• just_change_it@lemmy.world
    link
    fedilink
    English
    arrow-up
    38
    arrow-down
    8
    ·
    edit-2
    10 months ago

    Hey guys, let’s be clear.

    Google now has a full complete set of logs including user IPs (correlate with gmail accounts), PRIVATE MESSAGES, and also reddit posts.

    They pinky promise they will only train AI on the data.

    I can pretty much guarantee someone can subpoena google for your information communicated on reddit, since they now have this PII (username(s)/ip/gmail account(s)) combo. Hope you didn’t post anything that would make the RIAA upset! And let’s be clear… your deleted or changed data is never actually deleted or changed… it’s in an audit log chain somewhere so there’s no way to stop it.

    “GDPR WILL SAVE ME!” - gdpr started in 2016. Can you ever be truly sure they followed your deletion requests?

    • sugarfree@lemmy.world
      link
      fedilink
      English
      arrow-up
      30
      arrow-down
      4
      ·
      10 months ago

      “lets be clear”

      You’re making things up and presenting them as facts, how is any of this “clear”?

      • 4am@lemm.ee
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        1
        ·
        10 months ago

        How do you think Reddit is restoring posts that people have been deleting?

        Do you think Google’s deal simply allowed them to scrape old.reddit? Hell no, there is probably a live replica of Reddit prod at Google somewhere, including deleted posts and all edits.

        You don’t think they paid $60m just scrape, do you?

      • just_change_it@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        edit-2
        10 months ago

        Since an IP address alone is not considered PII, can you prove that they did not provide IP addresses for each post?

        Do you think it’s more or less likely that ip addresses, account names, private messages and deleted messages and posts would be included?

        Remember that they paid 60 million dollars for this information and web scrapers have been capable of capturing subreddit post data for over a decade as is at a $0 price tag from reddit.

    • towerful@programming.dev
      link
      fedilink
      English
      arrow-up
      17
      ·
      10 months ago

      Where does it say they have access to PII?
      I would imagine reddit would be anonymising the data. Hashes of usernames (and any matches of usernames in content), post/comment content with upvote/downvote counts. I would hope they are also screening content for PII.
      I dont think the deal is for PII, just for training data

      • just_change_it@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        1
        ·
        10 months ago

        Where does it say they have access to PII?

        So technically they haven’t sold any PII if all they do is provide IP addresses. Legally an IP address is not PII. Google knows all our IP addresses if we have an account with them or interact with them in certain ways. Sure, some people aren’t trackable but i’m just going to call it out that for all intents and purposes basically everyone is tracked by google.

        Only the most security paranoid individuals would be anonymous.

        • towerful@programming.dev
          link
          fedilink
          English
          arrow-up
          4
          ·
          10 months ago

          Depends where and how its applied.
          Under GDPR, IP addresses are essential to the opperation of websites and security, so the logging/processing of them can be suitably justified without requiring consent (just disclosure).
          Under CCPA, it seems like it isnt PII if it cant be linked to a person/household.

          However, an ip address isnt needed as a part of AI training data, and alongside comment/post data could potentially identify a person/household. So, seems risky under GDPR and CCPA.

          I think Reddit would be risking huge legal exposure if they included IP addresses in the data set.
          And i dont think google would accept a data set that includes information like that due to the legal exposure.

          • just_change_it@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            10 months ago

            ML can be applied in a great number of ways. One such way could be content moderation, especially detecting people who use alternate accounts to reply to their own content or manipulate votes etc.

            By including IP addresses with the comments they could correlate who said what where and better learn how to detect similar posting styles despite deliberate attempts to appear to be someone else.

            It’s a legitimate use case. Not sure about the legality… but I doubt google or reddit would ever acknowledge what data is included unless they believed liability was minimal. So far they haven’t acknowledged anything beyond the deal existing afaik.

            • towerful@programming.dev
              link
              fedilink
              English
              arrow-up
              1
              ·
              10 months ago

              Yeh, but its such a grey area.
              If the result was for security only, potentially could be passable as “essential” processing.
              But, considering the scope of content posted on reddit (under 18s, details of medical (even criminal) content) it becomes significantly harder to justify the processing of that data alongside PII (or equivalent).
              Especlially since its a change of terms & service agreements (passing data to 3rd party processors)

              If security moderation is what they want in exchange for the data (and money), its more likely that reddit would include one-way anonymised PII (ie IP addresses that are hashed), so only reddit can recover/confirm ip addresses against the model.
              Because, if they arent… Then they (and google) are gonna get FUCKED in EU courts

    • brbposting@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      6
      ·
      10 months ago

      it’s in an audit log chain somewhere so there’s no way to stop it.

      Gut feel based on common tech platform procedures, right? (As opposed to a sourceable certainty.)

      I’d bet $100 you’re right. That said, I’d give a caveat if I were you and I were going with my instincts.

      • just_change_it@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        10 months ago

        Gut feel based on common tech platform procedures, right? (As opposed to a sourceable certainty.)

        It would be PR suicide to disclose exactly what data is shared. Cambridge Analytica is a prime example of a PR nightmare with similar data.

        I don’t even need to look at reddit’s terms and conditions to know that there is practically nothing stopping them from handing this kind of data over legally for anybody who hasn’t submitted GDPR deletion requests. I never trust compliance of laws that cannot be verified independently either because i’ve seen all kinds of shady shit in my career.

    • wise_pancake@lemmy.ca
      link
      fedilink
      English
      arrow-up
      3
      ·
      10 months ago

      Makes me glad for my VPN and burner emails, but yeah… Privacy nightmare.

      Although Google also has your email, location, IP, every website you visit, all your searches…