The privacy crowd seems to be incapable of grey areas. Are all these the same thing? Are they all the same severity of problem?
- A web site logs traffic in a sort of defacto way, but no one actually reviews the traffic, and it's not sent to 3rd parties.
- A government website uses a standard framework and that framework loads a google subdomain. In principle, Google could use this to track you but there's no evidence that this actually happens.
- A website tracks user sessions so they can improve UI but don't sell that data to 3rd parties.
- A website has many 3rd party domains, many of which are tracking domains.
- Facebook knows exactly who you are and sells your information to real-time-bidding ad services.
- Your cell phone's 3G connection must in principle triangulate you for the cell phone to function, but the resolution here is fuzzy.
- You use Android and even when your GPS is turned "off" Google is still getting extremely high resolution of your location at all times and absolutely using that information to target you.
A LOT of the privacy folks would put all those examples in the same category, and it absolutely drives me up a wall. It's purity-seeking at the expense of any meaningful distinction, or any meaningful investigation that actually allows uses to make informed decisions about their privacy.
At any time any company could turn evil, and any free(ish) government could become totalitarian overnight. This is a fact, but also pretty useless one.
The real questions to ask are, how likely it is to happen, and if that happens, how much did all these privacy measures accomplish.
The answer to those are, "not very", and "not much".
Down here on Earth, there are more real and immediate issues to consider, and balance to be found between preventing current and future misuse of data by public and private parties of all sides, while sharing enough data to be able to have a functioning technological civilization.
Useful conversations and realistic solutions are all about those grey areas.
>At any time any company could turn evil, and any free(ish) government could become totalitarian overnight. This is a fact, but also pretty useless one.
Is it isrlsss paranoia when it's happening around us as we speak?
It's strange how we call it "preparation" to spend trillions of dollars on mobilizing a military, but "paranoia" to simply take some best practices and not have the citizen's data dangling around. Its a much cheaper aspect with huge results, like much of tech.
I live in a good neighborhood and I have left my door unlocked once or twice to no consequence. That doesn't mean it's paranoia to make a habit out of locking my doors.
That's all I assert here. Care and effort. I don't know all the subtle steps to take since I'm not in cybersecurit, but we still shouldn't excuse sloppiness.
This is really well-stated, and I'd add that even if you want to adopt the paranoid perspective, it still shouldn't lead someone to flatten all risks until they look the same. In real-world scenarios with real risk (military, firefighting, policing, etc.) real effort is made to measure and prioritize risks. Without that measuring and prioritizing risks the privacy crowd prevented from making real improvement.
Exactly. Just because something is possible doesn’t mean it’s probable. Everything is a risk. Everyone needs to prioritize against the set of risks that can be identified and figure out if they can be mitigated.
But it's not malicious. It's not ideal, and it should be addressed, but it's not bad faith or intentional spying or even gross negligence or incompetence.
Human. And what was their reaction upon having this crime brought to their attention? It was exactly all anyone could ask for.
Shitting on well-intentioned people who merely failed to be perfect is not a great way to get the most of what you ultimately want.
If you think intent doesn't matter then what happens when well-intentioned people decide it's not worth trying because no matter what they will be crucified as murderers even if all they did wrong was fail to clean the break room coffee pot. The actual baddies are still there and have no inhibitions and now not even any competition.
Calling a strike a strike does not blame the batter. It’s simply calling it for what it is. Even if the person corrects the wrong does not mean that incompetence or negligence was not the correct description. This entire being offended for the correct words used to describe things is tiresome. It’s like people being offended at being told they are ignorant. Ignorant does not mean stupid. Just because ignorant people are ignorant of the word does not make people using words correctly mean or bad or full of ill will.
>A web site logs traffic in a sort of defacto way, but no one actually reviews the traffic, and it's not sent to 3rd parties.
If data exists, it can be subpoenaed by the government.
Personally, I don't understand people's mindless anathema about being profiled by ad companies, as if the worst thing ever in the world is... being served more relevant ads? In fact I love targeted ads, I often get recommended useful things that genuinely improve my life and save me hours in shopping research.
It's the government getting that data that's the problem. Because one day you might do something that pisses off someone in the government, and someone goes on a power trip and decides to ruin your life by misusing the absolute power of the state.
The government would need to know what to subpoena, and what to prioritize as well. In principle could the government subpoena my ISP, learn I'd used a VPN, subpoena the VPN, learned I visited Wikipedia, then subpoena Wikipedia to finally learn what articles I'd written. Yes, but in practice this will never happen. There's no interest in doing so, and it's unclear a judge would be convinced that useful information could be obtained from such a path.
On the other hand, if I'm making death threats on Facebook, there's a much more realistic path: view the threats from a public source --> subpoena Facebook for private data.
They belong in the same category: the end user has zero agency over how their privacy is impacted, and is at the whim of the wishes/agency of whoever is serving content to them.
Whether the one serving the content is exploiting data at the present moment has very little relevance. Because the end user has no means to assert whether it is happening or not.
