Privacy often guides my tech choices, I do have a Facebook account for events but I don’t use their apps and I only log in when I’m invited to something. I try to use DDG though it’s almost impossible to avoid google in my language. And so on, but one area I can’t avoid is banks, and I’ve been wondering why they are sneaking past the privacy talks.
I’m Danish and we’re rather digitized. I mean, I have a national ID that can authenticate me anywhere that support it that runs in a mobile app. I use it for things like banking. Anyway, we also have a range of financial apps. Two are particularly interesting in terms of privacy. One of them is called mobilepay, and mainly handles transactions between small shops or when you need to send/request money between friends. As such it knows who my closest friends are more accurately than Facebook ever did, because I never Facebook chatted with people I see every day, I do however go to various events with them where we manage the bill with mobilepay. And since mobile pay isn’t just linked to a contact, but an actual phone number they have that too.
That’s not really the part that worries me though. It’s the way they track my purchases. Mobilepay lets you do electronic receipts, meaning they can read what you buy. It’s voluntary so you could opt out of it, but we have another app called Spir which helps you budget and organise your private economy by accessing your accounts through bank APIs. Spir can also see what you purchase, so even if you’re not opting into it, banks tack everything we buy unless we’re using cash. I’m not sure if this has to do with our national payment-card called Dankortet (kind of a mixed credit/debit card, but not exactly) or it’s just how modern transactions work. However that information is much more accurate than my search history.
I have anxiety, I also recently had a hemorrhoid, I’m fairly certain google might think I have cancer. My bank knows that’s wrong though, because they know I bought hemorrhoid medicine at the pharmacy.
For example, in Sweden, we have stores that are kontantfri (cash-free) and it's projected that almost all of Sweden will be cash-free by 2023[0] to 2025[1]. (Sorry the links are in Swedish but you should be able to use <your chosen provider here> to translate them to your language.)
Given that the nordics tend to trend together, I imagine that Denmark is relatively along the same path to being cash-free, as well.
I think a better (but more complicated) alternative would be to use two different SIMs for separating those apps from an every-day number; however, that comes with the problem of carrying a second phone. Dual-SIM would just present a surface to tie the two numbers together but so would the two phones being in the same area (in proximity of each other) almost all of the time.
In other words, I don't really know how to solve this problem because it depends on everyone else not jumping on the bandwagon; however, to your suggestion, cash will not be a viable option for any purchases - much less, sensitive ones - in the very near future.
While it may technically be fraud, the registration information for non-reloadable cards is only a name and address, which is not verified. If the processor uses an AVS check (in the US, this is usually just the ZIP code), then whatever you enter must match what you registered with, but that could be... whatever.
When one considers how fat the deck is stacked against individual consumers in today's market, I would be inclined to tolerate some Thoreau-style civil disobedience on this. The desire for privacy -- to effectively "use cash" at "cashless" establishments -- may require the need to engage in this activity.
The other question would be, who is being damaged by this fraud? Presumably the seller of the card (and banks/processors in between), who would like to link all your card purchases to some master profile. Well, I wouldn't begrudge anyone with disobedience on that one too. They're still collecting fees on every purchase.
From some discussions about this letter I gather that it can be easily dismissed by court because it reeks of "bad faith" and not a legitimate concern.
> From some discussions about this letter I gather that it can be easily dismissed by court because it reeks of "bad faith" and not a legitimate concern.
Do you have more details about which particular sections "reek of bad faith"?
It's not any particular section, rather the tone and the breadth. One easy answer to such a letter is "please read our privacy policy and come back when you have more specific questions". Your company's privacy policy should cover almost all of the "concerns" covered in this letter. Bad faith comes from the fact that a sender of such a letter has, quite obviously, done zero due diligence. The spirit of GDPR is not to fuck with everybody around, it is to force companies to be more responsible overall.
This is why those OATH and similar dialogs are so jarring, the correct implementation should be opt out by default without being bothered every time one visits a website.
Funny. My favorite example to demonstrate why people do absolutely not care about privacy is Signal. In terms of privacy it is a superior messenger to Whatsapp and Telegram, but in terms of usability and convenience it is horrible and that is the only reason why it is not used. Convenience and usability will beat security and privacy every single time. I know it sucks, but it is what it is.
Signal isn't particularly inconvenient, but it is ugly compared to every other mainstream app -- and looks matter.
The reason I stopped recommending Signal to anyone is that its message delivery is abysmal compared to everything else. When I was using it regularly, maybe 5% of messages wouldn't be delivered right away; they'd get there a few days later, or up to a week later. I don't understand that failure mode, but after having a panic over a pet sitter not getting some instructions (the pets were fine) I tried out Telegram; never had one delivery failure in about 8 months of heavy use.
It's a shame, because I liked Signal.
The other showstopper Signal has is also a UI thing; you cannot set a contact to "never use Signal". Which means, if you get one of your family to start using it, and they don't like it and uninstall it, you're forever forcing Signal to "send via SMS" to that contact. They can "unregister" but you can't do that for them.
I had two or three people who I'd send a message to, not hear a response, 30 minutes later realize that it went to their nonexistent signal account, reset as SMS and got an instant reply. Very irritating for a messaging app and so easily solved.
Using Signal isn't all that inconvenient, it's just not a pretty app. It does what it advertises, it sends messages, photos, voice memos with a few extras like disappearing messages. Sure, it's missing the 'frilly' features like Samsung and Apple have in their messengers but it gets it's job done considerably well. I think Signal is actually a better example of an application where the privacy/convenience trade off is rather mild. There are no requirements to authenticate each time you open it, you can choose weather or not to allow in-app screenshots, it still sends SMS (on Android) so it can replace your built in SMS without having to switch between secure and non-secure apps for messaging.
I hear you. I use Signal. Despite having only negative experiences interacting with their development team on Github.
But I've used it since the TextSecure days and will continue to do so until the company is compromised. ~80% of my friends use it to contact me, at my request, many also since the TextSecure days when usability concerns were even more of an issue.
As the sibling says, Signal really isn't that bad for convenience. I didn't have much difficulty switching my family to it.
I suspect use of messaging apps other than Signal has little to do with the convenience delta and more to do with the network size delta.
Excuse my ignorance, but isn't Whatsapp encrypted end to end? The only information available to Facebook is meta-data, who I was sending to, what time, response time, etc.
Is there anything I'm missing? If not, how does Signal deal w/ meta-data?
I think people would care more see if they could see how much data on them companies have, where it goes and what it's used for. I think they don't really understand the extent of the data collection and selling.
It is not only what the data is currently used for (mainly ads), but what it could be used for in the future: once collected, any data will be kept forever.
And that is much more frightening.
People would care about data if it actually impacted anyone in a tangible negative way. IRL getting served relevant ads and simply having 'more data out there' isn't terrible enough to make most people give up using the Internet.
It's not that something impacts people in a negative way, time and causual linking are paramount. Like slow cooking a frog, if the rate of change (e.g., decline) is slow or even delayed enough, most people won't connect the two events of cause and negative consequences.
If something effects people in a negative way and they see or are effected by the consequences immediately, they often react quite rationally from my experience. If there's any time casual separation, ambiguity, or a time delay resulting in such ambiguity, most simply shrug and accept consequences as "the way things are."
They would care more, yes. But given the limited bandwidth for outrage, unless something is actually done about it, it becomes tacit approval, and the ratcheting up of the surveillance continues.
(...)a recently graduated researcher at Harvard who set out to test the privacy paradox.
His conclusion: We do care about our privacy, even if we don’t always act in our best interests.
FYI: This is the privacy paradox. The author seems to assume it means that people just don't care...which wouldn't be paradox. No, the idea is that people rate privacy very high or even place a lot of value in it in sandbox behavior experiments, like the one described in the article. Thus it is surprising how people then behave "in the wild", There are a lot of theories about the Why, which I recommend you to read up upon if interested.
It would help and also show professionalism IMO if the author wouldn't just link other oversimplified articles from NYT when quoting science...
Simple explanation for the "Why" is that caring about something takes mental resources, and our consumerist free market is optimized towards extracting all our available mental cycles and put them either to produce or to consume, for the benefit of the companies that make up the economy.
Life is easier if you just follow the script and go along. Any remaining resources for "caring" about your life and your best interests must be detracted from the race to make a living, and not everyone is in a financial position to afford that luxury. Quite a departure from the vision of the founding fathers who designed our political system, who were people in a position to care for such things.
I seem to value my privacy more than most people around me. That is why I left windows and installed Linux on all my machines.
I have un-googled my life as much as possible and don't have any social media where you post under your real name. I think more people should follow suite.
It can actually passively increase contacts if you are not on facebook. Had already two cases where people from the almost long forgotten past called me to ask why I am such a ghost on the net. Was really nice hearing from them again. Couldn't convince me to join social media though.
Nice to hear, but I think it's mostly the reverse. I have missed parties, missed group convos that I probably should've known about etc because I don't have facebook.
1. it fails to address their actual argument, which is that they have nothing to hide from companies or the government, especially law enforcement.
2. it fails to convey the actual threat of loss of privacy: the threat to democracy and freedom of speech when journalists can't protect their sources, lawyers can't be trusted by their clients, etc.
I therefore prefer to emphasise that latter point, that even though they might have nothing to hide, people they should care about do.
Although lately it's become easier to convince people that even they have something to hide: as political actors (e.g. Cambridge Analytica) learn more about them from their data, they can target you (and people like you) with tailor-made lies to influence who you (and people like you) vote for.
Doesn't convince or even interest everyone, of course, but more than before.
In my personal experience the people who use the 'I have nothing to hide' argument, use it because they are unwilling to expend the cognitive effort to delve into the topic in any meaningful way.
Trying to reason with someone about some topic they didn't use reason to get to their position on in the first place is often a losing proposition.
So these days I just say "if you don't want to even think about some problem or issue, you should just come out and say 'I don't want to think about this' instead of saying something so obviously and unambiguously ignorant. That just makes you look bad". Then I move on. I can't make folks think. I can't save them from themselves and their privacy isn't the hill I'm going to die on.
>So these days I just say "if you don't want to even think about some problem or issue, you should just come out and say 'I don't want to think about this' instead of saying something so obviously and unambiguously ignorant. That just makes you look bad". Then I move on.
Of course it's dismissive. This is because "I don't have anything to hide" is not an invitation for some long drawn out discussion about the intersection of philosophy, technology, culture, and civil rights. It's a no-thought dismissal. Pretending it's anything else is a waste of time and fundamentally dishonest.
You can't seriously discuss the threat to democracy and free society because the overwhelming majority of the people who care about privacy want to leave back doors to see that behavior used against the various boogeymen they don't like.
Everyone talks grand about protecting privacy in threads like this but when it comes down to it we vote for politicians who promise to institute invasive background checks for gun owners and use Facebook surveillance to root out white supremacists.
IMO while definitely good for society the general acceptance of homosexuality and weed use are two big blows to privacy because those were very relatable and common things that people wanted to stay hidden.
> which is that they have nothing to hide from companies or the government, especially law enforcement
Which is not true when you consider that all your life events are being used to estimate your suitability for life changing opportunities like getting a job or a mortgage or a visa.
Sure, that's related to my final paragraph as well. But I'm not saying that their argument is correct; just that "why do you lock your bathroom door" is not a sufficient rebuttal of it.
I'm not sure that actually helps, because most people don't consider personal embarrassment similar to the serious reasons privacy is important.
For example, the consequence of the bathroom door being opened is fairly predictable and honestly, benign. But the consequence of someone gaining power of your life through knowing information that you thought was private is quite unfathomable. Which is why we often describe it as "creepy" even though we can't actually assign any specific negative consequence to it. Perhaps the most important thing of all is that humans have simply evolved to have this "creepy" detector as a built in defense mechanism, and we find it very disturbing and psychologically upsetting when it goes off. The simple fact that this is the human condition (whether valid or not) is sufficient to warrant it being respected.
A better reply is: "Saying you don't care about privacy because you have nothing to hide is the same as saying you don't care about free speech because you have nothing to say."
And yet you guard your drink at a big open party, not because you want to hide what you're drinking, but because you don't want some creepy strangers meddling with it to take advantage of you.
I once heard a better phrase, but I now realise I've forgotten it and can only paraphrase.. But it was something like, "There's a difference between annonymity and privacy. Privacy is when you go toilet and lock the door even though everyone knows what you're doing".
There exist social norms for bathroom use, but many yet for online privacy. You may be more effectual in your approach with a more direct recognition of this fact, for example by explaining that un-encrypted email may be retained forever and used in unexpected ways, like for marketing purposes, or to train machine learning models. These obvious violation of personal data ownership are more palpable and a stronger call for action, I think.
All that shows to me is that the perceived value of being able to use gmail or Zuck's vanity mirror is somewhat more than $2.50 (still less than a decent cup of coffee). But honestly, haggling over the right price for one's data doesn't count as giving a shit for one's privacy with me.
It makes me think that there are, at least, 2 ways to move forward:
- What can we do about this situation we are in ? Is it a problem that Technology can solve (I'm thinking about startup in the privacy field) or it's more political and in this case it will take years to fix.
- What can we do about the other fields where we still have some power ? Like Smart Assistant, self driving cars with AI. Someday we are going to wake up again and realize that again someone used one our of weakness and abused it.
It will again return against ourselves by restraining our freedom and/or make us more dumb.
I'm sure history has many examples about that global behavior: "change for the worst, acknowledge it, repeat".
What is the way to avoid taking that direction again ? I'm not sure education is the answer nor politic or technology... I'm out of answers...
Thanks for the links, so from Bruce Schneier, the problem needs to be taken care of by citizens (politic) like it was done for many industries (car, food, pharma...). Except that this is going to be much more complex in the information era where everything is a computer. Hence there is a need to have tech people in the public sector to help decisions to be wisely made. Enforcing the rules is the only way to make the industry to change, in this case, in terms of security and privacy.
However I tend to think I have more power as a consumer than as a citizen. I spent dollars everyday while I vote every 2 years. It seems that since there is no other way, the last resort is to go through the political way. I'm happy we have governments but still, I'm convinced there is a way to convince consumer. Do you ?
I personally agree with Schneier. I don't see how BigTech can be made to respect privacy given the current status quo and the data wars. I think regulation and government intervention is very much necessary at this point.
In some instances, BigTech, BigTelco, and govts have incentives aligned (surveillance and censorship), so its paramount for folks part of the tech industry to help steer the conversation and laws.
Correct me if I'm wrong, but it really sounds like the study was also comparing people's attitudes about gaining $X vs losing $X. It is well known that people hate losing money more than they enjoy gaining it.
If that is the case, then it invalidates the conclusions.
Here is some anecdotal historical context. Recently my parents were reminiscing at a family event about mid 20th century small town American life. The local telephone exchange operator (always a woman) could freely listen in on any telephone conversation going through the switchboard. It was not unusual for a teenage girl to substitute for the regular operator. Everyone in town was at least vaguely aware. No one cared.
But that girl probably couldn't listen to all calls simultaneously, did not have a photographic memory, didn't live in a society where a sentence could ruin your career, didn't share the deepest secrets with advertisers, didn't act as a spy for intelligence agencies and created a dosier on basically everyone.
I wouldn't have cared much either. But the environment is profoundly different today.
People also didn't have a great deal of privacy at either end of the phone conversation, anyway. The phone would've been in a central location in a house, attached to a wall. Back then you wouldn't be hidden away in a bedroom, saying salacious things.
> Here is some anecdotal historical context. Recently my parents were reminiscing at a family event about mid 20th century small town American life. The local telephone exchange operator (always a woman) could freely listen in on any telephone conversation going through the switchboard. It was not unusual for a teenage girl to substitute for the regular operator. Everyone in town was at least vaguely aware. No one cared.
Would you agree to let your calls be recorded and posted on a website? How about when you call your bank and verify your identity? I truly doubt that "no one cared" but maybe less sensitive business was conducted over the phone in those days.
You probably need an SS or Stasi (Nazi / East German secret police) to get people to actually understand and value their privacy. It's just too invisible and intangible of a thing to properly recognize and value, without the "aid" of losing it and experiencing the result.
It's a bit like news sensationalism. It just doesn't get processed because it doesn't trigger your brain's "simple" circuitry. Since you don't notice Google or Facebook building their huge databases with all kinds of information about you, it seems like it doesn't concern you. It doesn't hurt and in most cases doesn't incite fear. And you can't quite hump or eat it either.
Maybe we need some huge privacy disaster to learn this the "hard" way. Seems preferable to a bout of fascism at least. I'm not sure how else we can make headway on this. (And don't get me started on GDPR... it's an annoying dialog box that people click "Accept" on.)
The loss of privacy was not the issue with SS. Then being elite soldiers of group that believed in lack of empathy, domination and valued ruthlessness and loyalty above all else was.
Likewise, the issue with Stasi was torturing, imprisoning and killing people.
I get what you mean, but there is too long slippery slope between privacy on web and these. And they did not slide that way anyway.
Sorry, I should've been more clear on what I meant with the SS. Some (dutch, I think?) cities had registrations of their citizens with religious affiliation listed. The SS got a hold of that "database" and used it for their purposes.
As far as the Stasi is concerned, I just disagree with you. The Stasi was really about gathering as much information as they could get their hands on. They didn't have to torture people, blackmail was much easier for them.
And, yeah, neither of these is connected to web privacy. I'm trying to make the argument that privacy is just hard to grasp. "People care more about privacy than they think." You don't notice till it's gone. SS and Stasi were wholly different situations, but at least for the latter it had the effect of people understanding the value of privacy. GDR citizens knew the Stasi was surveilling them. They knew saying certain things would mean they'd never get their children into university, or they'd just lose their place on the waiting list for a car. The effects were close enough to be noticed.
Gerrit van der Veen, Willem Arondéus, Johan Brouwer, Rudi Bloemgarten. specifically destroyed municipal records in a moonumental act of defiance to the Nazis:
Having a database of all their opponents had a big part in there being no one to stop them. Haven't you heard that poem of "First they came for the Communists..."?
I'd assume privacy concerns are not the only thing being measured with this sort of experiment. People also worry about their accounts being somehow used for spam.
Privacy often guides my tech choices, I do have a Facebook account for events but I don’t use their apps and I only log in when I’m invited to something. I try to use DDG though it’s almost impossible to avoid google in my language. And so on, but one area I can’t avoid is banks, and I’ve been wondering why they are sneaking past the privacy talks.
I’m Danish and we’re rather digitized. I mean, I have a national ID that can authenticate me anywhere that support it that runs in a mobile app. I use it for things like banking. Anyway, we also have a range of financial apps. Two are particularly interesting in terms of privacy. One of them is called mobilepay, and mainly handles transactions between small shops or when you need to send/request money between friends. As such it knows who my closest friends are more accurately than Facebook ever did, because I never Facebook chatted with people I see every day, I do however go to various events with them where we manage the bill with mobilepay. And since mobile pay isn’t just linked to a contact, but an actual phone number they have that too.
That’s not really the part that worries me though. It’s the way they track my purchases. Mobilepay lets you do electronic receipts, meaning they can read what you buy. It’s voluntary so you could opt out of it, but we have another app called Spir which helps you budget and organise your private economy by accessing your accounts through bank APIs. Spir can also see what you purchase, so even if you’re not opting into it, banks tack everything we buy unless we’re using cash. I’m not sure if this has to do with our national payment-card called Dankortet (kind of a mixed credit/debit card, but not exactly) or it’s just how modern transactions work. However that information is much more accurate than my search history.
I have anxiety, I also recently had a hemorrhoid, I’m fairly certain google might think I have cancer. My bank knows that’s wrong though, because they know I bought hemorrhoid medicine at the pharmacy.
You can always shoot a couple of GDPR data requests...
And you can use cash for sensitive purchases.
>And you can use cash for sensitive purchases.
This isn't always a viable option.
For example, in Sweden, we have stores that are kontantfri (cash-free) and it's projected that almost all of Sweden will be cash-free by 2023[0] to 2025[1]. (Sorry the links are in Swedish but you should be able to use <your chosen provider here> to translate them to your language.)
Given that the nordics tend to trend together, I imagine that Denmark is relatively along the same path to being cash-free, as well.
I think a better (but more complicated) alternative would be to use two different SIMs for separating those apps from an every-day number; however, that comes with the problem of carrying a second phone. Dual-SIM would just present a surface to tie the two numbers together but so would the two phones being in the same area (in proximity of each other) almost all of the time.
In other words, I don't really know how to solve this problem because it depends on everyone else not jumping on the bandwagon; however, to your suggestion, cash will not be a viable option for any purchases - much less, sensitive ones - in the very near future.
[0] - https://computersweden.idg.se/2.2683/1.690197/kontanter-slut...
[1] - https://www.compricer.se/nyheter/artikel/24-mars-2023--da-ar...
Could you buy pre-paid credit cards with cash? then use a different one each month/week/day depending on your level of concern?
Pre paid cards need to be registered before you can use them, so they have all the same details as just using your cc. Faking these details is fraud.
While it may technically be fraud, the registration information for non-reloadable cards is only a name and address, which is not verified. If the processor uses an AVS check (in the US, this is usually just the ZIP code), then whatever you enter must match what you registered with, but that could be... whatever.
When one considers how fat the deck is stacked against individual consumers in today's market, I would be inclined to tolerate some Thoreau-style civil disobedience on this. The desire for privacy -- to effectively "use cash" at "cashless" establishments -- may require the need to engage in this activity.
The other question would be, who is being damaged by this fraud? Presumably the seller of the card (and banks/processors in between), who would like to link all your card purchases to some master profile. Well, I wouldn't begrudge anyone with disobedience on that one too. They're still collecting fees on every purchase.
As GDPR Data Requests go, the following "GDPR Nightmare Letter" has impressed me since it came out 2 years ago:
https://www.linkedin.com/pulse/nightmare-letter-subject-acce...
Of course this is an overkill, but it gives a good starting point - feel free to reduce it to serve your needs.
From some discussions about this letter I gather that it can be easily dismissed by court because it reeks of "bad faith" and not a legitimate concern.
> From some discussions about this letter I gather that it can be easily dismissed by court because it reeks of "bad faith" and not a legitimate concern.
Do you have more details about which particular sections "reek of bad faith"?
It's not any particular section, rather the tone and the breadth. One easy answer to such a letter is "please read our privacy policy and come back when you have more specific questions". Your company's privacy policy should cover almost all of the "concerns" covered in this letter. Bad faith comes from the fact that a sender of such a letter has, quite obviously, done zero due diligence. The spirit of GDPR is not to fuck with everybody around, it is to force companies to be more responsible overall.
This is why those OATH and similar dialogs are so jarring, the correct implementation should be opt out by default without being bothered every time one visits a website.
Funny. My favorite example to demonstrate why people do absolutely not care about privacy is Signal. In terms of privacy it is a superior messenger to Whatsapp and Telegram, but in terms of usability and convenience it is horrible and that is the only reason why it is not used. Convenience and usability will beat security and privacy every single time. I know it sucks, but it is what it is.
Signal isn't particularly inconvenient, but it is ugly compared to every other mainstream app -- and looks matter.
The reason I stopped recommending Signal to anyone is that its message delivery is abysmal compared to everything else. When I was using it regularly, maybe 5% of messages wouldn't be delivered right away; they'd get there a few days later, or up to a week later. I don't understand that failure mode, but after having a panic over a pet sitter not getting some instructions (the pets were fine) I tried out Telegram; never had one delivery failure in about 8 months of heavy use.
It's a shame, because I liked Signal.
The other showstopper Signal has is also a UI thing; you cannot set a contact to "never use Signal". Which means, if you get one of your family to start using it, and they don't like it and uninstall it, you're forever forcing Signal to "send via SMS" to that contact. They can "unregister" but you can't do that for them.
I had two or three people who I'd send a message to, not hear a response, 30 minutes later realize that it went to their nonexistent signal account, reset as SMS and got an instant reply. Very irritating for a messaging app and so easily solved.
Using Signal isn't all that inconvenient, it's just not a pretty app. It does what it advertises, it sends messages, photos, voice memos with a few extras like disappearing messages. Sure, it's missing the 'frilly' features like Samsung and Apple have in their messengers but it gets it's job done considerably well. I think Signal is actually a better example of an application where the privacy/convenience trade off is rather mild. There are no requirements to authenticate each time you open it, you can choose weather or not to allow in-app screenshots, it still sends SMS (on Android) so it can replace your built in SMS without having to switch between secure and non-secure apps for messaging.
I hear you. I use Signal. Despite having only negative experiences interacting with their development team on Github.
But I've used it since the TextSecure days and will continue to do so until the company is compromised. ~80% of my friends use it to contact me, at my request, many also since the TextSecure days when usability concerns were even more of an issue.
Perhaps we are both living in bubbles?
As the sibling says, Signal really isn't that bad for convenience. I didn't have much difficulty switching my family to it. I suspect use of messaging apps other than Signal has little to do with the convenience delta and more to do with the network size delta.
Excuse my ignorance, but isn't Whatsapp encrypted end to end? The only information available to Facebook is meta-data, who I was sending to, what time, response time, etc.
Is there anything I'm missing? If not, how does Signal deal w/ meta-data?
"20th century democracies found out that people care strongly about their human rights, but they were easily distracted from them."
-- Hoyt Kingston, "Dystopias that brought us here"
I think people would care more see if they could see how much data on them companies have, where it goes and what it's used for. I think they don't really understand the extent of the data collection and selling.
It is not only what the data is currently used for (mainly ads), but what it could be used for in the future: once collected, any data will be kept forever. And that is much more frightening.
People would care about data if it actually impacted anyone in a tangible negative way. IRL getting served relevant ads and simply having 'more data out there' isn't terrible enough to make most people give up using the Internet.
It's not that something impacts people in a negative way, time and causual linking are paramount. Like slow cooking a frog, if the rate of change (e.g., decline) is slow or even delayed enough, most people won't connect the two events of cause and negative consequences.
If something effects people in a negative way and they see or are effected by the consequences immediately, they often react quite rationally from my experience. If there's any time casual separation, ambiguity, or a time delay resulting in such ambiguity, most simply shrug and accept consequences as "the way things are."
Somewhere in there is a game theoretic analysis involving corporations and populations, not individuals
They would care more, yes. But given the limited bandwidth for outrage, unless something is actually done about it, it becomes tacit approval, and the ratcheting up of the surveillance continues.
It would help and also show professionalism IMO if the author wouldn't just link other oversimplified articles from NYT when quoting science...
Simple explanation for the "Why" is that caring about something takes mental resources, and our consumerist free market is optimized towards extracting all our available mental cycles and put them either to produce or to consume, for the benefit of the companies that make up the economy.
Life is easier if you just follow the script and go along. Any remaining resources for "caring" about your life and your best interests must be detracted from the race to make a living, and not everyone is in a financial position to afford that luxury. Quite a departure from the vision of the founding fathers who designed our political system, who were people in a position to care for such things.
I seem to value my privacy more than most people around me. That is why I left windows and installed Linux on all my machines.
I have un-googled my life as much as possible and don't have any social media where you post under your real name. I think more people should follow suite.
It can actually passively increase contacts if you are not on facebook. Had already two cases where people from the almost long forgotten past called me to ask why I am such a ghost on the net. Was really nice hearing from them again. Couldn't convince me to join social media though.
Nice to hear, but I think it's mostly the reverse. I have missed parties, missed group convos that I probably should've known about etc because I don't have facebook.
If someone says they don't have anything to hide, my reply is "then why do you lock the bathroom door"?
I strongly dislike that reply, because
1. it fails to address their actual argument, which is that they have nothing to hide from companies or the government, especially law enforcement.
2. it fails to convey the actual threat of loss of privacy: the threat to democracy and freedom of speech when journalists can't protect their sources, lawyers can't be trusted by their clients, etc.
I therefore prefer to emphasise that latter point, that even though they might have nothing to hide, people they should care about do.
Although lately it's become easier to convince people that even they have something to hide: as political actors (e.g. Cambridge Analytica) learn more about them from their data, they can target you (and people like you) with tailor-made lies to influence who you (and people like you) vote for.
Doesn't convince or even interest everyone, of course, but more than before.
In my personal experience the people who use the 'I have nothing to hide' argument, use it because they are unwilling to expend the cognitive effort to delve into the topic in any meaningful way.
Trying to reason with someone about some topic they didn't use reason to get to their position on in the first place is often a losing proposition.
So these days I just say "if you don't want to even think about some problem or issue, you should just come out and say 'I don't want to think about this' instead of saying something so obviously and unambiguously ignorant. That just makes you look bad". Then I move on. I can't make folks think. I can't save them from themselves and their privacy isn't the hill I'm going to die on.
>So these days I just say "if you don't want to even think about some problem or issue, you should just come out and say 'I don't want to think about this' instead of saying something so obviously and unambiguously ignorant. That just makes you look bad". Then I move on.
That seems overly dismissive and presumptuous.
Of course it's dismissive. This is because "I don't have anything to hide" is not an invitation for some long drawn out discussion about the intersection of philosophy, technology, culture, and civil rights. It's a no-thought dismissal. Pretending it's anything else is a waste of time and fundamentally dishonest.
You can't seriously discuss the threat to democracy and free society because the overwhelming majority of the people who care about privacy want to leave back doors to see that behavior used against the various boogeymen they don't like.
Everyone talks grand about protecting privacy in threads like this but when it comes down to it we vote for politicians who promise to institute invasive background checks for gun owners and use Facebook surveillance to root out white supremacists.
IMO while definitely good for society the general acceptance of homosexuality and weed use are two big blows to privacy because those were very relatable and common things that people wanted to stay hidden.
> which is that they have nothing to hide from companies or the government, especially law enforcement
Which is not true when you consider that all your life events are being used to estimate your suitability for life changing opportunities like getting a job or a mortgage or a visa.
Sure, that's related to my final paragraph as well. But I'm not saying that their argument is correct; just that "why do you lock your bathroom door" is not a sufficient rebuttal of it.
I'm not sure that actually helps, because most people don't consider personal embarrassment similar to the serious reasons privacy is important.
For example, the consequence of the bathroom door being opened is fairly predictable and honestly, benign. But the consequence of someone gaining power of your life through knowing information that you thought was private is quite unfathomable. Which is why we often describe it as "creepy" even though we can't actually assign any specific negative consequence to it. Perhaps the most important thing of all is that humans have simply evolved to have this "creepy" detector as a built in defense mechanism, and we find it very disturbing and psychologically upsetting when it goes off. The simple fact that this is the human condition (whether valid or not) is sufficient to warrant it being respected.
A better reply is: "Saying you don't care about privacy because you have nothing to hide is the same as saying you don't care about free speech because you have nothing to say."
That's a Snowden quote, isn't it?
Very possibly, it is not mine in any case.
Thanks for this punchline which starts better than a long an laborious argumentation.
And yet you guard your drink at a big open party, not because you want to hide what you're drinking, but because you don't want some creepy strangers meddling with it to take advantage of you.
respect for others that don't want to see me half naked while on the toilet? I don't lock the bathroom door at home.
I once heard a better phrase, but I now realise I've forgotten it and can only paraphrase.. But it was something like, "There's a difference between annonymity and privacy. Privacy is when you go toilet and lock the door even though everyone knows what you're doing".
I wish I could rememnber the phrase!
There exist social norms for bathroom use, but many yet for online privacy. You may be more effectual in your approach with a more direct recognition of this fact, for example by explaining that un-encrypted email may be retained forever and used in unexpected ways, like for marketing purposes, or to train machine learning models. These obvious violation of personal data ownership are more palpable and a stronger call for action, I think.
Or the Bradley Chait / Edward Drummond email (I'm reassigning noteriety to the violators of privacy norms, not its victim):
https://www.snopes.com/fact-check/under-the-yum-yum-tree/
All that shows to me is that the perceived value of being able to use gmail or Zuck's vanity mirror is somewhat more than $2.50 (still less than a decent cup of coffee). But honestly, haggling over the right price for one's data doesn't count as giving a shit for one's privacy with me.
It makes me think that there are, at least, 2 ways to move forward:
- What can we do about this situation we are in ? Is it a problem that Technology can solve (I'm thinking about startup in the privacy field) or it's more political and in this case it will take years to fix.
- What can we do about the other fields where we still have some power ? Like Smart Assistant, self driving cars with AI. Someday we are going to wake up again and realize that again someone used one our of weakness and abused it. It will again return against ourselves by restraining our freedom and/or make us more dumb.
I'm sure history has many examples about that global behavior: "change for the worst, acknowledge it, repeat". What is the way to avoid taking that direction again ? I'm not sure education is the answer nor politic or technology... I'm out of answers...
These Bruce Schneier Talks at Google try to explain this:
Liars and Outliers: https://youtu.be/m3NJ-Ow2Lvg
Click Here to Kill: https://youtu.be/GkJCI3_jbtg
Hidden Battles to Collect Your Data and Control Your World: https://youtu.be/GhWJTWUvc7E
Highly recommended it since you seem interested.
Thanks for the links, so from Bruce Schneier, the problem needs to be taken care of by citizens (politic) like it was done for many industries (car, food, pharma...). Except that this is going to be much more complex in the information era where everything is a computer. Hence there is a need to have tech people in the public sector to help decisions to be wisely made. Enforcing the rules is the only way to make the industry to change, in this case, in terms of security and privacy.
However I tend to think I have more power as a consumer than as a citizen. I spent dollars everyday while I vote every 2 years. It seems that since there is no other way, the last resort is to go through the political way. I'm happy we have governments but still, I'm convinced there is a way to convince consumer. Do you ?
I personally agree with Schneier. I don't see how BigTech can be made to respect privacy given the current status quo and the data wars. I think regulation and government intervention is very much necessary at this point.
In some instances, BigTech, BigTelco, and govts have incentives aligned (surveillance and censorship), so its paramount for folks part of the tech industry to help steer the conversation and laws.
The problem is inherently one of norms, values, law, and regulation, not infotech itself.
Make data a liability.
> Is it a problem that Technology can solve (I'm thinking about startup in the privacy field)
Probably yes, at least in part. See https://puri.sm.
> ...anything that relies on people taking it upon themselves to protect their data is doomed.
This isn't enlightenment...this has been meta since...the internet was born?
Correct me if I'm wrong, but it really sounds like the study was also comparing people's attitudes about gaining $X vs losing $X. It is well known that people hate losing money more than they enjoy gaining it.
If that is the case, then it invalidates the conclusions.
I hope privacy becomes a core thing people care about, as much as having a right to free speech.
It already is a bit but it isn't quite mainstream enough.
It's more like a nerds concern, but it should be everyone's.
Maybe because free speech is guaranteed by the Constitution but not privacy.
Here is some anecdotal historical context. Recently my parents were reminiscing at a family event about mid 20th century small town American life. The local telephone exchange operator (always a woman) could freely listen in on any telephone conversation going through the switchboard. It was not unusual for a teenage girl to substitute for the regular operator. Everyone in town was at least vaguely aware. No one cared.
But that girl probably couldn't listen to all calls simultaneously, did not have a photographic memory, didn't live in a society where a sentence could ruin your career, didn't share the deepest secrets with advertisers, didn't act as a spy for intelligence agencies and created a dosier on basically everyone.
I wouldn't have cared much either. But the environment is profoundly different today.
People also didn't have a great deal of privacy at either end of the phone conversation, anyway. The phone would've been in a central location in a house, attached to a wall. Back then you wouldn't be hidden away in a bedroom, saying salacious things.
> Here is some anecdotal historical context. Recently my parents were reminiscing at a family event about mid 20th century small town American life. The local telephone exchange operator (always a woman) could freely listen in on any telephone conversation going through the switchboard. It was not unusual for a teenage girl to substitute for the regular operator. Everyone in town was at least vaguely aware. No one cared.
Would you agree to let your calls be recorded and posted on a website? How about when you call your bank and verify your identity? I truly doubt that "no one cared" but maybe less sensitive business was conducted over the phone in those days.
Yeah this is not the same at all.
That one phone exchange operator couldn't make hundreds of billions of dollars by selling access to the information for advertising for example.
When I think about the privacy I value, it's more like I don't want to be manipulated and have a soulless corporation benefiting from my private life.
Small town gossip and eavesdropping is human and harmless, but I'd be pissed off at phone lady too.
Maybe the townsfolk weren't because they knew her and she was harmless or not creepy or something.
> as much as having a right to free speech.
...which people also seem to be caring about less: https://www.pewresearch.org/fact-tank/2015/11/20/40-of-mille...
You probably need an SS or Stasi (Nazi / East German secret police) to get people to actually understand and value their privacy. It's just too invisible and intangible of a thing to properly recognize and value, without the "aid" of losing it and experiencing the result.
It's a bit like news sensationalism. It just doesn't get processed because it doesn't trigger your brain's "simple" circuitry. Since you don't notice Google or Facebook building their huge databases with all kinds of information about you, it seems like it doesn't concern you. It doesn't hurt and in most cases doesn't incite fear. And you can't quite hump or eat it either.
Maybe we need some huge privacy disaster to learn this the "hard" way. Seems preferable to a bout of fascism at least. I'm not sure how else we can make headway on this. (And don't get me started on GDPR... it's an annoying dialog box that people click "Accept" on.)
The loss of privacy was not the issue with SS. Then being elite soldiers of group that believed in lack of empathy, domination and valued ruthlessness and loyalty above all else was.
Likewise, the issue with Stasi was torturing, imprisoning and killing people.
I get what you mean, but there is too long slippery slope between privacy on web and these. And they did not slide that way anyway.
Sorry, I should've been more clear on what I meant with the SS. Some (dutch, I think?) cities had registrations of their citizens with religious affiliation listed. The SS got a hold of that "database" and used it for their purposes.
As far as the Stasi is concerned, I just disagree with you. The Stasi was really about gathering as much information as they could get their hands on. They didn't have to torture people, blackmail was much easier for them.
And, yeah, neither of these is connected to web privacy. I'm trying to make the argument that privacy is just hard to grasp. "People care more about privacy than they think." You don't notice till it's gone. SS and Stasi were wholly different situations, but at least for the latter it had the effect of people understanding the value of privacy. GDR citizens knew the Stasi was surveilling them. They knew saying certain things would mean they'd never get their children into university, or they'd just lose their place on the waiting list for a car. The effects were close enough to be noticed.
They aren't on the web.
Dutch (and other European) census data was used by Nazis in transacting the Holocaust. And IBM processed much realated concentration camp information.
https://en.wikipedia.org/wiki/History_of_the_Jews_in_the_Net...
https://en.wikipedia.org/wiki/Netherlands_in_World_War_II#Ho...
https://ibmandtheholocaust.com
Gerrit van der Veen, Willem Arondéus, Johan Brouwer, Rudi Bloemgarten. specifically destroyed municipal records in a moonumental act of defiance to the Nazis:
https://medium.com/@hansdezwart/during-world-war-ii-we-did-h...
Except again: the problem was they were willing to kick down doors and murder people and no one was stopping them.
If it gets to this point, being anonymous won't save you.
Having a database of all their opponents had a big part in there being no one to stop them. Haven't you heard that poem of "First they came for the Communists..."?
Yeah, but that is poem not history. Database or not, they were stronger military wise and ruthless. That was what won the day.
There were people who had potential to speak up or even spoke up when then came for communists and jews and all that. They died first.
I'd assume privacy concerns are not the only thing being measured with this sort of experiment. People also worry about their accounts being somehow used for spam.
This decade has something slightly twisted. Was there a time where technology was so subtly obnoxious to our state of mind ?