Why we should end the data economy(thereboot.com) |
Why we should end the data economy(thereboot.com) |
Simply letting your browser emulate the browsing habits of a wide variety of people could knock down your uniqueness if done in bulk. I’m pretty sure there was a chrome extension a while ago that browsered major sites to obfuscate your actual traffic. I also like the EFF’s panopticon if you’d like to see some real value uniqueness scores.
The WEF is 100% pro datamining the shit out of everyone, and AFAIK they only invite people who share their vision of the future. So, why is DFINITY making presentations for them while also sponsoring anti datamining journalism?
I'm not saying that "THIS IS WRONG!" I'm just confused as to what's going on here.
Search random stuff you are not interested in and see them desperately throw money into the toilet.
Search plane tickets to Congo, saxophones, windsurf equipment, paintings of toucans... the most random shit you can think of.
Then you will start seeing ads for that, which is seeing the ad tech imploding in front of your eyes.
The more you do it and the more other people do it, the less profitable ad tech becomes.
Also search for stuff outside your demographics, like stuff for older people, so they get your profile wrong.
In this case, make mass data collection and targeted advertising illegal.
>... and what are you going to replace it with?
The model(s) we had before - generalized advertising based on who advertisers believe the broader audience that watches X show or views Y website is.
https://www.abc.net.au/radio/programs/am/fmr-israeli-soldier...
I wrote this back in 2014: https://magarshak.com/blog/?p=169
And here is the solution: https://qbix.com/QBUX/whitepaper.html
Thoughts?
End such economy basically means the users will start paying for the internet. Never gonna happen.
People will get tired of the junk mail and companies will lose money trying to peddle data.
The biggest faux pas is "your PII is sold to the highest bidder". Not true, your PII (and mine) is sold to any bidder who hits the minimum threshold/rate, currently less the 12cents CPM
Working on serious problems like climate change would be hobbled without the rise of the data economy. But to be an economy it must have rules that protect private, personal and ethically important entities.
But the nature of "digital property" has changed things. If you think the printing press changed the nature of human societies, just wait until the internet has existed for a few hundred years and their corresponding number of generations.
Capitalist market economies, trade-centric as they are, have evolved around a world in which all property is exclusive. However starting from printing press up to "model-T"--style mass production (the development of industrial societies) reduced the cost of copying and duplicating stuff more more until the creation of the internet brought about "digital goods" (such as all your personal data) which has duplication costs _below_ marginal (I think digital copying has essentially ZERO cost).
Digital goods provide a huge boon if we are able to stop trying to force-fit them into a system which works great for physical (i.e. exclusive) goods. Why and how did Microsoft become what it is during the 90s? because of huge savings in duplicating their software in a society that expected said duplication to have a not-negible cost.
Not in 2021. In 2018, GDPR went into force in the EU. In 2018, CCPA went into force in California, US. In 2021, VCDPA went into force in Virginia, US. At least with GDPR serious fines were passed.
The right to data privacy is no longer a John-Lennon-like hippie idea. It is law. Now go and fix you business model.
I rather like this simile. Kudos!
> who you sleep with because both you and the person you share your bed with keep your phones nearby
> whether you sleep soundly at night or whether your troubles are keeping you up
> whether you pick up your phone in the middle of the night and search for things like "loan repayment"
> your IQ based on the pages you "like" on Facebook and the friends you have
> your restaurant visits and shopping habits
> how fast you drive, even if you don't have a smart car, because your phone contains an accelerometer
> your life expectancy based on how fast you walk, as measured by your phone
> whether you suffer from depression by how you slide your finger across your phone’s screen
> if your spouse is considering leaving you because she's been searching online for a divorce lawyer
No one sane is OK with corporations, governments, and other third parties being able to obtain and save this information either -- especially if their only hurdle is to get you to click "OK" to agree to some legal agreement almost no one has the time to read or expertise to understand in its full implications.
We need a New Declaration of Human Rights for the 21st century that takes into account rapidly advancing technologies for collecting and acting on data at mass scale.
I just now set up a small site for it at https://whynottrack.com/! It's open source -- GitHub link in the footer -- so anyone can PR changes / reasons / etc.
I suppose calls for better regulation, purpose oriented data collection and stricter enforcement and penalties but by no means does simply don't track/collect data is an answer where there are actual practical applications.
Interestingly, this attitude used to be default even here on Hacker News ~5 years ago. I am so glad to see it's changing. Why I'm finding this interesting? Because this audience always knew what's going on even without layman articles like this, but did not care for some reason. This shows how just knowing isn't enough sometimes. Public sentiment matters.
I'm sure that's happened.
> to some legal agreement almost no one has the time to read or expertise to understand in its full implications... New Declaration of Human Rights
In the same breath: complain about long documents that no one reads, propose authoring an unenforceable, even longer document that no one will read.
People close to you probably know all these things already. Even if you don't.
>No one sane is OK with corporations, governments, and other third parties being able to obtain and save this information either //
This is a popular view here. I don't think it's true of the population as whole.
I think you're right. They can get to the point where they care, but my intuition is that it'd take a real crisis, and even then there's plenty of incentive with this topic to move on as fast as possible. We (the public) are pretty fickle, and it's psychologically threatening to admit we've had a voyeur living in our bedroom for a decade.
Or, in lieu of that, walk me through how that would be done with Facebook's, Google's, or Apple's data via your first-hand knowledge of those data and where and how they are stored and accessed?
These fear mongering comments about data collection have never demonstrated real world harms, AFAIK. It reminds me of the genetically engineered foods bogeyman that, in spite of a complete lack of empirical evidence, continues to be trotted out as a huge danger.
At the very least, at a bare minimum, I think we need legislation that covers how this kind of data processing happens by third-party companies and we need to provide a way for citizens to at least see what data has been collected about them and what 'insights' it has generated.
If the information is stored on servers in China, then the Chinese government has it as well. Maybe you aren't a Chinese citizen so you don't care, but it's at least worth considering.
The politicians we elect to craft and enact legislation that affects the big data companies are always at risk of being essentially blackmailed by those companies with the incredibly detailed and personal information that those companies have on politicians.
Notable examples:
* Strava revealed the position of US military bases
* Muslim prayer apps sharing location data with US military
In my own experience, I work for a call center. We have many important American companies as clients. They give us access to their systems so that we can service their clients. I am overseas dealing with their customers and I can access their personal information. I can see their face linked to their Facebook profile. I admit I've been tempted to misuse the information any time a customer makes me angry.
I personally think that if I give this data to a company, and they keep it "safe" and only to support features that are beneficial to me, that's totally OK, but I wouldn't like companies reselling my mobility data to health insurers (without aggregation or cohorting) to give me a 100% customized insurance rate, regardless of how beneficial that would be.
Data that's used to distill people down to a number and value them precisely seems to have a potential to enforce systematic inequalities and further improve the lives of "haves" at the cost of "have nots".
https://www.opendemocracy.net/en/largest-personal-data-leaka...
Venture capitalist Peter Sims wrote about being tracked in a blog post this September. Back in 2011, he wrote, he was in an Uber car in Manhattan when he started receiving text messages from someone he barely knew telling him exactly where he was. That person later told him that she was at an Uber launch party in Chicago, where Sims' movements were being tracked via God View on a large public screen.
https://www.buzzfeednews.com/article/johanabhuiyan/uber-is-i...
https://www.theverge.com/2016/1/6/10726004/uber-god-mode-set...
https://www.vice.com/en/article/ypw5n7/ubers-god-view-was-on...
Use a list like this as a starting point.
https://www.oag.ca.gov/data-brokers
Commuter data is good, so is foot traffic. Data sets centered around health and income or quality of life can be beneficial as well. The game is to use publicly available information about your person to tie them conclusively to set of entries in an 'anonymized' data set.
If you aren't at least investigative journalist tier or the resources you need cost too much/require a corporate presence, then hire someone to do it for you who already has the pipeline set up. PI's have been available to Joe Q. for years and they still are. This all just makes them even more efficient.
I'd argue that it doesn't need to be "Joe Q. Public", because companies are made up of Joe Q. Publics.
I'd happily share basically all of that information with that specific group of people - except maybe my neighbor that keeps reporting me to the city, they don't need to know my life, but if in turn I could know who was googling city ordinances in the middle of the night it might make up for it.
At worst I get a funny look for something I googled in the middle of the night?
To your point, it's 100% the government I'm worried about. They've got legal and lethal authority to do far worse than a weird look.
Society scares me more. The government has the authority, but society has the power and the inclination to weaponise it. The government would never bother reacting to anything that RMS said but people did.
I think we should all be looking at this as either they're getting -all- of your data and sharing it with -everyone- (because that means more $$$) or they're NOT getting your data and they CANT share it cuz they don't have it.
We cannot trust companies to respect our privacy because it goes against their core value of turning a profit.
Minor nitpick: you can't measure speed with an accelerometer, at least not with a cheap one like the one in your phone. I mean, in theory you can numerically integrate the acceleration to get the speed, but in practice the noise will be so big as to render the result useless after a few seconds. It's much better to have a GPS and derive the speed from the position.
Signed: someone who spent too long programming an IMU and fighting with stupid bosses full of misconceptions.
Other than that, I totally agree with your comment.
That's got to be extremely noisy, does anyone have any links about this?
https://www.pnas.org/content/110/15/5802?sid=98dc0a8b-4443-4...
IQ:
https://www.pnas.org/content/pnas/suppl/2013/03/07/121877211...
So what is it? Exploding email addresses? Making friends with someone with DMV database access? Temporary credit-card numbers? Tinted windows? Never carrying a wallet? Having an entourage take care of all of this for you? All of the above? Anyway, it would be nice if the zillionaires who have put a lot of resources into personal safety told us what they've learned. Heck, if adopted wide enough their practices might put the crunch on data criminals (though probably also data businesses, which would maybe be a reason they'd resist it.)
Shit I would love to know this for myself! Is there a service or app that can crunch the numbers and tell me?
https://www.scientificamerican.com/article/walking-speed-sur...
https://jamanetwork.com/journals/jama/fullarticle/644554
Edit: I'd add that you likely don't need any tracker to get a rough estimate.
If you walk faster than people around you who are roughly the same age, then you'll likely outlive them.
That may be a reason to take it slow and smell the roses, since you have more time :)
It's not incredibly accurate but Vo2Max is regarded as an important indicator of your cardiovascular health.
The things you mentioned are kind of how it was before the advent modern civilization. Before Facebook tracking it was old biddy tracking. Through gossip everyone knew pretty much everyone's business.
That said, there's not an immediately obvious connection between surveillance and our neighbors knowing things. I have 0 information about who my neighborhors are sleeping with based on their cell phone tracking.
As already noted the difference in scale, but obviously if you didn't like what the old biddies tracked about you in your small town you could move to a new one and start over - you can't with the global surveillance system.
finally it should be obvious that not everyone lived in a small enough town that the old biddy network was actually useful for tracking you.
The computer on the other hand, is an eternal record and can be dumped into the open by any hacker or wannabe-hacker for ill intent or just for fun.
I guess, there's no appropriate reputation scale for what we see on the internet (it's either perfectly trustworthy or a total sham), there's no forgetfulness in terms of minor misdeeds, and there's no way to argue with the public consensus once they've made up their hivemind...
"No really, I've changed in the 10 years since I wrote that post!"
https://www.amazon.com/Privacy-Power-Should-Take-Control/dp/...
Actually no, not a wink, it’s terrifying :D D:
This is why "Big Tech" is a joke. Spying, like legally selling opiates, is not a legitimate business. It does not matter how much money can be made doing it.
Perfect. Except it is insulting to vultures, who at least put carrion back in the food chain.
This is straight-up theft of our data and privacy, for profit, and it needs to be both outlawed and shamed.
Seriously, but these slime should be more despised than common burglars (tho maybe a notch above mobsters). Seriously, these people are not respectable, and should not be respected or tolerated in polite society. So, don't.
Sir Tim Berners Lee already came up with "The Contract for The Web": https://contractfortheweb.org/
Spread it around.
As opposed to most companies that are tracking me to try to take advantage of me.
When people ask how I'm doing, I tell them and that includes whether my problems are impacting my daily routines and needs. (Not lately)
I've shared the results of my IQ tests and had plenty of discussions about the validity and lack thereof of those results (145-160+ depending on test). Facebook likes are the least good mechanism to work that out by.
I think one of the helpful things I do is share really good places to eat and find things I want. (Nirmal's is my favorite in Seattle)
I hope driving monitoring helps us shift from a penalize infrequent rule breaking instances to helping manage attention and grow skill. I speed when conditions let that be safe.
I suffer depression and have my whole life as everyone I know is aware and now is more public on the internet.
You'll have to ask her but I'm not looking to leave. I'm very honest and want that in my closest relationships so if we were going that direction she'd be among the first people I spoke with. If she feels she needs to leave I'll try and help us both find happier lives but I hope it never comes to that.
I respect that you have a different level of openness. I think a good criticism of my post is that I have a ton of privilege to feel safe sharing these things. I've chosen to live a life I feel entirely comfortable sharing. Clearly I'm not handing out credentials but... I prefer a world that is more honest and intimate and that simply requires I be open, honest, and self-reflective.
1. Why should they profit off of my data without my consent? (Hint: they shouldn't.)
2. Why is it so hard for me to get value out of it? Shit, if it's gonna be collected, aggregated, and analyzed anyway, I should just do it my damn self and actually get something out of it. It's like we need an open source community for personal data collection, aggregation, and analysis.
For example: You want to vote in an online poll by company A. Company A collects data about you and sells it, so you must agree to their privacy policy. Company A's privacy policy discloses that they sell your data to Companies B, C and D. Companies B, C and D have provided a list of its customers to Company A, and Company A includes those lists as well. In addition, the customers of those companies provide lists (as all data brokers would be required to do).
If its seems like it could get overly complicated with huge lists of data brokers for a simple online poll, that's the idea. You shouldn't have to wonder how many entities you're giving access to your information when, for example, you want to vote for MLB All-stars. MLB wants your name, address, email, phone number, and they disclose they'll "share it with partners" but they don't say who those partners are, how many exist, and if they have their own "partners". Vote for your favorite player and you could be getting a phone call for life insurance 15 minutes later after your number has been passed through 5 different companies.
If you keep PII, you'd also need to keep some contact info for the subject, and use it to ensure they know about their rights / the data. The existence of the data-related right would imply an obligation to inform the subject about it.
I guess I'd prefer a web interface displaying all the data holders with little "delete" buttons, over getting a gazillion letters, but if this is implemented by a single organization that actually has all your data (even if only for the purpose of faciltating GDPR), it could be a central point of failure.
You go to a website about babies, you get baby ads.
You go to a website about electrified fences, you get ads for trucks, tractors, backhoe rentals (even in your area because of your IP address - but that's it)
It's damn near equivalent to local / cable TV.
Also, fact is that matching consumers with products that they like doesn't just have enormous business value, but is actually socially positive! If you can more easily reach a niche audience, you can build better more targeted products. And the open data exchanges were a great moat against platform centralization like FB. The fight against open data exchanges make the comparative advantage FB has in advertising to you larger. That's actually pretty bad, because FB has some pretty bad incentives wrt to the attention economy and optimizing for engagement. A world where advertising on independent websites is effective is a much better one - it would let websites put out better content, it would decrease the power of social networks, it could fund better journalism (which is being decimated right now), etc.
Data is concretely used to maximize engagement, outrage, polarization, etc. in order to get more attention, which is at a root of a lot of the public discourse challenges we have these days. It would be much more benign if tracking was really just about trying to see what I am most likely to buy and target that to me.
Personally I dislike also the "tracking to show me what I'm most likely to buy" but this itself (assuming such thing could exist in a vacuum, which seems unrealistic to me) has an inherently limited impact.
It's not okay to take a person and hold them against their will, even if they've signed some sort of agreement. Indentured servitude and slavery are considered non-viable business arrangements. No matter what I promise you or what our trade-off is, these contracts cannot exist.
I think the only way this reasonably ends is when the rest of society catches up to that conclusion. It might be a while, though. I honestly don't think most people _want_ to know what's going on, since it's quite frightening and there's nothing they can do about it. This is going to have to get more and more stressful to the average citizen until most folks realize what kind of world we've crept into.
Of course the idea of an "Advertising Economy" should cause people to pause a bit since advertising, by its nature, can only help maximize profits for somebody else. In theory the money that gets pumped into advertising can only be squeezed from the profits of other companies who are doing some optimization, weighing the cost of advertising vs the increase in their market. The maximum amount it makes sense to pay an advertiser is proportional to the increase in the audience they provide, with the assumption that your profit - fee * population_ads > profit * population_no_ads.
One thing should be very clear, advertising cannot create value, it can only extract some of the surplus value that other companies are creating. This puts a pretty hard limit on how big advertisers can grow.
The solution to this was of course to take the byproduct of advertising, the generation of large amounts of demographic data, and transform that into a product. Suddenly selling, sorting and manipulating data create an entirely new class of products and create demand for new professionals as well.
The advertising industry, specializing in creating the illusion of value when their may be none, has done a brilliant job of convincing everyone that data is inherently values. Allowing tech companies to sell not only their data, that is often of questionable actual value, but the infrastructure to use this data, and sell training in the skills necessary to work with big data.
The "data economy" is just advertising turned in on itself. Anyone who works with data knows deep down that all of this is a farce, but I think we still have a bit of time before all of this hits the fan, so enjoy the ride.
Like how it took decades for society to come around to human influenced climate change, it will probably take a while for people to accept the social and mental health costs associated with the extraction and use of this resource, or we will get to a point where people are manipulated enough to be insulated from such a realization.
I mean, so what if my neighbor gets a different ad than I did? maybe he's into red shirts and I like blue shirts. so what if he got a cheaper plane ticket advertisement? I'm not going to buy a ticket unless it's cheap enough to do so. so what if i didn't get an advertisment for a college degree, it's not going to impact whether or not I'm going back to school, etc. so what if an ad uses emotional language specifically targetted towards my political demographic, it's not going to make a difference to me after I investigate the matter objectively.
The author is extremely paranoid. She uses the word "should" a whole lot, but does not back up her dictatorial statements with any reasoning.
This article has failed to scare me as intended.
I learned this the hard way trying to sell something that competed with free tools from Facebook/Google/[other giant data monetizing companies]. Our tool was/is competitive, but we aren't in the business of data harvesting or advertising - so, the engineering cost (many years of effort) would have to be paid from actually selling the product. The response? People want the free ones, and could really care less how the engineers that built it were paid as long as THEY (the consumer of the tool) got it for free.
As long as the "someone else will pay for X so I can have it for free" attitude is acceptable and widespread, we're likely stuck with a pervasive and deep data economy.
The biggest barrier to this has been that lots of valuable data (eg. Facebook's social graph, Android contact data) is data about relationships between people, not the people themselves, and so would logically have multiple owners. But that's not really a big barrier with modern technology: the crypto world solved multi-person ownership with multisig wallets several years ago.
Having a price for something doesn't exactly help victims of human trafficking (whether the illegal organ trade, prostitution or anything else). What can help those victims is regulation and aggressive criminal prosecution of anyone who seeks to gain from the suffering of others.
Unless people actually have a realistic and practical way of "revoking access" to their data which results in serious penalties for companies which continue to use said data (including company-destroying or even criminal penalties for senior managers/benefactors) then the negative-externalities of data-collection won't ever really be curtailed.
I willingly give my personal information over to a variety of firms knowing what they do with it, because I value the services I receive more. It's not your place to say whether that's okay or not, because it doesn't affect you.
Human trafficking + consent = immigration. Organ trade + consent = organ donation. Prostitution between consenting adults arguably should be legal anyway, and already is in many places in Europe.
And yes, there should be a practical way to revoke access to data. There are ways to accomplish this technologically (eg. capability-based security keeps the data within your possession and you export the particular query that an outside firm would use; federated learning lets them train machine-learning models on the data without the data ever leaving your possession). We just don't use them yet, for the most part.
The potential pitfalls of the data economy are about overbearing or violent governments, or about poorly managed data protection. This has much more to do with the bad actors than the tools they are using. It's sort of like saying we should ban information distribution because bad actors can spread misinformation.
I use adblockers and vpns and other such things but then I have accounts with facebooks and whatsapps. Could I camouflage my 'scent' with perfume? What's more - could I feed misleading data in? I really wouldn't mind being a VIP in the eyes of these shitty algorithms.
That would be insane. If they know how sedentary you are, or if you aren't sleeping well, or if you are driving too fast, driving at dangerous hours, or if you hang out at the bar too much ... can you imagine the implications?
It gets even wilder with things like Fitbit Charge 4 where this data, in the hands of data brokers, can include data like your resting heart rate, your SpO2 levels, exactly where/when you walk.
https://blog.hubspot.com/service/customer-data-platform-guid...
Sure, you can draw attention to something bad, but if all you ever do is live off the drama and frantically declare that X "needs to stop" (I loathe that airheaded phrase like few others), what good are you? Who's going to stop it? Passive voice does not impress. When I need to eat, I eat. I don't say "I need to eat" and leave it at that. I'd starve.
Clearly you think it can be stopped. Clearly you think it's not just an unfortunate malady of the age that we must bear. You think it can be fixed. Where's your proposal? How are we going to shift the tech economy away from surveillance?
The growth of the data economy is like the growth of finance. Neither finance nor data gathering actually produce anything. They can help produce something, inform or facilitate the production, but it's not productive in itself. In the limit, you're left with a hot potato economy where people gather data to sell for the purpose of gathering more data.
Maybe this is incentivized by the killing of the industrial base. Everything we buy is from China. All the US does is consume.
The author is fearmongering big tech because she envies all the money they are making. Facebook does not sell user data, and I'm pretty sure the author knows this but intentionally perpetuates this misconception anyways. Facebook would collect about as much user data regardless of whether they used it for targeted advertising.
> They generate profits by ... selling [your personal information] to ... prospective employers ...
?
This one seems unlikely but who knows.
And incidentally, PDL was the source of a 1.2-billion person data breach a few years ago: https://www.wired.com/story/billion-records-exposed-online/
Aren't they opening themselves up to lawsuits if they match the wrong person to the wrong potential employee?
Additionally, isn't it illegal to decide to hire/not-hire based on a bunch of protected traits? (age, sex, orientation, religion, etc.)
It seems like a lot of the quoted information would be off-limits.
Imagine this in a plain document with no CSS:
<body>
<h2>Why We Should End the Data Economy</h2>
<p>The data economy depends on violating our
right to privacy on a massive scale,
collecting as much personal data as possible
for profit.</p>
<p>...</p>
...
Now it's just the rant of some loser who doesn't even know the first thing about making an attractive web page, and doesn't have any friends who are graphical designers or artists to help him or her sell the idea to the masses.Connecting another dot on this point: The creation and widespread use of such profiles -which are not merely comprised of data, but are summary conclusions about people- may well make the U.S. into a genuinely caste society. Without rules regarding things like data aging, publicly accessible profile monitoring, and bad data correction… and when to provide some sort rehabilitation method, people will eventually become just a collection of their mistakes and forced into one bucket or another.
We need something akin to the Fair Credit Reporting Act and a set of laws that provide better guide-rails for when data can be collected, by who, for what purpose, when it can be sold or used for a purpose other than why it was first collected, etc.
All the hypothetical examples are realistic, but... what are the names of companies that are actually providing that level of data about me?
the key here, is, just don't buy products you don't want or don't need. as long as you do that, you'll be fine. I have yet to meet a single Ad that forced me to buy a product I didn't really want or need. And, just don't let the ads manipulate you.
It also stifles original thought that is conceived independent of how things are or what people like ("culture becomes stuck").
When dealing with data you need to be aware of your own unfixable shortcomings as an observer. And if you can influence people's behavior at scale you're no longer an independent observer anyway, complicating things further (a measurement that becomes a target stops being a measurement).
There isn't one truth you could uncover in data; life is an open-ended chaotic system. Let's keep it that way.
Recognizing the limitation of these systems is key to be able to use them well and when not to use them.
Even if one adds randomness to create new phenomena within their given framework, one can never compensate for that.
Uncarefully applied data-driven narratives have not enriched our thinking, they're blunting it. And they blind us to what could be.
> I've shared the results of my IQ tests (145-160+)
I wonder if the part of the population with <100 IQs are similarly open with their results.
> I speed when conditions let that be safe.
Admitting to breaking the law is an excuse for higher insurance premiums and for the police to hassle you.
> I suffer depression
This is one of the few relatively "safe" mental health conditions to announce. Who's lining up to hire someone who's openly struggling with addiction or has psychopathy?
> I'm very honest and want that in my closest relationships
Let's say your partner gets served ads about how your single, attractive co-worker has been googling you late at night, how your location histories have significant overlap, and by clicking the ad they can find out more. Not everyone will get suspicious, but some people definitely will click.
~~~
It would be great if we could all be open like you say you are, but society isn't even close to ready for that. Any rapid transition (like wide-scale encryption breaks) would be traumatic on so many levels.
If you want privacy, quit Facebook and Gmail. News flash: they're NOT gonna stop spying on you. You need to stop using them.
It’s not exactly a problem for most people. Even I who’s privacy conscious don’t particularly care I block ads with ad blockers anyway.
Them knowing is not the problem. Them using it to harm me is the problem. These are different thing, latter is a problem, former is not.
Let pick this one example :
'your restaurant visits and shopping habits'
Just them knowing is not problem, in fact them knowing can also benefit me: e.g when they want to give me gift.
Any car 2010 and later "smart/stupid": https://www.businessinsider.com/ford-exec-gps-2014-1, so even if you leave your phone at home, don't assume that you aren't tracked.
Being watched by sky wizard and judged at all times is their expectation. It is their agency.
Write down whatever you want, how does one resolve the reality? We have documents in place to cover all these things.
