It would be mean-spirited to want that to be the case, it’s somewhere on the skeptical-cynical spectrum to think it’s likely. Don’t be so hard on yourself.
This is a really important lesson to internalize (the first one).
In order to change peoples' minds, they have to want to see that they're wrong. I think certain personality types are innately more disposed to the sort of introspection necessary to evaluate one's beliefs and throw out what's wrong.
Really it comes down to how much you care about truth. Coming from the hard sciences, it's surprising how far you can get in this world without caring even a tiny little bit about truth in many fields, most of which involve "people" and not "things": politics, sales, marketing.
This is a really important lesson to internalize (the first one).
The second is too! I’m telling you, peanut butter is an amazing savory ingredient! You don’t have to go full Hemingway (peanut butter and onion sandwiches), but at least satay is the way. Peanut butter is especially good when it’s spicy.
Plus yes, the other stuff, but I just can’t say enough about peanut butter.
Elon says a lot of things, and some of them even turn out to be true. The ones involving money though, seem to be less likely. This could work though, I think it’s more likely to never get off the ground. At least it’s just a tunnel, and not that Hyperloop crap. I actually have some faith in their ability to dig a tunnel, and zero faith in making a vac-train feasible.
You are just going to trash one of the most accomplished engineering magnets on earth without any rationale to back up your assertion? And please don't just follow with "it's well known that it won't work".
No, your response is worse, not better. It adds nothing to the conversation. Your original post could have merit if you back some of it up. This response is just internet shit-talking, and the opposite of the goal of HN.
I think this bid process was quite interesting and unusual. Build the infrastructure in exchange for the right to operate the system, with restrictions (must meet certain minimum departures, etc etc). I also thought it was interesting that Boring Co. won the bid, and now has exclusive negotiation with city officials for a year. So yeah, it might change in the next year or so, and whatever timelines they settle on might change (that's one very valid criticism of Musk), but I don't see any reason to think it won't happen.
Utopias are always justified this way, and the worst crimes are committed as a result. After all, if a potentially limitless number of lives are saved in the future, you can argue for sacrificing millions today. Somehow people never seem to understand that nothing real or worthwhile is down that road, and as a species we go down it repeatedly.
I think the best argument against this, is to demand that the person willing to let many die is the first to die.
"I think the best argument against this, is to demand that the person willing to let many die is the first to die. "
That's why I am saying that all road testing of autonomous cars should take place in the neighborhoods where the executives and their children live and are on the road. That would align the incentives of the company and the public.
So you’re agnostic on murder, slavery, torture of children and animals, and rape? Come on, we have tons of clear rights and wrongs, and the kind of absolute moral relativism you’re peddling is a smokescreen.
Moral absolutism can make it seem like you are on the right side of the debate even when the ground is shifting.
Lets take slavery as an example. Did you know that federal and state prisioners are forced to work for 30 cents or less an hour. If they refuse they get put in solitary. The average time someone is in solitary in the California prison system is 7.5 years. That is a form of torture. Slavery still exists lawfully so does torture.
Are you aware/against those forms of slavery/torture? Is everyone who is against slavery against this form? I think there is still some room for conversations around this issue and all of the other general topics.
I mean murder can be seen as a net benefit if someone murdered hilter before he took power.
Lets take slavery as an example. Did you know that federal and state prisioners are forced to work for 30 cents or less an hour. If they refuse they get put in solitary. The average time someone is in solitary in the California prison system is 7.5 years. That is a form of torture. Slavery still exists lawfully so does torture.
Conflating legality with morality is silly.
Are you aware/against those forms of slavery/torture?
Yes, because there are some moral absolutes, which is why you retreated from a moral argument into a legal one.
99% of people don't read anything before they push yes. Most people get increasingly annoyed at the mountain of e-mails, and the hundreds of pages they in principle has to read through.
No offense, but this feels like a “99%” and “most” that is something less than rigorous. I don’t think sound arguments for or against GDPR can come from the “Ah Reckon” space. Throwing out made-up numbers that just represent personal assumptions and anecdote is an impediment to real discussion of these issues.
I’d add that GDPR explicitly forbids just the kind of “press yes to forfeit all of your rights” crap we’ve seen before. I realize that some sites are still trying to get away with it, it it’s non-compliant.
>No offense, but this feels like a “99%” and “most” that is something less than rigorous.
I've read the contracts I have to sign, and generally this throws people off drastically. When I ask, they tell me I'm the first to read them. Things like leases at a place that has been around decades and I'm the first to sit down and read before signing. While it isn't rigorous, from my experience with wet ink legal documents, saying 1% do read EULAs and privacy policies is a very optimistic over estimation by magnitudes.
I think that indicates that the legal documents weren't written to be read, more than people are too lazy to read them. They were written for a lawyer and for use in court, and it's not realistic to bring in a lawyer for every EULA and contract we encounter.
And just as honestly, what are we going to do - say no? Saying no is more and more simply not allowed if you want to use a service. I've had job offers who would rather have me walk than change the terms of employment. There's not a website out there which allows you to use it if you do not consent to their EULA. Hell, I've encountered a EULA when starting my (purchased, not leased) car.
You can't even post on Hacker News without consenting to 39 pages worth of privacy policy and TOS.
And that is why I think the core of the issue is consent. The power difference between the lawyers who understand the legal system and write these documents and the users who are forced to agree to use the service is so great that consent cannot exist between the two parties. We legally allow it, much like some countries will legally let a 9 year old sign some document and then hold them to it, but that is a legal fiction that needs to be done away with. Of course this would be a massive shock to how we do things (how would you sign up for a loan), but that alone doesn't justify allowing such abuse of consent to continue.
> I’d add that GDPR explicitly forbids just the kind of “press yes to forfeit all of your rights” crap we’ve seen before. I realize that some sites are still trying to get away with it, it it’s non-compliant.
I have yet to see a non-terrible GDPR screen, and I'm an American. Every single one so far has been either a giant box of doom, or a giant modal of doom with a dozen checkboxes and a freakin' contract on it.
Nope, don't care, I just want to read the one paragraph of your blog - that's it.
Thought it was pretty common knowledge that people don't read anything contractual.
Anecdotally i have never personally witnessed any other than the most academically inclined legal nerds be interested in any terms of service or legal docs. Family, university peers, user analysis from my own services - all i have ever seen is frantic clicking until people get to where they want.
Also my point is not that the GDPR is stupid. I think most of the new protections are fair. I am just pointing out that the "one button click to consent" is completely meaningless because people have no idea what they are doing, are tired, are stressed out, or just don't care (most people).
I'm not saying GDPR isn't good for privacy (we need it); it just makes competition harder.
If easy competition is being paid for through shady practices, then it should never have been that easy. It’s a no-brainer that a large, established business has certain advantages over up-and-comers; GDPR didn’t make that the case either. It’s easier for a large, rich company to do almost anything, including respecting our privacy as enforced by regulation or law.
There's a consistent strain of conflation of this issue in all the GDPR threads, along the lines of "well, if you can't comply with the GDPR, you must be a evil company selling my data to bad people for bad reasons!"
You don't have to be doing anything shady with data for the GDPR to be a threat to you and your business. You can be collecting a bare minimum of data that you only use with the purest of intentions and still be in violation of the law and subject to its penalties.
Just asking for an email that will literally be used for nothing but to send a registration confirmation - you know, to sign up users, the same way we've been doing forever - puts you in its compliance crosshairs. You're now legally liable for a whole raft of additional compliance measures that probably necessitate paying a lawyer a decent chunk of change to make sure you're above board with. Your "MVP" has now expanded from "here's a simple idea I cranked out this weekend" to "here's a simple idea and a legal contract and audit trails that prove consent and an obligation to exfil data from my database on demand in perpetuity and data portability endpoints and data exchange contracts with every API provider I use and my database has to be encrypted at rest and highly redundant and I have to set up regular vulnerability scans and if I want to back up my database to a non-EU datacenter I have to obtain consent from all my users first and a bunch of additional requirements that possibly make it illegal to not age out my Apache access logs and why am I doing this at all again?"
GDPR significantly increases the friction for moving new ideas from concept to product, even if there is absolutely zero nefarious happening in the product. If it only made life hard on the people engaged in shady practices, there'd be a lot less concern over it, but that's just not the case. It doesn't just punish the misuse of data, it punishes the lack of proactive compliance to a set of criteria which are frankly beyond many hobbyists.
Some see this as a good thing. But I think that it's also fair to guess that it's going to cause otherwise good and benign ideas, products, and even entire companies to die on the vine as a result.
GDPR significantly increases the friction for moving new ideas from concept to product, even if there is absolutely zero nefarious happening in the product.
I would personally consider “not knowing where users’ data is, or being able to tell them” to be a nefarious act in itself.
> Just asking for an email that will literally be used for nothing but to send a registration confirmation - you know, to sign up users, the same way we've been doing forever - puts you in its compliance crosshairs. You're now legally liable for a whole raft of additional compliance measures that probably necessitate paying a lawyer a decent chunk of change to make sure you're above board with.
You have to tell the user why you are collecting it, what it will be used for and for how long you will retain it.
If you are just using as a login and to confirm the e-mail is valid, there's not much else you have to do.
Oh - you want to use that e-mail for lots of other things, some of which aren't central to the running of the service the user's signing up for? Then yes, you have to document and enumerate those reasons and ask the user if they are OK with that.
Yeah, that's article 5. There are 98 additional articles to the law, many of which impose additional administrative and technical requirements on your product.
Just saying "I'm using your email for signups" doesn't make you compliant. If it did then I doubt anyone would have a problem with it.
If there are 98 additional articles applying to e-maol signups, why did the poster go to such great lengths to introduce so many other factors which had nothing to do with e-mail signups?
Other than to try and make the regulations seem more baroque than they are.
And if your MVP makes money, you're on the hook for a lot of taxes and income reporting. It's part of the cost of doing business.
For better or worse, entrepreneurs only have their peers to blame for this, the peers who fucked up so badly that the government felt it had to step in.
The sum total requirement for reporting taxes on a hobby project in the US is filling out a single 1099-MISC at the end of the year, during a process that you'll already be doing anyway. It's not an onerous burden which introduces significant friction to the process of bringing a new idea to fruition.
I'm not saying "hobbyists shouldn't have to comply with the law", I'm saying "the law is disproportionately punitive to hobbyists in terms of burden imposed".
You have to be able to demonstrate audit trails of consent, including what the user consented to and when. You have to be able to demonstrate audit trails proving deletion requests. You have to have audit trails of who has ever accessed this data. You have to have a means to exclude pieces of your dataset from aggregate statistics on demand. Also, your audit trails can't contain PII because then your audit trails are in violation of the deletion requests, so you have to have mechanisms of proving that you processed deletion requests without actually identifying the data processed. You're also now obligated to respond to data inquiries in perpetuity, even to people for whom you have no data. Article 32 appears to impose a requirement for encryption at rest, high availability, disaster recovery, and regular penetration testing - all good things, to be sure, but completely impractical for the small hobbyist. Your "querying and deleting" is, by the letter of the law, now required to be a full-blown production-ready architecture with a business's worth of documentation.
And all because you wanted an email address to keep your login form from getting spammed?
I realize that in practicality, this is unlikely to ever be leveraged in any significant scope against most hobbyists, but the law is merciless and it is foolish to assume that you won't be caught in its crosshairs just because you weren't its intended target.
> And all because you wanted an email address to keep your login form from getting spammed?
No, all this because companies were selling your email address to spammers.
Also, your reading of the law seems at odds with most other readings I've seen. I'm sure it will come down to a lawyer - but I'm also sure that hobby programmer who take reasonable steps won't ever be in the crosshairs of the EU.
In a jurisdiction. GDPR means a dollar can buy more MVPs outside Europe than inside. Keep in mind that this has no bearing on the privacy stance of the ultimate product. Just the fixed cost of iteration.
I hate to break it to you, but the idea behind the GDPR is gaining traction outside the Europe. Fighting this trend is only going to hurt more in the long run.
> the idea behind the GDPR is gaining traction outside the Europe
I hope it does. Europe, however, has a unique penchant for unnecessary bureaucracy. Nobody is complaining about GDPR’s requirements. It’s the ancillary administration which is destructive.
What enforces compliance if there is no administration - the administration is the teeth of the compliance.
Companies have had years in which they were receiving warnings and recommendations for best practices - they ignored them. This is the piper coming with the bill.
