
Bruce Schneier: Google And Facebook's Privacy Illusion - taylorbuley
http://www.forbes.com/2010/04/05/google-facebook-twitter-technology-security-10-privacy.html
======
DanielBMarkham
This is the best thing I've read of Bruce's in a while.

The huge amount of social change -- instituted by the companies in question
and others -- would have been science fiction or fantasy just 20 years ago.
We've never dumped the personal details of billions to each other like we are
now. People can wave their hands around and say it's good, or that it's bad,
but we simply don't know. We do know that it's big. One of the biggest changes
mankind has had in social structure and it's just happening simply because
most folks haven't thought through exactly what they're doing when they
participate in various forms on the internet. It's free, so they think it must
be harmless.

Ironically, we could end up taking an old slogan and changing it around it for
new usage: "Freedom isn't free"

~~~
joe_the_user
_People can wave their hands around and say it's good, or that it's bad, but
we simply don't know._

Hmm,

It's funny but if someone said to me, "hey we're going to do this experiment
on people, it might hurt them and it might harm them, would you like us to it
on _you_ or would you rather watch while we do it on Bob here", you know, I'd
say "do it on Bob if you must and I'll watch and see if seems like a good
idea..."

~~~
billswift
In that sense, _everything we do_ , especially when we produce something new,
is an experiment since we rarely can predict many of the consequences. Most of
the people responsible for the creation of the automobile, and most who bought
the early ones, would probably have preferred to keep shoveling horse manure
if they could have foreseen many of the social and cultural changes the auto
has brought about.

~~~
joe_the_user
You a right. Experimentation is good.

However, I would posit that, for most people to be willing to experiment and
to be ready to enjoy the process, there has to be a pretty strong limit to the
downside.

Being put into a position where "hey, _anything_ can happen to you" is
probably only appealing to the very small, very entrepreneurial segment of the
population.

Moreover, sharing all of your intimate details with the world is much more
like the situation where you have a lot to lose and mostly likely only a small
amount to gain - except if you're a celebrity.

------
elwin
This just made me realize:

Online privacy controls are like DRM. They are both attempts to control what
happens to information after giving someone else complete control over it.

"We may not mind sharing our personal lives and thoughts, but we want to
control how, where and with whom. A privacy failure is a control failure."

Paraphrase: "We may not mind consumption of our music and movies, but we want
to control how, where and with whom. A copy restriction failure is a control
failure."

If a video can be decrypted for viewing, it can be decrypted for torrenting.
If Facebook can show your messages to your friends, they can show them to
advertisers.

Bruce suggests legislation, but I'm afraid it will be as futile as the DMCA.

~~~
ashearer
There are crucial differences between online privacy controls and DRM in not
only in what kinds of information are covered, but how, and who is limited.
DRM is about technological controls weaved into the information itself,
applicable to all its consumers. Online privacy controls are voluntary
promises made by single actors, such as Facebook and its partners.

It would be more apt to compare Bruce Schneier's proposed privacy legislation
to the original introduction of copyright law than to the DMCA. Right now
basic privacy laws hardly exist (EU excepted), and in their place is a
frontier of one-sided contracts that change at the discretion of the
information recipients. It would be skipping a step or two to go straight to
DMCA-like additional legislation to prop up technological controls that
attempt to narrowly enforce the basic legislation, when we haven't even
figured out what the basic legislation would be.

Another big difference is the asymmetry between the number of producers and
recipients: privacy is about relatively few companies receiving data belonging
to many people, while copyright is about many people receiving information
from fewer authors. Among other effects, that would tend to make enforcement
of privacy easier than copyright, since the potential lawbreakers would be
both fewer and highly visible. Facebook breaking a law is a big deal, and
therefore difficult even without any technological restrictions. (Of course,
getting such a law passed would be another story, and comes down to whether
privacy sufficiently captures the public's imagination.)

------
jiganti
The crux of the whole internet privacy issue is this: will people be
culturally conditioned to accept whatever privacy norm their society pushes on
them, or is it ingrained in our nature to find only a certain level of privacy
acceptable? It's your classic nature/nurture question.

------
magicalist
keeping google and facebook's actions fully in the light is good (and stronger
privacy laws would be great), but it continues to be rather intellectually
dishonest to allude to that eric schmidt quote in this context.

actually I think the recent twitter subpoena business showed him to be exactly
right. hopefully no one was stupid enough to be conducting wikileaks business
via twitter DMs:

 _Q: People are treating Google like their most trusted friend. Should they
be?

A: I think judgement matters… If you have something that you don’t want anyone
to know, maybe you shouldn’t be doing it in the first place. But if you really
need that kind of privacy, the reality is that search engines including Google
do retain this information for some time, and it’s important, for example that
we are all subject in the United States to the Patriot Act. It is possible
that that information could be made available to the authorities._

~~~
Joakal
Go to an cafe with no camera, use TOR, HTTPS, etc. But.. the thing with search
engine terms is this:

1) Look up civil rights movement topics 2) Look at porn 3) Type up names of
people you know out of curiosity 4) Type your own name 5) Look up medical
conditions

Each search term alone is pretty useless, but combine them all, there's a high
likehood of search terms being associated to create a rudimentary profile on
the fly.

Consider that the above is a pretty weak example, the better example would be
hundreds if not thousands of search terms relating to stuff of interest.
Search programming topics all the time? User is programmer. Looking up porn
too? User is programmer and porn searcher. etc.

What it means? Google can return programming ads and porn ads which are highly
relevant. The other issue is that if you accidentally put in certain pretty
unique search terms, your profile becomes very unique. A friend who works at
Google could read that you search porn often. Hence, privacy advocates are
pretty concerned.

I'm describing the AOL search engine debacle:
[http://articles.technology.findlaw.com/2006/Aug/22/10208.htm...](http://articles.technology.findlaw.com/2006/Aug/22/10208.html)

~~~
Create
“Sir, calm down, please. No, I’m not looking at your searches,” the man said
in a mocking whine. “That would be unconstitutional. We see only the ads that
show up when you read your mail and do your searching. I have a brochure
explaining it. I’ll give it to you when we’re through here.”

<http://blogoscoped.com/archive/2007-09-17-n72.html>

------
Anth-ny
Schneier says the right to privacy is a right to control personal information.
While that's true, it's only part of it, and it doesn't capture the
fundamental problem of privacy. The fundamental problem is about those
situations where you can look into your neighbor's back yard, but you decide
not to do so. It's therefore more of a civil obligation. The corresponding
right for the neighbor is to have the expectation of not being watched.

[http://www.anthonyettenroc.com/anthony/2011/1/16/google-
and-...](http://www.anthonyettenroc.com/anthony/2011/1/16/google-and-
facebooks-privacy-illusion.html)

~~~
loup-vaillant
I think you'll agree that privacy is about not leaking personal informations
in unwanted ways, period. "Control" sounds like an excellent fit. Now there
are various _means_ of control.

One of them would be the expectation you speak of. The goal stays the same
though: I don't want my neighbour to know the size of my d---. I want to
control who knows that.

Another mean would be trust. When I tell something private to a friend, I may
trust her not to tell anyone else. I still want to control who knows that
"something private".

Yet another is plain paying attention. If my backyard is visible from the
outside, then someone may look inside _accidentally_. In that case, I cannot
reasonably expect no one will see. Same thing with Facebook, only worse.

~~~
Anth-ny
That's the point. We increasingly _can't_ control the information about
everything we do, but we trust and have the right that the neighbor who
accidentally saw us does the right thing.

~~~
loup-vaillant
You seem to have given up on direct control. Wait for the FreedomBox, it ain't
over.

One neighbour may do the right thing. But 10? 100? It would be good to be able
to trust them all, but I see this as even less probable than recovering direct
control.

------
rblion
Facebook's power has always and will always be grounded on how many people you
CONNECT with and how much you SHARE with them.

------
ajl2011
The bigger they are the harder they fall.

