

Some Thoughts on Online Privacy - jsherry
http://www.avc.com/a_vc/2012/03/some-thoughts-on-online-privacy.html

======
jcr
It's worth noting how Fred Wilson is in a very precarious position to be
advocating privacy since he is invested in many companies that profit from
invading privacy. It's great to see him advocating improvements to privacy
even though _ensuring_ privacy by technical means is undoubtedly against his
personal best interests.

It is entirely feasible to build a web browser which ensures privacy, but it
would come at a steep cost. If you disable the "REFERER" [SIC] sent by the
browser, a lot of sites break. If you disable the "USER_AGENT" sent by the
browser, a lot of sites break. If you disable "COOKIES" in the browser, a lot
of sites break. If you disable "FLASH" in the browser, a lot of sites break.
If you disable "JAVASCRIPT" in the browser, a lot of sites break. If you
require PROXIES or Onion Routing, a lot of sites break.

With mobile devices, disabling GPS/Signal location, network access, address
book, and many other features will break a lot of sites/apps/services.

I'm sure you can see the pattern.

The tough question is, would you use a browser/system that intentionally broke
most of the web/Internet to ensure your privacy?

Do you want to be the person fielding support calls from your mom when some
company on the `net insists on having privacy invading misfeatures enabled?

The most "ambitious startup" might be in trying to fix the privacy and
security problems of the existing Internet by refusing to support the
regularly misused misfeatures, but the resulting loss of functionality and
compatibility might be too much to bear.

> We should be careful not to undercut the economic underpinning of the
> Internet in our attempts to regulate online privacy.

Whether regulated by new laws or prevented by technical means, you would not
eradicate the economic underpinnings, instead, the underpinnings would simply
change. For example, people would still pay Google to display advertising
along with search results even if it was impossible to do user-identifiable
profiling. The untargeted advertising might be less effective than targeted
advertising, but it would still be far more effective than no advertising at
all.

~~~
jsherry
Mind mentioning some of the "many companies" that USV invests in that "profit
from invading privacy"? Perhaps you're right, but that's a serious accusation
without some backup. Aside from Zynga who has definitely had their fair share
of well deserved criticism in the past (but has since cleaned up their act),
what are the others?

~~~
jcr
I don't consider it a serious accusation at all, or even a significant
criticism. It's merely just a statement of the obvious, namely, the currently
used tech/standards. A more fair question would be, "Which of the USV funded
ventures refuse to use commonly abused technologies like cookies or
javascript?"

The underlying problems of privacy and security cannot be blamed on Fred
Wilson or any specific company his group has funded, or any specific company
whatsoever. The underlying problems are rooted in the widespread adoption of
tech/standards that can easily be abused. In other words, all of us are to
blame.

The other important part is looking at what we would give up by trying to
abandon the easily abused tech/standards. We would give up far more than just
the usability and compatibility as seen from the user perspective; the
companies on the provider perspective would have to give up existing
investments, profit centers, and competitive advantages by refusing to support
easily abused tech/standards.

If some undefined "critical mass" of users started only using tech that
prevented privacy and security vulnerabilities, the companies providing
services would be forced to adapt. From the other side, companies would not
willingly give up their investments, profit centers, and competitive
advantages just to be nice to users. In fact, most companies would try to
thwart the adoption of software (browsers) designed to prevent abuses by
requiring users to use something else. This is already the case with many
sites since the sites are unusable without easily abused features enabled.

Pointing a finger a Zynga, or Facebook, or some other company is entirely
unfair; they are just trying to compete and profit in the current situation.
Even everyone's favorite non-profit Internet darling, wikipedia, can break if
you fail to send it an acceptable USER_AGENT string (specifically wikipedia
search).

I've had the displeasure of explaining to my mom why the FLASH videos on her
favorite recipe site don't work on her iPad. Of course, this is due to Apple
simply deciding to not support FLASH on their iOS devices. Some video sites
have adjusted to the change, for example YouTube, but others refuse to adapt
and require people to use something else to access their sites. It has been
interesting to see how this user-based change pushes other companies to adapt,
and to some degree, it seems to be working.

If you think about all the investments in FLASH that need to be abandoned in
order to support the iPad users, it's a staggering number, but in the long
run, it might be for the best. Similar might also be true for other easily
abused tech/standards, and it seems a whole lot better than letting clueless
people create new laws about it.

------
droithomme
Historically, privacy bills that get passed tend to be anti-privacy bills. The
Medical Privacy Act gave your doctor permission to sell all your private
medical data to marketers. The change is I now am forced to sign a privacy
release that states I accept that they will sell my private data, and if I
refuse to sign it, they refuse to provide medical services.

Any new bill about internet privacy in the US will be the same way. Lobbyists
will make sure the name is orwellian doublespeak. It's not a coincidence that
we see anti-privacy people like Wilson advocating for what will soon be a bill
their people have carefully constructed in order to give them free reign to do
as they please.

