This is a brilliant line and it works so well because he is absolutely right: it should not be on the burden of the consumer to make sure their products are safe, be it from listeria or a spy device disguised as a children's toy.
I don't know what needs to happen for people to get outraged, but privacy needs to be a mainstream political issue. Perhaps we need to see what Google and Facebook actually have on us...
Governments are likely to control food pathogens and airline risks because they need living, productive, happy voters.
But governments have also a fundamental distrust for all individuals and therefore want as much surveillance as possible. By allowing big companies to collect that, they have access as well.
Therefore I think governments are not motivated to improve privacy at all. On the contrary.
I know what you say is popular in certain political circles, but it's a false idea about government. Worse, it's a cynical meme that corrupts people into making government less effective, by both stopping people from trying to hold government to account, and not trying to change the rules that governments enforce.
The best way to make your idea of government true is to stand idly by and do nothing.
(Though Teddy Roosevelt certainly pissed off monied interests when he felt they were acting immorally)
For example, the police, the IRS, DHS etc etc. (and hence the state) WILL be helped in their jobs by increasing surveillance, and so will always be trying to increase its scope.
Whether it's _worth_ the loss of privacy is of course a valid debate.
It certainly seems like the positive statement "government is not motivated to protect individual privacy and will not effectively do so" is well-supported by current experience.
A bit meta but I wish more up/downvoters on HN could tell the difference between normative and descriptive speech.
So, maybe theoretically we can influence, but understanding the nature of what a self-interested, pragmatic government beaurocrat values is incredibly important.
I think the parent comment and idea behind it needs to be explored further. Maybe there is a solution, but it will perhaps require an entirely new type of government. Democracies, as we know them, don't seem capable of solving this problem.
Democracy is only the problem insofar as we (here in the US) do not have one, we just pretend we do. Democracy and Republic both mean a government by the public. Voting once a year, donating money, and writing stuff on the net are utterly inadequate for that end.
Public government needs educated and involved citizenry. It means putting in quite a bit of time.
Remove the word "populist" and you've just described most politicians ;-)
Would be far more representative of the people than current way and less susceptible to populism.
People often think I'm joking when I propose this but I haven't heard a good argument against it yet.
1) By taking the average, you are risking compounding educational decreases in the populace.
Bad public education policy is enacted, chosen politicians become less educated, worse public policy is enacted, etc etc.
2) By using less experienced politians, you lessen the efficiency of the entire political process.
3) By not having the possibility of re-election, you remove any responsibility of the elected after they're elected.
2) This is the reason to only replace 25% if the parliament per year so that not all experience is lost. It gives more power to non-elected public officials which can be good or bad.
3) By removing reelection you also remove career politicians and reduce corruption. No need for campaign contributions or campaigning promises. Also, the drafted people would go back to their social circles to be judged by their peers after ended term of office where they would have to own their decisions.
2) You still have a maximum 4 year experience level. As someone who grew up in a college town, I'd estimate having to explain the basics to 1/4 of the elected body every year would require significant resources.
Additionally, handled incorrectly, you imperil the stability of the legislature. Imagine if every year were Trump election year: Mr. John and Ms. Jane Doe go to Washington intent on toppling the system as it stands because they're unhappy with the way things are.
3) Fair, but the social censure of being judged is a few orders of magnitude smaller than the power these people would wield while in office. If you think politicians are corrupt now, imagine if Exxon offered $x million in bribes to an average person off the street to approve oil drilling in wilderness refuges.
There is a lot wrong with the wealthy monopolizing political power, but at least it semi-insulates them against outright financial persuasion.
Jurors are asked to do a couple fairly common tasks that most people do frequently throughout their lives: (1) listen to different sides of a story and decide which side to believe, and (2) decide the motives for a person's acts.
A legislator is asked to judge complex policy questions often requiring extensive specialized knowledge. The arguments for and against are often long and complex. It's not a job you can expect to take some random adult off the street for and have them do it competently.
Do current law makers have to pass some kind of knowledge based test to be allowed to make the decisions?
There are more than "politician corrupted by power" stories, there are also many politician does a good thing and fades into the background, or politician leads well for a long time stories too. These are less exciting and usually receive far less press, because they are remarkable in their unremarkable outcomes.
There are government agencies whose business is to collect information. The people working for these agencies will do so _to the extent that they are allowed to_, because that is what they perceive their mission to be. Other people's job is to set limits, and they will set exactly the limits they think they have a mandate to set. They get their sense of that mandate from many possible sources, but in a republic one of the most important sources is public opinion.
Which is where you get to the real kernel of the issue: In the USA, surveys indicate that most Americans remain in favor of large scale state surveillance.
I read some of ancestors' comments and wonder why they always seem willfully blind to it. Is there a still small voice in them that says, "A little waste is to be expected" or "WE are in control of it, I am certain"? Utopian dreamers and busybodies, ugh.
Likewise, once these tools are used to compromise their privacy, they will demand better safeguards.
Supreme court (and the people) prevailed, Privacy is now a fundamental right.
I understand there is way too much money in advertising, and therefore data collection, to ever go away. What I want in an ideal world is transparency. If I opt-in to using web services that collect + sell my browsing data, I want to know what data is collected, how much, and who it is sold to and for what. Then I can make an informed decision about the services I'm utilizing and if I think they are handling data responsibly.
As far as I'm concerned, targeted ads are fine. If you're going to berate me with visual pollution for crap I don't need, at least let it be somewhat relevant to my life. What I don't want is "targeted information", "curation", or any other buzz word that describes showing me filtered content based on an algorithm. Of course that is already happening, but it could be much, much worse.
