Hacker News new | comments | ask | show | jobs | submit login
How to fight the surveillance economy (medium.com)
150 points by burnaway 11 days ago | hide | past | web | favorite | 67 comments

The surveillance economy is a direct result of advertising becoming the default business model for Internet companies.

At its root, advertising is attempting to predict an individual's preferences and subtlety nudge their preferences toward specific buying behaviors.

With more granular and pervasive data inputs, you can arguably do better predictions and thus better targeting.

The only counter to this is either:

1: proof that more individual data /= better ad targeting as DDG is attempting to do


2. Changing the default business model for internet companies

Surveillance capitalism is a natural result of our form of consumption driven economy.

The most interesting thing here actually is that there's an argument to be made that this is also a good approach to building very complex artificial intelligence, effectively aggregating how people respond to input.

You forgot:

3. Legislation that enforces some notion of privacy rights.

Similar arguments of economic necessity can be made for alcohol, tobacco, and gambling providers. All of these products are regulated in terms of how they can be manufactured, marketed, and sold because they have large negative externalities that impact their users. I don't see why surveillance for the purposes of advertising is any different.

In which case it should be regulation on the Ad industry, not necessarily regulation of data - because that's not getting at the core incentives. The data gathering is a symptom of the Ad market.

If you don't address the Ad market incentives, they will simply find another vector to getting to you. Noam Chomsky has been very loud about this for a long time, well before data gathering was a thing. So it's a long term persistent virus, of which the internet is currently the vector.

The problem here is defining what is and is not an ad.

Do I want my communications, browsing, purchase and location history to be used to rank me for job applications? To be used to decide which news stories I see? Which products are the top when I search for something generic?

For some the answer is yes, for many it is no. The only way to square this is to restore consent and data decision-rights to users, and to dispel the fiction that continued use of a service represents informed consent to thousands of pages of non-negotiable legalese.

This seems to be a common solution. I don't think it's realistic and is entirely too optimistic about the information processing capacity of individuals in society at large.

At the end of the day it's too much information for people to understand, handle and sift through to be a tractable solution.

What would end up happening is basically what we have now, consent and data decision-rights end up being proxied by third party organizations, and they attempt to segment the market and find defaults. It would just come right back around to what we have, only with different technology.

Instead, you could legislate advertising to be very restrictive. I think the less systems of paid influence that exist in the world the better, so I wouldn't cry for the demise of the advertising industry.

The tech industry needs to find a new revenue source anyway, might as well just go ahead and force the issue.

I don’t think we disagree much. If businesses want to do things where informed consent isn’t possible (e.g. because of the complexity of the bargain which they require users to accept), then they probably shouldn’t be doing them.

My point was not that advertising doesn’t need to be regulated (and that better protections for users/people obviate the need) but rather that advertising is not the only way to duplicitously exploit personal data to for profit.

There had to be a happier medium between command economy (we tell people what they want) and all out advertising (which is parasitical) but provides incentive for invention and progress.

I wonder how much of the surveillance economy stems from the fact that millennials don't really have any extra money to spend. They can't pay for things like the Boomers could, so you have to make money from them in other ways by trying to secretly convince them to buy things with what money they do have. If younger people had money maybe they could pay for quality newspapers and websites. But all the wealth has been pushed upwards. So it is ads everywhere and people paying with their privacy loss and attention instead.

In past comments I've written about the symptoms and observed effects of wealth concentration, but I don't think wealth concentration explains this. It's a bad fit.

Instead, I believe abundance of supply does. In the past, there were simply fewer things to subscribe to, so a median family would pay for the local newspaper and cable -- and generations before then, just the newspaper. Rich professionals and the elite would pay for one of the premier papers, and finance paper, and an arts magazine. Fans with particular interests would pay for one or two other serials.

