this post was submitted on 24 Jul 2024
274 points (93.9% liked)
AssholeDesign
7563 readers
2 users here now
This is a community for designs specifically crafted to make the experience worse for the user. This can be due to greed, apathy, laziness or just downright scumbaggery.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
They aren't invading the privacy here. They are preventing a malicious actor from running an attack via VPN and ssh tunneling in addition to IP address, device, etc. At worst they are associating IP with browsing at competing stores. Preventing the VPN was likely required by a lawyer and auditor and a risky attack vector for a billion dollar company.
If Walmart was breaking https and inserting man in the middle games it would be in their policy. Other commentators went off into fantasy land edge cases where traffic is being decrypted. And it still doesn't change my expectation of privacy on a public hotspot.
Yes they are, they're forcing you to disable Private Relay.
This makes no sense. I could walk outside the store and do any of those things on my 5G connection. Private Relay does not enable these attacks and blocking it doesn't prevent them.
Wut? They are the ones assigning IP addresses. Not sure what you mean.
At worst, they're using your IP address to join your walmart.com session cookie with complete time series data on your store position, data from store cameras, etc. to build a creepy profile without consent.
It's not a problem for Starbucks. As long as the public facing network is separate from the internal store network, e.g. with a VLAN, what is the concern?
Regardless, it would be shitty behavior.
If they were cracking crypto schemes and were decrypting your traffic, it's entirely possible this violates a "hacking" law in the US.
It was a hypothetical to explore the extent of your "their house, their rules" viewpoint.
Are you okay with this for every hop on all your routes? I mean I’m sure very few of them are publicly-owned servers.
Then why do their ToS say they use this data for advertising purposes? If they really need to be able to track you to prevent malicious actors, they can do so without using the data for advertising.