Comment by chii

Comment by chii 10 months ago

12 replies

View on Hacker News

> Why can any scammed just create a website without any traceability?

because jurisdictional challenges.

Not to mention that this very same traceability would be abused by some other authoritarian gov't to track down dissidents for example.

There's no real way to systematically have good security, if the human element is the weakest link tbh. Securing windows is not a technical problem, but a social and educational one.

mnau 10 months ago

More like no will.

Does the domain/server implements required level? No? Block connection. Dtto email with automatic response.

Is your IP in a botnet? Cut it off.

Edit: I already get blocked connection (on target site) because EU regulation is too onerous. I get reminded on basically every Google search I am being censored (Some results may have been removed under data protection law in Europe).

Completely doable.

Reply View 11 replies
  • GTP 10 months ago

    > I already get blocked connection (on target site) because EU regulation is too onerous

    More like "we want to track every single user coming to our website without giving them the option to not be tracked".

    Reply View 3 replies
    • mnau 10 months ago

      You can serve consent form only to the connections from EU.

      I have been part of se several GDPR compliance projects and it's the other stuff that's the problem.

      Data protection officer (recurring cost, even though it is only a part of a job, not full time position) , user data deletion and user data take-out. Compliance is not free. If system wasn't designed from the beginning, it's really expensive to add it.

      Restore from backup after disaster recovery - make sure you anonymize/delete people who were deleted after backup was made.

      BTW, IP address is PII, so...

      Honestly, it would be cheaper to buy everyone in EU VPN.

      Reply View 2 replies
      • janc_ 10 months ago

        It's actually very simple & cheap to be compliant: stop tracking EU citizens.

        Reply View 0 replies
      • GTP 10 months ago

        > You can serve consent form only to the connections from EU.

        Why? While I get that, if tracking is part of someone's business model, they want to track as many people as possible, I doubt it would be illegal to give also people that aren't in the EU the option to not be tracked. If it really would be so expensive to be compliant while also differentiating between users connecting from the EU and users connecting from outside the EU, why not just give everyone the option to choose if they want tracking as a measure to cut compliance cost?

        Reply View 0 replies
  • guappa 10 months ago

    What do you suggest? Bomb even more countries?

    Reply View 6 replies
    • mnau 10 months ago

      You don't need to bomb anyone.

      Add IP rules at cables inside and out of let's say EU and block it there.

      Same way we deal with any non-compliance thing. You can't import it.

      Your server/domain doesn't satisfy requirments. Either the originator complies or not (e.g. through trusted third party).

      Reply View 5 replies
      • guappa 10 months ago

        Because ip geolocation has always been reliable and never inaccurate?

        Reply View 4 replies