These days, content is everywhere, and much of it is available for free. This is impossible to compete with on price, and has been shown to be hard to compete with on quality and depth of coverage, because it chops off large portions of the market who may have paid for convenience of distribution in the past, but now they don't have to. This leaves even more pressure on those willing to pay. In this kind of situation, the classic resolution is consolidation, which is already underway.

There's a math inequality here.

Mike the Millennial is strapped for cash, and so won't pay for content directly. Alice the Advertiser wants to convince Mike to buy her products, so she places ads with Nick the Newspaper. Nick gets money from Alice, to provide Mike with content for no cost.

But doesn't Alice expect a return on that advertising spend? Doesn't Mike ultimately pay Alice more than he would have if he had just paid Nick directly?

I know it's a hell of a lot more complicated than this, but aggregated over all advertising industry revenue, and aggregated over all content subscription revenue, it seems that the ultimate price of advertising (once it percolates down to the consumer) will always be greater than an equivalent cost of subscriptions.

I was with you all the way to the end...subscriptions will always have to be higher than ad revenue to the publisher. Take facebook as an example. In 4Q2018 their average revenue per user in the US was just shy of $35. If no advertisers paid anything to FB and instead lowered the cost of their products accordingly then yes Mike saves some money...BUT, if he wants to continue to use facebook...facebook will have to charge Mike at least as much as what they were getting from the Alices, likely much more. There is no way Nick can provide a newspaper without either advertising or subscription fees. It's the basic rub of the modern internet, at least content providers and as of now advertising for a "free" service is the dominant approach.

It’s much worse than that. Companies you pay significant amounts of money to like ISP’s also reolized selling your data made them just slightly more money so now all large companies do so.

Right, except they are selling it to ad networks/companies, so it all comes back to the Ad market being the end consumer.

Online advertising is only a slice of this. From political campaigns to chains picking locations, collecting and interpreting vast amounts of data has become the norm.

Advertising is just the first thing to do with that data - I expect there will be more (or already there is more - just most of it secret). The problem is that there are huge network effects for information - because there can always be something interesting from a new set of data - so we'll bigger and bigger information stores until we all join the Borg.

> The surveillance economy is a direct result of advertising becoming the default business model for Internet companies.

This is sad because advertising is a poor monetization scheme. For instance, let's say you make $0.10 per user through ads. Now let's say you want to increase the price to $2.00 per user. Then oops, you can't, because ads don't allow you to make that much for any given user. So depending on your preferred price-point, which may be variable, you may have to switch monetization schemes, which is terrible.

Facebook seem to have been able to constantly grow their per user revenue: https://www.statista.com/statistics/234056/facebooks-average...

But Facebook has an enormous user base. Also, this is a different kind of scaling, as the value they provide is the same as before. And they had to work hard to change their price point.

If you just divide total ad revenue by number of users you’ll find that users are worth on average tens of dollars per year to google or Facebook. For heavy users you might be worth hundreds or thousands.

I don't think that's how ads scale: people can spend their money only once; and the brain's working memory for stuff it sees in ads is also limited.

You can only throw so many ads to a person before conversion starts to saturate.

True, the people worth thousands are likely people who have high disposable income or click on ads on searches like "DUI lawyer in flint MI" where clicks cost hundreds.

Are you sure? An ad impression for an insurance contract could have a higher expected value than an impression for, say, a brand of protein bars.

I generally agree with the reasons why we have arrived at what we have now but I'd like to point out that the alternatives do not seem _better_ necessarily, or at least not clearly so for most people.

Current business model: provide "free" online services that are payed for by providing targeted advertising which relies on collection of data about users and building interest models. Advantage: almost 0 barrier of entry for users (all they need is a compatible browser and good enough network). We can probably conclude that most people like such an advantage. The main disadvantage is all the data collection/aggregation, it's unclear how the large population feels about this (in our tech bubble it's easy to think everyone feels strongly against it).

Alternative proposal: pay some subscription somewhere to get access to the online services. Advantage: no need for ads and behavior tracking. Disadvantage: much larger barrier of entry. Now you need a credit card or some other online payment mechanism, your real name/address/zip code will be associated with the payment mechanism, somewhere there are systems/computers that will have enough information to associate your real identity with all the online services you have used (there are technical means to anonymize this association but I don't see political will to force involved companies to do such things, think what will happen in such a situation with something like a Equifax data breach).

The larger access barrier for the alternative isn't just "convenience", think about younger people or people from all over the world in different economic and political contexts where having access to some sort of electronic payment is hard or impossible when right now all they need is a browser and Internet (the latter could of course also be an issue for many people but I'd argue is a much lower entry barrier than having access to a universally recognized online payment mechanism).

>Now you need a credit card or some other online payment mechanism, your real name/address/zip code will be associated with the payment mechanism

Do credit card companies also sell your data?

Once we can crack the micropayment nut, it opens a whole new world of ad-free low-cost subscriptions. I'd much rather pay $0.50 a month for a social network that has no interest in my data than deal with ads or data tracking.

But that needs to be both effortless for me as a user, and require very little in the way of processing fees. Both of which are not possibilities right now.

Cheap is better than free has always been my motto. Cheap is sustainable, does not require dark patterns for monetization and is transparent to the user.

But in order to get there, we need a way to pay small amounts of money to apps, creators and each other. And do it in a way that doesn't immediately become a lightning rod for economic manipulation and money laundering.

>Once we can crack the micropayment nut, it opens a whole new world of ad-free low-cost subscriptions.

Online payments are hard to do because of lots of legislation around money. This means that it's going to be annoying. There are also many people that can't pay online, because they simply don't have access to these payment methods. You could argue that we will eventually digitize our money and that would solve the problem, but I doubt that that's going to happen any time soon. People would be too afraid that Visa and MasterCard would basically control their life.

The way you might make it work is if you did what Steam does - you can put money onto the platform that you can then spend later. If you had an entire ecosystem built around that then it might be possible that people would do micro payments to content providers.

>I'd much rather pay $0.50 a month for a social network that has no interest in my data than deal with ads or data tracking.

I wonder if it could cost that little. I guess it could.

> The surveillance economy is a direct result of advertising becoming the default business model for Internet companies.

...and the insatiable content consumption of today's consumer."

> 2. Changing the default business model for internet companies

Got any ideas?

> Surveillance capitalism is a natural result of our form of consumption driven economy.

But the two don't have to go together at all. You can have an ad-driven economy without engaging in widespread spying.

Addendum to the solution 1: "Don't assume that, because you paid for something, they aren't harvesting your data anyway".

Example: https://news.ycombinator.com/item?id=19113960

> How to fight the surveillance economy (medium.com)

Step 0: publish on your own platform without trackers, not on medium.

From TFA:

Install Privacy Badger by EFF that uncovers and blocks scripts on websites that track you; this Medium page has 2 active trackers that would have been blocked if you did - Google Analytics and Parse.ly

That is the wrong attitude. Yes, I know how to shield myself; nobody else in my family does.

There's nothing wrong pushing links to the article to platforms like HN, Reddit, etc, but the source shouldn't be medium. If you write a piece like this, it deserves to go on a platform without trackers; otherwise it's a bit hard to take it seriously.

I'm aware that medium.com might bring in a broader audience and that it's simple to "publish without starting a blog", but so is doing an HTML export from a text editor these days. It's also similar to adding "why quit Facebook" on Facebook itself - it doesn't work.

The article itself is decent though.

> otherwise it's a bit hard to take it seriously.

This is the wrong attitude. You should realize that you may not be able to do all possible or necessary measures to protections all at once. That doesn't mean you should avoid doing some of them, and the article talks about that.

So, in other words, if you didn't do step 0, let it not stop you from doing other steps.

> Yes, I know how to shield myself; nobody else in my family does.

Another thing is that we should both educate those who don't know how to shield themselves - and make it easier to be protected. The latter is related to network protocols and processes and to client (and server) software.

