AlteredStateBlob

joined 1 year ago
[–] [email protected] 1 points 5 months ago

While heavily reworked through the years, I am continually amazed what they manage to do with World of Warcraft. Doesn't look much like it used to, but as it's all on the same engine, it's really impressive.

[–] [email protected] 10 points 5 months ago* (last edited 5 months ago)

Not quite correct. A Backpfeife is a slap with the open hand, not a punch with a fist. But it sure does apply to Kyle either way.

[–] [email protected] 13 points 5 months ago

Their main utility is to prevent FPV drone attacks, especially with dropped ammunition. At leads that is what I have gleaned.

[–] [email protected] 5 points 5 months ago

It's fine. The PCI-e is another one for a graphics card that requires more connectors to be attached.

[–] [email protected] 6 points 5 months ago

Not sure why so many people here comment that your communication style is vague.

Both instructions and issue are clear. Send product after notification was sent via mail. Colleague did that and aso sent the mail again, which had already been sent.

Why people are talking about the product being sent as the issue in thus scenario is beyond me.

As for a solution: Let them repeat back to you what they're supposed to do in their own words to verify you're both on the same page, before the do what they need to do.

If you have tried this unsuccessfully, I have no further suggestions without a whole lot more detail except for: ask theco worker in question how they would have phrased the task if they had given it to someone else. Try and learn what their style of communication is and adjust for that particular colleague.

[–] [email protected] 9 points 6 months ago (1 children)

I mean, suit yourself if you insist that you can or only want to do it with a throwaway. I'm saying you can do it with similar services like tutanota as the failover address, eliminating the need for a throwaway.

[–] [email protected] 15 points 6 months ago (3 children)

You can simply use either: a different protonmail address or a similar service like tutanota.

[–] [email protected] 6 points 6 months ago

I've met several partners off the internet through means where images were not involved, but it was clearly geared towards dating still (mainly reddit, if you would believe it). Some like to get the images out of the way early, others talk for weeks before that becomes an issue. There's still some that then drop out (I'm not the most attractive lad to ever be a lad, plus preferences exist, as you say) but others worked out great.

My strengths don't lie in my style or looks, so dating apps are basically useless to me, yet I have no trouble in attracting partners in circumstances where my personality is a bit more in focus.

I think there's a space for apps like those for sure. Since there's plenty where you can go purely or predominantly by looks, no one has to go for an app where that is the case.

[–] [email protected] 15 points 6 months ago (2 children)

Using rufus it's pretty easy to install windows 11 without meeting their bullshit requirements.

Did that for my work laptop, which is getting old but runs just fine. Including windows 11.

Plenty of reasons to switch to Linux, but this can be circumvented. And anyone who doesn't know how to, because it is too complicated shouldn't really switch to Linux anyway IMO, because they will already run into trouble with finding compatible printers, getting software for proprietary hardware they are using, etc.

[–] [email protected] 4 points 6 months ago

I really like the genre, I am mostly sad it's mainly very short ones with a single season. Would love something longer again like SAO. But I also don't watch a lot to begin with

[–] [email protected] 35 points 7 months ago (1 children)

I mean, they're profitable for the first time since 2018. Not least thanks to a huge amount of cost cutting the past two or three years. This is more of that.

[–] [email protected] 1 points 8 months ago

It'll be rolled back when they realize engagement drops.

 

reddit is telling it's future investors with recent news and more info on their IPO, that they're currently selling and looking to sell their user's data to companies wanting to train their LLMs, including Google.

This is a direct violation of the GDPR for any EU based users.

Legal Basis?

Under Art. 6 GDPR reddit may only really use p1 (f) (p meaning paragraph) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

All other options are impossible, as they don't have consent, nor do they have contracts with their user base to allow for this. Art. 5 p1 (f) is a touchy subject and clearly requires extra provisions being made in case the data subject is a child. Reddit has tons of children (meaning anyone under 18) using their site daily. See for example: https://www.reddit.com/r/teenagers/

What's being processed

Due to the nature of reddit, they are also processing huge amounts of data of special categories Article 9 such as data on sexual orientation, health information, ethnic info, union information, etc. (basically everything in Article 9 can easily be found on reddit):

(note users have not given explicit consent according to the requirements of consent under Art. 7 and 8, which would allow for such processing under Art. 9 p2 (a))

These are obviously just a tiny selection of the hundreds of subreddits that are concerned with these types of data, not to mention the unencrypted "private" messages, chats, etc.

My lord, is this legal?

Article 9 p2 (e) states "processing relates to personal data which are manifestly made public by the data subject;"; so they're out of the woods, right? After all, users posted this stuff and it was made public! Sadly, this doesn't work with processing data of children, especially with 9 p4 allowing member states to introduce additional limitations and conditions for further processing.

The real kicker comes with Article 5 p1 (b) though for 9 p2 (e). 5 p1 (b) requires the personal data be: "collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);"

Yeeeah... People have posted their stuff publicly, BUT with a clear understanding that the processing of the data ends there. Reddit may process the data insofar they serve the data to the public. That's it. Turning around and selling the data now is a crystal clear violation of Article 5 p1(b). There's no two ways about it. As per Article 5 p2, reddit needs to be able to prove they are in compliance with 5 p1.

They're also processing data under Art. 10 relating to criminal convictions and offences

Processing of such data shall be carried out only under the control of official authority or where processing is authorized by Union or Member State law. Rugh-Roh. I'll admit, that this one might be reaching a bit, as it could easily be considered only to apply to "official" type of data here, rather than just criminal talk overall, but fuck it. Throw it on the pile.

Your rights and how they're being violated (not in a kinky fun way)

Now let's look at the Rights of the data subject! Those are always fun :)

Art. 12 p1 "The controller shall take appropriate measures to provide any information referred to in Articles 13 and 14 and any communication under Articles 15 to 22 and 34 relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child."

This is my favorite. Articles 13 and 14 are provisions on informing the data subject where they had data obtained directly from them or not directly from them. For reddit it mostly applies 13, but since people also talk about people they know, 14 also applies.

Let's check in there real quick. We'll keep it to Article 13 for brevity. Reddit needs to:

  • give info on contact details of the controller and the controllers rep (in the case of selling data to Google for LLM training, that's info for Google, not reddit; anyone got that info via DM maybe? No? Oh shit)
  • contact details of their data protection officer (both reddit and google, anyone was informed on that for the LLM stuff? No?)
  • purposes of processing including the legal basis. Love this one. Anyone know that for the sale of their data to Google to train their LLM? No? Shucks.
  • Since they're likely hinging on Art. 6 p1 (f) they need to tell you what the legitimate interest is - in our case MAD MONEY, not sure if that'll hold up.
  • recipients or categories of recipients -> so "big evil data churning, election influencing, minority silencing, union busting, mega corp" Sweet.
  • Transfer to third countries -> likely doesn't apply, as reddit servers are in the US (I believe, no idea if that's true) if not, weeeeeeell...
  • right to lodge a complaint with supervisory authority (anyone got that notice?)
  • whether the data is provided due to a contract or statutory -> doesn't apply, users give their data "freely"
  • existence of automated decision-making, INCLUDING PROFILING (as per Art. 22 -> non of the exceptions in that article apply to the current situation) - I'm sure no LLM will ever be used by the largest Ad company on the planet to help profile users, noooooooo, that's craaazy!

Article 13 p3 clearly states in relation to Article 5 p1 (b) that the data subject must be informed about the data that is being collected for further processing BEFORE such processing occurs, including all the info I just listed above from Article 13 p2.

Article 13 p4 states "Paragraphs 1, 2 and 3 shall not apply where and insofar as the data subject already has the information." yeeaaah... No reddit user knew about their data being actively sold to LLMs (sure LLMs might have scraped it, but that's an entirely different can of worms - in which reddit has a hand, too under GDPR as they're supposed to establish safeguards against such things, but reddit directly selling now without any upfront info... tut, tut..)

Another element of Article 12 p1 is this bit "in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child." I'm sure they'll find a cool and hip way of explaning to all the teens on reddit what an LLM is and how it's using their data.

Send reddit a little e-mail

For added fun, I urge anyone who still has a reddit account and is a EU citizen to contact reddit and make use of their rights under the GDPR to be specifically excluded from any use for LLM training, etc. Which is your RIGHT under Article 12 p2 specifically Article 21 right to object. You can contact them via "[email protected]"

Let's be really petty and assume that reddit and Google are shit at what they do, so they're likely not even engaged in a Data Processing Agreement required under Article 28 p3 and if so, I'd love my supervisory authority to take a look at that one.

Delving into the Arcane

Let's kick it up a tiny notch and go into the more arcane bits of the GDPR with Article 35, Data Protection Impact Assessment. I'm sure you'll love p1:

"Where a type of processing in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data. 2A single assessment may address a set of similar processing operations that present similar high risks."

New technologies you say? Likely to result in a high risk, you say? Remember how most chatbots and AIs turn super racist, super quick? Or AIs being easily triggered into revealing their training data 1:1? Oh I'm sure there's nooooo such risk with LLMs run by evil mega corp known for exploiting the shit out of exactly this kind of info for well over a decade now.

But we needn't even argue that point. Article 35 p3 (b) clearly states:
"processing on a large scale of special categories of data referred to in Article 9(1), or of personal data relating to criminal convictions and offences referred to in Article 10;"

Oh nooo. Remember my list from the start? LLMs are 100% definitely large scale processing all that with reddit data sets.

Any assessment carried out would clearly indicate risk and thus Article 36 would apply, where reddit has to consult with supervisory authorities in the EU BEFORE starting this. Knowing reddit, if they ever even did such an assessment, they've come out with "low risk, nothing to see".

Then there's Article 32 of the GDPR: Security of processing. p1 (b): "the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;" yeeeaaah, good luck with that on an LLM there, buddies.

Cool, what now?

Here's what you do to exercise your rights and defend your data against the highway robbery and continuous violation by US Tech-Bros:

  • Find your supervisory authority (just use google, for added irony) by searching for "Data Protection supervisory authority [the state you live in]".
  • Find their contact info, usually they have a form to complain ready made
  • give the company info applicable for your state, I've gone ahead and fished those out for you (see at the end here)
  • Tell them about the upcoming reddit Google partnership: https://apnews.com/article/google-reddit-ai-partnership-a7f131c7cb4225307134ef21d3c6a708
  • Tell them you're an EU citizen and reddit user (or former and they still have data of yours)
  • Tell them you believe them to be in violation of Articles: 5, 6, 9, 10, 12, 13, 14, 32, 35, 36, and possibly more.
  • Link to this thread, if you like

US

Reddit, Inc.
548 Market St. #16093
San Francisco, California 94104

EU

Reddit Netherlands B.V.
Euro Business Center
Keizersgracht 62, 1015CS Amsterdam
Netherlands
[email protected]

UK

Reddit UK Limited,
5 New Street Square,
London, United Kingdom,
EC4A 3TW
[email protected]

Good luck!

view more: next ›