I do not understand what this article is trying to communicate. It starts with a rambling anecdote and ends with a list of some unrelated terms barely tangential to privacy.
I loved the anecdote on the Jewish census. Because I am always struggling to find examples about why sharing information might not be dangerous now, but it can be later, and you never really now.
I wish the article were about that, about what kind of information we are sharing in the present time, that may come to bite us back.
Here is my spin: Information can be used to your advantage (Relevant ads are good when they work), but it can also be weaponized (Oh, you search a lot for medical conditions?, maybe your insurance provider is interested. Or worse like we saw with Cambridge Analytica, "you seem to be democrat, let me see if I can bias you a little by hitting you where it hurts")
Here is my personal take on the situation from my experience: We are in a data collection period. Google, Facebook, Amazon, even Apple. Apple might be the worst actually. Silently amassing and hoarding data, researching the proper databases that can hold the data. We have seen things coming up in the last years like NoSQL, like Spark, massive analytical tools and real time databases. This is the equivalent of building a weapon.
Then the time of using that weapon comes. How? I wish I knew. I remind myself that we are just one CEO away of things being really bad. We are now under the shadow of people that grew in a different time, with a different set of ethics. Google still has the original founders on the board, Tim Cook is of the Steve Jobs school, Amazon is on its first CEO run. A few decades down the board, a new CEO gets appointed, and new CEO finds that he/she just inherited a massive data repository that can be used whatever he pleased. "Oh, we will never do that"? Sure, wait for the next guy to change their mind very fast, in the name of profits, or protecting a stock going down, or less strict ethics because they didn't live in the time where lack of privacy can kill you personally.
Sometimes I hold from sharing my thoughts, because people might label me as a conspiracy theorist :) But it is indeed on the back on my mind.
"I loved the anecdote on the Jewish census. Because I am always struggling to find examples about why sharing information might not be dangerous now, but it can be later, and you never really now."
The best example of this is the handwritten notes of the Tsars Russian imperial intel/police services in the very late 19th and early 20th centuries.
Handwritten records and notes stored in shacks that were retrieved and indexed around (forgive hazy dates) 1905 and used to track down "revolutionaries".
The implications were not that bad until companies were able to obtain enough information to change our minds and change our votes. Cambridge Analytica weaponized information. Russia weaponized information. Bots and fake accounts are rampant. Facebook is a warzone, in the most literal sense of the word. Their current implementation is a national security threat and a threat to democracy. And Mark Zuckerberg is that CEO that let it happen.
It doesn't matter what information you share. Facebook buys information from everywhere. They aleady know if your relationship status even if you leave it blank. That's the trap. Then their paying customers are given access to you, based on who they want to convince.
This echoes my concerns about the ephemeral nature of trust.
Be as positive as you can about it right now. Assume they don't sell and trade. Assume they don't have data breaches. Assume they don't directly try to use it for evil.
Well I could trust them now. But the future?
Do I trust every employee they could hire for the length of time(forever?) they hold my information?
For private industry, do I trust whoever could buy their company in the future? (FB login for VR anyone?)
We have been lucky enough that no one is obviously directly using this information to kill/incarcerate people.
Well, outside of China anyway but that is somebodies else's problem....
Which is my point. For many people, if it doesn't affect you, it isn't an issue.
> Google still has the original founders on the board
While technically true, they signed out a long time ago from what Google ought to be or ought not to be. That much is evident from Google’s actions and the relegation of “Don’t be evil” and all that.
I see a lot of non-technical people around me who don't get the importance of privacy. Family who buys Alexa and use Facebook for everything. I wrote this in an attempt to explain how far privacy breaches can get, how the implications can be. Then, I tried defining some security terms that non-technical people might run into. Security helps protect their privacy, so I hope to help them make sense of what those terms mean and how they benefit from them.
Your thesis seems to be "Facebook knows you're shopping for a new car therefore Nazis." However well intentioned, it strains credulity. You should make a better case for why privacy matters.
Your thesis seems to be, right now things are good therefore at no point in the future will a 'bad actor' government make Facebook comply and facilitate whatever they need to fulfill their goals. Matter fact, there could be a long term scenario were the company gets nationalized or the data centers confiscated and that's the end of it. This is why other countries don't let foreign social networks operate in their 'digital soil', they are aware of the power of it.
The irony is that this same mentality of 'everything is good' was the same mentality that people probably had when they walked over to auto-register on the census as Jewish back in the day. They just didn't see it coming. If we can learn something from history is that every 100-200 years the status quo gets thrown out the window.
Turn it around. Not "Facebook knows things about you, therefore Nazis" but rather "Nazis existed as a historical fact, therefore what Facebook knows about you is incredibly dangerous."
This is one of the few times that I found the rambling anecdote relevant, perhaps because it dealt with a significant historical period.
Two things struck me: the Jewish census and the human smugglers. I would have to look up the origin and intent of the census, but the moral is that the existence of such records put people in peril. As for the smugglers, the lesson is that trusted people can use that information to betray you.
How this relates to the modern world is an open question, but the author goes on to suggest parallels: governments persecuting entire peoples, trusted parties collecting data; and solutions: being able to inspect what our software does.
I found the anecdote really helpful too. Privacy almost feels like an instinctual desire, so I often have a hard time articulating why it’s important. The anecdote gave me a good example of how something that seems benign to disclose can be used to a terrible end. I actually wished the article continued on this path because it was so interesting to read about.
Yes, that's something I'd love to do differently. The problem is I don't have the technical skills to build that website myself. As I said in the cookie banner, I disabled all the trackers I could. Unfortunately, Squarespace doesn't let its customers disable all of them, which is extremely annoying.
I would have a look at GitHub pages, for a static site it's really all you need (blog, right?)
I haven't actually used it for anything yet but I have a script that turns LaTeX into nice looking HTML pages, saves messing around with the CSS for hours.
You may wish to give Wordpress a look. It's infamously easy to install, and will happily run on a $5/month digitalocean VM. Installing a caching addon (one or two clicks from the store) will make a site that can survive being linked to directly on HN.
Last I knew Squarespace had an export option, so you might be able to just bring all your content over without much hassle.
Unfortunately WordPress is a pain in the butt to maintain, every plugin and even the core is a security liability if you don't auto update everything (which is likely to randomly wreck your blog someday) and Wordpress's default configuration (with its XMLRPC API) is far from perfect.
Thanks! I had a WP site before, but it was getting too complicated for me. I have basic CSS skills, but they weren't enough so I was always asking my SO for help. I had plugins to update but I was never sure of how safe they were, if they were going to break the site, etc.
With the skills I have, something like Squarespace is more manageable and easier to tailor
Get a fully managed wordpress from wordpress.com. That will cost you a few dollars per month and you won't have to manage Linux/PHP/SQL or any plugin. There is a bunch of themes included that look pretty good overall.
GitHub Pages are also a good suggestion but they don't come with comments, stats or themes. There's quite a bit of development and design to do to match squarespace/wordpress.
Ghost is pretty neat! It's self-hosted solution though, which means that you have to update your OS and the software (Ghost related or not) on it regularly if you don't want it to be vulnerable which isn't ideal if you're not technical and don't want to deal with this.
If you value privacy and want to post your voice anonymously online, then don't use or even support tools that you cannot understand. Who cares if things dont look "professional". If they are professional then they probably were created by someone you don't know with intentions you don't know. A perfect blogging site in my mind is one that you own, hosted using a domain with privacy protection and is written in code that you can understand. Basic code knowledge is a must if you want privacy
I guess the cookie banner only shows up after enabling javascript; at least, I never noticed it (reader mode worked fine for rendering the text).
As for the content, I think it's a bit all over the place. You start with references to abuses of vast data stores, and then immediately jump into a technical exposé of personal protective measures, but the introduced concepts have no relation to each other, nor do they appear to protect against the abuses that you started out with.
If you control your own "DNS" this site does not access any of those different domains. I do this, for speed and reliability, not privacy. When I access this site, the only domain my client accesses is "thistooshallgrow.com", which is hosted on squarespace. That hosting company requires a UA in addition to Host and Connection headers otherwise no others are required. Most sites do not require a UA header. I like to control the headers I send, too. Not for privacy; I just like the control and minimalism. This site, like most any site, works just fine for me in a text-only browser. I read the same content as anyone using a "modern" browser, minus the ads, tracking or other nonsense. I see no irony. Except perhaps that you are using a browser that defaults to enabling those automatic accesses to different domains, a browser that is in fact supported by the web advertising industry. You need an extension to modify the program's behaviour to block ads, etc.
Or perhaps the problem is taking a concept that is poorly understood by most, and running it into the ground until it loses its meaning.
Triggers and warnings are concepts that are absolutely real, but in most usage is instead a fad and a virtue signal. That much is obvious in this case, when the author puts up a warning for authoritarianism. Please.
It's truly horrific how many people are disdainful of those of us who have PTSD, as though this "weakness" were a moral failing, and therefore also a moral failing to accommodate.
I dislike them, but I have met people who genuinely do not want to think about bad things. I can accept the viewpoint, but these are the people that turn a blind eye during genocides. If you really can't handle discussing topics like these I don't mind a warning, at least rather than self-censoring.
However, I'm reminded of the fuss that was made over the term "Joyplot" due to the term Joy Division - ignoring that band is named after the historical term as an artistic statement, it just seems like pandering into the void.
If you saw your family and friends murdered in a genocide and were understandably traumatized, it's reasonable to not force you to relieve that experience unprepared. A trigger warning for genocide would help you emotionally prepare to engage with the topic, or if you're still not ready, to avoid it.
It's not for society at large to dismiss controversial topics (though some people mistakenly use it that way).
If you are writing about the importance of privacy, you might consider what you are doing about it yourself if you want to be taken seriously.
It is 2020, setting up a website that doesn't send off the data of your trusting visitors to third parties should be totally standard. Yet not even people advocating for privacy can get this done.
BTW. one benefit of not collecting and tracking is that you won't have to show that silly cookie banner.
Oh I'm well aware and I wish I didn't have to show the banner. If you know an alternative with which I could build that website, that doesn't force me to use cookies on users, I'm all ears
This is awfully dismissive. Not everyone with technical skills in one domain or another are capable of building a website from scratch, and that's perfectly fine.
Yeah that's a great theorical piece of advice. But here's the thing. In 2020 if you don't wanna self-host your website and have a resilient and flexible website, you don't have other options than squarespace/wix and other platforms using cookies.
Sure you do. Those may be the easiest ones, but they are not the only options. There is probably a discoverability problem though. It's not great if the best way to learn about the other options is through HN comments...
Your "standard" user without any git or HTML/CSS/JS or command line knowledge hasn't a lot of options imho. Obviously, self-hosting with https://sitejs.org/ or something similar would be ideal but when you don't have a dev/IT background and you're looking for a way to host a blog there isn't a plethora of viable and easy-to-use solutions, especially if you don't want to use a service provided by Microsoft, Google, Facebook etc... I did the research a few months ago and maybe I missed some options though? If you have resources I'm interested!
Maybe I'm missing something, but it seems like the foreword has little to do with the rest of the article. I was hooked after reading the beginning anecdote, but the transition to a general overview of security concepts felt a bit abrupt.
I agree with the general sentiment of the article though. I'm glad that there's been an increasing amount of attention placed on privacy lately.
I totally agree with you.
Unfortunately as of today, people are not putting enough attention on who they give their sensitive information to.
Data breaches are increasing in number, billion of accounts are hacked every day (I just discovered one of my side-accounts got hacked through https://haveibeenpwned.com/), nevertheless the majority of us is still not protecting its data properly (perhaps the problem relies on ignoring the problem itself?).
And the situation is even more dramatic in the B2B market: I work in the cybersecurity industry and every day I see companies being hit by these attacks.
That is why, I always advice the people I know to start using privacy-oriented tools that could actually prevent or help preventing something like this to happen.
Like using a password manager (https://1password.com)to create strong password and store them, or a secure email system (https://protonmail.com), or "simply" by keeping your systems and softwares up-to-date or by backing up your data.
We, at Cubbit, are contributing to the mission of getting back our privacy by building a distributed and encrypted cloud storage service that puts users in control of their data (https://business.cubbit.io).
Even when you do intentionally accept to give your sensitive information to X player, you don't what other players will get their hands on that data, whether through breaches, sale of information, etc.
Oooh yes! The 2nd part of this article is about all the tools I use that help with privacy and security, including ProtonMail and Have I Been Pwned! I will look into Cubbit, thank you
Hi Devanon, why would you say so? Rather than the fact that it's not a decentralized service, it still ticks many of the boxes that make the service very private and secure:
1. it's open source
2. They use end-to-end encryption
3. No personal information is required to create an account
So privacy matters because the information can be used against you. That is reasonable but hiding information is not the only the way to fix the issue.
Knife can be used to harm people, sure you can fix it by banning/destroying knife but thats not the only way to fix the issue.
I'm more interested to solution where we assume the information will be public and fix the issue that arise due to that.
I think your knife analogy is poor. Banning/destroying data is not what privacy is about. Privacy is about ensuring no one has your data who shouldn't. Knife safety also involves ensuring no one has a knife who shouldn't, such as toddlers.
Assuming all information is public and fixing the issues that arise is like giving everyone (even toddlers) a knife and then fixing the issues that arise from that. There is no fixing the issues that arise from a toddler having a knife. The solution is to take the knife away, they should not have a knife. The same solution is there for data, take the data away from the people who shouldn't have it, they should not have it. Or even better, don't get a knife to a toddler/your data to people who shouldn't have it in the first place.
>Privacy is about ensuring no one has your data who shouldn't
Yes and that is because that someone can use it to harm you and you'll suffer. Ensuring no one has your data who shouldn't is only one way but not the only way to prevent the suffering.
Let say you know my credit card account number, the reason I don't want other people to know the number is because it can be used to stole my money.
But what if there is way that even though you know my credit card number, you can't stole my money, then having my credit card number public would not be an issue for me.
Analogy is not perfect, but with knife, my point is we let everyone to easily obtain knife even though we know that it can be used to harm people. One way we do this is by having a severe enough punishment as a deterrent for people who use it to harm other. This is what I mean by fixing the issue that arise due to easily accessible knife.
I'm fairly certain we will always require privacy. If I have your credit card number and I want to use it to hurt you, I can, unless there's something else I need that I don't have, perhaps a security code. If someone can figure this out without needing privacy that'd be pretty phenomenal, but my little brain can't conceive of such a thing. And until then, we need very strong privacy.
The solution for the credit card problem would be hard but there are plenty of situation where the solution is not that inconceivable.
One way that it may work is if there is way you can trace any transaction good enough so that you can't use the credit card number without revealing yourself.
Another example would be if I'm gay. This information can be used to really hurt me in the past but not so much these days. Sure I can hide this information to prevent people to hurt me but I rather to fix the issue of the need of hiding it in the first people.
I would imagine if people can hide being gay perfectly there wouldn't be that much acceptance today.
I agree it would be best to address the reasons why people hurt each other with information (such as someone who is gay) but the unfortunate reality is that will never happen, not until 100% of our population is virtuous, and that’s impossible. And while it may be less damaging today to be identified as gay than it was 20 years ago, in the United States it is now becoming more damaging to be in the majority than it was 20 years ago. As far as I understand Marxism, it’s Marxism: the oppressed will overthrow the oppressor and will become the new oppressors. We’re just trading oppressors, and while it may seem justifiable to oppress the old oppressors, it doesn’t address the issues that people and not virtuous.
I’m concerned you’re grossly naïve if you think this can happen. It isn’t a matter of effort. Yes it will require all of the population to be virtuous, otherwise a single friend, or even acquaintance can hurt someone because of what they know. How is that not obvious? They can mock someone for their preference of beer, or sexual identity, or height, etc to such an extent that they would commit suicide.
I like this article because it reminds us of the relationship between privacy and freedom. Important freedom. Freedoms that go far beyond our computer code. In fact, survival.
I love your comment. I got distracted by what others have already mentioned about the title not matching the content and then failed to see the big picture. Very admirable (to me at least).
> "On the other hand, open-source software has a less strict definition, and a different philosophy. You can also see the source code, amongst other things."
No it doesn't. The Open Source definition is very much equivalent with that of Free Software, while having the virtue of being more clear, and I wish FS advocates would take the time to actually read it before talking nonsense.
The political vs non-political aspects have nothing to do with their definitions, but with the organizations behind them.
Also not sure what this had to do with the subject of the article.
That grandfather and two of his brothers left [...] with no plan [...]. They were helped by strangers and survived. Their mother however, along with two other siblings, had a plan. They had a deal with a smuggler [...] and all 3 of them died in deportation. Lesson: each person who has information on you represents an additional chance for it to be leaked.
This puzzles me... The paragraph clearly states that the grandfather had contacts with strangers (and we can then assume there was some exchange of information of some kind), and the ending was positive, whereas another exchange with a single point of contact had a negative outcome. But goes on to present as a lesson that the chance of a negative outcome increases with the number of contacts.
I see the point the author is trying to make, but I think this part fails to prove it satisfyingly. It either doesn't prove anything, or it's missing key information (shared information with the strangers and the smugglers) to support the point. To me, it proves that luck (and maybe the grand-father's ability to be a good judge of character in picking which strangers to rely on) were more likely deciding factors.
(Or that having no plan helps. But that's for a different perspective.)
With the existence of shadow profiles, is ideal privacy even possible unless you live in a remote area with a tech averse population? What about the census? The data you provide to the gov is also very sensitive and has a history of being abused (see the role of the US Census Bureau in Japanese Internment Camps). However if you don’t provide it, it affects gov funding for your demographic. What about the computer in your pocket? Most of it isn’t open source
A census counts people. It might need to know who's a citizen or who's eligible to vote, or maybe even generation or sex. It doesn't need to know name, address, eye color, medical history, fingerprint, etc. The aggregation provides privacy (unless the sample size is incredibly small, like in an extremely remote district).
