if you need a consent-or-pay example, just open La Repubblica's homepage. You will be prompted with the "accept all cookies or pay" prompt as soon as you open the site. Pretty standard practice for most Italian online newspapers, sadly
I unpinned the post because it looks like the domain redirects to lemmygrad now. Does anyone know what happened to that instance?
“This has been a long battle”, said Dr Johnny Ryan of the Irish Council for Civil Liberties. “Today’s decision frees hundreds of millions of Europeans from consent spam, and the deeper hazard that their most intimate online activities will be passed around by thousands of companies”.
This comment kinda implies that things are going to change, but it's not outlined how they are going to change. The article mentions how the framework fails to inform users which data will be collected and how it will be used, but also that it "fails to properly request consent, and relies on a lawful basis (legitimate interest) that is not permissible because of the severe risk posed by online tracking-based "Real-Time Bidding" advertising". This suggests that the framework must be reworked to be more accessible/friendly to users, and that some of options that usually fell under the "legitimate interest" category maybe shouldn't be enabled by default.
My main issue with the cookie consent popups is that many of them are ridiculously long to configure, and are very clearly designed to be misleading and ambiguous. Sometimes they even take you to a new page or need to load additional stuff when you decide to disable non-essential cookies. People have just given up on mangling with these toggles and just click on "accept all" as soon as the cookie alert pops out.
From the article:
Clarification, Sept. 8, 2021: A previous version of this story caused unintended confusion about the extent to which WhatsApp examines its users’ messages and whether it breaks the encryption that keeps the exchanges secret. We’ve altered language in the story to make clear that the company examines only messages from threads that have been reported by users as possibly abusive. It does not break end-to-end encryption.
It should be no surprise that messages reported by users are forwarded to Facebook's moderators as plaintext so they can evaluate whether the report is legitimate or not. It should also be pretty straightforward that once an encrypted message reaches the receiver's device, the client has access to the plaintext data to show to the user (and can do whatever it wants with it as long as nobody notices). We didn't need this investigation to know these two claims are true.
However, the article brings up some interesting details about how this data is handled and packed together with users' metadata:
Artificial intelligence initiates a second set of queues — so-called proactive ones — by scanning unencrypted data that WhatsApp collects about its users and comparing it against suspicious account information and messaging patterns (a new account rapidly sending out a high volume of chats is evidence of spam), as well as terms and images that have previously been deemed abusive. The unencrypted data available for scrutiny is extensive. It includes the names and profile images of a user’s WhatsApp groups as well as their phone number, profile photo, status message, phone battery level, language and time zone, unique mobile phone ID and IP address, wireless signal strength and phone operating system, as a list of their electronic devices, any related Facebook and Instagram accounts, the last time they used the app and any previous history of violations.
It is no news that WhatsApp can access a ludicrous amount of metadata and can share them with Facebook (in non-European countries), but it's interesting to see this practical usage being disclosed for the first time. More on this:
U.S. law enforcement has used WhatsApp metadata to help put people in jail. ProPublica found more than a dozen instances in which the Justice Department sought court orders for the platform’s metadata since 2017. These represent a fraction of overall requests, known as pen register orders (a phrase borrowed from the technology used to track numbers dialed by landline telephones), as many more are kept from public view by court order. U.S. government requests for data on outgoing and incoming messages from all Facebook platforms increased by 276% from the first half of 2017 to the second half of 2020, according to Facebook Inc. statistics (which don’t break out the numbers by platform). The company’s rate of handing over at least some data in response to such requests has risen from 84% to 95% during that period.
[...]
WhatsApp has for years downplayed how much unencrypted information it shares with law enforcement, largely limiting mentions of the practice to boilerplate language buried deep in its terms of service. It does not routinely keep permanent logs of who users are communicating with and how often, but company officials confirmed they do turn on such tracking at their own discretion — even for internal Facebook leak investigations — or in response to law enforcement requests.
Aren't these pretty standard features for any modern music player? I've been using PA for years and it's definitely on another league, but I have explored many alternatives in the past and all of them had good queuing support