Hacker News new | comments | show | ask | jobs | submit login
China has wealth of data on what individuals are doing at a micro level (cbc.ca)
292 points by breitling on Jan 12, 2017 | hide | past | web | favorite | 241 comments

This is what comes out of Google allowing apps to read phone IMEI in Android. I have no concrete proof, but the reason why all major Chinese apps snoop after phone IMEI is said to be that the commies have secretly demanded Chinese dotcoms to collect and report phone IMEIs.

For example if you have a 6.0 or later Android, Alibaba app will block you if you disabled the permission to read IMEI or it detects spoofing.


It is easy to see how they also use it for their own purposes: open a new taobao account, search for some items, do factory reset, install taobao and see that you are being shown same stuff you been searching before. This way they also clearly violate Google store rules that prohibit using IMEIs as tracking IDs for marketing purposes. It was reported over so many times, and Google clearly knows of this. I guess, they are afraid of antagonising "the premier Chinese dotcom" or still considering going back to China.

    > Google allowing apps to read
    > phone IMEI in Android
An unpopular sentiment, but this is why I love iOS. I genuinely don't think any of my apps can meaningfully spy on me without my having told them they may. I even get reminders if I've let an app read my location in the background, to check that's what I want to do.

This is exactly why I use iOS over Android on my main phone. With iOS, I only need to trust Apple (approximately). They have a pretty good track record of respecting their users' privacy, and enforcing app vendors to do the same.

With Android, I need to trust a lot more parties, like Google, the hardware vendor, and every app I use to not do something crazy or shady without asking or notifying me first.

Well, I thought the same about Microsoft. Back in the days, Microsoft had a good track record. And you bought the product, they were the biggest software company, etc.

But late Steve Palmer and especially Nadella changed Microsoft completely. Nowadays, the user is the product, Windows 10 spies on you and send keystrokes, audio, install apps and what not to various IP adresses, you cannot deactivate it, ads in startmenu, pre-installed adware apps, etc. And Snowden revaled that Microsoft was the first company to hand over data (Hotmail/Live/Outlook.com). So the trust in Microsoft is gone.

I hope Apple keeps it good track record.

Even though I like Android more, I have to agree that iOS has had a better privacy story.

But even iOS has problems. For example I cannot force apps like Waze or Uber to only use my location while using them, you have to either disable location for them completely, or to allow them to take your location while running in the background.

It's an either/or proposition and the result is that Waze and Uber users do have their location tracked, because the apps are not usable with the location completely disabled and enabling location on demand is too painful. While in traffic, imagine sitting at a red light, wanting to turn on GPS navigation to take you home or something and having to enable location in iOS's settings.

And you may have given them permission, you may know about it, but are you going to stop using Waze and Uber if you don't agree? I think I know the answer for most people. And also, even with your permission, as a matter of fact it's still irresponsible to let them track your location in the background, even if you currently trust those companies.

I don't think iOS is to blame for the binary choice that you get with Uber / Waze. I have some apps which have three choices in the location services settings (Always, While using the app, Never) so it seems like a choice by the developer.

Well Apple could have made the list unmodifiable so that application can't "opt out" of the "while using the app" setting.

That wouldn't achieve much, apps already tend to give rationale for those settings, the apps could just say "If you dont choose Always, we're done here" (they already do that for "Never") and people would just be conditioned to accept Always

The application wouldn't have a way to see that. If you select "When Using" it would just not get any geo info (or even backgrounding time) when not in active use.

But then every app would just go for "Always" in case they ever wanted to change it in the future and we'd all lose.

You misunderstand. The list is for the user to choose, not the app developers. As it is now, Apple allows app developers to disable the middle choice for users, instead of forcing them to support it if the user so chooses.

> As it is now, Apple allows app developers to disable the middle choice for users, instead of forcing them to support it if the user so chooses.

TBF they also allow disabling the final choice, most of my applications (including many built-in applications like Calendar or Maps) only have "never" and "while using the app".

Ah, you mean apps should always have to support the options of "Never", "While using", and "Always" rather than the app specifying which it supports? Sure, makes sense, and I would be on-board with that.

Removing "always" could make sense for an application not needing it, but that aside yes, the "never" and "while using" choices should always be present.

Er… what? The application can't "change it in the future" in the first place.

Uber went from allowing "While using the app" + "Always" to only "Always".

I was perhaps misunderstanding the parent as suggesting that once an app has allowed "While using the app" as a choice, that could never be removed - ie Uber would still have to allow "While using the app" as a choice.

If that was the case, apps might avoid offering the "While using" choice in the first place if they might ever consider the need to remove it, no?

I was suggesting that no application should be allowed to remove "while using" ever, regardless of what they initially offered.

that is the current permutations which an application can provide are:

* no, using, always

* no, using

* no, always

I do not think the latter should be allowed.

I would definitely be on-board with this proposal (or "for one hour, until the end of the day" similar to "Find Friends".)

Allowing "While using the app" to cover ~10 minutes of background work after you switch away from the app would fix the Uber issue - at the expense of creating a whole world of confusion about what "using the app" actually covers.

An alternative would be a temporary grant for an hour / until the end of the day like you have with "Find Friends". But working out the UX and UI logistics of that are beyond my skills.

> For example I cannot force apps like Waze or Uber to only use my location while using them, you have to either disable location for them completely, or to allow them to take your location while running in the background.

What if one quits the app? Then it's no longer in the background and can't track your location, right?

Isn't that good though? It allows competitors to appear with that advantage of having better privacy. I mean, the problem is not the way iOS handles it, it's the way app developers abuse their permissions.

The Uber thing pisses me off, but I've found an easy way around it: Call your cars from city mapper. All the coords get passed along and you're depriving uber of the data they want. Win-win really.

Yeah, those are valid concerns.

The other thing I'd like is incompatibility with password managers being an automatic approval fail for the app store, in particular fields that disable paste for passwords.

This was the primary reason I chose iOS over android.

Not so unpopular...

Historically unpopular :-)

On Android 6.0+ you can deny the READ_PHONE_STATE permission and stop using apps that won't work if you do. A quick search seems to indicate that there is an Alibaba app for iOS. Do you think Apple negotiated that the IMEI isn't required for the iOS version?

Personally I don't trust Android (or the hardware companies that sell Android devices) or iOS but picked an Android 6+ device because in principle I'd rather have an operating system that's more open. AFAIK all the Apple privacy stories have been about US cases so as a non-US person I'm also not sure they'd apply the same standards to me.

> Do you think Apple negotiated that the IMEI isn't required for the iOS version?

Didn't need to negotiate anything, on iOS the IMEI has never been programmatically accessible[0], and other "global identifiers" (UDID, MAC) either weren't ever accessible or were removed afterwards.

You can get an "advertising identifier" which should only be used to hand to ad networks (your application can get banned if you use it otherwise) and a "vendor identifier" which identifies the device to the app vendor only.

[0] via public frameworks, you can get it from the private NetworkController class but that will get your application rejected from the appstore. You're "at risk" if you sideload applications though.

And, BTW, in iOS you can reset the advertising identifier in Settings -> Privacy -> Advertising.

I'm on 7.1.1 and I don't feel like installing the Alibaba app to try this out but when you say it requires the permission to read IMEI is this under the phone permission setting that says "read phone status and identity" or something else?

appears that they put it into that now

Please ELI5; What info about your actions can IMEI info/actions give anyone with access?

I'm not really clear on why it's that much worse than having your phone number; with the right access, the phone number is all you need to track a user across global cell networks anyway.

Though the IMEI should be exposed to a Stingray type device, so you'd be able to track users without access to the cell networks, you'd just have to set up a bunch of radios.

And you wouldn't be able to shake it by swapping SIMs. That said, most users wouldn't bother with changing phone numbers or SIMs.

Also, after paying for or otherwise gaining access to SS7[1], the IMEI may also allow more active types of attack[2].

[1] https://en.wikipedia.org/wiki/Signalling_System_No._7

[2] https://media.ccc.de/v/31c3_-_6249_-_en_-_saal_1_-_201412271...

Tracking people (phones) across apps and services.

And networks. Worldwide.

Many people might not know, in US, credit card transactions/payments are on sale by various sources. There's a very active market for this and some fintech startups are solely based on this kind of data. Since most of our financial life is based on credit card, we are under surveillance at a micro level in a similar situation.

The issue is we not only use 'services', we handle data to the service providers. Data under their custody is usually stored and transferred with less secure protection, like on a thumbdrive or sent by email attachments. I don't see this situation will get any better soon.

The thing in China is that so many trivial daily activities require government-issued ID. Buying a coach/train ticket. Buying a SIM card. Every website/mobile app registration require a mobile phone number, which means any account is easily traceable to your government-issued ID, too.

Hell, even visiting your friend in a hotel requires recording your ID before hotel staff will let you go upstairs (strictly enforced in cheap hotels). Internet cafes' administration system had been linked up to government ID systems more than a decade ago.

This is the Polizeistaat that Hitler could only dream of. It's a whole other level over any credit card surveillance.

When going overseas, all of those are required anyways:

1. The DB wants to see id (that they can verify) for Eurorail passes. The DB or the Belgian rail people require seeing the purchasing CC.

2. Buying a sim in europe requires a passport.

3. Most things you sign up for in the US requires a phone number. Loyalty programs certianly do.

   3.1 Walgreens requires your ID in hand to scan it to verify that you're "over 21" (Really they just want to rip the info)

 4. Hotels require passport details (England, Belgium, Germany, Netherlands, France, carrebian, etc)

1. Yes, I've always had to use my passport with my Eurail passes; though often it's to prove I'm an American who is eligible for the cheaper pass.

2. No, only in certain countries. I've bought SIMs from vending machines in Iceland and Denmark. In Italy the merchant made me seriously promise, I really mean it to send him a photo of my passport as soon as I returned home with my SIM. He gave me his personal gmail address to do so (probably because he certainly didn't want that info going to his work email where it would be obvious he ignored the rules). In Germany, rumor was you basically had to be a German citizen to get a SIM; that turned out to be untrue but I cannot remember if I gave them my (EU but not German) passport. IIRC I could not buy a SIM in Sweden as a non-resident though. UK was no problem to buy a SIM.

3. Yeah, but that's just an identifier. You could use any number, and a different number for every merchant, and nobody would know. Though there was a case of a fireman convicted of arson, partially on evidence of firestarters bought using his wife's Safeway loyalty card number.

4. I can't really ever remember being asked for my passport in the 5 of those 6 countries, but of course it's not unreasonable to be expected to show ID so I cannot say for sure I never produced ID. Though I remember in Poland and I think the Czech Republic they actually hold your passport, which made me very uncomfortable. When you leave the room for the day you swap key for passport, and vice versa on your return. Whether this is government or business policy, I do not know.

> IIRC I could not buy a SIM in Sweden as a non-resident though.

You can definitely buy a SIM-card in Sweden without any kind of identification. However, if it is a SIM-card with a (non prepaid) subscription, THEN you have to ID yourself and be credit worthy (since you can potentially run up a huge bill that is invoiced afterwards).

Right, I'm an idiot. I have a Swedish SIM somewhere. It was Germany I was thinking of (and then, 3mo later, on a subsequent trip, easily bought a SIM anyway). So much misinformation out there -- and I suppose I'm not helping.

It's amazing how hard it is (as a foreigner) to come by solid information on the legal situation around SIM card purchases. It seems every company is different, and the more restrictive ones have an incentive to make it sound like a legal issue rather than a business decision.

This is the wiki you want: http://prepaid-data-sim-card.wikia.com

From June 2017 there will be no extra dataroaming charges in the EU. So you could buy a non-registered SIM card in The Netherlands (you can even buy them at the checkout counter at the supermarket) and use it all over EU member states.

Strange situation...

The world can't wait -- but I'd not call it strange.

I hadn't been to Europe since 2004, and on my subsequent visit in 2011, I just casually told my wife "we'll just buy SIMs at the first country we go to, surely they've sorted out this stupid roaming-when-you-travel-a-few-hundred-miles thing by now." WRONG.

So glad this is coming to an end. I've wasted far too much time and money country-hopping and having to spend 30-90+min in each country trying to get a working mobile phone. Locals probably don't realize how bad it is, but on prepaid plans you often cannot roam in foreign countries at any price. So as absurd it is to pay ATT here in the US $60 for 200mb or whatever insane rate, sometimes I wonder if it's worse to spend $40 per country per SIM card if I'm only there for a few days. Not to mention changing phone numbers constantly, assuming you would like to be reached...

Yeah, it took them long enough all right!

What I meant by "strange" is that European countries differ in their approach to unregistered SIM cards (due to safety/antiterrorism) but now agree on ending insane dataroaming charges. Any safety advantages to mandatory registration when buying a SIM card (IF there are any, which I doubt) are essentially nullified by this deal. A potential terrorist who wants a burner phone can buy a couple of SIM cards here in The Netherlands and take them to Belgium, for instance. European politics at its finest!

There are several providers doing EU-wide roaming already. I use Orange Spain which I've found to be good. If Spain isn't your first port of call you can buy an Orange Spain SIM on ebay. I think Aldi in Germany also does EU-wide roaming, and I've seen ads for others in other countries.

It's not the dataroaming itself, that has been possible for very long. The big deal about the agreement is that phone companies can't charge you extra anymore for dataroaming.

I have an unlimited calls/SMS plan with 11.5GB data a month. It costs me EUR45,-. When I travel 40 miles east from where I live my current data plan is no longer valid, and I have to pay EUR3.49 per 100MB/minutes/SMS. Yes, hundred MB. Not thousand. Those charges are insane!

Depends on where you are.

London just get it at arrivals of Heathrow.

Ireland theres a metro sim shop at arrivals.

Germany: go to your nearest netto

France: just find a shop.. but don't expect to get anything that works.

Carribean.. Never even tried.

  I remember in Poland and I think the Czech Republic they actually hold your passport
Not in the Czech Republic. I've worked in Prague for a year in 2006 and have stayed in lots of hotels through that time. I'm still visiting the city 10 - 12 times a year and usually stay in hotels.

They normally want to see your passport, or id upon check-in, but I never, ever experienced that they kept it after the check-in process.

Countries where I experienced this where mostly in Asia. Like Laos, or Cambodia. Not even in Vietnam they kept my passport after checking in.

> In Germany, rumor was you basically had to be a German citizen to get a SIM; that turned out to be untrue but I cannot remember if I gave them my (EU but not German) passport

From my experience, you do have to have your passport with you when getting a Sim. They usually make a photocopy of it. (This was from O2)

> 1. The DB wants to see id (that they can verify) for Eurorail passes. The DB or the Belgian rail people require seeing the purchasing CC.

Who except students uses Eurorail passes anyway, these days?

2. Buying a sim in europe requires a passport.

No; in Austria and Germany you can (at least at the moment) still buy SIM cards without providing an ID. Germany requires online activation but no one verifies if the address or the name is real.

I did not have to go online to activate my O2 SIM but I did provide a hotel address at purchase time. Of course it did not match any identity documents I had on me.

Some activation step happened when I inserted the SIM but it didn't involve using a computer.

Yeah, as a tourist I was surprised that all hotels ranging from 5 star to small local inns were insistent on having everybody's passport when checking in.

That's part of the law. It's because foreigners need to register with the local police where they are staying. If you stay in a hotel, the hotel does it for you.

This seems to be standard in many Asian countries.

The hotels I stayed at in Spain, France, and Italy made copies of mine.

Chinese hotels are required to purchase computerized ID readers, which are connected to police databases, where all kinds of records are stored. So if you have a history of drug abuse, expect late night urine checks. If you are an protester against illegal land-grabs checking into a hotel in Beijing, expect police and local government staff to show up in a few hours (to take you home or to detention centres without any court involved). In China, every person staying or visiting a hotel room must go through this ID check. In other countries, my experience is that normally they will ask for some sort of ID of one person, even if two or more will use the room.

The key issue is the data is on sale or not or potentially could be sold.

Agencies collecting data is totally fine. No one can avoid it in this world nowadays. Showing IDs seems very old-school. Remember PRISM? As long as one is using a smartphone, they are being tracked every single second.

Showing ID is a reminder that you can't function in society without staying in line. You can't really fall back on dropping out of digital, financial and location tracking no matter where you are.

Sure you can

Care to expand on that?

You need a network of people you can trust, or build some fake lifes, or do a lot of things in parallel of the system. Most of the time all of them together. It's work, but it's possible.

The problem is: it's more work for ordinary people. The systems in place are making it difficult for citizen to exist outside of the system, change it, or express differences. But it doesn't make it as difficult for criminals to be criminals, because those accept destructive consequences of their acts.

> build some fake lifes

How do you plan on doing that if most stores and banks stop accepting cash, and to get a debit or credit card you need to show government ID, which is electronically verified (it has an RSA keypair, signed by the government, stored on its chip).

It becomes impossible.

Most stores don't stop accepting cash right now, and I doubt they will in the future. I know more shops refusing credit cards than ones refusing cash in France.

You can also live without a bank. Several people I know do so. Again it's work, but it's possible.

A lot of the time, people saying it's impossible really are asking "how can I keep my confortable life 'as-is' while going off the grid". THAT is impossible. You can't live your current life, because it depends heavily on the system.

The situation changes depending on country.

In Sweden, not even banks accept cash anymore, and close to no stores. There, it is literally impossible.

Germany and France tend to be a lot more sceptical of new developments, which I’m grateful for.

This is a world humans are building AND sustaining by repeatedly saying yes to it, and it's putting the worst as a cork on the bottle in which the best should asphyxiate. That's just silly; the reasons are silly and the excuses are silly as well.

People claim it's necessary, but they're just parroting someone like the guardian in that Kafka story: it's just talk. Just walk on through while you still live. Until we do, I don't even see a "there" where we are, I just see black and white moving pictures and hear sad music.

There are always security/privacy trade-offs when it comes to applying policies. There are 1.4bn people in China. It has to take a much scalable approach to manage the population to ensure safety for average people and smooth functioning of a society. Especially given there is modern terrorism randomly seeks opportunities. Btw, not every app is interested in tracing you, and quite a few are giving options to email registration . And for Internet cafes, believe it or not, the gov set up ID-link was primarily to forbid children to go to there(most of them skip their classes to play games) since they have to wait till 16 yo to obtain a ID card.

Recording ID for hotel visitors and chef's knife purchases are hardly 'scalable'. And, it's not the apps that are tracing you. It's apps linked with ID that enables not only government surveillance, but surveillance that's as convenient for the government as possible, and for as many governmental agencies as possible.

I've found it interesting that in the press recently, you will usually find some discussion about privacy concerns regarding companies like Facebook/Google, but I very rarely see any mention of the privacy implications of credit card companies and credit bureaus selling customer data.

I'm admittedly not well informed on the subject but I assume this has been going on for decades, are there any consumer privacy laws around this? While I find Google data collection activities worrisome, I at least have some faith in their technical ability to keep that data safe. And unless I'm mistaken Google only sells targeted access but not the actual data which is what the credit card companies and bureaus do.

Typically, this data is not sold attached to an individual, but in aggregate and annonymized to help determine spending patterns, habits, etc.

There is a significant difference between this and extensive government data with your name attached, though I agree it's not great from a privacy perspective.

Typically (as has been said) you can opt out of this sharing.

Indeed, and the effects of this are visible everywhere. In the advertising systems of Google and Facebook, for example, you can target individuals according to their buying patterns - whether they've recently bought furniture, trips overseas, etc. The source of that data is information from credit card transactions.

You can opt out of all data sharing for your accounts in the United States. It's a hassle, but at least you can do it.

How can you check that you have been opted out and government really has no access to your private data? Think of government data stored permanently. Wnen you are opted out it is you who is opted out from access to your data, not the government. If you do not have effective means of control, your privacy most prodably will be abused without you knowing. There was quite a thread here last year about software engineer with a prison record. You simply cannot exercise right to forget. There is no way to get out of the digital prison.

You can't opt out of government tracking. The GP was talking about commercial tracking.

I got no means to check that either. What stops Google from opting me out of my data, but continue to sell or use it in the background?

Do any credit card services not do this? It's really unnerving to see recent purchases when browsing online.

Don't know of anyway to avoid this other than using cash. The speed the sharing takes place is pretty insane as well, I've made purchases of a new brand of X item at my local grocery chain only to have amazon suggest the exact item to me on the same day.

This sounds almost unbelievable. How sure are you that it wasn't suggested for some other reason? And how did they know WHAT you bought, given credit card companies don't get that info?

Agreed, I don't see how that's possible given the strict controls over personally identifiable card purchase data. Somebody would have to be breaking the law.

It's entirely possible they were going off of browsing history + where I bought from, but I've 100% had experiences where I appeared to see retargeted ads for same day purchases in brick and mortar stores. Perhaps they were joining through my credit card number only, which is also associated with my online profile?

Blur by Abine, albeit for online purchases only.

This could also be ad retargeting. You'll often see ads for things you looked at, but did not buy.

This is true. AMEX tried to sell me access to that data. That said, I'm not sure if it goes down to name/card number or if it's aggregate - we never bought it.

So on my statement, you see a random number of transactions for random amount, all from Amazon. I would rarely call it "surveillance at micro level" when you don't even know what I've bought.

Amazon knows what you bought though.

Those who have educated themselves about the Snowden leaks know that countries such as the US and the UK do by no means lag behind China, as far as mass surveillance is concerned.

are the transactions sold with the personal information? xyz bought these things this month. Seems hard to believe, although I'm sure they may do this after anonymizing the user's personal information.

This is exactly why Square exists: Data.

Which companies sell this data?

PNC's privacy policy allows for sharing/marketing use of debit card transaction data: https://www.pnc.com/content/dam/pnc-com/pdf/Privacy%20Policy...

> Now every picture posted, every comment made, every driving infraction could go into a central database to produce a person's 'trustworthiness' score.

How is this China-only ? Can't Facebook do the same ? Can't the government force Facebook, Microsoft, etc to give out all the information that we generate in their networks ? Can't they compute such a "trustworthiness" score and sell it to your (potential) employer ?

Of course they can and they will if they don't already.

I've agreed to countless "license agreements" which I haven't read - I might have given some company my exclusive permission to monitor my every move...

What if your agreement contained a special clause not present in other user's agreements ?

There is absolutely no doubt in my mind that what is going on in China will become the status quo in a lot of other countries and this will accelerate as shit gets tougher due to all the global problems that we now face.

What's even more disappointing is that these surveillance systems are most probably built on top of open source software and libraries - which have been ideologically released in order to increase the user's 'freedom', yet who would have thought ...

Unfortunately the dream of a better, closer, freer world is now passing through a nightmare phase - we've built the perfect tools for crazies to do their crazy thing...

Agreed. There's a technical word for the kind of world we technical folks are helping to build. It's called a "dystopia"

And while it's fun to either wave our arms around and say "But everybody's doing it!" or talking about wild dreams of a better tomorrow, the crap we've created is right here, right now. As a technical person, if you're looking for somebody to blame, there's the mirror.

When I was in the armed forces and you needed something desperately that you did not have, somebody would always say "Well, you'd better grow one"

We technical folks do not have the moral underpinning we need to help there be a brighter tomorrow. We're lacking the social and political theory and the historical grounding to understand what kinds of things might help and what kinds of things might hurt. Instead we just imagine how what we're making might help mankind along. News flash: imagining isn't cutting it any more.

We may not have the tools we need to responsibly create the tech we're creating, but we'd better grow some.

> There's a technical word for the kind of world we technical folks are helping to build. It's called a "dystopia"

Consider e-cash. People would love to implement it, but banking regulation makes it difficult to actually do business through anonymous transactions.

Similarly many privacy-conscious ISP operators want to throw away logs as soon as possible, but regulation forces them to retain data.

Sure, the likes of facebook and google do thrive on gobbling up more data. But others who want to improve privacy are actually actively hampered by politics.

This creates an asymmetric landscape.

You can't forget that there are good reasons for those regulations you mentioned, and getting rid of them isn't necessarily going to create a brighter, better future.

I'm not going to push "terrorism" or "pictures of small children" angle, because people engaging in those actions are very rare. Reality is much more boring - those rules help against run-of-the-mill fraud and abuse, the kind which every other individual business, small and large, would happily do. Nor did those regulations came out of thin air or "imagination" - they're almost always responses to real problems.

That does not change the fact that new regulation usually tends to do little against information-gathering entities or even mandates more of it while there's little regulation strengthening privacy.

The thing is, anonymous cash transactions work. They have for millenia. And yet there are 0 motions to enable them in the digital space and >0 to restrict or abolish them in meatspace. The privacy they enable is practically treated like a historical accident that needs fixing.

Maybe part of the problem is that it's easy to assign monetary value to the law enforcement effort saved if you could just have more surveillance or the additional tax revenue if only every transaction were traceable. But it's a lot harder to put a value on privacy.

> they're almost always responses to real problems.

Problems may be real, but if the solutions fix that problem by creating new problems then it's not obvious that we should actually fix those problems. Maybe some youths setting bus seats on fire a few times a year is a price worth paying to not have surveillance cameras following every step you make.

Just because there are reasons behind those regulations does not mean they are good.

It always comes down to big companies and big gov't.


You get to be a big company by creating something where people voluntarily give you information that big governments have long dreamed of forcing out of people.

An "apolitical" approach to tech is very much supporting the worst of what people would like to do with said tech, as well as the best. I think people should think a lot more about the bad side of what the tech they're creating enables, and decide whether they're actually comfortable with that, and whether there's a way to achieve their goals which enables less harm.

1. Secrets that are widely known don't stay secret for long. Snowden leaked a lot of documents and none of them said the government was doing this already.

2. The data that is out there is _very_ messy. If you have a unique name and you use it as your twitter handle, sure, this is already happening. It's called Klout. But most companies just use it to figure out what image to put on their coupons.

3. I've never heard of employers asking for someones "trustwrothiness score". We as a society get pretty pissy about this type of thing. We've banned IQ tests, and needlessly asking for credit reports / scores. If a metric like this came out in wide use we'd ban it.

4. License agreements are generally unenforcible. You don't get the right to someones car just because you put it in a license agreement. If you could do that there would be lots of scams trying to get old grandpa to install a new photo app to see his grandkids.

5. What is going on in China is overblown in the media. It's not a episode of Black Mirror. The people that are most impacted by it are politically loud young adults online, but the vast, vast majority of Chinese don't worry about it. There are much more important human rights concerns in China that need addressing like freedom of the press.

6. We're not in a nightmare phase, we're in the same phase we've always been in. The telegraph cables were tapped by every major government, the radios listened to, the phones tapped, we even put recording equipment into televisions we sold overseas, our major hotels have always been tapped (or easily tapped given a court order if a foreign national was in town). This has been happening for over a hundred years.

I agree we should know about it (thank you Snowden) and in some cases I don't like it, but the solution isn't to wish it away, it's to use encryption and not say or do stupid things around computers.

> 3. We've banned ... needlessly asking for credit reports / scores.

No, it's perfectly legal for employers to run a credit report on you and make a hiring decision on that basis. You're outright incorrect here.


> 4. License agreements are generally unenforcible.

Good luck proving that in court. Especially when you just also agreed to mandatory binding arbitration instead of a court hearing.

It's not even a situation of you not being able to mount a defense against a billion-dollar corporation, you will literally never have the chance to have a lawyer in the room with you in any sort of hearing.

3. It's banned almost everywhere in the western world except for America. California, Colorado, Connecticut, Delaware, Hawaii, Illinois, Maryland, Nevada, Oregon, Vermont, Washington, and NYC have banned it unless it's needed for the job (i.e. they give you a credit card) and even the states where it is legal it's still not used for non-sensitive positions or responsibilities, and if it started to become widespread there they'd ban it there too.

4. It has been proved in court countless times when the terms have been ruled out of scope. You need to have meeting of the minds in contracts. You cannot unknowingly agree to binding arbitration either. This is just FUD. Show me the court case or the media storm when little Sally lost all her money because she unwittingly agreed to some completely unreasonable ToS. The infringing company would get countersued by an attorney working on commission.

Not that you can't get fucked by the courts and contracts in America, you most certainly can, but not by these unenforceable / unreasonable ToS.

> You cannot unknowingly agree to binding arbitration either.

I'm pretty sure that's not true. Hasn't Wells Fargo managed to use binding arbitration clauses to successfully dodge lawsuits about the accounts they fraudulently opened?


Those contracts are large, rarely read, often use lots of technical jargon, and are subject to being unilaterally changed by the issuing party. Hardly anyone understands everything they're "agreeing" to.

> Secrets that are widely known don't stay secret for long.

From the Carnivore and the big NSA installations in the late 90's to Snowden there were more than 10 years. That may not be "long" on your definition, but isn't something to dismiss.

> We're not in a nightmare phase, we're in the same phase we've always been in.

The current situation is clearly different from those you point. We never had universal surveillance in history, as it only became possible very recently. It's not a "nightmare phase", but it is unprecedentedly and nobody knows where it will lead.

The solution isn't just to use encryption (although yes, using encryption is part of the solution), there's some deep political transformation going on, and any solution will only arrive by mixing technological and social factors.

What about just not saying or doing stupid things at all?

In the EU you can instruct a company to divulge everything it knows about you. Facebook will give it to you on a DVD (or at least they used to).

As an instrument of control and coercion, however, there is a massive difference between a government collecting data and not telling you, and a government collecting the data and telling you they use it to calculate your worth to society. The latter seems utterly tyrannical.

How can you know what the "massive" difference is between the two cases since in the former case you are left in the dark as to what the information is being used for?

Both cases utilize the tools of tyranny, and Facebook has shown they are more than willing to comply with whatever the host nations government wishes, lest they lose profits for their shareholders.

I prefer to know. If intelligence agencies are collecting data of citizens without their knowledge, how can they protest it?

What was noteworthy about Edward Snowden leak was the confirmation of the data collection. He made public something that everybody knew.

China is fascinating.

On one hand...

- China has done better than any other country on Earth at poverty reduction. Chinese policy since Deng Xiaoping lifted hundreds of millions of people out of subsistence poverty. Free markets were a big part of this, but so were Special Economic Zones starting with Shenzhen, a culture of sharing IP, massive govt investments in infrastructure, research and education.

- China are also the most successful urbanists today. Many of those 100s of millions of former rural poor are in cities now. In the time it took California to debate building a single High Speed Rail line from SF to LA, China connected their whole country with trains that are much faster, much more useful (because they go directly into urban centers and connect to fast local transit), and much cheaper. Ours still isn't done.


And yet, at the same time, China also seems to be prototyping some kind of grim meathook future.

- Extremely aggressive surveillance. Near zero respect for privacy. Govt deputizing the tech sector to spy and censor on their behalf.

- Cities with toxic air. Check out this glorious ad in Beijing right now: https://pbs.twimg.com/media/C1JrMsKUAAAopPT.jpg

- A closed, censored alternate internet

- "Social Credit" Scores based on surveillance, which look like a frighteningly powerful way to neuter dissent

China moves faster than we do, both for better and for worse. I guess our challenge is to emulate the things they're doing right (eg the vastly more efficient and effective way they build transit), while stopping our own governments from repeating China's mistakes and acts of authoritarian overreach.

> China has done better than any other country on Earth at poverty reduction

This is only true if you're applying a ludicrous double standard. China has done better than most other countries at this because China was extremely poor just a few decades back. Nowadays, much of China is still very poor. Of course it's much easier for China to slash its poverty rates than for an already-developed nation. The real thing to ask about is how long it will take China to bring a western middle-class style quality of life to its citizens.

Im comparing China to other countries that were similarly poor in 1980-- much of the world, including the second biggest country, India. China did much better than them.

I don't think any other society in history has lifted as many people out of poverty in as short a time.

Why not compare China to countries that were similarly poor in the 1950s? China, Korea, Taiwan were comparable then, but Korea and Taiwan have leaped ahead now due to saner government. If anything how poor China is in PPP GDP per capita terms vs Taiwan/Korea should be taken as an indictment of how terrible the government's been.

Because then, you would have to account for geopolitics. China didn't receive the kind of helicopter money non-communist countries in the area received. China (but also, e.g. Vietnam) also got access to consumer markets much later.

By conscious choice by the Chinese government though. If a government criminalizes capitalism, they can hardly cry foul if countries that don't do that reap enormous rewards from allowing inward capital investment. Especially when China later reaps the same rewards when they do finally allow it.

We're discussing two very differents topics. I'm trying to explain why the chinese or the vietnamese situation is quite different from e.g. the south korean or the japanese situation, which makes it hard to compare them. You on the other hand, are discussing about the fairness, or moral justification of the events I talk about.

These two discussions are completely orthogonal.

Because getting something to happen in a large country is much much harder than in a smaller country. China is literally 20 times the size of Korea AND Taiwan.

To achieve growth in a small country, you can be nimble and find relatively small market opportunities and then exploit them relentlessly. That simply doesn't scale to 1bn+ people.

> To achieve growth in a small country, you can be nimble and find relatively small market opportunities and then exploit them relentlessly. That simply doesn't scale to 1bn+ people.

Economic reality is actually the opposite of what you state. A big country represents a big domestic market - you don't need export niches or even good products, but can just build to service the internal markets, with massive economics of scale - and then muscle your way into foreign markets when all your corporations are 800lbs gorillas.

If Taiwan is wealthier than the PRC, it is not because their economy and population is so tiny - there is another reason...

All countries with the highest GDP per capita are small:


You need to get to Norway before you see a reasonably sized country.

If what you claimed was true, the US would be on top.

If you look only at raw numbers, there are literally two candidates. But if you look at proportions, there's a different story to be told. Chile 1973-2000 comes to mind, or some colonial governments, which, like China, achieved success by replicating strategies already known to work. In fact one of the best examples pf this is Stalin's Russia, and an analysis of this general pattern is given by Paul Krugman in this 1994 article:


Japan 1960-1985 is another good example.

With regard to the authoritarian structure of China, one disease that persistently affects these systems is adverse selection based on cultural evolution, i.e. the populace "learns" to get around the system and it works as long as the system is sufficiently oppressive that most people sympathize with the rule-breakers, see also the War on Drugs and de facto legalization of marijuana in some small towns. The thing about corruption in bureaucratic heir-choosing (Caesarian?) systems is that once corruption gets in there's almost no way to get it out whereas a democracy can rebel

Did American corporations not gift China with a massive amount of free, working out of the box technology to get them going?

Are you referring to surveillance/data processing technology specifically or technological advances in general? If it's general advances, I don't see how it's really relevant. To some extent, similar technologies are available to all countries at this point, so its down to governments and society wrt how productively these technologies are leveraged.

The classic example of this is how landline telephony is much less prevalent than cellular in much of Africa. Landline technology was effectively skipped. I don't think African governments and societies are benefitting at the expense of western cell phone businesses. It's not a zero-sum game in this respect.

No, just that they were more or less a third world country with extremely cheap and hard working labor, I'm under the impression that American (and European, etc) companies went over there and provided equipment and expertise to set up fully functioning manufacturing plants, China had to provide the labor.

It seems fairly unlikely to me that China turned into the manufacturer of the world in such a short period of time without being gifted the skills and technology to do so. And now, companies like Xiamoi can now challenge (or, at least run with) the tech leaders.

Pretty impressive transformation in < 20 years.

"History is like a grandmother; it loves the younger grand-children. To the latecomers it gives not the bones but the marrow, while Western Europe has hurt her fingers badly in her attempts to break the bones."

That seems ignorant of the cumulative advantage that Europe enjoys to this day. If anything it illustrates how technological development is shared on a global scale, allowing anyone to catch up to the latest standard of industrialization if they can find the necessary investment.

This sounds interesting but I don't think I'm catching the full meaning....

Not really... Like US government even banned Intel from selling certain chips to China, and Chinese rocket scientists are somehow not able to attend any conference hosted by NASA (not sure about this one).

> western middle-class style quality

I don't think there is unified western middle-class style quality in every western country. US on average is richer than many european countries, where average wage is around 1k per month, is this middle class or not?

Much of China is still poor. There is also 50-100 million estimated Chinese now can afford modern cozy life(income 16k to 34k dollars per household), whether that is western style(air quality is certainly not :p), I don't know. Both exist, no point using one to deny the other.

Only emphasizing the poor part of China, overlooking the fact there is rising urban population seems like a lot of people are still in denial of the fact China is already a serious competitor in many fields.


China was the world's largest economy before about 1900. They have done an impressive job at screwing that up and then recovering a bit. http://i.dailymail.co.uk/i/pix/2012/06/23/article-2163610-13...

They can never achieve that without political reform that removes collectivism and replaces it with individualism and I'm not even sure that is possible with 1.5 Billion people or whatever they are up to now.

Sorry, but judging by how things are going in western nations, especially in the USA, we're more likely to emulate their "mistakes and authoritarian overreach" before we even break ground on that rail from SF to LA.

Yup, the US is increasingly heading towards the worst of both. We're investing massively in building a police state, while completely neglecting infrastructure and quality of life.

Ground was broken on January 6, 2015, but perhaps your point is still valid.


That is incredibly depressing. Good chance you're right, but that doesnt mean we should give up.

Politics is critical, and as technologists we can't just opt out and hope things will work out. We have to win these fights.

As technologists, we're often the ones implementing and designing the systems, infrastructure and algorithms that make such a thing not only possible, but likely :(

I have witnessed that very thing more times than I like to admit. I fail to understand what, other than sheer greed, motivates tech people to help build these police states. It's going to come back at us in terrible ways. Technology doesn't care whether it kills us all, it is completely value neutral. Only we can make the right choices.

I once worked at a place that was bidding on surveillance tech for some public transit systems in Australia and the cavalier attitude that management had about privacy was sad, to say the least. They just didn't think it was their job at all to decide what is right or make any ethical judgements whatsoever. To them, mass surveillance was merely a way to make a lot of money and that's all. They didn't care who got hurt when that tech eventually makes it to less democratic nations to be used to suppress and destroy the human spirit.

Well, that company went under, but others succeeded.

But we can't really discuss these type of issues at length on HN. It'd be deemed to political.

> before we even break ground on that rail from SF to LA

We already have, here's video of the construction: https://youtu.be/1lsiYkyEW0w

Monthly construction updates: https://www.hsr.ca.gov/buildhsr.html

This is sad. I thought I'd be able to see a map showing green as part of the rail line that was complete or percentage complete. It just has some random project names where there's some work going on. I drive to Fresno every other month and cant wait to ride this, but nothing on the route seems to indicate any urgency to complete this project.

China is very interested in appearing successful. My impression is that they focus on this appearance (building large public projects, making internationally-tracked numbers go up) more than on the human costs involved.

I'd argue that the vastly more efficient and effective way they build transit is possible because of the authoritarian overreach.

It has to be easy to build a new railway when you can just send the police to evict everyone in the way.

I wish at the very least that our tech companies would stop abetting these crimes against humanity. We should be trying to liberate these people, not use tech to forever enslave them. It's sick.

> while stopping our own governments from repeating China's mistakes and acts of authoritarian overreach

But you can't so easily dissentangle the one from the other. A lot of their development is so quick because they ride roughshod over property rights, safety standards, environmental concerns and individual liberties to push them through.

I like the phrase "grim meathook future"

Apparently its origin is https://nullrefer.com/?https://www.jwz.org/blog/2005/09/the-... (which I didn't know). Edit: thanks to people in this thread for pointing out JWZ's anti-HN redirection and a workaround to hide the referer header.

...and with an earlier partial origin from Hunter S. Thompson, with "reality" predating "future":


copy the link and open it in an incognito tab - apparently the web host really doesn't like Hacker News and redirects the link to a NSFW image.

I tried presenting the bit.ly link as HTTPS to avoid making the link use HTTP.

I initially posted the bit.ly link thinking it would strip the referrer but then when I tested it I was still getting the imgur page so I looked for something else.

Regardless I almost don't want to give someone traffic who does obnoxious things based on http headers.

Thanks for the revised link; I've edited my comment to use it.

Edit: there's some irony in the way the post on that page criticizes someone for making the contents of a URL unstable ("because he doesn't know what the 'U' stands for") while the page itself displays deliberately different contents depending on how people found it.

It has a cyberpunk ring to it.

Oracle maintains a database of personal information for billions of people.

The US corporate surveillance web is rich in complexity.

Before we judge China, lets make sure we know what we're comparing them to.

I highly encourage anyone interested in the subject to watch this talk from last month's Chaos Computer Club Congress.

"Corporate surveillance, digital tracking, big data & privacy: How thousands of companies are profiling, categorizing, rating and affecting the lives of billions"



You say the Chinese system is sinister because they force you to use ID cards. In the US corporate surveillance system, they can track you without ID cards.

The concerns about US/Western surveillance is that it could lead to routine direct abuses and active intrusions into daily life. It's important that we use the political and legal protections we have to limit the risks this raises.

In China they have routine direct abuses and intrusion into daily life right now and are expanding it as fast as they can. There are no legal protections and the risks are already happening.

If you can't see there's a difference there, I can't help you.

I'm not sure what sort of legal protections you think Americans have, as it would seem that any 3-letter agency can get an order to force private companies to hand over any data they have about any number of individuals based on the rubber stamp of a secret court which forces the company to stay silent about the activity. I'm absolutely certain that the NSA has precisely the same granularity of data on US citizens as described in this article. The US government is just smarter about hiding that fact, lest there be a second revolution. Another decade or so, and it will be so prevalent everywhere else that they'll start operating in the open, just like the Chinese.

>The concerns about US/Western surveillance is that it could lead to routine direct abuses

Curious use of the word "could", as it seems to imply such abuses have not already occurred and been exposed without legal recourse.

I would say that forcing someone to use an universal ID provides a way stronger and more reliable form of tracking, than a wibbly wobbly system which needs thousands of marketing companies which maybe fulfill their corporate promises and maybe not.

"wibbly wobbly system which needs thousands of marketing companies which maybe fulfill their corporate promise"

I am afraid that's not how it works. This is not how the government tracks you. The mirror all traffic going brought your internet service provider, that's it. Then it's just a google search to see what websites you have visited.


Government ID or not, you are being tracked quite easily by the government.

Yup. Here's the thing too. When people troll online, they think hiding behind an alias is enough. You can still be traced back. I am sure the government keep tabs of all your history, even if you are not a person of interest at the moment.

What a silly article: "download the controls to the private sector" indeed. The government already owns the telcos, half the banks, the only domestic interbank transfer system and the only domestic travel reservation system so they have your IMEI, real time location and history, network traffic, bank balance and payment and employment history and travel plans anyway. And that of your friends/relatives. They certainly don't need help from an app. That said, after 16 years in and out of China, I still feel safer here than the US.

What a silly comment, complete with the mandatory "it's worse in the US" passage that mysteriously appears in half of the comments to China-related articles on HN.

Yes, the governments owns telcos etc. Yes, they probably have files on people they consider a threat, such as human rights activists. But to think that all that data is accessible in some kind of coherent manner is ridiculous. This is China, where banks cannot even access information between physical branches of the same bank because of its bizarrely inefficient IT infrastructure. The telcos have been trying to enforce the "real-name" policy for SIM cards for months, yet you can still easily buy and use a SIM card on the street.

They definitely need help from an app, because private Chinese tech companies are somewhat competent compared to the government IT sector.

Do you really feel safer in a country where you can get jailed without trial, where you can jailed, deported and banned from re-entry based on a urine test at the whim of some provincial government official that you crossed paths with? In China, the biggest threat is the government.

> Do you really feel safer in a country where you can get jailed without trial, where you can jailed, deported and banned from re-entry based on a urine test at the whim of some provincial government official that you crossed paths with? In China, the biggest threat is the government.

Being foreign to both countries, the difference is not obvious. Formally, this could happen to me in both countries. Even culturally, the "They only do it on strangers, so that's fine" argument before and during the Snowden files makes me doubt of the support I would get as a foreigner (and I'm on the good side of being a foreigner, not being a visible foreigner).

> Do you really feel safer in a country where you can get jailed without trial, where you can jailed, deported and banned from re-entry based on a urine test at the whim of some provincial government official that you crossed paths with?

I've never been to China, but I legitimately can't tell which country you are talking about based on that sentence.

Safer? I guess that Great Firewall does work: https://en.wikipedia.org/wiki/Tiananmen_Square_protests_of_1...

It is indeed safer (in term of murder rate at least). I'm not saying that the safety is achieved by the right method though. https://en.wikipedia.org/wiki/List_of_countries_by_intention...

Oh come on. 16 years is modern China not Maoist China.

1989 is also modern China ruled by Deng Xiaoping and in no way Maoist China.

If we judge them by their history and by their results, the image changes quite a bit. They were on the verge of a major economic breakthrough and they needed political stability. Also, historically political instability in China lead to millions of people dieing.

I don't approve of their actions, they reacted way too late and were too violent. A faster intervention, something like mass arrests (+ releases after everyone cooled down) would have probably been the best compromise.

It's easy to judge them from outside.

> It's easy to judge them from outside.

To be fair, isn't that the only way to judge this? China forbids discussion of the Tiananmen Square protests and censors informations, younger generations aren't even aware of it.

Nah... I live in China, and have just graduated from high school. There isn't a single person who doesn't know about the 64 protest. (but I am from one of those "elite high schools" so this may not tell much about the whole population). Few really care about it though, like (I imagine) few teens in US really care about the gulf war or the Vietnam war.

>That said, after 16 years in and out of China, I still feel safer here than the US.

Can you elaborate on why is it?

Physically: Fights are rare, guns are extremely rare, even if a disagreement turns loud and verbal it usually works out without police involvement. Cars: lots of 'em, but they don't move fast so the roads tend to be friendlier to pedestrians and cyclists. Medical care doesn't have overheads so high as to result in triple-mortgages and suicide watch.

Socially: Urban environments tend to offer more of a sense of community than I've personally experienced in many other countries. People have your back by default against pretty much anything.

Legally: Because the courts are highly backed up and trust in fair outcomes within legal system is still murky, litigation is rare.


Fights are very common, especially in the north-east. Foreigners are often assaulted for being foreigners. Last year, a foreigner-Chinese couple was attacked by a sword-wielding man for being a foreigner-Chinese couple in one of the busiest areas of Beijing, rife with police. The woman died [1].

Roads are very friendly to pedestrians indeed, where the driver will most likely try to run you over again to kill you so they won't have to pay medical fees [2].

Medical care is entirely commercial, and you won't even be attended to by a nurse until you wait in line and pay your bill. Some reference regarding medical care is here [3]. Additionally, health workers are often incompetent, don't follow hygiene requirements, etc. There is anecdotal evidence that the entry barrier to becoming a nurse is purchasing a nursing certificate online. And let's not forget how a government-supported healthcare program gave AIDS to hundreds of thousands of people less than 20 years ago [4].

Urban environments are polluted, grey and soulless, and cities are almost undistinguishable from one another besides the pollution level varying from "high" to "hazardous". I'm not going even to start about the legal system, since it is doesn't exist. Whoever knows the judge wins the case (it's never the foreigner).

[1] https://thenanfang.com/woman-stabbed-sanlitun-man-sword-grap...

[2] http://www.slate.com/articles/news_and_politics/foreigners/2...

[3] http://fortune.com/2016/07/10/china-healthcare-costs-debt/

[4] https://www.theguardian.com/world/2001/jun/11/china.internat...


Citing one anecdote does not change the facts: China and HK have about the same homicide rate as Germany (namely less than 1 per 100,000 per year), that's about a quarter of the US rate.

As for healthcare, if I were to get seriously ill, I would frankly not want to be in mainland China or the US. Similarly for litigation, in fact.

Lamentably, while Chinese used to be rather friendly and curious towards foreigners, now one observes more incidents of parochial, jingoistic hostility.

All in all, though, I agree with GP's assessment: As long as you keep out of politics, you feel both safer and freer in China than in the US as a foreigner (which is not saying a lot).

China and HK are completely different entities and cannot be compared. I was also talking about fights, not homicides.

> Fights are very common, especially in the north-east.

I would say per-capita stats are ideal for objective comparisons rather than picking individual instances. Would you have those by any chance?

Unfortunately, the problem with stats from China is that they are most certainly fake. Even if I had those, they would arguably be worse than anecdotal evidence. I provide fake economic stats as an example, since it's something the rest of the world cares and writes about [1] [2].

So take this as a personal account from someone who lived in China for over a decade.

[1] http://fortune.com/2015/12/14/china-fake-economic-data/

[2] https://www.ft.com/content/0361c1a4-bcfe-11e6-8b45-b8b81dd5d...

While comparing statistics between countries is very problematic indeed, homicide statistics are considered among the best (a dead body is easier to define than unemployment or income or so).

I agree, I'd like to see more concrete stats when statements like this are made.

Of course, I would request similar stats for the contention the other commenter made saying that fights are rare.

Thank you, this is very useful. Healthcare is a big one. In the U.S. Almost everyone is one step removed from a medical-expenses-related bankruptcy.

This our terrifying future in America - the incoming administration has very scant regard for civil liberties, and is filled with business insiders who worship money above all else.

Add to this the fact that both legislative chambers are controlled by the same party who is "tough" on crime.

For profit or to ostensibly address Terrorism expect surveillance to get much worse.

> the incoming administration has very scant regard for civil liberties

Sorry, they were eroded long before. This is why people must remain vigilant whether it is the person they voted for or not.


That's actually a problem. Most people defend the people they voted like is part of themselves just so they don't have to admit they made a mistake.

> This our terrifying future in America - the incoming administration has very scant regard for civil liberties

Meet the new boss, same as the old boss.

It is precisely the same in the United States, it is just somewhat deniable there due to things like the FISA court.

It allows peoples' inherent belief in American virtue to doublethink themselves into believing that the NSA doesn't collect this high-res data in bulk from Facebook and Google and Amazon and Apple and the mobile carriers—when we have clear documents showing that they do.

LOVEINT is real. The large social networks and communications providers are an official arm of the surveillance state, with all of the unfettered access to high resolution data that entails.

Your doctor or hospital hosts data in AWS? Pretty sure HIPAA doesn't count in this case when they're just sucking up all of the traffic in bulk.

Your social media and financial data are already being aggregated and sold—we know this, too.

Source? Data that supports this? There are certainly means of surveillance, but not likely to the same level or accessibility that is shown in the article.

Please elaborate instead of making a blanket statement :)

> Your doctor or hospital hosts data in AWS? Pretty sure HIPAA doesn't count in this case.

False. I work for a company in the education space that uses AWS. We're unambiguously bound by FERPA. It is inconceivable to me that a stricter law like HIPAA wouldn't also bind cloud-based companies.

EDIT: Moreover: https://aws.amazon.com/compliance/hipaa-compliance/

HIPAA is actually pretty terrible in terms of protecting your privacy from government agencies (or from insurers). It can require covered entities (health care providers, plans, or clearinghouses and buisness associates) to hand over medical information to law enforment officials without patient consent, and can even ban covered entiities from informing patients about disclosures under some cirumstances.

The EFF has a lot more detail here: https://www.eff.org/issues/medical-privacy and more specifically: https://www.eff.org/issues/law-enforcement-access

> False. I work for a company in the education space that uses AWS. We're unambiguously bound by FERPA. It is inconceivable to me that a stricter law like HIPAA wouldn't also bind cloud-based companies.

I think the GP was asserting that the NSA doesn't care about HIPAA, not asserting something about HIPAA and Amazon & companies using AWS.

Yeah, after the shadow-edit. The rest of the paragraph I quoted wasn't there originally.

>It is precisely the same in the United States..

No it isn't.

> when we have clear documents showing that they do.

We have claims and vague overview documents, but no actual direct evidence. For China, it's so rampant that direct evidence is everywhere.

> Your social media and financial data are already being aggregated and sold—we know this, too.

Financial data can only be sold in non-personally identifying anonymized forms. Now either you know this and you're willfully trolling, or you don't and you have no idea what you're talking about. I live in the UK so modulo Brexit, my social media data is protected by EU rules. At least the US does have some controls.

China has no controls whatsoever, the government blatantly ignores the law, completely owns the courts and exploits the data directly right now for censorship and persecution. It also sells it for the personal gain of officials. No innuendo, no supposition, no conspiracy theories required, they're doing it in plain sight on a massive scale.

Pretty terrifying. I'd love to see a more detailed analysis of the datasets they received. It sounds like both governmental and private surveillance systems in China may be pretty leaky.

I wonder if the information is leaked through hacks or compromised individuals.

The article says they are through the government. This includes immigration records, telecom GPS information, financial transactions, etc. Most of it is not coming through social media sites.

The government collects and organizes the data, but presumably there's no Chinese government website offering citizens access to this database. Who exfiltrates the data and sells it?

Corrupt officials is an obvious answer. Or hackers- given all the terrifying hacks of U.S. government databases that are reported, its likely as not Chinese databases are just as vulnerable, and they're much less likely to inform the public of breaches.

In either event, its potentially an example of China's government stability efforts coming around to bite them- how many incriminating details of government officials are tucked away in this database, for sale to the highest bidder?

This is a good video about the subject: https://www.youtube.com/watch?v=lHcTKWiZ8sI

The lesson is: even if you have nothing to hide, you are surely getting someone very rich.

It's been around for ages. Better known as "Knowledge is Power."

Scientia potentia est - Sir Francis Bacon

Knowledge is power and it can command obedience. A man of knowledge during his lifetime can make people obey and follow him and he is praised and venerated after his death. Remember that knowledge is a ruler and wealth is its subject. - Imam Ali, Nahj Al-Balagha, Saying 146


The big difference is China is openly undemocratic and the citizens know what they are up against. Here its posturing, misdirection, propaganda, nebulous lists, secret process and the exact same thing only under cover and pretense all working like clockwork to lull the citizens into complacency.

Dial back 10-15 years and try to imagine the response to a news item like this. Hysteria about totalitarianism from the media, endless interviews with academics, ngo and human rights organizations. Grandstanding by politicians and citizens. Where are all these noisy vocal folks? What is orchestrated and what is real?

Even though this article is about data on Chinese citizens, I kinda wonder if the Chinese government doesn't keep a big database of what American folks are doing, too.

I mean, why not?

They've the got the hackers. They've got the big DB. They've got the absence of laws preventing such a practice.

I was really surprised to see my Chinese friend pay the restaurant bill using WeChat, just by flashing a QR code. Which means they know all the data a typical social network can handle, but also how much you are paying where.

I keep voicing concerns about Google Wallet in that respect but nobody takes it seriously.

That's because everyone knows that nobody really uses Google Wallet.

sshhhh, if parent keeps voicing their concerns, sooner or later they're bound to be within earshot of someone who uses Google Wallet.

Is any service better? Apple Pay?

My understanding is that Apple Pay enables the payment, but Apple does not collect or retain any data such as to whom you paid how much. Here's what Apple's iOS Security Guide say:

"Apple Pay is also designed to protect the user’s personal information. Apple Pay doesn’t collect any transaction information that can be tied back to the user. Payment transactions are between the user, the merchant, and the card issuer."


Two different animals. Apple Pay lets consumers purchase goods from a merchant. Google's offering in that space is Android Pay. Google Wallet is more similar to Venmo in that it's only for peer to peer transactions.

I often wonder what's missing to create and simulate a detailed economic model down to the individual level for and entire country or even the world.

There are only 7 billion people to simulate, that doesn't actually sound like that much anymore.

Obviously one would not simulate every individual with realistic human-like AI, but with a statistical economic model.

How much and what kind of data would one need for this to be useful, for example to predict if a certain new political initiative will actually work?

Or is this already being done? Or is it not needed? Or just still too expensive?

Damn. No offense meant to the parent (because I wasn't even smart enough to come up with this on my own in 2017, much less the 1940s), but it's humbling to see someone having such insight 70 years ago.

I read Asimov in my teens back in the 80s, but the fact that Chaos Theory had already pretty much killed a lot of those ideas as a plausible possibility took the edge off a bit.

You’re going to love reading “Red Plenty” https://www.amazon.co.uk/Red-Plenty-Francis-Spufford/dp/0571...


And it was leaked to telecom scams. It was rampant in China.

As if this system didn't exist within the US. Credit and bank account spending records have long been a treasure trove of analytics on how people go about their day to day. Social media extends on this even further since there are many people who post EVERYTHING about them on these platforms.

If people are being tracked by the IMEI number, can't you patch android to just return a random IMEI number unique for every day or hour? The parts of the phone that actually use that number have it hardcoded in, the rest is just for display.

As an American, I would never download a Chinese app like WeChat or use a digital service based in China.

I'm German and (as stereotypes would have it) extremely privacy conscious. Having lived in the US for over a decade I've reluctantly come to terms with the lesser privacy standards here.

For a long time I refused to keep a lot of information on Facebook as Facebook seemed to only consider privacy as an afterthought after users expressed outrage (I appreciate transparency about the use of data so I can make my own decision). I refused to use the sign-in with Facebook functionality as I had no interest in giving third parties access to my FB data. Eventually I just gave up and now use Facebook sign-in everywhere because it simply is much more convenient.

When I traveled to China a year ago the utility of using WeChat or Baidu Maps was simply too great. I was well aware that using these applications almost certainly would surrender information to the Chinese government. Interestingly enough, because I assumed that this would happen one way or another during my 3 months stay I felt more inclined to use these applications.

WeChat is the only viable way to keep in touch with all of my Chinese friends in China and in the US.

I wish everyone would just install Signal and Wire - it's not that hard :-/

Signal is not intended to protect from government surveillance, nor is it able to.

You have the source code to Signal. You can see exactly how it protects you from government (and other) surveillance.

To be clear: it does better than anything else you can find in an app store.

I can do the same with Telegram.

I can’t verify the source code of the server, or run my own federated server (Moxie doesn’t do federation), and I can’t trust that Moxie’s server doesn’t relay metadata to a government.

> To be clear: it does better than anything else you can find in an app store.

Wrong, proof by counterexample: Conversations.im is also in appstores, is also open source, but, because it’s an XMPP client, I can run my own servers, and federate, and ensure the servers are also secure.

If you're specifically targeted by 3-letter level organisations, it gets very difficult to protect yourself, sure. "If your adversary is the Mossad, YOU’RE GONNA DIE AND THERE’S NOTHING THAT YOU CAN DO ABOUT IT. The Mossad is not intimidated by the fact that you employ https://", as James Mickens put it in his hilarious column [1].

However, against mass surveillance, Signal will protect you, I'd think, just by making it much more complicated to intercept than WeChat or Skype, which have backdoors built right in.

[1] https://www.usenix.org/system/files/1401_08-12_mickens.pdf

I thought that was exactly the point? Who is it intended to protect you from?

There’s a few levels of protection that you might want from a chat system.

#1 Protection from a dumb attacker doing MitM: This is done by anything that uses HTTPS.

#2 Protection from an attacker that can get fake SSL certs: This is done by anything using certificate pinning.

#3 Protection from an attacker that controls the app store: This can’t be easily done by Signal – and they don’t do it.

#4 Protection from an attacker that can take over the servers running the application: This is NOT done by Signal, and is hard to achieve (even with true E2E, unless you do multicast, you usually can extract metadata here, although there are chat applications protecting against it).

If your enemy is the US government, you’re automatically EOL, due to #4. If your enemy is another government, you’re likely EOL, due to #3, unless you actually build the app from source yourself.

This is not a fault from Signal – nor can they easily fix it – but it’s a realistic problem.

With Signal, you can verify fingerprints. So, what you're saying is:

#4 if some agency "takes over" the Signal servers, they can extract metadata. But only that?

#3 if the binary is not what its supposed to be, then, yes, all bets are off. That's a whole other can of worms, but a) is there any evidence that's ever happened? and b) that much affects any smartphone chat app, so does not help you to decide between Signal and WeChat.

> #4 if some agency "takes over" the Signal servers, they can extract metadata. But only that?

With Signals model, as long as everyone verifies fingerprints, yes.

But, considering XMPP is a thing, XMPP with OMEMO provides all the same guarantees – and you can make it less likely that an agency has taken over the relevant servers (because you can self-host easier).

Signal’s use case is "something as secure as OTR, but easier to use".

I’m not saying you should use something else than Signal, but I’m saying that Signal isn’t ideal if your adversary is a government.

No it's not. There's Whatsapp for starters, which isn't blocked in China. There's always email. If your Chinese friends are ignorant about privacy, it doesn't mean you need to sacrifice yours.

> the utility of using WeChat or Baidu Maps was simply too great

"Give me convenience or give me death"

This is amazing - you're saying that Wechat has privacy issues but advertise Whatsapp.

I knew this would come up, but Whatsapp is still miles ahead of Wechat regarding privacy. And especially regarding invasions of privacy where the Chinese government is involved, which I am pretty sure Whatsapp is safe from.

First, Whatsapp advertises to have end-to-end encryption, which Wechat doesn't have. Second, your private Wechat conversations can be used against you as evidence in court, while any evidence collected with NSA tools cannot, since it is technically illegal.

If you want privacy from the US government, then you probably shouldn't use Whatsapp. In any other situation it is vastly superior.

I did... too bad. Nice timing though

Convenience is how they get to you. Just say no to convenience.

Privacy is pretty much finished whether you are using a service from China or anywhere else. Given there are more surveillance to come in post-terrorism era.

Your computer on which you typed this comment was most likely made in China...

my clothers is made in China. so?

The point is that tracking systems are often embedded in hardware.

The big problem is black market for data/identities. Not only in China but in the world. Identity theft is quite huge. And a lot of those data weren't even stolen but was sold by those corrupt officials or staffs in some firms.

How much do they pay for a post these days?

Does the data include high-ranking government leaders and leading businessmen?

Truly dystopian. Reminiscent of the Black Mirror episode "Nosedive" (Season 3, Episode 1), but worse.

Much the same as in The Netherlands, where the police is proud to be able to track any move of any citizen through big cities (using installed cameras) and which is the country with the most telephone taps per citizen.

Really, many countries in Europe are basically run like Singapore.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact