
People care more about privacy than they think - jakelazaroff
https://www.nytimes.com/2019/06/11/opinion/privacy-facebook-sexting.html
======
moksly
Privacy often guides my tech choices, I do have a Facebook account for events
but I don’t use their apps and I only log in when I’m invited to something. I
try to use DDG though it’s almost impossible to avoid google in my language.
And so on, but one area I can’t avoid is banks, and I’ve been wondering why
they are sneaking past the privacy talks.

I’m Danish and we’re rather digitized. I mean, I have a national ID that can
authenticate me anywhere that support it that runs in a mobile app. I use it
for things like banking. Anyway, we also have a range of financial apps. Two
are particularly interesting in terms of privacy. One of them is called
mobilepay, and mainly handles transactions between small shops or when you
need to send/request money between friends. As such it knows who my closest
friends are more accurately than Facebook ever did, because I never Facebook
chatted with people I see every day, I do however go to various events with
them where we manage the bill with mobilepay. And since mobile pay isn’t just
linked to a contact, but an actual phone number they have that too.

That’s not really the part that worries me though. It’s the way they track my
purchases. Mobilepay lets you do electronic receipts, meaning they can read
what you buy. It’s voluntary so you could opt out of it, but we have another
app called Spir which helps you budget and organise your private economy by
accessing your accounts through bank APIs. Spir can also see what you
purchase, so even if you’re not opting into it, banks tack everything we buy
unless we’re using cash. I’m not sure if this has to do with our national
payment-card called Dankortet (kind of a mixed credit/debit card, but not
exactly) or it’s just how modern transactions work. However that information
is much more accurate than my search history.

I have anxiety, I also recently had a hemorrhoid, I’m fairly certain google
might think I have cancer. My bank knows that’s wrong though, because they
know I bought hemorrhoid medicine at the pharmacy.

~~~
blub
You can always shoot a couple of GDPR data requests...

And you can use cash for sensitive purchases.

~~~
maxheadroom
> _And you can use cash for sensitive purchases._

This isn't always a viable option.

For example, in Sweden, we have stores that are kontantfri (cash-free) and
it's projected that almost all of Sweden will be cash-free by 2023[0] to
2025[1]. (Sorry the links are in Swedish but you should be able to use <your
chosen provider here> to translate them to your language.)

Given that the nordics tend to trend together, I imagine that Denmark is
relatively along the same path to being cash-free, as well.

I think a better (but more complicated) alternative would be to use two
different SIMs for separating those apps from an every-day number; however,
that comes with the problem of carrying a second phone. Dual-SIM would just
present a surface to tie the two numbers together but so would the two phones
being in the same area (in proximity of each other) almost all of the time.

In other words, I don't really know how to solve this problem because it
depends on everyone else not jumping on the bandwagon; however, to your
suggestion, cash will not be a viable option for any purchases - much less,
sensitive ones - in the very near future.

[0] - [https://computersweden.idg.se/2.2683/1.690197/kontanter-
slut...](https://computersweden.idg.se/2.2683/1.690197/kontanter-slut-datum)

[1] - [https://www.compricer.se/nyheter/artikel/24-mars-2023--da-
ar...](https://www.compricer.se/nyheter/artikel/24-mars-2023--da-ar-det-stopp-
for-kontanter/)

~~~
cobbzilla
Could you buy pre-paid credit cards with cash? then use a different one each
month/week/day depending on your level of concern?

~~~
dangerface
Pre paid cards need to be registered before you can use them, so they have all
the same details as just using your cc. Faking these details is fraud.

~~~
cobbzilla
While it may technically be fraud, the registration information for non-
reloadable cards is only a name and address, which is not verified. If the
processor uses an AVS check (in the US, this is usually just the ZIP code),
then whatever you enter must match what you registered with, but that could
be... whatever.

When one considers how fat the deck is stacked against individual consumers in
today's market, I would be inclined to tolerate some Thoreau-style civil
disobedience on this. The desire for privacy -- to effectively "use cash" at
"cashless" establishments -- may require the need to engage in this activity.

The other question would be, who is being damaged by this fraud? Presumably
the seller of the card (and banks/processors in between), who would like to
link all your card purchases to some master profile. Well, I wouldn't begrudge
anyone with disobedience on that one too. They're still collecting fees on
every purchase.

------
xurukefi
Funny. My favorite example to demonstrate why people do absolutely not care
about privacy is Signal. In terms of privacy it is a superior messenger to
Whatsapp and Telegram, but in terms of usability and convenience it is
horrible and that is the only reason why it is not used. Convenience and
usability will beat security and privacy every single time. I know it sucks,
but it is what it is.

~~~
Frondo
Signal isn't particularly inconvenient, but it is ugly compared to every other
mainstream app -- and looks matter.

The reason I stopped recommending Signal to anyone is that its message
delivery is abysmal compared to everything else. When I was using it
regularly, maybe 5% of messages wouldn't be delivered right away; they'd get
there a few days later, or up to a week later. I don't understand that failure
mode, but after having a panic over a pet sitter not getting some instructions
(the pets were fine) I tried out Telegram; never had one delivery failure in
about 8 months of heavy use.

It's a shame, because I liked Signal.

The other showstopper Signal has is also a UI thing; you cannot set a contact
to "never use Signal". Which means, if you get one of your family to start
using it, and they don't like it and uninstall it, you're forever forcing
Signal to "send via SMS" to that contact. They can "unregister" but you can't
do that for them.

I had two or three people who I'd send a message to, not hear a response, 30
minutes later realize that it went to their nonexistent signal account, reset
as SMS and got an instant reply. Very irritating for a messaging app and so
easily solved.

------
TuringTest
"20th century democracies found out that people care strongly about their
human rights, but they were easily distracted from them."

\-- Hoyt Kingston, "Dystopias that brought us here"

------
maxxxxx
I think people would care more see if they could see how much data on them
companies have, where it goes and what it's used for. I think they don't
really understand the extent of the data collection and selling.

~~~
beenBoutIT
People would care about data if it actually impacted anyone in a tangible
negative way. IRL getting served relevant ads and simply having 'more data out
there' isn't terrible enough to make most people give up using the Internet.

~~~
Frost1x
It's not that something impacts people in a negative way, time and causual
linking are paramount. Like slow cooking a frog, if the rate of change (e.g.,
decline) is slow or even delayed enough, most people won't connect the two
events of cause and negative consequences.

If something effects people in a negative way and they see or are effected by
the consequences immediately, they often react quite rationally from my
experience. If there's any time casual separation, ambiguity, or a time delay
resulting in such ambiguity, most simply shrug and accept consequences as "the
way things are."

------
blackbrokkoli

      (...)a recently graduated researcher at Harvard who set out to test the privacy paradox.
      His conclusion: We do care about our privacy, even if we don’t always act in our best interests.
    

FYI: This _is_ the privacy paradox. The author seems to assume it means that
people just don't care...which wouldn't be paradox. No, the idea is that
people rate privacy very high or even place a lot of value in it in sandbox
behavior experiments, like the one described in the article. Thus it is
surprising how people then behave "in the wild", There are a lot of theories
about the Why, which I recommend you to read up upon if interested.

It would help and also show professionalism IMO if the author wouldn't just
link other oversimplified articles from NYT when quoting science...

~~~
TuringTest
Simple explanation for the "Why" is that caring about something takes mental
resources, and our consumerist free market is optimized towards extracting all
our available mental cycles and put them either to produce or to consume, for
the benefit of the companies that make up the economy.

Life is easier if you just follow the script and go along. Any remaining
resources for "caring" about your life and your best interests must be
detracted from the race to make a living, and not everyone is in a financial
position to afford that luxury. Quite a departure from the vision of the
founding fathers who designed our political system, who _were_ people in a
position to care for such things.

------
ecmascript
I seem to value my privacy more than most people around me. That is why I left
windows and installed Linux on all my machines.

I have un-googled my life as much as possible and don't have any social media
where you post under your real name. I think more people should follow suite.

~~~
raxxorrax
It can actually passively increase contacts if you are not on facebook. Had
already two cases where people from the almost long forgotten past called me
to ask why I am such a ghost on the net. Was really nice hearing from them
again. Couldn't convince me to join social media though.

~~~
ecmascript
Nice to hear, but I think it's mostly the reverse. I have missed parties,
missed group convos that I probably should've known about etc because I don't
have facebook.

------
rlv-dan
If someone says they don't have anything to hide, my reply is "then why do you
lock the bathroom door"?

~~~
Vinnl
I strongly dislike that reply, because

1\. it fails to address their actual argument, which is that they have nothing
to hide from companies or the government, especially law enforcement.

2\. it fails to convey the actual threat of loss of privacy: the threat to
democracy and freedom of speech when journalists can't protect their sources,
lawyers can't be trusted by their clients, etc.

I therefore prefer to emphasise that latter point, that even though they might
have nothing to hide, people they should care about do.

Although lately it's become easier to convince people that even they have
something to hide: as political actors (e.g. Cambridge Analytica) learn more
about them from their data, they can target you (and people like you) with
tailor-made lies to influence who you (and people like you) vote for.

Doesn't convince or even interest everyone, of course, but more than before.

~~~
Quequau
In my personal experience the people who use the 'I have nothing to hide'
argument, use it because they are unwilling to expend the cognitive effort to
delve into the topic in any meaningful way.

Trying to reason with someone about some topic they didn't use reason to get
to their position on in the first place is often a losing proposition.

So these days I just say "if you don't want to even think about some problem
or issue, you should just come out and say 'I don't want to think about this'
instead of saying something so obviously and unambiguously ignorant. That just
makes you look bad". Then I move on. I can't make folks think. I can't save
them from themselves and their privacy isn't the hill I'm going to die on.

~~~
gruez
>So these days I just say "if you don't want to even think about some problem
or issue, you should just come out and say 'I don't want to think about this'
instead of saying something so obviously and unambiguously ignorant. That just
makes you look bad". Then I move on.

That seems overly dismissive and presumptuous.

~~~
Quequau
Of course it's dismissive. This is because "I don't have anything to hide" is
not an invitation for some long drawn out discussion about the intersection of
philosophy, technology, culture, and civil rights. It's a no-thought
dismissal. Pretending it's anything else is a waste of time and fundamentally
dishonest.

------
tempodox
All that shows to me is that the perceived value of being able to use gmail or
Zuck's vanity mirror is somewhat more than $2.50 (still less than a decent cup
of coffee). But honestly, haggling over the right price for one's data doesn't
count as giving a shit for one's privacy with me.

------
alexvaut
It makes me think that there are, at least, 2 ways to move forward:

\- What can we do about this situation we are in ? Is it a problem that
Technology can solve (I'm thinking about startup in the privacy field) or it's
more political and in this case it will take years to fix.

\- What can we do about the other fields where we still have some power ? Like
Smart Assistant, self driving cars with AI. Someday we are going to wake up
again and realize that again someone used one our of weakness and abused it.
It will again return against ourselves by restraining our freedom and/or make
us more dumb.

I'm sure history has many examples about that global behavior: "change for the
worst, acknowledge it, repeat". What is the way to avoid taking that direction
again ? I'm not sure education is the answer nor politic or technology... I'm
out of answers...

~~~
ignoramous
These Bruce Schneier _Talks at Google_ try to explain this:

Liars and Outliers: [https://youtu.be/m3NJ-Ow2Lvg](https://youtu.be/m3NJ-
Ow2Lvg)

Click Here to Kill:
[https://youtu.be/GkJCI3_jbtg](https://youtu.be/GkJCI3_jbtg)

Hidden Battles to Collect Your Data and Control Your World:
[https://youtu.be/GhWJTWUvc7E](https://youtu.be/GhWJTWUvc7E)

Highly recommended it since you seem interested.

~~~
alexvaut
Thanks for the links, so from Bruce Schneier, the problem needs to be taken
care of by citizens (politic) like it was done for many industries (car, food,
pharma...). Except that this is going to be much more complex in the
information era where everything is a computer. Hence there is a need to have
tech people in the public sector to help decisions to be wisely made.
Enforcing the rules is the only way to make the industry to change, in this
case, in terms of security and privacy.

However I tend to think I have more power as a consumer than as a citizen. I
spent dollars everyday while I vote every 2 years. It seems that since there
is no other way, the last resort is to go through the political way. I'm happy
we have governments but still, I'm convinced there is a way to convince
consumer. Do you ?

~~~
ignoramous
I personally agree with Schneier. I don't see how BigTech can be made to
respect privacy given the current status quo and the data wars. I think
regulation and government intervention is very much necessary at this point.

In some instances, BigTech, BigTelco, and govts have incentives aligned
(surveillance and censorship), so its paramount for folks part of the tech
industry to help steer the conversation and laws.

------
metaphor
> _...anything that relies on people taking it upon themselves to protect
> their data is doomed._

This isn't enlightenment...this has been meta since...the internet was born?

------
sfink
Correct me if I'm wrong, but it really sounds like the study was also
comparing people's attitudes about gaining $X vs losing $X. It is well known
that people hate losing money more than they enjoy gaining it.

If that is the case, then it invalidates the conclusions.

------
jmalkin
I hope privacy becomes a core thing people care about, as much as having a
right to free speech.

It already is a bit but it isn't quite mainstream enough.

It's more like a nerds concern, but it should be everyone's.

Maybe because free speech is guaranteed by the Constitution but not privacy.

~~~
jackfoxy
Here is some anecdotal historical context. Recently my parents were
reminiscing at a family event about mid 20th century small town American life.
The local telephone exchange operator (always a woman) could freely listen in
on any telephone conversation going through the switchboard. It was not
unusual for a teenage girl to substitute for the regular operator. Everyone in
town was at least vaguely aware. No one cared.

~~~
raxxorrax
But that girl probably couldn't listen to all calls simultaneously, did not
have a photographic memory, didn't live in a society where a sentence could
ruin your career, didn't share the deepest secrets with advertisers, didn't
act as a spy for intelligence agencies and created a dosier on basically
everyone.

I wouldn't have cared much either. But the environment is profoundly different
today.

~~~
Frondo
People also didn't have a great deal of privacy at either end of the phone
conversation, anyway. The phone would've been in a central location in a
house, attached to a wall. Back then you wouldn't be hidden away in a bedroom,
saying salacious things.

------
eqvinox
You probably need an SS or Stasi (Nazi / East German secret police) to get
people to actually understand and value their privacy. It's just too invisible
and intangible of a thing to properly recognize and value, without the "aid"
of losing it and experiencing the result.

It's a bit like news sensationalism. It just doesn't get processed because it
doesn't trigger your brain's "simple" circuitry. Since you don't notice Google
or Facebook building their huge databases with all kinds of information about
you, it seems like it doesn't concern you. It doesn't hurt and in most cases
doesn't incite fear. And you can't quite hump or eat it either.

Maybe we need some huge privacy disaster to learn this the "hard" way. Seems
preferable to a bout of fascism at least. I'm not sure how else we can make
headway on this. (And don't get me started on GDPR... it's an annoying dialog
box that people click "Accept" on.)

~~~
watwut
The loss of privacy was not the issue with SS. Then being elite soldiers of
group that believed in lack of empathy, domination and valued ruthlessness and
loyalty above all else was.

Likewise, the issue with Stasi was torturing, imprisoning and killing people.

I get what you mean, but there is too long slippery slope between privacy on
web and these. And they did not slide that way anyway.

~~~
eqvinox
Sorry, I should've been more clear on what I meant with the SS. Some (dutch, I
think?) cities had registrations of their citizens with religious affiliation
listed. The SS got a hold of that "database" and used it for their purposes.

As far as the Stasi is concerned, I just disagree with you. The Stasi was
really about gathering as much information as they could get their hands on.
They didn't have to torture people, blackmail was much easier for them.

And, yeah, neither of these is connected to web privacy. I'm trying to make
the argument that privacy is just hard to grasp. "People care more about
privacy than they think." You don't notice till it's gone. SS and Stasi were
wholly different situations, but at least for the latter it had the effect of
people understanding the value of privacy. GDR citizens knew the Stasi was
surveilling them. They knew saying certain things would mean they'd never get
their children into university, or they'd just lose their place on the waiting
list for a car. The effects were close enough to be noticed.

They aren't on the web.

~~~
XorNot
Except again: the problem was they were willing to kick down doors and murder
people and no one was stopping them.

If it gets to this point, being anonymous won't save you.

~~~
TuringTest
Having a database of all their opponents had a big part in there being no one
to stop them. Haven't you heard that poem of "First they came for the
Communists..."?

~~~
watwut
Yeah, but that is poem not history. Database or not, they were stronger
military wise and ruthless. That was what won the day.

There were people who had potential to speak up or even spoke up when then
came for communists and jews and all that. They died first.

------
nitwit005
I'd assume privacy concerns are not the only thing being measured with this
sort of experiment. People also worry about their accounts being somehow used
for spam.

------
agumonkey
This decade has something slightly twisted. Was there a time where technology
was so subtly obnoxious to our state of mind ?

