what should be done if its case of ignorance rather than malice, malice can be fixed but ignorance is a greater systemetic issues and there are websites which help in fixing the gap of knowledge (like the ones I linked, esp alternativeto has genuinely helped me personally in many things) but the issue is that people might not even know or perhaps even bother with these websites too. So is there any solution to such issues except awkward silences? | | |
| ▲ | embedding-shape 2 hours ago | parent [-] | | > Perhaps you are right but what the duck does sales funnel mean in a suicide prevention website? It's just a random example what marketers and owners think about when choosing an analytics platform, not specific to a suicide prevention website. But also, think that the website owner has some "Goal" which in this context might be "Someone calls and didn't kill themselves", then they'd try to setup their analytics platform to give them concrete numbers and metrics about this "sales funnel". > But I personally used to (still do) have the habit of searching open source alternatives to software themselves. Me too, and I don't disagree with anything what you write. But practically, among less-technical users, imagine your typical Windows dev who've written C# code for two decades and gets excited when Microsoft holds press-conferences, these people aren't seriously gonna re-evaluate their choices, they go with what they already know in 99% of the cases. > So is there any solution to such issues except awkward silences? Best you can do is be honest, forthcoming and help them understand if it feels like they don't understand. Ultimately, people won't try to solve things they don't see as issues, so the first step to take might be to clearly identify and show them what issues the current approach as, with concrete evidence and context. |
|
|
|
| ▲ | ryandrake an hour ago | parent | prev | next [-] |
| > What I am not understanding is the case of why, why would dutch government or website do this, is it out of honest mistake/(incompetence?) or malice. When it comes to companies' wrongdoing, I'm starting to not care whether it's incompetence or malice anymore. When money and/or lives are at stake, incompetence is shaped like malice. We need to have a new word for this kind of "deliberate stupidity" and punish it just like we punish intent to do wrong. |
|
| ▲ | basisword 2 hours ago | parent | prev | next [-] |
| I think it's more incompetence than malice. It's just such a standard thing for engineers to throw analytics tracking in every website/product they build. Although I am surprised not one person realised this might be a bad idea given the sensitive nature of the site. |
|
| ▲ | agmater an hour ago | parent | prev [-] |
| > Though, not at places that have such a strong social mission as this one. That's the shameful thing really. Yeah it's pretty common to have (GDPR violating) cookies and 'share all analytics' settings on by default with "privacy is very important to us" statements on the website. As "one of those guys" I see this all the time. For a commercial business it's just eye rolling, but these kinds of social good companies really should be held to a higher standard. With that standard just being "privacy by design please". The websites' feedback form gave me a "try again in !minutes" error so frankly I think the dev team is malicious by incompetence. It's a very pretty site though, so at least there's that. |