"You've just entered some search text. May we store this text and future search queries?
[ ] yes, anonymously to help suggest searches for other users
[ ] yes, along with your user name to help refine future searches, and to improve the targeting of our advertising
[ ] oh god no, forget I asked"
When clicking a search result:
"Before we redirect you to this page, may we record the fact that you clicked on it?
And as they build up history:
"From information you've previously allowed us to save and information we've bought from authorized third parties, we've determined that you are a 35-year old green-skinned right-wing vegetarian with the following sexual fetishes: <redacted>. May we share this information with our advertisers?"
I would hope things would change if permissions were this explicit.
It's too easy to hide your true intentions behind generic EULAs that are inundated with lawyer speak.
1. I install an Android app.
2. Android app requests access to data sources A-Z.
3. I can safely assume that the company which owns this app is collecting all data their app running on my device sends it through data sources A-Z.
4. I can safely assume that the company is leveraging all that data in whatever way suits them, including selling it to third parties.
5. As far as who it is sold to and for what purpose, I can safely assume I won't be getting access to that information, ever. There was a very simple question asked on this forum awhile back merely requesting the names of the companies that are in general trafficking in people's personal information. You had to scroll way down the list to even see someone willing to list some of the obvious data brokers.
Humorous anecdote: A few years a ago, an old colleague of mine got fired and posted all kinds of negative things about the company all over Facebook. The company got word of some of this (slander? libel?) and contacted her via an attorney to stop or be sued. This person then made a post on Facebook about how "... people need to mind their own business!". I think the irony was completely lost on them.
There was a great piece on NPR this weekend: They developed StingRay and what-not cell tracking devices to fight terror, then Obama expanded it, now Trump is "doubling down" on using surveillance tech to find and deport illegals -- and the government is paying police depts to have the tech...
Snowden was right, and now, its way worse.
What is even more abhorrent than this, is that tech companies (yes even ones that YC is funding) collude with government for expanding even deeper.
A great approach to spreading awareness is doing exactly this. There are groups like the one linked below who have been staging immersive theatre pieces which simulate a scenario where a devious actor has gained access to your data. And they do this with the audience's actual social media data (voluntarily given and erased after the show) so that the implications really hit home to them.
That doesn't even touch on the other prong of the problem, being that the ones responsible for legislating privacy rights also benefiting greatly from the lack of it.
No way. The political process will not produce a workable, sustainable, reasonable solution.
The only way that privacy becomes important to existing large companies is if their users demand it -- and leave for competitors if they don't get it. I'm afraid that average people don't understand why privacy is important, and it will take a change in cultural mindset to improve the situation (read: a generation).
Another (and better) way for users to regain privacy is a technological shift in which new companies with a better business model and technology replace the current batch of incumbents. This is the more likely outcome, as billion-dollar profits tend to make companies conservative and ripe for disruption.
Look at public funding for science, NASA budget, etc to see the "will of the people" in action on technical topics.
> consumers aren't all that educated or rational
Be that as it may, I would rather make decisions for myself than have them made on my behalf, "for my own good," by someone who doesn't know me and whom I will never meet.
Voting is the smallest part of democracy.
Less, even; since the latter at least get you free paperweights.
Besides which, arguing for them means you've effectively bought into class based discrimination, as many working poor wouldn't be able to afford anything but an email or letter. And if you think those form a reliable bedrock of democracy I'll stop humoring you as having anything useful to contribute to this discussion.
PS- That's actually pretty offensive. My friends worked on DREAM Act, expanding our local voting rights for Latinos (and everyone else), protections for sex workers, better conditions for migrant farm workers. I support as able (donations, petitions, warm body for hearings, etc). I see the effort involved AND their results. And, frankly, they're the only groups that are getting the job done these days. So I can't speak to what you think is and isn't possible. But maybe take a look around you, find your local heroes, lend a hand.
I encourage you to read the book The Waxman Report, to better understand how policy and legislation are forged. It's a lightweight, layperson intro. TLDR: It takes decades to research, build support, reach consensus. And then big changes apparently happen all at once.
People I know have been working on paid parental leave and domestic care legislation for EIGHTEEN YEARS. Last month, they were happy to report that their legislation was passed and signed.
Prior examples are marijuana legalization, marriage equality, background checks for gun purchases, education and healthcare for immigrant children. Etc.
What is privacy? What does it look like?
No one knows. There is no agreement. There is not even consensus on the questions, much less the answers. So imagining a technological solution (implementation) isn't even remotely possible.
And only now, some 12 years later, I've finally figured out what to ask for, a proposal on how to fix this mess.
Being the operative word. If you wish to pretend America's political process can approximate a hypothetical ideal on paper you're lying to yourself.
Until campaign finance regulations are back in place (the FECA amendments in the 70s would be a good starting point), until parties are wrested away from being the nigh-privatized dichotomy that led to the latest election's outcome, until the revolving door between government and the private sector is stopped, none of the rifts between that hypothetical and reality will be mended, because they are all symptoms of those key issues.
How do you define what info Google and Facebook shouldn't be able to collect?
Maybe we should hit them where it hurts by actively promoting and cajoling friends and family to use adblockers. Collect all the information you want, Big Internet, but good luck monetizing it.
For sure, I'm a zealot about this. I use nested VPN chains and Tor, and multiple VMs on multiple hosts. But anyone can use a VPN service that respects privacy. Such as AirVPN, IVPN or PIA. Not HideMyAss, however ;)
However, Operation Onymous did rely on Tor deanonymization data provided by CMU researchers to the FBI. The CMU group had exploited a bug in Tor to get ISP-assigned IPs for numerous users and onion servers.
Even so, Operation Onymous would arguably have failed if those users and onion servers had accessed Tor through nested chains of at least three VPN services. And used firewall rules, and isolated VPN and Tor gateways in separate machines/VMs. Isolated from workspace machines/VMs. Also, operators and users of those onion servers would have remained safe if they had done the same.
In a few other cases, such as Freedom Hosting and Playpen, the FBI used NIT malware to deanonymize users of onion sites that had already been confiscated. The malware bypassed Tor to send IPs and other information to FBI servers. But only Windows users were affected, because the NIT only ran on Windows. Also, users that used firewall rules and/or separate Tor gateway machines (such as Whonix) were unaffected. And finally, even Tor browser users would have remained safe if they had accessed Tor through nested chains of at least three VPN services.
So yes, use nested chains of at least three VPN services to access Tor. And watch your OPSEC. Compartmentalize, compartmentalize, compartmentalize!
So, the approach is insufficient only if you're sloppy.
Almost totally orthogonal to discussions about how bad lack of privacy is getting, but the answer to the question posed is certainly any tangibly bad results of lack of privacy in my everyday life, ever. Which there really are none, so far. Certainly none that the average person would attribute to lack of privacy.
I'm still curious about the worst case. What are some doom scenarios?
What do you have in mind?
Expose politicians personal data.
Privacy will quickly become much more important.
Honestly most people don't care and money talks... This is the new normal, better get used to it. This fight was lost a long time ago.
Privacy violations exist so middle men can make money. Cutting out the middle men solves the privacy problem AND motivates people by saving them money.
Too many middle men. How many middle men are inbetween you and me right now with this post? Probably 5 companies at a min? People are interested in saving money but not at the expense of their time or convenience. I agree with you, but it's just never going to happen.
>>>representatives that are supposed to care
You can do the math.
For your privacy protections you must fill out the proper regulations in triplicate:
* Be white
* Be American* (all restrictions apply)
* Be not poor
* Be ignorant (Provision already covered under the US Department of Education, so likely you qualify if you dont meet "not poor" provision)
* Do not understand politics
* etc other factors
The EU and independent US states are already starting to legislate for consumer/citizen protections. The public response has generally been positive.
It's easy to forget that 'surveillance capitalism' was seen by most outside of our bubble as a trivial little industry until fairly recently.
I believe that the system is democratic enough that if people are organized and ask governments nicely, they can have privacy protections.
It's really only Google and Facebook that profit substantially from this crap, and there are good arguments that it would be beneficial to the rest of the economy to knock a bit of wind out of their sails for a while (a more diverse range of competitors, a stimulant to VC-investment to try new monetization strategies).
Disruption can happen democratically, too!
Your email will travel securely, so the government can't read it. It'll travel securely from Chrome on your Android device to a server somewhere in a Google datacenter. Your web browsing will be encrypted with https, so your ISP will need to use their DNS logs and traffic analysis in order to deduce parts of your browsing history. If you turn off location services, your location won't be stored with Apple, but your Telco needs to know in which cell your phone is located in order to route calls there. And it'd be a terrible waste to just throw that data away the day after, now wouldn't it.
Encryption helps. And we need encryption. Everywhere, and as quickly as possible. But privacy is also political issue, and a technical solution alone won't resolve it, no matter how advanced.
Oh, and not to forget: Ease of use is the way to mind share, not security. WhatsApp is by far the most widespread secure messenger. Not because of its security; in fact its security used to be terrible. The way in was ease of use, with security added to the mix at a later time. And, more importantly, without disrupting the user experience.
There are pleny of ppl that care. the problem is the tools allotted to them to affect change....
The way we form relationships is one of the most personal parts of our lives.
There's no way for me to phrase this question without it sounding very insulting, so I apologize in advance, but - is this something women have told you, or are you inferring this from being turned down by women you meet in real life?
There's also an implicit assumption you're making that the women I've talked to about this are women I'm trying to date. That's not usually the case.
Yeah, that was part of my potential insult.
I'm married with a kid, and most of my friends are paired up, so this topic rarely comes up for me. Thanks for letting me pick your brain.
I'm unfamiliar with the decision, but why split up a company like Microsoft in 1999, but leave Facebook and Google alone?
Microsoft was seen to be exploiting it's consumer OS market share to gain a monopoly in the browser market and the productivity software market, AIUI.
They used their monopoly position to force vendors to prevent Netscape from being bundled. Thats where they went too far.
But huge corporations like Google, Facebook and Amazon are using their scale and their positions to take over markets. They can easily take control of any market they want, for them it's just a matter of doing so in a way that doesn't upset regulators. Regulators are already the bottleneck for them.
What about the breakup of Ma Bell?
"AT&T was, at the time, the sole provider of telephone service throughout most of the United States. Furthermore, most telephonic equipment in the United States was produced by its subsidiary, Western Electric. This vertical integration led AT&T to have almost total control over communication technology in the country, which led to the antitrust case, United States v. AT&T. The plaintiff in the court complaint asked the court to order AT&T to divest ownership of Western Electric"
i.e. AT&T used its network monopoly to maintain control over hardware manufacture.
It is against the law to acquire, or to perpetuate, a monopoly by any combination or conspiracy in restraint of trade.
Although you're quite right that the move into the browser market was a big part of the case against Microsoft, there were other pieces to that case. There was a whole bunch of work around APIs/ABIs and in particular, denying other parties access to secret or privileged APIs in order to cripple potential challengers to the existing OS market (e.g. Java/Sun).
(Notwithstanding that the Microsoft strategic work around the browser stuff was a very correct reading that the browser was destined to become the de facto OS.)
Yes, it's complicated and there's a whole century+ of interesting jurisprudence. But it's not sufficient to just declare it's OK to have a monopoly -- you can be at risk of antitrust suits even just 1. having a de facto monopoly and 2. doing the "normal" smart business things to hang onto it.
For further reading, start with https://www.justice.gov/atr/us-v-microsoft-courts-findings-f...
Doesn't sound like you are far right at all then. I'm wondering if we're actually a good judge of our own political leaning. I think that I'm libertarian (little 'l'), but Facebook ad policy thinks I'm far left. Maybe Facebook knows me better than I do.
The test at https://www.politicalcompass.org/ works reasonably well.
> the authors demonstrate what I believe to be a staunch leftist
Sounds like somebody is biased here.
> "just because of how they worded this I have to say X because they are making an absolutionist statement on something I'm not absolutionist about".
That's how and why the test works. It need to extract the user's leaning by choosing between extremes.
Thought you were going to say "regulate privacy protections." Instead you went for breaking up monopolies. Impressive leap
Each of these services in isolation can know a great deal about you but being able to correlate the data makes it so much worse.
That's why I try to avoid putting all of my eggs in the same basket, I have an android phone but I use duckduckgo for search, my own server for email and firefox for browsing the web. If Mozilla, my server host or ddg decides to betray me (or gets hacked) at least they only have access to a slice of my life.
This is what I had been trying up until six or seven years ago. At that point it just got too complex to build and maintain.
With ISPs selling our location and traffic data, I think there's no engineering your way around the problem now. Perhaps the best we can do is damage mitigation.
I don't have any problem getting my emails accepted by gmail and friends.
The trick is to use an IP range that's not "fishy" (that basically precludes hosting email on your home connection, everybody expects spam from those and they're blacklisted everywhere). Then use DKIM, SMTPS, DMARC, SPF and be very careful not to allow any kind of open relay for spammers and you should be mostly fine, at least in my experience.
There are many websites online that offer to test your email setup for obvious flaws (open relay, missing headers etc...), for instance https://www.mail-tester.com/ and https://mxtoolbox.com/diagnostic.aspx . You should also check if some blacklists have your IP or domain blacklisted for some reason, and then request a delisting (after making sure that you're actually not sending spam because of a bad config): https://mxtoolbox.com/blacklists.aspx
It's definitely not plug-and-play but it's pretty interesting if you don't mind system admin. You also have a lot of flexibility if you want to filter and automate your emails in any way. I was also pleasantly surprised by the efficiency of spamassassin, properly trained there are very few false negatives and almost no false positives.
And prohibit ad-based monetization on services with >100M users.
This is the right answer. Collecting, retaining, using, and selling all this crap should simply be illegal. For Google, for Amazon, for Target, for Visa. Any of 'em.
The more pragmatic libertarians ought even be on board with this, since even if they don't care about massive corporations having all this stuff, allowing its collection gives de facto access to it by the government, and you can't effectively opt out even if you take extreme measures like not communicating with anyone except over encrypted comms and not having any kind of cell phone—you are still in pictures others post to social media, for example, or mentioned in others' unencrypted messaging/email conversations, et c. Your only hope is to become a hermit, basically, which is unreasonable.
And once you get big, you can't get any more revenue.
And I want to be king.
On the other hand, prohibiting ad-based monetization schemes lowers the incentive to excessively track users.
Of course, you could say that everything is proportional to the number of users, but I suspect that's not how it works.
As for why monopolies aren't getting broken up, I'd say a combination of increased corporate control of government, and global trade necessitating ever larger companies to compete, because tariffs are 'evil'.
If there is money to be made in invading peoples' privacy, it is going to happen unless there are regulations in place that make it costly by imposing fines.
Here's a simple starter idea: extend HIPAA type protection to the most sensitive forms of PII like location information, photos not explicitly shared, microphone data, and health sensor data. Sale or other release of this information without explicit per-sale or per-release user consent is illegal. Leaks or intentional distribution results in fines that start at $10,000 per incident.
Gather your users' locations and sell them? That'll be $10k per user per 24 hour period in which any location data points were leaked.
Microphone and camera data should be subject to further protections. It should be illegal to store such data for longer than what would be needed for legitimate algorithmic uses or to use such data for other than its explicitly intended purpose unless the user explicitly shares it. So something like Siri could leverage cloud compute to parse your verbal commands but it better throw that data away afterwords... leaks would be $10,000 per user per audio recording.
The only exemptions should be for things like IP addresses since this would require fundamental re-engineering of the entire Internet. These do reveal some location data but it's nowhere near as accurate (and hence intrusive) as device location data. There also are techno hacks like VPNs that can be used to obscure such data if a user wishes to do so.
Edit: as far as government snooping goes that also must be fixed at the legislative level. There are legitimate reasons for governments to conduct surveillance but these must be subject to strict regulation and oversight. It's the only way. Government agencies like NSA, CIA, and FBI (and their equivalents in other places) are well funded and very good and there is no hope of preventing them of leveraging the Internet for surveillance unless the legislative branch explicitly regulates their actions.
TL;DR: the only solution here is the rule of law. Techno-fixes won't work and are a cop-out to avoid confronting the dysfunction of our political system.
Things got worse and that's expected. After all these things were made public, if there was no mass outrage the perpetrators learned a valuable lesson - they can increase their activities without much fear. Pretty sure at this point NSA doesn't even have to play games with masking / unmasking filtering US citizens, they might as well stop jumping through hoops and just record and search everything they like.
I recently kicked off every google app from my phone. The dark UX pattern of shared logins (login to google express = login to gmaps etc) was too annoying to deal with.
It's not that I've stopped using their services, but instead switched to their web version. Same with Twitter et al. Even Uber has very serviceable web versions of their app.
As a bonus I get better battery life, and the use of Safari's content blocker, so YouTube web is even better than the app. I'm also able to silo these services into their own browser if don't want to keep logging in every time due to private browsing.
I totally agree! It's easy and convenient to run a PC on FOSS, but it's a real pain to do the same with a smart phone. I just tried to run a FOS OS on my phone. I gave up because in order to flash the OS image I had to install non-reproducible binaries from some website and there was no sane way around.
In the case of Facebook, it's a chicken-and-egg problem: many people that I know will not use another social media platform because nobody else that they know uses it, but nobody else that they know uses it because they don't use it.
Instead, they started off providing closed social networks for existing groups of users -- colleges, starting with a small number of elite colleges and slowly broadening out from there -- until eventually it became a public social network and the de facto standard at least within the US.
The networks that have attempted from the start to get everyone to sign up have mostly failed. E.g. Google Plus, which had some feature advantages over FB at the time, started out much too ambitiously in my opinion and suffered from a "Potemkin village" issue where (unless you had a circle of friends who all joined it) it felt empty, and I suspect many users never used it more than a few times.
The only recent network I've seen to go the Facebook route is Nextdoor, which at least in my anecdotal experience seems to be becoming a thing. By providing a semi-closed social network based on physical proximity (neighborhoods), it provides immediate value to a new user. I'm not sure of the details of their rollout strategy, but at least at one point they insisted on mailing you a physical postcard in order to verify your address (much like FB's original validation on specific .edu email domains).
Anyway, if anyone out there is thinking of challenging Facebook on the social-network front, I would put some significant thought into the rollout strategy and aim not to compete with Facebook circa 2017, but instead to compete with Facebook circa 2004. As other networks have opened themselves up, there's a constant vacuum at the lower, more-specific, more-exclusive, closed end of the spectrum which provides a lower barrier to entry.
Mostly I appreciate the ability to be parts of different groups, the ease with which you can join groups, and the fact that you can host your own friend group. I realize this isn't Discord's mission statement or intent but it is a position they find themselves in.
When technologies like Matrix [matrix.org] exist and we've had superior dedicated voip programs (mumble et al) for decades there's nothing appealing about discord is the AoL mail of chat clients; great for people with 0 interest in technology, but, why.
Of course, collecting user data is fundamental to providing these services, for FREE - without this, Youtube's algorithm would be awful and Google Maps wouldn't be able to show real time information, and you would be paying for all of the services users want for free.
If it's free, you are usually the product, and information just so happens to be the currency of choice. I very much doubt people would pay for search, maps, youtube, keep, plus, email, translate, android, allo, duo, docs/sheets/slides, chrome, earth...
And many, many more listed here:
https://privacy-training.com/ vs. https://inteltechniques.com/
"Hiding from the Internet" vs. "Open Source Intelligence Techniques"
"The Complete Privacy & Security Podcast" (42 episodes so far)
Computers were a mistake and represent the greatest threat to freedom in human history. The ability of those in power to mass produce perfectly obedient machines that can perform complex tasks without rest allow for a nightmare society. Additionally machine learning asymmetrically benefits those with the resources to fully leverage large amounts of data collection and compute power AKA not you or me.
Any state in history would have loved to have been able to watch its citizens at all times and know what they're doing and likely thinking. It just wasn't feasible until now. The big last line we haven't but will inevitably crossed will be the automation of force.
At least suicide is always an option.
The moral rule of law is already out the window, and financial laws had already may as well not exist. The only practical compulsion that law has left is that many people can still have an acceptable life while complying with it. Enriching yourself by skimming the margins of those with enough capital to print money wouldn't exactly be immoral.
Automation of force, or something along those lines, would pretty much cinch it. I think plenty of people would decide it's time to have a chat with a local lathe/mill owner, stick a flamethrower on their quadcopter, and loot the few places where opulence still existed. Get away with a couple decent jobs, and you could pretend you were in that upper echelon of 'people with lots of money' all along.
Right now, if you're good at a trade like construction, welding, medicine, engineering, etc, you can probably find stable employment options and at least afford to exist. But when those people of practical means start to get systemically marginalized, I'll bet we'll see a huge resurgence of people trying modern versions of The Italian Job.
There's not going to be any clever tricks to avoid being picked up the mass physical surveillance network.
Hacking is simply infeasible for the vast majority of people given the complexity of systems and how much intelligence and knowledge is required.
Action movie heists of high value targets are basically impossible to get away with these days let alone in a decade or two.
(Well other than the advanced tech they use like cyberdecks and stimsims which aren't really feasible)
I think about that a lot. It suggests to me that the real problem lies not with technology, but with something unavoidable and self-destructive about human nature.
Or the people in power not being fully clear about their means.
"Not being fully clear about their means" is just a manifestation or symptom of someone's quest to acquire more resources. I repeat that you must look at the root force and not the symptom.
What specifically? Wanting power and control?
What about the fact that we're the only species to hoard way more resources than we'll ever need, to the point where we're quite literally destroying the environment and life around us in order to maintain our over-consumption of resources?
Everyone seems to think that, prima facie, or even de facto:
technological progress == good.
But there is nothing that guarantees that's the case.
A shiny new device or service launches and everyone is gung ho to jump on it--never mind questioning its negative impacts--what is the environmental and economic impact of this service (e.g. cryptocurrencies consuming electricity, a 'material' resource, and producing nothing but a representation--e.g. consumption of material with no production), who does the service marginalize, how does it propagate further cultural and global divisions...the list goes on
No one ever stops to ask these questions--or those who do are not nearly loud enough. We seem to follow a policy of progress by all means until we've developed our way into a future in which the continued subsistence of humanity (at least on earth) is untenable.
I just don't see how you got to this conclusion. In what way could technological progress make it untenable for humanity to continue?
What are 'they' going to do with the information that makes your life so miserable that not existing is preferable?
Actually I'd be willing to bet the level of spying the alphabet agencies are doing now is 10 times worse than it was when Snowden stole those documents.
He told me to consider the associations between data. Bits and pieces that Google knows about me, that Facebook knows about me, that Amazon knows about me...think of all of those little meaningless bits of data being associated all together to build a picture perfect model of my life, and then sold to advertisers, who know enough about your life to attempt to manipulate it at every step. And if advertisers can pull up every saleable bit of data about me with enough accuracy to sell me products that I actually want, then anyone with enough money and desire can get that same data, use the same associations, and understand more about me than most of my closest friends, all before taking one step away from the computer.
I'm still afraid.
Well, based on the fact seeing any actually helpful advertisement is an extremely rare occasion (just my experience), which usually requires explicit training of a suggestion engine with multiple rephrased queries explaining what I want to see, I'd say either they don't know any much, or the association part is not yet here. Not that it matters, though - that could change in future.
What I'm actually afraid is that there is some data I'm not even aware others know about me. Or, more specifically, data I don't want others to know about me, that could've somehow leaked despite lack of my consent or even me being informed.
E.g. I know that my phone sends various data to the third parties, that I've authorized it to send. I've evaluated it and had actually decided that I'm OK with the pros/cons. However, if, for example, that phone somehow eavesdrops and sends an audio stream that I've never consented to share - that would be scary.
Not trying to be snarky, it's just to me something doesn't quite add up in this picture.
E.g., there are ads all over the DC Metro for huge defense-sector projects, like a particular company's bid for fighter-jet engines. They're spending huge sums on these ad buys, which presumably are aimed at only a handful of people who actually have influence over the procurement process. Similarly, there are lots of ads in trade publications aimed at buyers, of whom there might only be a few dozen in a particular niche industry. It only follows that this is, the ad-buyers believe, the best they can do.
But consider what they could do if they really drilled down and tried to target the specific individuals with control over the money: instead of a shotgun ad buy in the subway or in a magazine, they could build a model of that person's life -- where they go, what they buy, what makes them happy (at least, happy enough to be externally perceptible), what pisses them off enough to complain about it, etc. And then you could Skinner-box the living shit out of them.
In the limiting case -- I'm thinking here of someone who works in government procurement; maybe not even the person who makes the ultimate decision, but the person who builds the briefing slide deck for the person who makes the decision, or the advisor, or the advisor's assistants -- for the price of a big ad buy, you could probably hire up a bunch of unemployed acting students and follow them around for a few months. Every time something good happens to the contract or in negotiations, make sure they have a really, really good day. Someone offers them a seat on the train, or lets them into traffic, anonymously buys them coffee, randomly compliments their shoes, pulls out of a parking space just as they're looking for one... every little thing just goes right. And every time the negotiations aren't going well, make sure they have a really shit day. They get cut off in traffic, get coffee spilled on them, yelling everywhere, can't even get the machine they want at the gym, takeout place is closed for a special event, rental house down the street is having a loud all-night party again... Pretty soon you'd condition them that when things go right for your company, and when things move fractionally closer to the outcome you want, they have a good day. And when they don't, they don't. It's advertising by gaslighting, basically.
AFAICT the only reason this isn't done is because nobody's really tried it yet, perhaps out of some remaining shred of propriety. I'm not even sure it would be illegal, necessarily (you'd have to get some lawyers to work around anti-stalking laws, I suppose, but they are pretty weak in a lot of states). While there's nothing that would have prevented you from doing this 50 years ago with an army of P.I.s to gather the information, now you could build up all the dossiers in advance and have them ready to go, pretty much turnkey, on anyone you thought you might want to influence. Or, more likely, a company could set all of that up and then offer it as an arms-length service to other companies looking to achieve a particular outcome.
No reason, I suppose, why it might not be going on right now.
That being said, most of the wealthy people I know personally tend not to use computers when they can call up concierge services to handle complex tasks for them. That most wealthy people I know happen to be older and not as used to using computers for every problem may just be more of an age rather than economic dissonance.
It's just that this isn't done in a scalable way, but as a part of high-touch sales activity involving human salespeople.
I use DuckDuckGo instead of Google in most cases, and I avoid Facebook (and particularly Messenger) unless absolutely necessary, and I have become much more conscious of my online activity.
But nowadays Messenger is more of a way to start by saying "let's Skype"
In a lot of ways, I see the issue boiling down to how much you're willing to be inconvenienced.
Say we consider a privacy-paranoid individual who is taking great care not to put his personal data online. And then we take a look at his or her parents or friends or colleagues who most certainly will keep his or her real name bundled with phone number(s) and (e-mail) address(es) in their address book synced to their Google or Apple or Microsoft account. It just happens, there is only so much you can do about it. Your data is out there and it's only the question of the security measures the data holder implemented that's keeping it safe.
(Basically, it's nothing new, many people have your data, but possibly only in the "offline world" -- think insurance, prospective or current employers, even your go-to car repair guy. It's just that we normally have a law for protecting the offline data and ways to enforce it and almost nothing alike in the online world.)
Privacy is something that has to be enforced on a population, and not simply recommended to an individual. The only institution that can reasonably do that is the government, by introducing data protection laws, abiding by them and allowing a third-party to verify they really keep their promise. Until then, we might not have a choice.
>and have grudgingly accepted that being monitored by corporations and even governments is just a fact of modern life.
I wonder which is the more "shocking" or "surprising" that society deems it acceptable - monitoring by corporations, or monitoring by governments?
When your choices are "use a service and be monitored" or "don't use the service", it can be quite limiting if you really need that service to, say, do your job and feed your family. Yes I know there are alternative services, but often they either 1) don't work well enough to really be a viable alternative and/or 2) don't provide any more confidence that they are not monitoring you also.
Of course all of this is made worse by the fact that the monitoring is mostly happening in the background, so it isn't "in your face" all of the time. I think most people who are aware of it have chosen to just ignore it as best they can, because there doesn't appear to be any practical way of avoiding it.
Actually, that is exactly, literally what it means. Perhaps you mean that just because we find something acceptable, we don't deem it moral, or optimal, or desirable. The distressing reality presented in the interview is that we accept non-benevolent, non-ideal options because they are good enough to be accepted, and not bad enough to be rejected. But accepting something, by definition, means you consider it accept-able, or, "able to be accepted."
Words have subtle meanings. If you paid attention to my post, I was clearly drawing a line between the fact that people accept the fact that they really don't have a good alternative to using, say, Google. But they may not find it acceptable that Google data mines their searches to sell their info to advertisers.
So while they "accept" their situation, they clearly don't find it "acceptable". Much as you might accept the fact that you have to work for a boss who is a jerk, because you have no other employment options. So you don't find the situation acceptable, but you have to accept it anyway.
The issues of unacceptable mass surveillance can and will, eventually, cause some kind of response by people who don't accept it. If there are a lot of those people, I doubt the response will be pretty.
Also, while it is true that people do often respond to unacceptable situations in extreme ways, it is most definitely not the case that people always do so. There is a such thing as patience and perseverance, and people do often accept that they are in an unacceptable situation for a time (often a very long time), while actively seeking to change the situation. People can overcome adversity.
The phrase "People trapped in situations they find unacceptable don't suffer in silence; they become pathological, dangerous people." is most definitely not universally true. It does happen yes, but many people also just press on and keep looking for a way out until they find it.
And yes, some of them do suffer in silence without becoming "pathological, dangerous people". One common example is a case where an unacceptable situation permits them to achieve something that is more important to them. For instance, people work some pretty nasty jobs (either due to jerk employers/employees, or just the necessary work conditions of the job -- some jobs are hot/smelly/hard-on-the-body, etc). But there are people who take and/or keep these kind of jobs in order to feed their families. Often they have tried to find other work, but lack the necessary skills, or there just isn't any other work available. So these people work under these conditions only because that's the only route to feeding their families. It is an admirable thing to do, and I find it sad that so many people don't respect others who make that kind of sacrifice in order to take care of others.
Of course nobody wants to be alienated. We do a lot of stupid shit to fit into society. But with the range of potential attacks on your freedom, putting a post-it note on your webcam is right up there with tinfoil hats.
There are real actions you could be taking to defend your freedom - like contacting your representatives in government, or donating to organizations that fight for your rights, or telling your friends and family why they should care. You can vote with your dollars, and vote with your actual vote, and your feedback.
After all that's done, fine, put up the post-it note. But you can at least write "remember to get milk" on it so people don't assume it's a tinfoil hat.
You could also just implement strong security guarantees according to best practice for your OS, but the piece of paper is definitely much cheaper and more effective for this one purpose.
Honestly though, your explanation should be sufficient. If it isn't, you'd have to wonder the tech. understanding of the person who's questioning you in the first place.
Perhaps people feel powerless or don't care. People are also powerless against the food industry or don't always care about security. One of the roles of states and governments is to fix those situations.
Law makers should focus their efforts on strongly protecting the fundamental right to privacy. It should be made easy (and free) for anyone to challenge those abusive EULAs, TOS and other contracts that require end users to abandon their rights in order to use a service. If the contract is deemed abusive, the service should be blocked until the contract is rewritten.
Three things here:
1. Nobody has ever proved subliminal messaging can actually subvert a person's will, which was reflected in court cases. Even a modern experiment set up by the BBC (apparently the only such study since the 50's) showed no effect.
2. The FTC has never said anything about subliminal messaging, so it's unlikely they would now.
3. Subliminal messaging never helped pay for users' free services.
Let's face it - we live in a different world. The old ideas of privacy, whatever they were, are erased when there's a carrot attached to it, and no stick. Schneider is doing a great deed in trying to drum up support for increased privacy regulations, but this is a stupid argument toward that end.
I'm truly stumped, and can't imagine what tragic event or events will wake people up and get them to take action at a personal level, along with organizing and campaigning for privacy. As of now, I doubt if there will ever be a mass resistance for several decades (leaving the gates wide open for more invasions and power grabs).
The mass surveillance/advertising state runs on abundant and prevalent hardware and software full of flaws that can be used in favor for those who seek to exploit such, from nation states, to well financed actors, to individuals.
The common man has less to loose, than an general's affair with his aid conducted over gmail… and hey, when you are a relative nobody in a society, whats sitting on a couple of iOS 0days from your dev exp, waiting for a better day? I guess succumbing to fear porn from our best institutions is an option…
I've come to believe that total surveillance is the perfection of democracy, not its antithesis.
We are experiencing a fundamental phase shift in the entire structure of society.
The true horror of technological omniscience is that it shall force us for once to live according to our own rules. For the first time in history we shall have to do without hypocrisy and privilege. The new equilibrium will not involve tilting at the windmills of ubiquitous sensors and processing power but rather learning what explicit rules we can actually live by, finding, in effect, the real shape of human society.
I think that "internet privacy" will be akin to "the war on drugs" in the long term. A good idea but in the end just another way for government line it's pockets.
Until the internet is completely redesigned the best hope we've got it encryption and VPN's and that's a strech.
How does one do this? What might Bruce Schneier be thinking of that the EFF, Liberty, Privacy International, etc... are currently not doing?
In some sense, it seems like this might be solved "generationally", once the majority of elected representatives are "natively" computer-literate. Based on the average age of politicians, that might take 30-40 years.
So if you care about freedom for humans, you must care about privacy. Otherwise it'd be hypocritical.
For a better and concise article on this, read "Privacy protects bothersome people"  by Martin Fowler.
This needs to be changed at a regulatory national level, but it's usually the case that major cities or states lead the charge in the US.
The system can be made to work for you, if you're willing to work with it.
I seemed to have it a dozen years ago, but I must have misplaced it because I haven't seen it in a long, long time.
Rings a bell?
Also, who makes money off us being afraid of not having privacy?
The Stasi subdued an entire country via surveillance and that before the internet, before CCTV and before everyone voluntarily carried a microphone in their pocket.
There is another way to opt out of data collection and
that is to deep packet rewrite every communication out of
your computer from every application (where suddenly encryption is your enemy) :P
Couldn't things be similar on internet? Or do we really all have to hide our identity like criminals?
Well, that kind of leak is really no longer necessary. Your browsing, consuming, and posting histories can all be used to deduce that information and much, much more about you.
Try keeping any of your political opinions secret these days. Short of not saying anything to anyone, it's hard to keep it secret (especially from a determined, well-funded adversary) unless you jump through a million hoops.
The reason people freak out about voter registration data being leaked is that they know that once their political affiliations are known, they can be targeted by their political enemies. Now this kind of targeting is trivial without even needing voter registration data.
To add to this, many people are doing just that on their social networks. Now that there is a precedent for potential employers to "Facebook Stalk" applicants, and we all know that the major world governments have under the table agreements with all the major social networks for data, our profiles are just another carefully curated facade of our lives.
See also: https://www.socialcooling.com/
With the internet, because of data aggregation, I can go on piple and find all of that about you and more in 2 minutes.
The power with which one may invade privacy over the internet is unprecedented. Let's say you frequent a coffee shop commonly visited by republican groups. In just a few minutes, in theory, someone could find out about every single time you visited, and use that against you. Replace republican coffee shop with sex shop, doctor, psychologist, democrat gathering...some things are better left hidden, because people are terrible.
The Jevons paradox notes that an increased efficiency of some process or system increases the total utilisation. In particular, it makes previously nonviable applications viable.
Postal junk mail, telemarketing calls, email spam, popover/popunder ads, malware, robocalls, fake news, chatbots, and more, are all responses of previously nonviable applications becoming viable.
The underlying limitation seems to be the scope of attention of attackers based on private / personal data, and/or of the systems in which they operate. The role of AI in extending that institutional bandwidth ... strikes me as rather frightening.
There've been previous discussion of similar topics which point to the prospect of, say, automated lawsuit filing, or debt collections (already a problem), or more. The prospect of some trained algo running over deep, rich data, seeking arbitrage opportunities, strikes me as undesireable.
I find this hard to believe. If someone followed me around video taping what you do, I would be so self-conscious that I will stop having a good time.
Before the internet, it was very hard for the average person to find out stuff. Maybe not having a ring on the finger meant they are single. Or are they divorced?
Now, it is just too easy. And commonplace.
Sure, all if our lifes events could have been collected. They were called biographers. Now they are called everyman.
Data had always been collected. Just never easily retrieved.
For me, i am appalled that some people i know think absolutely nothing about googling a person they just met. To me, they were not reared properly of they do that.
My point is that I tend to consider myself as anonymous on the internet because I believe nobody is interested enough in me to bother gathering the data. Or if it's done, it's a robot that does it for statistical purpose. No human cares.
But if I publish personal infos in plain text, like email, phone number and stuff, surely there will be trolls that will have fun with it, or thieves that will try to use it for profit. I have zero reason to do that.
1. BTW I believe this has tremendous scientific value, from an anthropological point of view. It'd be a shame not to do it.
The issue is that perhaps your data is not as important right now, but it is possible that one day you might do something that might upset someone in the power and any information about you might be used against you (and that would be years and years of your past since that data wouldn't be gone).
Just look at Snowden, how they tried to use every petty detail about him. He was careful though and did not leave much, but there were strong forces trying to discredit him.
Maybe you think you would never did anything like what Snowden did, but what's considered bad depends on what current administration thinks. With our current president it feels like insulting him on twitter might be good enough cause.
Second issue is that Big Data done on you, it can infer a lot about you based on the data that you provided, often it can know more about you than yourself.
That data then can be used against you, here's one example of a company that does this and in fact not only tries to learn about people but actually influence them. It's suspected that they are behind Bexit and Trump victory.