How much of this improvement is a mysterious machine learning algorithm and how much is it just looking for new things from my subscription list, I’m not sure, and that’s important: being trapped in a torrent of self-reinforcing falsehoods is something I fell for in my teenage-goth-New-Age phase, which Carl Sagen condemned in The Demon-Haunted World, and which people in general have been falling for with every sychophant and propagandist from soothsayers to tabloids telling them what they want to be so.
Genuinely curious here: how can you tell you've escaped one set of self-reinforcing falsehoods while being sure you haven't fallen into another, different set?
I am wholeheartedly in favor of a free marketplace of ideas where (we would hope) good ideas win out over bad, but as it is, once you’re deemed by an algorithm to be susceptible to a certain category of extremist information, that’s all you’re ever going to see again; the competing ideas are never going to have a chance.
Algorithmic distribution of ideas is sorta like distributing ideas via gasoline-powered leaf blower directly to the face. I am free to speak my competing ideas, and so technically I haven’t been censored, but no audience is going to hear me over the leaf blower.
I'd like to see the browser put in a sandbox and its inputs/outputs sanitised and de-biased before being presented to the user. Could also protect privacy more. We need more browser innovation. A neural net should be in every browser ready to apply semantic rules.
I don't know TikTok, but people seem to like its choices.
But there are good uses, like for music. I can’t really think of a downside for music tbh, it’s not like music tends to spread extremism, and on the upside lesser known artists have a better shot at being discovered through the algorithm.
I think wars (even with the on-going war that Russia started), climate issues (even with the high consumption present today) and poverty (even with many countries still in it) will all have a trend of declining. However, this echo chamber fueled with miss-information is one of the things I care for.
I am so happy the EU has power and will to make good changes that gives mutual benefit to everyone when other parts of the world does not.
It's government's job to put constraints on companies, stopping them from becoming the absolute assholes they become if they have no limitations. That does not make them authoritarian.
A few years ago the true extent of the Swedish program for tracking left wing sympathisers became known. It ran from the sixties up until 1998. For example, if your car was seen outside of a left wing publication you could end up on a list somewhere. That caused you to be automatically excluded from 5-10% of all jobs without you never finding out about it until 20-30 years afterwards. Imagine wanting to become a police officer, a pilot or and engineer and never understanding that the reason you didn't get an interview was because you had parked in the wrong spot one day years before. Or that your sister briefly dated a left wing journalist at some point.
This is hyperbole.
This suggestion is the logical next step of the part of GDPR where it says that citizens should be able to understand how automated decisions are made about theme and their data. This is about transparency for citizens, not governments dictating how algorithms should work.
Spotting inconsistencies in my beliefs is what pushed me out of New Age mode, and ironically what pushed me into it in the first place (from Catholicism).
Looking at you, Schufa.
It's not transparent to the public, but it is auditable due to anti discrimination regulations. Am I wrong on this?
Personally, i thimk denying people a loan is a pretty impactful decision on peoples life. They deserve a reason.
You have a right as a consumer to the underlying data from the credit reporting bureaus, but not the proprietary algorithms that determine risk.
I understand the desire for transparency, but at its core credit scoring is fraud prevention. It is like asking Visa to explain what criteria they use to determine if a charge is fraud, which predominately helps the people trying to do the frauds.
Explaining algorithms could, in theory, give away a competitive advantage. However fairness to users seems to be a priority in this decision.
Both of those seem like good ideas and progress. The non-profiled recommender system option especially!
It's also really bothered me that tech companies of sufficient size can discriminate against legally-protected classes because "algorithms are complicated" and government regulators haven't pushed.
I'm not a fan of regulating design or use, but I'm a huge proponent of requiring transparency and detail on demand.
We'll see how willing the EU is to levy fines for breaches.
It's no doubt a consequence of most huge tech companies being American, but it's been refreshing to see the repeated "We have a law; You clearly broke it; Here's your fine" follow-through thus far from EU enforcement.
Care to elaborate? Discrimination in terms of what ads are displayed perhaps?
It has been very slow with GDPR, I expect it to be even slower here.
Ordinary users will get censored. By the courts, by unelected regulators, and by Big Tech AI zealously nuking content to avoid arbitrary fines. It's content ID on steroids.
> Article 29 Recommender systems
> 1. Very large online platforms that use recommender systems shall set out in their terms and conditions, in a clear, accessible and easily comprehensible manner, the main parameters used in their recommender systems, as well as any options for the recipients of the service to modify or influence those main parameters that they may have made available, including at least one option which is not based on profiling, within the meaning of Article 4 (4) of Regulation (EU) 2016/679.
> 2. Where several options are available pursuant to paragraph 1, very large online platforms shall provide an easily accessible functionality on their online interface allowing the recipient of the service to select and to modify at any time their preferred option for each of the recommender systems that determines the relative order of information presented to them.
Easy to see this concept expanding
Why should anyone care if they have a competitive advantage?
If anything I want them to have a disadvantage, lose money, and go out of business.
Which is good. We could use some more competition on the market.
There will be no explanation of the actual algorithm.
However, if regulation required companies to disclose all of the data goes into those models, how they acquire it (tracking browser/app behavior, purchase from 3rd parties), and so on, that would be the real game changer for consumer privacy and protection.
I don't know if that's true or not myself though, since I haven't read myself.
Should be six percent for first offense, 12% for second, 25% for third, etc.
Until the company fixes it's compliance or becomes insolvent.
I think 6% is quite a lot, even if one has 40% margin. Investors will be highly distraught and seek remedies from the current management. But for instance at 20% they will blame the regulators and push the company to fight in courts.
In any way, government wants to motivate change in behavior not taking companies out of business.
Taking maliciously noncompliant comanies out of business can be a way to motivate others to not try to skirt the law.
Requiring transparency for bans and censorship though will probably have a major effect if people start asking nosy questions and exposing corporate and government abuses of power. Many EU governments will regret that users can expose them , that will be fun to watch. It will also make it very hard for companies like reddit to function: could reddit be legally liable for actions of its moderators?
the other clauses are the typical wishful thinking by EU legislators who think that you can legislate the solution to unsolved or unsolvable tech problems
This is an excellent addition.
You need to give the user an explanation on why you blocked his account, but if Google is kind enough to add on top the secret neural network then some people would be happy to have a look at it and find even more garbage in it.
Every time I see these kinds of discussions I wonder if quite a few of the disagreements are due to e.g. US commenters worried by the relative lack of specific details.
- US, common law, https://en.wikipedia.org/wiki/Common_law
- EU, civil law, https://en.wikipedia.org/wiki/Civil_law_(legal_system)
Citing: Civil law is a legal system originating in mainland Europe and adopted in much of the world. The civil law system is intellectualized within the framework of Roman law, and with core principles codified into a referable system, which serves as the primary source of law. The civil law system is often contrasted with the common law system, which originated in medieval England, whose intellectual framework historically came from uncodified judge-made case law, and gives precedential authority to prior court decisions.
Anti-discrimination legislation has already made black-box algorithms illegal if they are deciding on anything that a user might take objection to - so for most use cases this is not a big change.
As for - the recommender systems will have to not be based on profiling - unless we're talking about removing recommender systems based on data altogether - it will be interesting to see what the legislation considers profiling. If I tie your recommendations to the last viewed piece of content (content contextual recommendation), is that profiling? It's arguably worse for the user and for society more than profiling recommendation. If the recommendations are based on your explicit categories is that not profiling? Yet it's the principle used in news aggregators for the last 30 years.
The wording is going to be important here.
> as a rule, cancelling subscriptions should be as easy as signing up for them
Overall I like these principles, but we'll see in a few years how they're enforced in practice. It's been 4-5 years since we've had GDPR and I still see sites that require tens of clicks to disable all advertising cookies (and the most I've seen was 300+ clicks). Even Google only this week announced they'll add "reject all" button to their cookie banners.
I expect it'll be similar in this case, companies will do bare minimum to try to stay compliant with the regulation, and it will take a few years to see real differences, but I hope it's at least a step in the right direction.
Before I sign out for any service this is the first thing I check.
"Our algorithms use gradient descent. Data flows through our connected tubes, slowly wiggling their size until the data starts flows back and forth faster."
This isn't an issue of "limits on speech", but rather, another reminder that one shouldn't enable folks to become dictators. Not having some reasonable limits on actual misinformation makes us all less free, however, because we cannot put our trust in some organizations.
Just hope this doesn't backfire. The cookie law was also a thing the EU created with good intentions after some politicians decided "omg cookies are bad" and we ended up still using cookies but pop-ups in every single website basically forcing you to accept the use of cookies.
.. from few months ago. Weights change daily, most likely updated by another NN.
I guess it's nice that lawmakers understand that at some point these companies used algorithms to search or sort stuff, but industry has already moved to another level. We might be able to explain specific result of neural networks (Shapely values or something like that), but the actual algorithm (=NN)... no way.
I feel a lot of people on HN are looking at this from a technical standpoint while lawmakers are more interested in how these companies plan and position themselves. Explain how they "maximize profits and shareholder value" would be more accurate in my opinion
The level of disclosure is not going to break a lot of competitive advantage.
basically need to say what input sources and feedback they use and modular blocks on what different steps go into the pipe, nobody is asking them to expose the actual weights of billion parameter ml model they all probably have .
Even if hypothetically they did expose that level of detail it is useless for regulators as they don’t have resources to run the model , and testing a model for side effects in depth is hard .
Looking at this, I am hopeful but not too optimistic.
And The Verge on this very article :)
The solutions to this aren't regulatory, but technical first. Monetary fines to tech giants are mere slaps on the wrist. We, and by that I mean the web developer community, need to make technical solutions that make it impossible for companies to infringe users' rights. I guess we should first start by defining what those should be on the web. Those solutions then need to be presented to lawmakers and companies forced to adopt them. This is not rocket science; there are already solutions to these problems that just aren't adopted (e.g. the {ab,un}used Do Not Track header).
All this "behave this way or else" regulation is just reactive, and usually takes years to even pass into law, by which point tech giants are way ahead of it anyway.
Or the auto renewing subscriptions that either cancel your service immediately the second you turn off auto renew, even if you paid for the current time allotment, or they just prevent or ignore your request to not renew.
I feel like reverse charging didn’t exist back then.
There’s also entitled devs that say your email domain or VOIP number isn’t good enough when signing up for their service. There’s no reason for anybody to use an email from their perfect in test whitelist of gmail or Microsoft domains… And why would anybody ever have a voip number unless they were a terrorist?
“Hey we couldn’t process your card due to a temporary error so we went ahead and cancelled your $59 for AllTheThings plan you had for the last 10 years as a loyal customer. We’re very much not at all sorry that plan isn’t available any more. Now AllTheThings costs $129, but don’t worry, just click to reactivate, we’ll try your card again.” … “AllTheThings processed successfully for $129, thank you for your custom.”
How do you get economic and business growth (things which are good for people - jobs and employment) without marketing and advertising?
Oh and firewall or defender that puts a big !! Everywhere so it seems that my system will explode anytime
Are they aware that people use it for working?
Haha, look how long it took. That's Billions gathered and I wonder/never heard anyone is asking the money back from these A-Z companies that make their money on the grey web.
“Why do you want to cancel?” “I’m moving.” “Would you like us to transfer service to your new address?” “No.” “OK”
This is a step towards "freedom is slavery."
I take it you believe the tolerance paradox also gives off 1984 vibes?
So you click the cancel button.
Only you find out you’ve cancelled Prime.
I've always wondered why Sergey Brin and Larry Page retired when they did, it coincides almost exactly with the beginning of the SERP quality decline. Wonder what sort of conversation they had with intelligence to quietly walk to the door, cash out, and say nothing about the company since.
“Integrity” has different meanings for each group. For the latter, the meaning is likely closer to “bring in enough revenue to keep the publication running.” Applying dark patterns does not conflict with this.
This reminds me of supermarkets in Germany loudly announcing that they would abandon plastic bags to save the environment ... a few weeks before legislation came into effect banning them from selling plastic bags.
Why wait until you're potentially facing fines if you can move slightly ahead and sell it as a voluntary good thing you do for your users/customers?
I suspect that Google and Facebook will not offer country specific blocklists like they do for Nazi content in Germany. If Hungary bans LGBTQIA content, it'll disappear in France. Europe can then have an argument about how they "really really not really" believe in free speech.
EU law applies to companies which operate in the EU.
Vaguely worded laws can also lead conservative corporate counsels to make decisions like geoblocking all of the EU
i.e. if signup is "email and credit card number" then you're going to be hard pressed to explain why a similar option to cancel does not exist and isn't accessible in as many clicks, with equivalent screen real-estate usage.
So you argue that to cancel a subscription, you should have to provide your credit card number again. If a check on the credit card fails for some obscure reason, you cannot cancel your subscription.
This is what "subscribe is as easy as unsubscribe" also means.
My recommendation:
1. Install "I don't care about cookies"
2. Install "Temporary containers"
This requires that you use special containers for things you do wish to have cookies for such as HN for the login. Other than that, you can safely click accept for all websites, since it won't persist anyways.
And, no, I can't be bothered to review their source code if it's available, or to trust that I'm actually running said code, that it won't become malicious eventually or bother with building it myself. Unless it's run on demand and for a single purpose, I suggest avoiding extensions altogether.
Really? Which dark pattern would bever be created if eu didn't exist?
"We, and by that I mean the web developer community, need to make technical solutions that make it impossible for companies to infringe users' rights. I guess we should first start by defining what those should be"
So, in this process, most of the population will get told what their rights are?
Since you complain that the regupation is slow, any ETA when the technofix will be ready?
> Which dark pattern
The cookie consent forms that were a direct response to EU laws.
> most of the population will get told what their rights are?
Internet users need to be a) educated about the value of the data they produce (and ideally compensated for it[1]), and b) be provided with tools that safeguard this data and give them absolute control over it. So, yes.
The web should be user friendly, not hostile and scammy at every turn. It should be impossible for companies to abuse user data, and regulations are clearly too slow and ineffective.
> any ETA when the technofix will be ready?
Some already exist, and others can be built. The incentives are just not there, as tech giants rule the web and law makers are both influenced by and playing catch up to their schemes.
[1]: https://www.forbes.com/sites/forbestechcouncil/2020/10/30/sh...
No. The law is not the reason. Companies that knowingly and willingly break it are.
Those annoying popups? The vast majority of them are illegal under GDPR, which parasites like IAB are very well aware of: https://www.iccl.ie/news/gdpr-enforcer-rules-that-iab-europe...
Edit: changed article URL
If they're now illegal, that's on the EU for making them vague or not strict enough.
But my point is that fighting this with laws is:
- too slow, since by the time governments catch up that something should be done, a lot of harm has already been inflicted upon users. And by the time laws do come to pass, tech companies have grown in power and already have alternatives to keep growing. Governments are constantly playing catch up, which was a problem even with Big Tobacco/Pharma, but the speed of innovation of Big Tech is unparalleled.
- too ineffective, as breaking these laws is too slow/difficult to prosecute, and even when companies are fined, it's mostly symbolic to even matter. I.e. to them it's just the cost of doing business.
> were a response to the "cookie law" passed in 2009[1]
Your link clearly states: "Receive users’ consent before you use any cookies except strictly necessary cookies".
For everything else you need to ask for consent with "No"/"Reject" being clearly labeled and being the default option.
Yes, it's that easy.
> too slow, since by the time governments catch up that something should be done, a lot of harm has already been inflicted upon users.
So, what eactly is your proposal except "law is bad"? How do you propose law should work to minimize harm?
To be clear: I think that EU is too slow and too lenient when prosecuting things illegal under GDPR, and that they should pick up the pace. However, "omg this law makes the web bad" is in itself is a very bad take. Because it takes responsiility from those who are actually responsible for making the web bad. They are now exposed... but managed to persuade people that it's not their behaviour that is blatantly evil, but that "the law exposing them is bad".
I understand the criticism though - increased attack surface. But the Web is pretty much a lost cause anyways.
https://drewdevault.com/2020/03/18/Reckless-limitless-scope....
Fwiw I don't use Apple Pay either. There's a lot of things I don't use, for various reasons, and "you should just give in and use it" isn't the right response.
At no time has the term ‘dark pattern’ ever been necessarily dependent on getting you to pay money.
Your argument is that I sound stupid, so I must be wrong?
There’s no button.
https://www.cultofmac.com/538999/apple-under-fire-apple-pay-...
https://www.wsj.com/articles/apple-insists-iphone-users-enro...
My other peeve is when streaming apps put a button in the bottom-right of an ad, same size and style as the ‘skip’ button one reflexively clicks. Except it turns out to be an ‘engage even moar’ button.
I don’t disagree regards dark patterns, your example just felt a bit irrelevant to the specific topic being discussed (Amazon pushing a paid for product / cancelling a paid subscription).
I had a bit of a nightmare where one of the credit reporting agencies was convinced my residential address was inside my bank. Their online system referred me to their phone system or sending them mail. Their phone system referred me to their online system or sending them mail. I sent them mail 3 times and got no reply. An online cheat guide for getting to an actual human through their phone system didn't work, and I eventually just started hitting random keys in their phone system and got to a human who was able to sort it out.
You can't even get a secured credit card (backed by a cash deposit) without a credit check (I looked into it), which is going to fail if your residential address is wrong.
Opening a financial account that might misreport something to a credit agency shouldn't be taken lightly.
And please don't ad hominem attack people you're responding to.
-- Linus Torvalds
I'm not saying that to defend anyone BTW. This complexity and opacity (which is transitive in the sense that a combined result including even one opaque part itself becomes opaque) is very much the problem. What I'm saying is that it's likely impossible for the companies to comply without making fundamental changes ... which might well be the intent, but if that's the case it should be more explicit.
At a broad level:
what are the input sources like IP address , clicks on other websites etc you use to feed the model.
What is the overall system optimized for , like some combination of engagement , view time etc, just listing them if possible in a order of preference is good enough
Alternatively what does your human management measure and monitor as the business metrics of success .
I want to know what behaviors (not necessarily how ) are used , I want to know what is feed trying to optimize for , more engagement, more view time to etc
This is not adversarial, knowing this helps as modify user behavior to make the model work better.
Users already have some sense of this and work around it blindly , for example YouTube has heavy emphasis on resent views and search . I (and am sure others) would use signed out user to see content way outside my interest area so my feed isn’t polluted with poor recommendations. I may have watched 1000’s hours of educational content but google would still think some how to video I watched once means I need to only see that kind of content.
Google knows it is me sure even am signed out, but they don’t use it change my feed that’s the important part and knowing that can help improve my user experience
You are an insider?
Even if some of that is off, the premise of a chain of some ML, and some not ML, processors means they probably can't really tell you exactly why anything ranks where it does.
What needs to happen is for privacy-minded tech people to propose and lobby solutions to governments that make it impossible for companies to violate these rights in the first place, and then governments making it a law for this technology to be used by all companies. E.g. the DNT header could've been one such solution, but the fact it was never made part of a law is what led to it being abused for ironically tracking itself, and now abandoned altogether.
We're in this mess because governments fundamentally don't understand technology and how to police it. Either that, or they're willfully complacent with the status quo because it benefits them as much as the corporations.
Do you realize that all laws happen after something happens? Even your proposed solution of tech people coming up with something would also happen after the fact?
> What needs to happen is for privacy-minded tech people to propose and lobby solutions to governments that make it impossible for companies to violate these rights in the first place
Ah yes, the magical technical solution that is impossible to violate.
Good thing that you mentioned DNT. Do you know that DNT ended up being used for browser fingerprinting and hence tracking?
Had DNT been codified into law, you'd be complaining on HN that the law is bad and governments don't understand technology.
> Either that, or they're willfully complacent with the status quo because it benefits them as much as the corporations.
wat. GDPR is literally aimed against the status quo. I wish it was more rigorously enforced, of course.
Also, it doesn't apply just to the web. It asserts right to privacy as a fundamental right.
We will rather try to provide explanations for specific decisions, so if we deny you a loan we want to be able to tell you what pieces of hard data we are basing that decision on. Try to make it actionable, instead of the opaque numbers that lead to a feeling of "the computer says no." It's still an open question of if we will be able to provide that insight.
Legally I don't know if the credit score, or any of the components (LGD and PD) count as "personal data". If it does, we are obliged to provide it. Basically no customers make those kinds of requests so there's not really any internal discussions around those questions. As far as my bank is concerned, I'm sure we'd just tell you if you asked. We're bad at secrets.
Yes, because of the obvious ramifications, as you've alluded to.
No, because it's a private company you're asking the loan of. If they don't want to lend to you, then they don't have to lend to you. I believe they should be able to come to this conclusion however they like, except based on the obvious factors like culture, gender (or lack/fluidity of), etc.
but mostly yes. I think the credit economy is an important thing to understand and people should be able to access credit so they can actualise their lives.
Really? How do you figure? I genuinely cannot tell how you are reconciling these two points of view. While should a private business be able to do business however it wants, but somehow be restricted when it comes to this list of 3-4 factors? Can you elaborate on that?
More specifically, how do you reconcile this opinion with the fact that many algorithmic models do perpetuate existing discriminations against these groups that you listed, despite these things supposedly not being parameters of the algorithms?
(Note: I am not condoning discrimination. In fact, I personally don't think that private business should be able to do whatever they want, and that they should be much more restricted than they are today in many, many different respects.)
I don't get how you're confused by this notion. A business should be able to operate however it likes, within the confines of the laws of society. What don't you get about that?
> More specifically, how do you reconcile this opinion with the fact that many algorithmic models do perpetuate existing discriminations against these groups that you listed, despite these things supposedly not being parameters of the algorithms?
I'm sure there are many examples of laws not being obeyed, ethics being dodged, or morality being misaligned, but that doesn't take away the simple fact that a business should be able to do business however it likes provided it's obeying the law. If a business is not obeying the law, then it's prevented from doing business. If it's not prevented despite the obvious legal breaches, then it's corrupt or the government is corrupt.
Is there something about this you're missing?
Saying that private businesses can just do whatever they want is basically incompatible with Western society as we know it. It only works at small scale precisely because little shops don't have access to data about their customers and they are legally barred from using the obvious clues like "wears a turban" or "has short hair and cargo pants"
But I never said that, though. I said they can operate however they like within the bounds of society's laws. You've turned something I've said into something I did not say, and I expect an apology on your part for placing me in a negative light.
I believe in socially responsible, healthy business practices that add positive value to the economy they operate inside of, not detract from it. Laws should be obeyed.
- They already have too much debt
- They don't earn enough to pay it off
- They have a history of not paying off their debts.
This should not be hard to explain to most people.
If only. In practice it's more like "They don't have a history of paying off their debts", which crucially means if you don't have a history of being in debt then you have no history of paying it off, and therefore you're considered high risk. Thus you get otherwise-nonsencial behaviours like taking out a loan only for the reason of paying it off.
Say you lend $200 to a guy who also has a house worth $100, you're the only creditor. In the event of a default, you can take that $100 house. That means you only lose $100, not he $200 you're actually out. This is called the Loss Given Default, or LGD. That number encapsulates the you first point, and half of point two.
The other half of point two, and the entirety of point three is covered in what we call the Probability of Default, or PD. The chance that a given debtor is going to default.
I hope you can see how these two number interact, especially when you then also take into account the upside of giving the loan. Providing loans might entice a large counterparty to do more business with you, or it might provide you with access to a new network. It might make sense to make a risky loan if the downside is very small, or conversely it might not make sense to make a pretty safe loan, if the downside is huge. In practice you can multiply these two numbers together to get an "expected cost" of proving the loan.
Now when someone comes and asks you why you aren't going to lend him $300, you then have to be able to trace all that data back to the source.
People who think that money is the only thing that other people want are doomed to be repeatedly exploited by people who understand that there are more forms of exploitation than directly monetary.
You feel you profit from facebook tracking as well?
Regardless, these dark patterns are truly disgusting and how some can defend them so mindlessly just because they apparently found a use for a product is quite disturbing.
Like, maybe, for example, a feature is "this site has a favicon.ico that is unique and not used elsewhere" (page quality). Or "this page has ads, but they are below the fold" (page layout). Or "this site has > X amount of inbound links from a hand curated list of 'legitimate branded sites'" (page/site authority).
Google then picks a starting weight for all these things, and has human reviewers score the quality of the results, order of ranking, etc, based on a Google written how-to-score document. Then tweaks the weights, re-runs the ML pipeline, and has the humans score again, in some iterative loop until they seem good.
There's a never-acted-on FTC report[1] that describes how they used this system to rank their competition (comparison shopping sites) lower in the search results.
[1] http://graphics.wsj.com/google-ftc-report/
Edit: Note that a lot of detail is missing here. Like topic relevance, where a site may rank well for some niche category it specializes in. But that it wouldn't necessarily rank well for a completely different topic, even with good content, since it has no established signals it should.
AKA ensemble models.
> I’m still struggling to see the relevance though, trying to get me to buy things is very different from trying to get me to use a feature you profit from (in my opinion).