Hacker News new | past | comments | ask | show | jobs | submit login
Productivity vs. Privacy (jessems.com)
51 points by jessems on Nov 11, 2020 | hide | past | favorite | 14 comments



The Figma example that's given seems to completely undercut the "Productivity vs Privacy" argument. Figma didn't discover those use cases by spying on users, they did it by talking with users and working WITH them. You know, using that whole consent thing?

The issue isn't collaborating with your users and involving them in the design process - do that! It's awesome and it'll generally help you make better products.

The problem comes when you want to harvest intelligence from your users WITHOUT cooperation. If you need to do that to be "productive" ala Google, then yes, you are going to be hampered by privacy. That's a tradeoff for users to make, and it's only a real tradeoff when we aren't dependent on the moods of Google or Facebook but instead can rely on the underlying technological basis.

And you can be very interoperable and maintain privacy - but your users will need to choose to enable that interopability. Facebook can "promote interopability" by linking my Instagram and Facebook, or forcing me to use Facebook on Oculus and that is interopability - but it's sort of by force and not in a way that is acting with my consent. On the other hand, my email I send with Protonmail is perfectly interoperable - I can email anyone and get email from anyone, import and export emails and use whatever client I want - as long as I choose to allow it to be by decrypting my emails.


Hey, OP here. Thanks for taking the time to read and respond.

> The Figma example that's given seems to completely undercut the "Productivity vs Privacy" argument. Figma didn't discover those use cases by spying on users, they did it by talking with users and working WITH them. You know, using that whole consent thing?

Figma is a great example of non-obvious productivity gains being _discovered_. I believe building a multiplayer experience like Figma would be considerably more difficult if you would need to also keep everything e2e, managing multiple keys, etc. In that sense I think there might be some tension with privacy-preservation. The primary reason I mentioned Figma, though, was the discovery part. I could've made that more clear.

> And you can be very interoperable and maintain privacy - but your users will need to choose to enable that interopability. Facebook can "promote interopability" by linking my Instagram and Facebook, or forcing me to use Facebook on Oculus and that is interopability - but it's sort of by force and not in a way that is acting with my consent. On the other hand, my email I send with Protonmail is perfectly interoperable - I can email anyone and get email from anyone, import and export emails and use whatever client I want - as long as I choose to allow it to be by decrypting my emails.

You can be interoperable, but I see many scenarios where it's not straight forward. For instance, you lose control over the preservation of privacy when your ProtonMail user forwards an email to his Gmail friend with an entire conversation in it, even though on a technical level you're completely interoperable.


Absolutely. But even not all harvesting is privacy invasive. As a search engine I can know that 3.054% of users search for sex toys. As long as they don’t know or harvest who is doing these searches, there’s no privacy violation.


Valid point, but this doesn't amount to a very convincing promise to many users imo. You're relying on the service provider to not abuse their power. If that were sufficient I don't think we would see these e2e services pop up to begin with.


Yes, you’re absolutely right. Unfortunately services blatantly and openly violate their customers privacy and by and large customers don’t care. I would also prefer zero trust as a first choice, but for now would be happy to settle for trusting companies that just seem decent. Sadly those are few and far between and the norm is to harvest, sell and abuse customer data.


> I would also prefer zero trust as a first choice, but for now would be happy to settle for trusting companies that just seem decent.

It's an incentives problem. If the company can always make a bit more money by harvesting data, then why would it not? Especially if it could avoid getting detected or at least avoid getting in trouble.

That's the benefit of E2E - I don't have to trust the middleman. I still have to trust the other end (and that has a whole can of issues to be sorted) and I have to trust myself (and again, that has plenty of problems) but it at least removes an entire vector.


> A second strategy out of bounds for privacy preserving products: Interoperability

This part had me scratching my head. Most established non-privacy-preserving products have been slowly killing interoperability because data lock-in provides a moat against users leaving and against potential competitors accessing valuable user data. There's no economic reason why privacy-preserving products should have worse interoperability than privacy-violating ones. Especially in product categories where interoperability does not imply sending PII to third parties.

Edit: Arguably, providing interoperability is easier for products that don't gather a lot of user data because there's less risk of an embarrassing leak of PII if the API is not properly secured.


> This part had me scratching my head. Most established non-privacy-preserving products have been slowly killing interoperability because data lock-in provides a moat against users leaving and against potential competitors accessing valuable user data. There's no economic reason why privacy-preserving products should have worse interoperability than privacy-violating ones. Especially in product categories where interoperability does not imply sending PII to third parties.

I agree. I don't see a strong economic reason this would be the case. But there's a strong practical reason (which perhaps has economic consequences): loss of control. If you make it easy for your users to interface with other services which don't have the same privacy guarantees, you're increasing the risk of their privacy being violated. If you implement an interface that's so secure, that no leakage or abuse is possible, then you win. But if that's not possible, and you end up restricting things that would otherwise lead to cool, productivity features, then you've hit the trade-off I touch on in the essay.


I decided against using ProtonMail precisely because of the lack of full-text search (you can search across email subjects, but only because [they aren't encrypted][1]). However, there is another zero-knowledge email provider who does have this functionality: [Tutanota][2].

Also, there is work on an interoperable standard for E2E-encrypted instant message: [MLS][3]. These are just two examples, but I wonder whether the gap between "standard" and privacy-preserving software is actually shrinking as demand for the latter rises.

[1]: https://protonmail.com/support/knowledge-base/does-protonmai...

[2]: https://tutanota.com/

[3]: https://messaginglayersecurity.rocks/


I've been thinking about Privacy/Security vs Productivity recently, Mainly because there has been delay with the security updates from my Android manufacturer and switching to LineageOS would fix that but would risk loosing access to Gmail, chat apps and payment apps due to issues with SafetyNet.

I thought I would backup and restore my current device accounts to the android in the Chromebook but alas Google doesn't seem to be allowing the 'Data Transfer Tool' to be opened in the Chromebook (Although it installs).

My current plan is to restore the account in a LineageOS+MicroG+Magisk(to enable SafetyNet) setup. Although I have little hope of this setup being stable, bringing the conversation of Privacy vs Productivity.

Perhaps there is a need gap for backing up our current android device as VM image and running it via QEMU?


But surveillance can hurt productivity, too. YouTube, for example, is really good at predicting which videos I will find interesting, and I end up wasting a lot of time. When I started using Invidious, which doesn’t track your watch history, I wasted far less time.


Youtube isn't trying to make you waste less time? In this case, I think youtube would consider you to be very productive within their software/system


Completely agree, and I haven't thought about that angle enough.


> Therefore, privacy-preserving products will always lag behind their less private counterparts in productivity gains afforded to their users.

“Always” is a very absolute word. Isn’t it absurd that you (presumably, based on this conclusion) have to sell your privacy in order to be sufficiently productive (perhaps to stay gainfully employed) only so that your now-lost privacy can be used against you to sell you more stuff? Are there not political ways out of this quagmire? Or are we as technologists only supposed to apply our stereotypical tunnel-vision towards narrow problems like how to google more productively?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: