
Privacy is not dead - Nikolas0
https://medium.com/surveillance-state/ca083a5b6b7d
======
devx
I find it a little absurd that this even needs to be said. As long as we're
still humans, we'll always want _private communications_. Always. Even if US
and all of the world's "democracies" turn into totalitarian surveillance
states, we'll still want to have private communications with each other, and
we'll find ways to do it - _especially_ if in such a world the governments
have no shame nor limitation in _abusing_ that power (which you can bet will
happen, and is already happening. We're just now finding out about _some_ of
them).

~~~
rayiner
For most of history, the way people communicated in private was to invite
someone into their home and talk to them. That way still exists. All of the
means of communication that were private in 1789 still are.

What you're asking for is to go another step: to be able to spew unencrypted
bits all over the internet for any of hundreds of sysadmins and network
engineers to see, then turn around and claim its private. You want to
broadcast your location in real time to Google and ATT, who sells it to
advertisers, then claim its private.

Maybe you should be able to do that. But its disingenuous to claim that what
you're asking for is basic human private communication. What you're asking for
is for the government to treat the internet as something other than what it
is: a public network designed with almost no thought to keeping information
private. At the most basic level, being a routed network with no built in
encryption IP leaks your data out to every intermediate router on the way to
the destination. SMTP passes your clear text email through multiple servers on
the way to someone's inbox. Its a vast system designed with no thought to
leaking your private data out into the world.

Maybe its because nobody teaches low level networking in school anymore, but
I'm amazed at how many technologists indulge what is a technical fiction: that
the two ends of a socket are connected by a private link.

~~~
Silhouette
_For most of history, the way people communicated in private was to invite
someone into their home and talk to them. That way still exists._

For most of history, the way people communicated _at all_ was to speak to
someone face to face. Luckily for us, modern technology provides other
options. Surely you're not seriously suggesting that the principle of privacy
and the arguments for why it is a good thing do not apply in any new context?

 _What you 're asking for is to go another step: to be able to spew
unencrypted bits all over the internet for any of hundreds of sysadmins and
network engineers to see, then turn around and claim its private._

I don't see anyone here claiming that. It seems to me more often in this
general debate people are asking for rather more reasonable things, like:

1\. If you send data you intend to be private over the Internet, for example
by encrypting it and sending it to a specific recipient, you shouldn't have to
worry about crackers, communication services, or governments that don't have a
good reason expending significant resources to infringe your privacy anyway.

2\. If you choose to share some personal information with a modern service
like Facebook, and choose to use the provided options to restrict who else
gets to see it, you shouldn't log onto Facebook one day and find it's all been
shared with other people anyway.

3\. If you do want to visit someone to communicate in person the old-fashioned
way, you shouldn't have to forfeit all of your normal rights and be subject to
arbitrary invasions of your person and possessions just to travel.

None of these things matter if you live in a quiet countryside village and the
only people you ever want to communicate with privately are your neighbours,
but for most people in the western world, these activities are a normal part
of modern life, and it is not unreasonable to expect governments and laws to
protect everyone's privacy while they do them.

~~~
rayiner
> Surely you're not seriously suggesting that the principle of privacy and the
> arguments for why it is a good thing do not apply in any new context?

No, I'm not suggesting that. What I'm suggesting is that you have to be honest
about the argument you're making: we should take some of the principles that
applied in the old context and apply it in the new context, based on
sociological evidence about the parallels.

> I don't see anyone here claiming that.

But that's what it boils down to. You want to take something that is not, as a
matter of fact, private, and have the government treat it as being private.
You're begging the question, which is: can you reasonably expect internet
communication to be private? At the purely technical level, there are good
reasons for answering that question in the negative: how can you reasonably
expect communication to be private when you expose it to so many people over a
network that's totally not designed to keep it private? Surely mere
_intention_ can't be controlling.

When you send an e-mail in plain text over the internet, more people have
access to the contents of that message than if you had posted it in a bulletin
board in your office. That's the technical reality of how the internet works
as a routed system.

Maybe it's the case that you want to accept that technical reality, but for
sociological reasons nonetheless indulge the fiction that internet
communication is indeed private. That's a perfectly fine argument to make. But
you have to acknowledge that this is the argument you're making, not get
outraged that the government doesn't take that premise for granted and doesn't
automatically indulge that fiction.

~~~
Silhouette
I think we're talking at cross purposes here.

You keep coming back to the idea of sending _unencrypted_ data over the
general Internet. Of course it's not realistic to secure that.

I am more concerned with privacy violations where people do make reasonable
efforts to keep their data/communications private, for example using
encryption, but where those methods are then thwarted through abnormal means:
untrustworthy infrastructure providers who give up root certificates,
organisations with data centres the size of a small town having both access to
vast quantities of data and the power to brute-force the decryption,
government agencies holding you at an airport for hours under anti-terrorism
laws and demanding all your passwords or very unpleasant things that would be
illegal under normal conditions will be done to you, that kind of thing. (The
last example is not intended to be a political statement, just an obvious
topical example of how powerful organisations can circumvent otherwise
competent encryption and thus breach otherwise private communications.)

[Edited to add:] The other big issue, IMHO, is whether people using services
might think them to be reasonably private when in fact they are not. There's
not much value in debating points like the ones I made above if the reality is
that when Joe sends Jane an e-mail he erroneously believes it _is_ already
reasonably secure and private. This is, of course, primarily an issue of
education and in particular of "honesty in advertising", rather than a
technical failure, but it's still a big part of the problem today: why would
people look for better solutions to a problem they don't realise exists?

------
DanBC
> _When I sign up for an email account I expect my emails to be private,
> between me and the people I exchange them._

That's foolish. Ever since it was introduced people knew that email was not
private. You should expect that everything you put anywhere is going to be
read by spies. That's why spies exist; to gather information.

You use that as part of your risk assessment.

"Will I be sentenced to death or torture if this document is discovered?"

"Will I go to jail if this document is discovered?"

"Will my company lose business if this document is discovered?"

"Will I be embarrassed if my terrible teen-angst poetry is found?"

Then you decide how much effort you're going to use to hide the information,
or the source of the information, or both.

While it's right that governments shouldn't be wasting money slurping the data
of everyone it's unlikely to be an argument that the public will win any time.
And even when there are laws "They" will find a lawyer to tell them that what
they're doing is legal, and no-one ever gets to take them through court to
show that it isn't. Oversight fails. You should assume a well-funded
government is reading everything[1] all the time. I suspect that makes more of
a difference if you're in $Oppressive_Regime than in the US or UK.

And if people really did care why would they dump so much stuff onto Facebook?

[1] see the mistakes that people make with creating encryption products, and
using those products, it's probably a good idea to assume you've made a
mistake and this government can read everything even if you encrypt it.

~~~
graeme
You knew, and technologists knew. I'm not sure how many "ordinary" people knew
how email worked.

The closest analogy in the physical world is a letter. We have an expectation
that won't be opened. Unless educated otherwise, a lot of people transfer that
expectation directly.

Cf. mark zuckerberg's early amazement that people would enter all kinds of
information into facebook

~~~
tjr
A better comparison would be a postcard. And in fact, many years ago I was
advised just that: treat email as being as private as a postcard. Most likely,
nobody besides the intended recipient will bother to read it, but a number of
people _could_ read it.

For as much as folks half my age are purported to understand technology, I
think we may have received better general instruction in using the internet in
years gone by... or maybe we were just more wary of it, knowing that we didn't
understand all of the implications.

~~~
graeme
This is a good point. When e-mail was a new option, I assume there were
articles discussing how it worked.

Now, people treat e-mail as a default. Most people my age and younger (28)
never bother to inquire how it works. They just sign up.

Younger people may be fluent in the use of technology, but understanding is a
much rarer beast.

------
apas
Oh. My. God. HN's comments quality is at an all-time low. Can't understand how
many people miss (or ignore deliberately) the point and pedantically focus on
semantics trying to prove a silly counter-point which doesn't add in the
conversation.

~~~
Sprint
Look at yourself.

~~~
joefantastic
Better to martyr than ignore the elephant, no?

~~~
Sprint
Be a better community member and you will get down-vote rights.

~~~
nitid_name
How does that work, exactly?

~~~
czr80
If you have sufficient karma (500, last I knew) you can downvote comments.

------
matho
> if you really believe that you don’t have anything to hide, feel free to
> give me your passwords as a proof of concept.

I do not intend to use a privacy service from someone who claims it is easy
(it isn't) while confusing privacy with authentication.

I may not wish to give up my password because I don't want actions to be taken
in my name: this is irrelevant to privacy concerns.

~~~
loup-vaillant
Then I guess you would have no problem giving him (or anyone else) a read-only
access to all your mail that doesn't mention authentication data (passwords
and such)?

Or a read-only access to whatever online service you're currently using?

------
pothibo
I think nobody _values_ privacy. People don't want to pay for an e-mail
account. People don't want to pay for a social network. People don't want to
pay to read the news online.

I believe that privacy and free (as free beer) is an utopia.

~~~
alextingle
Of course people will choose "free" over "costs something", if all else is
equal. You are not adding much to the debate by pointing that out.

Far more interesting to note that paid services (yes, people used to pay for
e-mail) have largely been elbowed out by services that _look_ as though they
are free, but actually extract their payments by guile and deceit. Now that
the general public is starting to appreciate the value of their personal data,
perhaps we'll see a rebalancing of the market.

~~~
pothibo
I believe you missed my point. Most people outside the tech world have no idea
who Edward Snowden is and what exactly happened with the NSA scandal.

Computers are just a black box to them with something magical happening
underneath (I'm not kidding here). If they don't understand what they are
using, how can they understand the tradeoff between something free vs
something they pay for?

~~~
oskarth
Are you sure about your first statement? Everyone in my family knows about
Snowden. And not because I told them. None of them are even remotely close to
the tech world. I'm from Sweden.

~~~
hawkw
Ah yes, Sweden. A place where there is no technology. At all.

------
Sagat
I think it's better to avoid encryption unless it's for really sensitive
information or knowledge that could hurt you if broadcast. Using Tor or
Truecrypt essentially paints a target on your back: you are paradoxically more
likely to be under surveillance by agencies if you use them, even if you
aren't concealing anything illegal or reprehensible.

~~~
alextingle
Better yet to get _everybody_ to use encryption, _always_.

~~~
Sagat
I agree wholeheartedly, but that's like saying we should make everyone use
condoms all the time to eliminate AIDS. A perfect solution that is
unfortunately unfeasible.

~~~
Nursie
But in this case a smaller group of humans controls the implementation of
software, so it's at least a little more feasible.

------
bayesianhorse
After the past few months there is virtually no situation in which you should
have a reasonable expectation of privacy.

~~~
ctdonath
If you're talking to someone in a public park, and a stranger with a badge
comes up and starts video recording your discussion while commenting "don't
mind me, it's just an administrative search", and this happens to pretty much
everyone all the time, you DON'T respond with "well, there is virtually no
situation in which you should have a reasonable expectation of privacy."

~~~
loup-vaillant
Well, he's right. Expectation of reasonable privacy does not match reality,
and therefore is foolish and shouldn't be done.

Not to say that we shouldn't _demand_ privacy.

------
tech-no-logical
with regard to most people with a grain insight this article is all about
stating the obvious, albeit in very big letters.

I agree nonetheless. apart from the 'give me your passwords' example, that's
not what privacy is about. 'automatically cc me all your incoming and outgoing
email' might be a better analogy.

------
decasteve
Privacy is important. I had a hard time to articulate why but the Groklaw
farewell (posted on HN recently) really hit it home for me. Re-read the quotes
(in grey):
[http://www.groklaw.net/article.php?story=20130818120421175](http://www.groklaw.net/article.php?story=20130818120421175)

------
infocollector
If you do value privacy, please do check us out
[https://register.blib.us](https://register.blib.us) (pre-alpha software,
still being written. We are still looking for early adopters). BTW, we did
double our pre-alpha users in the past one month!

~~~
Loughla
Maybe I'm completely ignorant of the process, but what is the point of a
(marketed as) completely private system that is automatically, and required to
be linked to a google account?

~~~
infocollector
Excuse us for being pre-alpha: (and using Google's OpenID): Its a demo of
OpenID, which can be migrated to many other providers. In Beta, you should be
able to login with 100 other providers, and forget about Google :)

------
jheriko
this is the wrong way to look at the problem. the better statement is 'nobody
should expect privacy (online)' where i would like to stress the brackets
around online as much as i can

if you take steps to ensure privacy you should probably realise that they are
all futile in the face of someone making a targetted effort to break it...

eavesdropping, espionage, noseyness - these are nothing new... see most of
recorded history for examples.

------
legion050
I expect privacy, yet anticipate privacy violations..

