"Everything I do on the net can be authoritatively attributed to me personally."
That's the thought we should all have in our heads before we send any post, or send any text, or send any email, or send any photo, or etc etc etc. We shouldn't rely on some company, that's using us to make money, to protect our privacy.
1) Everything you do on the internet is public
2) Everything you post on the internet is forever
3) Everything above can be traced back to you
I also showed them how easy it is to save private and public snaps without sending a screenshot notification (including video!) and how easy it is to fake.
It's hard to know if it's sinking in or not, but I hope so.
I wish I could show parents who are not tech saavy how to get these points across to their children.
I wish it was. Anything on social media maybe, but the broader internet dies in ~10 years.
I remember a long time ago Facebook profile pictures used to be private. And then one day without notice they became public. For some reason, I can't find any news articles about when this happened. Maybe I'm crazy or maybe the Internet is gaslighting me. Either way, I had friends who grew up in very conservative muslim families who no longer wore the Hijab but hadn't "come out" to their parents yet. Then one day they woke up to their facebook profile pictures being public where they weren't wearing a hijab and they haven't talked to their parents since.
Anything you put online has a non-zero probability that it will be 1) hacked 2) released as a bug or 3) released as a change in policy.
For example, I have shared credentials on Slack before, but that's because said credentials were for a non-critical system, and if hackers somehow a) hacked Slack and b) identified the information I shared and used it, the only thing they would get their hands on would be a curated collection of cat pictures with funny captions (and I don't re-use passwords).
Therefore, blanket rules like "don't share credentials on Slack" tend to miss the point. Obviously, don't share your bank account info on there. But you can totally talk about otherwise sensitive stuff if the risk profile is sufficiently negligible.
curl http://slack.com -v
< HTTP/1.1 302 Found
< location: https://slack.com/
It's a spectrum and not a binary condition.
Imagine assuming that every time you cross the street you’ll get hit by a car. Assuming every time you see someone it will be the last time ever. Assuming ever day you live might be the last one.
That’s no way to live, I find it incredibly mentally taxing and insane if actually followed.
Sure security breach can happen in any service, we should still treat most of them as reasonably private for any casual use.
People have taken this different ways, but personally I think it's sage advice. We've lost our ability to keep secrets. Information wants to be free. We're terrible at digital security. Pretend everything you type into a computer is on the front page of the New York Times.
That's simultaneously an admirable ethical stance...
...and total BS.
Put your money where your mouth is. Post your full banking and personally identifying details immediately, without hesitation or regret.
If you;d rather not, maybe you actually agree that not all issues of privacy come down to ethics. Some details of a person's life really do deserve privacy.
I think we thought of computers and the internet as our allies in privacy. They are not. They are our enemies.
I think we should stop trusting computers, any computers, as much as we possibly can.
Especially if you're in a minority that your government may try to punish.
We all deserve privacy, and we are all almost completely denied privacy, by design, by hundreds of systems we use daily.
I highly recommend the novels "Daemon" and "Freedom" by Daniel Suarez, which explore just how vulnerable our digital infrastructure is.
That's how people feel on the internet, and you're asking them to throw in the towel completely and accept they'll never be able to share anything on the internet in private. You're even going as far as to say if they want something private they shouldn't be doing it. Both of these two things are untrue, but especially the idea that technology is inherently un-private and can never be so.
I'm sorry, but I think you need to start with a list of ways you think people can use technology which has a high degree of certainty of being and remaining private.
Because I can't think of any.
Credit cards are an abomination. ISPs and wireless carriers know way too much metadata. Every social media company is a horror show. The ability to uniquely identify your browser across sites is terrifying. NSA's Carnivore. Keyloggers. Zero day exploits in the OS, in the browser, etc. Row hammer. Spectre and Meltdown. Elemental Technologies. SMS authentication and account recovery. Every online store knows way too much.
I mean, there is literally no way to even secure your IDENTITY:
And even if you do everything perfectly, Equifax might screw you, or Oklahoma:
So, can you list maybe one or two things in technology you think are strong-guarantee secure and private?
And I'm not saying to give up. This is the fight of our lives. But right now we've LOST. We need to think about how to start over, to try to win next time.
You forgot the second part of that quote that's much more relevant to this conversation:
> "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place, but if you really need that kind of privacy, the reality is that search engines including Google do retain this information for some time, and it's important, for example that we are all subject in the United States to the Patriot Act. It is possible that that information could be made available to the authorities."
Just need to add "we are all subject to buggy permissions APIs" :/
... Says the billionaire to the gay man in Nigeria who could be killed if this were public knowledge?
... Says the billionaire to the journalist with private sources doing legit work?
... Says the billionaire to the person who votes 'ABC' but works in company who votes 'XYZ' and hate those 'ABC voters' and who could lose their job due to blatant political discrimination?
I quite fundamentally disagree with this concept as it abnegates the very nature of privacy.
Different words, ideas, have utterly different meanings in different social contexts and in different cultures, different regimes.
It's a deeply cynical quote from him, I think, that facilitates his own 'bottom line' i.e. as someone who makes billions from the exchange of 'public' information.
"We've lost our ability to keep secrets."
It's true that privacy is harder but it's definitely not true that we can't keep secrets. We control technology and the internet, and we can definitely 'choose privacy', it's mostly a matter of will, and the pragmatic acceptance that it won't be perfect.
Privacy was taken for granted, but I believe we should recognize it as a basic right.
It'll be a little bit harder for example in the digital age, but we can absolutely have it, we just need to make the choice.
I think we thought of computers and the internet as our allies in privacy. They are not. They are our enemies.
I care deeply about all those people. I hate that computers have been weaponized against them. It's a tragedy to go from the optimism of improving the world with computers and networks, to where we are today.
I fundamentally disagree with you that we can achieve privacy.
Your ISP knows too much. Your phone carrier knows too much. Your DNS knows too much. The Credit Agencies know too much. Your CPU is too insecure. Your OS, browser, and other apps are, too. We keep turning decentralized / federated services into centralized ones. Every ad network knows too much. Your browser knows too much. It's too easy to identify you nearly uniquely from your browser, even if you try to stop it. TOR has a lot of problems, and exit nodes are the devil. Blockchain is too easy to track. Keyloggers are far too common. SMS verification and recovery are the worst things ever. Face Tracking is entirely too viable. License Plate tracking is entirely too viable. Credit Card companies know too much. Banks know too much. Employers know too much. Every online commerce site knows too much. Our phones know too much. Polling companies know too much. The political parties know too much. The NSA knows entirely too much. Google, Facebook, Twitter, Amazon, Microsoft, all know too much.
I think things like Kenton Varda's Sandstorm are a good step. I hope to see more things like them.
If you want something to be secret, don't let a computer know you're doing it. Any computer.
When you say "we just need to make the choice," I don't believe you any more. I think that's kind of like saying Communist Utopia, or Libertarian Utopia can exist. All that needs to happen is all of human nature needs to change. :(
I think tech folks like us need to work our asses off to create systems with real privacy that are just as good or better than the ones that destroy privacy. Because if they're remotely worse, in basically any way, they won't catch on.
Note that Facebook will be almost entirely impossible to replace. Because of the Network effect.
No, just some legislation, policies, some new architecture, possibly some technology changes.
If the government for example banned any org from collecting any personal information at all without specific explicit permission, and applied the same to sharing, it would quite fundamentally change the landscape.
In fact, just taking a 'closed' approach to privacy instead of 'open' in most systems, then most privacy problems would be addressed.
Obviously, a 'hacker' could steal stuff, but those are generally marginal cases, and there's no reason that we need to live with that either.
How often to hackers steal money from your regular banks? Not very often. If we treated personal information like private data then we'd be living in a new world, about the 1990's.
People will click the button ever time.
I think human nature needs to change.
Or else we need to work our asses off to invent better technology, but we're nowhere close.
> I have nothing to hide
> Because no one is trying to hurt you
Do you have any sources on this? This kind of retroactive censorship seems to be the latest fashion in the English-speaking world , and it's reasonable to expect such fashion to spread in Russia, but I haven't heard of any examples.
If you want privacy, you must first have security, and no system is secure.
I mean, just for starters, there are a constant stream of zero day exploits in OSes and Browsers that would allow me to install a keylogger on your computer, completely undetected.
So why are you so anti-cynical?
The situation is dire.
I highly recommend "Daemon" and "Freedom" by Daniel Suarez, who was a Security Consultant.
Privacy is literally life and death for people. I think trying to minimize the dangers is reckless.
This is what loses most people, because they don't think it's a big deal if someone reads their Facebook messages.
Privacy is what prevents gay people from getting purged in Chechnya. Privacy is what keeps political dissidents and religious minorities out of concentration camps. Privacy is what keeps our spies from being executed.
And for those who scoff at the idea of a state-level actor coming after them: privacy is what prevents someone's abusive partner from murdering them when they choose to leave the relationship.
Oh wait, that's happened again, and again, and again.
Which specific kinds of people were the targets has changed repeatedly over the years. Literally no one has an absolute guarantee that either they, or their family or children, are without a shadow of doubt free from this concern ever happening to them.
We thought we were anonymous. We thought we were secure. We underestimated how easy it would be to track, correlate, and analyze us.
None of us are safe. None of us have the privacy or security we should.
> If you're pretty obscure and conservative you're secure enough in practice.
You're ignoring the black swans of politics, hackers, militias, etc.
Yes, sure, we're probably all 99.99% safe. But 3 billion people are online. That math alone says 300,000 of the people online are not safe.
Do you really think we're 99.99% safe?
I think we're already tagged and manipulated like cattle. I already think that mega-corporations know entirely too much. I think we're already not safe. Equifax leaks alone prove that to me.
Heck, later down the HN front page today:
The idea that conservatives are a disenfranchised or endangered group is absolutely ludicrous.
Being conservative is the new taboo.
The former group is the ruling class in the US. The latter group is criminalized, shamed, and sometimes murdered.
Further, being gay can't harm someone else, while being conservative in a (theoretical) democracy certainly can hurt people.
> Are you suggesting that being conservative in the United States is somehow equivalent to being gay in Russia?
>> Yep. Assuming you live in SV, would you like to disprove me by putting a TRUMP 2020 sign on your lawn?
In West Coast US a few people might refuse to date you.
These don't seem like the same thing.
Pretty sure I don't need to link to the California Republican Party website.
Imagine if in America in the 1910's a person has a reasonable dissenting opinion like, "I think all citizens should have equal civil rights." If I was there I would be hesitant to attach to this opinion to my public identify. Especially if my employment relied on me voicing an opinion in agreement with the majority.
This seems to have a chilling effect that prevents anyone from voicing an opinion that is not already close to being in the majority.
I think you mean “group with dominant social power”; that's often confused with majority because of the predominant pattern of race/ethnic/religious (but not economic class) oppression in Western Europe and North America, but consider apartheid South Africa.
Especially if you're in a minority that your government may try to punish or control.
Maybe Eric should not have a private Instagram account which follows young models. Maybe Eric should not ask Google to delete results about his political donations.
We ARE in an oppressive surveillance state. Our government is tracking us. Every business is tracking us.
I highly recommend the novel "Daemon" and sequel "Freedom" by Daniel Suarez. He's a former Security consultant, who wanted to wake people up to how fragile our digital infrastructure is.
Would he extend this idea to clandestince agencies?
Especially if you're in a minority that your government may try to punish. (PS, that's anyone.)
I worked for a large company that had gotten into trouble in the past, with written records used as evidence. All new employees were trained not to write anything down that we would not want to see on the front page of the WSJ. It was stressed that even content on personal devices could be subpoenaed and entered into the public record if issues arose.
I can't do my banking online?
I can't send private correspondence?
I can't file my taxes electronically?
I can't pay my medical bills online?
(Actually all my medical information are put online my insurance co.; I'm pretty sure I can't do anything about that.)
I'm not saying you're wrong; I just don't see how that prudence as leads to any practical conclusions or advice.
I know what you say is true,but I still would behave as if some aspects of my digital behavior is private. Otherwise I'd be allowing this lack of privacy to shape and mold who I am as a person.
You shouldn't rely on a company to look out for you. You have to have laws and official, proven avenues of redress for assured privacy. For example, I trust the USPS Inspector General to protect the privacy of my mail. Somebody might tamper with it and succeed once or twice, but I'm not going to have a paradigm shift and think my mail will always be broken into.
the reason the twitter story is news is because they were private tweets. yes on an "internet service" but do you think your operating system is your own anymore? microsoft uses MS accounts for default windows installs, onedrive is installed automatically, icloud backup, etc etc. this is still in the purview of the "digital" world but the privacy concern is indeed larger than the "internet" world.
beyond this we have the IoT. your google home devices (or if not yours, someone elses) recording everything you do when not even digitally engaged.
we had best be ready for it. i really hope it doesnt turn into self-censorship. i hope it turns into more open mindedness and acceptance (oh, my neighbour isn't perfect either??)
As for advocacy and laws I'd like to see a lot more assurance that ... that isn't the case.
I'm kinda going both ways with it.
Interestingly enough, this is how I used to justify piracy when I was young. Since digital data almost seems liquid, if an artist doesn't want their content spread, better not make it digital in the first place.
So don't, but that doesn't mean that everything can be attributed to you personally - even attributing something to a relatively dissociated username is difficult. At best you'll get an IP and that IP could belong to one or many people.
Anything you idiotically attribute to yourself (including private messages on your accounts) is attributable to you personally - assume all cloud services are fully compromised or extremely willing to misbehave.
Act accordingly. Never provide real information online, use shared IPs, VPNs, Tor in cases where repercussions could be significant. If you want privacy, don't expect it to be provided, take personal responsibility for it.
That said, I don't really know of a better way to phrase it; describing this sort of stuff to non-technical users is a bit of a minefield, so I can certainly relate to the solution of "just assume the worst and nothing can go wrong", because if followed, it's unarguably the safest thing to do.
It's a solution in the same sense as "teaching abstinence to teenagers to avoid unwanted pregnancies" is, which is to say that it's largely ineffective at solving the problem, despite being the most effective of all options.
Either we protect privacy or we don't. There's no middle ground.
But where does that leave us with “The Cloud”?
for anything that you don't mind being publicly associated with you.
I mind my data being available to someone else when I marked as only for me.
The only system that would be somewhat trustworthy would be a totally air-gapped internal system. This used to be the norm, pre-internet. Few businesses really have this today.
Imagine if IAM had a major vulnerability suddenly...
These security breaches are really screwing me over.
Our user base is really really pissed at Facebook, Twitter, etc. and the pendulum has swung the other direction. I think they're borderline paranoid about sharing their data.
I mean whether they are justified or not is one thing but I definitely do not personally have any nefarious goals.
This is going to have a very chilling effect for the cloud industry for years go come. People are just going to refuse to share data with newer social platforms and only share it with platforms when they HAVE to because they have pre-established network effects.
From reading the original notice [https://help.twitter.com/en/protected-tweets-android] it sounds like the setting would just be disabled, which then made your tweets public. But not that Twitter's app would continue to say they were protected. That's a pretty significant difference (also by the fact that such a huge thing was not noticed for 6 years I'm guessing not many people were actually impacted)
Also just for fun, I'd wager how it happened is that the developer had some "default request object" that had "true" as the default setting for this and merged it with the updated property values ;) a classic
Note that this isn't even about DMs.
It's true that it's a reasonably good practice to assume that databases will be leaked. That doesn't mean that when a company loses control of private data that the company holds no blame.
One of those others was accused in the Lloyds bank libor scandal, and the email came from the law firm they had hired.
Non-software people don’t have the faintest idea how computers work, and more than non-lawyers the law or non-economists money.
Source: see warnings on any American packaging.
All of it gets filtered out by your brain and loses effectiveness immediately.
But sure. It was a half-joke, I guess it wasn't even half-funny.
I'm not sure I've ever found a permission system without explicit testing that the denials work that didn't turn out to have gaping holes in what could actually be done. Generally, the code that hides the UI for what you're not supposed to be able to do works, since that's visible, but on something like the Web where the user also has fairly direct access to the message bus the application is using to communicate to the web server, that's not enough.
Of course this shouldn't happen, but I can see how something like this could easily slip through.
But the more time goes by, the less sad I get. Their tech stack is and always has been a bit of a garbage fire.
I pretty much don't put anything online I cannot live with.
There was absolutely no way these companies were not going to exploit the crap out of both their position and data.
How were they all built? As fast as possible, growth first, etc... I expect these kinds of things to boil down to risks and costs, ideally paid after the enterprise is big enough to deal.
And a whole lot of us know it too. How else was it all going to go?
I am a realist. There is no real privacy online. One can get close, but doing that is a lot of work, takes understanding, and is still a bit of a risk.
Long ago I realized it is better to just not put things I can't live with online.
Frankly, I won't do that electronically, unless it is very worth it.
Edit: It is all still pretty new. We are leaving the honeymoon time. Bad things will happen, so will more regulation, and that crank will get turned a few times.
My expectations are super low right now. That could change, but not yet.
I wonder if GDPR affects Twitter in this case and what % of their revenue can be taken as a penalty for treating users like shit.
Because that site looks like a phishing site for reddit accounts. How is 100% cloning another site's design acceptable at all?
1. The design is open source under a CPAL license which notabug abides by
2. a goal of notabug is to support existing reddit stylesheets with minimal/no modifications; this requires dom compatibility and minimal CSS changes in the base design.
3. reddit is abandoning this formerly open source design in favor of their new design by default.
Really, what's happened in the last 3 weeks?
"starting in the wake of facebook’s Cambridge analytical scandal"
That was November 2017