Posted June 28, 2019
high rated
So, got the Privacy Policy update e-mail. Being somewhat annoyed by the surveillance creep in everything digital (and having both caught the end of joys of living in the Soviet bloc and having read my share of classic sci-fi to get some taste just how horrible of a practice that is), I decided to look at the changes.
Apparently it's too difficult for GOG to host the privacy policy on their own site, so scoot over to ZenDesk that does their sub-contracting for customer support, because apparently hosting a single bloody text document on your own servers is too cost-prohibitive. Or something.
ZenDesk is already heavily into data mining themselves: https://www.zendesk.com/company/customers-partners/privacy-policy/
Basically "all UR data R belong to us" policy, but wait, that's not all!
If you do not allow third-party scripts on ZenDesk's page, you're SOL because it won't load the actual document anyway. They use several additional third (or, should it be "fourth" by now?) party providers:
jsdelivr.net - https://github.com/jsdelivr/jsdelivr/blob/master/Privacy%20Policy%20-%20jsdelivr.com.md
Same-same, everybody wants in on that sweet, sweet tradeable metadata.
zdassets.com - couldn't even access that page for some reason. Either they are already blocked on my end, or they only allow specific outside references to be processed. Either way, NFC what their privacy policy is (isn't that a very much illegal action when targeting EU residents now?), but not exactly holding my breath for "no third-parties sharing" clause.
bootstrapcdn.com - https://www.bootstrapcdn.com/privacy-policy/
One of the largest CDN networks, so as usual they can take everything they want and trade it around.
Then the usual Google stuff, because apparently internet can't work without letting Google data-mine the request origin:
googletagmanager.com
fonts.googleapis.com
Oh, and on top of that, both jsdelivr.net and bootstrapcdn.com have integrated Google Analytics anyway.
And that's just information that my scrubby non-infosec-professional butt dug out in about 10 minutes of time.
So much for "your privacy is important to us," GOG. Good laugh.
Now, would you kindly bloody well host the sodding Privacy Policy on your own servers so I can actually see it without giving everybody and their grandma's data-mining services my info?
Thanks.
Apparently it's too difficult for GOG to host the privacy policy on their own site, so scoot over to ZenDesk that does their sub-contracting for customer support, because apparently hosting a single bloody text document on your own servers is too cost-prohibitive. Or something.
ZenDesk is already heavily into data mining themselves: https://www.zendesk.com/company/customers-partners/privacy-policy/
Basically "all UR data R belong to us" policy, but wait, that's not all!
If you do not allow third-party scripts on ZenDesk's page, you're SOL because it won't load the actual document anyway. They use several additional third (or, should it be "fourth" by now?) party providers:
jsdelivr.net - https://github.com/jsdelivr/jsdelivr/blob/master/Privacy%20Policy%20-%20jsdelivr.com.md
Same-same, everybody wants in on that sweet, sweet tradeable metadata.
zdassets.com - couldn't even access that page for some reason. Either they are already blocked on my end, or they only allow specific outside references to be processed. Either way, NFC what their privacy policy is (isn't that a very much illegal action when targeting EU residents now?), but not exactly holding my breath for "no third-parties sharing" clause.
bootstrapcdn.com - https://www.bootstrapcdn.com/privacy-policy/
One of the largest CDN networks, so as usual they can take everything they want and trade it around.
Then the usual Google stuff, because apparently internet can't work without letting Google data-mine the request origin:
googletagmanager.com
fonts.googleapis.com
Oh, and on top of that, both jsdelivr.net and bootstrapcdn.com have integrated Google Analytics anyway.
And that's just information that my scrubby non-infosec-professional butt dug out in about 10 minutes of time.
So much for "your privacy is important to us," GOG. Good laugh.
Now, would you kindly bloody well host the sodding Privacy Policy on your own servers so I can actually see it without giving everybody and their grandma's data-mining services my info?
Thanks.
Post edited June 28, 2019 by Lukaszmik