Ask HN: I'm not motivated enough to take privacy seriously
I see all this posts about Google (with it's massive services), Twitter, Instagram, [any other sites], collecting data and building a profile of you to serve you personalised ads and maybe other stuff. I understand that. But, apparently not enough! as I can't seem to leave the convenience of it. Maybe it's because it isn't tangible?; as in I can't visualise how all this will affect my day to day life, so I always give in to the comfort. Can you please convince me otherwise?
Real time pricing and personalized pricing. The more marketers learn about you, the more they will be able to set custom prices for you that may not be in your benefit. Think airline tickets, that's the model people are after.
What if I told you that in 10 minutes you could get most of the way to great privacy without leaving Google services or social networks at all? Also your pages will load faster, you will be paywalled less often, and you will see a security benefit.
1. Browser containerization, use one browser for browsing normally and never sign into accounts, use the other for only signing into accounts, no normal browsing
2. Install Ublock origin and privacy badger extensions
3. Get a VPN (ok, this takes more like 10 minutes by itself) and use it
4. Only browse in incognito mode and set your browser to delete history
5. Make firefox and brave your browsers and turn on their default privacy features
6. Continue to chat on social networks and Google but use their encrypted products (Allo incognito, WhatsApp, FB's thing etc)
I am afraid grocery stores will start this. (Or perhaps they already do.) Virtual sales for certain people for specific products. But it is hard not to pass up the huge savings the "bonus" card gets you.
Ok, pricing thing is scary.
1. Interesting
2. I've it installed already
3. How does vpn help?
4. Does having safari, help?
5. I use safari as default. does that work?
6. I don't use FB, Twitter. Only Youtube, Gmail
3. VPN helps by obfuscating IP address which is one way you can be tracked.
4. What you are trying to do is clear cookies and history regularly so trackers can't vacuum that data up. You can probably set similar defaults in Safari but I don't know how.
5. I advocate for Firefox because they have protections against browser's fingerprinting. I don't know if Safari has these, you would have to check.
6. You should use encrypted chat, it doesn't really matter which you choose.
Together with the related Black Mirror episode, which I wasn't able to finish because it made me too sick to my stomach - too realistic, too close, too terrifying :S
A lot of things you can do have a fixed cost ie they won't affect your life at all in the long run, just once. If you download a new browser (firefox), change your search engine (to startpage, duckduckgo, etc.), install an ad/tracker blocker (ublock0, privacy badger). This won't result in a loss of convenience, it'll just take a few hours and then you can continue living your life exactly as before. Obviously, there are things you can do to protect your privacy further, but just doing this will be a huge net positive with no drawback.
This is a totally acceptable attitude. It’s your data, you can give it away or sell it or whatever. It’s your choice.
It matters to me so I pay attention to news about products and companies with regard to privacy.
Privacy, like free speech, is a universal human right. The fact that you choose to share information doesn’t mean you lose that right. Any more than not speaking does not mean you lose the right to free speech.
But, here's the thing, I don't know what I'm giving away (or selling) and what repercussions it can have on me. With free speech (and other human rights) I can exactly see what it means to have it as a human right. With Privacy, that line becomes hazy and I'm trying to make it clearer. makes sense?
To expand on the point, if most people are like OP, then the concept of privacy as a "human right" is on thin ice anyways. It's hard to convince people to subscribe to some vague concept or idea if they are not in immediate pain / it doesn't provide some immediate benefit.
I agree with your lack of motivation because ultimately everything is connected so there cannot be any privacy actually. One thing this means is that privacy is egoity and the ego is a mental fabrication, totally illusory, however of convenience with a body in the world. In other words, don't worry about it. There is an assumption of practical common sense along with this viewpoint. Namely there is no expectation of publicising your credit card numbers, passwords, and the like. Practically it is usually best avoiding social media, minimizing the number of login accounts and often refraining from commenting on websites. In summary, if you really know who you are, there is no danger of being discovered, no danger of being omitted, nothing to lose, nothing to gain, nothing to keep private, nothing to publicize.
Absolutely right. Privacy was an Enlightenment concept granted to so-called "Enlightenment thinkers" which were really just egotistical white Europeans. It was a mistake for a country as great as the USA to think that privacy should be appropriated from a gray and troubling past.
Exactly! Also, where do we draw a line between private and public? Especially when you don't know weather the digital records of you today can be abused in the future. Like where should I draw this line and say, "yep this shouldn't be here". And even If I draw this line, what about my other loved ones? they have to be onboard on this too, otherwise this can all be futile. It's just such a huge topic and we don't really know what will happen in the future (except in china, man that's scary). And this may be the reason why there are people who don't care about it all, or people who are really paranoid, and somewhere in the middle who just don't know what to do.
I think it's important to take time and think about some of the potential outcomes of bulk data collection.
Take this for example: there is currently a trend in the insurance industry to require an activity tracking device in order to activate certain life insurance plan discounts and other benefits. The data pulled from the activity trackers is almost certainly going to be used to enhance profitability for insurance providers, which is something that eventually will have a negative impact on some portion of people who buy life insurance.
This data might not affect first generation subscribers, so many people are comfortable to surrender it. Somewhere down the line people are going to have increased premiums or will be denied insurance altogether based on what is currently being collected. There is also the chance that the children of the people who are willingly providing this data will have higher insurance costs based on data collected from their parents, or grandparents.
The bottom line is that every company that is engaging in data collection is, or soon will be, using it to gain an unfair advantage against consumers. The consequences may seem abstract or far off, but every data point surrendered is a will have a cost at some point in the future. I'd rather not help large corporations take advantage of me.
From what you said though, it sounds like when you opt out of data tracking, you're at a disadvantage from those who are being tracked. (i.e. those being activity-tracked and proved to be healthy get lower insurance premiums) This seems to be the opposite of what OP wants -- be motivated to stop being tracked.
At a higher level view, this appears to be a prisoner's dilemma. If everyone opts out, everyone is eventually better off. But some people will opt in now, and get the short term benefits (lower insurance premiums). In the long term, everyone will be worse off.
That's exactly the point I'm trying to make to OP. Think about the future and opt out!
It's a super tough sell for most people though, so the majority is likely going to just opt in, or remain opted in by default. Which I suppose means that we should all just try to reap whatever benefits we can now and wish our future selves all the best when it comes time to legislate this whole thing.
There's three kinds of privacy that I can see: privacy against a hacker, privacy against Google et al, and privacy against the government.
The first kind I think you care about. You don't want your computer being part of a botnet. You don't want a hacker running the camera on your phone. You don't want a hacker watching as you type your password for your bank account.
The second kind, privacy against Google, I can't convince you that you care about. I might even be able to make a case that you don't. Let's say I'm on a business trip, and I need to eat dinner. I ask Google for restaurants. I'm going to get better answers if Google knows where I am (which is a privacy intrusion). I'm going to get even better answers if Google knows what kind of foods I like (which is also a privacy intrusion). Those privacy intrusions actually provide me value (at least in some situations). Maybe I don't want to stop them.
Privacy against the government... that ship has sailed. They have the capability to find out everything if they decide to. The battle is political, to keep them from deciding that they want to without adequate (that is, criminal) cause, and without due process.
2. I'm wondering (as others have outlined) that, granted they do give me value today at the risk of my privacy, but what about the future, what if there motives change, that can affect me in insidious ways.
I would like to, but the more I think about it, the more envious I feel. It sounds like you have a peaceful life, or could if you'd stop worrying about not being worried about privacy! :)
I think that privacy is important for a couple of reasons:
1) I don't trust marketers with data. My education is in marketing, so I understand the mindset. Hell, I know I could make significantly more in the marketing industry, but I don't want to be socialized into that mindset.
2) Privacy provides a private space upon which we can build identity. Identity provides the foundation for the rest of our human rights. I have a very good friend who happens to be a trans woman. She describes her process as having the freedom to take baby steps alone in the privacy of her home until she had a strong enough identity to start to be more out to friends, then family and finally just out.
3) I have a child and feel I should err on the side of her privacy until she's old enough to decide to trade privacy for free stuff.
But, if you can convince me that it's not worth worrying about these things, I'm open to hearing your arguments. I'd like to be convinced I'm wrong!
Our right to privacy should not be confused with access to absolute privacy. Absolute privacy is not possible in today's society without significant tradeoffs. Instead, privacy requires that in our dealings with institutions, we can have the following questions addressed:
- Who is collecting information about me and my family?
- What exactly is being collected?
- Why is it being collected?
- How long will it be kept?
- Who is it shared with?
- Can we opt out?
- Can we request to be forgotten and how?
You should take privacy seriously in as much as you should demand your institutions to disclose this information to you and allow you to make an informed decision as to the tradeoffs you may be making.
Maybe you trust Google or Facebook or Microsoft. That's fine. And probably sane; they're large corporations with huge numbers of processes and procedures in place to make sure data is used in ways that is at least parallel with their terms of use.
Do you trust that these companies will never be hacked? In a world where, this year, we discovered that a fundamental optimization in the literal silicon of processors, which went unnoticed for a decade, and affected every modern processor on the planet, allowed for some level of unintentional data leak, do well-meaning intentions even matter?
Just a few days ago, Twitter announced that an unintentional bug leaked private DMs to third-party app developers. Oh darn, we're sorry, we didn't mean for that to happen, it just did.
So, do you trust any of your personal information being obtained by any random person on the planet?
This is our world, its just taking everyone a bit of time to realize it: If you have information stored on the internet, it will get leaked eventually. Then at that point, its just a matter of having enough attention for one person who wants to do you harm find it. Do you have no enemies at all?
Oh you don't? Are you alright with your credit card and social security numbers being available for anyone to grab? Look at that, you do have enemies, they just don't care about you personally, all they care about is themselves, and they'll hurt you to accomplish that. Let's say you're a woman. Are you alright with your address being publicly available? How about your Google Calendar? Snapchat real-time location? Feed from your Nest security camera? Didn't think so.
"Privacy" is not when a company says they care about your privacy. Its when they fucking implement End-To-End Encryption and physically deny themselves even the ability to see your data. Any company who says they care about privacy but isn't doing this is fucking lying to you, full stop, no exceptions, because if they really cared then they (A) wouldn't put concessions on their position like "well we need to be able to see this data for X", and (B) would have the humility to recognize that the world is more vulnerable than its ever been before, and they will be hacked, its just a matter of when.
> Do you trust that these companies will never be hacked?
I trust them more than I trust myself, unfortunately.
I generally try to avoid uploading unnecessary/extra data. But email and remote document access aren't optional, and while I don't trust BigCorp to do security right, I also know that I don't have the resources to do it right for myself...
That's fair. You shouldn't trust yourself, or the companies, because your trust will be betrayed one day. Everyone is a little incompetent, its just a matter of when.
That's why End To End Encryption is the best solution we have, which balances usability with good security. It reduces the surface of attack to just the encryption algorithms, their implementation, and the keys, which is substantially easier to audit and doesn't change when the products evolve. It also allows you to say "fuck it, have the data, its encrypted so who cares". Finally, it logically separates the attack surface into two distinct parts; attackers need both the keys and the data to do harm, either alone does nothing.
In practice, trust comes down to "can I protect the keys". That's something I can trust myself to manage well, and plenty of companies sell solutions to make it easy (ex: Apple and the secure enclave of your phone).
Any suggestions for how to combine end-to-end encryption with document storage in a way that still allows me to access documents on my phone/tablet/computer and also share documents with others?
Unfortunately end-to-end encryption for email is completely impossible because almost everyone I interact with via email does not know how to use gpg...
now imagine all your intimate and personal data available to anyone if any of those sites got hacked.
Or sold to the highest bidder. Google seems especially anxious to really screw their users those days. Just imagine the money that can be made by selling your most intimate details to insurers.
How many years you lived? How many more you think you'll do?
Is not the next day that should worry you, but all the ones from there onwards. And the people you will care about, including the ones that survives you.
The thing is that you don't know what could happen, but digital records are there for the future, and what happens on it, different policies, different social trends, different governments and so on.
Things are changing fast. If is profitable, will be exploited. And is not that some person will find your personal data. AIs and bots will do it with everything they can access. And could affect you in ways you can't predict now, with effects that may be very unpleasant.
This may be far fetched, what could happen today, if you were older? Getting poor? No medic coverage? Lost house or pensions? No insurance when something wrong happen? Can't get any work? Now extrapolate for unknown conditions in a not so far but still unpredictable future.
Something that'll happen in the future is harder to make it tangible (that china `credit score` thing was way scary though). Also, it's difficult to figure out like what should and shouldn't be exposed on the internet. And, regarding the loved ones, everyone needs to be on this thing together to make it work. For example like, I try to be privacy conscious, while my friend exposes everything about me on say Facebook doesn't really help me.
The thing is, it probably won't affect your life. There's millions of people willingly giving up their information to the internet, and it's not like every single one of them, or even a majority, will face any consequences.
But what if you suddenly decided to change the world and become a politician? Well, I sure hope you never directly googled for some particular genre of pornography, specially if it's something that's widely frowned upon.
And that's just one example. The thing is, if Google, Facebook, etc. ever want something from you, they probably have the power to destroy your life if you don't give it to them.
Do you really trust each and every tech company with access to your data that they won't ever use it to cause you some sort of harm?
And what about governments? No, I am not talking about your fancy democratic government, I'm sure others will point out what's wrong with that assumption. I'm talking about those "russian hackers" the USA is so confused about.
Chances are, google knows enough about you to piece together who you're likely to vote for. What if they start targetting you with ads meant to mobilize voters, because they know you're likely to vote the "right" party? Or what if they bombard you with stories about how democracy is broken anyway, and elections are manipulated, because they think you might vote for the "wrong" party?
"But google would never do that" I hear you say... "And if they did, I wouldn't fall for it"
If you knew about it you wouldn't, but you wouldn't know. These things do work, otherwise google wouldn't be so filthy rich with their dozens of products that they run at a deficit for years. Ads work. Online manipulation works.
What does that have to do with the "russian hackers" I mentioned above? Well, what do hackers usually do? Right, they hack. What if google gets hacked? Suddenly another nations government has access to millions of (insert your country)s citizens to manipulate.
"But google won't get hacked, and neither would facebook"
Sure, I won't hack either of them and neither will you. But we're not the Chinese government, with as much money to throw at a room of programmers as it takes for them to make it happen.
And what about third party contractors? They may not have the same security standards or resources to protect your data.
I could go on and on about this, but I'll leave that for others.
In conclusion: Privacy does matter maybe in the same way climate change does. It's not like driving your car for an hour will make it one degree hotter all of a sudden. It's a complex process that nobody fully understands and that's very hard to grasp, yet everybody who spends time researching the subject certainly agrees that there is great importance in it and it does affect all of humanity on a scale beyond what we see in our day to day lives.
EDIT:
Why did I even bother writing all of that? Just read [this](https://en.wikipedia.org/wiki/Stasi) and you should get an idea of why you should value complete and unconditional privacy.
1. No I don't trust these companies!
2. They probably have a data on me (somewhere in there dozens of huge data warehouses)
3. Google/Facebook could probably do that (knowingly or unknowingly is the question)
4. Google hasn't been breached because 1. there entire business model relies on data, 2. they maybe willingly giving the data to governments (off course respective citizens, not other countries data)
5. I realise that. I just, uh, it's just difficult to comprehend the subject, let alone the consequences
Also, it's not just FB, Google and the "hackers" that can influence you: FB and Google business is to sell ads using the personal information they have. So you could also be targetted by any political advertisers on those platforms.
i cant, others have tried to convince me and i know how to do security very well, ive set up many a system for friends who are the sort of people who put tape over their cameras (why do you do this people? an image of your gormless mug staring at a screen is no use to anyone, if you want to do something more useful disable or remove your microphone)
even if anyone had all my info they couldnt really do much with it, im not creditworthy in any way, i own pretty much nothing and i have no enemies or any reason for anyone to try and destroy me somehow.
personally im more than happy to have people collect data on my boring little life in exchange for free services online etc so like you i really dont see a way it could negatively affect me
While hopefully it's fairly likely that the profiles which are being constructed based on our online habits won't negatively affect our day to day life, there's a chance that they will and that risk is worth managing.
One scenario to look at is the past behaviour of other big companies during war time or during periods of authoritarian regime when the incentives align between the govt and private entities. There are too many examples from WW2, but also look at how willing many companies were to get their hands on (and share) information regarding figures in the various labour movements throughout English (and American) history, even the ones which weren't explicitly communist. Another example is the big (european car?) manufacturers' cooperation with the regime in Argentina in the '70s who weren't really hiding the fact that they were disappearing the people who these companies were doxxing for identifying with certain social / political movements.
It's just worth keeping in mind that anything you do now which might identify you with a certain group could come back to haunt you if that group becomes the new Reds Under The Bed in 1, 2 or 5 election cycles. And that at this stage you are doing what you are doing with the full knowledge that everything is being retained for use at the discretion of these tech companies.
So I disagree with the idea that it only matters of you ever 'make it'. It also matters if you have shown patterns of behaviour which suggest that you identify with a group that makes it.
That said, I definitely don't do enough either. I only really take the simple steps that others have outlined here.
You don't understand all the complexities in how legislation is created or why the executive does certain things. You may have disagreements with many of those laws and actions — if not now, you will the next time power changes hands/parties.
How can you prevent yourself from being manipulated all the time? How can you prevent yourself from being extorted or blackmailed for something society (or your circle) doesn't approve of? How can you prevent the rest of the citizens in your country from being manipulated all the time? How can you make sure that investigative journalists and activists don't "disappear" or don't get shutdown with scandals or shaming or blackmail? How can you know the truth about whoever these people are fighting against? The foundation for all these is that you need, and everyone needs, privacy and strong privacy protections. You cannot have a free society without it...but only a mirage of it where you believe whatever those who are in positions of power and influence tell you to believe. They could be political, corporate, religious, or other people/groups/entities. They might even be from another country.
There's something called "balance of power". Usually, governments are more powerful and have more ways to control or subjugate common people (even in free democracies). One of the things (not the only thing) to counterbalance that is privacy for common people (so information can flow easily). The same can be said of large corporations too, who are usually so rich that they can lobby or nudge or push politicians to do things to their bidding (something you as an individual may never be able to). If some corporations rely on privacy intrusions to grow larger and gain more influence, obviously we need strong protections from them.
Privacy usually doesn't seem to matter to those who are privileged enough to or able to live a comfortable life without trouble from other people. But once you face issues or take a deeper look at those who are not as privileged, you may understand why this is such a big deal. Those people are the ones most vulnerable to power, corruption, etc., and they're also the ones who cannot fight by themselves in many instances without the protection that privacy offers to their supporters.
If you're somewhat well off that you can afford to spend some money (even by foregoing eating out a couple of times a month), then you can surely opt for (paid or donationware) services that aren't relying on your personal information to stay in business.
[Anyone further interested can also check out my profile here for a little more on this topic]
I don't care about your privacy enough to convince you. Just click agree on everything and don't be surprised when your pics, texts or name ends up in laxative ad, condom ad, whatever else ad.
Oh atomicnumber1 just cured this latest STD, only if he would use our gummy friends he would not have to spend 200$ on antibiotics.
Even though you just clicked some link to read article about STDs and never had intercourse.
The term 'brand' was borrowed from the cattle industry, where they take a red hot piece of metal and burn an image permanently into a cow.
It's the purpose nearly all advertising serves - to establish a brand. That means they've permanently burned an image into your mind by constantly bombarding you with it.
Personally I am not so afraid of the NSA; I know the people there have some ethics and internal controls. Do I trust them completely? No. But they are one of many threats.
France, Iran, Israel, Russia, and the U.K. are just a few of countries other than the U.S. that run assassination, spycraft, 'terrorism' and other sneaky pete operations worldwide.
They are threats, and so are many criminal organizations, individuals, etc. The chief danger of the NSA is that they could be hiding a set of master keys for a national encryption standard which could be stolen by a person who, like Edward Snowden, breaches internal controls and then who knows what happens...
On top of all those spooks (maybe 30% psychopaths) you have the people who want to steal everything that isn't tied down (maybe 60% psychopaths), and the people who face insane pressures to put up numbers for investors every quarter (90% psychopaths).
There is the real and imagined threats of J. Edgar Hoover style dossiers, but also privacy as a "right to be left alone" which could mean that no you don't want to get certain solicitors showing up at your door or to be followed around by shoes everywhere you go. (Just knowing you are being watched is intimidating, I am going through that right now with a Siamese cat that thinks it is better than other cats and will chase them away by staring at them.)
Then there is medical privacy, genetic privacy and a bunch of issues that revolve around that. For instance you have these people who get a $100 DNA test and find out that they are one of 200 people who have the same sperm donor father.
And of course there is a trade-off between public and private interests.
The "right to be forgotten" is controversial because it is frequently invoked by embezzlers, con artists and other white-collar criminals who many of us fear will offend again if they get the opportunity. The NSA can say that cryptoanalytic warfare has helped us sink Nazi subs, find Che Guevara, etc. Credit Bureaus enable you to do business with people you don't know over the phone and not be deathly afraid of getting stiffed.
> The NSA can say that cryptoanalytic warfare has helped us sink Nazi subs, find Che Guevara, etc.
Guns have helped the allies defeat the Nazis. Bombing civilian targets to break morale did the same. I'm sure torture was also used here and there to get Hans to tell them where the gestapo hides their sauerkraut.
My point is, bad stuff can be used for good. That doesn't make it right, and even less does it mean we should allow others to use that same bad stuff with bad intentions.
Let's say you're a liberal, you hate Trump and everything he stands for as well as the Republican party. You post a lot of anti-Trump and anti-Republican content on social media and discuss it even more candidly with friends through IMs and email.
The mid-terms come and it turns out that Russia has perfected their hacking of our voting machines to the point that even when analyzing the data, it can't be proven. Republicans maintain control and therefore Trump as well. Congrats, you not live in a completely fascist state!
Whatever reigns were left holding Trump back are now gone as well as any kind of checks and balance braking system. Trump leverages NSA data and powers to root out and purge any liberals in federal agencies and replaces them with alt-right Republicans. The justice department becomes the revenge department. Laws are passed giving the government complete access to all private company data (as if they don't already have it).
Trump can now leverage the full power of the deathstar. i.e. full access to the data, tools and power of the NSA, FBI, CIA, ICE, ETC... It's just a matter of time before one particularly enterprising alt-right official run the "SELECT * from citizens WHERE has_criticized_trump = true;" query. Congrats, you're now a political prisoner! I hope they treat you better than ICE treats immigrant children!
Sounds more like the Clinton/Obama administration and Democrat loyalists in the FBI like Strzok, Page, et al thinking it's their civic duty to stop Trump from being elected. But I suppose when you've spent several decades interfering with other countries' elections like the FBI & CIA have, it's only natural that you believe it's right to interfere at home too.
You may be right that privacy may not matter any more, and/or that the battle for privacy itself is already lost.
To provide an alternative approach to consider, there's always the questions of "qui bono?" and "quis custodiet ipsos custodes?". (There's are quite old questions, if the fact that they are often served in Latin wasn't a dead giveaway.) "Who benefits?" and "who observes the observers?"
Are you getting enough value from people using your private information?
Do you know who is using your private information? Who is keeping them honest/lawful/good?
Those are very tough questions, and a lot of the responses here certainly will tell you that the answers aren't in your favor. Though that's for you to judge, you may be benefitting enough from your Google services and social media, that maybe that's a fair trade-off for you. You may feel that market controls, capitalism, shareholders, may hold enough interest in keeping corporate entities accountable that you aren't worried what they are doing with your private information. That's a perfectly acceptable stance. It's largely the default stance these days, which is why so many posts are so fervently pro-privacy, because that's the stance that needs the most defending.
Here's the thing though, even if you agree that maybe privacy is an intangible benefit that is already "lost" and not coming back, there are still interesting answers to "qui bono?" and "quis custodiet ipsos custodes?" that push towards the opposite direction: fighting for less privacy overall, but more transparency/accountability.
"Who benefits?" Why should Google make so much money selling advertisers to you personally? Why not disintermediate that situation and sell yourself directly to advertisers?
"Who observes the observers?" Who is it checking that Google is only using your private information for ads? Can you demand that Google explain everything they do with your private information, including when and how it gets "anonymized" or "aggregated" into other metrics? How much of your privacy data goes through open source code that you can evaluate for yourself? Can you access the foundations of their machine learning algorithms and help find biases as a user, as a general part of the "crowd", without being an employee or government auditor?
One possible demand in a surveillance state is to dismantle the surveillance, and if privacy is already lost, that's a doomed battle. The other possible demand is sousveillance: "I should be able to watch you back."
You make a very compelling argument. I'm also wondering, that yes, currently our interests are aligned (privacy intrusion for value), what if they're no longer aligned?, Or what if they're compromised? Well, I'm screwed then (as others have outlined).
Sousveillance is a useful goal because it would provide greater opportunity to know when your interests are no longer aligned. Right now a company may publish a privacy policy and say one thing about their interests, but do another and not admit to it. An authority bigger than them might hold them accountable (governments, shareholders), but what if users could be their own watchdogs?
As for compromises, typically the assumptions in Transparency situations is that the damage is mitigated if it was already transparent (everyone already knows, or already has some other way to access that data, so compromise is less of a big deal). Admittedly, there's a lot of cultural hurdles involved to make everything transparent, including "deweaponizing" a lot of people's secrets/getting used to the fact that everyone probably has skeletons in their closet and to stop using that against each other.
I'm not even sure that full transparency could work in the real world [1], but starting from the assumption that privacy is dead anyway, transparency options seem some of the best alternatives to pursue (instead of trying to put all the monsters back into Pandora's box, let's try for hope and compromise).
[1] An interesting argument is that full transparency was the actual state of early tribal humankind. Gossip networks held tribes together. Everyone knew everyone's else's business, just because of human social dynamics and the way that we know tight-knit communities work. From that perspective privacy is a "modern" thing, and possibly even a fluke of modern civilization, though certainly many here would classify it a feature more than a bug.
What if I told you that in 10 minutes you could get most of the way to great privacy without leaving Google services or social networks at all? Also your pages will load faster, you will be paywalled less often, and you will see a security benefit.
1. Browser containerization, use one browser for browsing normally and never sign into accounts, use the other for only signing into accounts, no normal browsing
2. Install Ublock origin and privacy badger extensions
3. Get a VPN (ok, this takes more like 10 minutes by itself) and use it
4. Only browse in incognito mode and set your browser to delete history
5. Make firefox and brave your browsers and turn on their default privacy features
6. Continue to chat on social networks and Google but use their encrypted products (Allo incognito, WhatsApp, FB's thing etc)
But we need another one where they use the data to exploit you.
4. What you are trying to do is clear cookies and history regularly so trackers can't vacuum that data up. You can probably set similar defaults in Safari but I don't know how.
5. I advocate for Firefox because they have protections against browser's fingerprinting. I don't know if Safari has these, you would have to check.
6. You should use encrypted chat, it doesn't really matter which you choose.
This is a pretty great video which walks through everything I just said and more in 15 minutes: https://m.youtube.com/watch?v=gFsRXfifcYg
http://www.abc.net.au/news/2018-09-18/china-social-credit-a-...
This is not going to happen overnight. But an inch at a time, if people do not take privacy seriously.
(Season 3, Episode 1, for example: https://www.theverge.com/2016/10/24/13379204/black-mirror-se...)
It matters to me so I pay attention to news about products and companies with regard to privacy.
Privacy, like free speech, is a universal human right. The fact that you choose to share information doesn’t mean you lose that right. Any more than not speaking does not mean you lose the right to free speech.
https://en.wikipedia.org/wiki/Social_Credit_System
Take this for example: there is currently a trend in the insurance industry to require an activity tracking device in order to activate certain life insurance plan discounts and other benefits. The data pulled from the activity trackers is almost certainly going to be used to enhance profitability for insurance providers, which is something that eventually will have a negative impact on some portion of people who buy life insurance.
This data might not affect first generation subscribers, so many people are comfortable to surrender it. Somewhere down the line people are going to have increased premiums or will be denied insurance altogether based on what is currently being collected. There is also the chance that the children of the people who are willingly providing this data will have higher insurance costs based on data collected from their parents, or grandparents.
The bottom line is that every company that is engaging in data collection is, or soon will be, using it to gain an unfair advantage against consumers. The consequences may seem abstract or far off, but every data point surrendered is a will have a cost at some point in the future. I'd rather not help large corporations take advantage of me.
At a higher level view, this appears to be a prisoner's dilemma. If everyone opts out, everyone is eventually better off. But some people will opt in now, and get the short term benefits (lower insurance premiums). In the long term, everyone will be worse off.
It's a super tough sell for most people though, so the majority is likely going to just opt in, or remain opted in by default. Which I suppose means that we should all just try to reap whatever benefits we can now and wish our future selves all the best when it comes time to legislate this whole thing.
The first kind I think you care about. You don't want your computer being part of a botnet. You don't want a hacker running the camera on your phone. You don't want a hacker watching as you type your password for your bank account.
The second kind, privacy against Google, I can't convince you that you care about. I might even be able to make a case that you don't. Let's say I'm on a business trip, and I need to eat dinner. I ask Google for restaurants. I'm going to get better answers if Google knows where I am (which is a privacy intrusion). I'm going to get even better answers if Google knows what kind of foods I like (which is also a privacy intrusion). Those privacy intrusions actually provide me value (at least in some situations). Maybe I don't want to stop them.
Privacy against the government... that ship has sailed. They have the capability to find out everything if they decide to. The battle is political, to keep them from deciding that they want to without adequate (that is, criminal) cause, and without due process.
I think that privacy is important for a couple of reasons:
1) I don't trust marketers with data. My education is in marketing, so I understand the mindset. Hell, I know I could make significantly more in the marketing industry, but I don't want to be socialized into that mindset.
2) Privacy provides a private space upon which we can build identity. Identity provides the foundation for the rest of our human rights. I have a very good friend who happens to be a trans woman. She describes her process as having the freedom to take baby steps alone in the privacy of her home until she had a strong enough identity to start to be more out to friends, then family and finally just out.
3) I have a child and feel I should err on the side of her privacy until she's old enough to decide to trade privacy for free stuff.
But, if you can convince me that it's not worth worrying about these things, I'm open to hearing your arguments. I'd like to be convinced I'm wrong!
- Who is collecting information about me and my family?
- What exactly is being collected?
- Why is it being collected?
- How long will it be kept?
- Who is it shared with?
- Can we opt out?
- Can we request to be forgotten and how?
You should take privacy seriously in as much as you should demand your institutions to disclose this information to you and allow you to make an informed decision as to the tradeoffs you may be making.
Do you trust that these companies will never be hacked? In a world where, this year, we discovered that a fundamental optimization in the literal silicon of processors, which went unnoticed for a decade, and affected every modern processor on the planet, allowed for some level of unintentional data leak, do well-meaning intentions even matter?
Just a few days ago, Twitter announced that an unintentional bug leaked private DMs to third-party app developers. Oh darn, we're sorry, we didn't mean for that to happen, it just did.
So, do you trust any of your personal information being obtained by any random person on the planet?
This is our world, its just taking everyone a bit of time to realize it: If you have information stored on the internet, it will get leaked eventually. Then at that point, its just a matter of having enough attention for one person who wants to do you harm find it. Do you have no enemies at all?
Oh you don't? Are you alright with your credit card and social security numbers being available for anyone to grab? Look at that, you do have enemies, they just don't care about you personally, all they care about is themselves, and they'll hurt you to accomplish that. Let's say you're a woman. Are you alright with your address being publicly available? How about your Google Calendar? Snapchat real-time location? Feed from your Nest security camera? Didn't think so.
"Privacy" is not when a company says they care about your privacy. Its when they fucking implement End-To-End Encryption and physically deny themselves even the ability to see your data. Any company who says they care about privacy but isn't doing this is fucking lying to you, full stop, no exceptions, because if they really cared then they (A) wouldn't put concessions on their position like "well we need to be able to see this data for X", and (B) would have the humility to recognize that the world is more vulnerable than its ever been before, and they will be hacked, its just a matter of when.
I trust them more than I trust myself, unfortunately.
I generally try to avoid uploading unnecessary/extra data. But email and remote document access aren't optional, and while I don't trust BigCorp to do security right, I also know that I don't have the resources to do it right for myself...
That's why End To End Encryption is the best solution we have, which balances usability with good security. It reduces the surface of attack to just the encryption algorithms, their implementation, and the keys, which is substantially easier to audit and doesn't change when the products evolve. It also allows you to say "fuck it, have the data, its encrypted so who cares". Finally, it logically separates the attack surface into two distinct parts; attackers need both the keys and the data to do harm, either alone does nothing.
In practice, trust comes down to "can I protect the keys". That's something I can trust myself to manage well, and plenty of companies sell solutions to make it easy (ex: Apple and the secure enclave of your phone).
Unfortunately end-to-end encryption for email is completely impossible because almost everyone I interact with via email does not know how to use gpg...
I've heard of people doing this and realizing that they have information that you wouldn't think they would have.
Or sold to the highest bidder. Google seems especially anxious to really screw their users those days. Just imagine the money that can be made by selling your most intimate details to insurers.
The thing is that you don't know what could happen, but digital records are there for the future, and what happens on it, different policies, different social trends, different governments and so on.
Things are changing fast. If is profitable, will be exploited. And is not that some person will find your personal data. AIs and bots will do it with everything they can access. And could affect you in ways you can't predict now, with effects that may be very unpleasant.
This may be far fetched, what could happen today, if you were older? Getting poor? No medic coverage? Lost house or pensions? No insurance when something wrong happen? Can't get any work? Now extrapolate for unknown conditions in a not so far but still unpredictable future.
But what if you suddenly decided to change the world and become a politician? Well, I sure hope you never directly googled for some particular genre of pornography, specially if it's something that's widely frowned upon.
And that's just one example. The thing is, if Google, Facebook, etc. ever want something from you, they probably have the power to destroy your life if you don't give it to them.
Do you really trust each and every tech company with access to your data that they won't ever use it to cause you some sort of harm?
And what about governments? No, I am not talking about your fancy democratic government, I'm sure others will point out what's wrong with that assumption. I'm talking about those "russian hackers" the USA is so confused about.
Chances are, google knows enough about you to piece together who you're likely to vote for. What if they start targetting you with ads meant to mobilize voters, because they know you're likely to vote the "right" party? Or what if they bombard you with stories about how democracy is broken anyway, and elections are manipulated, because they think you might vote for the "wrong" party?
"But google would never do that" I hear you say... "And if they did, I wouldn't fall for it"
If you knew about it you wouldn't, but you wouldn't know. These things do work, otherwise google wouldn't be so filthy rich with their dozens of products that they run at a deficit for years. Ads work. Online manipulation works.
What does that have to do with the "russian hackers" I mentioned above? Well, what do hackers usually do? Right, they hack. What if google gets hacked? Suddenly another nations government has access to millions of (insert your country)s citizens to manipulate.
"But google won't get hacked, and neither would facebook"
Sure, I won't hack either of them and neither will you. But we're not the Chinese government, with as much money to throw at a room of programmers as it takes for them to make it happen.
And what about third party contractors? They may not have the same security standards or resources to protect your data.
I could go on and on about this, but I'll leave that for others.
In conclusion: Privacy does matter maybe in the same way climate change does. It's not like driving your car for an hour will make it one degree hotter all of a sudden. It's a complex process that nobody fully understands and that's very hard to grasp, yet everybody who spends time researching the subject certainly agrees that there is great importance in it and it does affect all of humanity on a scale beyond what we see in our day to day lives.
EDIT:
Why did I even bother writing all of that? Just read [this](https://en.wikipedia.org/wiki/Stasi) and you should get an idea of why you should value complete and unconditional privacy.
Other people have not cared for all those years.
And, to be honest, I don't think that will change anytime soon. People will only start caring about privacy when it's gone completely.
An easy scenario I can think of is extortion.
Yeah I know, I'm exaggerating of course. But you shouldn't just give others a weapon they can use against you.
even if anyone had all my info they couldnt really do much with it, im not creditworthy in any way, i own pretty much nothing and i have no enemies or any reason for anyone to try and destroy me somehow.
personally im more than happy to have people collect data on my boring little life in exchange for free services online etc so like you i really dont see a way it could negatively affect me
While hopefully it's fairly likely that the profiles which are being constructed based on our online habits won't negatively affect our day to day life, there's a chance that they will and that risk is worth managing.
One scenario to look at is the past behaviour of other big companies during war time or during periods of authoritarian regime when the incentives align between the govt and private entities. There are too many examples from WW2, but also look at how willing many companies were to get their hands on (and share) information regarding figures in the various labour movements throughout English (and American) history, even the ones which weren't explicitly communist. Another example is the big (european car?) manufacturers' cooperation with the regime in Argentina in the '70s who weren't really hiding the fact that they were disappearing the people who these companies were doxxing for identifying with certain social / political movements.
It's just worth keeping in mind that anything you do now which might identify you with a certain group could come back to haunt you if that group becomes the new Reds Under The Bed in 1, 2 or 5 election cycles. And that at this stage you are doing what you are doing with the full knowledge that everything is being retained for use at the discretion of these tech companies.
So I disagree with the idea that it only matters of you ever 'make it'. It also matters if you have shown patterns of behaviour which suggest that you identify with a group that makes it.
That said, I definitely don't do enough either. I only really take the simple steps that others have outlined here.
How can you prevent yourself from being manipulated all the time? How can you prevent yourself from being extorted or blackmailed for something society (or your circle) doesn't approve of? How can you prevent the rest of the citizens in your country from being manipulated all the time? How can you make sure that investigative journalists and activists don't "disappear" or don't get shutdown with scandals or shaming or blackmail? How can you know the truth about whoever these people are fighting against? The foundation for all these is that you need, and everyone needs, privacy and strong privacy protections. You cannot have a free society without it...but only a mirage of it where you believe whatever those who are in positions of power and influence tell you to believe. They could be political, corporate, religious, or other people/groups/entities. They might even be from another country.
There's something called "balance of power". Usually, governments are more powerful and have more ways to control or subjugate common people (even in free democracies). One of the things (not the only thing) to counterbalance that is privacy for common people (so information can flow easily). The same can be said of large corporations too, who are usually so rich that they can lobby or nudge or push politicians to do things to their bidding (something you as an individual may never be able to). If some corporations rely on privacy intrusions to grow larger and gain more influence, obviously we need strong protections from them.
Privacy usually doesn't seem to matter to those who are privileged enough to or able to live a comfortable life without trouble from other people. But once you face issues or take a deeper look at those who are not as privileged, you may understand why this is such a big deal. Those people are the ones most vulnerable to power, corruption, etc., and they're also the ones who cannot fight by themselves in many instances without the protection that privacy offers to their supporters.
If you're somewhat well off that you can afford to spend some money (even by foregoing eating out a couple of times a month), then you can surely opt for (paid or donationware) services that aren't relying on your personal information to stay in business.
[Anyone further interested can also check out my profile here for a little more on this topic]
Oh atomicnumber1 just cured this latest STD, only if he would use our gummy friends he would not have to spend 200$ on antibiotics.
Even though you just clicked some link to read article about STDs and never had intercourse.
The term 'brand' was borrowed from the cattle industry, where they take a red hot piece of metal and burn an image permanently into a cow.
It's the purpose nearly all advertising serves - to establish a brand. That means they've permanently burned an image into your mind by constantly bombarding you with it.
I consider it a form of assault.
Personally I am not so afraid of the NSA; I know the people there have some ethics and internal controls. Do I trust them completely? No. But they are one of many threats.
France, Iran, Israel, Russia, and the U.K. are just a few of countries other than the U.S. that run assassination, spycraft, 'terrorism' and other sneaky pete operations worldwide.
They are threats, and so are many criminal organizations, individuals, etc. The chief danger of the NSA is that they could be hiding a set of master keys for a national encryption standard which could be stolen by a person who, like Edward Snowden, breaches internal controls and then who knows what happens...
On top of all those spooks (maybe 30% psychopaths) you have the people who want to steal everything that isn't tied down (maybe 60% psychopaths), and the people who face insane pressures to put up numbers for investors every quarter (90% psychopaths).
There is the real and imagined threats of J. Edgar Hoover style dossiers, but also privacy as a "right to be left alone" which could mean that no you don't want to get certain solicitors showing up at your door or to be followed around by shoes everywhere you go. (Just knowing you are being watched is intimidating, I am going through that right now with a Siamese cat that thinks it is better than other cats and will chase them away by staring at them.)
Then there is medical privacy, genetic privacy and a bunch of issues that revolve around that. For instance you have these people who get a $100 DNA test and find out that they are one of 200 people who have the same sperm donor father.
And of course there is a trade-off between public and private interests.
The "right to be forgotten" is controversial because it is frequently invoked by embezzlers, con artists and other white-collar criminals who many of us fear will offend again if they get the opportunity. The NSA can say that cryptoanalytic warfare has helped us sink Nazi subs, find Che Guevara, etc. Credit Bureaus enable you to do business with people you don't know over the phone and not be deathly afraid of getting stiffed.
So it is a lot to think about.
Guns have helped the allies defeat the Nazis. Bombing civilian targets to break morale did the same. I'm sure torture was also used here and there to get Hans to tell them where the gestapo hides their sauerkraut.
My point is, bad stuff can be used for good. That doesn't make it right, and even less does it mean we should allow others to use that same bad stuff with bad intentions.
The mid-terms come and it turns out that Russia has perfected their hacking of our voting machines to the point that even when analyzing the data, it can't be proven. Republicans maintain control and therefore Trump as well. Congrats, you not live in a completely fascist state!
Whatever reigns were left holding Trump back are now gone as well as any kind of checks and balance braking system. Trump leverages NSA data and powers to root out and purge any liberals in federal agencies and replaces them with alt-right Republicans. The justice department becomes the revenge department. Laws are passed giving the government complete access to all private company data (as if they don't already have it).
Trump can now leverage the full power of the deathstar. i.e. full access to the data, tools and power of the NSA, FBI, CIA, ICE, ETC... It's just a matter of time before one particularly enterprising alt-right official run the "SELECT * from citizens WHERE has_criticized_trump = true;" query. Congrats, you're now a political prisoner! I hope they treat you better than ICE treats immigrant children!
To provide an alternative approach to consider, there's always the questions of "qui bono?" and "quis custodiet ipsos custodes?". (There's are quite old questions, if the fact that they are often served in Latin wasn't a dead giveaway.) "Who benefits?" and "who observes the observers?"
Are you getting enough value from people using your private information?
Do you know who is using your private information? Who is keeping them honest/lawful/good?
Those are very tough questions, and a lot of the responses here certainly will tell you that the answers aren't in your favor. Though that's for you to judge, you may be benefitting enough from your Google services and social media, that maybe that's a fair trade-off for you. You may feel that market controls, capitalism, shareholders, may hold enough interest in keeping corporate entities accountable that you aren't worried what they are doing with your private information. That's a perfectly acceptable stance. It's largely the default stance these days, which is why so many posts are so fervently pro-privacy, because that's the stance that needs the most defending.
Here's the thing though, even if you agree that maybe privacy is an intangible benefit that is already "lost" and not coming back, there are still interesting answers to "qui bono?" and "quis custodiet ipsos custodes?" that push towards the opposite direction: fighting for less privacy overall, but more transparency/accountability.
"Who benefits?" Why should Google make so much money selling advertisers to you personally? Why not disintermediate that situation and sell yourself directly to advertisers?
"Who observes the observers?" Who is it checking that Google is only using your private information for ads? Can you demand that Google explain everything they do with your private information, including when and how it gets "anonymized" or "aggregated" into other metrics? How much of your privacy data goes through open source code that you can evaluate for yourself? Can you access the foundations of their machine learning algorithms and help find biases as a user, as a general part of the "crowd", without being an employee or government auditor?
One possible demand in a surveillance state is to dismantle the surveillance, and if privacy is already lost, that's a doomed battle. The other possible demand is sousveillance: "I should be able to watch you back."
A good book of essays on the subject, if you want to explore the idea further: https://en.wikipedia.org/wiki/The_Transparent_Society
As for compromises, typically the assumptions in Transparency situations is that the damage is mitigated if it was already transparent (everyone already knows, or already has some other way to access that data, so compromise is less of a big deal). Admittedly, there's a lot of cultural hurdles involved to make everything transparent, including "deweaponizing" a lot of people's secrets/getting used to the fact that everyone probably has skeletons in their closet and to stop using that against each other.
I'm not even sure that full transparency could work in the real world [1], but starting from the assumption that privacy is dead anyway, transparency options seem some of the best alternatives to pursue (instead of trying to put all the monsters back into Pandora's box, let's try for hope and compromise).
[1] An interesting argument is that full transparency was the actual state of early tribal humankind. Gossip networks held tribes together. Everyone knew everyone's else's business, just because of human social dynamics and the way that we know tight-knit communities work. From that perspective privacy is a "modern" thing, and possibly even a fluke of modern civilization, though certainly many here would classify it a feature more than a bug.