That caught my eye as well, it's odd that they chose such a wording and they use it consistently on their notice page [1]:
> Depending on your country, you may have the right or choice to: Opt out of some collection or uses of your Personal Information, including the use of cookies and similar technologies, the use of your Personal Information for marketing purposes, and the anonymization of your Personal Information for data analyses.
YouTube keeps offering YouTubeTV and their other services with pop-up boxes where the two choices are "yes", or "skip trial", which sounds like they're offering a yes/yes choice: yes sign up for the trial, or skip the trial and go straight to buying the service. Keeps annoying me.
I'm pretty sure that's a good way to get the endpoint flagged as a target of abuse, and the page pulled until they can figure out what's going on, resulting in anyone who wants to opt-out after that point either running into a temporary or permanent problem, depending if they ever bother to put it back online.
How about instead of fraudulently providing someone else's credit card because "we know best", we just make sure to spread the pages as much as possible where appropriate, and let people make their own educated choices (and hopefully it opens their eyes to other places in their lives they can do so as well).
I understand the impetus to help, but it's important to consider that what one person views as helping another might view as terribly invasive in itself.
> I understand the impetus to help, but it's important to consider that what one person views as helping another might view as terribly invasive in itself.
This is a sense of decency that the surveillance companies didn't share. People didn't make any sort of educated choice to be surveilled - the surveillance companies arrogantly "opted" them in. Opting them out is much lesser transgression onto their will.
I do agree from the practical perspective - surveillance companies will parry any legible bulk activity into an excuse to continue surveilling. Fine point white text at the bottom of the homepage: "Due to an attack from scary hackers, all opt out requests from 2019 have had to be discarded. If you had submitted a request during that time, please resubmit your request. To protect yourself in the future, buy our nonsensical "identity insurance" for only $10/mo."
> Opting them out is much lesser transgression onto their will.
So, that makes it okay? They've been abused before, so what what's the big deal if we do it too? That's a troubling perspective to me. Two wrongs don't necessarily make a right.
I think this is very straightforward. You, as a third party, have no place making decisions for me without my consent in this case. If I have a relationship with Visa or MasterCard, please stay out of it. The appropriate way for this to change is for a) me or someone I've authorized to request it, b) the company in question deciding not to do it anymore, or c) a legislative body with jurisdiction mandating a change through law or regulation.
If you have access to my credit card number and I haven't given it to you, the only appropriate things you should do with it are to notify me, the company providing it, or the authorities that it's been exposed and should probably be changed. If I have given it to you to authorize a payment, you are authorized to use it for that payment (and possibly later payments that I agree to), not to keep it to use as you see fit later on without my consent.
If you have my card because I've given it to you and you show me a dialog letting me know you can opt me out and give me the choice, that's acceptable. But I view any action taken on my behalf without my consent with regard to this as a violation of my trust, privacy, and personal information. We are in a very scary place if we as random third partied think we're allowed to make decisions for people just because we think it's better for them.
My main assertion was merely "This is a sense of decency that the surveillance companies didn't share".
It's okay to acknowledge this as a vulnerability of your personal paradigm but still hold yourself to it. Just don't act like it's the only permissible way to interpret the situation, when the present state of affairs has been created by the surveillance companies not following the same moral requirement - already "[making] decisions for [everyone] without [our] consent".
More generally, a sense of right and wrong cannot mean simply following low level axiomatic rules, but rather requires judging constructive behavior. I'd say an action that mainly undoes a wrong is a lot closer to being right than another wrong.
The person in question has a relationship with the credit card company, in that they have requested and use the credit card (and if they aren't using it, nothing is being collected). I agree that opting into collection automatically is less than ideal, and I don't want it to happen, but this isn't some third party getting between some other nefarious third party and myself, it's them injecting themselves into an ongoing business relationship between two parties.
You can label them surveillance companies all you want, and in some contexts it might be the most fitting description. In this context, I would say it's more fitting to say they are contractual partners abusing the looseness of the contract for their own benefit.
Just in case you missed where this particular thread started, the top level comment is about the opt out forms for data collection at Visa and MasterCard, and the reply's (possibly somewhat in jest) suggestion that since the CAPTCHA is so simple, someone just use whatever card numbers they have access to to opt people out automatically. All my comments are specifically in that context, which is one of random third parties using card numbers they shouldn't have direct access to anyway to alter the business relationship of others without authorization.
Due to the constraints on understanding, I believe "fine print" in contracts carries zero moral weight. In order for Visa and Mastercard to credibly claim people have opted in, there needs to be an overt choice (no default already-checked option) as part of the direct card relationship, as well as specific consideration for that specific aspect of the relationship to remove any incentive to downplay the choice.
Furthermore, I do not view a person's associating with Visa/MC in today's society to be in any way voluntary - opting out is only possible at significant personal expense. So the mere existence of a business relationship also cannot be a basis for general consent. (As an aside: people generally do not contract with Visa/MC directly)
Taken together, these put "abuse" of a "business relationship" is in the exact same category as interjected actions by "third" parties - unwanted transgressions. They only feel different because we've become fatigued to accepting these transgressions when they pad someone else's bottom line.
And yes I am aware of the context of the discussion. I wouldn't personally do such a thing, but that doesn't mean I wouldn't applaud someone who did.
> Furthermore, I do not view a person's associating with Visa/MC in today's society to be in any way voluntary - opting out is only possible at significant personal expense.
Hardly. There are other creditors, and if you aren't worried about credit at all (and there are other ways to build credit), then you can use cash, buy gift card variants of their products which don't link to you, use some other provider (paypal), or some other form of payment entirely in some cases (e.g. cryptocurrency). There are more choices now than ever before.
> Taken together, these put "abuse" of a "business relationship" is in the exact same category as interjected actions by "third" parties - unwanted transgressions.
> I wouldn't personally do such a thing, but that doesn't mean I wouldn't applaud someone who did.
The only way I can read this is as you condoning additional violations of someone's privacy just because you think it's for the best this time. As I've noted, I don't think your value judgements have any place in my life, nor my interactions with other parties.
This has nothing to do with whether the whether the credit card company was justified in doing what they did, it has to do with people minding their own business and not violating other people's privacy. If you think the credit card companies are going too far, then calk to the authorities for legal action or legislative remedy. I applaud that action, but I don't want your vigilante activism, and I don't condone breaking the law by people that think they're more special than other people because they're doing it for "a good reason" or because "it's really just helping people".
I guess it's nice that you wouldn't do it yourself, but why would you applaud someone doing something that you wouldn't do yourself? It's real simple, if you can't or don't want to ask for permission to do something for someone else, then you shouldn't be doing that thing.
The issue isn't credit, but payment processors. Add Paypal and ACH to Visa/MC and you rule out basically every web retailer. If Monero/Zcash get to the point where they are well-adopted practical choices this judgement can change, but we are nowhere near that state of affairs.
> additional violations of someone's privacy
I've agreed that flipping that surveillance preference flag is a type of violation, just of territory that has already been trodden on. It's like if someone breaks into your house while you're away, then a neighbor comes along to put a tarp over your window before it rains, and you're complaining that the neighbor has trespassed. In a sense you'd be technically correct, but most people would consider that action to have been reasonable.
There is also the aspect where someone leaving this preference flag unmaintained is contributing to a larger attractive nuisance.
> why would you applaud someone doing something that you wouldn't do yourself?
Because I simply wouldn't want to take on the legal risk.
Sometimes when I get debt collector calls or car warranty scams I find their website and they usually have an opt out form, never seen a captcha. I have been really tempted to just hammer the endpoint with every valid phone number. Probably won’t accomplish anything but will give someone a fun surprise.
* https://marketingreportoptout.visa.com/OPTOUT/request.do
* https://www.mastercard.us/en-us/about-mastercard/what-we-do/...