The surveillance problem is a matter of balance problem: if we are all able to surveil all others or none is able to surveil essentially anyone else forces are balanced there are only marginal issues. If someone can surveil nearly all but nearly all can't surveil the small cohort who surveil them than forces are not balanced.
Surveillance per se might be useful, let's say you want to know how much live traffic is there in your planned trip, alerts for incidents, natural phenomenon and so on. The issue is just the balance of forces and what can be done in case of unbalanced forces those who hold the knife from the handle side.
It is, because the willingness it's largely irrelevant, there are countless information about you left here and there. Of course ideally we have to choose a trade-off between the need of sharing and the will to keep things private, but the point is what we really have or not.
I like having Google Street View, I do not like have my gate on it but that's the trade off, I like Street View so I have to accept having my door on it as well. The point is who own what. If StreetView is like OpenStreetMaps it's a thing, if it's a private service where the owner decide what to keep and what to publish than there's a problem.
I like being able to see my car's cam from remote, but that means others cars owners will see me walking around as well, that's an acceptable trade off if it's balanced (anyone can see his/her own car's cams) it's far less acceptable if vendors can see and sell streaming cams, owners depend of them to partially see or not their cam streams.
Let's say you are a big-edutech player, you have all infos collected by your platform on your infra. Even if children and families know what you have and "why" [1] they can't know you send an ads at a time small bits of information to drive the scholar path of talented children you plan to hire tomorrow or you try to push some students with political/philosophical ideas aside to avoid having them as active adults against you.
Long story short:
- we, of course, need personal ownership, the opposite of modern IT where most info are in third party "cloud" hands and users have just some modern dumb terminals "endpoints" to interact with third party services who own their digital lives;
- we of course need to know where our information go
but it's not enough, we need information fairness. OpenStreetMaps might have someone using data for certain business purpose, that's still fair, since anyone else can use and own the same data, it's a choice do it or not. Google Maps it's not. Google is the owner, others are customers.
If we share anything or nothing or anything else in between accessible to all or to no one, we are in a balanced situation, there will be some who takes better advantage than others because they understand how to do and they want to do so, but it's still a fair situation. Otherwise it's a recipe for a dictatorship witch we can more and more call "a corporatocracy".
--
[1] a small anecdote: a leading Italian bank years ago decide to ditch RSA physical OTP to access their services mandating a mobile crapplication, I file a formal protest asking for GDPR information and aside noticing they allow operation from mobile, de-facto nullifying the third factor witch is against EU laws (largely ignored the PSD2 norm mandating a separate device for auth and operation), they answer me after a significant amount of time politely that:
- they do ask camera permissions because the app allow to scan Qr codes form various payment systems and for live chat (see below), for similar reason they need gallery access;
- they do want speaker because in-app they offer live audio-video chat assistance so their operator can talk with their customers while being able to see and act on phone screen;
- they need to access filesystem because they allow their customer to pay some bills sent via pdfs by mail or downloaded anyway from some portals, their app need to allow the user select them to being automatically processed;
- they need precise position and phone sensors to being sure it's me acting on my device and not a remote attacker;
- ....
Long story short there are gazillion of plausible reasons for this and that, but I can't know if there are ONLY such legit use of my information or not. I can't be sure even with mandatory AGPL on all systems, because I might have the sources, but no way to be sure their are the very same actually running on their servers.
> but I can't know if there are ONLY such legit use of my information or not
AFAIK even if the bank has "legitimate" use cases for your private info (and I'm not convinced that those you mentioned are), they aren't allowed to use it for something else without your consent, according to GDPR.
> I can't be sure even with mandatory AGPL on all systems, because I might have the sources, but no way to be sure their are the very same actually running on their servers.
With AGPL, they must share with you actual source code running on their servers.
> they aren't allowed to use it for something else without your consent
But I can't prove they respect the law. That's the point.
> With AGPL, they must share with you actual source code running on their servers.
Same as above, they can share a nearly identical system I can see matching but I can't verify it's the same.
Go far, take a look at xz "backdooring".
That's still a balance problem, some have taken advantage on someone else mimicking something legit. As long as a NK project get equally backdoored we would be in balance. You spy on me, I spy on you. You can act behind my lines, I can do the same.
As long as there is enough balance there will be peace and prosperity because the personal advantage became the common one, we all evolve.
It's not enough: let's say you have signed XML transactions from your bank, so you own your accounts because you have a provable balance and transactions in your own hand, but... You still know just you. The bank knows the finance of anyone, so it can makes informed decisions you can't make.
Let's say you downloads all news articles you read in an accessible, searchable etc format, let's say a feed reader storing posts, and them are full articles in the feed, plus you have historical archives downloadable like old usenet exports. You still get only certain news, others have access to much more news so might know things you do not know and decide to not publish them to take advantage other all the others...
In finance there is insider and outsider training defined and forbidden for a reason, but nothing exists for information. Alphabet or Apple have an immense knowledge from iOS and Android users any of their user have not. How easy for them could be find talents in schools thanks to their education penetration and an ads at a time convince them to take a certain path they like, not necessarily the child like, than hire them while pushing others let's say uni students of some humanities with ideas they dislike in bad roles? What if the owner of an insurance company is also the owner of an insurance comparison service?
We can't rule nature, we can't design a forever perfect society, but as much fairness there is as much positive evolution for all we might elicit. As much as we came back to feudal like society as less positive evolution we might hope.
Of course owning our information, like our home, car, .... is MANDATORY but far from being sufficient. And actually if you see trends... The 2030 Agenda where "you'll own nothing" it's already there in the IT world, it's already there in modern connected cars and so on, it will be there soon in the whole society and that's the topmost asymmetry of information and ownership we can imaging.
At least. (that may be enough to not let split my personality into myself, not considered,
and pieces of 'me' not mine (*) used, not in my context and out of my reason: holding me responsible for whatever I can't control, at mercy of 'random factors' - if I knew, I would sue)
More complex than that, let's say your car state it wasn't on autopilot when for "unknown reasons" a pedestrian was hit: how can you prove you are right, the car was indeed in autopilot mode, you try to avoid the impact, but the car does not react to your actions?
So far 99% of cars have purely mechanical breaks and steering so even without assistant systems A BIT you can act, but very few start to be "by wire" (like Tesla Cybertruck with the famous "lagging steering")... Ownership is more vast then "just my files on my desktop storage". Similarly try recalling the recent "Google position scandal" wrongly accusing some people to be on a crime scene. Materially it's still some data in some file but...
Surveillance per se might be useful, let's say you want to know how much live traffic is there in your planned trip, alerts for incidents, natural phenomenon and so on. The issue is just the balance of forces and what can be done in case of unbalanced forces those who hold the knife from the handle side.