Hacker News new | comments | show | ask | jobs | submit login
Privacy is not dead (medium.com)
77 points by Nikolas0 1569 days ago | hide | past | web | favorite | 66 comments



I find it a little absurd that this even needs to be said. As long as we're still humans, we'll always want private communications. Always. Even if US and all of the world's "democracies" turn into totalitarian surveillance states, we'll still want to have private communications with each other, and we'll find ways to do it - especially if in such a world the governments have no shame nor limitation in abusing that power (which you can bet will happen, and is already happening. We're just now finding out about some of them).


For most of history, the way people communicated in private was to invite someone into their home and talk to them. That way still exists. All of the means of communication that were private in 1789 still are.

What you're asking for is to go another step: to be able to spew unencrypted bits all over the internet for any of hundreds of sysadmins and network engineers to see, then turn around and claim its private. You want to broadcast your location in real time to Google and ATT, who sells it to advertisers, then claim its private.

Maybe you should be able to do that. But its disingenuous to claim that what you're asking for is basic human private communication. What you're asking for is for the government to treat the internet as something other than what it is: a public network designed with almost no thought to keeping information private. At the most basic level, being a routed network with no built in encryption IP leaks your data out to every intermediate router on the way to the destination. SMTP passes your clear text email through multiple servers on the way to someone's inbox. Its a vast system designed with no thought to leaking your private data out into the world.

Maybe its because nobody teaches low level networking in school anymore, but I'm amazed at how many technologists indulge what is a technical fiction: that the two ends of a socket are connected by a private link.


For most of history, the way people communicated in private was to invite someone into their home and talk to them. That way still exists.

For most of history, the way people communicated at all was to speak to someone face to face. Luckily for us, modern technology provides other options. Surely you're not seriously suggesting that the principle of privacy and the arguments for why it is a good thing do not apply in any new context?

What you're asking for is to go another step: to be able to spew unencrypted bits all over the internet for any of hundreds of sysadmins and network engineers to see, then turn around and claim its private.

I don't see anyone here claiming that. It seems to me more often in this general debate people are asking for rather more reasonable things, like:

1. If you send data you intend to be private over the Internet, for example by encrypting it and sending it to a specific recipient, you shouldn't have to worry about crackers, communication services, or governments that don't have a good reason expending significant resources to infringe your privacy anyway.

2. If you choose to share some personal information with a modern service like Facebook, and choose to use the provided options to restrict who else gets to see it, you shouldn't log onto Facebook one day and find it's all been shared with other people anyway.

3. If you do want to visit someone to communicate in person the old-fashioned way, you shouldn't have to forfeit all of your normal rights and be subject to arbitrary invasions of your person and possessions just to travel.

None of these things matter if you live in a quiet countryside village and the only people you ever want to communicate with privately are your neighbours, but for most people in the western world, these activities are a normal part of modern life, and it is not unreasonable to expect governments and laws to protect everyone's privacy while they do them.


> Surely you're not seriously suggesting that the principle of privacy and the arguments for why it is a good thing do not apply in any new context?

No, I'm not suggesting that. What I'm suggesting is that you have to be honest about the argument you're making: we should take some of the principles that applied in the old context and apply it in the new context, based on sociological evidence about the parallels.

> I don't see anyone here claiming that.

But that's what it boils down to. You want to take something that is not, as a matter of fact, private, and have the government treat it as being private. You're begging the question, which is: can you reasonably expect internet communication to be private? At the purely technical level, there are good reasons for answering that question in the negative: how can you reasonably expect communication to be private when you expose it to so many people over a network that's totally not designed to keep it private? Surely mere intention can't be controlling.

When you send an e-mail in plain text over the internet, more people have access to the contents of that message than if you had posted it in a bulletin board in your office. That's the technical reality of how the internet works as a routed system.

Maybe it's the case that you want to accept that technical reality, but for sociological reasons nonetheless indulge the fiction that internet communication is indeed private. That's a perfectly fine argument to make. But you have to acknowledge that this is the argument you're making, not get outraged that the government doesn't take that premise for granted and doesn't automatically indulge that fiction.


I think we're talking at cross purposes here.

You keep coming back to the idea of sending unencrypted data over the general Internet. Of course it's not realistic to secure that.

I am more concerned with privacy violations where people do make reasonable efforts to keep their data/communications private, for example using encryption, but where those methods are then thwarted through abnormal means: untrustworthy infrastructure providers who give up root certificates, organisations with data centres the size of a small town having both access to vast quantities of data and the power to brute-force the decryption, government agencies holding you at an airport for hours under anti-terrorism laws and demanding all your passwords or very unpleasant things that would be illegal under normal conditions will be done to you, that kind of thing. (The last example is not intended to be a political statement, just an obvious topical example of how powerful organisations can circumvent otherwise competent encryption and thus breach otherwise private communications.)

[Edited to add:] The other big issue, IMHO, is whether people using services might think them to be reasonably private when in fact they are not. There's not much value in debating points like the ones I made above if the reality is that when Joe sends Jane an e-mail he erroneously believes it is already reasonably secure and private. This is, of course, primarily an issue of education and in particular of "honesty in advertising", rather than a technical failure, but it's still a big part of the problem today: why would people look for better solutions to a problem they don't realise exists?


>That way still exists. All of the means of communication that were private in 1789 still are.

If you ignore cell phones and cars that constantly broadcast their positions, surveillance cameras everywhere, and that there are no sidewalks and no commons anymore, so where would you meet these people and how would you meet with them without the information being observed and stored?

The only possible goal of a system intended to flawlessly prevent 'terrorist' conspiracy is to create a system that flawlessly prevents unrecorded association and communication. The Stasi managed it with technology that was available in 1789.

This has nothing to do with computers, other than the terrible fact that they make doing this a lot cheaper.


Wanting something and expecting it from public companies like the phone company and Microsoft are different things, however. I think almost anyone on the street knows about phone taps from TV and movies for example, so there's almost no one who thinks your phone can't be tapped. I don't really follow this writer's claim that all the stuff built on top and later somehow magically becomes private. Nor that there will be mass consumer adoption of some solution that avoids possible tapping at the cost of other things, such as network size and price. If you went door to door asking people to pay twice their phone bill for an untappable phone, how many do you think would say yes? I think not many. The writer claims many.


Absolutely. I think privacy is even fundamental to relationships. Imagine if every conversation with a loved one had to be carried out on a stage with a microphone. It would destroy the relationship because there would be no intimacy.

Privacy means, in part, freedom to be yourself.


> When I sign up for an email account I expect my emails to be private, between me and the people I exchange them.

That's foolish. Ever since it was introduced people knew that email was not private. You should expect that everything you put anywhere is going to be read by spies. That's why spies exist; to gather information.

You use that as part of your risk assessment.

"Will I be sentenced to death or torture if this document is discovered?"

"Will I go to jail if this document is discovered?"

"Will my company lose business if this document is discovered?"

"Will I be embarrassed if my terrible teen-angst poetry is found?"

Then you decide how much effort you're going to use to hide the information, or the source of the information, or both.

While it's right that governments shouldn't be wasting money slurping the data of everyone it's unlikely to be an argument that the public will win any time. And even when there are laws "They" will find a lawyer to tell them that what they're doing is legal, and no-one ever gets to take them through court to show that it isn't. Oversight fails. You should assume a well-funded government is reading everything[1] all the time. I suspect that makes more of a difference if you're in $Oppressive_Regime than in the US or UK.

And if people really did care why would they dump so much stuff onto Facebook?

[1] see the mistakes that people make with creating encryption products, and using those products, it's probably a good idea to assume you've made a mistake and this government can read everything even if you encrypt it.


> "You should expect that everything you put anywhere is going to be read by spies."

I assume this is hyperbole, but even if it is, the whole point is that we shouldn't have to live in a world where this assumption is anywhere close to valid. The spies, after all, are paid for by taxpayer dollars.

> "You should assume a well-funded government is reading everything[1] all the time. I suspect that makes more of a difference if you're in $Oppressive_Regime than in the US or UK."

The latter sentence might be reassuring today, but since both countries are building the infrastructure of a surveillance state today, who's to say that years from now living in the US or the UK will be any different than living in Myanmar or Saudi Arabia? Better to prevent the infrastructure from being built in the first place than to trust that it will be used responsibly by a government which fundamentally has no incentive to do so.

> "And if people really did care why would they dump so much stuff onto Facebook?"

Maybe they just don't understand how their shared info can be used against them by governments, advertisers, etc? People were up in arms when some employers started demanding passwords to their FB accounts. That indicates that people understand on some level that their FB data can be used against them.


You knew, and technologists knew. I'm not sure how many "ordinary" people knew how email worked.

The closest analogy in the physical world is a letter. We have an expectation that won't be opened. Unless educated otherwise, a lot of people transfer that expectation directly.

Cf. mark zuckerberg's early amazement that people would enter all kinds of information into facebook


A better comparison would be a postcard. And in fact, many years ago I was advised just that: treat email as being as private as a postcard. Most likely, nobody besides the intended recipient will bother to read it, but a number of people could read it.

For as much as folks half my age are purported to understand technology, I think we may have received better general instruction in using the internet in years gone by... or maybe we were just more wary of it, knowing that we didn't understand all of the implications.


This is a good point. When e-mail was a new option, I assume there were articles discussing how it worked.

Now, people treat e-mail as a default. Most people my age and younger (28) never bother to inquire how it works. They just sign up.

Younger people may be fluent in the use of technology, but understanding is a much rarer beast.


> The closest analogy in the physical world is a letter. We have an expectation that won't be opened. Unless educated otherwise, a lot of people transfer that expectation directly.

The closest analogy is a postcard, and that's the analogy that is often used.

> We have an expectation that won't be opened.

But you don't send cash through the mail, because you know that even though there are strict laws in place people do steal cash from mail. We expect that valuable stuff is vulnerable. We send it by courier, with insurance, with tamper-evident seals. Or we put it in a locked case and give it to an employee to take. Or we put it in a diplomatic bag.

People just don't think their letter to Auntie Flo is as valuable as a $10 bill. It's a shame they need to start protecting all their information, but they can't really say they weren't warned.


> "The closest analogy is a postcard, and that's the analogy that is often used."

Yes, the closest analogy is a post card. No, I do not believe it was the one used most often. Perhaps now it is, but not in the early days. Sending letters is the most common analogy I've come across and every icon, graphic, etc related to email has reinforced that view (it's even called mail). It's reasonable to assume that non-tech people using email today have based their assumption on a false analogy.

> "People just don't think their letter to Auntie Flo is as valuable as a $10 bill."

Following on from my point above, people have a reasonable expectation that their mail isn't being opened and scanned by default. That's why it's ok to send letter to Auntie Flo complaining about your boss etc. No-one is making value judgements the way you describe every time they hit 'send'.

"Whoever takes any letter, postal card, or package out of any post office or any authorized depository for mail matter, or from any letter or mail carrier, or which has been in any post office or authorized depository, or in the custody of any letter or mail carrier, before it has been delivered to the person to whom it was directed, with design to obstruct the correspondence, or to pry into the business or secrets of another, or opens, secretes, embezzles, or destroys the same, shall be fined under this title or imprisoned not more than five years, or both." [1]

[1] http://www.gpo.gov/fdsys/pkg/USCODE-2011-title18/html/USCODE...

> "... but they can't really say they weren't warned."

When were they warned and how? By all those people from the past? Weren't those folks lumped in the same category as alien abductees and conspiracy theorists?


> "You should expect that everything you put anywhere is going to be read by spies. That's why spies exist; to gather information"

That's ridiculous. It seems like you're condoning mass-surveillance by saying "It's their job". Doesn't the government get to tell them what their job is and don't we get to tell our government what we think?


You make two assumptions: 1. all spies work for a government 2. government employees follow all the rules and guidelines. that is, they follow the law themselves.


I don't see him condoning mass surveillance. I see him condoning being aware that mass surveillance is happening.


Ever since it was introduced people knew that email was not private

Why is it called "mail"? Why use passwords? Both connotate very specific degrees of privacy. Social signals and technical hackability are not per-se comparable benchmarks for 'privacy expectations'.


I knew it was sent plaintext across a bunch of networks, some of which I directly paid to carry my traffic.

I did not expect that every single one was slurped and stored by my own government, particularly in cases where it doesn't even cross any national boundaries.


Not even when Duncan Campbell told you about ECHELON in 199?

I'm still struggling to understand why GHCQ having a 3 day cache is so much worse than all the other privacy violating stuff that goes on. (I am annoyed by the failure of oversight; by the weird wriggling around laws; and if anything I'm more annoyed that they have all this information and don't appear to be using it to lock up criminals.)

But I'm not that* worried about GCHQ. I wouldn't be able to afford the steel blast door if I was worried about a well funded government agency getting my stuff, and I know that merely saying "it's illegal" isn't a strong protection against bad actors.

I'm a lot more worried about my local council. GCHQ hasn't done anything to me. (And is unlikely to, unless I marry a journalist working with government secrets.) But my local council will invade my privacy - they used to sell CCTV camera footage to tv shows; they spy on homes to assess school entry or parking permit validity; they do a bunch of unsavoury stuff.

I'm worried about the records my doctor holds, because there are risks of people losing memory sticks or giving information out to other people over the phone or not destroying hard drives correctly, or of staff gossiping (or being corrupted with bribes).

I'm worried about the data my phone company holds, because people do misuse access. (http://www.independent.co.uk/news/revealed-how-to-hack-into-...)

> In an astonishing breach of security BT Cellnet has handed out, over the telephone, a confidential pin number allowing the recipient to listen in to the confidential messages of any of the five million customers on their network.

> The Independent on Sunday has that pin number and yesterday was able to hack into the message systems of 15 people. Their permission was obtained in advance.


I'm worried about all that stuff too, particularly the unified database they were talking about under ID cards, with hundreds of thousands of busybodies having access.

I'm just saying that while I knew it was trivially easy to read email just by sniffing the wire, while I knew that they could do this and probably were, that doesn't mean that I expect that sort of behaviour from a democratic government or that that expectation amounts to a sort of implicit permission to treat the data as public.

For a counterpoint - email from government departments comes with footer text claiming it private and confidential!

I think we are probably using expect in slightly different, nuanced ways. I may expect that they do it (in the sense I think it's likely) because I'm a realist and also a cynic. But in other ways I don't expect it (in the sense I don't think it's reasonable behaviour).


A large percentage of email is never sent in plaintext. Few senders use external relays, and the overwhelming majority of mail is sent directly from sender MTA to recipient MTA. Most recipient MTAs support and encourage TLS.

Of course this is a "probably" type of thing, but just worth noting. Assume it's plaintext, but it probably isn't.


> "Will I be sentenced to death or torture if this document is discovered?"

The fact that one now has to ask themselves this question is disturbing. Torture is now a part of the american thinking.


Some people in some countries have always had to ask themselves this question.

Typewriters were licenced equipment in some places; "They" would take a sample of type so they could link documents back to the licence holder.

Luckily, for the vast majority of people and the vast majority of documents the answer to "will I be killed or tortured if this document is discovered" is "no", even in the US.


Oh. My. God. HN's comments quality is at an all-time low. Can't understand how many people miss (or ignore deliberately) the point and pedantically focus on semantics trying to prove a silly counter-point which doesn't add in the conversation.


Look at yourself.


Better to martyr than ignore the elephant, no?


Be a better community member and you will get down-vote rights.


Thanks for the tip. I had no idea that downvote rights even existed.


How does that work, exactly?


If you have sufficient karma (500, last I knew) you can downvote comments.


> if you really believe that you don’t have anything to hide, feel free to give me your passwords as a proof of concept.

I do not intend to use a privacy service from someone who claims it is easy (it isn't) while confusing privacy with authentication.

I may not wish to give up my password because I don't want actions to be taken in my name: this is irrelevant to privacy concerns.


Then I guess you would have no problem giving him (or anyone else) a read-only access to all your mail that doesn't mention authentication data (passwords and such)?

Or a read-only access to whatever online service you're currently using?


I think nobody values privacy. People don't want to pay for an e-mail account. People don't want to pay for a social network. People don't want to pay to read the news online.

I believe that privacy and free (as free beer) is an utopia.


It is not about the values. people do value privacy, but there is asymmetrical information between service providers and customers. As such, the price goes down to zero and the product quality reflects it.

Economist George Akerlof pointed this out in his 1970 paper "The Market for Lemons: Quality Uncertainty and the Market Mechanism.". The way society fixed it with cars, was to introduce Lemon laws. If they hadn't introduced those laws, people would likely sit here and argue that nobody values what material the car chassis is made of, or if gas fumes leaked into the compartment. Nobody would value safety people would say, as everyone would rather buy the cheap car over the expensive (and more secure) ones.


Of course people will choose "free" over "costs something", if all else is equal. You are not adding much to the debate by pointing that out.

Far more interesting to note that paid services (yes, people used to pay for e-mail) have largely been elbowed out by services that look as though they are free, but actually extract their payments by guile and deceit. Now that the general public is starting to appreciate the value of their personal data, perhaps we'll see a rebalancing of the market.


I believe you missed my point. Most people outside the tech world have no idea who Edward Snowden is and what exactly happened with the NSA scandal.

Computers are just a black box to them with something magical happening underneath (I'm not kidding here). If they don't understand what they are using, how can they understand the tradeoff between something free vs something they pay for?


Are you sure about your first statement? Everyone in my family knows about Snowden. And not because I told them. None of them are even remotely close to the tech world. I'm from Sweden.


Ah yes, Sweden. A place where there is no technology. At all.


The idea that only technology nerds are aware of the NSA scandal is plainly untrue. Right now many members of Congress are upset, and even the President himself has had to provide a response on the issue. This has become front page news that any ordinary person can see as he walks past the newspaper stand.


> I believe you missed my point. Most people outside the tech world have no idea who Edward Snowden is...

So your point is basically that you think "most people" are stupid? Good luck with that.


You said stupid. I say they don't understan because they don't care. Not everyone likes computer, you know.


If you think the Edward Snowden revelations are a "computer" issue, then you've not been paying attention.


I think everybody values privacy, from the youngest to the oldest users.

The issue is that of education--many people haven't made the connection that to get a lot of the neat features they like (geolocation, frictionless sharing, etc.) they need to allow some fairly invasive personal data mining. They don't understand that sharing certain things and using certain apps also causes the data of other people to be exposed.

I think (hope) that if people new more about this, then we'd see the social mores change a bit. Unfortunately, that sort of education and public service announcement takes money, and none of the players in the Valley or elsewhere want to do it, because it would negatively impact their viral coefficients and user engagement.


I value privacy, and I pay for email. I pay for it in part so that it's not gmail and ad-focused. I probably would pay for a social network (if I used social networks).

You got me at news, I like free news. The problem with news is that my news doesn't come from a single source, so I'd feel a little foolish paying for the New York Times (which I read often, and subscribe to their free headline service), since there's so much other good news sources in addition. NYT doesn't seem special enough to pay for, when there are legal ways to read it free and when the same news is often reported elsewhere, and usually reported just as well.

News is tough.


This is basically a rephrasing of the meme "If you're not paying for the product, you are the product".

That meme is grossly outdated.

It's entirely possible (and happens) that you can be both paying for a product and be the product that is sold on (by having your data aggregated, analysed, fed into other systems etc).

Isn't this part of what Big Data actually means? It's essentially a way for a company to get paid at both ends (which I don't have a problem with), but it can create competing incentives between users and companies (which I do have a problem with).

This debate is far more complex than just 'free vs paid'.


Value does not have to be monetary. In the example of an e-mail account, valuing privacy might be choosing a specific host because it has some better ToS or selecting a specific client because it supports PGP well.


I think it's better to avoid encryption unless it's for really sensitive information or knowledge that could hurt you if broadcast. Using Tor or Truecrypt essentially paints a target on your back: you are paradoxically more likely to be under surveillance by agencies if you use them, even if you aren't concealing anything illegal or reprehensible.


"Using Tor or Truecrypt essentially paints a target on your back: you are paradoxically more likely to be under surveillance by agencies if you use them..."

"Paradoxically" you say. I don't think there's a paradox here. I think it's far too rare that people use these tools to protect themselves, and therefore the surveillance community sees it as a potential flag worth investigating.

Therefore, we should all use these tools, make them common place, and force them to learn to be efficient at their jobs tracking down actual risks.


Better yet to get everybody to use encryption, always.


I agree wholeheartedly, but that's like saying we should make everyone use condoms all the time to eliminate AIDS. A perfect solution that is unfortunately unfeasible.


But in this case a smaller group of humans controls the implementation of software, so it's at least a little more feasible.


After the past few months there is virtually no situation in which you should have a reasonable expectation of privacy.


Be that as it may, we can and should seek to create a world where one can have that expectation of privacy.

Pointing to the status quo and saying that's all there is doesn't help us much.

(And yes, I'm being lazy here in not justifying my assertion that we should all be able to have that expectation of privacy; I haven't had my morning coffee yet, so just take it as a lemma.)


If you're talking to someone in a public park, and a stranger with a badge comes up and starts video recording your discussion while commenting "don't mind me, it's just an administrative search", and this happens to pretty much everyone all the time, you DON'T respond with "well, there is virtually no situation in which you should have a reasonable expectation of privacy."


Well, he's right. Expectation of reasonable privacy does not match reality, and therefore is foolish and shouldn't be done.

Not to say that we shouldn't _demand_ privacy.


with regard to most people with a grain insight this article is all about stating the obvious, albeit in very big letters.

I agree nonetheless. apart from the 'give me your passwords' example, that's not what privacy is about. 'automatically cc me all your incoming and outgoing email' might be a better analogy.


Privacy is important. I had a hard time to articulate why but the Groklaw farewell (posted on HN recently) really hit it home for me. Re-read the quotes (in grey): http://www.groklaw.net/article.php?story=20130818120421175


If you do value privacy, please do check us out https://register.blib.us (pre-alpha software, still being written. We are still looking for early adopters). BTW, we did double our pre-alpha users in the past one month!


Maybe I'm completely ignorant of the process, but what is the point of a (marketed as) completely private system that is automatically, and required to be linked to a google account?


Excuse us for being pre-alpha: (and using Google's OpenID): Its a demo of OpenID, which can be migrated to many other providers. In Beta, you should be able to login with 100 other providers, and forget about Google :)


Alpha software and a username of "info collector"? Where do I sign up!?


Random usernames have a way of biting you back. Indeed I've been assigned to collect information from users, and what they want in Blib ( Did not think of the double meaning ). Just click "Register/Sign up" Button here: https://register.blib.us (Currently we only support @gmail addresses and use OpenID to authenticate). :( - I agree that was a bad choice - to pick Google as a provider. Beta should fix this.


this is the wrong way to look at the problem. the better statement is 'nobody should expect privacy (online)' where i would like to stress the brackets around online as much as i can

if you take steps to ensure privacy you should probably realise that they are all futile in the face of someone making a targetted effort to break it...

eavesdropping, espionage, noseyness - these are nothing new... see most of recorded history for examples.


I expect privacy, yet anticipate privacy violations..




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: