Submission + - Should I be charged for my own site data, harvested without my consent/request?
Unpopular Opinions writes: Asking Slashdot for suggestions.
Lately a boom of companies decided to play their "nice guy" card, providing us with a trove of information about our own sites, DNS servers, email servers, pretty much anything about any online service you host. Which is not anything new, companies have been doing this for decades, except as paid services you requested. Now, the trend is basically anyone can do it over my systems, and they are always more than happy to sell anyone, me included, my data they collected without authorization or consent. Data they never had the rights to collect and/or compile to begin with. Including data collected thru access attempts via known default accounts (Administrator, root, admin, guest) and/or leaked credentials provided by hacked databases when a few elements seemingly match.
Some might say "if it is on the Internet, it is public information", and that's true — to the extent they aren't brute forcing, as some are. But the public information is now behind a paywall, so it ain't public any longer, but it is still your information.
Others might say "just block those crawlers" which is what some of those companies advise, but not only the site operator has to do automate it him/herself, not all companies offer lists of their source IP addresses identify them, use multiple/different crawler domain names of their commercial product, or use cloud providers such as Google Cloud, AWS and Azure — one can't just block access to these companies networks without massive implications. They also change their own information with no warning and many times, no updates to their own lists. Then, there is the indirect cost: computing cost, network cost, development cost, review cycle cost. It is a cat-and-mice game that has become very boring.
Just for fun, many months ago I put on my site Terms of Service page verbiage just like theirs, that amongst other ToS things, reads "By collecting any data hosted on this domain and/or its registered IPv4 and IPv6 addresses, you hereby authorize any person and/or valid user account from this domain to a no-cost, full and unrestricted access to any processed data originated by these systems, to the full extent of the law. You agree that by accessing the Site, you have read, understood, and agree to be bound by all of these Terms of Service. IF YOU DO NOT AGREE WITH ALL OF THESE TERMS OF SERVICE, THEN YOU ARE EXPRESSLY PROHIBITED FROM USING THE SITE AND YOU MUST DISCONTINUE USE IMMEDIATELY.". All data harvesters are still here, so proof nobody reads terms of services until it bites them in the wallet.
With the raise of concerns and ethical questions about AI harvesting and learning from copyrighted work, how are those security companies any different from AI, and how could one legally put a stop on this? Could a TOS like the above become legal and enforceable by law (assuming at lawful countries/jurisdictions)?
Lately a boom of companies decided to play their "nice guy" card, providing us with a trove of information about our own sites, DNS servers, email servers, pretty much anything about any online service you host. Which is not anything new, companies have been doing this for decades, except as paid services you requested. Now, the trend is basically anyone can do it over my systems, and they are always more than happy to sell anyone, me included, my data they collected without authorization or consent. Data they never had the rights to collect and/or compile to begin with. Including data collected thru access attempts via known default accounts (Administrator, root, admin, guest) and/or leaked credentials provided by hacked databases when a few elements seemingly match.
Some might say "if it is on the Internet, it is public information", and that's true — to the extent they aren't brute forcing, as some are. But the public information is now behind a paywall, so it ain't public any longer, but it is still your information.
Others might say "just block those crawlers" which is what some of those companies advise, but not only the site operator has to do automate it him/herself, not all companies offer lists of their source IP addresses identify them, use multiple/different crawler domain names of their commercial product, or use cloud providers such as Google Cloud, AWS and Azure — one can't just block access to these companies networks without massive implications. They also change their own information with no warning and many times, no updates to their own lists. Then, there is the indirect cost: computing cost, network cost, development cost, review cycle cost. It is a cat-and-mice game that has become very boring.
Just for fun, many months ago I put on my site Terms of Service page verbiage just like theirs, that amongst other ToS things, reads "By collecting any data hosted on this domain and/or its registered IPv4 and IPv6 addresses, you hereby authorize any person and/or valid user account from this domain to a no-cost, full and unrestricted access to any processed data originated by these systems, to the full extent of the law. You agree that by accessing the Site, you have read, understood, and agree to be bound by all of these Terms of Service. IF YOU DO NOT AGREE WITH ALL OF THESE TERMS OF SERVICE, THEN YOU ARE EXPRESSLY PROHIBITED FROM USING THE SITE AND YOU MUST DISCONTINUE USE IMMEDIATELY.". All data harvesters are still here, so proof nobody reads terms of services until it bites them in the wallet.
With the raise of concerns and ethical questions about AI harvesting and learning from copyrighted work, how are those security companies any different from AI, and how could one legally put a stop on this? Could a TOS like the above become legal and enforceable by law (assuming at lawful countries/jurisdictions)?