Another example is the TSA: their job is to protect vehicles and passengers, which means preventing weapons on airplanes. But it doesn't matter who's wielding the weapons. So they don't need ID to do their job, and asking for it (and worse, recording it where it can be leaked) is an unnecessary breach of privacy.
The general problem is there are incentives for collecting excessive information and very few disincentives. Laws and regulation can change that.
"is ideal privacy even possible" - It is, but 99% of the world population won't be able to attain it. Your machines (smartphone, PCs) can be fingerprinted with a 99% accuracy even if you navigate using Tor or a VPN. I think https://panopticlick.eff.org/ can be part of an answer!
We don't have any privacy, we gave it away in exchange for the promise of safety:
“.. the truth is, there is something terribly wrong with this country, isn't there? Cruelty and injustice, intolerance and oppression. And where once you had the freedom to object, think, and speak as you saw fit, you now have censors and systems of surveillence coercing your conformity and soliciting your submission. How did this happen? ..”
“.. I know you were afraid. Who wouldn't be? War, terror, disease. There were a myriad of problems which conspired to corrupt your reason and rob you of your common sense. Fear got the best of you, and in your panic you turned to the now High Chancellor, Adam Sutler. He promised you order, he promised you peace, and all he demanded in return was your silent, obedient consent ..”
I don't think that striking high chords, historical and political, is all that useful when talking to people about these things. They tend not to take it seriously or at best just file it mentally with other bad things in the world that they have little agency about. Of course, you may already get the broad societal ramifications if you're already in the privacy camp, but perhaps it's not a very effective entry point.
(It's another thing if we're talking about politics, not about individual choices. In pure politics big picture arguments, like "what if there'll be a dictatorship", might be more proper).
I would try to frame it, for individual people, as a question of quality and technical savvyness. If a supposedly hi-tech company behaves like a scammy phone marketing operation selling you garbage bundled with hidden subscriptions, we should treat is as such. They should be able to treat you seriously, i.e. give you good quality, reliable products for the money, without scheming behind your back and siphoning all the data they can. Their business model should be sound without this. If they don't, it's just an inferior product and you're being exploited.
A related point is that I don't like products being sold solely on privacy. The tone should be more, we provide you an excellent thing (inside our capital constraints) and of course, it also respects your data.
Currently I see a tendency among people to be more-or-less aware of privacy invasions and their potential, but to think that's ultimately a fact of life and they'd have to be some crazy nerds to do something about it. The thinking should be more that they're using low quality stuff and hurting themselves. (I'm not saying that you should now go and antagonize people in your social bubble, just that it may be a communication strategy if there's an opportunity.)
Besides, trying to defend ourselves from the future state will be probably always perceived as kooky. Better do something about politics directly if you're in a moderately free country. It's more about rogue actors inside the companies and in the broad underworld. There was a time when people installed the damn antivirus.
If the idea is to convince non-technical people of the importance of privacy, the article should have just stuck to that. Parts like the free vs. open source discussion seem unnecessary.
These discussions never seem to recognize the role of privacy for empowering oppressors. Shining light into the darkness is the metaphor used by journalists. What if there was no or drastically less darkness?
How would the Uyghur example be different if the Chinese governments discussions, plans, and actions were public knowledge? More implementable, if every citizen concerned that they were at risk ran a self monitoring system that could be purchased or issued by NGOs or reporters which created a public document of their treatment.
What if the German population had been shown the images of torture and abuse so that they could know what the politics were doing? What if married soldier's philandering and rape were shared with their partners?
What if today in the U.S. the smaller scale oppressions of domestic violence were thoroughly documented for courts and automatically detected to provide systemic support? What if "he said, she said" was a problem of the past?
What if every government official's behavior was publicly documented so that any bad actors could be proactively and clearly identified and their good actions could be commended?
What if your argument with your partner(s) or friends were reviewable so that you never had to argue about what you said, you could check it and apologize for what you said (or be apologized to) and get back on track to building understanding instead of entrenching in conflict?
There are obvious challenges that would need to be thought through but it might be worth considering.
When I discuss privacy with a friend who doesn't share the same liberalism as me (Chinese, make of that what you will), I often have to point out that it's easy to forget that the spooks will get into bed with political conspiracy - Watergate, COINTELPRO for example. There are very few checks and balances in the US, and arguable none in the UK (You can at least put the US Constitution on your pocket)
"I have nothing to hide" should be considered equal to "I have nothing to say, therefore I have nothing to say"
The "I have nothing to hide" trope is patently false. We hide all the time - we hide our private parts under the clothing; in our dwellings, we hide ourselves behind blinds and curtains; we hide most of our thoughts by keeping them to ourselves. 99% of all information is hidden (and should stay that way).