Can we simplify Internet?

I think think in the future the lightning network will be great for subsidising cost for hosting open source, non profit internet infrastructure. We already have projects like Tor and FreeNet, but without micropayments they are not scalable solutions. Lightning network still needs about 10 years to become practical for every day use though.

Poison the well - generate noise. By generating false signals you will devalue the harvested data hopefully to a point it is not worth harvesting.

Speaking of which, AdNauseum is a useful extension for Firefox for devaluing the ad economy. Google of course banned it from the chrome store.

emacs has had M-x spook for a long long time....

We need Scramble Suits, like Through a Scanner Darkly, but as a VPN.

Some valid points. At the end of the day, until the governments around the world reign in the offenders with regulations and potential jail time (GDRP and such), nothing is going to change for the masses.

Just like every other cycle in the human history - abuse until a breaking point is reached, regulations come in, find some other niche ripe for "disruption", repeat the cycle.

Unrelated to the main topic - writing about the surveillance economy in a Medium post, which itself is a textbook example of the surveillance economy devaluates the core message a little bit for me.

Judging by how fast advertisers left some political outlets, it could be possible to discourage cooperation with aforementioned corporations. For software engineers to work in those may become career-limiting.

How about F/OSS communities, programming blogs, and forums like HN stop allowing Google, Fb et al to index and link to their pages? Soon Google and co will find out there's not much content of value left in their garden. I for one can get along well with a couple sites such as github, stackoverflow, arstechnica, some EU quality journalism sites, etc. Most other stuff turns out to be self-promotion or ad-ladden feedbuzz for the digital precariat anyway (the kind of which you see on the subway and who can't stop fumbling with their smartphone for a even a second).

If you're a software developer the way to fight this is financial. Make a ton of money then pay journalists to write about it and pay other software developers to build the tools to evade it.[0]

Regarding VPNs:

What I want is a very small, open source program that I can give my credit card. It will light up little DigitalOcean droplets (and other VPSes to stop potential monitoring from them) and create VPNs here and there. I also want to build my own browser that will be capable of making the rendering happen on these rented-for-a-minute servers then pipe back just the PNG. I also would make certain things local. I can use machine learning to predict which areas of Wikipedia I will probably want to read in the future. This should just be local and occasionally synced. Same with Stack Overflow.

Fingerprint me now bitches. (They still probably can, at least partially. It just raises me up to the top of the trees in the jungle.)

[0] Though I will say I see the downsides. Surveillance is how we stop malice and per-individual power is going up.

>I also want to build my own browser that will be capable of making the rendering happen on these rented-for-a-minute servers then pipe back just the PNG.

I think you want a browser running on a servet you access over a VNC, which will pipe back just the parts of the screen that have updated.

x2go is perfect for this. I used to run an instance on AWS, but I just keep one at home now. It pipes everything through a PIA vpn.

How does x2go compare with xpra?

As far as I can tell, xpra uses the X protocol, which is laggy over links under 10 Mb/s.

X2go uses the NX protocol, which is designed for slower links, so it works better across the internet.

>Searching for and writing about topics online deemed inappropriate are known to authorities within a second thanks to cooperating companies.

This is already happening. I used to mock conservatives and free-speech advocates who claimed that Twitter, Reddit, Facebook etc. were censoring speech unecessarily. I'm pretty far to the left, and obviously I think racist and sexist harassment are bad things...however, these platforms have automated any features that allow users to report "problematic" posts or comments, which makes it VERY easy for people to abuse and mass-report anything they disagree with.

Why would I trust a corporation to correctly determine whether a comment is abusive, or just an opposing point of view?

What does it mean when corporations are in charge of determining what speech is offensive, and effectively control the "acceptable" range of discourse? In the UK a man was investigated by the police for retweeting an offensive limerick - https://www.telegraph.co.uk/news/2019/01/24/man-investigated...

I don't really agree with what he retweeted, but it still seems kind of ridiculous to investigate someone for a tweet that isn't threatening or violent.

Or instead make the information public/transparent as possible. To level the playing field. Yes there are going to be many issue arise from this, so it's these issue that need to be fixed instead of trying to fight to make information private.

>They know more about us than we know about ourselves or than we know about them

Right so we need to fight for knowing more information about them as much as they know about us

Governments want surveillance the citizen, fine, the citizen should fight for ability to surveillance the government as well.

> Right so we need to fight for knowing more information about them as much as they know about us

I don't see how that actually solves the problem.

I suspect this is an inseparable part of the wide open Internet we love to talk about. Changing revenue to something more direct and less invasive is an extremely difficult task. I wonder if we will see the return of big walled gardens (e.g. Prodigy, Compuserve, etc from the old days) with all-you-can eat subscriptions to content within.

> Look for businesses that accept anonymous payment options and don’t force everyone to share personal information with a third-party payment provider.

What anonymous payment options are there (other than many cryptocurrencies)? I do remember the days of sending cash through the post but I don't think that's what the author is suggesting.

> I do remember the days of sending cash through the post but I don't think that's what the author is suggesting.

That may be exactly what he's suggesting. The VPN provider he works for (IVPN) allows payment by mail by cash.

On my country at least there is a trend that only registered costumers have promotions and discounts, but what really happens is that the price of the things go up and the registered costumers pay the 'normal' price.

I'm not buying anymore on theses type of stores (markets and restaurants mostly), but this is keeping growing difficult because every other week more and more business are starting to ask for my 'credentials'.

Use fakes. In the US there's a famous song called Jenny with the phone number 867-5309 in the lyrics. Everyone over age 30 knows that number by heart, and a fair number younger too.

Simply give (your local area-code)-867-5309 and there's a very good chance that someone's already signed up with that number. If not, I'll complete the signup with that number and whatever bogus name comes to mind. Jacob Blues, 1060 W Addison 60613 works well.

Just like AdNauseam, simply chaff the system until it's futile.

I'm sure there are similar characters in the public consciousness of every country.

Shouldn't the first name always be Jenny for 857-5309? Otherwise the next person is screwed when the cashier (potentially) asks for a name.

i think they are referring to vpn services that don't require you to create an account with name/contact/etc. For instance, the one I use, they create a bitcoin wallet, once that wallet receives coins, it generates a random string username and random string password, and that is the entire "signup" process.

If it's not too much trouble which VPN would this be? I know of some that offer crypto payments but a real user recommendation is always welcome.

I don't recommend it since it's a security-sensitive topic and I don't know anything about their backend or their exit nodes or their custom vpn client... but to answer the first question i use Private Internet Access.

Thanks for the reply and caveat though.

this use case is a huge part of why bitcoin exists, it's hard to exclude from the conversation.

I understand the concern but it does not bother me much. You are much more likely to have you data logged and used against you by visiting a small website than twitter or Facebook. CIA/FBI agents are known to hack websites and install trackers. The Firefox tor JavaScript exploit comes to mind.

How do you reconcile the novel "1984" (published 1949) with the comments about the internet and millenials?

Step 1: Don't use a smart phone.

The problem is it seems to increasingly become a necessity for participating in modern society.

Oppression is always structural. Organize.

VPNs do literally nothing to protect your privacy.

if anything they make it _more_ obvious who is using your internet connection. Yes, your ISP will be less able to snoop, but you are now exchanging your ISP's complete oversight, with a VPN provider's.

Now, if you VPN is based in the EU, then you have GDPR to help you. However the burden of proof is still on you.

So what can you practically do?

1) container tabs

Each service you _have_ to sign into has its own container. This stops each service like google, facebook, ebay et al form a complete picture of you.

2) check your unique browser ID, https://panopticlick.eff.org/

3) trash your browser's profile every month.

4) on your phone, keep in private mode

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact