HN discussion here (still on the front page as of my reply): https://news.ycombinator.com/item?id=18857220
It's frustrating that TechCrunch seems to get a pass on their worthless blogspam when other blogspam posts are removed.
(The TC summary is lengthy enough that it’s not necessarily blogspam)
It's a problem at every level of the stack. I have a phone device that I have very little control over (thanks Apple and Google!) that talks to service providers who know who I am. Those service providers are shady and sell my real time location and I have literally no choices for a cell provider who doesn't do this. Then there is obviously a huge market for buying this collected data.
Where in the stack do we fix this? Do we need a data custody law first so I can track who the problem players are? Do we need devices that we have some control over so we can manage when they beacon out? Can we simply say that we (US citizens) have some right to privacy over our electronic data?
Seriously, these practices are abhorrent.
The way to get a cellphone privacy law is to get the locations of congresspeople (especially Republicans), and use this against them.
edit: eg see here - https://www.bbc.co.uk/news/world-europe-46793116 The kid was annoyed by some politician's statements. I had hoped he was aiming for this effect, but maybe not.
If you google 'germany data leak' or similar you will easily find more.
Hyperbole "The U.S. has no...", and tribal bashing "especially Republicans", is probably part of why the handful of people who have even heard their chosen congressperson speak, still choose based on tribe.
It's important to realize that what seems like the obvious way an ideal democracy should function is not what we have in the US. We have a partial democracy where all decisions are heavily lobbied by massive corporations to a degree that can't even be compared to most nations. If the 'free market' didn't surround these lobbyists, it would be called racketeering the government.
I'm talking about some uncompetitive districts where only one party is ever considered in the general, and only a teeny tiny fraction of the electorate bother with the primary.
Added: For example, in New York's 14th congressional district, Alexandria Ocasio-Cortez won in the general election because, barring a monumental scandal, the democrat will inevitably win there; and in the primary, she won by an okay margin, but her total number of votes in the primary was just ~17k. As far as I can tell, this means that about 17k people selected the house member for that district of ~690k people (of which 141k voted in the general election).
I think I was being imprecise when I said "a couple percent of the electorate", it's really a couple percent of the overall population in this case, but the point largely stands.
The specific example of VRRP came about because of a Republican - Bork, who had his privacy invaded.
I suspect that, in part, they are capable of this due to the lack of a vagueness doctrine. A law that broad would likely be unconstitutionally vague and difficult to square with the first amendment in the U.S., but is perfectly acceptable over there because vagueness is not a defense, and there is no equivalent protection of freedom of expression.
> The specific example of VRRP came about because of a Republican - Bork, who had his privacy invaded.
One example does not justify an eternity of digs that let everyone know who exactly how intolerant people can be here.
Added: as a matter of opinion, I value the broad protection of freedom of expression enjoyed in the U.S. far above any additional protection of privacy which could be provided.
This stuff is REALLY screwing us over.
Users are insanely skeptical now. This data is insanely valuable for growth but if the industry creates an entire generation of people who REFUSE to be monitored we're going to be in a horrible situation.
If someone is legitimately just interested in the cities you're visiting I don't think this is much of a problem.
For example, say their product is only available in San Francisco. It doesn't make sense to try to recruit users in New York.
This makes it much easier so get initial users as you can just buy ads for users in San Francisco, potentially saving a massive amount of money on your ad campaign.
With Polar (https://getpolarized.io/) I need to have analytics about what users do in the editor. What they click on, etc.
Polar is a research tool for reading and annotating PDFs and caching web content for later reading.
I get regular complains from users to disable all analytics.
I might ship it as an advanced feature for users to opt-out but I don't have any nefarious use case here. My only goal is ti figure out if you're using feature X or not.
They plainly spelled out what data they use, how they gather it, plainly said they do not sell the data and a very easy way to opt-out. That made me feel much better about doing business with them and creating an account with them versus a very legalize and obscure way of spelling it out.
I have a feeling you get people who complain is because the assumption is that the software tracks everything and it gets sold to anyone.
Your notion that the rejection of monitoring is a conditioned generational characteristic is delusional. In fact, anything less is completely anomalous within the context of all human history.
Good products will find a way to succeed regardless.
With sufficient energy other portions of the stack could be attacked - we don't need Google or Apple to provide us with map solutions, or email, or whatever.
Solving the problem of cell providers just selling your location just seems impossible, on the other hand.
Location tracking happens at the baseband level, sometimes even without cooperation from your phone. Whatever you have running in the application processor, your carrier is legally obligated to at least try to ascertain your location.
Maybe a few dozen kids need to be abducted before anyone will care. But frankly, after ignoring Sandy Hook, I no longer see Washington as a force for good of any kind.
As a funny side note, we would joke that our best customers were drug dealers. They always paid on time and always in cash. They could not afford to miss any calls.
Another incident was around someone that broke the GSM encryption algorithms and was going to go public. My boss and a federal official met with them and explained what prison they would disappear into and for how long. Such things were postponed until long after the internet had grown and disclosures became more common. Nowadays people know that the GSM algo's have been broken for some time.
Another one was a spammer that managed to get his own SS7 signaling link and was spamming phones with text messages. I suggested dropping his link and I was told to let it go, since he was paying for the link... There are no laws against spamming mobile devices because they are not landlines. The laws around unsolicited advertisements only applies to landlines and fax machines. As I am sure you all know, having your own SS7 link means you can spoof the caller ID, do caller-id blocking override, drop callers on congested cell sites and much more. This is why 2FA on cell phones is less effective.
This one isn't so much about laws but rather ethics, and phone theft. From day one, we had the ability to brick any GSM phone over the air. We chose not to do this however, as customer support could accidentally brick the wrong phones. As you know, this led to phone theft being very profitable. That was the very thing that GSM bricking was supposed to stop, but we were just not willing to do it. There were no laws requiring us to use our capabilities to remove incentive to steal phones. There was discussion of making laws to require this, but we blocked all discussion from happening.
Some of the other issues I can think of would be rather risky to post here, despite being well after the statute of limitations, as they could cause embarrassment for certain agencies and could risk HN getting censored.
Most days I learn something new about how people somewhere are being evil.
There's enough bad will against the existing ISPs/mobile carriers that Apple could swoop in and gain a lot of market share very quickly. And customers could save money by combining their home internet with their mobile plans. The future is a singular wireless data subscription without any routers or modems.
Maybe that's the intent or justification behind collecting the data, but it isn't getting to those people.
"Self regulation" only works when there is a monetary incentive for companies to keep their word, for example in ecological agriculture.
As for mitigation, does anyone know if MVNO users are also subjected to their data being sold?
Unfortunately, Telecommunications is notoriously asset heavy and complex and the historical lack of competition creates behemoths with outsized influence in politics. The FCC then is effectively powerless barring the election of a president who personally cares about the matter.
In sum, self regulation works in free markets. You would switch to a better carrier if there were one, I'm certain.
So, yes, I do believe companies finance political campaigns. Whether the money flows through campaign organizations is not an important distinction to me.
Leaving that aside, SuperPACs account for just 15% of election spending in 2016. It’s inaccurate to even suggest that corporate money and money from wealthy donors is the dominant factor in campaigns.
I think it's more than fair to attribute the Google PAC to Google, and not to a diffuse group of Google employees.
Obama focused on blocking mergers among companies with products that they charged consumers for. It looks mainly like the precedent of consumer harm is undefined when the products are free to start with, and no one has gone back to try to patch the hole.
It's similar in the House. John Conyers just stepped down due to scandal after 52 years.
IMO, that there are no term limits is absurd. Thomas Jefferson got it:
As we've improved our understanding of the human brain through neuroscience, and how can see that ideals will get lodged in people's brains and not change, having people serve that long just leads to stagnant idealism controlling politics.
As a Google Fi user I am very interested in this.
When your state AG or the CFPB are the only way to stop collective harm, it’s a problem. Private rights of action were a thing until recently. I’d imagine a whole lot of these privacy breach issues would be closer to resolved if class actions were holding these big companies accountable.
Neither of these require anything but self-interest and the profit motive from the involved parties.
Remember we are talking about Capitalist corporations that answer to investors.
Your point is great if there is an incentive to only benefit the consumer. The benefit in this case is to maximize profit at all cost. Profit creed(not greed) is to ingrained the need to maximize profit. Because of that, greed is the ultimate driver against achieving 'self regulation', hence the reason why we have gov regulations in the first place.
The entire point of my comment was explicitly claiming that this isn't required in order for regulation to benefit companies' bottom-line. I'll repeat: there are collective action problems where coordination (between companies) benefits every party (company) in a way that individual (company) action wouldn't, even when the coordination takes the form of constraints on individual behavior. My comment was assuming the model of corporations as solely profit-maximizers, and it still occurs under that assumption.
It's fairly basic game theory. If the defect-defect equilibrium leaves everyone worse off, and defect-cooperate leaves the defector better off than cooperate-cooperate would, then then under certain fairly reasonable assumptions, putting constraints on the behavior of all parties (i.e., regulation) makes the cooperate-cooperate equilibrium stable in a way it otherwise wouldn't be.
Promises in the form of legally binding contracts.
If you're concerned with privacy from government, don't be - you already lost that war.
If you're concerned with a drop in innovation, don't be - we're already far behind most of the rest of the developed world.
If you're concerned about prices going up, don't be - we already pay insanely high rates compared to peer-countries.
Welcome to the "free" "market".
Not convinced by that - mobile telephony is pretty equal in technological innovation across most of the developed world (LTE rolled out, VoLTE rolled out by most carriers, 5G in planning), and handsets are pretty much the same for all markets.
And we all probably know about the vast data collection by the PRISM program (2), and access given to tech databases by the Freedom Act (3). And of course our current president signed 702 rauthorization last Jan. (4) so this cozy relationship could continue.
I guess my point is that it sure feels like we’re in a pretty hopeless state, given the deep ties between business and government.
At one time I was not so cynical about this topic. But after seeing the inside of the political process in both campaign work and working in the defense industry, my eyes have been opened.
The only solution involves political activism on topics most people either don’t understand or don’t care about.
It could be queuing positional and temporal data, and awaiting a connection to later send.
To be fair, what are our options, exactly? If we want anything near acceptable coverage and price, that is.
This is key. This is how citizens will lose their expectation to privacy. I fear that in the near future there will be no 'safe' option and you will be forced to forfeit your privacy rights to participate in the digital world.
I see it starting at the bottom. Tired of being tracked and trapped inside class barriers, the homeless and destitute will be the first to adopt extreme privacy-oriented protocols such as regularly cycling burner phones, using mobile VPNs, stripped-out GPS modules, and anonymous software such as Signal but which don't rely on phone numbers as identifiers. The poor will stop using phone numbers altogether. Perhaps charity services will exist which help aid this transition.
It will also start from the top, as we already see high-level CEOs using encrypted messaging and privacy-oriented protocols. They will see the obvious need for such services.
The overwhelming majority, the middle class, will be the last to adopt such practices and take back control of their privacy.