Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Compliance to digital privacy laws in Germany and the EEA of Identity Authentication for malicious purposes #1970

Closed
srebre opened this issue Dec 2, 2023 · 0 comments
Closed

Compliance to digital privacy laws in Germany and the EEA of Identity Authentication for malicious purposes #1970

srebre opened this issue Dec 2, 2023 · 0 comments

Comments

@srebre
Copy link

srebre commented Dec 2, 2023

Hi,

I'm wondering whether anyone had actually considered if your, let's call it what it actually is, cloud identity tracking for the benefit of data brokers listed on your repository's main page, is compliant to any EEA digital privacy laws, and also specifically Germany [1].

To have any cloud identity tracking, whether federated, WebAuth, OAuth, SSO, and recycled names for the same spyware, one should first have the option to consent and secondly the option to disable, i.e., "opt-out". But your authentication spyware seems to automatically turn on, it got linked to my GitHub account for unknown reason, and seeing posts about logging in to Facebook and automatically getting tracked - I am seriously doubtful that this compliant not only to digital privacy laws, but consumer rights, and human rights.

Your website leads to "fake" European Hardware News webpage, but the privacy policy links to one of several data broker associations. Most of the data brokers that your identity tracking spyware supports are known to me and notorious for being non-compliant and ex-filtrating data and using tracking technology that damages devices. I had in fact suffered this, with persistent cookies, JavaScript cross-website injections and a storm of XHR by Google or Meta.

I'd like a comment about who's legally responsible for your tracking spyware, whether the responsible entity had thought of compliance to privacy laws at all, and where I can file a DSAR, ASAP.

Thank you.

Note to anyone: please refrain from any kind of "retaliation" because you will be reported to law enforcement.

[1] Sadly, privacy policies depend on one's legal residence, i.e., how much can companies exploit you before facing legal consequences. Germany seems to have stricter policies than EEA. But in any case, almost no company/corporation/enterprise/non-profit respects digital privacy laws at all and secretly bypass it. Such practices should be considered whether they are ethical and respectful to users, including yours.
@stloyd stloyd closed this as completed Feb 9, 2024
@hwi hwi locked as off-topic and limited conversation to collaborators Feb 9, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stloyd @srebre