
The Privacy Revolution that never came - remx
https://journal.standardnotes.org/the-privacy-revolution-that-never-came-23b5855df153#.h4qiif6b0
======
ThePhysicist
The problem is not that software developers are sleeping, it's that most users
do not care much and are not willing to pay for privacy despite saying it's
important for them. This might change when people actually realize what
companies can and will do with their personal data and how easy it is to
categorize, predict and manipulate people with only a little of their behavior
data. Until then, people will just enjoy their free search engines, social
networks, phone operating systems and will be content paying with their
private data.

Some things are changing for the better though: Many people finally become a
bit more informed about privacy, also thanks to the effort of journalists
uncovering some of the biggest data scandals.

In addition, at least for EU citizens the situation should massively improve
on May 25, 2018, as then the new EU data protection directive will come into
force, which will significantly increase the rights of people to control how,
when and by whom their data can be used. And with a maximum fine corresponding
to 4 % of the worldwide revenue, companies will finally have some good
incentives to be more careful with the data of their users.

~~~
Arizhel
>it's that most users do not care much and are not willing to pay for privacy
despite saying it's important for them.... Until then, people will just enjoy
their free search engines, social networks, phone operating systems and will
be content paying with their private data.

What's worse is that there are privacy-respecting alternatives available out
there, all for free or close to it.

For search engines, you can use startpage.com and duckduckgo.com.

For social networks, you can use Diaspora. You might have to pay for a cheap
hosting account though.

For phone operating systems, you can use LineageOS (formerly CyanogenMod).

For PC/laptop OSes, you can use Linux.

But no one wants to bother with any of these things. They'd rather use
whatever's mainstream, and they're perfectly happy to post all their private
information on Facebook for the whole world to see.

~~~
afarrell
> For PC/Laptop OSes, you can use Linux

How many people who had no relationship with a university have you gotten set
up on Linux? There is a solid chunk of people that just cannot afford the cost
of running Linux once you take into account the risk of having to spend a
bunch of time mucking about with your package manager or something else with a
high cognitive cost.

Granted, I switched from OSX to Ubuntu back in 2013.

~~~
Arizhel
This is total BS. I've set up two friends with Linux Mint machines; one is
elderly and the other middle-aged and not a techie at all. Both of them are
quite happy with them because they never have any problems, and I almost never
have to even answer any questions. I did give them each a 15-minute
orientation course beforehand, but considering that KDE works a lot like
Windows (before the whole Win8/Metro debacle), it wasn't hard for them to
adapt. WhyTF would they need to "muck around with a package manager"? And how
is that harder then messing around with Windows' total mess of "installers"
which don't do proper package management at all? In fact, Linux package
management is superbly easy: just open up the software center, search for
whatever you want, select something, read the description, and click "install"
and type in your password. How is that hard? It's sure a lot easier than
looking for random software on random webpages and worrying about it having
malware baked-in like most Windows software on places like download.com.

------
scandox
> Kids today are growing up with iPads in their laps that teach them how to
> code.

No. They're growing up with iPads in their laps that teach them how not to
code. Computing used to be creative perforce. Now the larger trend is to
consumption - perforce.

There is a heartening smaller trend to creativity with Pi, Arduino etc...but
it is tiny compared to the mainstream use of computers.

~~~
rimantas
And how many reading books 60 years ago were learning to write them?

~~~
1_2__3
What a profoundly ridiculous comparison.

~~~
lowkeyokay
Why do you think it is rediculous?

------
jasonkostempski
"Apathetic software developers who refuse to take the privacy fight
seriously."

This article is hosted by a third-party and has Google Analytics.

~~~
the_greyd
I get what you are saying - "Practice what you Preach", but wouldn't blame the
author for using Medium for reaching a broader audience. Many developers do
use Medium. Advocacy which is done on invasive but popular platforms such as
Facebook, and Medium (which is not the worst but still) is better than
Advocacy done in a way aligning with each and every ideological belief that
you have. Those two do not have to be mutually exclusive, but sadly the
current scenario is different.

~~~
794CD01
Is it really? RMS doesn't appear to have a problem reaching as broad of an
audience as is willing to listen to him, and afaik he does not compromise his
principles by using non-free software.

~~~
the_greyd
I disagree with the statement. But let me make this clear, I think RMS is
great, and plays a very important role in todays society. He has an
exceptional devotion to his ideology, but seen from a normal person's eyes, he
is an extremist. For this normal person,(and the masses in general) abstaining
from propriety services is not the solution. You cannot expect everybody to
just install Linux and start using FOSS alternatives (as things are now). The
barrier to entry is too high.

The end result is that we are trapped in our own bubbles, preaching to only
those who already agree with us. Ideological purity goes on to alienate
people. The new generation of computer scientists, developers are not exposed
to these ideas, because they are not as accessible. They are using facebook,
slack and medium, and we refrain to use those. These are tradeoffs, and
clearly, there is needs to be a balance.

~~~
794CD01
And by tradeoff, you mean you are giving your usage, which is all these
platforms really want from you, and in exchange, you get the ability to reach
an audience who is not interested in the ideology you're preaching. Is that
accurate?

------
superkuh
Says the guy who choses to use a centralized Medium web service to host his
words.

~~~
newsat13
And uses Google Analytics

------
hammerandtongs
If you'd like something concrete to DO about this as a software developer -

Deploy your server into sandstorm.io

[https://sandstorm.io/news/2014-07-21-open-source-web-apps-
re...](https://sandstorm.io/news/2014-07-21-open-source-web-apps-require-
federated-hosting)

~~~
simplehuman
Yes, or cloudron.io.
[https://cloudron.io/get.html#selfhost](https://cloudron.io/get.html#selfhost)

------
libertymcateer
I am a practicing IP, software and information attorney.

I wrote (as in, me personally, in Node) and just released
[http://gibber.it](http://gibber.it) , which is currently in beta, to allow
users to send end-to-end encrypted messages through basically any place in a
browser that you can enter text.

It currently works quite well on gmail, nytimes.com comment boards and on
reddit. It will soon be working on facebook (their content-security-policy is
very strict - rightly so - and I am making the extension compatible with these
requirements).

* It currently functions as a chrome extension.

* Sign up, invite connections just like any other social network.

* Encryption is end to end, AES 128 with nonce'd salts.

* Use a password you share with your connection (NOT your login password) to send connection invites - this is used to encrypt your keys during the invite process. (Make sure to accept the return invite! This is how your connection sends his or her keys back to you. Also note that you will likely need to reload any tab running the extension after accepting an invite in order to get the keys to load.)

* Use the chrome extension to encrypt and decrypt messages as you browse.

You can see it in action here:
[https://www.gibberit.com/#!how](https://www.gibberit.com/#!how)

Mobile coming soon. HIPAA compliance coming soon.

Terms of Service Here:
[https://www.gibberit.com/terms](https://www.gibberit.com/terms)

Privacy Policy Here:
[https://www.gibberit.com/privacy](https://www.gibberit.com/privacy)

Please note that the system is in BETA. Still many tweaks to work out. Use is
at your own risk.

Please feel free to ask any questions you may have. I welcome any and all
feedback. Love the system? Hate the system? Please let me know. More about me
here: [http://www.lawyernamedliberty.com](http://www.lawyernamedliberty.com)

Edit: Please note that the gibberit homepage - AND NO OTHER PAGE - uses google
analytics. This is clearly detailed in my privacy policy. Aside from that, I
do not use any tracking software.

------
forgottenpass
_Why software developers are holding us back_

I know it's more fun to play blame the nerds, but this author needs to sit
down and have a bit of a think about why they're blaming people for building
the things they were paid to build, rather than the people who decided that
the things should be built. But there are no easy answers there, all you get
is a sense that there are an overwhelming number of force vectors that all
make the status quo happen.

If the moral imperative is on engineers to band together, and refuse work for
the purpose of breaking us out of the feedback loops we're in, you're going to
need a lot more principle and actionable advice in your argument than some
shitty hand-waving to throw developers under the bus so you can huck your
notetaking app.

~~~
philovivero
Best and most-relevant comment, as always, just sitting down here at the
bottom and all lonely.

Blaming engineers for this problem is shooting the messenger. Engineers, so
far as I can tell, are the only group who do care about privacy, and spend
their hard-earned free hours making products to address it. They're soundly
ignored by consumers, who quite frankly don't give a shit.

But I guess "blame the nerds" is all the rage these days. Just like it was
when I was a nerdy kid in the 1980's. And just like it was when my dad was a
nerdy kid in the 1950's. It's never enough, nerds. Give more to society. Work
harder for free.

------
spunker540
The doomsaying about privacy in this article is way overblown if you ask me.

I agree that most of these big companies/governments are greedily collecting
as much data as they can without even a clear plan of how it all will be used,
and that the amount of data being collected is definitely way more than most
users know.

But will I someday be prosecuted for the news articles I read or the songs I
listen to or my amazon purchases or my google searches? I guess maybe, but
that is a HUGE maybe.

If the number one motivator for internet privacy is so that _if_ there is
someday an oppressive totalitarian government I will be safe, then I'm not
convinced. Besides - I doubt the new government will really be stymied by my
use of a private server.

The truth is most of the data collection benefits us all in at least some
small way. Spotify provides better recommendations, google provides better
search results. Even the ads we are served are more appropriate for us (for
better or for worse).

And when people do absolutely need privacy there are suitable options already
available. But these are niche products for a reason: most people lead
innocuous lives.

