I told a friend about my start up and she jumped on it immediately. I opened the tool and watched her interaction. Then I told her "oh so you opened the dev tools" She immediately ended the session. "How did you know? That's creepy". It was the first time I've actually felt like these tools invade privacy.
Yeah, we include it in our terms and condition and privacy page, but I don't think users truly grasp how those tools work. I understand that all analytics tools provide this feature now, but its always creepy to know someone can watch what you are doing.
Every counter-example to this is people being intentionally creepy, inappropriate, or outright malicious. Which was a manageable problem when it was just a single dude being weird, society would eventually exclude and shun them. Trouble is today that we've mechanised malicious inappropriate behavior at scale and ensured we've set up our entire society and government such that the people responsible can never be held accountable in any way. So long as you're being maliciously creepy at scale (and you're wealthy) everything's fine and there's no consequences.
the people doing the "analytics" (surveillance) like their privacy too, because they are doing creepy stuff and don't want people to know it. And even if they aren't doing creepy stuff, the data might be used that way in the future (profile building, psychological tricks, personalized pricing, sharing behavior with others, etc)
For the majority of people I don’t think it’s true that they don’t care, but rather that they don’t know, don’t understand the implications, or don’t have the luxury of being able to do anything about it.
In the instances where I was able to have a longer discussion with someone to really explain what’s going on, they did care. Even if they previously said they didn’t.
Please be honest with yourself. People don't read terms and conditions. There's a good chance you don't read terms and conditions. And even if you do, odds are better than even that you don't fully understand all the legal implications.
Terms and conditions pages nowadays are there mostly to provide legal protection under the guise of "the user told us that they read these by ticking a box on our signup page; it's hardly our fault if they didn't."
Firstly, businesses can do whatever they like. There are no terms to agree to. They simply function in whatever way they "consider to be valid". If a customer disagrees with what is valid or not, hey, that's what courts are for. And given there's no agreement between business and customer, who's to say who is right?
The business can equally terminate you as a customer, with no notice, for no reason, at any time. They can delete all your data. They can spam your contact list. (Ok, they do all that already, but you know what I mean.)
Secondly, customers can do whatever they like. They payed their $9.95. They can do whatever they like. Sure, sharing logins is fine (if they "consider that valid".) They can abuse the system, scrape data out and resell it, anything goes. And of course the only recourse is back to the courts. Which is ultimately no recourse at all.
Even your analogy to parking breaks down. Should you have to prove legal residency to park? Should I be able to park a car on the street (unmoved) for a year? Should I be allowed to park next to a fire-hydrant? Can I park it in the middle of the road? Can my neighbor "reserve" his parking space using an orange cone? Clearly there's a lot more to parking a car than "I should be able to park".
T&C might not be fun, and you may not agree with them (hint: if you don't, then don't use the service) but they at least set out the business behavior that you can expect. Read them, don't read them, that's up to you. But don't complain that the fault is on them when they do something that are in the T&Cs.
And yes, I get they're one sided. customers never bother to submit their own T&C's so they're not fairly represented. Again, that's on you for using that service.
It already works like that.
> customers never bother to submit their own T&C's so they're not fairly represented
You can't. Not a question of bother.
> if you don't, then don't use the service
The problem is that this is mostly not an option. The service doesn't have competition or competitors don't have better T&C. Sometimes, like in the original commenter's example, there is a legally enforced monopoly.
At least the government has to enforce certain rights when using government provided services.
Everyone understands websites use analytics and tracking, but people dont want to be reminded of it. Which is why people hate those FB ads which exactly match what you searched for 24 hours ago.
Click (2016) - https://news.ycombinator.com/item?id=35841679 - May 2023 (35 comments)
Click - https://news.ycombinator.com/item?id=26518290 - March 2021 (243 comments)
Click click click - A browser-based game on online profiling. - https://news.ycombinator.com/item?id=18636038 - Dec 2018 (1 comment)
A demonstration of browser events used to monitor online behaviour - https://news.ycombinator.com/item?id=12985644 - Nov 2016 (165 comments)
for (let i = 0; i < 1000; i++) { document.querySelector(".button")?.click(); }
ETA: It also took a few seconds to get around to telling me (from the bottom up):
Subject has clicked on the button a thousand times.
Subject has clicked on the button one hundred times.
Subject clicks less than most other subjects.
Subject has run script to click on the button ten times within one second.
Subject has clicked on the button nine times within one second.
Subject has clicked on the button eight times within one second.
[0]: https://developer.mozilla.org/en-US/docs/Web/API/Event/isTru...
Thinking of input as a series of discrete events is an interesting cognitive model that many experienced programmers take for granted!
Where you're just sitting there clicking over and over
Apps know when we’re on WiFi, when we force quit, have potential to have motion sensor access if opting in…
Not sure the presentation needed for acceptance into the App Store. As a security checkup tool or something…
"What's the point?" she asked.
I said, "You can click it."
"But what's the big deal?" she was baffled.
"You can click it,“ I said.
“That's the big deal."
(It might not work on touch screens.)
the capability is there, your local hardware determines how seamless it would be.
Mental framing of a tech is weird.
But seriously, the parent comment isn't saying the technical fact a browser can see your cursor's coordinate is unnerving. They're saying the experience of being reminded of this fact is unnerving.
Technically, every time you take a bus ride the driver can just decide to crash the vehicle and kill the passengers and himself. This fact itself isn't unnerving -- it's just how buses work. But if there were a poster on the bus reminding passengers of that, that'd be quite unnerving.
It’s unnerving because people don’t like being watched.
In my case, though, after carefully enabling only scripts from the site and the Cloudflare CDN, but not enabling XHR/websockets back to the source page, or any cookies, the only thing that happens for me is:
1. I see a button and an exhortation to click the button.
2. I click the button.
3. The site goes "Subject has clicked the button."
4. The site goes "...".
...and then nothing else happens, no matter where I click or move my mouse. In the background I can see attempted websocket connections, but I'm blocking those so they can't happen.
If the aim of the game is to open people's eyes to the dangers of online tracking, it feels like there should be a reward mechanism if such tracking is blocked!
Presumably it's a simple matter to send something back to a server, but I've really never thought about the mechanisms involved.