Tracking evasion is close to the concept we in Germany call "Datensparsamkeit" or data scarcity — the idea that only the data that needs to be collected for a certain purpose should be collected.
The idea is: Data that just isn't there cannot be lost, abused or stolen. Or phrased differently: Data is also a liability for you and your users and you should balance this liability with the use it has for you.
The idea comes from Germany's Nazi past, when the Nazis invaded the Netherlands where religion was a field in the official documents, which lead to an very efficient genocide.
Germany asks for your religion during your address registration, to collect church tax. It's one of the first forms you'll fill after moving to Germany.
However, this is largely correct. German offices don't even talk to each other without your consent. It can be frustrating at times.
Germany also has some of the strongest photography laws I know of. You have a certain expectation of privacy even in public.
When the church and the government are too tightly intertwined, religious freedom ceases to exist. They are separate and should remain separate.
In the United States, most Protestant churches are run by tithe (voluntary donation) and are not taxed at all (the Establishment Clause) or are paid as mandatory fee directly to the synagogue or local congregation. Most Protestant churches in the U.S. have seen declining membership and tithing, but that is not the fault of the government, and church tax is precisely the opposite of what Jesus and Paul laid out, as well as the allocation of tithes in Malachi.
In neither case should or can the government get involved.
Most churches in the U.S. are not megachurches. Most are much smaller. The abuses of a few shouldn't taint the whole concept.
And they start charging you without telling you directly (by a letter) or getting your consent! First thing I tell everyone moving here is that they should be careful with that form and be atheists officially. I ended up paying 4 years of tax before they relaxed the process.
I don't want to be a devils advocate, but why is it a problem that you paid a church tax?
In Germany, members of the church pay for the church service, it is made available to them by the church. It's just how it is, you pay the tax, and then you can marry for free, attend church for free, baptise your children free of charge, ...
If you don't want to use or don't need their services, you can always cancel your church membership. It costs one visit to Bürgeramt and a few euros.
I am sick of people staying in church and complaining that they should not pay. Before church tax, everyone had to pay through taxes, even people that are not members of catholic or evangelical church, like atheists and members of other confessions. That is immoral. Either pay or leave the church if it is not worth it for you to pay.
I'll agree that if you are a member of a church and enjoy church service, you should pay church taxes, too - I'd go even further and say (as an atheist myself) if you're a believer and believe that churches do good things, even if you don't go there often or take advantage of everything that's offered to you, you have an obligation by your very faith to help by paying your share.
Then again, I'm completely stumped as to why the government of a secular country (by constitution!) would ever involve so deeply in clerical matters that it would collect taxes for them, free of charge. That system is so dated and out of place for a modern society, I'm not surprised foreigners are very much irritated by it.
Another issue is that you have to pay to opt out of being a member obliged to pay the tax. This is not about the amount (~10-60€), but the fact that all children of christian parents end up being church members before they're even old enough to decide for themselves, thus having to pay the tax or pay to opt out. The same applies to foreigners unaware of this.
If churches had no tax to rely on, maybe they'd be more engaged to not continually loose members...
I agree with all you said. A similar system is in place where I live but the best argument I’ve heard in favour of keeping it is simply this:
If you take the relatively small state funding away and make the churches seek members to fund themselves, then be prepared that they will go and do just that. We might get American style megachurches with everything that comes with them, real fast.
I realise it is an argument based on fear, but oh do I fear it.
I'm up for this - Europe needs mega-churches! There are about forty churches near me...they take turns in rotating the congregations around, so (for example) i get fucked by the traffic every eight weeks, in a five week loop, depending on the particular church.
One giant church, also televised or streamed, would be fuckin' A.
On the other hand, looking atvthe German modrl, would i have to pay to opt out of the streaming service?
> Then again, I'm completely stumped as to why the government of a secular country (by constitution!) would ever involve so deeply in clerical matters that it would collect taxes for them, free of charge.
This topic has its history. Agree it's outdated, but at least the state gets paid for the service of collecting membership from church member.
> That system is so dated and out of place for a modern society, I'm not surprised foreigners are very much irritated by it.
Foreigners and their unawareness or awareness of anything are not a group important enough for any state to consider their legislation.
> Another issue is that you have to pay to opt out of being a member obliged to pay the tax. This is not about the amount (~10-60€), but the fact that all children of christian parents end up being church members before they're even old enough to decide for themselves, thus having to pay the tax or pay to opt out.
But it is an opt-in, although outdated. First, your parents sign you up. Then, during the confirmation, you decide you want to keep your membership. I said outdated here because historically, confirmation was an entry point to adulthood, and it was considered that they were grown up to accept or reject church membership. It's only a modern-day habit and regulation that we consider 18 years old as adults.
Anyways, people usually know they are baptised and that they will have to pay church tax. Many enjoy 18 years of trial membership for free before they cancel the subscription, or let it continue, depending on their personal preference.
> The same applies to foreigners unaware of this.
Like in any other country, foreigners are expected to get themselves familiar with local laws before moving to a country. Latest after first pay cheque, they are aware they are paying church fee.
