Hacker News new | comments | ask | show | jobs | submit login
Privacy And Why It Really Matters (markopolojarvi.com)
67 points by uzero on Nov 28, 2013 | hide | past | web | favorite | 24 comments

The author jumps back-and-forth between statements such as "fundamental rights" and talking about Google ads. I believe he's mixing market and government data harvesting as a single entity. This hurts the thesis as they are somewhat distinct in reality.

I can opt-out of Google (and other networks) ads via technology and market choice (decentralized options are also becoming a reality). But I can never opt-out of state-surveillance. Fundamental rights often only apply to the state for a reason, because of they have a much greater ability to abuse them.

Privacy is a question of associating data to an identity. I can control my identity I provide online services. But I can't obscure my identity to the state without threat of jail/violence.

You could argue the state has to operate within warrants, but as we're seeing this often is not the case, and governments everywhere are attempting to support warrantless wiretapping (such as by the Canadian government again announced this week for police-level investigations, not even national security).

So while I deeply agree with the sentiment, I don't agree with the convergence of the two (market/state) as a singular privacy issue. One is a far greater threat.

I can control my identity I provide online services.

Different levels of pseudonymous identity available only to the technically savvy isn't privacy.

It's a depressing datapoint in the ongoing attrition extinguishing privacy.

edit: I'm not throwing up my hands and saying it is (should be, or will be) dead. Just that your portrayal is an overly optimistic reading of the current state of affairs.

@dmix, good points. However I want to clarify that the point of the article is to provide my counterargument against Zuckerbergian ideology that privacy is not needed/dead. If you are tech savvy enough to escape G/F dragnet surveillance it doesn't mean that others are and there lies the problem.

The difference is I'm quite confident in our industry being able to help people protect their privacy now that it's a mainstream issue. The markets reacting. I'm a strong believer in decentralized web services replacing monolithic ones like GMail. These companies may even get pressure from new information privacy laws about data retention/sharing similar to HEPA and health records.

Whereas I'm completely pessimistic about the possibility of state-surveillance being repelled by policy or technology.

But agreed right now, infosec/privacy is a class war. Only those with sufficient knowledge and resources can live a truly private life.

I would think Upton Sinclair's statement would more likely apply: "It is difficult to get a man to understand something, when his salary depends upon his not understanding it!"

And entrenched power interests rarely choose to give up their power willingly.

That said, I agree along the lines that the tech savvy can assist by making all/nearly all Internet communications encrypted sufficiently that those who wish to spy are once again searching for a needle in a haystack without the benefit of a large electromagnet.

Then it remains to educate non-savvy about the true costs of participation in "free" services. Maybe allowing the "creepiness" factor to be more prominently in evidence, as the images from the "naked body scanner" did for back-scatter scans.

How is the guy marketing the decentralized services going to beat the guys who hate decentralized services, considering those guys already know everything about everyone's customers?

One way might be to let the user push a button to get $20 for giving up some purchase patterns. Ugh ;)

> I believe he's mixing market and government data harvesting as a single entity.

On the other hand, the tools are eerily similar. It would be relatively easy for instance to re-purpose Google's spam filter into a threat detector, or customer profiler. Heck, I wouldn't be surprised if 2 of those three actually share a fair bit of code.

As Eben Moglen said, the main threat is not data going out. It's code going in. Who knows what the vendors will invent, and who knows which of those inventions will be re-purposed or re-implemented a few semesters later.

I believe that another point needs to be made in terms of privacy. If a person does somehow become completely anonymous I every way humanly possible I still don't believe the have their privacy under control.

What I mean by this is that everyone around the person would also need to be private and anonymous. Say I, for example, am not on Faceboook, Twitter, Google+, etc. however my mother, father, brother and sister all have those services they will post something that is related to me or might even post something about me directly.

This can go for friends, co-workers, complete strangers on the street. You could basically never be around anyone with a Internet connected device(which are everywhere by the way).

So what are we supposed to do then?

Even areas that we walk in are associated with something? The rich part of the city, the poor part. In the country side. Anything we do Internet or not is associated with something. This goes for the government "surveillance" or ad targeting. I am all for privacy and I care about mine greatly but I not going to throw my life out the window in order to keep it.

This article sort of blurs what privacy is, conflating it with data analysis. As long as companies anonymize their analysis, then your privacy is kept. If you don't want to share something like an event that happened to you, you don't need to share it on an online social network. That choice is still yours. So is the choice to even use those services. Those companies in question are not releasing the data to the public, and I'm reasonably certain that those doing the data analysis are anonymizing the data when analyzing it (having a positive identity on a person is useless from a statistical standpoint anyway).

Privacy is being able to do things privately without prying eyes. Reading email is a private action. Going to the bathroom is (usually) private. Data harvesting doesn't prevent you from doing these things without anyone identifying who you are, unless it's a government entity doing so, in which case that entity is in the business of positively identifying individuals.

You mean like how AOL anonymized their data? http://arstechnica.com/tech-policy/2009/09/your-secrets-live...

The problem with your "choice to share" is that you don't make that choice between whether you share that info or not, you make it between whether this data can come back to haunt me or not. It's a type of self-censoring which is an important goal for any party looking to suppress unwanted ideas.

But you are making the choice to share it or not. And despite the claim in the article in the OP about TOS agreements, they are as legally binding as other long pieces of documentation out there, including gaming license agreements, leases, employment agreements, loan agreements, credit card contracts, and more. Laziness is not a valid excuse.

And self-censoring is present even if this weren't the norm, and to a degree I'd say should be the norm. For example, a lot of the trashy comments you see in places like 4chan or reddit - those comments are the type that should be censored in most venues, and even those trashy comments have the effect of censoring dissenting views due to overaggressive expression of views by the posters of the trashy comments. Even a place like here, you have self-censorship occurring in the form of people fearful of making certain comments over the threat of downvoting. I don't think that this is a strong line of argument.

Sort of like people are making a decision to carry a (smart)phone in their pocket wherever they go and thus implicitly having the opinion that "Yes I am being tracked, so what?", right?

While it is optional for an individual to opt-out from this behavior, it is not optional for masses of people to do so. It will not happen, because people don't care. They don't know, they are ignorant, they can't bother.

It would be outright foolish not to try to exploit all this data which can be gathered. It has enormous value for example in terms of commercial use and also national security. It isn't hard to come up with legitimate uses where data analysis is benefitical. Besides, if it goes through the internet, along the way there most certainly are hops/parties which would benefit from this data too. It would give "foreign" parties(whatever they might be/mean) an advantage, and that's not going to happen.

I think it is inevitable that lots and lots of data will be gathered about and of what we happen to do in our lives, online or otherwise. Either it is done openly(transparency) or secretly(sort of totalitarianism), but it will be done by someone somewhere. First, because it is possible, and second, because it is valuable.

This claim:

"Then there's Google Chrome that sends every URL you visit to Google "for malware protection""

Seems to be directly contradicted by: https://www.google.com/intl/en/chrome/browser/privacy/ , scroll to "Information Google receives when you use the Safe Browsing feature on Chrome or other browsers"

I removed the sentence because you're right. I assumed it worked like I said but like always, assumption is the mother of all errors. My apologies for the misinformation and thanks for bringing it up.

They do, on the other hand, receive every URL you type via the auto-completion feature on the address bar.

I was wondering about this myself. I've been developing a Chrome extension off/on for the past year and did moderate reading into Chrome, Chromium and how user data is handled. Seemed ok to me. Wireshark doesn't show anything particularly alarming, either. Can anyone else confirm/deny?

I didn't really get a lot out of this, which is something I've come to expect from articles that start with the dictionary entry for the thing they're discussing. It immediately puts me on guard for sophistry and/or bloviation - just my personal experience, but it's pretty reliable.

That said, it's always good to have people writing about this stuff. I'll be trying my hand at some point.

Thanks for the feedback. With a big topics like these it's always hard to draw a line about how much context you provide.

I didn't know using dictionary definitions was a good predictor for the quality of the content but I'll keep that in mind. For me it's just hard to discard dictionary definitions as a tool to convey context when dictionary contain years and years of mental work to compress complex ideas and meanings into sentences that are easy to understand.

Privacy matters though and the cite doesn't have a valid cert... So I can't read this

It's issued by StartSSL and is valid on all the browsers I have tried the site on. Can you tell me what browser (and version) are you using?


Intermediate certificate isn't sent by the server, which might be the issue.

Not the person whom you asked, but I'm getting the same issue on up-to-date mobile Chrome on Note 3 standard build android 4.3

Surprisingly also getting the issue is the Samsung browser on the same android 4.3 phone.

I used to think, Internet is free..... Books are the safest way to learn now ... Privacy is biggest concern for me, as "It's about me having control over what I want to share. ". US you made TERRORIST AND you using them. Can you pls tell me best way to talk to people across Internet, that is secure enough...??????????? mail me at (proton1h1@gmail.com) !

Dear proton1h1,

I barely understand any of what you may be attempting to communicate with this comment. Other than privacy being good and secure internet terrorism being bad, much of the comment was quite confusing. In the future, please compose your posts more carefully, using standard punctuation.

Yours truly,


Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact