Hacker News new | comments | ask | show | jobs | submit login
If You're Not Paranoid, You're Crazy (theatlantic.com)
209 points by ForHackernews on Oct 13, 2015 | hide | past | web | favorite | 124 comments

>I’d driven to meet a friend at an art gallery in Hollywood, my first visit to a gallery in years. The next morning, in my inbox, several spam e-mails urged me to invest in art. That was an easy one to figure out: I’d typed the name of the gallery into Google Maps.

I don't see how the author makes the connection here.

How does searching for an art gallery on Google Maps translate into spam emails? Is he accusing Google of selling your email address and search information to spammers?

You really have no idea how bad it is man. The shit I've seen through all of my data analysis contracts at different startups have showed me how the process (sorta) works.

The tech companies just need to connect one little "key" and they've got the query. The cost of being wrong is low, so there is almost no Type II error. Every consumer website out there has some sort of bloatware / spyware tracking pixel or ad network or analytics pack. They record the headers, the fonts, etc. They make a statistical fingerprint that is very tight.

For the Google Maps example I can think of 10 different ways that the user profile leaked ranging from a single installed key logger (virus), to a toolbar, to his clicking on the website.

"But how could they know it is him or his email?"

There are tons of tricks they use. Just log onto a single social network, bam. There was also a time that you could put down a LinkedIn iFrame to have:

    "Zach Aysan" has looked at your profile.
Sent to your inbox.

Sure the occasional hacker is smart enough to only install a select number of pluggins, and to watch downloaded programs very carefully, and to install HTTPS Everywhere, and to install an ad blocker, and Privacy Badger, and to reinstall the OS every couple months, etc. But there are tons of people running Windows XP which gets hacked so frequently you need to assume people on those systems have viruses.

My point is this: A discussion on whether Google is the one leaking information begs the question. It doesn't matter if it is Google or another party. The question is this:

"Is there a reasonable chance that a non-technical user will have his searches online leaked to a global network of advertisers and INT personal?"

The answer is a resounding yes. My parents were both programmers 30 years ago, and neither of them can trust the devices that they have to not phone home about them.

I don't think you need a spyware or something, nor need to inject something. You don't need to hack your way in, just buy the access to advertiser's trackers.

One day I posted on twitter a link to a movie. 10 minutes later the director's twitter account showed up as "recommended". Interesting..

Furthermore, spam is rarely targeted. If it was, spammers wouldn't need to send hundreds of millions of e-mails. And I doubt it works that fast. You visit some suspicious site one day and the very next you're bombarded with "several spam emails". Lastly, I don't see how legitimate art businesses would tolerate spam. I'm an amateur art collector visiting dozens of art sites for years and I've never received spam.

The guy is obviously talking out of his ass. Which is a shame because he's trying to make a good point.

What if he's using an Android phone? Most third party apps on the Google Play store have access to both your location and accounts.

I even remember seeing back in the day questions with valid answers on stackoverflow about how to get the email associated with a device without requesting the accounts permission, but some other close ones.

I also made the mistake of using a personal account with my first Android phone. I had zero spam on that account. 2 months later I was getting about 10 emails a day. (not targeted though since I didn't live in an very active area)

Successful spammers are absolutely targeting their emails. It's similar to when you search for something on Amazon and then see ads for it on Facebook -- the goal is to put an ad in your inbox (essentially for free) instead of paying for ad impressions.

That’s programmatic advertising. It’s a different beast while very relevant to the context of being continually monitored/profiled. If there's such a thing as targeted spam I've yet to witness it.

It's a fairly common practice now (not the spam, I've gotten spam email clearly triggered by a re-targeting campaign but as far as I know it is not a widespread thing).

The basic pattern is: Get user to trigger re-targeting campaign, use re-targeted ads to read a tracking cookie or browser fingerprint from the user, use that to look up user info in your customer profile database you bought (or bought API access to) from a data broker, send targeted email, package up your new piece of customer profile data (Walter Kirn went to an art gallery in Hollywood) for later resale/trade.

The specifics for each step change all the time.

The author wrote this piece in a style where he defaults to paranoia in the face of all coincidences to mirror the subject matter so it was not an accusation. But this one is actually feasible.

> But this one is actually feasible.

Does Google Maps even embed display ads? I don't think there's any way to get a cookie, pixel, etc etc in there for just a query.

It doesn't as far as I know, that's why re-targeting is such a boon to these types of practices. Google Maps searches can trigger re-targeting campaigns, and when they are somewhere else on the web and get a re-targeted ad you might have a change to get that fingerprint/drop that cookie.

Often it's not even the same group doing all these steps either, there are opportunities to buy your way in and/or cash out partway through.

There are no display ads on Google sites like Maps.

He's probably just misremembering.

What probably happened is that Gmail was showing targeted ads based on his searching and he was shocked to see this in his email client, when in fact the two are joined.

It's a very minor point in a big article. I'm not sure it's worth reading too much into.

That minor point has major implications if true, so I definitely think it's worth reading into, at least to decide whether it's correct or not. It's the difference of whether your Google map searches, and possibl\y web searches are contained within Google, or are accessible to others.

If you click a link on Google Maps or Google Search, doesn't the site get the query in their GA or something?

The fact that they are not is the whole basis of targeted advertising.

But that's still Google providing the advertising. In what way is your search history not contained to Google when an advertiser asks Google to display text ads with your content to people that are interested in X, Y and Z?

I can think of a few very expensive ways, but those are also ways in which Google is allowing erosion of their competitive advantage by allowing that information to leak. That, by the way, is why I don't feel particularly paranoid about Google sharing my information everywhere. Google is strongly incentivized to keep it closely guarded so other people can't monetize it in ways that cause Google to lose out.

Google runs display ads, which are bid on by third parties who can use that data to target emails.

So your hypothesis is that Google took the knowledge of the search query and attached some sort of indicator that the user was interested in AA onto the user's personal data (in violation of its own policies for interest-based advertising on sensitive topics). Then, it mapped that user to a cookie (in violation of its own policy towards cookie-user matching). Then it gave a list of cookies associated with alcohol rehab to a 3rd party (also not how any Google systems work, this would be in violation of many internal policies). Then, someone was able to match cookies to email addresses (available, unfortunately, in the shadier black markets of the marketing world, but totally in violation of Google remarketing standards such that the 3rd party would be likely barred, if caught, from all Google systems). Then, the spammer bought the email addresses and sent the emails.

Alternate theory: someone at AA sold an email list to a shady marketer.

You're misremembering the article. The spam emails were claimed to be because of a Google Maps search. The AA link was because an app on the phone (probably Facebook) was mining the address book.

> (in violation of its own policies for interest-based advertising on sensitive topics).

Art galleries are not typically considered sensitive topics.

You'll have to explain how that's supposed to work. Are you saying that google is selling email addresses, that they are allowing people to supply content that they then send, or that the people running the ads are selling the email addresses? The first two I find extremely unlikely, and the third should not be possible, since running an ad does not give you info on who it was delivered to.

How does a display ad allow you to target emails without asking anyone for an email address?

It gets elaborate but you can essentially buy email address -> cookie mappings or make your own. You then sync those cookies with the ad exchange and then they're returned to you with every ad auction for that user.

Please elaborate. What can I read or search for to find out how this works? Is there anywhere I can go buy such data to see it myself?

I used to work for an ad retargeting company. Our advertisers gave us a ton of data that we didn't necessarily want along with pixel data that we did, including email addresses. So if you're logged in to some retailers website and they were retargeting with us, they might either accidentally or deliberately passing us your email address, which would allow us (if we wanted to) to map your email address to your cookie. We see your cookie look at galleries, bam.

Or, more legally, the advertisers could be part of a specific email retargeting campaign where they give us your email addresses, and then we can establish the mapping in a more direct way.

Obviously there must have been more shading goings on in this case, but the principle is the same.

Right, but how did the cookie get associated with a Google search query and then get to the 3rd party who did the shady mapping? That's what wouldn't have happened.

If they clicked through to the art gallery website (from maps/search) and the art gallery was running an ad/tracker network that already knew the user's email from elsewhere, they could put two and two together.

Cookie onboarding services are nothing new. To start, look at a company like LiveRamp. They ask sites that get users to authenticate to login, then you provide them with an anonymous hashed email address of the user which they match with they then use to match against a larger cookie pool. If there's a match, they set another cookie.

This helps solve the issue for advertisers using retargeting where cookies don't have a long shelf life. So they leverage 2nd party data sources to basically set those cookies again for them so they can continue retargeting.

They can also work with vendors to upload their hashed email lists from their CRMs and gain access to the relevant cookies in the pool to market to them.

Onboarding vendors like this tend to pay a CPM rate based on the number of matches they can make with their cookie pool, so really all that matters is that you have a massive number of people authenticating with email addresses.

Here's the other piece of the puzzle. http://marketingland.com/google-email-address-audiences-cust...

Once you have the email addresses(see unshift's comment above) you upload them to Google and then target the addresses with specific ads.

While unsettling, that still doesn't explain the data flow out of Google. Google wants your customized list of email targeting, sure. But they don't want to leak anything proprietary to others to use, such as search history.

Malware/spyware can easily explain that. That's all I can think of.

Yeah, but if you've got that on your computer, you have much more to worry about then your search history being used for marketing, and they've got much more lucrative ways of making money from you. It's a "It rather involved being on the other side of this airtight hatchway"[1] type situation.

1: http://blogs.msdn.com/b/oldnewthing/archive/2006/05/08/59235...

Oh I don't disagree with you at all. I was just thinking of a case where google maps search leads to email spam related to your google maps search and that's all I could think of.

It's just the "Post hoc ergo propter hoc" fallacy. (Possibly also overactive pattern recognition; how many spams does he get about art at times unrelated to gallery visits?) Google does not sell such personal information to spammers (or anyone else).

If you visit non-Google websites, it's technically possible for people to discover relationships and target e-mails (e.g. if you entered your email address on website A and then visited website B, cookies can correlate the visits and, among other things, trigger e-mail; also malware and other privacy leakages), but Google does not use its information in the way alleged.

Disclaimer: I work for Google in privacy engineering, but I'm only speaking for myself based on information Google releases: https://privacy.google.com/#google-information.

Paranoia is a specific thing. It requires irrational, unjustifiable fears and a sense of blame or persecution. You're not "paranoid" if you've changed your behavior in the wake of the Snowden documents or if you're cautious regarding the amount of information you share with third party services and devices.

I'm not being pedantic, I've seen a lot of arguments recently from actual paranoid conspiracy theorists that feel smug in the wake of Snowden. I'd hate to see people start to confuse real paranoia with informed caution.

Good point. But the author probably didn't choose the title. I hear they rarely do at large publications.

Good point but...? I don't understand the point of your comment. If the editors at the large publication chose the title does that assuage some of GP's concern that people will "start to confuse real paranoia with informed caution"? If the editors did chose the title AND the author used the term paranoia five times in the article how does that change GP's concern that people will start to confuse real paranoia with informed caution?

Degree matters, if you make minor changes post Snowden then that's fine. If Snowden is the trigger that causes you to start using tinfoil to block the T-ray's then that's not ok.

Don't be ridiculous. Tin-foil hats amplify exactly the frequencies used by the US government and large multinationals for GPS and mobile phone tracking: https://web.archive.org/web/20100708230258/http://people.csa...

Somewhat ironic and paradoxical http://imgur.com/Z2BIMcw

Better: loaded over HTTPS with mixed content disabled https://imgur.com/DWaNlul It doesn't load anything over HTTP, and looks just fine in Reader mode.

And all the tracking cookies - http://s13.postimg.org/64047bamv/track.png

There are better options than to use Ghostery for the same reasons you don't want a private company having a say in your privacy ;)

Don't forget Privacy Badger

You can install an annoyance list that blocks those.

Isn't it more likely that they just load the ads over those "we noticed you're using an ad blocker..." placeholders, so if you block the ads you see the ad blocker message?

I don't know what you mean by more likely. The rule is "theatlantic.com##.blocker-message > .blackbox + .disable" from "Adblock Warning Removal List". It's a default list in uBlock Origin.

I guess it's a list that blocks similar things that are "under" ads and only show when you block ads. Soon, sites will just start adding more stuff to be revealed once you block those. It's an endless pit and no one has a solution.

>It's an endless pit and no one has a solution.

This needs a little bit of tweaking on a per-site basis, but works really well at blocking most things.

  */ Hide most everything that isn't the content. /*
  :not(.main-content) { 
    display: none !important; 
  .main-content > * { 
    display: block !important;
Combined with bookmarklets to disable CSS and strip images: http://pastebin.com/etLwqx5A

I can read content more or less marketing/fluff free. I then add several styles to make things a bit more legible (font size, a specific font I prefer, body width 85%, line height, and less-contrasting colors).

When I have some spare time on a future weekend I plan to find a way to combine all of them into a single Firefox add-on or a one-click-to-do-everything bookmarklet.

Isn't this basically Readability mode in Safari?

Doesn't work on WSJ and similar sites that require a Google UTF to read. I also have a bit more authority and control over things than the limited options of Readability.

(Readability was built into Safari 5 but is a standalone bookmarklet/add-on as well. Was actually a big inspiration for me fixing things how I want them.)

Disable JS. I mapped it to a hotkey when I "need" it (using surf/webkit). Makes the web great again.

Think of how many apps you've installed which request permission to a whole laundry list of phone functions.

"Oh, it's reasonable that this app wants access to my text messages, that way when it sends me a confirmation code it can automatically read it."

"Oh, it's reasonable that this app wants access to my mic, maybe it will implement voice chat in a coming update."

"Oh, it's reasonable that this app wants access to my call history and whatnot, that way it can mute itself or pause itself when I get a phone call."

... oh, I guess it's reasonable that if I text, or talk with my phone nearby, about walnuts I'll start seeing targeted ads for walnuts.

If you publish an app you get a lot of negative feedback if you ask for permissions like those without clearly explaining why you need them.

It's getting better, too: Android's new permission model is more granular, like iOS's.

Which is still silly, because a malicious app will just come up with an innocuous reason why they need them.

Oh, and one of the most invasive, the "Phone state", which includes unique IDs and called/calling numbers, is required by nearly everyone under the guise of "Needed to pause when phone call comes in". Which is either completely moronic (what, Android couldn't have a "getIsUserInCall" function) or just shows how busted it is.

It can help against infoleaks caused by third party advertising packages that app makers include.

It's the same on the web, most web sites aren't exactly malicious, they're just (maybe willingly) oblivious about what badness is in their ads.

But yep I garee it's all pretty busted.

Really? There's no way I would install any of those theoretical apps. Hell, I probably wouldn't install any app that requires mic permissions period.

That's the problem though. It's not about you. It's about the average user who doesn't understand all the implications of actions he/she is asked to take or permissions he/she is asked to give to a third party.

It's not about "us" the HN readers. It's about everyone else, and that's what's scary.

Just because I'm a really good driver doesn't mean I won't get into a car crash.

One feature i really like about cyanogenmod is the ability to revoke most privacy related permissions or deploy a dialog when accessed, asking for permission on a case by case basis.

I think it should have been that way from the beginning forcing app developers to handle cases where some permissions aren't granted. It makes for much better visibility when some data is used and to some degree for what.

The next version of Android ("M") does this.

From what I have read so far the new Android M permissions system is still lacking a lot compared to CyanogenMod's Privacy Guard implementation.

Granular permissions shuts down random app developers, but it does nothing to stop the big league: the carriers, Google, and NSA.

One massive concern is the 'secret' second operating system that every phone carries on the baseband modem: http://www.extremetech.com/computing/170874-the-secret-secon...

It's okay, your friends and those you converse with already have.

> Had merely typing seduction into a search engine marked me as a rascal? Or was the formula more sophisticated? Could it be that my online choices in recent weeks—the travel guide to Berlin that I’d perused, the Porsche convertible I’d priced, the old girlfriend to whom I’d sent a virtual birthday card—indicated longings and frustrations that I was too deep in denial to acknowledge?

While a lot of those examples are true instances of tracking and inference, in some cases I think author is imagining things. People have a scary capability to see patterns and intelligent agents where none exists. It's incredibly easy to cause this.

I'm running a simple IRC bot that "pretends to be human" by means of hand-tailored regular expressions matching input and some witty responses. I can't count the times I tricked people into believing they were talking to human. It's like, write out some simple regexes and you're 90% way to passing a Turing test. People prime and then fool themselves.

So yeah, I'm betting those results in the part I quoted were caused just by "seduction techniques" search. And if he clicked on that Ashley Madison banner, he basically sealed his fate.

The classic story is how Target figures out when women are pregnant by their buying habits. I honestly don't know how true it is but it gets repeated quite often. Sounds fishy to me. http://www.forbes.com/sites/kashmirhill/2012/02/16/how-targe...

That actually sounds perfectly realistic to me. Those are results you expect to have if you did your job right (knowing the girl was pregnant, not pissing off her father in the process).

The fishy part is where the dad goes to Target and demands and apology. I also was unaware that Target sent out targeted coupons.

Yeah, that is probably the least plausible part of the story, but then again, not everyone is a technology-conscious person. My SO used to deal with "general population" on the phone and after hearing weird stories almost every day, I stopped being surprised about people anymore.

There's a discussion of why the story seems iffy here http://www.kdnuggets.com/2014/05/target-predict-teen-pregnan...

Reminds me of poster I saw in dude's house way way back in my stoner days...

"I know I'm paranoid, but am I paranoid enough?"

I like that quote... thanks for sharing. I've also followed that vein of thought since the Snowden leaks.

I was aware of government surveillance before the Snowden leaks. I was always considered a "crazy conspiracy theorist". I didn't have concrete proof, but strong evidence. Looking back, I find it was odd that I was really dismissive of the FBI Spy Planes [0] that I had occasionally heard about. They seemed inefficient and far-fetched and I considered those people to be crazy conspiracy theorists. Woops.

After the Snowden leaks, I stopped being so dismissive of conspiracy theorists. I don't necessarily take them very seriously or believe them - but I don't treat them like they are claiming leprechauns exist. Unless there's a more reasonable or scientific explanation available, such as with "chemtrails". I'm still readily dismissive of that theory... just normal contrails.

[0] http://www.huffingtonpost.com/2015/06/02/fbi-surveillance-fl...

Qu'on me donne six lignes écrites de la main du plus honnête homme, j'y trouverai de quoi le faire pendre. --Cardinal Richelieu

English translation for people who don't understand French:

"If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him."

Which suggests that it's not the surveillance that's the problem, it's that if the decisionmaker is an idiot, there's nothing that can save you (yes, killing people because of politics is total, counterproductive idiocy, even if it doesn't seem as it from within the system).

EDIT: seriously. This quote most definitely doesn't mean people should stop writing out of fear of execution.

It's frustrating how many people are preparing to carefully live in hell, rather than working to head the whole thing off.

I don't know. I'm still not convinced that what most here would consider "heading the whole thing off" would really result in a better world. If, on the other hand, instead of playing around with surveillance we embraced the lack of (expectation of) privacy altogether, went with in full-steam, we could probably get used to it and move forward as a society, reaping the benefits of society-level data analysis.

I'm not sure about this, but I haven't heard that many serious arguments against to offset the potential benefits. I think we either have to go all-in or all-out; hesitation and aiming for middle ground will give too much power to wrong actors while leaving the society powerless.

It is scary for me to know:

#Majority of people post photo of friends on Facebook without understand facial recognition always scans.

#Prefer convenient over privacy, such as Toll Tag on cars.

#Follow trends.

Do you think that paying in cash at the toll booth is any more private? A photo of your license plate is taken at cash toll booths (Northeastern corridor E-ZPass and California Fastrak).

If someone keeps their Twitter handle disambiguated from their personal life, is there a reason why they can't #followallthehashtags?

It is more than that.

most traffic condition on map rely on Toll Tag to measure travel time and speed between points, on normal highway.

Unless you have a detachable tag, otherwise your tag ID will appear on every single major interception, with time, speed between blocks. Most of Tag will ship to your house, and/or auto fill by credit card once the balance is low.

People probably imagine they will be erased after few years, but $sudo happeneds.


> Unless you have a detachable tag, otherwise your tag ID will appear on every single major interception, with time, speed between blocks. Most of Tag will ship to your house, and/or auto fill by credit card once the balance is low.

In principle there's no reason the same thing couldn't happen with license plate readers in all but the most dense of traffic. The tags likely make it easier, but with plate-reader technology it should still be possible to do just using license plates.

They're probably not erased after a few years; these records have already been used for criminal investigations. Considering their utility, I'd be surprised if they were erased.

There are a few cases in the news; here's the first one that popped up on my search engine: https://en.wikipedia.org/wiki/Melanie_McGuire

The DC metro area performs its traffic tracking via old-fashioned cameras, license plate reading, and pressure sensors in the highway.

I don't really know what the linked story has to do with toll RFID tags or automobile tracking; I was expecting some kind of source that supported your claim.

What scares me is how few people take passwords, anti-virus/anti-malware, clean browsing habits, etc. seriously.

Without better end-node security, individuals and the entire internet are always at risk. (I'm primarily looking at you Windows...). In other words, IMO big government and corporate overreach are minor problems compared to the active-assault going on to dominate the non-technical end-user computers.

What scares me more is what little difference strong passwords, 'anti-virus' and clean browsing makes.

I'm thinking about running Wireshark on my machine to analyze the packets to see what is going on. Or, putting a non-switch ethernet hub between my wifi router and my modem to tap in with Wireshark to see if anything else looks fishy. You're right. We should all be paranoid.

I really enjoyed reading this piece, not only for its discussion of privacy, but also for its poetic and reflective language. There's something more than technical about today's surveillance problem, and the author approaches this issue from a philosophical and, at times, almost spiritual angle.

These are the kinds of discussions we need to have more often: not only what's going on and what it means in practical terms, but also how today's surveillance explosion changes who we are and how we relate to ourselves.

If you are a sci-fi fan, an interesting new trilogy to read is the Imperial Radch trilogy by Anne Leckie starting with Ancillary Justice.

One of the interesting themes is that everyone is surveilled totally and intimately down to even their feelings, but it's not the point of the book and the protagonist treats it as totally normal and it's never really discussed nor is there any suggestion it would be better if that wasn't the case.

I really enjoyed the trilogy but as someone who's pro-privacy it was a strange read.

In Jacek Dukaj's "Black Oceans", the portrayed world also has surveillance everywhere that is treated as normal. Moreover, it serves an important social function there - it facilitates insurance claims. If anything happens and it was registered on cameras, victims are determined and reimbursed properly. Conversely, you can opt out of the surveillance and e.g. have a camera-free zone in your home or conduct your meetings in such - but by doing so, you forefit the right to get insurance if anything happens to you while you're outside monitoring range.

I still don't quite comprehend why people feel personally bothered by such things. Yes, it is better for society to have safeguards in place to prevent certain kinds of surveillance as a check on governmental and corporate power – and we need to fight for this – but some data about you stored on some servers, a targeted advertisement? What exactly is the immediate personal threat?

If the data exists, there is a way to get it, theoretically. We're so far from a provably "secure" anything, that is, a complete chain, that until we have that, why risk it? "Some servers" can be collated before you can say "fascist takeover". And while this might seem like fear mongering, considering that the "benefit" is advertising, well, I personally think even a slim risk for a grave occurance outweighs that, and that advertisement in the way it's employed most of the time is a problem we should solve, not "improve". Talking about free markets with one side of the mouth, while constantly seeking to badger and influence people is the same abomination as it was when it was invented, no matter how used to it people get. Though personally, I'm for a social solution: total boycott of those who advertise that way, turning ad-block off to make black lists for shopping. I know it's a pipe dream, but it's mine.

I think this downplays the panoply of great things that advertising-based business models have made possible, not to mention that actual function of advertising in society. Why risk it? Because the risk is worth taking, unless you'd like to dismantle all television networks, newspapers, magazines, Google, Facebook, and put a huge dent in the earnings of every company that gets a return on its advertising investment. Sounds like economic collapse to me.

> not to mention that actual function of advertising in society.

Which is? Are you denying manipulation being an objective?

> unless you'd like to dismantle all television networks, newspapers, magazines, Google, Facebook, and put a huge dent in the earnings of every company that gets a return on its advertising investment

I said "advertisement in the way it's employed most of the time". Admittedly this is vague, and I've have to think more about it to be precise, but I didn't say "advertisting, period" on purpose, because I do acknowledge the general idea to get honest information out to potential customers. But let's not use that as a fig leaf.

Television, newspapers and magazines get destroyed and become destructive anyway to the degree they are beholden to advertisers. It might reduce the variety of products peddling the same things worded slightly differently, but since there IS a demand for information and entertainment, the remaining ones providing value might be able to live from, you know, getting paid for the work they do by the people they do it for. Are you for example saying there have been no newspapers in the US before 1840? ( http://library.duke.edu/digitalcollections/eaa/timeline/ )

And Google and Facebook are so new, my response is "maybe, so what?" You're talking about a business model, not technology. Besides, I think the web really needs to ponder some form of micropayments or subscriptions again, either way. Advertisement allows the situation that there are readers for something, but no advertisers. So in a way it's a middleman, that often enough is as manipulative as it can get away with. It's not a sustainable situation IMHO.

> put a huge dent in the earnings of every company that gets a return on its advertising investment

Again, so? If there is a "huge dent" across the board, it ends up as no dent at all. And maybe it wouldn't be across the board, maybe it would be a huge dent for those who live on manipulation of emotions, people identifying with brands and so on, and a huge boon for those who make the better products...? Who knows?

> Again, so? If there is a "huge dent" across the board, it ends up as no dent at all.

The issue is that there's no way to have a huge dent across the board because we now live in a global economy. Advertising-based businesses would have to be dismantled globally. Frankly, I think this is unrealistic and not really worth speculating about.

In my opinion just knowing that your activities are monitored alters your behavior. Which for me is enough to be seriously concerned...

I think "seriously concerned" is different from "personally bothered". Concern has to do with the situation as a whole and what you might do about it, not i.e. feelings of personal violation, no?

Because ubiquitous surveillance of the entire population of a country changes the behaviour of that population and is oppressive to democratic processes.

If democracy is being subverted through this kind of surveillance then society is in danger. If society is in danger, then you are in danger by extension.

I'm asking: 'why do people feel personally intruded on?' which we could then use to answer the question as you interpreted it: 'why does it change the behavior of the population?'

Well, suppose I decided to be a communist, albeit one that rejects violence. Living in the United States, this would subject one to all sorts of potential problems when dealing with officialdom, even though there's no Constitutional barrier to it, unless you are using very narrow definitions of communism, and even then one could legally amend the Constitution to get around those problems.

It's not that I feel warm to communism, but that I want the liberty to adhere to an unorthodox idea should I encounter a sufficiently compelling on. If there are socioeconomic penalties for the development (not necessarily the expression of or action upon) such unorthodox beliefs, then we're in an era or soft Orwellian thoughtfcrime.

In what way is this threatened under current conditions? It seems your biggest risk would be i.e. compromise of your email account by hackers, not surveillance by intelligence agencies.

I answered your question.

If it changes the population, it directly affects me.

I'm not sure what you're not getting.

If that's your answer, then we also need to answer "why does it change the population?"

What I suspect is that it affects the population via emotional response, which in turn affects you, so you have a kind of second-order response.

Let's go with a harmless example.

Have you ever picked your nose when others are watching? Or is there something innately offputting about doing so? Have you ever tried to "sneak" it when you thought nobody was watching?

What if you always thought someone was watching?

If you won't do something as harmless as picking your nose while being watched - what other human behaviors do you think are affected when people think they are being watched? Maybe they don't want others to know they attend a dance class. Maybe they're embarrassed to buy condoms or other contraceptives. Maybe they don't want others to see them buying medicine they need for an embarrassing medical condition.

It's not about personal threat it's about privacy.

But my point is that still nobody is watching! The idea that there is a "somebody" there is a projection. Google isn't going to make fun of you because you pick your nose.

I have no idea whether this statement is true! Can you provide some justification?

Some people (myself included) find it very invasive. Everyone has different personal "privacy settings."

This is kind of tautological. "We feel this way because we do." Why do you feel that it is invasive? And certainly you're using "invasive" here metaphorically because there isn't actually any coherent entity that is intruding on you.

Paranoid or not, we should develop a healthy skepticism about this in the society. A scary thing to me is that most people don't know about the true capability of information linking/correlating from multiple sources. It's not intuitive for us that you can get seemingly innocuous data and combine them to magically tell one's behavior. These kinds of threats should be systematically studied and made consciously known to the public.

The part about voluntarily giving up confessions reminds me of something similar during the Vietnam war. People would be grouped together and would need to "confess" the allures of capitalism. You could only graduate from the program once you procured enough drama to guarantee you were a comrade.

The Viet Cong learned from the one true master - these torture/coercion methods are copied from Mao's "struggle sessions" where any successful farmers/craftsmen and university graduates were publicly tortured in front of the proletariat until they admitted to any and all crimes (and in a few million cases they were killed anyway, pour encourager les autres).

What does "procured enough drama" mean?

Paranoia can be healthy sometimes

“Sometimes paranoia's just having all the facts.”

– William S. Burroughs

This was not the seniment the community expressed yesterday to me...

I remember your post. I don't think you have any mental health issues, I mean long-standing ones. Your comments recently as well as your original post is in some ways quite cogent. But as I replied to you in that thread (I don't remember my throwaway pwd), the Reddit CO2 poisoning guy also sounded quite fine. He wrote in quite a similar style as you, in the sense that there are no stylistic clues, it sounded well-reasoned.

But you gave HN a lot of information other than the hacking facts - specifically, your exact adderal dosage, and also feeling ill physically.

I initialled replied by asking about who would have a motive to send you that email - but after I saw the linked Reddit article about the CO2 poisoning guy, I decided that it's probably more important for you to lower your adderall usage and make sure you're not physically ill. I mean what are the downsides to not taking so much adderal? None. People specifically pointed out the effects that you describe matching the adderall dosage, and also I think what you said about your family being concerned is a BIG clue. After all, I doubt the author's family (of the Atlantic article in this thread) is concerned about him for writing it (as a point of comparison). So what I mean is that just because you believe you're being hacked doesn't mean you would tell your whole family - their conern doesn't come from the facts, it comes from your behavior. So that to me also said that it is likely that you should get the primary things that might be causing this into check.

All that said, I found the facts you reported to be completely plausible. But, like, so what? The matrix of reward/loss for you looks like this:

There are two questions: are you temporarily ill, and are you being hacked. You now have two choices: explore your possible illness or ignore it. Here is the reward table:

  Expl = explore possibility of illness
          Being hacked?
                   No                          Yes
  Ill?  No  [ Expl.: -30 Ignore: 0      ] [Expl: -30 Ignore: 0]
        Yes [ Expl.: -30 Ignore: -10000 ] [Expl: -30 Ignore: -10000]
If the above boxes are taken in this order: 1 2 3 4

1: You're not being hacked and not ill. Simply mistaken. In this case, exploring illness will take you time and trouble, denoted by -30. If you ignore the possibility of illness (and the possibility of being hacked) you suffer no consequences.

2: In this case you ARE being hacked, and not ill. You're correct about feeling like you're being hacked. In this case, exploring illness possibility takes you the same -30. But if you ignore the possibility of illness, you suffer no negative consequences, EVEN THOUGH you're actively being hacked.

3: This is what happened to C02 guy. He has permanent brain damage now. He was NOT "being hacked" but was very seriously ill. In your story, this is a possibility since you reported physical illness, since your family was worried (even though if you wre genuinely being hacked you would have no reason to share with them, since it would be obvoius to you that it would sound paranoid), and you were taking huge adderal dosage. In addition, you could have some genuine issue like CO2 poisoning - for example is there a fireplace in the place you moved to? Is it ventilated. This is just one possibility, there are many other illnesses you could have contracted in the recent past, or external causes of your feeling.

4: The situation is EXACTLY THE SAME if you actually are under surveillance. if you ignore and don't treat your illness, you are under the exact same risks, even if at the same time your surveillance or being hacked is real. You gain nothing from not exploring the possibility of illness.

Why do I put -10,000 into the illness box?

Because this is what Co2 guy reports (after reddit successfully diagnosed him and his Co2 meter was off the charts): "Likely permanent damage. I can't work. I get confused watching movies. I can't remember anything. I confuse my reflection for a different person." [1] If he hadn't told reddit, today he would very likely be dead.

What happenes if you're being hacked? Nothing. So given the barest glance at the matrix above, it should seem completely obvious that you MUST explore health-related possibilities while completely ignoring the possibility that you're being hacked. You get no benefit from deciding this now, rather than after you're feeling normal.

I very strongly advise you to follow up as everyone suggested!

[1] https://www.reddit.com/r/legaladvice/comments/3iycro/fl_i_am...

People are afraid of what they don't understand. If you just thought of the cloud as a server somewhere instead of a mysterious "ghostly entity", you'd know it's really not as smart as you think it is.

Amazes me that anyone familiar with data online thinks there aren't ways to track and store everyone's internet usage.

In your Web browser, be careful what cookies you are willing to accept.

20+ trackers blocked by Privacy Badger while reading this article.

Actually, this guy is paranoid and crazy. It doesn't mean he isn't right, but by any definition he is both paranoid and crazy.


> this makes you a shithead

This breaks the HN guidelines. We ban accounts that do this. Please post civilly and substantively, or not at all.


Claiming that a flat tire is because you emailed about visiting a datacenter, and that there are invisible black helicopters guarding the datacenter, and spending an entire crazed weekend looking for exactly what you want to see and then deciding that everything you see fits exactly what you were looking for is basically the definition of crazy. He might not be crazy, but what he's describing himself as doing definitely is.

From google:

> Crazy: 1) mentally deranged, especially as manifested in a wild or aggressive way. Extremely annoyed or angry. Foolish. 2)extremely enthusiastic 3) (of an angle) appearing absurdly out of place or in an unlikely position

I have to agree that he does not fit the definition of crazy at least by the text of his article.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact