Consider removing Pinpoll.com from fingerprinting category

[jfitzinger]

Pinpoll.com has removed fingerprinting code. Please update the classification.

[jfitzinger]

@patjack pinpoll.com has removed fingerprinting. Could you please reclassify Pinpoll? The updated code is available at: https://pinpoll.com/global.js

[jfitzinger]

Pinpoll has updated it's code and removed fingerprinting. I have created PR #154. @patjack please let me know if there is anything else I can do.

[Pinpoll]

Hi, this is Tobias, founder and CEO of Pinpoll. Please remove our service from the blacklist, since you're not harming us but a lot of valuable and renowned customers across the globe. Pinpoll is operating fully compliant with GDPR. Using a fingerprint for voting is simply required to prevent fraud, which is in the full interest of both our customers (hosting the voting) as well as the user (participating in the voting). I invite our customers to upvote my comment, should they happen to come to this post.

[oberhamsi]

i work for a public broadcast in EU and we use pinpoll as a voting provider on multiple websites. pinpoll does not serve ads so the "Advertising" classification is wrong.

they do finger printing but as @Pinpoll explained above it's not for tracking but to prevent fraudulent votes.

[arnstein99]

Hi, this is Tobias, founder and CEO of Pinpoll. Please remove our service from the blacklist, since you're not harming us but a lot of valuable and renowned customers across the globe.

Hi, this is arnstein99, user of github. Quoting from https://www.pinpoll.com/pdf/data-protection-declaration.pdf:

5.3Pinpoll transfers the personal data generated by the user according to clause 3 of this data protection declaration to third parties in an anonymised way, only. Data collected by Pinpoll itself with the explicit consent of the data subject may be transferred to third parties also in a non-anonymised way.

I certainly am not going to let pinpoll get its hands on my data.

[Pinpoll]

@arnstein99 First of all, it's not "your" data if it's anonymised (and aggregated) - we don't know who you are, we could not even delete any of "your" data since we don't store a personal identifier required to look it up.

And as the second part clearly states: data is only transferred with the explicit consent of a data subject (this is GDPR language, sorry to treat you as a subject). If you don't want it to be transferred, we don't do it.

That clarified, would you please explain again, where you see your privacy violated in any way?

[arnstein99]

@arnstein99 First of all, it's not "your" data if it's anonymised (and aggregated) - we don't know who you are, we could not even delate any of "your" data since we don't store a personal identifier required to look it up.

Every web company in Silicon Valley and beyond sends out anonymised data in exchange for money. So I assumed that pinpoll does the same. Would you like to clarify?

It is well known that anonymised personal data is de-anonymised all the time. Once again, I do not claim to know the inner workings of pinpoll so I cannot know how severe the issue is here.

And as the second part clearly states: data is only transferred with the explicit consent of a data subject (this is GDPR language, sorry to treat you as a subject). If you don't want it to be transferred, we don't do it.

I understand the second part to mean that non-anonymous data is transferred with permission from the user. I don't have a problem with that, personally. I wrote out the full paragraph from your PDF as a matter of course.

That clarified, would you please explain again, where you see your privacy violated in any way?

A typical web outfit would sell the anonymised data to any entity capable of writing a check. When combined with data from other sources, de-anonymisation is not difficult.

[Pinpoll]

A typical web outfit would sell the anonymised data to any entity capable of writing a check. When combined with data from other sources, de-anonymisation is not difficult.

De-anonymising or mapping with third-party data would require a huge rainbow table + our hashed identifiers + the salt we use for hashing to be shared with third-parties - none of that either exists or is happening.

Our business model isn't built upon selling data. We offer software as a service and want that to function properly. In case of online votings, properly means to stop anonymous users (or bots) from voting multiple times. That's why we apply fingerprinting the moment a vote is cast. This is an action triggered by the user with full consent and the willingness to participate.

[arnstein99]

Well, pinpoll, I am losing this argument now so I'll just stop. If you would like to have the last word, perhaps you could elaborate a bit on the paragraph I quoted from your PDF. In particular, why do you distribute anonymised data to third parties? That does not seem consistent with the business model of providing voting systems.

[Pinpoll]

Thanks @arnstein99 for your inputs and the vivid discussion, much appreciated.

[Pinpoll]

Guys, we've fully committed to removing fingerprinting (check your e-mails), so please remove us from the blacklist. There's no point in blocking our code any longer.

[ryanbr]

Removing fingerprint and tracking? because I see no reason not to remove pinpoll from Easypivacy yet.

[Pinpoll]

@ryanbr We've removed ALL fingerprinting from our code and hence, Disconnect has also removed us from their list: https://github.com/disconnectme/disconnect-tracking-protection/commit/45154a89b88f5057ac973637043afe6320b7bf66

Therefore, would you please also consider removing us from Easylist?

[disconnectme]

Temporarily removed based on removal of fingerprinting code. Pinpoll still on tracker list. https://github.com/disconnectme/disconnect-tracking-protection/commit/45154a89b88f5057ac973637043afe6320b7bf66

[spirillen]

Removing fingerprint and tracking? because I see no reason not to remove pinpoll from Easypivacy yet.

Hey @ryanbr to prevent reinventing the wheel, is there a change you can remember where you've found tracking code on this domain??