
A radical proposal to keep your personal data safe - ngcazz
https://www.theguardian.com/commentisfree/2018/apr/03/facebook-abusing-data-law-privacy-big-tech-surveillance
======
AdmiralAsshat
I wish we could find a way to apply the model of the vending machine to mass
commerce.

A vending machine doesn't make notes of who buys its products. A vending
machine doesn't keep logs of its transactions or of the payment methods used.
A vending machine does not make "recommendations" of what the consumer might
like based on their past purchases. You give the vending machine a dollar, it
gives you a soda. The transaction between consumer and vendor is done, and no
tangible evidence of the transaction remains, other than the exchanged goods.

But we haven't figured out a way to scale the vending machine model yet,
because when the machine gets stuck and fails to dispense its product, the
consumer gets an attendant to help or kicks the thing a few times in
frustration and walks away, because the lost dollar isn't worth the hassle. If
someone paid $1500 for their laptop, however, they're going to want that
convenience of being able to prove they purchased the laptop from XX retailer
and be compensated if the thing is a lemon.

I'm not sure we can solve this problem, completely. But we might do better if
we actively aspired to make our services more like vending machines.

EDIT: Yes, I'm aware that some vending machines these days can be paid by
credit card. My university even had one where you could pay using your Student
ID, which was linked to the balance allocated for your meal plan.

~~~
rbranson
Problem is that vending machines don’t scale. Consider that much of the
“tracking” on a site like Amazon.com are to overcome the inherent problems of
finding products in such a massive catalog.

~~~
dhimes
To add to this, what if the vending machine was able to dispense 1000 things?
And let's say that you are diabetic? Wouldn't it be nice if the sugar-free
treats were easy for you to find? And the organic stuff easier for those
seeking them to find? Etc. etc.

Somewhere there must be an intelligent balance.

~~~
bjpbakker
> Somewhere there must be an intelligent balance

In practice though this is mostly biased towards the revenue of the company
selling the goods, not towards your health requirements.

~~~
AndrewKemendo
It's in the interests of the company to align those however - so these don't
conflict. If your customer is healthier and lives longer because of your
service, that is beneficial to both of you.

~~~
mrob
Good health of the customers benefits competitors too, so it's a type of
commons. By the Tragedy of the Commons, it's in the company's interests to
damage the health of their customers for short term profit. If they don't then
a competitor will.

------
nwah1
This seems like such a losing battle. Payments on public transit could become
anonymous, but the video feeds would still be recorded, and facial recognition
could be easily performed.

The cat is out of the bag. Information technology makes this data accumulation
inevitable. Likely even for those who walk around with a face covering all
day, pay only cash, and don't use smartphones. By doing those things you
actually make yourself more noticeable, in a lot of ways, and are still
trackable.

There are some cryptoanarchist ways to achieve practical privacy, to all but
the most dedicated governments. Yet, those technologies have severe downsides
for both individuals and society at large.

There's no obvious way out of this conundrum. The concept of the Participatory
Panopticon is one proposed solution, and is less top-down, but not necessarily
any less capricious than centralized authority.

The best safeguards are to create strong institutions, informed citizens,
stable economies, and all the usual boring social reform stuff that tech geeks
hate and think is mushy, unchangeable, hard to study, and likely irrelevant.

~~~
dcow
It's also interesting to look at Stallman's tone: he's defeated. "What can be
done about privacy Mr Stallman?" " _Society_ needs to care more." It's the
same tone JPB had when asked about how the EFF can have an impact on younger
generations who take the internet for granted. "They need to care more. And
education."

They're not wrong, of course. And your comment is very similar: the problem
isn't the technology, it's the impetus of society that needs to change.

~~~
ABCLAW
I mean, they're kinda wrong.

You can care plenty about these issues but not see an actual way to have
impact such that your concerns are addressed. If society isn't caring, then
either society doesn't see why there's a concern, or society recognizes that
atomically it does not have _agency_ to address the issue, and the people who
do have that agency are the ones that don't give a shit.

~~~
TeMPOraL
Saying "society needs to care more" is the last stop before the final
destination of "this can't be done". Getting great many people to coordinate
on something that's beneficial to them long-term, but carries an (even
insignificant) short-term cost is one of the hardest (if not _the_ hardest)
things to do, out of all the things humans ever tried.

~~~
dj-wonk
I interpret "society needs to care more" as a challenge: what can we do to
make society care more? Put another way, I view this as a collective action
problem.

~~~
CWuestefeld
The classic solution to collective action problems is to have the government
take care of it.

But here, the government is probably the biggest offender. You'll pry their
databases and TSA inspections from their cold, dead hands.

------
fortythirteen
Expecting groups of people (tech companies or government) to purposefully do
something that is disadvantageous to their bottom line, for nothing more than
ideals, is a pipe dream.

The real question is personal and harder to answer: "Do I really need this
_information_ technology? Is it making my quality of life any better than my
ancestors?"

The more I ponder this question, the more I'm convinced I could live an
equally happy and fulfilling life outside of the majority of consumer
technology that has been introduced in the last 20 years. I benefit from a
career creating that technology, but I'm partaking in it less and less once I
clock out.

~~~
f_allwein
Well, the example given here is Transport for London, which is almost
impossible to travel without using an Oyster smart card. So yes, pushing for
legislation along the lines proposed in the article would make sense.

~~~
pwg
The Washington DC Metro switched over to their equivalent a few years back,
the "Smartrip Card", retiring their previous paper with mag-stripe cards in
the process.

My 'solution' to not being tracked is that the Smartrip Card I was forced to
then buy was bought with cash, and has only ever been refilled with cash.

So their systems know that card # 828272823 (made up number) has traveled here
or there (I don't use it much, so there's not many trips on it anyway) but
they don't know 'who' is using that card.

If they ever drop the ability to use cash to top up the card, then the card
will go in the garbage bin and I'll not ride the system again.

~~~
bo1024
Your (attempted) solution illustrates the potential dangers of data
collection.

There are many companies with some timestamped location data about you: cell
phone company, email or social media, credit card company, etc.

Just a bit of that data combined with Smartrip data would de-identify you as
the owner of that card, and all of your anonymity about your metro trips is
lost. For example, three or four trips where you used a cell phone at either
end of the trip; credit card purchases in different locations; maps directions
on your phone; or so on.

This is not far from plausible. I could see the DC Metro naively choosing to
sell "de-identified" data to third parties, who can also purchase e.g. credit
card data.

------
cobbzilla
I love RMS but I'm not holding my breath waiting for any government laws to
protect me.

For what it's worth, neither is RMS, if you've read about how he uses the
Internet.

Let's keep building the free software tools so anyone can easily get the level
of privacy they want for whatever they're trying to do. We've made so much
progress but there's still so far to go.

Do not to look UP to authority for hope - look AROUND at your fellow citizens
working hard to bring free privacy software to everyone - that's who's going
to fix this, because no one else will.

~~~
ryanbrunner
One of the problems is that the software you run on your own computer hasn't
been the major source of privacy concerns in a long, long time. That isn't to
say that software on your computer doesn't track you, but it's dwarfed by the
amount of tracking and privacy issues that you need to compromise on to use
the vast majority of the internet.

It's noble and laudable to take the same stance towards freedom and privacy
that RMS does, essentially check out of the modern internet, and reduce your
web usage to calling wget on a shell, but that's not a workable solution for
the vast majority of people.

~~~
cobbzilla
Give me a break, is this not classic fallacy of making "perfect" the enemy of
"better"? With an attitude like that, things never improve.

Privacy protection exists along a gradient. Just because one does not want to
sit at the far end with RMS does not mean we just throw up our hands and say
"well, I guess I have to give up all my privacy, because I can't do what RMS
does."

And as I said, there's still a lot of work to do. So let's get to it and stop
the nay-saying!

~~~
ryanbrunner
I'm not arguing that at all - precisely the opposite, in fact. I'm saying that
so long as we put privacy in the hands of end users and don't hold service
providers responsible (the point I was replying to), we more-or-less cripple
our ability to utilize the internet that exists today.

~~~
cobbzilla
We can use strong end-to-end encryption to evade snooping middlemen. Beyond
that, we hold service providers accountable by not using their services if
they are not willing or able to provide the security and privacy we require.

If you want an authority to hold them accountable, you are just shifting your
trust from one entity you have little/no control over, to another entity that
you have little/no control over.

Look around, not up. An authority will not solve this. We must solve it,
together.

------
madez
The article raises good points. One important aspect is missing though; the
reliance on web services, SaaS, and the like. Free software is not enough. We
need free software that runs locally and offline.

~~~
adrianN
RMS is also against SaaS (or Software as a Service Substitute, SaaSS), but
AGPLv3 SaaS would be a step in the right direction. At least then you could
examine the source code and see what data is collected.

Edit: s/GPL/AGPL/

~~~
digi_owl
The source you directly interact with perhaps. Can you say for sure that the
code running at the server end is the one in the repo or tarball?

~~~
adrianN
Of course not, but the same can be said for local software. You usually don't
build from source. But at least you can inspect your own network traffic more
or less reliably.

Having everything be AGPLv3 is not perfect, but I think it would be an
improvement over the current state of affairs.

------
DataWorker
Obviously this proposal will be rejected because both companies and
governments are addicted to the power to control and manipulate that data
gives them. We need a strong leader who will go against the grain of these
massive entrenched interests and be willing to stand up to the media onslaught
such a stance will bring. The mainstream media will attack anyone who
threatens their advertising based business model. When will there ever be a
leader that doesn’t bend to the will of the media and deep state surveillance
machine.

~~~
jonathanstrange
1\. We don't need a strong leader. Fascism and authoritarianism have zero
interest in the privacy of citizens. Never had, never will.

2\. Power corrupts, so the overall answer is: never.

~~~
confounded
Leadership != fascism.

Change from below requires organization and coordination, and those things
require leadership.

Were MLK or Ghandi fascist, because they were effective leaders?

Frankly, I find more of a fascistic tinge in the stock HN response to
surveillance:

\- Governments will never do anything; democracy is not fit for purpose

\- A ‘natural elite’ of hacker _Übermensch_ can avoid dystopia for themselves
with hacking skills and expensive crypto currencies. The masses cannot be
saved as they are inherently stupid and submissive. Things will always get
worse, especially for them; abandon them.

Why such fatalism? The GDPR hasn’t even hit the books yet, and it’s having a
transformative effect on how large US tech companies process data for
_everyone_. We’re just beginning to see the tide turn on public opinion on
Facebook.

I’ve hope for popular interest in privacy and anti-authoritarianism yet.

~~~
Htyv
Leadership != fascism

Leadership + time = fascism

~~~
confounded
Are you _really_ implying that all groups of organized people are fascist
sleeper cells?

That MLK and Gandhi were saved from their Hitlerism by assassination by heroic
ethnic-separatists?

~~~
Htyv
I'm repeating the well-known saying that power corrupts. A leader is a baby
fascist.

------
LinuxBender
There are LED street lights that also double as security cameras. Soon, you
won't even see where the cameras are. The cameras are nearly impossible to
spot. They are being tested in a few cities. I believe there is still an
ongoing legal battle in San Jose for these.

The cameras are placed in the public domain, but they can see into houses on
every street. I believe Google had some issues with peering into homes and
storing that data. Will cities face the same issues? The Google car only gets
data when they drive down the street. These cameras will gather data 24/7
using low-lux (low light) cameras.

------
walterbell
We need new business models which depend on user-owned data, rather than
treating privacy like a charitable contribution for saving the trees.

Instead of citizens sending data to the cloud, corporations can send code to
citizen-owned devices where local computation can take place, with data only
leaving via an open-source content inspection engine that enforces citizen-
consent policy.

~~~
pmlnr
You mean something like this?:

[https://ruben.verborgh.org/blog/2017/12/20/paradigm-
shifts-f...](https://ruben.verborgh.org/blog/2017/12/20/paradigm-shifts-for-
the-decentralized-web/)

------
empath75
I think creating a legal regime where corporations are financially responsible
for damages created by misuse or leaking of personal data would discourage
companies from collecting the data in the first place.

By all rights, the equifax databreach should have ended the company. Instead,
they're likely to profit from it.

------
ballenf
I don't know about this, but I'd love to see Apple make 3rd party data
aggregators individually authorized or not via system dialogs. It would
require some policing, but shifting these to opt-in instead of opt-out would
be an amazing step in the right direction.

App authors would then be able to decide whether they wanted to let you use
their app despite you declining to let them send/sell* your data to a third
party.

* most app creators would claim they don't sell users data. But they need to acknowledge that when they receive free telemetry services for their app from a 3rd party, they are doing exactly that: selling user data in exchange for a service that would otherwise have some expense (in dev time or otherwise).

------
zzzeek
> Video cameras should make a local recording that can be checked for the next
> few weeks if a crime occurs, but should not allow remote viewing without
> physical collection of the recording.

it would suck if the terrorist bomb also took out the cameras themselves.

I have cameras at my house wired to a local unit. It's mostly for convenience
and looking for animals and not very serious for security; any well-respecting
house prowler would want to take the recording unit from my server area so
that I wouldn't have any video of who broke into my house.

~~~
LinuxBender
The data could be stored encrypted on a VM and cycled off after {n} hours.
With the right codecs and encryption, you could likely store a couple days of
motion on a small amount of storage. If uploaded in chunks, you might miss a
couple minutes prior to the unit being destroyed. I suppose protecting your
internet uplink becomes important at this point.

~~~
QasimK
Just store the encrypted files in AWS S3 (or equivalent)?

~~~
LinuxBender
That works too. And maybe use ffmpeg to encode + 7-zip (p7zip 7za on linux) to
encrypt and name the chunks based on date in a programmatic / deterministic
manor.

------
irq-1
Well written and argued, but I have two issues.

First, it's arguing against the natural evolution of technology.
Centralization is a re-occurring feature of software systems due to it's
technical benefits. Data collection, organizational structure [0] and other
considerations also affect centralization, but their existence doesn't negate
the technical considerations. Whether an ATM or bus card system should be
(de)centralized is partially a technical issue: what networks are available
and how reliable are they, what's the cpu/mem/storage of the end points, how
often do we update, etc...

Second, restraint of Governments might be aided by making collection more
difficult, but Governments can deploy large groups of people for long periods,
while individuals and smaller groups cannot. Youtube and cellphone cameras
empower the weak, while the old technology of cameras belonging to local
businesses [1] benefit only the Government (or very large groups.)

[0] "organizations which design systems ... are constrained to produce designs
which are copies of the communication structures of these organizations."
[https://en.wikipedia.org/wiki/Conway%27s_law](https://en.wikipedia.org/wiki/Conway%27s_law)

[1] "There is a gap in the footage from about 9:18 p.m. to 10:39 p.m., which
covers the time when McDonald was shot by Officer Jason Van Dyke on a nearby
street." [http://www.chicagotribune.com/news/ct-shooting-laquan-
mcdona...](http://www.chicagotribune.com/news/ct-shooting-laquan-mcdonald-
burger-king-video-met-20151203-story.html)

------
eecc
The Netherlands used to have
[https://en.m.wikipedia.org/wiki/Chipknip](https://en.m.wikipedia.org/wiki/Chipknip)
but then it was retired. Weird, I thought it was pretty sweet, and anonymous.
Maybe not, or perhaps it was too good and that’s why it’s gone

------
fit2rule
I want OS vendors to wake up to this and give me a way of storing all the
social-network'y stuff on a USB stick.

When I'm using that social networks interface, I put the USB stick in my
computer - and _my_ computer makes that data available to the network. Then,
when I'm done using it, I turn off the interface, take the USB stick out and
put it in storage somewhere. The _only_ parts of the data that are available,
are the bits I copied to the social network while I was using it, and it can
have those bits while I'm away to do with as it pleases.

I truly believe this is a function and responsibility of the local operating
system, not the network.

If only the OS vendors were paying attention to these issues instead of .. you
know .. trying hard to be the next big social network.

------
tuukkah
For a privacy-centric approach that is also compatible with GDPR and business
needs, there's the MyData conference in the end of August:
[https://mydata2018.org/](https://mydata2018.org/)

------
cik
The larger issue is the natural tug of war between government and industry.
Pretending that such a 'law' could be passed - and globally, ultimately
industry would find some way to effectively collect this data by doing
something that is completely legal - based on the text of the law. In some
cases (say a public data company...) there could even be a legal duty to do
so, in order to comply with varying edicts already on the book.

The real issue is that people opt to ignore Stallman - he was right. By opting
to use these services, whether you pay for them or not, you're acquiescing to
being the product.

------
chme
Even if such a law would become effective somewhere I could imagine ways
around this:

What would happen if a transportation service provider would also offer the
service of collecting points dependant on the used stations and those points
can be used for special offers.

This way they 'need' to collect movement data to check for abuse of the system
in order to offer the 'basic' functionality.

I agree with RMS, but it might be difficult to express such law without
loopholes for companies.

------
Nomentatus
So I can pay Amazon anonymously. That's nice. Now what about anonymous
delivery? It could be done, with the address being sent to the Post Office as
needed, for example; with Amazon not delivering the package.

RMS might want a law saying that whoever sold goods, couldn't also deliver
them?

------
andrewshadura
Ironically, the article is published under a non-free license.

~~~
ssaew333
Look what I found at the bottom of the article: "Released under Creative
Commons NoDerivatives License 4.0"

So you can distribute this freely, as long as you acknowledge the author. And
since it's content, not software, it's not imperative to allow modification.
(Fair use still applies to critical responses)

You're being way too picky.

------
voidmain
Hoping that governments are going to outlaw surveillance, when they are the
biggest practitioners and customers of surveillance, seems... optimistic.

------
yarrel
GNU Taler seems to be such a betrayal of the GNU project's principles. Baking
state surveillance into software isn't something GNU should be doing.

It's as if GPG was an implementation of the Clipper Chip algorithm because,
you know, otherwise it might be used for ~~tax fraud~~ terrorism.

~~~
confounded
Personally, of all the crypto currencies it's the one I'd like to pay with
most. I _want_ companies I transact with to pay taxes, while preserving my
psuedo-anonymity. I have no interest in using a volatile asset for an single
transaction.

Happily there are plenty of others to choose from, too, but I'm glad that one
with these overall design principles exists.

------
feelin_googley
"There are so many ways to use data to hurt people that the only safe database
is _the one that was never collected_.

...

The basic principle is that a system must be designed not to collect certain
data, if its basic function can be carried out without that data."

Frills on the system, such as [some feature conceived by PM or developer], are
not part of the basic function, so they can't justify incorporating any
additional surveillance."

These additional services could be offered separately to users who request
them."

The title is "A _radical_ proposal to keep your data safe."

But this doesnt sound "radical" at all.

To recap:

1\. Dont collect data when unnecessary for the user.

2\. Applications which perform a single function.

3\. Additional "features" (i.e. more code) that add more functionality and
make applications more complex are fine but they should be _optional_ (e.g.
not pre-installed or automatically added via "updates").

~~~
admax88q
> But this doesnt sound "radical" at all.

It really is radical to the current culture of silicon valley where every
product must be "smart," collect user data to provide recommendations and
"analytics."

There is little restraint done by companies on what data they collect, only on
access to that data once collected. It really is a radical culture shift for
these companies, and all the engineers that work for them, to switch to a
attitude of only collecting what is truly necessary.

------
MrQuincle
Tell me how someone anonymous travels from day to day and I will tell you who
he or she is.

To decouple identity data from other data does already not work in theory.
Moreover, it is also in conflict with the ability to retract personal data. If
data is anonymized, it is not possible anymore to get rid of your personal
records.

Homeomorphic encryption is the only method that might make a dent here. Laws
will be broken.

