
Privacy Is Just the First Step, the Goal Is Data Ownership - kaxline
https://thetoolsweneed.com/privacy-is-just-the-first-step-the-goal-is-data-ownership/
======
danShumway
It's been a while since I disagreed this much with a privacy-related article.
It's a good reminder to me that the privacy community is reasonably diverse,
and that different people can advocate for the same policies for very
different reasons.

I advocate for privacy a lot, but my end goal definitely isn't data ownership.
If anything, I'd like to see IP protections start to go in the opposite
direction. I'm not against the idea of copyright as a purely practical
invention, but I certainly don't believe anyone has an intrinsic moral right
to a monopoly on creative or factual information.

So I take some issue with the idea that privacy is just a gateway to something
else. To me, privacy and anonymity _are_ the end goal. There's not a
secondary, deeper issue behind that. I'm not mad that Facebook is making money
off of my information, I'm mad that they were able to get it in the first
place.

This is important, because when you transition to talking about data ownership
as the underlying problem, then you start to lose ground on questions like,
"why is it important that the government not be able to track my GPS location
anytime they like? What was really wrong with programs like PRISM?" Because
Government privacy concerns don't really have anything to do with data
ownership.

~~~
protonimitate
I agree with you.

To me the biggest issue with advocating for data ownership is that it puts the
burden of privacy back on the user. I.e., I shouldn't have to micromanage my
data-foot-print and give or deny explicit access. That just opens the doors
for a barrage of requests levied against the average Joe user with lots of
room for "accidental" approvals (similar to the "this site uses cookies"
popups).

Privacy should not be a chore that the user is tasked with performing every
day. Privacy should be implicit and extensive.

>Because Government privacy concerns don't really have anything to do with
data ownership.

Could you expand on this? I want to agree here too, but I don't think I fully
understand what you're getting at.

~~~
danShumway
_Anything_ is probably too strong a word for me to use here. There's almost
certainly some overlap with stuff like the 4th Amendment. But while you
probably could use property rights as an alternative way to get at some
government abuse, you've changed the overall nature of your argument.

TLDR, privacy is something that's intrinsic to _you_ as a person, and property
is something external that you just happen to have right now.

The typical arguments that are used to defend property rights (including the
arguments that OP uses in this article) are largely centered around economic
harm. In longer conversations this usually ends up being even worse than OP's
apple example because the most direct analogy that gets brought up when
discussing information ownership is copyright, which has a concept of fair
use.

A pretty large component of nearly all existing IP systems is that there is a
somewhat tangible value to information, and when someone takes your
information they are taking that potential value away from you. And OP is
probably right, if you tell an average person that Google is stealing from
them, you will get a bigger reaction than if you tell them that Google is
violating their privacy.

But privacy as I view it is not about economic harm, or even about my right to
control how a piece of information gets used. Privacy is, very roughly, about
my right to _hide_.

Right or wrong, if you go to an average person on the street (or even an
average Congressperson) and tell them that putting all of your phone call
metadata in a database violates your property rights, they're going to
somewhat reasonably say, "that doesn't effect your potential market. It's not
really harming you or preventing you from exercising your property rights. And
if it ever does harm you for some reason, then you can argue it in court
_then_."

But when I talk about PRISM in terms of privacy instead of property, the
arguments I make are more direct. Violating someone's privacy has an
observable chilling effect on freedom of speech and freedom of association
_regardless_ of whether or not future action is taken. In the US, we already
have Supreme Court precedent on the books that a right to anonymity is often
an essential part of exercising freedom of speech. We don't have any similar
precedent that I'm aware of around IP or even general property rights.

Property rights additionally lead to undesirable questions like, "can the
government tax your information?", or "if the government really wants your
information, can it use eminent domain to seize it?", or "If you die, and no
one inherits your information, can the government take it then?"

~~~
kaxline
I sort of agree with this. I'm cynical that the genie can be put back in the
bottle. I also think for a certain crowd whose support you'll need for any
changes along these lines, the term "freedom of speech" has become politicized
too much. I'm not sure it's an ideal that we can still rally around as a
country.

What we seem to be able to rally around is money. And I think once people
realize they're sitting on some real monetary value, they'll be galvanized to
pursue some of the things we hope to get with privacy advocacy.

These are great things to point out and part of why I started this blog. I
knew there were smarter people out there that would think of all the things
I'm not thinking of.

------
imgabe
If I visit a webpage does the fact that I did so belong to me, or the site
owner, or both? Clearly, it's a record of my activity, so it should belong to
me. But it's also a record of the server's activity, which should belong to
the site owner ("Served page X to User at 123.123.123.123 a 4:03 PM EST on
April 3, 2019") I don't see an easy way to make a case that they don't have at
least partial ownership of it.

Location data is a little more clear that it belongs to the user, since you
aren't requesting anything from anyone, they are just collecting it, sometimes
without telling you.

Voice assistants are also complicated. Does the information "Analyzed noise
XXX at such such time - determined it was not the word 'Alexa' " belong to the
company doing the analysis? After all, you bought it and asked it to listen to
you and respond when you said a certain thing.

~~~
JustSomeNobody
If my normal route for lunch is down the street to the hotdog stand to get a
dog and coke, then into the park to read. Do I own that information? If a
friend goes to the hotdog vendor and asks if I'd been by there, when he
replies is he giving away _my_ information or _his_?

~~~
lotsofpulp
It’s not one or the other, both parties have the information, and without a
prior agreement of confidentiality, there isn’t any reason to expect
confidentiality from any party other than common courtesy.

~~~
danShumway
In that case, let's talk about a current privacy problem and see if the model
OP is advocating helps.

One of the ways that Facebook fills out relationship graphs is by reading
contacts. Both I and my brother own the information that we're related to each
other. Both I and my brother own my phone number (I didn't make him sign a
confidentiality agreement when I gave it to him), so outside of the bounds of
common courtesy, I can't force him not to tell anyone else.

So if my brother decides to let Facebook scan his phone contacts, he's just
giving away information that he owns, which is his right to do.

But if information ownership under this model doesn't provide any real
protection to stop one of Facebook's primary data gathering techniques, then
what's the value in it at all? What privacy infringement would this protect me
from? If a store that I walk into could still claim ownership of the fact that
I walked in and track my movements everywhere with facial recognition, and a
website can still log that I visited and track where my mouse moves, and if
they have co-ownership of that information, then they can still sell it to
whomever they want.

A big issue with information ownership is that in order to make it logically
scale, it has to be neutered to the point where it's no longer useful.

~~~
dragonwriter
You know, if you have a conversation with someone (without an NDA, etc.) they
are free to tell anyone about it, but in a number of states they (or anyone
acting with their permission) would not be free to _record_ the conversation
because of all-party consent laws.

I wonder if that's the kind of model that we need to consider expanding into
personal data collection in a number of areas. (And maybe reinforcing with
_separate, affirmative_ consent requirements for some uses; e.g., I've posted
notice and you entered the property may be sufficient consent for video
recording used exclusively for normal security purposes, but perhaps not for
outside sharing, as targeting, etc.)

~~~
nickpsecurity
"but in a number of states they (or anyone acting with their permission) would
not be free to record the conversation because of all-party consent laws."

I'm against that due to the power dynamics in place. I'd rather anyone be able
to record anyone without saying anything. The whole situation, start to
finish, will need to be recorded to make sure they're not cherry picking. I've
found that lots of arrogant, evil people will be too cocky to realize someone
is recording something or even that folks around them are listening. Gives us
a way to deal with more of them. I've known quite a few people that protected
themselves that way.

I haven't seen a strong argument in terms of practical effects for full
disclosure of that. If anything, less people in abusive environments would be
able to prove abuse since abusers would hide it second they know someone is
recording evidence. So, I'm for rolling back those all-party, consent laws
into one-party or no consent. At least for dealing with harms to person
recording. We could require consent before publishing something if no provable
harm was done.

"I wonder if that's the kind of model that we need to consider expanding into
personal data collection"

Interesting. Not sure about that one. I do prefer it for businesses collecting
consumer data given they do most of the abuses. They also have most of the
power in this space.

"reinforcing with separate, affirmative consent requirements for some uses"

They'll mostly just click through the dialogs or whatever. It might still be
good for few it helps. I don't know. This is a security feature that fails the
most unless they already know ahead of time how valuable or important
something is. They already have to want to protect whatever it is. Plus,
sacrifice whatever product/service is being offered to them, esp free. We
could try it to see what happens, though.

------
jerf
I'd say the primary problem with this argument on its own terms is that one of
the natural questions to ask is "OK, then, how much are these companies
stealing from me?" and the answer is roughly "At the upper end, probably on
the order of $10/month". That's going to be hard to build a social movement
around. I could argue that if we were being paid a fair price, it would be
worth more, but that's a chicken & egg problem; until we have such a free
market, we can't really know what will happen with enough confidence to make a
strong argument that we need a market of some sort.

The real problem with all this surveillance isn't the direct impact to me,
it's the impact to society. It merely turns it into a sick joke that my social
order is being upended and social contracts rewritten for an amount of money
I'd happily hand to them to just... not. (I mean, that has it's own issues if
it actually came to be, but in its current form, yes, I'd happily pay
$10/month in hard cash for them to just leave me entirely alone.)

In the long term, I'm much more concerned about the fact that knowledge is
power. I don't particularly look forward to the era of "SELECT name,
current_location FROM citizens WHERE dissidence_level >= .6 ORDER BY
dissidence_level DESC". But until that _happens_ , to a much greater extent
than it has, and it visibly manifests in the real world, it's going to be hard
to get people to care, until it happens and it's too late.

What really scares me is idea that the reason why it hasn't happened yet is
precisely that the people who want to do that are deliberately waiting until
it would be too late.

~~~
floe
Yes, you hit the nail on the head! The societal impacts have to be considered.
If you rely on each person to rationally decide whether or not to sell 'their
own' data, you'll have a tragedy of the commons situation.

Maybe we will see a health insurance company that costs half as much as the
rest, but to apply you have to give them all your social data and they run
"CREATE TABLE rejected_applicants AS SELECT name, id FROM insurance_applicants
WHERE health_risk_level >= .7".

All the healthy people will rationally sell their data and try to join this
company, and all the other companies will have sicker pools and have to double
their prices. For a person who couldn't get accepted into the cheaper company,
the fact that they can sell their own data is cold comfort.

Privacy harms will always fall disproportionately on the marginalized: the
poor, the sick, dissidents, and minorities. The framework of 'data ownership'
can never make these harms right because it fails to recognize that half the
people selling their data often hurts the other half.

~~~
scarejunba
Enough with the paternalism. Let me use my data as I see fit. It's mine. Not
yours. Stop putting limits on it.

If I want to trade my information for money I should be allowed to.

The problem with you guys is not that your ultimate goal isn't data ownership.
The problem with you is that your ultimate goal is that you own and control
everyone's data. You want to make the rules as to what they can do with it.

~~~
jerf
Are you using your data as you see fit?

By your own choice? Even if the first answer was "yes" (and, to be honest, it
still isn't; if you had control I virtually _guarantee_ that you would choose
to change _something_ about how it is distributed), this answer is certainly
"no". You're not choosing right now. You're having done to you.

If you want to complain about people making choices about what to do with your
data, I can't fathom why you'd file that complaint against someone who wants
to give you vastly more control than you have now.

~~~
icebraining
What do you mean? Sure, currently personal data is being used without much
control by the person. But the GP is not proposing more control, they're
saying people should still not have choice, as that may harm the marginalized.

~~~
floe
I'm not saying that people shouldn't have the choice whether or not to sell
their data - I'm saying that even if they have that choice, it doesn't prevent
many society-wide harms. (Edit: Which implies that we do need to restrict some
uses of large datasets that would cause these harms.)

I'm not sure how you would characterize my position in terms of increasing or
decreasing 'control' or 'choice' \- I find those terms tricky to apply in this
case, so I prefer to apply concrete concepts like 'harm'.

~~~
scarejunba
Harm is not a concrete concept in your characterization. It's pretty non-
concrete and you've demonstrated no manner in which it occurs under the
circumstance, only the possibility of it occurring.

If my friends and I all decide to self-insure as a group and we will pool our
money to do so and we all agree to be covered by our collective-owned policy
only so long as we submit our data in to the group, I want that to be
permissible.

This is us choosing to interact with each other as a freely-associating group.
That's our business. I don't want it restricted because I have lots of
friends.

And I'm sick of people continually taking away my right to use my data with
other people who choose to use their data. There is a societal cost to not
allowing freedom. I'm not game for some Communist-style Committee for Personal
Use of Personal Data Voluntarily Given. Yes, CoPUPeDVoG is not okay.

------
sunshinelackof
Individual ownership of data doesn't solve the problem because there's an
inherently unequal relationship between the data's owner and the data's
consumer. The consumer whether public or private has limited use for an
individual data point and is really interested in the collective sum of
individuals' data. We see this unequal relationship in plenty of other domains
and it always collapses into giving into the demands of the larger entity just
for the privilege to participate.

What really would make more sense is the collective ownership of data. Allow
for data owners the power to form a body to collectively bargain with entities
that want access to their data.

~~~
kaxline
Yes, I've been thinking about this. I still think the focus should be on
individual ownership, because then that individual could opt-in to a bundled
data purchase. Their cut would be small, but maybe it's automated so you get a
lot of small payments without doing anything. I think you need to leave the
door open for an individual's data having stand alone value though, like a
unique mutation in their genes that cures cancer.

~~~
chillacy
How much do most people collect from class action suits they get bundled into?
Vs how much do the lawyers make?

------
p4bl0
It's a relief to see that the top-voted comments already disagree with this
article. I disagree so much however that I need to voice it, I can't just
upvote others. So, here it goes:

Nope, nope nope nope. Personal data property is a _bad_ idea. And it probably
does not come from people who actually care about privacy. It is an
ideological push towards more and more privatization and "free market"
economy.

Think of it for a minute. If personal data protection is based on private
property that you can sell or rent, it means that rich people get a right to
privacy, while others will necessarily rent or sell their data so they can pay
for rent or feed their kids. It means power over personal data belongs with
money. That's not what anyone actually fighting for the right to privacy
actually wants.

Now, people should have _control_ over their personal data, that's a fact. But
control means rights, it does not mean that a notion of property is necessary
(or maybe a loosely derived notion, like something resembling moral rights
[1], in addition to control). It also means regulation of data controllers and
data processors. The fight for actual privacy is not the fight for ownership,
it's the fight for control.

For those who, rightly, think that "control" is a vague term: it was, but it
has been properly defined [2], and more recently formally modeled [3]
(disclaimer: I'm one of the author of the latter article).

[1]
[https://en.m.wikipedia.org/wiki/Moral_rights](https://en.m.wikipedia.org/wiki/Moral_rights)

[2] [https://script-ed.org/article/control-over-personal-data-
tru...](https://script-ed.org/article/control-over-personal-data-true-remedy-
or-fairy-tale/)

[3]
[https://pablo.rauzy.name/research/publications/lemetayer2018...](https://pablo.rauzy.name/research/publications/lemetayer2018capacity.pdf)

------
nobrains
The solution, as I imagine it, is the following:

1\. data for web apps should be stored separate from the servers as the code.

2\. this separate data store should be owned by the user (not the provider of
the web app).

3\. user should be able to point the web app to another datastore if needed.

so, for example, if you user basecamp for project management. basecamp should
be designed so that all data writes happen to a separate database or datafile.
the data that i enter in web app (basecamp) should never be stored on basecamp
servers. at setup i should be asked for a data store location (that I pay for
and manage).

ofcourse, for non-privacy consicous customers, the existing status quo option
can also be provided.

~~~
brisky
Check out blockstack, they solved this in similar way like you described

------
febeling
Thinking out loud here.

This ownership analogy isn't working well, because ownership is a concept
invented for physical things, whereas data can be copied. We can keep it,
_and_ pass it on. We know from copyright how painful it is, to put ownership
on digital "things".

Did data ownership ever work like that in the physical world? Say we see a
person walk by, someplace, at some time: is my sensory impression and memory
like data? Is it a privacy intrusion to remember that later? Tell somebody?
What would be the equivalent online? (Do we have a private "house" online, and
public space?)

~~~
max76
> Did data ownership ever work like that in the physical world?

Insider trading is a crime in which someone takes an action based on data they
had no right to. (Trading on corporate secrets, or data that belongs to the
corporation and not the individual profiting.)

If a student finds a copy of the answers to a test, even if the student finds
the data in a completely legitimate way, it is considered academically
dishonest for the student to take the test after learning this information.

In many games learning certain information is considered cheating. For
example, in Poker it is cheating to know another players cards expect after a
player folds and chooses to show their cards.

Until very recently it was illegal to make a copy of "Happy Birthday" in the
form of a live performance at restaurants in the United States.

Yes, in the real world data has owners and it can be illegal/restricted to
provide copies of the data or to perform certain actions with the data.

~~~
febeling
Nice examples, yes.

I hope I didn't come across as someone from the if-you-don't-have-anything-to-
hide crowd.

I do think your conclusion is a bit quick, though.

> Yes, in the real world data has owners

Things happen in the real world, and people perceive and know it as a
consequence. We came to call some of that data (if recorded with machines I
guess).

We wouldn't think of perceptions in terms of ownership. It just wouldn't work.
We don't have a response for intrusion, e.g. If someone catches us in the act,
there's just no protocol. We often just pretend it didn't happen, and are
embarrassed. You can't unsee it, or punish someone for seeing something
private.

We can throw them out of our house, if they trespass. But if they see you
through the window, what do we do?

My point earlier was only: ownership as an analogy for data is not as helpful
as some think it is.

But if you stick with ownership, you possibly end with making very strict
rules around personally identifiable information (PIN), like in Europe. Some
of that ends in log files, like IPs. I think that is a bit like walking by and
peeking into a shop window. The shop owner might see you too (perception). Why
is that the shoppers protected information? I think it's rigid and comes from
off analogies. That's not to say some data doesn't need to be private.

In the end, when this cultural development is further along the way, we might
have very specific rules. Like with books, and movies, which have fair-use
rules etc.

------
dfgert
Protecting users data is a very hard problem to solve in current tech
landscape. There are enormously profitable business build around this and are
driving significant portion of economy.

Only solution I can see is to build alternative economic model that can thrive
while protecting data, otherwise it would be an uphill battle with all tech
giants that are going after user data for profit.

~~~
hw
This would be great, but for that model to work, the end users themselves
would have to pay to have their data protected, when in principle I think most
people would argue that their privacy should be protected in the first place.

For data protection to work efficiently, there has to be a centralized store
of data that's deemed private, with a way to authorize / deauthorize consumers
of your data. Of course, with centralization, it paints a big red 'hack me'
crosshair.

Privacy is already lost. There are already cameras everywhere, be it personal
home Nest cams, or surveillance cameras inside grocery stores, or street
cameras at traffic lights. The fights now for data protection, IMO, are just
feel-good initiatives that aim to provide a false sense of data privacy. Take
Facebook for example - they've pledged to protect your privacy, offer data
protection tools, a way to export all your data. Before privacy became a huge
thing, I'm pretty sure people felt comfortable putting all their photos and
data in Facebook due to the trust in them being a large enough company that
they should protect your data, right? Same goes with Equifax. Same goes with
banks and credit card processors.

The burden of data privacy and protection lies more towards the end-user than
towards multi-billion dollar companies you entrust your data with. They may
provide the tools, but once your information is out there, it's retrievable
via various means by bad actors. You can keep guns in your home to protect
your family, but if you aren't educated enough to use them properly or if you
leave your doors and windows unlocked, it's not going to help.

Edit: my case in point - Facebook records found in public Amazon cloud servers
[0]

[0]:
[https://www.bloomberg.com/news/articles/2019-04-03/millions-...](https://www.bloomberg.com/news/articles/2019-04-03/millions-
of-facebook-records-found-on-amazon-cloud-servers-ju1hde0w?srnd=premium)

------
dannykwells
This is mostly a convoluted metaphor comparing data to apples. Only a single
line about a mystical "data locker" type object that would store all of our
data in a decentralized way.

~~~
kaxline
Yes, it's imperfect for sure, but I'm trying to get people who don't think
about these things to understand how the thefts is analogous to physical items
we value. Data has its own unique properties so any physical metaphor or
analogy is going to fail pretty quick. Tried to keep it simple to make the
point.

~~~
josinalvo
I applaud your effort, but unfortunately agree with GP. The methaphor really
does not work

~~~
kaxline
Understood. Any alternative ideas?

------
kkomaz
This is exactly what we're trying to solve with debut.
([https://landing.debutapp.social](https://landing.debutapp.social)) The
underlying technology uses blockstack where users own their own data and
information is not stored in a central database.

Beyond data ownership, the future goal is to add a layer of security around
your information through encryption. Only user approved parties could access
your secured data through a private key.

------
PierredeFermat
Most, if not all, arguments on data ownership are arguments by analogy. This
makes them ipso facto invalid. Using that same line of inductive reasoning, we
could argue that we own the trash we generate, and that's not a reductio ad
absurdum.

An encrypted 'digital locker' is a naive and unreal solution, at least until
homomorphic encryption is mature. How would I request data I'm interested in
from people without knowing if they have it in the first place? Issue a
million requests? And if I'm issuing such requests, do people have to pay me
now because it's data that I have generated?

We are agreeing on the terms and policies of all information services we use
and generate data from. It's not like they took us by surprise, except for few
_Analytica_ cases of course. If we follow the data ownership argument, which
has (re)surfaced mostly due to media attention on FB and the likes, such
services will become dysfunctional right away.

Privacy isn't the weak argument, it's just not very well enforced yet mostly
because most people don't care much. Ideally, if a company wants to sell your
data, as part of their ToS/PP, they notify you. If you approve, you get a
share of that sale (basically what Nukleosome is doing). If you don't, they
just move on.

~~~
criddell
> We are agreeing on the terms and policies of all information services we use
> and generate data from.

If only that were true.

~~~
PierredeFermat
How is it not true?

~~~
chillacy
To be charitable, maybe we all click Agree in the same way that we consent to
being searched at the airport: there's no other choice, so it's a begrudging
accept, not an enthusiastic accept.

~~~
PierredeFermat
I didn't claim it's an enthusiastic one. My claim is that all the sudden
"privacy-is-not-enough" arguments make it seem like some breach happened
without our agreement. To use your words, it's almost as if they're
complaining about airport security/searches because we were never very
explicitly warned about it.

If we don't do security checks or don't agree to some ToS, we'll be left out
(of flights or online services). How many people would do that in exchange for
'ownership'?

Also, if you go to a bakery for couple months buying the same bread. Would you
sue the bakery if the seller automatically knew what you're going to get,
after two months of transactions, and wrapped your favorite bread for you with
a smile (not the Amazon smile)? Is that also data you should own and encrypt?

Does your physician need your consent on every visit to unlock your health
information in his brain and be able to follow up?

Imagine that this comment I'm writing here is locked into my very own
encrypted vault and HN needs my consent every time someone wants to read it
(although I used HN to write it!). I cannot imagine how would the discourse
evolve this way.

So justifying 'ownership' as the future solution using invalid argumentation
by analogy isn't solid. A more solid approach is to actually _build_ products
with well-enforced privacy and transparency rather than just theorize about
it. Or even build and experiment with the 'ownership' proposition and see how
would that play out.

~~~
criddell
It's not enough anymore because many people are just learning about how widely
their data is shared around.

For example, most people that use a loyalty card at their grocery store has no
idea that what they buy is being sold to Facebook. People have just discovered
that Facebook is tracking them even if they have never had a Facebook account
and never consented to anything from Facebook. Same goes for Four Square. Not
many people have a Four Square account yet Four Square has built a giant
location data empire. MasterCard is trading your purchase data. The list of
examples like this is long.

There needs to be some regulation around the ownership and use of information
by and about individuals. I don't have a relationship with Four Square so they
shouldn't be allowed to hold any data about me.

~~~
PierredeFermat
I'm not advocating against that, quite the opposite! My work involves solving
exactly this class of problems and good privacy ensures such behavior does not
take place.

What I don't see is how changing the nomenclature to 'ownership' would solve
all of this. It's like calling some statistical models AI models. You see my
point?

------
YeGoblynQueenne
>> Privacy for privacy's sake is a weak argument, and privacy advocates should
abandon it.

But, why? Why is it that "privacy for privacy's sake is a weak argument"?

Why is it so hard to find a way to respect peoples' wishes to avoid doing
things that offend their dignity? What _is_ that great need to spy on everyone
that is so indispensible to the progress of human civilisation that this
strong concern of many people must be brushed aside as "a weak argument", an
irrelevant and obsolete affectation that can just be ignored?

And who is making an argument in the first place? Is anyone arguing for or
against the need for dignity in the last days of one's life? Is anyone arguing
for or against the need to respect bereavement? Arguments exist for and
against the limits of such things, but not their actual need. We _need_ to be
able to live our lives with dignity and worth, else our lives are meaningless,
we are in constant conflict with everyone around us and the peaceful
coexistence and collaboration that supports human societies goes to hell in a
hand cart.

This is what tech companies have to understand: you can't just take a big,
smelly dump on peoples' sensibilities and not face consequences just because
you have "arguments".

------
obelos
The analogy used in this article is too ill-fitting to find compelling. It
does prompt me to wonder to what extent a person's digital traces left upon
the world could be construed as a creative output that they own as a form of
intellectual property, like a form of artistic expression. That analogy too
seems tortured, unless possibly you're Nietzsche. But it seems less ill-suited
than trying to compare one's data traces to a material good.

------
nvahalik
> What we need is a digital locker that encrypts all our data and stores it
> for us.

Or, alternatively, we we need to simply do what people did for ages before us:
buy a couple of hard drives and store this stuff offline. If people want to
come see our photos, we can either grab them and email them over or they can
come review them at our house.

People keep talking the fix for technologies problems is more technology—but
sometimes it's actually _less_ technology.

~~~
kaxline
I agree with you in principle, but then we're giving up the redundancy and
safety offered by multiple data centers. The cost also comes down at cloud
scale so that you're only paying a few dollars a month instead of large up
front purchases.

There's also a technical hurtle for the average person. Are they going to
manually sync all their data from devices every time?

~~~
nvahalik
Somewhat. There are (were?) some companies trying to break into a personal
cloud (WD MyCloud) and I think companies like Buffalo and Synology are making
it a lot easier to spend $500-600 and be able to reasonably protect your data
from pretty much everything but fire (though, you can buy hard drives that
claim fire protection, too).

But at a deeper level, we claim that we want to store and keep all this data
but do we need to? Really? I mean, back before digital photos, I took some
(but not a lot) physical photos. They were dear to me. Still are. But now I
have so many photos that I hardly ever look at them except for maybe a few
that I've explicitly put into albums. A lot of them never get used.

Perhaps even then we don't really need to protect all of it—if it was
important to us then perhaps we really should think about how we'd protect it
just like we'd protect those old photo albums that people leave with during
hurricanes/flooding.

~~~
kaxline
My thinking is that you just don't know what will be important to you in the
future. Those photos probably weren't that important to you when they were
first taken, but now they are. I would advise that everyone store even the
seemingly most trivial piece of data. There could be an algorithm in the
future for which that is the missing key. I trust in our inability to predict
the future more than our ability to predict it.

------
palehose
Every comment submitted here is kept by Y Combinator and they own it in the
same way facebook or "applebook" would own it, except they don't run ads. But
if you were to apply to their accelerator they would use your comments to
determine if they want to accept your business idea so there is definitely
added value to them of your data being surrendered to them freely.

~~~
icebraining
They do run (job) ads for YC companies, there's one in the front page right
now.

------
stackzero
One of the big challenges with data ownership is policing it. If I grant one-
time access to my data to some company, the company can store the data and use
it many times over, potentially distribute it etc.

I can see this working for datasets like website interactions or search
history which companies could pay a subscription for and receive periodic
updates which would be of continued value.

------
warkdarrior
The author mentions at the end that monetization of your own data is the
option offered by data ownership. But I am not sure that there is money to be
made by an individual. Facebook makes about $25 / user / year. Say there are
100 companies willing to buy your data -- would you sell all of your data (out
of your "digital locker") for $2500 / year?

~~~
criddell
> Facebook makes about $25 / user / year.

This feels outrageous to me. They snoop and spy on every move I make online
and off for a measly $25?

~~~
maxwell
The goal is to snoop and spy on every move _everyone_ makes online.

------
pauloppenheim
The article presents an economic model of privacy. While I think that is
important (and part of the argument for the indieweb -
[https://indieweb.org/](https://indieweb.org/) ) there are more arguments to
be made about privacy, including not only the individual, but also collective
harms that the violation of privacy can impact. That argument is challenging
to make, because harm changes depending not only on the individual or group
and their reason to need privacy, but also on the type of information
gathered, and the possible uses of it, which change over time. That kind of
shape-shifting argument is challenging to get across, so I can appreciate
something simpler. However, when I hear the framing of this as "the problem" I
feel nervous, because I hear that as reducing consideration of other
possibilities.

------
SlackwareMan
Well, I have been in the hacker scene since like 1997 and it's ethos has
always been about free information and secondarily about anonymity. Hence,
data as ownership privacy is a no go. What is going to happen is what Julian
Assange outlined in his book "Freedom and the Future of the Internet" lays
out.

The article lays out that even the hackery of the hackers are having a hard
time. I don't know what the hell he is talking about. A hard time like a hard
time in not eating a chocolate cookie of convenience lays out but nothing
more.

Elite hackers will always have privacy and it will not always be glorious. It
is the masses who think the hackers will save them who are delusional.

Annendum :

I think some hackers will pick and choose when to be anonymous and others will
be 100% of the time. I am the former.

Sorry, for the repost I had to edit it for lucidity.

------
SlackwareMan
Well, I have been in the hacker scene since like 1997 and it's ethos has
always been about free information and secondarily about anonymity. Hence,
data as privacy is a no go. What is going to happen is what Julian Assange
outlined in his book "Freedom and the Future of the Internet" lays out.

The article lays out that even the hackery of the hackers are having a hard
time. I don't what the hell he is talking about. A hard time like a hard time
in not eating a chocolate cookie of convenience lays out but nothing more.

Elite hackers will always have privacy and it will not always be glorious. It
is the masses who think the hackers will save them who are delusional.

------
jpollock
We already tried data ownership, and society rejected it.

[https://news.ycombinator.com/item?id=19035834](https://news.ycombinator.com/item?id=19035834)

~~~
pizzazzaro
That was neither "us trying data ownership" or "society rejecting it".

That was tech titans smearing each other with feces, trying to dodge
responsibility for tracking teenagers as if they (companies) were pedophiles
in power.

Besides, Apple? Is almost always on the side of _themselves_ as brokers of
your data.

------
soheil
Ownership is an odd concept to apply to something like data, I don't have a
problem specifically with ownership of data as much as I have a problem with
statements of form applying X to Y where that relationship previously did not
exist. To take it for granted that there should not be a debate about the
possibility and the implications of such relationship and just presume the
existence of it seems odd to me.

------
ajit283
Theoretically, we have all the measures in place the article described. We do
sell our data - simply not for money, but for services, e.g. FB. The digital
locker is actually called data privacy rights. Companies do need to ask you
directly, in form of the privacy policy when you sign up to the services. The
flaws of the current privacy situation lie in the execution in practice. In
theory, everything is fine.

~~~
kaxline
Yes, but there's something about the lack of knowledge on the part of many
software users that makes the consent portion debatable. That, and there's no
other way to pay to use a service that you want to use.

------
fixermark
The Applebook metaphor in the article breaks down because data is infinitely
copyable. It's actually costing less than nothing for this hypothetical
"Applebook" to store (copies of) my apples: if there's a disaster back home
and my orchard is wrecked, I can partially rebuild from the redundant apples
that Applebook has stored. By my calculus, that's a net positive for me.

------
nocturnial
Suppose what everyone is saying is true: "We pay for the services companies
provides us with our data".

Normally, depending in which jurisdiction you're in, you could get your money
back for "bad" service. If someone still wants to use our data as a service
payment, how do you propose we get our data back for bad service?

~~~
scarejunba
You can ask them to delete it.

If you tell me a story and I sing you a song in exchange, neither of us can
"take back" the thing we did for bad service. But we've bartered (and hence
paid for the experience). That's just life. You can't take away an experience.

So you can take away the data but you can't take away the fact that they had
the data.

~~~
nocturnial
> So you can take away the data but you can't take away the fact that they had
> the data.

I know and that's my point why it can't be considered as a payment.

~~~
scarejunba
Most people would consider that payment, actually. The exchange there would be
barter of experiences.

------
edwardr
I agree w/ OP. Using cryptography for privacy and data control is a step in
the right direction and needs some critical mass behind it for broader
adoption.

Shameless plug - that is exactly what Tozny provides. An easy way to have end
to end crypto with a sharing model that keeps data in control of the original
writer.

------
amaradiaga
Data ownership is the goal behind Solid (Inrupt)
[https://solid.mit.edu/](https://solid.mit.edu/) \- project led by Sir Tim
Berners-Lee. From the website: Users should have the freedom to choose where
their data resides and who is allowed to access it.

------
sgt101
poor people will have to sell. rich people won't. poor people will have to
sell cheap.

Anne Frank didn't think that she had anything to hide. Anne Frank didn't have
anything to hide. Anne Frank got killed. Why? Because Anne Frank's parents
disclosed their religion to the Dutch census. The Dutch government was
benevolent, liberal. Bigotry was rare in Holland. Then Nazi's.

This can happen to you. Anne was a child. This can happen to children.

Privacy, for privacy's sake, is one of the strongest arguments that I have
ever come across.

------
SimonWeeks
Hi Keith, have a look at [https://mysafe.io](https://mysafe.io) and
business.mysafe.io We are the first privacy and data protection ecosystem -
With data and infrastructure owned by data subjects. Keen to get your
thoughts.

------
howard941
At the other end of the spectrum and perhaps more pragmatic is Grassland
[https://news.ycombinator.com/item?id=19529921](https://news.ycombinator.com/item?id=19529921)

------
SlackwareMan
Well, I have been in the hacker scene since like 1997 and it's ethos has
always been about free information and secondarily about anonymity. Hence,
data as privacy is a no go. What is going to happen is what Julian Assange
outlined in his book "Freedom and the Future of the Internet" lays out.

The article lays out that even the hackery of the hackers are having a hard
time. I don't know what the hell he is talking about. A hard time like a hard
time in not eating a chocolate cookie of convenience lays out but nothing
more.

Elite hackers will always have privacy and it will not always be glorious. It
is the masses who think the hackers will save them who are delusional.

Annendum :

I think some hackers will pick and choose when to be anonymous and others will
be 100% of the time. I am the former.

Sorry, for the repost I had to edit it for lucidity.

------
icebraining
The Personal Data Ecosystem has been around for about a decade, based on these
concepts: [http://pde.cc/](http://pde.cc/)

------
k__
For some apps remoteStorage could be an interesting solution to this problem.

[https://remotestorage.io](https://remotestorage.io)

~~~
icebraining
Nice, I had forgotten about that. Previous discussion:
[https://news.ycombinator.com/item?id=17297673](https://news.ycombinator.com/item?id=17297673)

------
naringas
digital data is not at all like apples which exists as physical objects. this
issue is far more nunanced.

------
mcrad
No. The "ownership" goal should be within the company. Does Legal own it? Does
so-called Product own it? Does Engineering own it? Data Science? Ad clients?
Without better governance, you will have misuse.

And at some point you have to ask yourself(Zuck), is poor governance on data
ownership a bug or a feature?

------
lanevorockz
Privacy is nothing more that be allowed individuality. What google and
facebook do is to steal your identity and everything that it means to be you.
They can then normalise your personality through algorithms, erasing whatever
is left of you.

------
godelski
I still find it shocking that many people in society quote what originates
from dystopian propaganda. The phrase "You have nothing to fear if you have
nothing to hide." is commonly attributed to Goebbels, because he popularized
it. Though there's an earlier precedent[0], it is also a dystopian reference.
So I think there's something wrong when people are quoting literal Nazi
propaganda, and having that belief ingrained.

[0] [https://english.stackexchange.com/questions/217196/origin-
of...](https://english.stackexchange.com/questions/217196/origin-of-you-have-
nothing-to-fear-if-you-have-nothing-to-hide)

------
mirimir
TFA lost me in the lead:

> As soon as you connect to the internet, there is a vast surveillance
> infrastructure tracking your every move. Even the most hackery of hackers
> have trouble moving in complete anonymity.

> For most of us, however, our brains assume our pre-internet intuitions are
> still accurate. That what we do in our own home stays private until we
> decide otherwise. We feel violated when we discover how much is known about
> our online activity.

I am not -- in an meaningful sense -- a "hacker". I'm a reasonably technical
guy. And I know how to use a bunch of tools. But "hacker"? No way.

So, my first point. Assuming that "what we do in our own home stays private
until we decide otherwise" is foolish. Unless you include implementing strong
OPSEC in "decide otherwise".

And second, you need not be a "hacker" to avoid surveillance. You just need to
learn some OPSEC, and how to use a few simple tools. The core point is never
communicating (saying, writing, imaging, etc) _anything_ without a studied
awareness of who might be observing.

I have a few Internet-facing machines. One is plain-vanilla. Just a box with
basic apps, sitting behind a pfSense firewall. But of course, with no WiFi.
The others, each on its own LAN, run VirtualBox, and host various VMs.

There are some low-security VMs, which reach the Internet through nested VPN
chains. Which are implemented with pfSense VMs as VPN gateways. That's what
Mirimir, and some of his sub-personas, use. They basically just talk about
stuff. And do some consulting work. But nothing at all iffy.

Then there are a bunch of Whonix instances, which reach Tor through those
nested VPN chains. That's where I do whatever interests me, with no concerns
about consequences.

All of these machines are full-disk encrypted. And they're on a UPS, with a
kill switches on my desk, and in the kitchen and bathroom. Although I mainly
focus on being hard to find, I am prepared for discovery.

I'm not prepared, I admit, for sitting in prison, after refusing to reveal
decryption passphrases. I'll probably claim ministroke and memory loss, but
that damn iffy.

And then there's my physical workspace. It's basically a walk-in closet. My
desk faces the door, and there's a wall behind me. There are no windows.

I painted all of the interior surfaces myself, using black EMF-blocking paint
(carbon plus Al dust). For the wall behind me, I applied a series of bright
washes, using custom-mixed colors.

It's locked when I'm not using it. And I live in a multifamily building, in a
very cohesive community. So there's very little chance that adversaries could
secretly plant bugs. They'd need to enroll or compromise one of my neighbors.
That's not impossible, I know. But hey.

Anyway, my point is just that you need to keep in mind, always, that
adversaries are trying to snoop. And act accordingly.

------
thatoneuser
Wow everyone on here defending tech giants owning their personal data. Is this
Facebook trolls working their propaganda?

What exactly do we stand to lose if Facebook can't aggregate data on a level
akin to a hyper advanced dystopiam government? Are we worried out
advertisements will become less funny? Are we worries well be less manipulable
on a mass scale? Are we worried well have options on our tech overlords
instead of being stuck with 4?

Its my data and I should own it. Just like I can't login to Facebooks servers
and take their data. The only thing that separates Facebook from having
privacy and the user is Facebook has billions of dollars of leverage. But hey
if yall like billionaires owning you then let's keep it up - let's not say we
own what's ours. Make the billionaires even stronger.

~~~
syrrim
>Its my data and I should own it.

Then don't give it to them.

>Is this Facebook trolls

I personally don't use facebook, and don't advocate for others to use
facebook. If you do use facebook, then you are accepting the deal they have
offered you.

>What exactly do we stand to lose if Facebook can't aggregate data on a level
akin to a hyper advanced dystopiam government?

This is how facebook makes money, and stronger how they survive as a platform.
If they couldn't do this, then more then likely we would lose facebook. I
personally don't see this as such a huge loss, but apparently you do.

~~~
PeterisP
One of the major complaints about Facebook is their tracking of non-users, of
people who haven't accepted any 'deal' nor given them any data - e.g. Facebook
is known to do matching of non-users full name with phone numbers and other
contact information based on what _other_ people have in their phone contacts,
combined with tracking their visits on third-party websites which embed e.g.
facebook like buttons.

There are ongoing court cases proving such practices, and Facebook insisting
in court that it should be allowed to continue to violate privacy even for
people who, like you, have intentionally chosen to avoid Facebook.

