Don't we want companies to outsource the solution to legislation? I'd rather have Congress than Google be in charge of deciding how much privacy everyone deserves.
> Don't we want companies to outsource the solution to legislation? I'd rather have Congress than Google be in charge of deciding how much privacy everyone deserves.
Until the legislation is written by the industry and doesn't rein them in one bit but imposes large compliance burdens on smaller competitors and further entrenches the incumbents.
The actual solution isn't corporations or governments, it's people being in control of their own stuff. Google and Facebook can't invade your privacy if your data is on your own device and not their servers.
What does "people being in control of their own stuff" even mean? Right now, people are in control and they choose to use software that is convenient for them, which happens to upload their data to the cloud. How do you force people to use software that doesn't do this?
It's also unclear whether in practice people being in control over their devices better protects the users - back when that was the case, malware was a bigger problem than it is now.
> What does "people being in control of their own stuff" even mean?
It means that Facebook et al don't have it to begin with.
> How do you force people to use software that doesn't do this?
Why do you have to force people to do anything? That conclusion requires some major cognitive dissonance.
There are two options here. One is that people are rational in not caring, and in that case there is no problem and nothing needs to be changed, so what are you complaining about? But let's suppose that's not it.
Then it's that privacy is important and people should care about it but they don't understand, in which case you don't have to force them to do anything, all you need is for them to learn what is happening and why they should care about it. It requires information, not regulations.
You can't regulate a fox in a henhouse, you can only teach the farmers why fences are important before they learn it for themselves.
> It's also unclear whether in practice people being in control over their devices better protects the users - back when that was the case, malware was a bigger problem than it is now.
We need to give all our data to Facebook because malware? How does that prevent malware at all? What is Facebook's server going to do that your phone couldn't do for itself?
"But malware" it seems is the new "but terrorism" or "think of the children" as a generic excuse for every authoritarian policy in the book.
So what do you mean by "people being in control of their own stuff" - why even bother talking about something that will never happen? I mean other than maybe Richard Stallman, who even does anything remotely close to this?
Wrt: malware, what's definitely helped here is that people spend more time on centralized platforms that are able to tackle problems at the source, as opposed to visiting random unsafe websites and downloading random software. Likewise, telemetry in OS almost certainly helps greatly in fighting malware. Centralization in terms of both data and usage helps greatly.
People don't choose to notify facebook that they're visiting a website that has a like button, the don't choose to let google track them across devices. Most tracking happens without any sort of awareness from users.
They choose to use websites and software, whose developers in turn choose to send usage data to third parties. Trust in this sense is necessarily transitive. In a complex world with long supply chains, almost everything works that way - I don't get to choose every ingredient in a restaurant meal either. Either way, the point is that users do have control today and that they use this control to maximize convenience at the expense of privacy. Thus the idea that "people being in control of their own stuff" will help is kind of meaningless - they are already in control. Even choosing not to be informed is a choice - people are not informed because consequences so far have been minimal relative to other threats in their lives.
My estimate is that nearly all negative consequences of lack of privacy on the internet have not been due to any sort of nefarious tracking and data gathering on the part of tech companies, but due to people voluntarily sharing information about themselves and those close to them and using various apps as intended. There's a lot of paranoia about how much data is out there, but I can't think of really any major consequences, especially given how pervasive this is all supposed to be. Meanwhile, people getting in trouble due to information they voluntarily shared is extremely common.
> They choose to use websites and software, whose developers in turn choose to send usage data to third parties.
Even that incredibly low bar isn't cleared. When you visit a random web site you get tracked by google/facebook before you can be aware that this site is sending your information to them, clicking a link does not imply trust or consent.
How is that bar not cleared? You have a choice as to which websites to visit and the website developer has a choice as to which third-party pixels are included.
I don't have an informed choice until after I visit the website. Even then it's only an informed choice because I'm a developer and know what's going on under the hood.
Legislation and legislatures have already been in charge of your privacy, Google is just acknowledging that they have no interest in coming up with any real solutions that limit profitability.
They're agreeing with you in this step of the PR dance, then after the heavy lobbying they're already administering, they will attempt to de-fang any potential privacy legislation, then point out government incompetence while calling for a right to self-regulate.
Legislation is reactive rather than proactive, slow in its reaction, easily corrupted by lobbyists, and likely contains loopholes anyway. Not to mention that competent regulation acts as a barrier to entry for competitors.
I know how much privacy I want, and I take the appropriate steps to get it, even if that means not using otherwise convenient services. The question is how much privacy people should get even if they don't care or think about it.
