Hacker News new | comments | show | ask | jobs | submit login
And the privacy invasion award goes to … (eff.org)
106 points by zoowar 1628 days ago | hide | past | web | 29 comments | favorite

I might have a bleak vision of this place but unfortunately I think this article is not going to ring a bell in here. Well it might be upvoted but sparsely read.

A good portion of HN users don't care at all about privacy, or at least not when they could be the ones protecting it. I read this board every day and every time I am floored by the fascination for cloud services, the (relative) savings from it and monitoring software. As long as they are glossy and beautiful, that's it, sold.

Anyway I was shocked by the last one with Brita and that's great that EFF is publicly calling these companies and their actions.

Thanks for reminding us that we must remain vigilant.

Privacy probably doesn't strictly monopolize HN's concerns because cloud services are Good Enough when it comes to privacy for our Ruby on Rails MVPs, our benign blogs, and our JSconf slideshows.

Conflating privacy where privacy is needed with privacy for privacy's sake is a waste of time and dilutes real privacy concerns with a bunch of "Wolf!" cries.

One example of a huge cloud-based privacy problem: Google Analytics, which I discovered by using NoScript.

So, google knows about me even when I don't use it. Even when I am explicitly avoiding it, and use DuckDuckGo instead (I do, by the way). Your "benign blog" which uses this service is hurting my privacy big time. I'm okay with you knowing that my computer is visiting your web site. I'm not okay with third parties such as Google, Facebook ("like" buttons, anyone?) or some advertiser automatically knowing that as well.

Same problem with Gmail. They look at and analyse your emails to send you those targeted ads, remember? You pay with your privacy to use it. Which may be fine. But you also pay with my privacy, each time you send me an e-mail, and each time I send one back. That is definitely not fine.

Personally, my heuristic for privacy is this: By default, don't sacrifice your privacy. Think twice before you do. And never ever sacrifice others' privacy without their explicit, informed consent.

We're quite far from that.

I read someplace that 60% of the English language web sites use google analytics. add in any DNS requests passing through google's DNS, adwords js views, google searches etc and it's not hard to assume they can see pretty much whatever they need to build an advertising profile for you.

I suspect facebook is a close second with the tracking of outbound links from FB and "like" buttons all over...

At the moment we're not really seeing signs of malevolence from that corner. My worry is: what happens if those companies take a nose-dive [1] or get a new commander [2].

[1] There are plenty of examples like that floating around. Large companies that were once the kings of their tech field now seem to focus on patents as a source of income.

[2] We kinda had a sneak preview of what a change like that can do when Schmidt handed over the torch.

And yet as an older citizen of HN I am very concerned about privacy, enough that I use cash for at least half my purchases. Cash is wonderful because cash is anonymous.

I wise boss I had one time told me "Don't worry about the banks and US government and your privacy, they don't have the ability to actually do anything with it. You should worry about Google getting your information."

Why? As a younger(ish) citizen of HN I don't see the benefit of being anonymous.

Being on the receiving end of a legal interrogation might change your mind.

Or go read up on your history. The Spanish Inquisition. The Holocaust. The House Unamerican Activities Committee. Soviet Russia. The Lives of Others. Just to name a few.

One oddly eloquent argument for the value of anonymity comes from ... Google: http://googlepublicpolicy.blogspot.com/2011/02/freedom-to-be...

It might affect your insurance premiums. Or, search for 'headache' too many times and you might become uninsurable.

While I largely agree with you (and have written as much in my blog) I disagree about the risk with cloud services. I only see two places where "the cloud" increases the risk of a privacy violation: 1) Inherent decreased security of cloud services makes a data breach more likely and 2) an increased risk that authorities could seize a server that contains sensitive data.

Even though the EFF singles out The Cloud for an award they only highlight risk #2 of my list. I'd like to hear why you are singling out the cloud (I'm not trying to be combative, I'm truly interested). I see very similar problems with cloud architecture as I do with VPS or even single owner servers.

In my opinion the real privacy risks (controllable ones anyway) have to do with services sharing information with third parties, not information security risks.

I never thought Brita would make the list. I've been using them since Consumer Reports gave them a good review for low-cost but effective water filtration systems. Does anyone know of a good low-cost alternative?

I wouldn't have called Brita low cost. Anything but. The reason they switched from the cylindrical refill to the rectangular one was to put an end to the cheap third-party cartridges, which had become endemic for the cylindrical ones. Cynical marketing was used to make it sound like a benefit for the consumer.

I use an old Brita jug with cheap third-party refills, about 1/2 the price. You can also re-use old cartridges and refill them with activated carbon (google for it, there should be plenty of hits). Not quite as good as a new cartridge, but good enough to remove chlorine and bad tastes.

An alternative is reverse-osmosis filtration. Marine aquarists use them as a matter of course as the chemistry, especially water quality, of a home marine aquarium needs to be tightly controlled. You should find that you can get a reverse-osmosis kit aimed at marine aquarists set up for a couple of hundred dollars, much cheaper than a consumer kitchen set up.

Just wrote 'furious email tone' to Brita, as a long time user:


With respect, I am disgusted to learn apparently your company is responsible for forcing schoolchildren to use RFID chipped water bottles that need to be 'scanned' whenever they want to refresh themselves of surely a basic human resource, drinking water. I sincerely hope the following 'award' goes someway to you recognising how disgusting your conduct appears to the general public:


I hope that you are a good company with well intentioned people working who has been misinformed or conned by some marketing clown, and that this is just a misjudgment on the part of bad management. Please ensure this programme is stopped as soon as possible, I have been a Brita user for years but this is unconscionable.

Thank you,

xxxxx xxxxx"

Privacy (and anonymity) is worth defending right now precisely because it is under an unprecedented attack.

There is a real mania underway for registering and identifying users of even humdrum activities like using public transport, for instance. Increasingly, you can not get services, at least not at the best price, without registering all your details and being issued with some silly card to identify you. Yes, there are 'discounts' offered but this just proves the point that there is real pressure to identify everyone at every transaction. In practice, it means in fact a hike in price for those refusing to conform.

The Brita example of children not being allowed to drink water without identifying themselves is just the tip of an iceberg.

Contrast this modern lifestyle with those terrible dark ages, when you could put a few gold coins into your purse, jump on your horse and ride to anywhere without a passport, without any idetification or documents whatsoever, without worrying about exchange rates. You could give or not give your name as and when you pleased and still get courteous services and make purchases with your gold anywhere in the whole world.

A lot has changed since those days and, I would argue, not for the better in this respect.

If you really believe that was a better time to live in, there's some third-world countries that still operate that way. But it's pretty rough going when you have 1. no credit and 2. no distance communication, just to name two basic issues enabled by better identity management.

Poverty, though a real problem, is an orthogonal issue to this. You are right though that debt creation and 'identity management' go together. Interestingly, these dirt poor people who are not 'indentity managed' have better balance sheets (standing at zero) than your average US college graduate.

I actually only was referring to the lack of infrastructure, not the poverty (although the two generally go hand in hand, because per-capita GDP is driven by the level of infrastructure investment.)

As for balance sheets, that's why you don't assess company values based on their balance sheets alone. It's better to have a somewhat negative balance sheet and strong income potential than a zero balance sheet and 1/10th the future income. We complain a lot here in the US about how terrible things are, but we still have something like 10X the per-cap GDP of much of the world.

The award to Blizzard, Inc. for memory scans to prevent cheating in an MMO video game (something that I'd wager most players would accept) sort of cheapens the award when it's shared by widespread government-disseminated trojans and citizen surveillance.

An example of what is developing into my biggest problem with EFF: an organization doing incredibly important work that at the same time has seemingly no scruples about muddying the water to gain attention and gin up outrage. It's hard to escape the thought that Blizzard is on this list because nobody cares about German frozen food companies, but everyone recognizes Blizzard.

How do you come to that conclusion? The German Big Brother Award is not an EFF event. It concerns itself with issues mostly relevant to Germany and is split into different categories. Blizzard "won" the in the consumer protection category. I would also argue that it's wrong that nobody cares about frozen food companies. Germany has strong privacy laws and while not nearly enough people care, a lot still do. Companies violating employees right to privacy _is_ a big deal in Germany and gets top spots in the news.

I agree that companies violating German privacy laws are a big deal.

I am in a love-hate relationship with Blizzard, love their games, hate their big brother approach. Scan my computer memory because I might be cheating is both insulting and an invasion of privacy.

Another example is I was registered with them in one country and now moved to another country - they won't change my country status unless I give them a copy of my passport (or similar ID) and a physical copy of a utility bill.

Just who do they think they are?

It's also saying that the Starcraft 2 ladder system, which records your games so you can review them later, and ranks players based on some ELO-ish formula, is a privacy invasion.

Plus, aside from the entire real name forums stupidity last year, which would be a valid criticism of Blizzard, but is not named here, the only functionality the RealID system gives is social: cross-game chat and the ability to group up with friends on a different server.

I do consider not being able to privately secretly play games to ungodly hours a privacy issue.

I'd note that the automatic-water-dispensing machine that used an RFID chip in your water bottle, seems like more of a red herring. They described it in a fairly technophobic way, like kids are being injured by exposure to technology. They come off sounding like out-of-touch old fogies.

This was were I was quite surprised as well. Blizzard is always in a fight against cheaters, and it is required since their games are competitive in nature.

I hate how often the EFF comes off as looking like a bunch of conspiracy theorists. "chat recording that captures text communications, game recording and player rankings that reveal how often and how long players have been playing" Um, yes, this was a highly desired feature.

There are so many legitimate problems in privacy, but these are not them.

It is, to be fair, also a feature that is of great use to stalkers - a problem which WoW players won't be exactly unfamiliar with.

I'm on the fence about this award for Blizzard - on the one hand, there are worse offenders, but on the other hand, Blizz do tend to make some remarkably dubious privacy calls.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact