It turns out reCAPCHA has been a privacy nightmare from the beginning: from silently monitoring user activity in the background, to sending payment information to Google; in order for an AI to assess the data, and return a risk-score to the website. But that apparently wasn’t bold enough, and now an effective 2FA is required, which provides additional telemetry to Google (but not to the website or app: which is obviously the privacy concern). So get ready to 2FA with Google upon registration, login, updating your cart, and payment; or to skip the hassle, you should just let an approved “shopping assistant” make purchases for you (“that drive a projected 25% increase in average order value”). I don’t even own a modern Android or iOS device, so how am I supposed to solve these?

It seems they’re really focusing on “registration, login, cart, and payment”, which would mean the customer would have to do this effective 2FA (which most consumers have conveniently been conditioned into using…), at least during these stages. This paired with the ability to allow “trusted” AI agents (including shopping assistants “that drive a projected 25% increase in average order value”), really makes it appear they’re incentivizing use of these shopping assistants (in order to avoid the 2FA hassle). It’s batshit insane the big-tech oligopoly has enshittified the internet to such a degree, the average consumer is required to outsource their usage to a big-tech agent (or at least one “trusted” by these platforms), for them to get any meaningful use out of it. And the rogue actors? Well, they’ll probably resort back to exploiting the third-world for solving CAPTCHAs…

I’ll give it a year before this “voluntary” evaluation becomes mandatory, while standards based on industry-leading models, dictate guardrails impossible to implement for upcoming models. And thus giving reason to consider would-be competitors’ models a “national security risk”: evaluated by a board, which by then, is composed of “experts” with a vested interest in the leading industry…

Personally I believe AI models, using content for which they do not have the creator’s explicit permission, have no right to exist (at least as a commercially available product).

Camera surveillance is simply no longer compatible with use in spaces, structurally inviting the general public, due to advances in technology. You cannot physically limit what’s being captured by an image sensor: it captures everything, and filtering (including removable masking) is only able to happen after collection. Which could also mean the data itself, or derivatives thereof, may be stored indefinitely; and could, at any time in the future, be used as evidence against members of society.

The only meaningful strategy to prohibit this, is to physically remove these surveillance systems: so personal data isn’t collected to begin with. Don’t even get me started, about the GDPR supposedly protecting citizens against this type of surveillance: it pushed for modernization of the systems, legitimized the “collect but protect” approach, created physical backdoors for the government to get ahold personal data being collected, and incentivized member states to piggy bank off of it.

But I’m glad the cracks are beginning to surface, and ordinary folks starting to grow uncomfortable around modern camera surveillance too, because that’s the only reasonable response to it.

It’s not a data protection issue, it’s a data collection issue

Practically every modern IP surveillance system can (and does) share evidence digitally

As self-hosted systems could sadly be considered a rounding error, in the context of all surveillance systems in use. And as long as home surveillance systems are strictly limited, to only capture within the boundaries of the property they reside on, I’m willing to accept that as a compromise. But I’m somewhat biased as a former mailman, in saying it’s uncomfortable to be under surveillance, regardless of whether the data is kept locally or not. At least in my local area, there’s no substantiated reason for such systems, and installations likely stem from unfounded paranoia, or reasons related to “convenience” (a doorbell camera to give instructions for package deliveries, instead of creating a designated spot for such deliveries).

… these updated regulations further demonstrate the state’s commitment to public safety

No it doesn’t. Taking these vehicles, which are clearly not production ready, off the streets would. So now you have these effective 360 degree cameras, systematically roaming public streets, that are legally required to collect and report data on “safety related” incidents (which could be anything these days).

I wish more people understood this problem isn’t restricted to Flock systems: every modern IP surveillance system can (and does) share evidence digitally, or set access privileges to their systems (allowing for real-time monitoring by third parties: mostly law enforcement); or if you’re a larger organization in the European Union, the GDPR requires a ‘Data Protection Officer (DPO)’ to have access to personal data being collected at all times, and must abide to any request being made by authorities, while under professional secrecy (and explicitly not disclose such additional processing, in access requests filed by data subjects). All of these seemingly separate systems (regardless of being privately or publicly owned), are increasingly growing interconnected, typically resulting into local ‘Operation Control Centers (OCCs)’; which may in turn share data they aggregate to further national, or even globally spanning OCCs.

Yet another platform with meaningless badges

This “problem” is nearly as old as the platform itself, as I can remember doing this as a child, when setting up my Hyves profile in the second half of the 2000’s; but no, now is the time to wake up… Right when there’s global efforts to “age” verify the internet, how coincidental…

(1) Offer a solution which exacerbates bot-traffic on the internet, (2) legitimize the need for verification of users as a result, (3) offer the most privacy-invasive “solution” to the “problem” imaginable: problem(1)-reaction(2)-solution(3)… every parasite’s favorite paradigm :)

I’m a European, and yet I wrote this; but I would agree many people (regardless of whether or not European) have progressively been accustomed, to having their personal identify tied to their devices (often for the sake of convenience, or out of necessity: the uncalled-for Two Factor Authentication (2FA) applications, for accessing government or work-related services, being an example), and I’ve not been an exception to that rule.

For me these were limited to applications, typically where a higher degree of security is expected: banking applications, the before mentioned 2FA applications, government mailbox applications, etc. But I’ve also once sent, a nearly fully redacted copy of my driver’s license to YouTube, in order to listen to music with naughty artwork (which I already believed to be ridiculous at the time, but gave into nevertheless).

Currently I would never let such applications near devices for general use, and it wouldn’t even cross my mind, to ever send any signal that signifies I’m not, in fact, a child, and shouldn’t be treated as such; ultimately so abusive services are green-lit to surveil me as an adult, instead of having to be more conservative (as data collection on children is typically more strict: for whatever reason… instead of people, regardless of age, being treated with dignity).

So no, not everybody has applications on their device, which link to, or directly store one’s personal identity. I rarely have to interact with financial or government services, and have zero interest, in being required to do so in order to access “age-restricted” content online. I like my pseudo-anonymity, and do not at all, trust a government application, which links this pseudo-anonymous activity to my personal identity.

Welp, this was bound to happen, wasn’t it? I’m pretty sure they’re referring to this application, which I stumbled upon a while back. If I remember correctly, the app “allows” (or implicitly forces) the user to store a government issued identity: able to attest to an age-restricted website, whether or not the user is of age.

It does this, supposedly by “just” sharing an age-bracket with the website; but here’s the kicker: the Union, in its generosity, has granted their citizens an in-app option, to withdraw this signal from the websites it has been provided to. What this means in practice, is the app storing one’s government-issued identify, also ties back to every account requiring “age-verification”…

So now, every device containing the app, has the owner’s government-issued identify on it, together with connections to every age-restricted service. And considering the apps are maintained by the Union, or member states (through their own implementations), creating a backdoor to the application’s contents… I mean to “observe app usage”, would be absolutely trivial.

Again, I’ve read it a while back, so some things might’ve changed, and my memory might be spotty; but I’m quite sure it’s along the lines I’ve described.