Hacker News new | past | comments | ask | show | jobs | submit login

I so hate when people put words "only" and "metadata" in the same sentence...

     They know you rang a phone sex line at 2:24 am and spoke for 18 minutes. But they don't know what you talked about.

    They know you called the suicide prevention hotline from the Golden Gate Bridge. But the topic of the call remains a secret.

    They know you got an email from an HIV testing service, then called your doctor, then visited an HIV support group website in the same hour. But they don't know what was in the email or what you talked about on the phone.

    They know you received an email from a digital rights activist group with the subject line “Let’s Tell Congress: Stop SESTA/FOSTA” and then called your elected representative immediately after. But the content of those communications remains safe from government intrusion.

    They know you called a gynecologist, spoke for a half hour, and then called the local abortion clinic’s number later that day.



It's important but what do we do about it?

You're using the internet afterall which isn't your network- it's someone else's! When you send a packet there is a header w/ information required for routing. Some call this the "outside of the envelope" if using the mail analogy. We can pass the buck by using a VPN but this also adds a VPN org that we need to trust. On the other hand, it's not your network! Why do you think you have a right to absolute secrecy and anonymity on someone else's network?


So every person in the world should build his own "network"?


No, it's just a case of facing reality. The internet is built by other people and we have to trust (or not) that they are going to honor the responsibility that entails, from security to ethics. The internet is also funded by learning as much as possible about users in general so using the internet is accepting that you will be tracked. Increasing personal security is good, but no silver bullet.


If with that you mean that users should be aware of the risks ok, if that they should accept them as inevitable no.

What's funded by tracking as much as possible is the current perverse part of internet, it definitely wasn't always like that and doesn't need to be.

I hope that that perspective comes from someone that hasn't lived anything before Facebook.


I'm not saying things shouldn't change, just that the reality we live in right now is that using the internet means you are tracked. Of course we shouldn't just accept that and not push back, and of course we should build things like the internet we had before social media "became the internet".

Being aware of the tracking and risks means people can make efforts to reduce the tracking, but it's almost becoming impossible to use the internet if you don't AGREE to the tracking in many cases, such as websites that won't risk GDPR violations and chooses to deny access to people blocking cookies entirely.

People who remember the old internet want it back, people who grew up with social media don't know what they're missing, and there's not much we can do to convince people to care about changing the DNA of the internet so that it's no longer perversely gobbling up all data.


This requires legislation, and a court system that upholds the law.

In the US, the courts just decided there's no right to privacy (despite what the 4th amendment says) as part of rolling back Roe v. Wade.

So, the path forward is to vote in legislators that respect basic human rights, followed by court packing (or just impeaching the judges that have been publicly accepting bribes and failing to recuse themselves on cases where they have a clear conflict of interest).

Since the above is supported by way more than 50% of the US population, the main obstacles are gerrymandering and ending the currently common practice of appointing blatently corrupt judges to state supreme courts (and also restoring recently stripped powers to state governors, since they're elected via simple majority).


Exactly, and all of that is hard and slow. We live in the now, with the internet tracking our every move by current design. Pretending it isn't tracking us doesn't mean it actually isn't.

People are generally keeping themselves monitored as they use the internet. It's a panopticon with more steps. So it's no surprise governments are using the plaintext of anything they can find to track people.

And if people don't care about that because they are more focused on their pet political issue, it will never change, and silently get worse.


Push notifications don't signal an active line of communication like that though nor do they connect who's talking, only the means. In all your examples the equivalent would be "They know someone called you."

"They know you got a push from McDonalds at 11am"

"They know you got a Slack message at 2pm"

All metadata is not created equal.


Dude, did you read my point? I said it was still bad.


I don’t agree with them plagiarizing the EFF’s blog post[0] but I think it is a mistake to use “only”. Both can be damaging and neither is clearly more or less bad since so much depends on the circumstances – like if the police have compromised one party in a conversation, they already have the payload so the real risk would be things like location data. We should probably treat both of those as equivalent risks until enough specific details about a situation are available to say which is riskier.

0. https://ssd.eff.org/module/communicating-others


But my intention was to point out that actual content wasn't being transmitted and that "only" meta data was gleaned since some people seem to think that chat messages are being scooped up. Other people have rightly pointed out that meta data is bad and why and I didn't feel the need to reiterate that.


"Still bad" strongly underestimates the problem. Metadata often is more important than the data as demonstrated in the above examples.


But my intention was to point out that actual content wasn't being transmitted and that "only" meta data was gleaned since some people seem to think that chat messages are being scooped up. Other people have rightly pointed out that meta data is bad and why and I didn't feel the need to reiterate that.


It's not the intention that matters but the execution.


I disagree. Thieves can't steal my money from my bank with metadata.


They might, using social engineering and knowing a lot about your connections.


That's a stretch, you can use social engineering to do essentially anything then.


Not if you know nothing about your target.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: