US/Western media companies are more aligned with the government of China than any notion of freedom when it comes to the interests they pour money into (as opposed to platitudes they might espouse).
The push to lock down computers and make it hard/impossible to buy one that doesn't clearly identify you - so that you cannot "steal" big media content - is exactly what makes it hard/impossible to prevent yourself being tracked and surveilled.
Can knowledgeable hackers beat the system...? Sure, somewhat, and increasingly this is harder and harder to do. But society is lost in the middle not on the fringes.
We live in the Panopticon  and this is a problem for many reasons. When a small elite can strengthen its ability to pull the levers of power decision making is concentrated in a smaller and smaller group. Small groups make worse decisions than large scale collective "marketplaces" of ideas and thought. This is what allowed the US and the West to flourish for so long. But it's easily lost. We are moving to a world where elections lead to less and less change, where major problems are going unresolved and punted to a future on the assumption that exponentially growing challenges can be out-waited. The only hope is in the increased connectivity of the Internet, access to information, and ability to share dissenting views. As this is taken away, to preserve Hollywood profits, and in the name of "security", we run further and further off the cliff.
Even Wylie Coyote has to look down eventually and see that it's time to fall to the canyon floor.
However, my point was that this would not matter if one had capabilities at hand to control what information your own machine sends out about you for these ad trackers to capture. What Washington and Hollywood are doing is passing laws together that prevent this.
There are situations where I am perfectly happy letting a company have information about me, on which it makes profits, but that I feel on balance is in my interests. (For example personalization algorithms in some services I feel provide me with added value). There are plenty of situations where I do not want this. When I have the option to disengage with services that track me in ways I don't want to, and thereby reduce my surveillable footprint I am fine with Silicon Valley doing its thing. When I don't have such options because Hollywood has lobbied to ban computers which don't identify their owner clearly to all in the foodchain, and by extension the government - and when I have no idea about the security of my own machine thereby undermining my own crypto choices, that's a fundamental undermining of my liberties.
Silicon Valley firms may deliver services to Hollywood and DC but ultimately both of those are more powerful in the decision making hierarchy than is the tech sector.
You're not talking about the internet, you're talking about Google, Apple, Facebook and Microsoft. The internet allows you to share your public key with your friend in person and from then on connect directly to their computer and communicate securely. People can tell who you're communicating with but not what you're saying, and if you use an anonymizing service they can't even tell who you're communicating with. Distributed is good for privacy.
The problem is the centralization. The fact that you get your email from the same company you do your web searching with and the same company that hosts your blog means that they have access to all that information about you. If it was all different companies -- or no companies at all, because you host your own email or blog from your house -- then that wouldn't happen.
We can slice and dice definitions as much as we like, but the fact remains that the usable, daily net is a panopticon.
2. Most of the alternatives are just web-based front-ends to IMAP. My feeling is that to make a 'true' OSS Gmail alternative would require an integrated solution (i.e. an 'email system' with SMTP, IMAP, Web interfaces).
3. I think that the 'state of the art' has languished because everyone has doubled-down on Gmail, and the (now defunct) free-tier of Google Apps for Domains.
You could easily just use another email provider that will take care of the "sewer of pain" while you use a web-based IMAP front-end (or develop your own).
Yes for brevity I skipped a couple of steps in my argument that I knew/assumed most folks on HN wouldn't need spelling out >> surveillance can be beaten by various forms of anonymizing technology >> such technology requires control of your technology environment, hardware & software >> big media companies such as the one printing the article (albeit one by a respected security researcher whose articles I read - via Google Reader - le sigh) are among those entities most aggressive in restricting access, by you and I, to control over our technology choices. [Updated to correct imprecise language]
So... the messenger - or at least the part I criticized, CNN - is not a neutral party in this story and as such it's perfectly legitimate to question their role and interests in the message.
Yet much of what we make (directly or indirectly) is what the surveillance state is built on. It relies on us to build it, make it work, and keep it running.
If we care at all about privacy, we should think carefully about the privacy impact of what we make, and try to make a positive difference (or at least do no harm).
Like Narus - we probably agree it's not in the world's interest to have companies or governments with such technologies. But offered money and a chance to work on such a system, I'd work on it in a heartbeat.
It's unlikely that there will be a shortage of qualified people or that the extra money required will make any impact. And you could always take such jobs, and donate to the EFF.
This is such a common argument, I'm sure it has a name.
You would. But that doesn't mean that everyone would.
I am appealing to those of us who value privacy and ethics above making a quick buck or getting to play with neat toys.
It's not like there's some huge shortage of interesting technology jobs in this second internet/startup bubble. And not all of these jobs are for companies that want to spy on their users. Many of us still have a choice.
Even if you are at a company which spies on its users, you could at least try to make some positive change from within, or at least avoid advocating for going down the road of ever more surveillance and spying.
Way too many developers, VCs, and founders either don't consider the privacy implications of what they're doing, or are only too happy to collect and sell data about their users to the highest bidder.
This mercenary mentality is not some unchangeable part of human nature, but is a learned attitude that can be countered and rejected.
> This mercenary mentality is not some unchangeable part of human nature
No, it's just basic game theory. The more people that refuse to sign up for these "unethical" things, the higher the reward for those that do. And those rewards are very small compared to the pressures involved.
So even if you succeed in convincing a ton of hackers to join your cause, you've done what? Raised the salary from $250K to $750K a year for the people that do defect? That's nice, but the actual effect on privacy is zero.
When you get enough people educated and caring enough about some issue do something about it, what you have is a social movement. Such social movements have a long history of bringing about significant changes, especially when they are well organized.
If there are enough HN users caring and doing something about privacy, there is no doubt in my mind that positive, significant change will come about. HN users might not be "magical", but they are pretty special in that most of them are very technologically savvy (especially compared to the typical internet user), with a deep knowledge and understanding of the very technologies which make the surveillance state so effective.
Knowledge is power, and we have to recognize that collectively we hold a lot of power in our hands. Our collaboration with the surveillance state or our opposition to it, our advocacy for and work to build privacy-respecting alternatives could be a major game changer.
Quite apart from the effectiveness of such opposition are the ethics behind it. Some of us believe that we should do what's right even when the odds of success are against us.
Yeah, so what if the incentives increase on the other side?
That's what hard work is made of. No one said this is easy. Far from it, it's hard.
And if its inevitable, so note that the success of the government to pass CISPA and its variants was considered by some to be inevitable.
And hackers have generally been at the forefront of keeping the net safe.
It's only after the government started going after them, and SV built a narrative of - interesting challenges-talent-fair,just but outsized rewards, that the equation shifted.
The guy who came up with game theory was mad + in real life people don't comply to it.
The guy who came up with game theory was mad + in real life people don't comply to it except economists and psycologists.
Concentrate on getting laws passed or technology made to stop or avoid the tools of "Big Brother" and educating the general public on what's going on with the internet and BigCorp/government. What I would like to see is a browser extension or app that makes PGP easy for the masses so they can encrypt emails, messages, etc. Open source of course. We don't need any secret backdoors.
But those people don't have to be us. Each of us has a choice to make: to cooperate with the construction and maintenance of the surveillance state or not.
Perhaps I am too much of an optimist, but I'd like to think that many of the most talented and capable of us want to make positive, constructive changes in the world. We don't want to be a part of making the world worse. Many of us are lucky enough to be in an industry where we actually have a choice in this respect.
If the most talented and capable of us deny the surveillance state our talent and capability, they'll have to make do with whatever ethically challenged people they can scrounge up. I'd like to think that they'll be the worse off for it, and the resulting surveillance state will not be nearly as powerful and effective as it would be were everyone to unhesitatingly and willingly participate in it or sell themselves to the highest bidder without thought of the consequences.
Of course, but that's bullshit, and they're being immoral. Evoking romantic images of providing for your beloved family is misplaced here. No programmer is left with the choice of either working for evil scumbags or starving.
Sure, but those things only need to be built once.
Most of us have the choice to deny the surveillance state our own talent. We can work at more privacy-respecting firms and on more privacy-respecting projects. We can try to educate people about privacy, and advocate for positive change. We can even actively work to counter the surveillance aparatus by building crypto, stego, mesh-network and other privacy and anonymity enhancing technologies. Most of us probably don't have the luxury of doing this latter as our day job, but certainly as a side project -- if we care enough and want to make a difference.
But the idea is to reduce the supply of willing workers for surveillance-state applications, and raising the cost of those who can be hired for the job, by making sure it's seen as a somewhat shameful job, rather than just another "regular" one. That at least incrementally slows things down and drains resources of the people building such systems. That would have a real effect, except in the case of an adversary who actually has infinite resources and can solve any staffing problem by just throwing more money at it, without compromising anything else.
Right. But you could find people easily or with great difficulty. Imagine a whole generation of "ethical" hackers who refuse to become pawns in the industrial military complex and/or surveillance sectors. Who will build the police state then?
My point is that "the system" depends heavily on the humans and the best way to fight the system is not to work for the system. Just don't join //them// and (A) you will sleep better at night and (B) you will be helping the world.
The argument "someone was going to do it if I don't" doesn't hold any water. Just stick to what you believe is right and don't worry about the others.
There is another benefit to standing up for what's right (especially if you do so loudly and proudly), and that is providing an inspiration to others and leading by example.
Can you elaborate or suggest some further reading on this? If someone possesses rare talent or technology, I can understand it. But that's hardly the case in what we're talking about.
I see approximately zero difference in the world if I write surveillance software or if someone else does. It will get done. Government and telecom companies aren't going to shrug and drop the issue. So why should I allow someone else to benefit from my refusing a contract?
I am honestly asking for the logical steps in arriving at your outcome.
To understand what others are saying here, you need to substitute some other ethical question that you do have strong feelings about.
Regarding your game-theory comments -- you're implicitly assuming that "winning" involves maximizing your income. For me, how I feel about myself is part of assessing any potential win or loss.
Fundamentally, you can't really answer ethical or moral questions using market or game-theoretic thinking, without considering how you feel about what you're doing as part of the win/loss metric. If you don't care about an issue, you don't care about it.
So, "how will my caring about this make a difference" isn't really the right question. Instead, ask "why should I care about this?"
But more than that, blaming a single low-level actor in a system seems kinda pointless. It's like hating an individual DEA agent instead of the idiotic system that creates the DEA. Shaming DEA agents will accomplish next to nothing; the effort would be better spent where it might make an impact (like on elected officials).
The number of hackers you need to implement surveillance (or land mines) is pretty low, and you can get people from the worldwide population. Not to mention there are going to be a fair number of patriots that believe what they're doing is good, anyways.
The only question is which individual will profit and how much from actually building it. In this hypothetical situation, I can't see any reason to let someone else (who may have values I don't like) get paid to build the technology.
Someone who is willing to do the unethical dirty jobs that take a toll on society, because they pay so well and because if he didn't take them, they'll just hire someone else to get it done?
Yes, the name for that is "mercenary".
Adjective: Motivated by private gain.
Noun: A mercenary is a person primarily concerned with making money at the expense of ethics, [most often used to refer to a soldier who fights for hire].
Interestingly, being "fun and intellectually challenging" doesn't really factor into pattern much, except as a justification certain people need to make the job seem more glamorous or honourable. But as it happens, even with that factor absent, if they don't take it, somebody else will, right? For the right price, of course. The difference between those prices is literally the monetary value of your honour. Most people won't set a price on that, but you're a mercenary now, so you already did. Funny thing is that difference isn't exactly traded on a free market, it could even be negative, however/whatever gets the job done for your employers.
You must be a terrible person to be willing to directly further evil in the name of money and "fun".
I would not keep company with anyone desiring to be involved in a project like that.
But creating something like Narus must require all sorts of interesting research and engineering. I wrote a packet analyzer for a single protocol and was just barely able to parse at 1Gbps speed, off a loopback device. Actually getting it deployed at much lower speeds was rather difficult.
Doing the same at 10Gbps, multiprotocol, actually doing neat stuff to the data? Unless their boxes have incredibly expensive hardware inside, they must have done some pretty neat hardware and software designs.
The way to fight this type of surveillance isn't convincing people to avoid working on such projects. That's hopelessly naive or incredibly optimistic. Change the rules of the game: Either make it illegal and enforce or spread proper privacy software like cryptography.
It's likely that designing land-mines involves many interesting technical problems. Regardless of whether there are still engineers who will work on land-mines, there's a social good to shaming them (assuming you think land-mines are bad).
If you don't have strong feelings about land-mines, or you don't think they're all that bad, then this argument won't make any sense to you.
People can choose to do or to not do things regardless of their effectiveness.
Do you realize that you're implicitly adopting an amoral viewpoint when you raise pragmatism above ethics or morality? That's a choice -- not a given. This is why you're getting the strong negative reaction, here. History is littered with examples of how this leads to bad outcomes and evil systems.
Why not simultaneously push for change in government, develop powerful and easy-to-use cryptographic tools, AND refuse to work on projects that are very likely to have a negative impact on society?
I don't deny what you're saying, that these projects will end up being built by someone (hopefully someone less qualified though, and at a higher cost to the contractee), but by the logic in your first post in the chain, anything could be justified morally as long as someone is paying you to do it. What's wrong with pulling the lever in the gas chamber? If you don't, the next guy will, right?
My guess is that the only durable way to increase digital privacy protections is through law. To achieve what you want, you would need to get Congress to pass a bill, or the Supreme Court to hand down a favorable decision, or maybe both.
The Riemann Hypothesis has not been proven; Congress cannot legislate its truth or lack thereof.
- cnn.com and turner.com
- facebook.net, facebook.com, and fbcdn.net
- twitter.com and twimg.com
- googlesyndication.com and google-analytics.com
...and yields an unending stream of pings to chartbeat.net just to let them know my tab is still open.
In a related benefit, sites load way faster for me and consume substantially less bandwidth, since I'm not constantly waiting and paying to download the malware that so many sites now feel the need to embed.
A decent ad blocker like AdBlock Plus will go some way to helping as well, though it's more of a side effect in that case.
There's also BetterPrivacy, which mostly deals with the non-cookie cookies like Flash LSOs.
Unfortunately, for reasons I can't fathom, even generally privacy-friendly browsers like Firefox still seem quite happy to send vast amounts of fingerprint-friendly information that serves almost no legitimate purpose to anyone who cares to listen. However, there are clearly people thinking about this, e.g., see https://wiki.mozilla.org/Fingerprinting.
My solution on Chrome is AdBlock, NoScript, turn off Flash, and turn off third-party cookies.
If you do not agree to send them data (config wizard first checkbox I think), is there still data sent to them?
Feelings are ok, but keep them for your friends and family. We need facts here, so please deliver.
For what it's worth, they have a clear statement in their legal docs about the data they send back (or the absence of such data, if you disable things like GhostRank).
Moreover, the source code is unobfuscated and can be viewed directly in your profile directory in Firefox if you want to audit it yourself.
I agree that any conflict of interest should be considered with care, but it would be hard for them to be significantly more transparent than they already are being.
Similarly much of the opt-out discussions as well as the ad choices icons are industry-driven.
I am no startup-millionair, so please do not expect money, but if we build a small team that delivers, we will find supporters, I am sure. Please contact me at bughunter at riseup dot net.
There are simple things, like changing the default settings for cookies, that do not require rebuild of course, and more involved things like making the browsers emit less information (panopticlick) on every request.
It is obvious, that it might break some things, which should then be possible to change by the user. E.g. not sending out installed fonts and screensize and tons of other info about your system might break some websites - webmasters should learn to ask friendly for that data, not expecting it.
This is not about engineering a new browser, but about privacy aware defaults for software distribution.
The biggest success of such a project would be that browser distributors will change their default distribution to maximum privacy. Obviously some of them will never do it - what will be a good thing as people will better learn about the differences.
Another big success would be that users will learn about their natural right to be asked before a browser sends out any information that is not absolutely needed to view a webpage.
I know that this is only a small piece in the puzzle, but browsers are still not privacy aware by default atm. it would be interesting to see what happens next.
Firefox certainly is one of the top targets for such a project, as Mozilla browser defaults are not acceptable for a project that wants to teach you about your online rights on first browser start. Transforming Firefox into a browser that actually delivers what Mozilla promises, will give a good discussion point for changing their distribution policy.
There is, btw., a similar project for chrome, Iron - but the panopticlick results for iron are still not perfect - minimizin the emitted information to only the neccessary bits is still ahead also for this browser.
Please note: a discussion about "destroying jobs in the ad industry" or "destroying the internet at all" is absurd in this context. If advertisers want to collect data, they must ask me to agree. It is good for the internet future, if only business models survive, that people agree to support.
chaff noise `advert sense'...
If not too much bandwidth, ... resources,
just shooting off the cuff here,
take the extent cookies, or a recent collective hosted history, net-wide or on your device, a background bot follows/generates false click bread-crumbs to foul their net-wide pattern/action?
falsify by padding certain advert eyeball counts to skew their billing?
Check out Collusion, others? -a firefox add-on listing who follows you.
We are always under surveillance - my neighbours know I stay up late watching crap tv, the bookshop assistant knows I browse the comics section but don't buy, and a hundred people each day see me do weird or normal things.
I am not oppressed when they do that. Embarrassed maybe, but not dragged of for "re-education".
As long as no-one uses the surveillance to force political outcomes from me or any individual, then this is pollution, not dictatorship.
Yes we need radical privacy laws - but not ones trying to put the genie back in the lamp. There are amazing benefits from technology - the sharing of knowledge seamlessly across 7bn people is going to ,produce wonders we cannot guess.
But we must embrace this new world - a world without secrecy. For privacy is not secrecy - it is politeness of our neighbours.
The problem is not my neighbours who know, it is companies across the world who now know. Their knowledge and actions are kept secret from me - and that must be prevented. Sunlight is the best disinfectant applies to targeted ads as much as corrupt politics.
Firstly any organisation that holds informant that can be used to identify and track people must publish the identifications they hold in real time. Expect a cottage industry of telling me about everything about me. Oh and those cottage industries must publish as well. So not a profitable cottage industry.
Seen me walk out the door of mcdonalds after paying with my Loyalty card - great mail me the link so I can see.
Secondly a legal framework that makes commercial profit from my identity only allowed if I consent and preferably if I get a cut. Want to sell me ads - great pay me. Oh suddenly finding ads less profitable? Want to sell me a coffee after that burger - you could use the freely published info mcdonalds has to fling my phone a coupon - but that's my information. I charge a flat 2c for every commercial use of my info - I get 2c even if I don't want coffee.
Thirdly, get used to the idea your wife instantly knows you are sleeping with the secretary.
The same scenario applies to third-party data sales. A company pays you to serve a tiny JS tracking snippet on your site, and because they have many such sites they can resolve the traffic back to real names, but you as a webmaster cannot. You've just sold data about a person you can't identify.
If they subscribe to one of those services that has a pixel sized session on every page, aggregating all my details - then they have identifiable information, publish and pay up
For example Googles flu trends - http://www.google.org/flutrends/ - already helps us plan and use our resources efficiently when it comes to responding to mass illness. As we plot a course to 9 billion people on the planet being able to detect trends like this will be essential.
On a more personal level, it's also telling us we're all human and all make similar mistakes. It's also telling us a lot about what being human actually means. This has the potential to move us past taboos and stigmas and address deeper questions about how to make ourselves smarter, better, happier. Here an example would be porn - the funny tale of a scientist who tried and failed to find a male control group that didn't watch porn - http://arstechnica.com/science/2009/12/weird-science-fails-t... . Now we've learned we're all watching porn we can move on from questions of right and wrong and begin dealing with questions like is it making use happier, how do we deal with addiction, why does it make some of us addicted and so on.
So plus one to more sunshine. Lets use that data to learn about ourselves
And that's one way science can fail of course :-)
Internet data is not that way. It potentially lasts forever. A fear I've heard expressed is that in the future, totalitarianism will arrive, and past data will be used against people.
In the end how the hell will you use data against people if you do not already do all the dictator necessary things anyway - torture, secrecy, disappearances. These are the things to fight, not the data storage but the people torture.
March to stop privatisation of the army, to stop torture in our names, to stop child labour. Fix those, then we have nothing to fear about our Facebook shopping trends.
Edit: some might comment that eg their sexual preferences might be discoverable on Facebook and that would be a breach of their rights to privacy. Firstly we change privacy - it has always been politeness not to mention what all your friends knew. The fact that anyone interested can now piece it together does not change that.
Second - the use of that data "against" you only matters if it matters outside of politeness. Alan Turing could not today be prosecuted for being gay, could not be chemically castrated nor driven to suicide. Because the legal system has been changed - so that the only thing that matters if people find out you are gay is politeness. Live in a free society - have to learn to deal with impoliteness. Don't live in a free society - deal with that not the Internet. We know how to defeat dictators, and the iPhone won't fix it for free.
Drone strikes too. Let's not forget that one.
Or in short, that argument could have been made about fire, bronze, iron, steel, writing, printing cameras etc
My employer has been running at least one website for almost 15 years. We've been collecting server logs that entire time. Where are they now? With the exception of logs from the last year, I could not tell you. They were all discarded or lost.
On a larger scale, look at the problem of link rot. We can't even keep track of the public information we have.
The Rosetta Stone (the real one) survived thousands of years of neglect to teach us about our past. What digital assets will survive that long? How many digital assets from 20 years ago are still findable, recoverable, readable, searchable?
When I have fears of losing data, I have to ask myself: is that data really important to begin with? Or is it junk, digital detritus? I've simplified by selling, giving away or throwing out a lot of my physical possessions, and it feels great to do so. Recently I'm beginning to feel the same way about digital possessions. It is better to reduce.
Unless you have some specific business case for extrapolating from your over-a-year-old logs, what do you need them for? Do you just want them because you could make a neat graph or something? Why not let it go?
Your possessions start to own you. Extra data that could get you or other people in trouble, can similarly be a liability.
The rich and powerful can always buy themselves privacy and security. The rest of us won't have that luxury in such a "transparent society".
So mostly it's going to be social structures and conventions affected.
But none of this data is kept around forever, centralized, searchable and subpoena-able.
Sure, in a sense, we've always been smearing our private data everywhere. But what you describe is tiny pieces of data distributed over many human agents with imperfect memories, especially with respect to the irrelevant details on the actions of the many people they encounter every day.
This article is talking about databases, the largest of them owned by a handful of gigantic corporations. And even the smaller ones are just as easily accessible to the state. Hence, surveillance state.
It doesn't matter that it's too much data, either. Storage is cheap, it'll just stay there waiting until someone needs to query it. And analysis and machine-learning algorithms are only getting better, to make these queries increasingly more specific, accurate and informative.
Of course, surveillance can be built into those types of systems as well, but I think that the right engineering approach building in features like encryption and anonymity, especially combined if possible with mesh networks, could be a big advantage for privacy.
Also see http://www.reddit.com/r/darknetplan
What is the way out though? Nobody cares about privacy. Nobody.
Google used to be happy divining long clicks from access logs. Then, they said "screw privacy!" and started explicitly tracking every outbound search click (I'm ignoring all your email, calendars, contacts, and phone data they have).
Twitter used to be happy being just messages, then they click-nabb'ed every link. At least the interaction model on twitter is mostly benign.
Facebook does mephistopheles-knows-what with everything they have. It can't be good. They're in an unspoken competition with Google for who can get users to voluntarily exploit themselves over the widest personality surface area.
Then there's the hundreds of spy-tracking JS, ad networks (Hi, Google/DoubleClick!), ad markets (Hi, AppNexus!), mobile networks logging every URL you visit (Hi, Verizon!) and everything else tracking almost your every move across the Internet.
Why don't we just make it illegal to have a webpage without embedding https://js.gov/tracker.js and give the information to everybody in realtime?
I couldn't help but laugh when I read that.
But I do think the power elite are driven by excessive compulsions, and I worry if we eliminate the ones with relatively normal/outside compulsions we will be left with the Machiavellian freaks running everything.
Have you ever asked yourself why you can't remove the batteries of your Iphone? Ow Yes, design is everyting.
Demand privacy, respect privacy, develop privacy and pay for those that offer it to you.
"If you are not paying for a service you are the product being sold" and no, google and facebook were never your friends.
Time to wake up!
I've clashed many times with folks here on HN who are super-pro-government liberals. They take every opportunity to point out how government has built everything of value to us and how government has wisely invested in infrastructure and other projects that make our lives possible. The implication, of course, is that we should be pro-government, pay more taxes and be thankful we are allowed to flourish under such a system.
One of their favorite things to say is "government created the Internet".
Fantastic! Let's take the good with the bad. If government is going to be credited with the good then we credit them with the bad as well. They created such a shitty system that we are all under surveillance, like it or not.
Not so you say? Well, this kind of thing was nearly impossible before our government created the Internet. They must have had ulterior motives and knew it could be used for this.
Why didn't they protect us with regulations BEFORE the Facebook's and Google's of the 'net were even up and running? They knew what they were creating.
Anyhow. I am not much of a comedian but there's a joke in there somewhere. The point is that government is an ass. They fuck-up nearly everything they do.
This "internet == surveillance state" thing is very real and it is something governments (PLURAL) are benefiting from immensely. Never before in the history of humanity has it been possible to spy on individual human beings with this degree of granularity. And it won't get any better for probably another five to ten years, if ever.
Since we're talking about the surveillance state, we shouldn't be leaving the super-pro-government conservatives out of this. In the US (where these lib/con terms seem to matter most), both major parties love the surveillance state, and this is tied in heavily with the warfare state that both parties love as well.
I'm not very optimistic that the situation is going to improve. Privacy is increasingly something of yesterday, not today, and certainly not of the future. Those who will enjoy some degree of privacy will be the ones who know how to achieve it, and many aren't going to bother, just as they don't today (people are lining up to give it away, in fact).
>The point is that government is an ass. They fuck-up nearly everything they do.
No disagreement here, though I'd suggest that the only things at which government seems to excel are areas where no one should want to excel. I'm thinking primarily of war, excessive policing, and weird, arbitrary laws.
You are absolutely correct.
> the only things at which government seems to excel are areas where no one should want to excel. I'm thinking primarily of war, excessive policing, and weird, arbitrary laws.
That is probably true as well. It's sad to think that we will all live to see more wars.
I don't believe it was a conspiracy from the start, but it was serendipitous for governments that the internet is so leaky security-wise. It would be wise to establish privacy boundaries that governments and companies cannot cross by international law, but it would be even wiser if our technology could become inherently secure.
"...Well, this kind of thing was nearly impossible before our government created the Internet..."
really does betray a fundamental misunderstanding of the technologies that were around before the internet. The government really has had this power for quite a while. In fact, the only difference now... is that people give the government pictures of themselves to match faces to the phone conversations. And, of course, continuous position data... as opposed to the sort of discrete position data you could get in the 70's and 80's.
My fiance receives tampon ads during the appropriate time of the month on Facebook.
- disconnect blocked Facebook, Linkedin, and Twitter
- ghostery blocked more than 20 scripts from 10 different classes of trackers (e.g. there are 5 different references to DoubleClick resources)
Other than the occasional embarrassing thing (like googling a dance song) I really can't think of anything I have to hide.
Even so, I would pay a subscription fee to keep all of my internet communications completely private. I don't like being profiled, and it feels like an infringement on my freedom. I would even pay enough of a fee that the company I pay it too could in turn pay lobbyists to help protect their interests or headquarter in another country etc.
And the worse it gets, the more I'm willing to pay.
I'm sure I'm a minority right now, but I think our numbers are growing.
People's personal information is not being stolen from them, it is given away; and not even for free -- more than 70% of the US population  pays an ISP a monthly fee in order to connect to Facebook's servers and upload their data. That is how the Internet works -- it is not Facebook sending the SYN packets.
In general society (outside of our tiny bubble), not having a Facebook account is considered strange. It is even seen as grounds for suspicion of criminal activity. 
Everyone says they want to eat right, exercise and be healthy, but more than a third of them are obese.  The surveillance state is not happening despite us, it is precisely what the majority of people want, even as they deny it. If you wish to change this unfortunate fact, change the culture.
So he forgot to route IRC through Tor. Luckily there are a couple live distros that do it automatically, like tails. There are also VPN that accept payment in bitcoin, so anonymity is still preserved.
This doesn't matter in the scope of the article though, since obviously we are talking about people who are not going to any precautions to hide their privacy.
Yes the internet is a surveillance state ... and that is terrible ... except ... except ... is it?
My long held belief is that in an age where even the most tech-savvy cannot possibly remain anonymous all the time our best hope for privacy is in the simply overwhelming volume of data being collected. Unless I do something worthy of government attention I have reason to believe no human is going to closely examine my gmail - why on earth would they?
Therefore the only breach of privacy is by a parser collecting information for an algorithm. So I get a few ads in gmail ... 90% of the time I ignore them ... the other 10% of the time I would MUCH rather they were targeted at my interests than just meaningless drivel! Furthermore - if the ad revenue collected by these companies allows them to continue to improve a free service I love then power to them! People bitch about ads, without considering the reality that without them most of the service we value which make up the internet would not exist without them. You can't always have your cake and eat it.
Lastly I would like to address the point of privacy invasion by a government body. This is nothing new! It has just become easier. I live in the UK - a tiny island with 4,000,000 CCTV cameras. There is probably an accumulation of hundreds of hours of footage of me throughout my life... So What ?! I have done nothing wrong, and if the existence of that footage allows the prevention or solving of even one crime then I'm all for it.
If a government body wants your data - the chances are they are going to get it. Through warrant or some other means. The acceleration of this process is not necessarily a bad thing. They are, after all, the elected officials.
Anyway /rant (... runs and hides)
The dangers for the government are when it uses its powers to stay elected (Nixon), or spy on activists (Nixon, Bush), or pilfer the IP of other countries (Airbus). And of course these dangers also apply to commercial enterprises - if I were a MS competitor, I sure as heck wouldn't allow Skype in the office.
He admits that governments are partaking in the frenzy at least as much as are companies, but doesn't explain why it would be easier to get a government to change, than to change a company, or start a new one.
Governments are able to reach more definitive consensus than free markets - a market would be not easily be able to make everyone use an anonymizing proxy, for example, but a government could legislate that. Governments can also move costs around, such as by funding a national proxy service with tax money.
But on one level, free markets and democratic governments are both just methods that societies use to enforce their collective wills. There are limits to how much their decisions can differ. There's a reason Schneier calls a situation created by Internet companies a surveillance state.
When we talk about government, the only way to opt-out is to physically leave and then that can only take you so far.. because even then, you might fall under other countries' jurisdictions no matter where you live. :(
However the problem is that the platform which are becoming more popular for convenience reasons such as ChromeOS or iOS do not necessarily make this stuff easy or even possible.
I would be much happier to recommend these systems to people if they did not lose this control.
If people cared about their privacy, this wouldn't be the case, they'd be willing to pay for useful services. There was a chance that a market could have developed for services that protected privacy, but thats long gone.
At this point kids growing up are used to the idea of a world withoit secrets. Its terrifying to people over 30, but it could lead to a better world, because even those in power cannot escape the watchful eye of Big Brother.
People generally do not know how their computers work, and companies take advantage of that ignorance when they track people. Most people do not understand that they are trading privacy for access to websites and web apps.
"At this point kids growing up are used to the idea of a world [without] secrets"
Nonsense. Kids just have a different idea about what should be kept secret. There are still plenty of in-the-closet gay teenagers whose friends understand that they are being trusted with a secret. Plenty of kids have odd habits they do not want to tell their friends about. Teenagers still keep secrets from their parents -- that is basically an invariant. There are many college students who work hard to keep their Facebook profiles "clean" in an attempt to present the best image possible to potential future employers.
What has changed is the meaning of keeping things secret. A 15 year old in-the-closet gay teenager most likely has no idea that "deleting" a "private" message sent over Facebook does not actually delete the message from Facebook's servers. That same teenager probably has no idea that his public "friends" list is sufficient to determine that he is gay with high probability. That is the problem society faces right now: people want to keep things secret, but it is very difficult to actually do so.
I think that eventually society will adapt and people will learn how to keep secrets in an age of widespread surveillance. It is inevitable: eventually there will be so many incidents of embarrassing secrets being revealed by these various companies that people will start to use technologies to hamper the tracking.
Watch this video of a bunch of people who don't know what a browser is. That's most people. Do you think they understand how internet tracking works? Hardly. You and I, as techies, can perhaps make an informed decision, but most people can't and if you step outside the bubble you'll see that.
It's never okay to blame the users for hidden privacy consequences.
However you feel about such surveillance, it legal scope and extent is being democratically debated now.
You can contact your Representative using this site: http://www.house.gov/representatives/find/
Speak your mind to your Rep. It's how Representative Democracy works.
He assumes that people care and are willing to change technology but can't for some reason. In my experience, people don't care.
I'm not following. How does one use alias on Facebook?
Also, not sure if you noticed but Facebook messaging provides a "return receipt" feature by default. So you know if and when your message (email) is picked up. Try doing that with the free email accounts like gmail, hotmail etc.
I'm in the fortunate situation where people in my social circle still prefer phone and email to facebook and twitter :)
"announcements like wedding, birth etc"
I don't know about your social circles, but in mine those announcements demand in-person discussion or phone calls. Even email feel crass for announcing a birth.
"Also, not sure if you noticed but Facebook messaging provides a "return receipt" feature"
I've never used facebook messaging heh.
* su (abuse)
* any others you want; get ideas from the MVPS hosts file
Or hell, just create a list of prefixes announced & owned by AS32934, Facebook, and block all. Just to be sure.
127.0.0.1 creative.ak.fbcdn.net #[textads]
I also use an alias email address. Together you can use FB apps without spreading too much easy data around.
The original opinion piece of this thread notwithstanding, but for the majority of the Internet users, the issue is not if and why the state is tracking you (because people at the large scale are not criminals trying to hide from the state), but the issue is whether we should give up liberties in order for the corporations to serve us effective advertisements. The old fashioned TV box was effective only because it had no competitor. The same is not the case on the Internet.
PS: the only reason Facebook requires real name (or the reason it has built its social network as a walled-garden) so each person stays unique and does not infiltrate or corrupt the data by signing up multiple times via pseudo-identities. Again, look at it from the advertising perspective. Do we think advertising works effectively if one person shows up as multiple? It doesn't.
It's a shame that these social networks that were intended to enable friend and family (biz in LE case) have devolved into open public access to your personal interactions. As they further infringe on the original use cases more people will leave them for alternative solutions.
More probably, he doesn't realize just how much he's spied on or by whom. Nor does he realize how the information these spies gather on him could be or is being used to his detriment.
He also probably doesn't know about any privacy-respecting alternatives, or if he does, he finds them too much of a pain to use, or doesn't want to sacrifice his Facebook friends or his nifty smartphone.
Fortunately, the masses are slowly becoming educated, more computer literate, and more privacy/security aware overall. It is heartening to see stories about online privacy on mainstream news sites like CNN. Being a victim of identity theft, stalking, or harrassment can also be an unfortunate but powerful wake up call to the need for privacy.
It's a slow process, but the more people become aware of their vulnerability and victimization by the surveillance state, the more they will try to seek alternatives and call for positive change. I just hope by then it won't be too late.
I hope you're right. If something doesn't change for the masses, alternatives will never really gain traction.
The throughput, latency, computing power and memory wasn't sufficient to do what we can do today a short 5-10 years ago. The hardware has advanced so much over the past decade that it is attainable at the consumer/non-sovereign level now. Anyone with a thousand bucks free monthly cash flow and the coding chops can get very far independently.
* aosnotifyd: aosnotify.me.com
* AppleIDAuthAgent: identity.apple.com
* apsd: push.apple.com
* assistand: apple.com
* helpd: apple.com
* imagent: apple.com
* IMRemoteURLConnectionAgent.xpc: apple.com
* ntpd: time.euro.apple.com
* SoftwareUpdateAgent: sw.apple.com
* SyncServer: configuration.apple.com
* ubd: configuration.apple.com
* XProtectUpdater: configuration.apple.com
The mac is able to change your timezone depending on your location. I don't think it would be too hard for Apple to build a precise profile of my location and movements if they wanted to.