Hacker News new | comments | show | ask | jobs | submit login

Net neutrality is fundamental to free speech. Without net neutrality, big companies could censor your voice and make it harder to speak up online. Net neutrality has been called the “First Amendment of the Internet.”

Not just harder. Infinitely more dangerous. Probably the scariest implications for NN being gutted are those around loss of anonymity through the Internet. ISPs who are allowed to sell users' browsing history, data packets, personal info with zero legal implications --> that anonymity suddenly comes with a price. And anything that comes with a price can be sold.

A reporter's sources must be able to be anonymous in many instances where release of information about corruption creates political instability, endangers the reporter, endangers the source, endangers the truth from being revealed. These "rollbacks" of regulations make it orders of magnitude easier for any entity in a corporation or organization to track down people who attempt to expose their illegal actions / skirting of laws. Corporations have every incentive to suppress information that hurts their stock price. Corrupt local officials governments have every incentive to suppress individuals who threaten their "job security". Corrupt PACs have every incentive to drown out that one tiny voice that speaks the truth.

A government that endorses suppression cannot promote safety, stability, or prosperity of its people.

EDIT: Yes, I am also referring to the loss of Broadband Privacy rules as they have implications in the rollback of net neutrality: https://www.theverge.com/2017/3/29/15100620/congress-fcc-isp...

Loss of broadband privacy: Yes, your data can and will be sold

Loss of net neutrality: How much of it and for how much?

I'm not American, so please correct me if I'm wrong but I have yet to see any proof of this whole 'sell your internet history' complaint that seems to be blatently copied by everyone without any research.

The way I understand it is that ISPs can sell anonymized data from groups of users. Like: people who visit news.ycombinator.com generally also visit stackoverflow. I also don't know how an ISP would get your actual internet history if the website uses HTTPS.

Yes, I am a strong supporter of NN and I was appaled when the EU diluted it, but this reply is directed at your 'ISPs who are allowed to sell users' browsing history' part.

The common response to this is that ISPs have access to everything you do (which is true), and that they could sell that (which is false).

The regulations being overturned here are ones that have only recently taken effect, and non-anonymized, non-aggregate selling of ISP data is still outlawed by the Cable Communications Act of 1984, which protects subscriber privacy is 47USC § 551[1].

Put simply, neither the most recent executive order, nor a reversal on Net Neutrality overturns that law on the federal register.

Of course, if Congress were to draft a bill that does so, the current fears would be well justified.


"Anonymized" aggregate data is not as anonymous as you might think. This study [1] was able to accurately de-anonymize users based on internet history and public social media 70% of the time.

[1] http://randomwalker.info/publications/browsing-history-deano...

Legally, is there a minimum requirement for what it takes for data to be considered "anonymized"? Just because the customers' billing info isn't included doesn't mean you can't figure out who is responsible for traffic.

There might be multiple options that the federal government would respect:

* https://www.gpo.gov/fdsys/pkg/USCODE-2010-title5/html/USCODE...

* http://ws680.nist.gov/publication/get_pdf.cfm?pub_id=904990

Legally, I can't think of a case where it's been tested that didn't lean the government's way, so who knows?

So you're saying this most recent regulation does absolutely nothing, even though it was the highest priority for the incoming industry friendly regulator. Seems doubtful that some 1984 law is going to protect our browsing data.

I'm not saying it does nothing. I'm saying it doesn't do what people think it does.

Repealing the Obama rule does mean that you can't opt out of data collection or sale. It does not mean that your individual browsing records are available to anyone with enough cash. Moreover, much of the rules Trump's executive order overturn had either very recently taken effect, or not yet taken effect.

There may be much theoretical damage from overturning the regulations, but the practical effect here will be minimal, and limited because of the other laws that already exist to prevent exactly the doomsday scenario many are predicting.

I'm not saying that Trump isn't after your privacy rights, but the surest test of that will be whether or not he goes after or seeks to circumvent the 1984 protections I referenced earlier.

You're correct. But only because - per Chaos Monkeys, Dragnet Nation, and the like - your data is already being captured, aggregated, and sold. If that's your concern, you're too late. On the other hand if your concern is specify to ISPs (as opposed to other entities you don't even know) then sure worry and complain. But at least your ISP has an incentive to not go too crazy, as the data they sell could be used to market to you to leave that ISP ;)

You can turn cookies off or similar, or you can choose to not use or employ such services. That the ISP can do this, without your consent - each DNS lookup, each TCP connection you're making - is a whole different thing.

I think it is truly insane.

Fyi...They can, with reasonable accuracy, track you across multiple devices. And that was 3+ years ago. I'm sure it's only gotten better since.

I do agree. There are somethings you can do to mitigate things. But at some point you have to be you (e.g., FB, etc.) and as small and minor as such digital breadcrumbs might seem, they add up.

Using Facebook is a rather large bread "crumb" though. Not using it is easy enough and you're making it easier for your other privacy-conscious friends to do the right thing.

I don't know anyone who would fault me for not being on Facebook (yes I know this has a strong selection bias). Only time was at a convenience store, looking a bit puzzled I had to scan my ID-card in some device (to buy cigarettes[0]), the guy explained this was announced on Facebook, I (completely neutral, matter-of-factly, already having complied with the ID-device thing) replied I don't have an account on Facebook which he took as a cue to start some anti-privacy diatribe at me. My guess he was probably having a bad day, possibly from other people giving him a much harder time about the ID thing. I finished the transaction, excused myself because I (really) had to catch a bus, and wished him a very nice day.

My point is, when I look around, it seems like Facebook is going the way of the cigarettes. The majority of people (that I know) know of at least one or two scandalous things that are deeply wrong about the way Facebook treats privacy and manipulates its users. Of those people, a good chunk hate it, really want to quit, but feel they can't due to social pressure or addiction. Just like cigarettes. Others make excuses about convenience, little vices, relaxing. Just like cigarettes.

I don't know how many of you are old enough to remember that you could smoke in trains, bars, in restaurants while people were still eating 2 metres next to you. As late as the early 90s. And only after those bans people started to dare to ask if you could maybe smoke outside, in home situations, even if they're the guests and it's your home (I was younger and inconsiderater).

If you don't remember you maybe also don't remember how thoroughly ingrained the social act of smoking was in society. Only a few decades ago, nobody could imagine where we are today. Smoking was just so normal, even if you didn't really, you would occasionally, your friends would offer, people just liked it too much, were addicted too much.

The almost-entirely-non-smoking-everywhere society we have today was seen as an impossibility. We could never get there, we couldn't change or impose, people wanted it too much. And it was a hard transition before it got momentum, but it did in the end. I personally, as a smoker, welcomed these bans, because I figured it would make it easier for me to quit (hint: if you're addicted, you still have to quit by yourself. those bans maybe helped me the first 5% of quitting).

The point is, it may seem impossible to imagine a way out of this anti-privacy swamp. But it's not too late. Just remember the cigarettes and how far we got. DON'T let anyone tell you it's useless to refrain from using surveillance tech X just because "you're going to be tracked any way because P, Q and R" (being your phone, CCTV and the NSA). The fight is NOT lost, not at all. It's just getting started, now that people are slowly realizing they don't actually really want this, they are mostly made to want this, and more and more people want it to stop, and it would help if only everybody else would stop shoving it in their face.

Just because it seems impossible now doesn't mean we should roll over, curl up and stop voicing your dissent, ever.

Then maybe our kids (or other people's kids--who didn't ask for this either) can grow up in a society where they're not quite as pervasively tracked and surveilled as our generation.

If it helps maybe to imagine the next impossible thing, imagine everybody securely wiping the exabytes of private data they've collected on us so far. I really can't see that happening either and it kind of gives me hope in a weird "wishing on a star" kind of way, because other important things used to seem just as impossible.

[0] I've quit since. It's hard. Very hard. Unfathomably harder for some people than others. I will never judge an addict in my life.

But NOT being on FB is also a signal. A signal I presume can be detected and noted somewhere. Frankly, I don't think staying off FB is enough. And not being there, should you make the evening news for some strange reason, will mean you're labeled as antisocial, loner, etc.

That section of law says they can sell your data with prior written or electronic permission.

47 U.S. Code § 551 (c)(1)

Except as provided in paragraph (2), a cable operator shall not disclose personally identifiable information concerning any subscriber without the prior written or electronic consent of the subscriber concerned

So this section of the law, though another might, does not support your statement that "that they could sell that (which is false)".

I think you're misreading it, unless you have reason to believe that you've already given your permission. Either way, the regulation that Trump's EO overturns also allowed you to opt in if you wanted to.

non-anonymized, non-aggregate selling of ISP data is still outlawed by

Your statement is too strong. It's not outlawed. There is a relatively easy avenue for ISPs to sell this type of data, and it's written into the law, and not some sort of weird loophole. It is voluntary that they have not pursued it on their part.

I believe that pretty much every single customer has given their "permission" in that sense, the standard contract or terms&conditions would include language that says that you consent to such information "being processed by selected partners" or something like that.

Wouldn't a privacy policy cover "the prior written or electronic consent of the subscriber concerned"

If so, I don't know how the Obama regulation would have been any different.

47 USC 551 only applies to cable operators, and the 6th Circuit ruled that it doesn't apply to Internet service.[1]

[1] http://www.opn.ca6.uscourts.gov/opinions.pdf/06a0366p-06.pdf

The law section you linked to is concerned with PII, personally identifiable information. But what ISPs are most likely to sell is anonymized browsing data, i.e. when an advertiser goes to display an ad the ISP will tell them what other URLs you've been to but they won't tell the advertiser your name, address, social, etc.

Agreed, with the caveat that there are also restrictions requiring aggregation as well.

The only thing your link says about aggregate data is that PII is not aggregate data, meaning that aggregate data is exempt from these restrictions.

So, that's applicable to every instance except where being provided to the government (section h), and . It's somewhat circular in that regard. Combined with disclosure restrictions, specifically 2(c)(ii), the net result is that only aggregate disclosure is allowed unless specifically permitted by the end users.

My reading of it is that anonymized individual non-PII data, such as browsing history, is allowed to be sold.

You may be correct, now that I re-read it again. There may be something in a subsequent act that prevents non-aggregate data, but until/unless I find that, I'm working under the assumption that you are right and I am wrong, regarding aggregation.

I have yet to see any proof of this whole 'sell your internet history' complaint

What the bill stripping Broadband Privacy rules does is make it nearly impossible for the law to set a precedent for what should be considered illegal to sell when it comes to users' data. What may have happened if broadband privacy rules were enacted as intended here[https://www.nytimes.com/2016/10/28/technology/fcc-tightens-p...]

... someday somebody who didn't "opt out" would have discovered their [medical, financial, insert whatever] data had been sold to their detriment. Lawsuit. Legal scrutiny. Precedent == Baseline for what is acceptable and what is not for people who don't opt out.

Now, with no consumer privacy rights by default on broadband, and no neutral delivery system (net neutrality), and with provisions the GOP inserted into the Broadband Privacy rollback explicitly to make it harder to sue entities who sell your data, the default situation is already stacked badly against the average person.

> I also don't know how an ISP would get your actual internet history if the website uses HTTPS.

Your ISP can (and likely does) monitor your DNS queries, which (as far as I know) are not encrypted.

Personally I think the net neutrality stuff is a tad overblown. I'd vote for maintaining it, but I've never been particularly convinced by the whole "surveillance state/beyond-orwellian/ISP censoring your speech" arguments that get thrown around on HN, among other places.

I think the problems with ISPs are more practical: they overcharge, provide shitty service, have no incentive to upgrade their infrastructure, and clearly collude with one another. Therefore they need to be regulated.

> I think the problems with ISPs are more practical: they overcharge, provide shitty service, have no incentive to upgrade their infrastructure, and clearly collude with one another. Therefore they need to be regulated.

Agreed. Though I would prefer that we do whatever we can to identify and implement mechanisms to increase competition. I want new ISP options, and several of them, rather than just marginally better behavior from the one or two ISPs I have in my neighborhood. I'd prefer regulation that increases competition (even if that hurts the incumbents) rather than regulation that assumes the incumbents are fixed and therefore just manages how they conduct their business. The prior is designed to create new ISP options, the latter tends to serve to decrease the incidence rate of new options.

I've always been a voracious Internet consumer. For all of its faults, I really enjoyed the regulatory framework of the Communications Act of 1996 that allowed competitive ISPs to lease physical wires.

How about forcing ISPs to lease the last mile to help bolster competition, they did something similar in the UK [1]. Not quite sure how that worked out for them.

[1] https://en.wikipedia.org/wiki/Local-loop_unbundling#United_K...

This was a requirement of EU law, and is presumably a reason why there are more ISPs in the EU than in the US (apart from the density issue, of course).

Yes, I think that would be great!

> > I also don't know how an ISP would get your actual internet history if the website uses HTTPS.

> Your ISP can (and likely does) monitor your DNS queries, which (as far as I know) are not encrypted.

HTTPS does expose the domain name in plain-text through SNI. Yes, DNS is not encrypted.

> I also don't know how an ISP would get your actual internet history if the website uses HTTPS.

Until the world switches to DNSCrypt, DNS-over-HTTPS, or DNS-over-TLS and while most Internet users are using ISP provided DNS resolvers, recent research shows it is possible to narrow down what pages the user browsed based on their DNS queries.

[1] https://www.theregister.co.uk/2017/03/21/dns_records_more_re...

If someone really wanted to, couldn't they buy that anonymized data and then make a series of inferences on which data is yours based on cross-referencing various information? (please correct me if this is wrong)

Like say I run hackernews — couldn't I just cross-reference my own logs with that "anonymized" data and get a pretty good idea of what a specific users' traffic was?

Based on some of the tools Uber has used to pinpoint specific users like, government officials, it doesn't seem too far beyond the realm of possibility.

Exactly. Gather a could sources - as is already happening - and with a graph DB and not even grad level algorithms you could get a pretty accurate picture of enough people, given enough data.

>I also don't know how an ISP would get your actual internet history if the website uses HTTPS.

The ISP could monitor your DNS requests or the SNI[1] in the TLS handshake.

1. https://en.wikipedia.org/wiki/Server_Name_Indication

Back in the 1980's, Robert Bork's video rental history was disclosed during his supreme court nomination. As a result, the Video Privacy Protection Act was passed.

Why shouldn't there be similar provisions to protect my browsing history?

>I also don't know how an ISP would get your actual internet history if the website uses HTTPS.

Charge users extra fees for "premium service" unless they agree to let the ISP their traffic.

How does that change how HTTPS works?

It doesn't, but the ISP still know what pages you went to.

If they want to determine your political leanings your browsing history is enough.

How would the ISP know what pages you went to over HTTPS? Only the domain name would be available, through SNI/DNS.

They could just MITM all connections and say 'for compatibility reasons, please install this root certificate'.

With a fee, this requirement could then be waived.

Dystopian but technically possible.

This type of hypothetical drives me batty, and I was tempted to be snarky. I'm not sure how to respond to the idea that there will ever be a time your ISP requires root cert installation for service, but I will be finding a way to launch a WISP of my own at that point.

It's only slightly hypothetical.


Gogo didn't require installing a root cert, but they DID issue forged certificates to MitM connections to *.google.com (and others).

Also, remember "Superfish"? Their root cert was pre-installed by Lenovo.

My original was already snark. Though I don't think its impossible that a small amount of non-technical people might actually be convinced to do this.

Just the domain names is already a lot of information...

You can't really anonymize data:


It's a fair question to ask! I wrote my representative on this issue actually. I'll let you read for yourself:

"On October 27, 2016, the Federal Communications Commission (FCC) issued a proposed rule that seeks to expand its regulatory jurisdiction, create a two-tiered privacy regime for different types of Internet companies, and impose data restrictions on Internet service providers. These types of regulations have traditionally been under the jurisdiction of the Federal Trade Commission (FTC), which already has in place a regulatory regime to protect consumers. Full implementation of this proposed rule would have, among other things, given consumers a false sense of protection and privacy. As a bipartisan group of representatives stated in a 2016 letter to the FCC in response to its notice of proposed rulemaking:

-We had hoped the FCC would focus on those protections that have traditionally guarded consumers from unfair or deceptive data practices by ISPs and the other companies in the Internet services market. But, based on the [FCC’s] Notice of Proposed Rulemaking, we remain increasingly concerned that the Commission intends to go well beyond such a framework and ill-serve consumers who seek and expect consistency in how their personal data is protected. If different rules apply to the online practices of only selected entities, consumers may wrongly assume that the new rules apply to all of their activities in the Internet. But when they discover otherwise, the inconsistent treatment of consumer data could actually undermine consumers’ confidence in their use of the Internet due to uncertainty regarding the protections that apply to their online activities.-

In response to these actions, the House and Senate introduced legislation in March to disapprove of this proposed FCC rule. The House version of this legislation, H.J.Res.86, was introduced by Rep. Marsha Blackburn (R – TN) on March 8, 2017. The measure seeks to block the proposed FCC rule. On March 28, 2017, the House passed the Senate version, S.J.Res.34, with my support, and the measure now heads to the president’s desk for signature. Again, it must be noted that recent actions in Congress have not changed the status quo in terms of privacy-protection standards for consumers."

That's what they attest. And the Washington Post had a good editorial (which I'm currently at pains to find) explaining how, under Commissioner Wheeler, the FCC pushed for broadband privacy rules, but ran roughshod over the FTC in the process. While it was a win in the sense that a legal gap was closed (more on that in a minute), it wasn't good in that it weakened the definitions between the FTC and FCC, which bother have governance roles to play. While it might sound like needless bureaucracy, firm and clear rules are the underpinnings of strong court rulings, which are essential to good governance.

Except, now that gap still exists. While it's claimed that the FTC will now fill in the gap, the problem is that it couldn't effectively in the first place. WP explains:

"Can't the FTC go after Internet providers with its rules?

At the moment, not really. The reason has to do with the FCC's rules on net neutrality. When the FCC passed those rules, it branded all Internet providers as “common carriers,” essentially a fancy legal term to describe traditional phone companies.

The problem is that the FTC is bound by something called the “common carrier exemption.” The agency isn't allowed to take action against companies that have been labeled common carriers by the FCC. (The idea behind the exemption is to prevent both agencies from going after the same companies twice for the same infraction.)

So if the House vote succeeds and Trump signs the measure, that releases Internet providers from the FCC's privacy regulation but does not do anything to apply the FTC's own privacy guidelines to the industry. The FCC can still sue companies after they have allegedly violated consumer privacy, industry groups say. So can state attorneys general. But the FCC will be unable to write regulations that preemptively bar privacy violations, meaning that Internet providers will be subject to less oversight as a result of the congressional measure."

(From: https://www.washingtonpost.com/news/the-switch/wp/2017/03/28...)

So, with regards to selling data. Is it anonymized? Probably. To an extent. People get assigned an advertising ID, which is a random number in place of your legal name, and your profile is built under that. But you and I both know that it's not really anonymous, and it's trivial to then do a correlation between your, say, name and address, and then your advertising ID and address, and suddenly you have a full profile on someone. That's an issue when other businesses and services begin to take advantage of your health, interests, associations, etc, to charge you more or deny service based on these indicators. ISPs feel they've been at a disadvantage compared to online services like Facebook. Remember, that they do not want to be "just a bit provider". There's a very powerful profit factor if they can use their lock-in to be your content provider as well.

Anyways, hope that helps!

This is well-written, but I worry it will be scanned by a staffer and replied to with a canned response. I'd be interested in hearing about any response if you care to update?

Sorry I wasn't clear, I didn't state it well. That was the response in italics above. The representative (or rather, her staffer) is asserting that the status quo has not changed. That's only half true. The ability for ISPs to sell data was on shaky ground before, until the FCC closed the door. The door has been reopened, and the FTC has weak jurisdiction.

I think if you read Chaos Monkeys and/or Dragnet Nation (and I'm sure, others) you'll realize the data privacy cat is out of the bag. It's likely such ISP data to be sold is already available via other channels.

Aside from that, the danger of the internet doesn't seem to be free speech, but free thought. The bar is much higher and deeper. Droves are being manipulated, nudged and misled. That's happening, nearly frictionless, now. Even Orwell would blush thinking, "My, I really underestimated what was going to happen."

Mind you a lack of NN isn't going to help. But with NN or without NN the root issue(s) aren't NN.

current regulation doesn't account for anonymity. only that a isp must also do its best to route packages it can't understand. but doesn't guarantee either. if they can understand the content and want to monitor it, there's no protection against it.

without it they can just block/charge extra for things they cant read. making anonymity and privacy harder. but again, they wont have any new rigths that they don't have today.

We will fight now, but sooner it will come back. We won the last battle but what about this and the ones that will come if we win again. This is going to be never ending battle until we lose and corporations win. There should be a strong amendment with irreversible clause on Title II .

>Probably the scariest implications for NN being gutted are those around loss of anonymity through the Internet.

Does it currently exist?

Do something significantly illegal enough online most anywhere and you will be caught. Other than very specialized internet usages that are outside the purview of the common individual, the only question currently is if the government can justify going after you, not if they can go after you. Right now if you point out corruption against a local government they likely won't go after you due to lack of resources, not technical limitations. Point out major corruption at a high enough government scale and you will be caught (especially given that one will have to go outside of legal channels to do so).

I don't see how net neutrality has any relation to privacy. It is orthogonal to privacy.

In fact, since the anti-privacy law was put into law, removing Title II status from ISPs would allow the FTC to regulate privacy again.

Your edit makes me wonder if you realize consciously that your rant is completely orthogonal to net neutrality even with your epplanation, and you're just doubling down on deliberate unawareness as a strategy to avoid feeling foolish.

No, not really... have a look through my (quite infrequent) posting history and comments to follow the logic.

The current GOP-controlled administration is implementing a cunning strategy to undermine the safety and freedom of all Americans. These are deliberate actions being taken, with specific goals to suppress what it is calling "fake" news/media, but what most people call facts. The most astonishing thing is that they've twisted and mangled the definition of "freedom" into something that doesn't resemble freedom at all; and yet there are many people who are stupid enough to believe they're actually being helped by these ludicrous decisions.

What are you on about? What does privacy have to do with net neutrality?

"NN being gutted are those around loss of anonymity through the Internet."

How is that by necessity a bad thing? People aren't anonymous in every day life and their internet anonymity is mostly an illusion anyway. Big brother can almost always find out who did what if they want to.

" These "rollbacks" of regulations make it orders of magnitude easier for any entity in a corporation or organization to track down people who attempt to expose their illegal actions / skirting of laws"

It also makes it orders of magnitudes easier for anyone to find out about a coorportions illegal actions / skirting of laws.

I agree with most of your statements. But in the long run there really are a lot of benefits to a non-anonymous internet that can't be denied (just as there are a lot of problems as well). For instance, full access to health and medical data for research purposes would be a huge benefit for mankind and the sick people themselves just as that same access would necessitate a major rehaul of the ligislation concerning insurance companies.

I don't see how removing anonymity is inherently by its very nature a bad thing. It seems likely it would be like everything else, you'd need to legislate the legality of certain things given that all activity is non-anonymous, etc.

Anonymity balances power. Think not about this government, but the next, and the next after that. How much more thorough, brutal, and administratively easier would China's "cultural revolution" been if this technology had been in place in China as Mao took power? What if they could have used ISP logs for kill lists? IMO, you trust too much in existing social structures and laws. As unimaginable as they are, these things happen.

You're acting as if our governments don't have access to all this information already which they do.

Its because I do not trust social structures and government that I think anonymity needs to go away.

In a truly de-anonymized system if you are a malevolent actor (gov't or individual) anywhere your actions are broadcasted to the world and people or governments can respond before too much damage is done, no one cares what the benevolent actor is doing.

In a fully anonymous system a malevolent actor can run wild and no one will be able to stop him. The same is true for a benevolent actor, but in a de-anonymized system no one is trying to stop him anyway.

The whole thing though does depend on whether you think the world at large is made up in majority of benevolent people willing and wanting to help their fellow man or malevolent people wishing to do damage in the world.

I think the majority is benevolent which is why I'm for de-anonymizing structures.

One of the best responses I've heard to this particular line of reasoning is recorded here: https://www.youtube.com/watch?v=30JORRy7F0A&t=53s

Not the same scenario being discussed, but worth noting that the consequences of a loss of anonymity through the internet have the potential to be a lot farther-reaching and more sinister than they are in any analogous loss of anonymity in everyday life. I'd be interested to hear if you find the linked argument persuasive.

The engineer is conflating privacy with security. These are not the same thing and they are constantly confused when people discuss this topic. I can for instance lock my house in such a way that no one can enter (security) but broadcast everything I do inside the house to everyone worldwide (no privacy). Conversely, I can stand in front of a closed curtain and no one can see me (privacy) but if someone shoots a bullet it will easily penetrate the curtain and kill me (no security).

I agree with him that the consequences of loss of anonymity are worse than a loss of anonymity in everyday life. In everyday life if a person sees my credit card number I only have to worry about that person say, whereas conversely on the internet its as if everyone the world over were to see my credit card number.

Assuming we don't have NN i.e. anonymity then the world knows everytime I use my credit card (no privacy). However, they do not know my credit card number because its encrypted (security).

So my thinking hasn't changed much after listening to the google engineers argument, I still think its a much better balance of powers to have everyone have access to everything than only those with the skills or power to acquire it, since I think given an absence of anonymity we would build better software and societal structures to ensure we have security for everyone even though privacy might be gone.

> I don't see how removing anonymity is inherently by its very nature a bad thing. It seems likely it would be like everything else, you'd need to legislate the legality of certain things given that all activity is non-anonymous, etc.

I see a few issues with such massive violations of privacy:

1. Slippery slope: Knowledge of people's private lives is extremely valuable, and nobody with the power to collect or use it is going to relinquish it, if anything they're more likely to try to get more, until they have absolutely everything. This isn't inherently bad, as concentrated power is very easily abused. We have a wonderful case study of this with the NSA, their ever expanding powers, their willful breaking what few legal limits are imposed upon them, and their inability to prevent themselves from breaking their own policies about abusing access to their treasure trove.

2. Benevolent dictator: This privacy invasion will most certainly work it's way back to the government, which has severe implications for civil disobedience and political dissent in general. While it's all peaches when the government is "nice", you're never going to have all citizens agree with the government, and future politicians abusing previously allocated power/resources is extremely likely (not that there has ever been a government administration worthy of invading everyone's privacy to begin with).

3. Drawing a line here is not only a great place, it also lets everyone consolidate resources to fight for a known good state. There's a lot of information to be gleaned from the data, and it's unlikely that everyone can commit fully to understanding the ramifications of letting this information out, much less understand how it will be used, or how it can be used. And much like giving the legislation a pile of money with legislatively imposed spending limitations, they're going to be constantly fighting to tweak and remove those limits. And its so much harder to be constantly vigilant when there's dozens of laws governing what can or cannot be done with the data, before we even presume that we agree with those laws to begin with.

4. As noted above with the NSA, it's not possible to trust custodians of this treasure, they're only human, and they're bound to abuse their power at some point. But we don't just have to worry about people with legitimate access obtaining this data, we also have to worry about hackers grabbing it from poorly secured servers, which seems to be an inevitable computer event, even more so for such massively useful information.

These are my thoughts as well. In particular:

> _It also makes it orders of magnitudes easier for anyone to find out about a coorportions illegal actions / skirting of laws._

I would add that I find it more important to ensure that there is transparency about the ISPs and other corporations' (and governments') actions.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact