o1bigtenor via Dng <dng@???> wrote:
> I made a purchase from an online store - - - its a smaller entity that
> covers some interesting niches - - therefore the order.
>
> In doing the purchase - - - noticed, using uBlockOrigin and
> PrivacyBadger, that paypal 'only' has some 9 domains linked into the
> transaction. Hmmm - - - that's not all - - - that's what PrivacyBadger
> was picking up - - - uBlockOrigin noted that there were some 15
> domains of which it blocked some 4. Still linked were crackbook and a
> bunch of ms googly's garbage.
>
> So I called the company to tell them that I found this concerning.
>
> I asked the person that I was talking to if they were into internet
> privacy and security - - - very much so was the answer. So I asked him
> why he needed all these domains connected. The long and short of it
> was that he got quite huffy and asked me to cancel my order (and
> without saying so) get lost. It is more important to him that everyone
> and his dog know about his transactions that it is for him to make
> transactions.
I suspect it’s more a case of two things :
They are using a packaged system that doesn’t make it easy to do things properly - only how the system designer things they should be done.
and/or
They get a lot of their business via those routes so there’s a potential financial hit if they turn off the tracking.
Recently I had a case where I went to an organisation’s web site and got (IIRC) a non-complaint cookie notice. IIRC it was the sort that basically said “we use cookies” rather than “can we use cookies”. When I contacted them, they were grateful I’d done so - they’d had some work done, and because everyone internally used the site all the time, they never saw what a visitor with a “clean” browser would see. It got fixed.
> I do wish there were a way of warning other customers - - - - his
> website is likely a magnet for web bottom feeders and he doesn't think
> its worth things about.
No easy way to tell other (potential) customers.
But for the business, you didn’t say what country they are in. Both Germany and France have found the use of certain Google “services” breach GDPR. Perhaps report the site for that ? I think this is going to get “interesting” for site owners ;-)
https://www.theregister.com/2022/01/31/website_fine_google_fonts_gdpr/
https://www.theregister.com/2022/02/10/google_analytics_gdpr_breach/
https://www.theregister.com/2022/01/13/google_analytics_gdpr/
Simon