Body
Googling his name I see that it's how this guy makes a living, with lots of court hearing records of him against different LLCs, but that's not the point.
This is a quote from his complaint to CA state:
> Defendant owns and operates the website https://XXX/ (the "Website");
through which it solicits and engages in cominerce with California. residents. A central feature
of the Website is a search bar, a tool that creates a reasonable and objective expectation of a
private, one-to-one communication channel. When a consumer types a search query, they are
not making a public pronouncement; they are. confiding theii specific interests, needs, and
intentions to Defendant, the proprietor of the digital space they have chosen to visit: This
direct interaction forms ,the basis of a relationship of trust between the consumer and the
website operator—a'trust that Defendant has systematically betrayed. The user reasonably
believes they are "speaking" directly to the website, and that the content of their query is
confidential between them and the site operator. This expectation is not naive; it is the
foundation upon which digital commerce is built. .
3. Unbeknownst to the millions of Californians who visit its Website, Defendant has
secretly weaponized this search bar, coiivertirig it into a'sophisticated wiretapping device. By
embedding hidden tracking scripts from a host of third-party surveillance aiid advertising
companies ("Tracking Entities") into the very fabric of its Website; Defendant has engineered
a system of inass eavesdropping. The instant a user types a query and executes a search, the
exact contents of that private communication are surreptitiously duplicated and simultaneously
transmitted to ari array of Tracking Entities. This interception is not a subsequent 'data-sharing
event; it is a contemporaneous, covert capture of the communication while it is in transit. It
occurs under the guise of a legally defective notice mechanism 'and without the valid, prior
express consent required by Califomia law.
further along
>17. Verifiable Evidence of Interception: The existence of this secret interception is not a
matter of speculation; it is an empirically verifiable fact that can be observed by any user with
standard diagnostic tools built into modem web, browsers (cominonly'known' as "DevTools").
As•
demonstrated by the evidence gathered by Plaintiff in Exhibit A to this Complaint: a. A
user can open ,the "Network" ,tab in their' browser's DevTools. This tool' •acts like a log,
showing all the "digital traffic"—i.e., every message sent from the user's browser and where it
•is going. b. When the user types a search teim, such as "XXX" into Defendant's search bar
.and hits "Enter," the Network tab shows multiple messages being sent simultaneously. c. One
message will be sent to Defendant's own website address. This is the expected communication.
d. However, other messages will be'sent at the exact same time' to the addresses of third-party
companies. By inspecting the details of these third-party messages, the user can see that the :
"payload" or "request URL" of the message contains the exact content of their search query
(e.g., VIVEK). This provides direct, contemporaneous, and undeniable evidence of the wiretap
in action: a private communication intended for •Defendant being simultaneously read by and
transmitted to an unauthorized third party.
what the heck? Dude is saying a load of bs just for normal website behaviour like network payloads.
For reference we also have a top rated GDPR/CCPA/etc compliance app and none of our tracking is working unless the user gives explicit consent.
Has anyone dealt with this before? What do you recommend?
Top comments (9)