Yet here we are still.
You’re doing what the people you aren’t ok with do; expect everyone to undertake creating and importing some wholly new perspective.
We know how to regain our agency: take control of it away from the aristocracy.
The species has done this again and again. It’s not new.
Also I happen to think we'd be a better society if we all knew everything about each other. Instead of discouraging companies from analyzing us, encourage them to publish everything all the time. Let governments join in on the fun. Everyone should be tracking an analyzing everyone else.
Solves the issue with companies manipulating us to sell our data, because if they publish it they can't sell it. Solves the ransomware problem as well. Publish everything, no privacy for anyone. You can't blackmail someone for data everyone has.
I wanna know what you think right now. I'm not asking you to tell me, I'll scan your brain instead. And I'll know what your dream last night was. And you'll know the same for me as well.
That's the future, prove me wrong.
You say that you think this would lead to a better society. That aside, how would you personally feel if this vision was to become reality?
For me, I’m certain my mind being totally exposed like that would lead to debilitating mental illness and possibly even the loss of the will to live. I can’t imagine human beings, either as individuals or a collective, being fundamentally equipped to deal with such a thing.
I don't think that means we don't need privacy. It absolutely has value.
The problem is when privacy is only available to the rich and powerful, while the details about the rest of us are hoarded and used by the very same powerful people who pay such a premium for their privacy.
If we allow the collection of information, that information should absolutely be public, but that doesn't mean we should allow everything to be collected.
You should set the example. Go ahead and post your e-mail address and password for us.
Anyone who thinks such transparency is a good idea should read Arthur C. Clarke and Stephen Baxter's Light of Other Days: https://en.wikipedia.org/wiki/The_Light_of_Other_Days
The problem that need to be solves is not how to hide information but how to fix the issue that arise when the information are public.
Lets talk about one example :
Right now it is a problem if my credit card number become public because it can be used for unauthorized purchase.
Simply having my credit card number become public is not an issue perse but for it to be used for unauthorized purchase is the problem.
But what if I can have my credit card number public while nobody can use it for unauthorized purchase ? then I won't have issue for it being public.
Care to specify which list entries you have trouble believing?
Maybe I am old school or too naive, but I don't see how I would make a personal margin with my own data.
If you are already looking through a bunch of ads for the sole purpose of trying to buy something, then your personal data is valuable to you because it saves you time. But that's definitely not the situation with most big tech products.
Pay no attention to the fact that you’re not getting versions of these things that maximize your benefit either...
“Advertising funded search engines will be inherently biased towards the advertisers and away from the needs of consumers” -Larry and Sergey in 1998
2. They are giving you value (via free services)
Sure there are a few companies you pay that also collect your data and I wish they didn't but even then they'd raise the price (maybe willing to pay more) if they didn't subside the service via your info
As a developer I have a hard time imagining building an application that doesn't use data to provide a higher level of experience in some way. Of course there is a very long rabbit hole on how data collected to create a novel experience then gets used in other ways to provide revenue.
We just live in a world where applications are able to hide almost everything that is happening behind the scenes from the user, and advertising drives the majority of free applications, and this opens a gateway to major abuse...
There are possible truths that exist in mainstream math formalisms[1]... for which the formalism says there may be no proof of. Just because the formalism can't explain everything doesn't mean we should throw it out!
I view communications like this as: a. making ppl aware (who may not be technical) b. doing the work that may not be worth $$$ c. avoiding future coordination failures of society
All of these in a hyper-optimized and hyper-educated societies may seem inefficient, but in a non-optimized and not highly educated world we live in they are the difference between chaos and not.
[1] https://en.wikipedia.org/wiki/G%C3%B6del%27s_incompleteness_...
Burn it all down.
Easier said than done. What we're seeing is advertising as a business carried to its logical conclusion. If you "burn it all down", you have to end, in effect, all advertising. Advertisers try to target their budget as effectively as possible; the more they know about their target demographic, the better able they are to do that.
Go ahead. Figure out how to opt out of Experian, Transunion, or Equifax collecting everything they can about you, including pretty much every piece of data needed for identity theft, possibly confusing it with someone with a similar name, and then putting it in a badly-secured database.
No, really, if you can figure it out I'd love to know. Every now and then I am reminded they exist and that they are silently creating these vast troves of data without anyone's consent, and all I can do is hope that if my identity information is included in a data breach, I am both small enough and lucky enough to not be impacted.
Think about all the other websites out there using Google Analytics, FaceBook "Like" buttons, Twitter excerpts, etc.
You're ever getting away.
Even if you are homeless and living under a bridge, facebook will have photos of you, uploaded by others, they will know who you are and whwre you like will sell some data relating to you to someone
Also, what ever happened to showing ads to people who aren’t already interested in your product to expand your brand and maybe bring in new customers? The current ad model feels overfitted to me.
As for the common complaint that you always see ads for products you already purchased, that's actually a very good time to make an impression. What are the odds that you are thinking about buying a new dishwasher at any given moment? Probably next to 0. You probably would completely ignore any dishwasher ad you saw. Now imagine you just replaced your dishwasher with a new one. You probably noticed that dishwasher ad now. You might have even clicked on it to see if you got a good deal on it. You probably care more right now about dishwasher specs than you ever have in your life up to this point. Maybe there's a better deal out there. This is the perfect time to send you more dishwasher ads.
I'd think that the more interesting thing would be to try and find some proxies we can use as an ersatz empirical test. For example, what about ad prices? If personalization based on tracking really does work better than other forms of ad targeting, then one would expect that that difference would yield a noteworthy difference in ad prices.
In short: If it really works so well, then you'd expect personally targeted ads to cost significantly more per impression than ads that use content-based targeting. And I'd assume that that information is reasonably public.
Well, sometimes. But what people want is not always good for them or for society at large. Targeted advertising has a side effect of hiding what exactly is being advertised to society. There's obviously the extreme cases of "vices," but what about things like junk food? People love it. Targeted advertising can induce cravings that make people buy and eat things they know are not good for them. Or for another example, what about pesticides and gas guzzling trucks? I don't want all my neighbors' vanity being exploited in order to pollute my neighborhood. We can openly talk about what we all see on TV, in newspapers, or on billboards, but if I'm not seeing the same ads as my neighbors online, those conversations aren't going to happen.
Couldn't have happened to a worse industry
Otherwise, get the fuck off my attention span, stop bloating the web, and stop polluting public spaces with irrelevant information!
I mean, why not both? I simply cannot think of someone who dislikes tracking-as-advertisement and is pro central clearinghouses for more targeted personal information.
> Also, fact is that matching consumers with products that they like doesn't just have enormous business value, but is actually socially positive!
Only with the unstated premise that tracking _will_ happen and it's better if that tracking is done in a decentralized fashion. Sure, I can agree that there shouldn't be a monopoly at the focus on online tracking-as-advertising, but there's an additional argument that the space _should not exist in itself_. These arguments have been rehashed endlessly online and especially on HN so they probably don't bear repeating here, but the either or choice you represent is disingenuous.
EDIT: fixed a typo
Maybe this works well for some products, like "I know i need to buy milk, what should i buy?" but it has often been used in a form that appears like an abusive relationship.
Think about all of the kid-targeted ads from 30 years ago which peddled sugars and psychological tricks to get kids frothing at the mouth over their food and toy products. These weren't merely advertisements, but targeted attacks to the brain. And of course things haven't changed, it's just iconic to talk about early TV's cereal commercials hah. As with many product advertisements, they're not just trying to make you aware of the product - they're trying to bypass your consciousness and hook straight into your brain.
That was 30 years ago, and we've had the misfortune of seeing this evolve. Now social media advertisements are hyper targeted with similar tactics but more nefarious goals. Misinformation at the hands of targeted advertisements has been the source many-a controversies of recent years.
My point is i'd agree with you if advertisements haven't been so blatantly manipulative over the last 50+ years. If they were simply "Hey, you like X, try Y?"; but they're not. That ship sailed before i was even born. And it's only gotten worse with time.
Based on this, the only solution is to make sure nobody has any information that may possible be leaked and, at the time or later, be connected to me.
In addition to that nobody targets ads with value, because valuable products are super rare and don't need advertising because those show up in magazines, on blogs etc created by people interested in the field, because sharing those products give value to their readers.
I tested it recently on youtube, both by my locked in account (15? year old google account with a ton of info) and in a firefox container. The first ad was for some casual mobile game/scam and the second was for something I can't remember anymore. I also don't remember the first ad I got on the account that wasn't logged in, but the second one was for a website that sold used iPhones, something that I am very much interested in.
So, despite knowing a ton of me, Google couldn't show me a related ad that was better than the ad it showed when it had no data.