What I see about some foreigners is they complain they have to pay church tax, but don't want to leave the church because of "reasons". Well, sorry, guys, at least one third of Germans did exactly that, left the church, partially because they would rather not pay. If your church membership is worth it to you, just pay and shut up, if it's not, cancel it. If you want that other pay for your church membership, go to other country where churches get tax money from everyone. I also don't complain that I can't get Amazon Prime free of charge.
> If churches had no tax to rely on, maybe they'd be more engaged to not continually loose members...
I'm fine with them having to struggle to provide a better service. Also fine with them losing members.
Why doesn't the government tax churches themselves instead of taxing the members? That way they wouldn't have to collect information on the members' religion.
Besides, not every person who is religious even goes to church.. and even if they go, they don't necessarily go every day or even every year of their life. So it makes no sense to tax them unless you could monitor when they go to church.
Churches, however, could be taxed on their revenue, which does not invade the privacy of their members.
No, no, you see: This is not about drawing in taxes from the churches via their members. This is about collecting taxes for the churches, as a service! It's very convenient for them: Don't do anything and get your member fees delivered to your bank account, for free, every month :-)
For historical reasons. The churches used to be much more politically active in the deep past and collected their dues directly. There also wasn’t any sort of safety net provided by the lords of the land, but churches provides some. This has evolved to a system where the church largely stays out of politics and has no direct or official influence, but gets money from the state. This is also helpful for the state to influence the church, for example like with the acceptance of gay marriage.
Precisely this. The beautiful buildings in the Vatican are maintained with Bayern money.
The German Catholic church needs to be careful not to drive away their tithes with a hateful message. Catholicism in Germany is like a gym membership: nobody shows up but they forget to cancel and keep paying.
I don't participate in any Church related activities anymore, and have not used any of their services (hospitals, schools, etc.). I have costed the Church in Germany 0€, and yet I have paid several thousand.
My creed should not earn me a financial penalty. Specially since they don't tell you about the consequences beforehand.
Religion is too powerful a means of control for states not to involve themselves. Just look at the US - fifty years of secular, progressive law is being toppled like a chain dominoes for the sake of Christian jurisprudence, in what is supposed to be a nation with a separation between church and state.
> the idea that only the data that needs to be collected for a certain purpose should be collected.
The US has a similar stature, the Paperwork Reduction Act, a "law governing how federal agencies collect information from the American public", with the aim being to "not overwhelm [the public] with unnecessary or duplicative requests for information" and that the data collected be "a good fit for its proposed use" and further still "To respect privacy, we avoid asking for personal information that’s not relevant or necessary."
https://pra.digital.gov/about/
In practice, of course, this is all bullshit and any data that the government cares to collect is rationalized as fitting all those requirements.
So I'm curious if the German Datensprsamkeit is actually effective?
Well... I suspect German Datensparsamkeit is only a figment of the utterly ridiculous digital infrastructure of the german governments, both federal and state ones. Most processes are still carried out via paper or fax (fax!), you have to show up personally for the most insignificant things, every single village has their own records (practically never digital), and every time the government attempts to make a stab towards more digitalisation, big corps waste billions on giant projects that never get finished - we had the attempt to get health insurance (mandatory here) cards with an NFC chip on them that would securely store medical records and grant online access to your data; finally, no more carrying X-Ray CDs from MD to MD or filling out registration forms at the doc. But of course, 10 years later, everyone has a new card, but you can't do anything with it. Someone has earned a lot with it though.
So, all in all, it's not that Germany's government is so privacy conscious, but we're simply stuck in a pre-digital world with no reasonable way to share data.
In my (university IT) circles it is definitely part of the lived culture. IT sees itself as the ally of the users and not a data collector for the management. The management mostly agrees with the principle of data scarcity as well.
I recall one instance where the highest person at a university tried to get all the user's contact tracing data because of some incident (theft), IT explained that their request was not only illegal, but also useless, because the way data was stored would not allow to extract data without going to another official place and requesting the other half of the data which could only be accessed by the health department.
There is a german saying that goes a bit like: "where there is a feeding trough there are pigs". The idea of data scarcity is to avoid putting up things that can be used as food by pigs. So instead of defending data silos, you build them in a way that they don't become targets in the first place because they are of limited use outside of the intended use case.
Judging by the number of politicians complaining about data privacy, it works.
> The idea comes from Germany's Nazi past, when the Nazis invaded the Netherlands where religion was a field in the official documents, which lead to an very efficient genocide.
I am very afraid that a similar thing could happen in the modern world.
The Great Surveillance Machine is just a ticking time-bomb, waiting for the right tyrant to use it to enforce their own idea of Good. Whatever characteristic they want to cleanse out of society, they can easily track down people with that characteristic, and neutralize them. And when that happens, there will be nothing we can do to save ourselves, because we have already surrendered our whole lives to The Machine.
One thing I never really understood is the incongruity between online tracking and real-world tracking, the latter of which we would call stalking.
If you followed around the owner or employee of a tracking...err "advertising analytics"...company, and recorded everywhere they went, and everyone they met and interacted with, including writing down all of the purchases they made when they go to a store, and then you sold the notebook you kept of all this, would you be in any legal trouble? What if you followed around their spouses and children too? Would the employees of the advertising company be creeped out by this? And yet they do it virtually to millions of others.
No, you wouldnt be in legal trouble. I have news for you: When you're grocery shopping, there are cameras watching you: how long you spend looking at an item (which tells them if it's a regular purchase, or something you're considering), the path you take through the store, etc. They use this info to increase the amount of your purchase. The layout of a store is not random.
And then when you get to the register, they know you. Not just from your loyalty number, but from your credit card (even if you're not a member). They use this to create a history of your purchases and create a demographic profile of you.
They use this profile to determine what to stock in the store, what to put on sale, etc. For example, sometimes they'll stock an item with poor sales, because the customers that buy it make larger purchases (keeping these customers loyal to the store). They'll also use this info to advertise to you, send you flyers and coupons in the mail, for example.
They'll combine this with your credit card purchase history to create a more detailed profile... because Visa (et al) sell your purchase history to analytics firms that sell this data to companies like your grocery store.
Similarly, analytics firms already know who you're related to, and can match up purchases from other members of your household.
My point is: You dont think about even the stuff above, because it's hidden from your view and you arent familiar with what they're doing. Just like many people dont think about what Facebook is doing with their data. You phrase your questions like a hypothetical, but it already exists.
> They'll also use this info to advertise to you, send you flyers and coupons in the mail, for example.
It would be good to say which country you are talking about, in Europe this has never happened to me outside of online stores or with loyalty cards (which is why they give those cards in the first place).
> I have news for you: When you're grocery shopping, there are cameras watching you
Well, it is not the same - cameras are maybe watching "a person" inside that store, not John Doe inside the store, the car, the toilet and the bedroom..
My question is more along the lines of, it seems to me that it's OK (in the sense of being tolerated by the public and legal) when corporations engage in this kind of behavior, but would it be OK if individuals engaged in this kind of behavior against employees of these corporations?
> Not just from your loyalty number, but from your credit card (even if you're not a member). They use this to create a history of your purchases and create a demographic profile of you.
I believe GDPR would forbid this but there maybe (in Europe) something like "we consider logs of payments made in a store a legitimate interest", idk.
edit: an ongoing story I suppose:
- Instead of only processing the payment, the German payment service “giropay” (formerly “paydirekt”) keeps the information about each individual item purchased in online shops. This may lead to the processing of sensitive, personal data. https://edri.org/our-work/giropay-knows-what-you-bought-last...
> I have news for you: When you're grocery shopping, there are cameras watching you:
I don't think so. CCTV's goal is security. Not even employees can be filmed for a different purpose:
- The DPC received a complaint stating that a supermarket had instructed athird party to remove a CCTV hard-drive. The hard drive contained CCTVfootage of the complainant's image from the store where the complainantworked as store manager. The complaint statedthat no member of thesupermarket staff accompanied this third-party contractor during theremoval. The complainant alleged that the supermarket viewed had threeweeks of CCTV footage. The footage contained the complainant’s image andthe supermarket used this CCTV footage to ground a disciplinary hearingagainst the complainant. The complaint further stated that at no point hadthe complainant been consulted in relation to the removal, viewing orprocessing of the footage. The key issue before the DPC was consideration of whether the supermarkethad acted in accordance with the requirements of the applicable law when it processed the CCTV footage which contained images of the complainant,specifically Section 2A(1)(d) of the Acts which provide that a data controllershall not process personal data unless “the processing is necessary for thepurposes of the legitimate interests pursued by the data controller or by athird party or parties to whom the data are disclosed, except where theprocessing is unwarranted in any particular case by reason of prejudice to thefundamental rights and freedoms or legitimate interests of the data subject.”.The DPC determined that the use of CCTV in employment situations shouldonly be used for stated valid purposes, such as security. It should not be usedfor employee monitoring, and policies should be in place to ensureproportionality and transparency in the workplace. However, the DPCconsidered that, when the supermarket viewed the CCTV footage for theperiod, it did so in the pursuit of its own legitimate interests and in thisinstance found there was no contravention of the Act. https://www.ejtn.eu/PageFiles/17861/Deciphering_Legitimate_I...
I'd say the same applies to credit/debit card number. They can only process the data to fulfill the purpose of paying for the goods, not add a legitimate interest to profile the customer.
> "we consider logs of payments made in a store a legitimate interest"
That sounds like the kind of get-out I'd expect from a US company, or any other company with no significant assets under GDPR jurisdiction. The GDPR defines "legitimate interest", and that isn't one of them.
I guess the incongruity is then more along the lines of corporations being allowed to engage in stalking, but not persons, despite the fact that corporations are legally persons.
>real-world tracking, the latter of which we would call stalking.
No we wouldn't. Let's take a very similar business which existed before the internet, credit reporting agencies. Do credit reporting agents constantly follow you around and watch you in order to build a profile about you? No, that isn't how it works and no the vast majority of people are not creeped out by the existence of credit reporting agencies. Consumers benefit from the profile credit reporting agencies make on them because it allows them to get better deals when they need to take out a loan. Consumers also benefit from the profile ad companies make on them because they are able to see more relevant ads which means that they can find new products, services, communities, etc that they may be interested in rather than seeing stuff they don't engage with.
Just because you are fine with being stalked and sold by private corporations does not mean everyone else is and should be more or less forced to endure it.
No one is following you around. It's more like you keep sending letters to advertising companies. You are going to them, they aren't coming to you. If you go to Hacker News there is no way for them to follow you here.
You aren't being sold to private cooperations. Facts about the universe which relate to you are being collected. If you learn George Washington was born in 1732 on Wikipedia do you think Wikipedia sold you George Washington? These are just facts that exist in the corpus of knowledge about the world and the people who live on it.
Is it okay that one can pay data giants to put false social media posts in front of millions of select people that have been heavily profiled to be statistically more likely to believe such postings and change their voting behavior as a result?
Is it okay that the DMV makes millions yearly bulk selling demographics, home addresses, and emails to political candidates and adtech companies?
Is it okay that the payment processing service used by your pharmacy and grocery store sells purchasing data to insurance companies? Surely they will never use this data to raise your rates, right?
Is okay for third parties like cell phone providers and credit card companies to collect information about who goes to the abortion clinic and sell that information to people that might wish to see them face murder charges in a death penalty state?
Will they do similar if gay marriage is targeted again?
Is it okay that Apple gave the CCP access to their Chinese servers allowing them to more easily track down and imprison/kill Uyghur muslims?
What about for journalists covering war crimes? Should they just accept that they will be tracked everywhere and killed for doing their job?
It takes someone incredibly privileged to be dismissive of the serious risks mass data collection represents to the vulnerable. Just remember the location, browsing, and purchasing data you give up casually today can be used to target you later when political landscapes change.
Those of us who are privileged have an absolute obligation to pursue and normalize data privacy for those whose lives depend on it.
>Is it okay that one can pay data giants to put false social media posts in front of millions of select people that have been heavily profiled to be statistically more likely to believe such postings and change their voting behavior as a result?
Yes, I believe it is okay for people to talk with other people about political issues to strengthen or change their opinion. It's a good strategy to focus on talking to people who are most likely to convert to avoid wasting your time with people who firmly hold the opposite opinion.
>Is it okay that the DMV makes millions yearly bulk selling demographics, home addresses, and emails to political candidates and adtech companies?
Yes, it allows my tax dollars to be spent on other things.
>Is it okay that the payment processing service used by your pharmacy and grocery store sells purchasing data to insurance companies? Surely they will never use this data to raise your rates, right?
Yes, if people who buy bananas and live alone are more likely to slip and fall then I see it as fine for an insurance company to raise the rate. Typically the more data an insurance company has, the more accurate they can predict the probability of a payout. If someone is trying to hide data that causes an insurance agency to underestimate this probability I would consider that as fraud.
>Is okay for third parties like cell phone providers and credit card companies to collect information about who goes to the abortion clinic and sell that information to people that might wish to see them face murder charges in a death penalty state?
Yes. I think it would be unethical not to report a serious crime. Are people really going to surprised pikachu face when they are caught for doing a crime.
>Will they do similar if gay marriage is targeted again?
I don't understand how that applies.
>Is it okay that Apple gave the CCP access to their Chinese servers allowing them to more easily track down and imprison/kill Uyghur muslims?
Yes, it's okay to help a government enforce their laws.
>What about for journalists covering war crimes? Should they just accept that they will be tracked everywhere and killed for doing their job?
I don't know enough on how their job works to answer.
>Just remember the location, browsing, and purchasing data you give up casually today can be used to target you later when political landscapes change.
Where I live new laws can't retroactively punish for actions done before the law passed.
>Those of us who are privileged have an absolute obligation to pursue and normalize data privacy for those whose lives depend on it.
I believe all information should be free and I believe criminals should be unable to escape punishment.
You seem to be seriously saying you trust all governments and corporations to always penalize, imprison, and murder the correct people and we should give them as much data as possible to make them efficient in doing so.
I honestly can not tell if you are a troll or a psychopath.
Rohan makes a valiant and useful attempt to expand the over-simplified
notion of digital privacy. Anything that throws more light on this
area is welcome. However I feel that some of the distinctions are
incomplete or need highlighting more strongly.
The word 'tracking' shouldn't be used to stand-in for "absence of
privacy". For example, I may want to be tracked in every detail and
might buy a GPS tracker. However it should remain under my exclusive
control. If I find it's defective because it's treacherously uploading
my data somewhere I didn't ask it to, that's a breach of privacy.
The suggestion that techniques for web browsing might be generalisable
to wider privacy doesn't hold up well. The main focus is mitigations
(evasion and reduction) against cross-site identity leakage. Active
obfuscation, avoidance, spoofing, dazzle, camouflage and decoying
isn't covered, nor are threat actors or actor position. For example my
ISP or device vendor may be a greater threat than a website (doubly so
when the device and site are owned by the same entity eg. Google.)
It is oft said that privacy means different things to different
people, but this is not the same as saying people have different use
cases and needs, and is rarely unpacked by socio/psychological
analysis (different expectations and ethical judgements may exist
within the same use-cases and needs).
Also, someone "being okay" with a violation of privacy is not a
sufficient indicator. Objective harms exist and they don't go away
because the user is ignorant or convinced, or coerced to make
"acceptable trade-offs".
I read this as an attempt to explore the tension between people who want total anonymity and people who just don't want their personal information abused. Sure, there are companies that abuse your information and yeah that's a violation of privacy. But the way I am reading the argument, the solution to one company violating your privacy isn't necessarily a surefire: we should take one more step towards total anonymity. Rather, it depends on the threat model.
> Also, someone "being okay" with a violation of privacy is not a sufficient indicator. Objective harms exist and they don't go away because the user is ignorant or convinced, or coerced to make "acceptable trade-offs".
Curious what you'd consider an objective harm. For example, I've been in discussions where any stable identifier is objectively harmful because it could be used by a service to track you. Therefore we can't do things like mutual authentication since your cert has a globally unique name, allow signatures in the browser because your key is a global identifier, behave normally at layer 2 (thanks Apple, I can't manage devices on my network anymore because they all randomize their MAC), or find my nearest Lowes because now my traffic exits 5 states away because ~~Apple wants to own my data~~ of my big scary ISP who can't be trusted.
Sadly the only conclusion I can come to is that these problems are social and, though technology may have introduced new means to abuse people's privacy and it's natural to seek a technology solution, ultimately require legal solutions. For example, "deleting" IP addresses from the internet is not an acceptable solution in the fight against privacy abusers. Nor is telling services they can't collect information that could identify you unless they need it because, well, everyone needs it at some level and it turns out everything can identify you in the right context.
Punishing people who abuse others' privacy is the solution. That, or, technology would need to let me select a la carte exactly which identifiers I want to allow and which I don't and we'd have to live with most everyone never touching those toggles and blissfully remaining tracked and targeted. Frankly I'm sick of privacy nut technologists (who no doubt are genuinely concerned for everyone's safety on principle) continually pushing everyone towards "tracking evasion" when all that most people really care about is surface level "tracking resistance".
That much, at least, I resonated with in the essay.
To dodge the risk of opening a can-o-worms I don't have time for on a
Monday morning I'll just say watch for the chapter "Harms" in Ethics
for Hackers when it's out, or ping me a PM if you fancy being a
proofreader for that chapter.
> Sadly the only conclusion I can come to is that these problems are social
I just replied to another similar remark. They are simultaneously
psychological, social, technical, legal and political, and must be
addressed on all fronts to reduce long-term harms upon the many to the
temporary advantage of the few.
> Punishing people who abuse others' privacy is the solution.
It's a solution amongst many which is necessary but insufficient to
cover all harms. An example already given in comments; of Nederlands
collection of religious data prior to the Nazi rise, is apropos
anachronous and displaced threats.
> Frankly I'm sick of privacy nut technologists (who no doubt are
genuinely concerned for everyone's safety on principle) continually
pushing everyone towards "tracking evasion"
I hear that. There's a real risk of alienating users and losing the
psychological campaign for better opsec by harping on a "mother knows
best" tune. For example, GDPR cookie popups seem to have had that
negative effect.
> That much, at least, I resonated with in the essay.
Me too. I very much like Rohan's writing. It sparks great discussion.
> For example, GDPR cookie popups seem to have had that negative effect.
Yes, but I don't think it's limited to "visibly" negative user experiences. Not being able to sign a document in the browser using an HSM-backed hardware key because vendors won't add that functionality because some nut on the mailing list is concerned about "supercookies" also is, arguably, harmful to users because it deprives them of stronger security applications (that might also lead to a stronger tracking resistance stance nonetheless by nature of the ability to sign and encrypt messages at the application level) in pursuit of a fuzzy goal of never letting anybody have a stable identifier, ever. That seems, in the very least assuming the supercookie concern is legitimate and not a vendor play at retaining platform control, something that can only be decided individually by the user and not the browser vendor.
Another example is TLS 1.3. In order to have better privacy against unfriendly networks encrypted SNI pretty much kills content filtering at the last mile network level (can still do it on device, which is Apple's solution). This might be a great win for Joe who wants to browse Ashley Madison at the coffee shop away form prying eyes. But it's not great for parents who depend on content filtering solutions to help keep their kids safe on the internet. So, who really, is a technology like that harming?
> To dodge the risk of opening a can-o-worms I don't have time for on a Monday morning I'll just say watch for the chapter "Harms" in Ethics for Hackers when it's out, or ping me a PM if you fancy being a proofreader for that chapter.
I emailed you via book2021@.
This, though, is really the crux of it for me (sorry I rambled about a bunch of peripheral things). It seems that ethically the idea of "remembering a customer to draw inferences about how they'd behave" is rather natural to how humans operate. Historically, I can't even tell you I don't want you to do that because how I conduct myself in public is, well, public. So on the individual scale I think a lot of literature needs to be developed around building an understanding of what exactly is wrong, regarding profiling in public, to do without a person's consent. Is it wrong to write down someone's name, for instance? Is it harmful to be so good at profiling someone based on immediately available information that you might learn some things about someone even they didn't really care to discover? It certainly seems invasive from a user perspective but then again so would a good shaman, psychic, magician, or psychologist who build careers on playing the statics and profiling games. In short, I totally agree that these things are very often unwanted. But I don't think I've made the jump to them being broadly ethically harmful on an individual level, yet.
At scale is where I see these problems becoming much more obviously harmful. If you can track an entire population you might also have the tools to influence an that population. If you're influencing them in a harmful way then that probably constitutes as ethically harmful. Perhaps we need to figure out how to limit or separate these powers at a global level. Maybe tracking firms should not be allow to sell information to political organizations? Maybe they should all just be shut down?
Anyway if you get time to further develop that point I'm all ears as ethics, especially in computer science is fascinating.
Thanks for your reply dcow, which I won't be able to do justice to,
although I look forward to an email.
Oddly, I am responding to someone in another thread who considers the
digital rights and privacy movement as "insignificant" and a "war
that's lost". At the same time I'm trying to reconcile that with your
being "sick of nutters".
Bruce Schniere was early in pointing out another pendulum swing in
technology, which we already know from the centralisation -
decentralisation cycle, as concerning authoritarian and liberal
swings. Therefore I think what we are seeing is the magnitude of the
genuine backlash against abusive technologies in general. People rally
around the word "privacy" as a (as you say sometimes inappropriate)
totem.
I agree we are in the infancy of this discussion, at least in the
development community. That said, I've read over 40 contemporary books
on the emerging landscape of digital rights, many written by fellow
devs and computer scientists, as well as piles of classical philosophy
around "tech critique", and there is a wealth of wisdom to tap
into. One of the aims of my writing here is to "bring the battle to
Rome", and obviously risk a very harsh audience - although I am
surprised how many kindred, sceptical souls are found here on HN.
A lot of it has nothing to do with "privacy" as an historical
semantic, so I've pushed hard to introduce "digital dignity" as a
(weaker but more useful for it) conceit.
But individual harms are all around us. Just to pluck one extreme one
out of the air - physical violence (indeed murder). I set my students
to watch the Panorama documentary about kids who kill or maim each
other over online gaming. Claims that this is an issue of scale, or
that online games have changed don't ring true to me. This never used
to happen for the simple reason that online anonymity was good thing
in this context. In a game you could suck it up or switch it off. So
in this example, over-connection of virtual to real-life spaces is a
dangerous thing where people cannot maintain psychological sense of
perspective.
Reading the title, I assumed that the article would talk about what people mean by privacy. However, it really is about how people try to achieve privacy (by reducing the mount of collected data, or by reducing the amount of collectible data). The thing is how you do it depends on what you are trying to achieve. When discussing privacy, I find it useful to distinguish three types: a) privacy from government, which is fondamentally not a technical problem but a political one, b) privacy from big corporations, and c) privacy from criminals (i.e. "hackers"). In my experience, people are really mostly interested in c) and so-called privacy conscious people are mostly interested in b). As for how to achieve b), I (perhaps naively) assume that corporate data collection obeys a law of diminishing returns, so the best strategy is simply to do more than the masses who do not care.
> When discussing privacy, I find it useful to distinguish three types: a) privacy from government, which is fondamentally not a technical problem but a political one
I think that this is not quite true. At its best, privacy from the government is granted willingly by the government; this is a political process. However, one might be dealing with a government that explicitly revokes certain privacies, or one might not trust a government's guarantee to respect certain privacies, in which case the political problem is once again technological. (Or of course one could trust one's government implicitly but not the next government, or one could trust one's government to try to do things well but fear government stores of data as a juicy target for hackers.)
I mostly agree. What I mean by "fondamentally not a technical problem but a political one" is that technological solutions to bad or incompetent government policies seem to me to be band-aids that do not actually solve the problem. They are useful if this is all you have, but they are no substitutes for good policies.
> of course one could trust one's government implicitly but not the next government
Quite so. Consequently my priority is a); if I can keep my information away from the government, then b) and c) follow along. That is, if government can't get the data, then (unless I'm careless) nor can corporations and crooks.
The government is the toughest nut; they have the whip hand. I need to interact with the government to get government services I've paid for, such as my pension and medical treatment.
I disagree with this basic premise. Privacy is not a baseline philosophical module that gives way to two separate concepts; privacy is simply a thing that can be achieved upon exercising one's property rights.
We want privacy because we desire control over the dissemination of our secrets. We desire this because our secrets are derived from activities to which you do not want the public privy. The reason one does not want their activity public is because it ultimately threatens the foundation upon which our lives are built. We use our right to property to protect ourselves against this outcome. We buy homes to say "this land is mine, please do not come onto it." We buy cars to say "this is my wheel machine, please do not use it." We buy computers to say, "these are my thoughts and productive activities - not yours."
We do not mind when our privacy is violated when it is perceived to have no material impact on us for that information to be out there.
This article is not really about privacy, but rather different ways by which to go about privacy _protections_. It is an insightful article when tuned to this context, and without doing that, it can be a little misleading.
IMVHO there is a deep fallacy in the article: privacy is not about individuals as single human being but about society, witch means that privacy is not about standing out because of tracking avoidance vs appear as "common generic human" as possible, it's about the power of aggregated data.
The war here is already lost but the point is that we do mandate by laws privacy because there are no issue if anyone know anything about anyone else or anyone do not know anything about any others. The issue happen when very few knows very much on anyone else and anyone else know next to nothing about them.
The two kind of privacy depicted are just a single emergent aspect, like a flame pinnacle, who stand out, but the real issue is at the base of the flames.
> privacy is not about individuals as single human being but about society
Yes indeed, an important point. Privacy makes little sense on a desert
island, even though a solitary castaway has lots of it. (I'm not even
sure it makes very much sense for two people on an island)
> the power of aggregated data.
plus the intent, means and opportunity for a group to use that data
to the disadvantage of another group or individual.
> The war here is already lost
No. The war is won again the moment that data supply dries up because
it goes stale quickly. People changing their attitudes can and will
have a massive and rapid impact on those industries. Don't be cowed
and browbeaten by defeatist talk.
> mandate by laws privacy because there are no issue if anyone know
anything about anyone else
It is equally important to attack intent, means and opportunity. For
example, recent research <citation needed> has shown that targeted
advertising is really ineffective puff and bluster. Breaking the spell
of its mythology is a tactic favourable to privacy because it
disabuses potential customers of surveillance capitalism. Technical
measures like Tor, overlays and other strong anonymity deals with
means, while education pro-privacy propaganda addresses opportunity.
At the end of the day we're fighting a counter-intelligence war.
Honestly? How many always have an Android/iOS device in their pocket, they use it all day long, talking and texting with it, taking photos send to some cloud for backups etc, ... yes, the war is definitively lost, also because most choose not to really fight it.
People could and should change attitude but so far those who change are a so little minority to being just irrelevant at social scale.
It does not even matter that some or many aspects of surveillance capitalism fails partially or substantially, once you create the surveillance infra some parts will be surely failure but the overall architecture pay back anyway those who control it. Take a look at China...
Some fight back sure, who does it matter? Let's say I do my best, at a really paranoid level, to try protecting my privacy: I can't even going in urbanized are since they are full of cams like most modern vehicles. I can't probably use a bank here since 99% of them demand a crapplication who run only on Android/iOS (of course, not in an emulator) as a third factor for auth, I might be able to circumvent their check BUT it's a continuous fight for what? The list is soooo long that at maximum you can try fighting for the army honor, not to win...
This is not China, for now, we run at a very high speed to copy them. Social score is already there, started with covid excuses, but there, the push toward e-cash, qr-codes+mobiles etc is here. I do not call whataboutism foreseeing tomorrow...
Or maybe, imagining tomorrow in your worst fears. There is an
important difference between prophecy, which may be right or wrong, but
is generally welcome, and defeatist doomsaying or catastrophising
("the war is lost") which is not.
It generally makes people dislike you because there is nothing of
value to take from one who says "there's no point even trying".
I once shared a lifeboat with someone who spoke this way. After only
10 minutes of hearing them say "we're never going to make it", the
others and I were very close to simply throwing him over the side. :)
There is not only a single war, but many. Personally the war I fight now, the one I imaging to be "winnable enough" is about personal data possession witch means for instance my mails on my iron under my availability instead of on someone else server, a personal domain name so I hopefully being able to transfer it from a vendor to another without changing my URLs etc. That's a thing I advertise to anyone: do your best to have local tools and data.
For instance do not leave photos on mobile, sync them at least etc.
> Personally the war I fight now, the one I imaging to be "winnable
enough" is about personal data
So you're a fighter. {{brotherly hugs}}
Your comment yesterday was bugging me. Today I feel happier. Yes,
things are bleak with rising technofascism, but I sincerely think it
thrives on ignorance, apathy and defeatism. And those are beatable
demons.
> That's a thing I advertise to anyone: do your best to have local
tools and data.
Telling other people, helping educate and inform, spreading
possibilities, these are really important things.
> There is not only a single war, but many.
All great victories are about insignificant people doing their bit.
Don't worry about the grand strategy, it's too big to see. Rest in the
knowledge that somewhere else another hacker is doing their bit, and
all these little wars together add up to something positive for
humanity.
I always thought that since I opted for DO NOT TRACK I am not being tracked, now that it is a fingerprinting vector, it feels like being duped, and BTW if WebKit removed it then why not Firefox, I mean is there any good reason to have it anymore?.
posting from a throwaway account -- I worked at a few audience measurement companies, DNT was never looked at -- completely ignored. The reason was simple: all upside to ignore, no downside. Regarding fingerprinting -- I know firsthand the places I worked at considered it, and rejected it. Problems are: too cumbersome, they do not persist over long enough periods to be useful to the industry, and they cannot be shared with other companies in the data marketplace. An adversary can use them short-term, but if an adversary has the data to do that, they probably have additional more accurate means at their disposal. Also, in my view, academic papers on this subject always seem alarmist and naive, and methodologies have problems (lack scale, have selection bias, lack ground truth, overlook persistence over time, etc.)
{edited} - the way DNT worked in practice led to a very misleading, and harmful effect. Standards should be designed with stakeholder incentives in mind.
Would love to hear HN's opinion on tracking. I was of the camp that all tracking is bad and should be banned. But one day I re-realized, website owner, having access to the server (e.g. nginx), can always track their visitor if they wish to. So maybe the problem is third party tracking instead of tracking? What do you feel if a website doesn't use any 3rd party tracking, but analyse visitor usage pattern using nginx/cloudwatch/any sort of logging provided by the tools essential in running the services?
You were right initially. First-party or third-party is not a useful distinction from a privacy point of view.
If you want analytics, anonymize first and then use whatever tracking you want. But first price that your anonymizing is really effective, even if they results in less precise tracking.
> First-party or third-party is not a useful distinction from a privacy point of view
It is a huge difference. There's one thing to have your data stored on a server that only one person has access to, and they are obliged to respect strict privacy laws and a completely different thing to have your data sent and shared to hundreds of companies that can use that information for various marketing or analysis purposes.
I really disagree. Whether the cookie shows under a dns name or another means next to nothing as to who is doing the tracking. If I'm not mistaken, Google Analytics is now pushing to have all cookies served by a front domain, hiding from the user who the third parties are. I may be wrong on this, have not done my research yet.
To make it clearer: If the company knowingly breaks privacy laws by secretively sharing data with 3rd parties and using domain cloaking/redirecting to hide this fact, that's a different issue.
I think it's a huge difference between:
A. I track visitor stats and usage details and send all the details to Google and their partners (which enables them to create a profile of the visitor across the web, have in-depth stats about your website's traffic, traffic sources, sales, visitors demographic, use the data to target specific or groups of visitors or share it with your competitors or other companies for marketing purposes).
and
B. I track visitor stats and usage details, store them locally and use them to improve my website.
I agree with you, but my comment was not regarding the DNS, but the legal entity having access to your data.
There's one thing to send your data to Google and accept for it to be processed by them and all their partners and another thing to send your data only to the company that owns the website that you are currently visiting and only allowing them to internally use this data, without it being sent or processed by any 3rd parties (as strictly specified and regulated by the privacy laws).
That's why GDPR complying webservers either disable logs or keep them on a rotating 30 day basis (a real legitimate interest to have insight into potential DDoS attacks).
Now you can take a guess how many actually do either of those two things... I would not even put it at above 1%.
Author mentions Tor, yet Tor can make you stand out just by mere use of it, unless you use pluggable transports/ bridges to hide the fact you’re using Tor.
Also you could hide in plain sight by using Safari on iOS with a generic mobile Internet IP. Generic useragent and generic IP. What’s wrong with that? Bonus points for browsing in a private session to stop cookie tracking.
>Tor can make you stand out just by mere use of it
That's always a concern with obfuscation networks. But that concern decreases with the number of other users on the network. The more that people start to use Tor, the more it becomes socially excusable and the more the anonymity set grows.
Traffic goes in, traffic goes out. Few can connect the dots.
>Also you could hide in plain sight by using Safari on iOS with a generic mobile Internet IP
No, you really can't. There's no browser (other than Tor Browser) that I know of that takes sufficient anti-fingerprinting measures. Using safari/ios to "hide in plain sight" is a lot like trying to hide in a crowd in front of a security camera with a unique QR code tattooed to your forehead.
You could also disable JS in Safari but with the caveat you would stand out among the masses who have it enabled. However like you said, the more people that disable JS in Safari, the easier it is to blend in, but we’re far away from that happening. As regards unique fingerprints, no JS mitigates things like canvas fingerprinting and other factors like time zone, battery charge level etc
Fourth amendment - privacy of person and possessions
Fifth amendment - privacy of personal information
If only the extraordinarily powerful and well funded defend-from-the-government second amendment advocacy groups understood that the freedoms they think they are protecting with guns are being lost from the data they freely give to governments and corporations.
State DMVs make millions every year selling home addresses and emails to marketing firms and no one cares.
That's what the Ninth Amendment is there for, hypothetically.
The Bill of Rights was never intended to be an exhaustive enumeration of even fundamental rights, and the Ninth Amendment explicitly says that you cannot ascribe significance to a right having been omitted from the enumeration.
That depends on the SCOTUS deciding there is an unenumerated right being infringed upon, and historically the SCOTUS has preferred to tie judgements to enumerated rights even if it'd be simpler to just say outright, "this is an unenumerated right", but still, we're not supposed to need to actually spell them all out.
The idea is: Data that just isn't there cannot be lost, abused or stolen. Or phrased differently: Data is also a liability for you and your users and you should balance this liability with the use it has for you.
The idea comes from Germany's Nazi past, when the Nazis invaded the Netherlands where religion was a field in the official documents, which lead to an very efficient genocide.