~~~
pjc50
> But will I someday be prosecuted for the news articles I read or the songs I
> listen to or my amazon purchases or my google searches?

In case you've missed it, there have been a lot of articles on HN recently
about US immigration going through people's phones and social media accounts
looking for things they can use against them. e.g.
[https://news.ycombinator.com/item?id=13702981](https://news.ycombinator.com/item?id=13702981)

Totalitarianism doesn't turn up all at once. It starts against _those_ people,
one person and marginalised group at a time.

~~~
spunker540
Do you really think that writing our own encrypted messaging apps and using
our own servers instead of Azure/AWS/Google is an important step in protecting
ourselves from a totalitarian government? It seems to me to be too little too
late

~~~
pseudalopex
Decentralization and encryption make mass surveillance harder to implement and
harder to hide, so yes. Technology alone isn't enough, but technological and
political approaches support each other.

~~~
spunker540
You know what else would make mass surveillance hard? If we encrypted all our
hand written notes and invented spoken languages known only between friends
and families-- but sometimes privacy is sacrificed for the sake of
convenience.

Clearly there is huge variance in the value individuals place in privacy. And
I guess that is where the author and I disagree.

~~~
pseudalopex
Mass surveillance of handwritten notes and in-person conversations is
impractical because they're decentralized.

Would this site be more convenient without forward secrecy? Would WhatsApp be
more convenient without end-to-end encryption?

------
educar
Many people are doing something about this. Change is slow but surely
happening. We don't have the right products to trigger a privacy revolution
but they are being built. Deploying a server and installing most of the apps
required for day to day use had never been simpler. See cloudron.io and
sandstorm.io (though sandstorm seems to have failed to find a business model).

------
mahyarm
This kind of argument is like shaming people for not using solar panels or
some other green tech because they are too 'lazy' to make the sacrifice. Or
shaming people for not using linux as their desktop operating system. Or for
using MP3s.

The reality is you need to make the economics and usage of it better than the
current de facto reality. There are reasons why the current status quo is the
status quo, and you have to be more compelling than the status quo to beat it.

It's why signal forces everyone to use phone numbers as identifiers & use
google play services. It is why PGP has failed. It is why your next consumer
privacy product will probably still use those cloud services, but client side
encrypt.

Now that solar panels are meeting the price of gas, we will very soon see
solar overtaking a lot power plant production in the world. Because it will be
the cheapest.

------
saycheese
Author is wrong, privacy is driven by culture, not technology.

~~~
ckozlowski
I don't think I could agree that the "author is wrong" without some cavets,
but I do agree that privacy is in part driven by culture. As an anecdote, I
recall when I lived abroad just how many of my German friends used false
information in their Facebook profiles. They were rarely under their real
name, and the pictures were often obscure and few in number. It wasn't
universal in every instance, but it was common enough that the expat Americans
such as myself would sometimes talk about "going anonymous" like the Germans
did. When I asked a friend or two about this, the answer was always the same.
Privacy. There was simply a much greater concern over groups that had their
data. (I'm inclined to believe there's a historical basis for this, but it's
just supposition.)

So I think people will be more concerned about privacy when it becomes
important enough for them to do so. And I believe that's not likely to happen
until the evidences of the abuses _against themselves_ becomes too large to
ignore. But the abuses of privacy today are largely unseen and unheard. And so
the culture of being social and sharing is more dominant than the culture of
privacy.

I don't hold developers and engineers directly responsible for ensuring
people's privacy (though they could certainly do more to improve it. Their
business model often relies on people giving up their privacy, true. But as
Facebook stated long ago, "the information users provide is voluntary." Users
do not seem to mind volunteering.

~~~
lnanek2
China is considerably different as well. My completely non-techie first wife
could still quite easily use VPNs and knew what they did, for example. If you
are in a culture where the government interferes with network access,
constantly watches what you do, censors you, and sometimes even confiscates
property, then the work arounds become much more common place knowledge.

------
tbking
Irony: Blogging about data ownership and hosting the blog on medium.

------
sorenstoutner
I agree with the general premise of the article that software developers need
to focus more on privacy, something that neither large corporations nor closed
source programs are likely to do. A few years ago I became so frustrated with
the privacy behavior of the major browsers, which treat users like a commodity
to be sold to advertisers and corporations with large internet presences, that
I developed Privacy Browser. Currently it is only available for Android,
although future development will bring it to other platforms.

[https://www.stoutner.com/privacy-browser/](https://www.stoutner.com/privacy-
browser/)

Regarding the article being published on Medium.com, I think it is ironic that
anyone with strong privacy views would use a platform that requires accepting
third-party cookies to create an account or post a comment.

------
facepalm
There seem to be many privacy solutions, but little adoption. Sorry, but I
have to blame the consumers, not developers. I am actually amazed at how much
manpower is being poured into doomed privacy projects. Like how many encrypted
messenger apps are there, that never stand a chance against WhatsApp and
Facebook?

~~~
Joeboy
I'm not sure you can really _blame_ the consumers. All products claim to be
"secure", and consumers have no way of knowing what is and isn't secure. Plus
of course security isn't a binary and all security solutions have problems of
one kind or another, which makes things extra-confusing.

~~~
facepalm
But how can you change the situation, if consumers don't care enough to
educate themselves? A government decree wouldn't help in this case, as
governments can't be trusted with protecting privacy.

~~~
Joeboy
Since you ask, I think a neglected part of the solution might lie in getting
businesses to communicate securely. Unlike individuals, businesses actually
care quite a lot if their data leaks.

I think maybe people have wasted a lot of time trying to peddle crypto to
hippies and politicos, when lawyers and insurance companies might have been a
more receptive audience. The only way PGP was ever going to get any adoption
was if people feared getting fired for sending unencrypted private info.

And of course once there's a critical mass of people who know what a private
key is due to their work, it's a smaller step to get individuals to encrypt
things voluntarily.

~~~
794CD01
>businesses actually care quite a lot if their data leaks.

How are you coming to that conclusion? Companies may say they take security
seriously and they want to avoid becoming the next Sony or Home Depot, but how
many actually allocate resources accordingly? It's much more efficient to just
issue a press release and offer to pay for credit monitoring services that
virtually nobody will actually use.

~~~
Joeboy
To be fair this is HN and that's undoubtedly true of most startups. But from
my experience large, established, boring companies spend a lot of money on
covering themselves against this sort of thing. Or at least on CYA security
rituals. If they have money to spend on security theatre, why not try to sell
them something that actually works?

~~~
794CD01
I would speculate that it's because they are more concerned with checking
boxes for their auditors or insurers than they are about the actual data. As
for convincing the KPMGs of the world to take security seriously instead of
calling for security theater, well, "It is difficult to get a man to
understand something, when his salary depends upon his not understanding it".

------
bicknergseng
> The difference between reading and managing servers is childhood.

That analogy is crap. Is the difference between reading and launching people
into space childhood, too? We don't blame authors for kids who can't read any
more than you can solve technical illiteracy by bludgeoning software authors.
Can we help? Yes, certainly (and check out [https://www.cs-
first.com/en/home](https://www.cs-first.com/en/home) if you haven't). But
throwing shade isn't going to magically make an entire class of folks learn
something they don't care about.

------
alxmdev
If anyone else is curious about the cool title artwork, the artist is Josan
Gonzalez and you can find more here: [https://www.neondystopia.com/cyberpunk-
art-photography/the-f...](https://www.neondystopia.com/cyberpunk-art-
photography/the-future-is-now-an-interview-with-josan-gonzalez/)

------
ComodoHacker
>In a hundred years, advanced tech savviness by all individuals will be as
standard as reading.

That's _a bit_ too optimistic.

------
dsschnau
This dude is 100% right. Every developer I've worked with ever gives zero
fucks about privacy. This is one change that has to happen with us, because
you're damn right users aren't going to care.

------
cuillevel3
Tell that to my manager?