For a very long time the ads in gmail were all about getting loans no matter how poor my credit was, when my issue was that I need a good place to invest my money, not take on expensive loans.
Currently they were trying to sell me extra chargers for electric cars, of which I don't own any.
Facebook showed me a generic ad for cancer awareness aimed at somebody 15 years older than me (they know my real date of birth).
Previous to that they showed me a ton of ads for extra comfy travel trousers.
Twitter got the closest by showing me ads for places to buy crypto (yes I am interested in that space, no I won't by stuff from ads that scream scam to me).
I don't know what will replace ads, and it is possible that ads might bring some value in specific cases but in general they are a waste of money. I suspect Google etc knows this, but can't say it for obvious reasons.
Brand awareness ads might make sense, but it doesn't really make sense to target those much.
This is a very specific statement. It may be true. But, even if we accept for the sake of argument that it is, it's not quite the same statement as, "Mass personal data collection has never resulted in personal harm," which, while seeming quite similar, also happens to be false.
What is the math here? How do you account for society-wide lost productivity from spending time consuming advertising? Or for people making sub-optimal purchasing decisions when products that are worse for their needs happen to have bigger advertising budgets?
Work in advertising by any chance?
If you read the article, it's not primarily about advertising. It's about privacy and the negative impact to society on losing it.
The ad tech firms were certainly pivotal in creating the dystopian surveillance world we live in. They deserve every single bit of bad rap they get for that and, personally speaking, I really hope there's a lot more bad rap heading their way.
>the fact of the matter is that cookie tracking data has NEVER been associated with any leak or data breach that resulted in personal harm
I don't know if you're deliberately positioning that duplicitously or not. I'll give you the benefit of the doubt.
Whether there are cookie-based breaches or not is, in practical terms, irrelevant. Read the article. With cookies, and without breaches, the Facebooks and Googles of the world allow advertisers to promote smoking to children or payday loans to those with financial troubles.
Advertising is a wide spectrum. At one end it's relatively benign: billboards and the like. Some feel even that is unacceptable. At the other is the FB/G hyper-targeted end. In and of itself it is extremely creepy. But the article is about much more than just the weird experience of wondering how they knew to target you for erectile dysfunction treatment. Or divorce lawyers.
Ad tech has bootstrapped a global panopticon. That's the problem here.
Oh, and next time your insurance premium goes up mysteriously, have a think about your browsing history.
>If you can more easily reach a niche audience, you can build better more targeted products.
in practice, these two concepts are incompatible. everyone has buttons that can be pushed with the help of detailed psychological profiles made by advertisers.
if you push those buttons enough times, it's typically unhealthy for the person and financially beneficial for the pusher all the while.
How could you possibly make this claim in good faith, let alone believe it?
EDIT: typo
Is not advertising, it's sales: the seller establishes a personal relationship with the buyer, finds out what the buyer's needs and wants are, and proposes a product or service to them that satisfies those needs and wants. Advertising is nothing like that.
Not to mention that most things that get advertised for, nobody sells the way I just described above. The only products most people buy that get sold that way are houses and cars, and those aren't the kinds of things advertisers are trying to sell using harvested personal data. Most products that people buy that are advertised that way, they choose themselves, they don't have a personal sales person helping them.
Do you have a link for this?
Now if I had the same degree of control over all of my personal data we wouldn't be having this discussion.
Disclaimer: I worked in advertising.
Privacy is important because it protects you from the influence of others. The more companies know about you, the more power they have over you. If they know you are desperate for money, they will take advantage of your situation and show you ads for abusive payday loans. If they know your race, they may not show you ads for certain exclusive places or services, and you would never know that you were discriminated against. If they know what tempts you, they will design products to keep you hooked, even if that can damage your health, hurt your work, or take time away from your family or from basic needs like sleep. If they know what your fears are, they will use them to lie to you about politics and manipulate you into voting for their preferred candidate. Foreign countries use data about our personalities to polarize us in an effort to undermine public trust and cooperation. The list goes on and on.
There are quite a few stories that have cropped up over the last decade or two that show this is actually happening.... the most precient one I can recall was where Target outted a pregnant teenager to her parents before she even knew she was pregnant:https://www.businessinsider.com/the-incredible-story-of-how-...
https://www.kdnuggets.com/2014/05/target-predict-teen-pregna...
Sure it's not a big deal if you buy a red shirt and I buy a blue shirt but it is a big deal if you can piece together the security questions (thankfully falling out of fashion as a recovery method) for my bank account.
It's not a big deal when you don't get an advertisement for your local university but if an authoritarian government roots out gay people because they have access to credit card data for Grindr subscription charges that's probably not great.
I guess my impression is that it's not what's happened so far (although certainly innumerable lives have been sullied for weeks, months or years at a time due to identity theft, credit card fraud, and the rest), it's the potential of what could be.
No, there are things that two parties cannot legally agree to do even when there is a stated agreement between those parties.
Most of these things aren't legal because society has recognized the immense harm or potential for harm that they have.
For example, you can't legally sign yourself into slavery, nor could you (as a minor) sign a contract with an adult which would make sex legal; even if all parties say that they agree to it.
The slow destruction of privacy is creating situations which have the potential for immense harm for specific people around the world (e.g. people who criticize certain governments). To ignore these sorts of situations whenever there's a discussion on privacy is foolish at best, and maliciously disingenuously at worst.
> I willingly give my personal information over to a variety of firms [...] It's not your place to say whether that's okay or not, because it doesn't affect you.
It absolutely can affect me (or anyone else) if some of that information reveals details about anyone who isn't you. This is exactly the case with (e.g.) all of the social-graph information that Facebook collects. It doesn't matter if someone went through the process of deleting their account if information about them is still being collected by proxy.
That's not to say that any data that could reveal information about someone needs to be treated as though it "belongs" to all parties, but does mean that claiming some form of ownership over the data is not at all straightforward and that merely using the idea of ownership over data is unlikely to address many of the issues that have arisen from mass collection of data on people.
> Human trafficking + consent = immigration.
No. That is entirely wrong. Human trafficking is, by definition, done without informed consent. Stating that just "adding consent to the equation" makes it into immigration is completely ignorant of the motivations, realities and harms of that particularly disgusting criminal enterprise.
The problems with human trafficking don't arise because someone "didn't consent to something"; they arise because of the deliberately-engineered power imbalance between criminal organizations and their victims and the intention of forcing people into indentured servitude and forcing them to make money for the criminals.
> Organ trade + consent = organ donation.
Also no. Organ donation is (or should be) done without any sort of financial benefit to the donor. It's done that way to prevent the organ trade from flourishing. This is exactly the point I was making that assigning a "value" to something doesn't suddenly remove or negate the harms that that thing can cause. In fact, in the case of organ donation, there are a lot of rules which have been set up to explicitly prohibit someone from buying a human organ, specifically because of the known harm that the organ trade does.
> And yes, there should be a practical way to revoke access to data. There are ways to accomplish this technologically [...] We just don't use them yet, for the most part.
There are many ways of collecting aggregate data about populations that don't have to result in individual privacy being destroyed. They aren't used because, under current laws, it's more profitable to just collect all the data and not worry about preventing it from being abused; because there aren't any real penalties for companies and individuals who cause harm by gathering/selling/losing control of this data.
That is to say, it's not (and never has been) a technical issue. It's a political one which requires that people have an informed discussion that isn't heavily swayed by people with a vested interest (e.g. the online advertising industry, as I suspect that many people in this thread are in)
And you've only addressed half my argument. I don't know who my neighbor is banging because of cell phone tracking. You don't know who your neighbor is banging. Nobody in this thread knows who their neighbor is banging. It's an entirely theoretical danger that has not yet come to pass.
Imagine trying to be a new author, marketing a book before Amazon, before Twitter and Facebook.
Search history and medical info would be more concerning than that information, on average, I would guess.
Anti competitive behavior, I would think comes automatically with such massive centralisation. What's scary is the ability to mass incite riots, using knowledge of the most susceptible audience to fake news and pushing it out incendiary posts to exactly that audience. India has faced multiple such incidents already. Deliberate ? Maybe in the sense of affinity algorithms.
With the backdrop of the Stanford experiment, and a host of other biases giving almost tribal warrior behavior, should such affinity data be allowed for collection ?
My apologies if this sounds drastic, but data collection generates micro nukes, generated based on turning individuals into an array of microcrucibles.
If you think about it, bad ML (or your words: "...ML isn't magic.") is just as bad, if not worse, than infallible ML.
ADP is one of the largest paycheck processors in the United States. But almost no one realizes that if their paycheck comes through ADP, their salary information is being sold. Remember, this is also a company that knows when you've been hired, fired, has your Social Security Number, and a lot of other very personal financial information. According to a New York Times article from a few years ago, ADP is selling you out worse than even the cell phone companies. Yet, there was zero uproar about it that I noticed.
As for bank balances, I was very surprised to learn recently that bank balances are not part of credit scoring. I have a substantial amount of emergency savings. The last time I pulled my credit reports, it wasn't on any of them.
I agree that there is a long way to go before pervasive feelings of safety will exist. You also seem right that the transition, if we choose it, will more positively be consensual and gradual. This conversation seems to be often spoken of with binary models. Further, the preference clusters are implied to be in opposition so I hoped to offer a counter to that in case it might have a positive effect over the long term.
It's interesting how our culture has adopted the mantra that "computers are never wrong." Yet, every day in the media there are dozens or hundreds of articles about computers and systems making mistakes. I wish we could break that cycle of believing anything that comes off a screen.
I fight my own minor battles against this weekly. As part of my job, I maintain an online directory of about 70,000 businesses related to the one I work for. I regularly get e-mails from people saying things like, "The phone number for X is wrong. Google says it's this...!"
Then when I look into it, Google is wrong. But because it's Google, people assume it's right, and my web sites are wrong. We need to teach people that not only do computers make mistakes, but Google is the king of all mistake-generating engines.
It couldn't be more timely as our society has no concept of measurement noise.
"What I read is 100% true and based on "science" so to have any uncertainty means you are anti-science".
There is an astounding number of people using that as their main heuristic.
I remember being out of college and finally being able to buy adobe products to do photography and then Adobe got hacked and my un/pw was out in the wild. It was safer to pirate their stuff and trust some crazy keygen software that's definitely doing something nefarious cuz at least I could run that in a VM.
(the real horror here, is they only had to sample a small subset of social media users, then compare their profiles with everyone else via "likes" and whatnot to develop accurate personality profiles of users who had no fucking idea they were being profiled because they never took a personality test).
I assume that data like that, unless refreshed, gets stale and useless fairly rapidly. But holy shit we're just sitting here, blind to the dangers of this data collection.
Or it could be as mundane as Russia's CozyBear group hacking a Ukrainian app store to insert malware into popular messaging apps, and using that app installed on a Ukrainian soldier's phone to direct artillery fire. Maybe THAT'S "a real crisis"?
You can literally do far more harm with data than with automatic weapons.
Because that data gives you access to narrow-band propaganda. Instead of hope-for-the-best broad messaging you can target specific groups with content, signifiers, and emotional tone that is known to be effective for them, and encourage specific collective beliefs and behaviours.
It's not even persuasion any more in the ad tech sense. When it's done by hostile troll farms or state actors with a covert political agenda it's literally psychological warfare.
IMO the industry needs to take a long hard look at itself and start asking questions about whether this is really where it wants to go.
Hacker culture has a benign, goofy, on-the-spectrum, somewhat arrogant but mostly harmless reputation.
The reality couldn't be further from the truth. Data collection and social media systems are psychological weapons. They're absolutely hostile to rational informed choice and participative democracy.
And given the temptation to abuse that power in various ways, we should be having more of a conversation about this than we have so far.
Agreed. For example, it's unlikely a government agency is going to care about your personal web page talking about how you're open to theories about UFOs. But a potential employer may decide not to hire you because your mind is open to the possibility. Or worse, an employment screening company's "algorithm" will score you lower because of it.
But at the same time, the practice of regularly and routinely recycling user identities is ... well, it really does prevent the formation of a community.
The most toxic community I'd ever encountered was a supposedly "kinder and gentler Reddit", the late and unlamented Imzy. A core feature was that individuals could spin up a new pseudonym on each individual thread.
The result was both absolutely disorienting and gave rise to vicious bandwagon and brigade attacks.
Whatever problem Imzy was trying to solve, that was the wrong solution.
(I'm aware that chans often follow a similar tactic, and that ... they tend not to engender highly constructive behaviours.)
And of course, HN stands at odds with this theory as well. No one "knows" me on HN. I don't have a reputation, or a real identity, and I'm cordial enough. (I hope) HN enforces conduct, and this enforcement is not defeated by anonymity.
That's not one you're willing to make and you adjust your behavior accordingly. HN can't be all things to all people. And that's okay.
You clearly find some value in HN as it is because you continue to use it. Something to consider: changes you might like to see may very well change the community as a whole to make it less a place you want to be. Hard to say, without running the experiment, but one of the hazards is that running the experiment could irreparably damage/change HN. And rebooting it would be likely nigh impossible. (If it were easy, we'd all create the fora we wanted.)
Only two of your examples (parental controls and location sharing) require any kind of network, and those could be done with a private VPN running at home.
The design of cloud-based services is purely for convenience and collection. Sometimes if the collection can be controlled, the convenience is worth it, but every beneficial algorithm could be run locally.
- Reliability. The cloud is available with little or no downtime, to 5-8 nines (5 minutes to 1/3 of a second of downtime per year). Each nine costs roughly 10x the previous one.
- Bandwidth. Residential service may work for your own personal file transfer needs, but if you're sharing to the world, even a modest degree of traffic results in a hug-of-death.
- Security. Ideally, cloud systems are managed and monitored against network attacks, as well as affording physical security practices.
- Updates. This becomes Somebody Else's Problem.
- Ongoing development. Dittos.
It's not that these aren't addressible by individuals, but it's a lot of effort to do so, and at population levels, people are simply unlikely to be able or willing to do so. A small percentage, yes. The vast majority? No.
Raw compute power is a tiny fraction of the concerns involved in service hosting.
Smartphones are a massive leap forward in low-power/energy-efficiency, but my 2013 desktop machine (KGPE-D16) still creams every smartphone ever manufactured on any metric other than power consumption.
I'm kinda tired of hearing nontechnical people congratulate themselves on having a "supercomputer" in their pocket.
Health records used for AI machine learning training . Your health data are in the vendor database . What possibly could go wrong?
It'd be much more interesting to see that sort of data sharing/access occurring than simply saying that people are entitled to some percentage of the profit that was "generated using their data" (which would be highly susceptible to creative accounting).
Preserving the privacy of individuals would still be challenging though.
Most people don't know the extent to which companies track them across the internet and their devices. It really would be better described as "stalking" given that there is a clear intent by most online platforms to be as stealthy as possible when it comes to their data collection activities.
> Facebook knows a lot about you not because it's tracking you, but because you keep posting things to it.
That's not at all true. People who have explicitly chosen to _not_ have a Facebook account still have their data sucked into the maws of Facebook's data collection systems. [1]
> Cookie tracking is an alternative way to build up an effective advertising profile that is decentralized and anonymized
Cookies cannot possibly be used to build up any sort of decentralized "advertising profile" across the internet - either you allow third-party cookies for tracking and the advertisers become the centralized data collectors or you don't and the cookies don't really provide any information that a website couldn't already collect (and which, critically, wouldn't be useful to produce an advertising profile for anything other than a single website).
> [..] which I think has some value.
Value for whom? It seems that you're very interested in talking about the value of data for those who collect it and are completely disregarding the value or cost to the people who are being tracked.
Citation needed.
Also, you don't need a copy of every single byte that a tracking company collects; summaries are more than enough to be useful to track individuals across the internet.
> The volume of the data makes it basically impossible to exfiltrate.
An attacker doesn't need to try to exfiltrate a large fraction of collected data; only the data that's likely to be interesting to them.
See Facebook/Cambridge Analytica [1] for an example of just how incompetent a technically-sophisticated company can be when it comes to protecting their users' (and their own!) data from potential adversaries.
[1] In particular, the comments from Alex Stamos, the CSO who said “We have the threat profile of a [...] defense contractor, but we run our corporate networks [...] like a college campus" (from https://www.cnbc.com/2017/10/19/facebook-security-chief-alex... )
If someone can slip cameras into what looks to me like gnats and film my bathing, well, my bathing isn't so exciting, but how can we prevent it? Some weird EM shielding arms race on nano-bots or something? And still all the sound I utter will be recorded. I wouldn't want to live on a planet with no insects. If I were 9 and I had a "build your own flying gnat" kit, pretty sure I might try to find out about what naked people look like. Now I grew up in a relatively repressed family and society, so maybe the cool Europeans have a different take on it. Maybe if there's 10M "watch people all the time" public channels with video feeds from all over the planet, peoples mental health would adjust somehow. I suspect we'll find out. Most people (that I talk to in real life) are stolidly uninterested in the "omg, do you know what the data people are gathering thru your phone" facts.
I for sure don't want to live in a society where the powerful have privacy and none of the regular people do.
The west wants to be free of life’s problems while also being free to optimize time to avoid dealing with them.
It’s almost as if physical reality is full of real constraints our imaginations can refuse to acknowledge.
As an anecdote: I am the only one in my extended family who does not use the car insurance tracker. Everyone is calling me out on why I dont get the "free" discount.
People are being massively lied to about what is veing tracked and what is being done with that info.
Or maybe these services are a monopoly, where they could start eating babies and not loose their audience anyway
The best is when a service is paid and it still traks you, like amazon
I pay for email services (and make some use of gmail for junk/transactions).
I also would never use one of the insurance trackers. They literally have zero clue of what they are doing and interpret things backwards. E.g., they interpret higher g-forces as bad driving. Yet, as someone who has been through countless high-performance driving and race schools, had racing lisenses, and won multiple racing championships, I can tell you that what high-performance driving, whether racing or getting out of emergencies, is about wringing out of the vehicle, suspenseion and tires, every last bit of grip to maximally accelerate, brake, and/or turn. Of course, I'm usually very smooth and low-g on public roads, but if I do something like maneuver around an animal in the road, they'd see a high-G maneuver and charge me for bad driving, when in fact, I probably saved them from a claim.
It is a lovely concept, but the institutional idiocy really bothers me.
You could, but you don't.
In the end I guess it boils down to whether you trust advertising companies to only help their customers sell stuff that nobody needs.
If marketers would only get this they would make so much more money, and I would get better ads for more relevant products. Instead I get ads that target me because I am in AGE_RANGE and live in country, or ads for scam products.
Break the population into groups:
1. Have a working dishwasher / don't need one
2. Old dishwasher is failing, looking for a new one
3. Just bought a new dishwasher, it works great
4. Just bought a new dishwasher, going to return it
I suspect group 4 is who they're targeting.
Ever recommended something to a friend/relative, or bought a second one of something that works/fits/performs well? Or even ever thought you should. I've definitely bought a pair of trainers (sneakers) and then thought, oh I should have bought another pair. If the shop had sent me an email, "get a second pair postage free" a few weeks later then they'd probably have made a sale.
I know people who have second homes definitely would re-buy white-goods, for example.
"Okay, cool"
"But I never agreed to that."
"Too bad."
Under what circumstances would you describe that as consensual?
And that's not even getting into the concept of _informed_ consent; something that they clearly don't have given the amount of user anger that gets directed at Facebook every time when a new leak/breach/data collection method is revealed.
[1] https://news.ycombinator.com/item?id=5921092 In addition to the fact that they collect information about people who don't join Facebook (and agree to the ToS) by virtue of the information that others (often unwittingly) submit to Facebook, like group photos, mobile phone address books, etc.
Just bored people trying to win an argument for fun.
Good job paxys! You win. You are so smart! Here is pat on the back old chap.
I doubt the forefathers would have thought there needed to be a law against me passing on info.
Probably not, since it created a new powerful orgabization (the federal government) and mandated it to go around classifying everybody by a particular set of feature (whether they were a “free person”, an “indian not taxed”, or an “other person”.)
Given that when the framers were scared of a powerful organization doing something, their first concern tended to be about government doing it, and their response tended to be to prohibit at least the federal government from doing it, I think the fact that they mandated the federal government to do it indicates that it was neither something they feared nor something they failed to fear out of lack of consideration.
I mean the Bible tells us about censuses by the Romans ~5BC, so depending what's in your list ...
One can certainly make a case that even limited-scope non-compete clauses in employment contracts are an affront to human dignity; on the other extreme, there are those who would claim that freedom necessarily includes the "right" to sell one's self into indefinite servitude. Where do we draw the line? I don't see an intrinsic "bright line" or Schelling Focus on the question. What is the "statute of limitations" on the Present Self being constrained by the choices of the Past Self (at least, in the context of contract enforcement)?
I can't claim to have a complete answer to that question, but it seems that every time that the line is drawn too far towards the direction of slavery (i.e. away from individual liberty) there is a substantial power-imbalance.
That seems to suggest that any situation where there is a large power (information, monetary, etc.) asymmetry between two parties will lead to one side being heavily disadvantaged, almost certainly due to the intentional structure of that arrangement.
If true, that would suggest that any circumstance where there could be a large power imbalance between parties must be carefully moderated and that limiting "individual freedom" by not allowing people to sign away their rights in a way that mostly benefits someone else could be a reasonable way of approaching this problem.
Hopefully that made sense!
What other way of preventing that do you propose? Fingerprint? I will will send the data of fingerprint. Facial recognition? I will just grab your profile picture. What kind of method do you envise that could prove you are you and not somebody malicious?
If nobody gave their data to services that sell it on or use it for profit then there is no data economy.
Convincing even one person to choose more privacy friendly choices helps a little.
Well, Yahoo's publishing of supposedly "anonymized" data still poses a privacy risk to any of their users: https://www.vice.com/en/article/yp3d8v/yahoos-gigantic-anony...
That's just one of many apparently "anonymized" datasets that has been trivially deanonymized by researchers/hackers/internet-stalkers; so there's plenty of harm to be done.
I also can't see attitudes like that changing until companies that collect data are seriously held to account for any leaks/abuses of the data that they collect.
Potential penalties would probably have to include criminal charges, in much the same way that individuals and companies can be held criminally liable for mishandling toxic waste.
It's like the US tax code... it is insanely complicated and in a lot of ways doesn't serve the public well (because rich folks can use the complexity of it to escape taxation), so it's easy and popular to say let's just get rid of it and start with a new, simple tax code.
The problem is it got to be the way it is for a reason. We want to incentivize people to own homes and buy electric cars and a thousand other things, and we use the tax code to do that. If you tear it down without a plan on how to keep incentivizing all the things you want, you're going to end up with some undesirable results that you then have to fix.
It's fine to say let's throw it out and start over, but if that's as far as your plan goes then it's pretty lazy.
And what do we want to replace targeted ads, surreptitious tracking, and a system that exploits its users for money while not being held accountable to its users with?
I'd say we're better off with nothing. So yes, in this instance, burn it all down actually is a solution.
I'm aware I'm ignoring the externalities, I'm aware it's complicated, and I'm aware what I'm proposing actually is lazy. I'm aware a bunch of people will lose their jobs (mostly in tech though so I really don't feel bad, having spent most of life in that industry). I'm saying in this instance it doesn't matter. We're still better off burning it all down.
[If we want] to incentivize...
While it's true that incentivization necessitates tax code complexity, we don't all agree on the necessity of incentivization in the first place.
"Burn it all down" is easy to say. You can apply it to anything, with no further thought. It's precisely what I'd call "lazy".
To avoid being lazy, you'd have to couple it with exactly what you intend to build from scratch, and ideally how you'd go about it. That's a ton of work, not just because you have to have a concrete idea, but because you have something that people can point out the flaws of. Many of whom will say, "It's terrible, burn it down."
People who diet non stop because they might get to day 20 and it isn't working and the solution is to start over in a week or so.
It is much easier to make yourself think that behavior will change if only one got a clean start. But inevitably you find yourself at a similar point, and a similar result.
In order to start from scratch and make it effective, you should have a reason why things will be different in the future.
There are certainly problems, but you haven't put enough thought into what the statement even _means_ (Would this eliminate EMR systems? Bank transfers? Credit scores?) to consider what "burning it down" means, or "it's not working" means.
I never heard any convincing argument about why privacy has value.
>but that doesn't mean we should allow everything to be collected.
Why ?
You have either _never_ had to keep a secret (which I highly doubt, unless you happen to be a literal child) or you simply aren't arguing in good faith.
Assuming that you are arguing in good faith, let's consider a potential reason why someone might value their privacy:
Some people are born attracted to the same-sex (gay, lesbian, bi, pan, etc.).
There are some countries where being gay is a criminal offense; there are even some countries where you can face the death penalty for this. [1]
If a gay person lives in one of those countries, don't they have a right to keep this fact about themselves private simply in order to protect themselves? Or does their life have less value than the profit that can be generated by the "Data Economy"?
[1] https://en.wikipedia.org/wiki/Capital_punishment_for_homosex...
I don’t know anyone that would want to spend money on a hotel if there was a security camera in the room. I would get the more expensive room without the camera, probably go to a different hotel.
Doctor and patient confidentiality is implicitly understood. Do you think doctors should be able to tell advertisers what their patients are going through.
Maybe your own individual privacy doesn’t have value to you, and that’s okay, but other people value their privacy, and these corps profiting off data definitely find value in lack of privacy.
It’s been more than a decade, but I was impressed by this research from Allessandro Acquisti that suggested people valued their data only in the pennies.
When 25 Cents is too much: An Experiment on Willingness-To-Sell and Willingness-To-Protect Personal Information, Jens Grossklags, Alessandro Acquisti, Workshop on the Economics of Information Security (WEIS), 2007
why do you think is that ?
>Do you think doctors should be able to tell advertisers what their patients are going through
Why do you think they shouldn't ?
>these corps profiting off data definitely find value in lack of privacy.
Yes of course there is value in lack of privacy, but what is value in privacy ?
Even now, the problem is that you want the data sometimes. Like maybe you use Life360 because it's handy for your family. Well, it knows how fast you drive (it likes to tell me my wife's top speed after she goes somewhere...). It has enough accelerometer access to decide if you've been in a wreck. It's a GPS app so of course it has pretty tight location information. And maybe you consent to all this, but hidden somewhere in the TOS it says Life360 may share this info with selected partner companies. Now it gets slurped up by big data warehouses.
Maybe you install a sleep tracking app. Now they know how well you sleep, and I would bet they could pretty accurately figure out if/when you're having sex. Depending on the device, they might even be able to guess whether or not it was solo.
Perhaps you don't like the limited options Apple has for pedometer data, so you install Pedometer++. Another possible avenue for data collection.
Or Instacart, Uber, Uber Eats, etc.
So. Much. Data.
No need to hide it, Life360 clearly states right near the top of its privacy policy "In order to keep our Service free for most users, we generate revenue through trusted data partnerships. We share device data, including location and movement data, with trusted data Partners for tailored advertising"
When your Apple device communicates with "Apple", many/most of those IP addresses are owned by Akamai.
Even when you search DuckDuckGo, both the search results (Bing) and web servers that serve the content are owned by Microsoft (Azure).
"Gmail messages 'read by human third parties'" https://www.bbc.com/news/technology-44699263
"One company told the Wall Street Journal that the practice was "common" and a "dirty secret". ...Google indicated that the practice was not against its policies."
And if you as the user want to share no data at all, you should have that option. This is the company's problem, not the customer's problem - or at least that's the world I want to live in.
And obviously don't hide anything behind dark patterns, and all the other common sense gotchas. Violations should be treated as criminal fraud with prison time (assuming they are found guilty in a court of law, and proving criminal fraud is notoriously difficult but the threat needs to be real).
Here is another example: some people argue for privacy because the information can be used to criminalized gay people.
Well then fix the criminalization of gay people instead of trying to hide the fact that they are gay.
>Facial Recognition?
That could be one way
> I will just grab your profile picture.
Then maybe fix it to detect whether its a real person or just a picture.
Or maybe there are better way, I don't know.
Like I said, I'm not the expert, I wouldn't know every solution to every problem.
My point is we should spent the effort on figuring out that problem instead of trying to keep thing hiding.
So far as their businesses are concerned, the data is safeguarded and I would never expect it to be sold--not by the top of the data food chain in any case.
But there's the issue of data being stored with US companies requiring being subject to US laws, such as the USA PATRIOT Act.
TLS SNI.
Without those gatherings, organizing against anti-gay propaganda (equating it to pedophilia, claiming it would be the downfall of civilization, etc.) would have been impossible and it's unlikely that the laws criminalizing homosexuality would have ever been changed.
If you kill privacy then you'll also kill the ability of marginalized groups to organize against any future oppression.
I doubt you actually believe that privacy doesn't matter however, because you're posting here under a pseudonym and haven't linked any social media accounts or anything which could reveal "private" details like your full legal name, place of residence/work, etc.
Impossible is a really strong word. I'm not saying that its going to be easy but I doubt that its impossible. That's my point lets spend the effort to figure out/solve this problem instead of trying to hide information.
>I doubt you actually believe that privacy doesn't matter however, because you're posting here under a pseudonym and haven't linked any social media accounts or anything which could reveal "private" details like your full legal name, place of residence/work, etc.
I would love to have everything for everyone to be public so that I don't have to worry about hiding those information. The problem is right now I can't. That's why I'm advocating we spent the effort on solving the problem that arise when the information is public rather than trying to hide information.
Likewise, if I'm gay I would much much prefer to have gay to be decriminalized rather than hiding my sexual orientation.
So you're willing to concede that people being unable to make the choice to keep something about themselves private will make it harder for them to promote their own rights? Can you understand how a lack of the ability to have private conversations, relationships, etc. could cause serious problems for some people?
Because earlier in the thread you said: "I never heard any convincing argument about why privacy has value." but now you are seem to be implying that privacy actually does have value to some people, correct?
> That's why I'm advocating we spent the effort on solving the problem that arise when the information is public rather than trying to hide information.
That would be a reasonable statement if you weren't also earlier criticizing the concept of privacy and stating that it had no value. You can choose to reject the idea that people should have individual privacy and try to push for a world where people didn't feel that they had to keep secrets, but you'd need to fix all the systemic issues before you could ethically promote the sort of radical transparency that you're talking about.
Trying to claim that privacy doesn't matter because it'd "be better if everything was public" without first addressing these other issues is terribly callous and could only seek to increase the amount of trauma in the world.
Privacy provides a fundemental protection from persecution by your government. This is precisely why the constitution includes specific privacy protections.
So while we should fight governments that persecute homosexuality, we also need to protect at least some aspects of privacy to keep protections for the next persecuted group.
Should we avoid preventing further damage that the domestic company is doing? Or should we limit ourselves to dealing with the issue diplomatically, and not do anything else for fear of "looking at the wrong problem"?
I don't understand why you'd seriously suggest that reducing the likelihood of known harm (by ensuring some level of privacy) is the wrong thing to think about when it doesn't prevent other actions from being taken too. It's possible for groups of people to do different things at the same time, after all.
Ultimately, your argument will never result in a situation where privacy is taken seriously because you could substitute in any issue and your conclusion could just as easily be that "better privacy is looking at the wrong problem."
You say "just fix it to detect whether it's legit data" - how? Deep fakes are getting better by the day, we already have problems with recognizing them ourselves.
Yes it could cause serious problem but not the privacy itself that the problem, its other people using it to harm other people is the problem.
My conversation being public by itself is not a problem, the problem is when people use it to harm me.
>but now you are seem to be implying that privacy actually does have value to some people, correct?
In any case its not the privacy itself that has value.
So is it OK to advocate for the destruction of people's privacy in this situation or not?
If it is, then you're admitting that you just don't care about the harm that could occur (and trying to minimize the responsibility you'd have by hand-waving the issue as being "other people")
If it is not OK to destroy people's privacy in this situation, then your entire argument about how the coerced loss of privacy isn't a problem is contradictory.
No, to minimize harm is my eventual goal.
There are multiple way to achieve that.
You can try to by privacy or by fixing the actual issue.
I would much prefer the actual issue to be fixed.
When you fix the actual problem, the privacy become irrelevant.
>If it is not OK to destroy people's privacy in this situation, then your entire argument about how the coerced loss of privacy isn't a problem is contradictory
My argument is the loss of privacy by itself its not a problem.
Again, I'm not the expert, every situation will may require its unique solution.
>You say "just fix it to detect whether it's legit data" - how
Yes this my attempt to at least give a hint with my far from expert knowledge.
My point is we should spend our effort to solve this instead of trying to make information private.
No, this isn't a hint, because I already stated why it wouldn't work: thief will just use publicly available data and create deep fake to mimic the owner of the bank account.
If we had technology which could magically determine whether received data is genuine, the only safety check would be "Are you an owner? [y/n]"
> My point is we should spend our effort to solve this instead of trying to make information private.
Again, nobody sane ever have spend any effort on something without even a hint for it being possible. I am asking: what's your argument to even think it's possible?
It'd be fascinating to watch someone to try and recreate concepts from cryptography without the crypto though!
Your response was that you would "much prefer the actual issue to be fixed" and that "When you fix the actual problem, the privacy become irrelevant".
Which (presumably intentionally) sidesteps the question of whether you think it is reasonable to advocate for the destruction of someone's privacy when it is likely to cause them harm.
In your advocacy for the destruction of privacy in this thread, you haven't proposed anything which could minimize harm for people who rely on privacy; in fact you have taken great steps to even acknowledge that there are people who could be harmed by the destruction of their privacy.
At the same time, you're willing to acknowledge that you don't want to post comments here using anything other than a pseudonym because "the problem is right now I can't". So you are admitting that you'd prefer to keep some privacy around your identity.
This could be a reasonable position if you were willing to acknowledge that people (other than you) could be harmed by the loss of their privacy. You have refused to acknowledge this and so that argument is untenable.
Finally, you stated that your argument was that "the loss of privacy by itself is not a problem". You haven't provided any evidence nor explanation of why you believe this to be the case and have refused to acknowledge the value of privacy, despite multiple examples and the obvious hypocrisy of not "practicing what you preach" (though I'd be willing to accept this if you didn't claim that privacy has no value whatsoever)
I did give an example of a situation where someone could be harmed and you didn't bother to address it.
I think you're just being disingenuous and I don't see the point in engaging any further in this discussion.