No one sane would ever want their relatives, friends, work colleagues, and neighbors to be able to know (quoting from the OP):
> who you sleep with because both you and the person you share your bed with keep your phones nearby
> whether you sleep soundly at night or whether your troubles are keeping you up
> whether you pick up your phone in the middle of the night and search for things like "loan repayment"
> your IQ based on the pages you "like" on Facebook and the friends you have
> your restaurant visits and shopping habits
> how fast you drive, even if you don't have a smart car, because your phone contains an accelerometer
> your life expectancy based on how fast you walk, as measured by your phone
> whether you suffer from depression by how you slide your finger across your phone’s screen
> if your spouse is considering leaving you because she's been searching online for a divorce lawyer
No one sane is OK with corporations, governments, and other third parties being able to obtain and save this information either -- especially if their only hurdle is to get you to click "OK" to agree to some legal agreement almost no one has the time to read or expertise to understand in its full implications.
We need a New Declaration of Human Rights for the 21st century that takes into account rapidly advancing technologies for collecting and acting on data at mass scale.
This is a great list. SO many times people have said to me, "Let them track me, I've got nothing to hide." And you hit them with a few things off this list and they immediately change their mind. There should be a tinurl for website I can send people to that shows a simple list of all the ways personal information can be used.
> There should be a tinurl for website I can send people to that shows a simple list of all the ways personal information can be used.
I just now set up a small site for it at https://whynottrack.com/! It's open source -- GitHub link in the footer -- so anyone can PR changes / reasons / etc.
I think this list makes a case for better sharing/access controls but I can see applications for most of the things listed here. I might just want the insights for myself but not want to share it with anyone or my data being sold without my consent e.g. monitor and improve my sleeping habits, monitor my expenditure by tracking my restaurant and shopping habits, my health data and/or insights into it. Maybe not your spouse but some parents might want to keep track of what their kids do online. I know people who want to have the ability to find/track the location of family members etc.
I suppose calls for better regulation, purpose oriented data collection and stricter enforcement and penalties but by no means does simply don't track/collect data is an answer where there are actual practical applications.
Only two of your examples (parental controls and location sharing) require any kind of network, and those could be done with a private VPN running at home.
The design of cloud-based services is purely for convenience and collection. Sometimes if the collection can be controlled, the convenience is worth it, but every beneficial algorithm could be run locally.
The funny thing is that the rise of cloud computing coincides with the rise of really powerful cheap personal computation, you'd think it would be the opposite.
What "the cloud" offers that personal servers don't is:
- Reliability. The cloud is available with little or no downtime, to 5-8 nines (5 minutes to 1/3 of a second of downtime per year). Each nine costs roughly 10x the previous one.
- Bandwidth. Residential service may work for your own personal file transfer needs, but if you're sharing to the world, even a modest degree of traffic results in a hug-of-death.
- Security. Ideally, cloud systems are managed and monitored against network attacks, as well as affording physical security practices.
- Updates. This becomes Somebody Else's Problem.
- Ongoing development. Dittos.
It's not that these aren't addressible by individuals, but it's a lot of effort to do so, and at population levels, people are simply unlikely to be able or willing to do so. A small percentage, yes. The vast majority? No.
Raw compute power is a tiny fraction of the concerns involved in service hosting.
Smartphones are a massive leap forward in low-power/energy-efficiency, but my 2013 desktop machine (KGPE-D16) still creams every smartphone ever manufactured on any metric other than power consumption.
I'm kinda tired of hearing nontechnical people congratulate themselves on having a "supercomputer" in their pocket.
Compared to the supercomputers of the 1980s (if I remember right my dad had an old copy of Journal of the American Meteorological Society I found as a kid, with an ad for Cray talking about one gigaflop being state of the art), they're not wrong.
An example here for "run locally" would be Apple Health, which uses end-to-end encryption to sync data between your devices, does all the analytics stuff locally, and has a extensive permissions scheme for voluntary sharing of info with doctors or research programs.
I think these concerns still need to be translated into real world repercussions before the average person is convinced. Right now it is certainly creepy, but does it really have a negative impact on my life for a company to know these things?
I remember an interview with Edward Snowden where it was shown how little people cared about privacy. The interviewer then translated the concern into "the gov can see your dick pics". That was a no-no for most people
Interestingly, this attitude used to be default even here on Hacker News ~5 years ago. I am so glad to see it's changing. Why I'm finding this interesting? Because this audience always knew what's going on even without layman articles like this, but did not care for some reason. This shows how just knowing isn't enough sometimes. Public sentiment matters.
I think HN rules are still behind the times. One of the rules discourages multiple accounts, in an attempt to create a community. OTOH: a longer paper trail means more easy to identify. This is why I create a new account every few months. Since I cannot delete old posts to "cover my tracks", I have no choice if I want to use the site. Maybe I just shouldn't use HN. I dunno. I learn a lot from discussions, but I don't always tell the truth because I don't want to be traced.
I've got some sympathy with this viewpoint, and have used HN myself under a pseudonym I take pains not to associate with my real-world identity.
But at the same time, the practice of regularly and routinely recycling user identities is ... well, it really does prevent the formation of a community.
The most toxic community I'd ever encountered was a supposedly "kinder and gentler Reddit", the late and unlamented Imzy. A core feature was that individuals could spin up a new pseudonym on each individual thread.
The result was both absolutely disorienting and gave rise to vicious bandwagon and brigade attacks.
Whatever problem Imzy was trying to solve, that was the wrong solution.
(I'm aware that chans often follow a similar tactic, and that ... they tend not to engender highly constructive behaviours.)
On the other hand, Twitter may be one of the greatest evils with regard to social media, and is well populated with non-anonymous accounts.
And of course, HN stands at odds with this theory as well. No one "knows" me on HN. I don't have a reputation, or a real identity, and I'm cordial enough. (I hope) HN enforces conduct, and this enforcement is not defeated by anonymity.
Another take is that those running HN know what kind of forum they want (one that promotes community) and understand and accept that trade-off. 'dang has written about this at length, so I think that's very likely the case.
That's not one you're willing to make and you adjust your behavior accordingly. HN can't be all things to all people. And that's okay.
You clearly find some value in HN as it is because you continue to use it. Something to consider: changes you might like to see may very well change the community as a whole to make it less a place you want to be. Hard to say, without running the experiment, but one of the hazards is that running the experiment could irreparably damage/change HN. And rebooting it would be likely nigh impossible. (If it were easy, we'd all create the fora we wanted.)
And public sentiment is not the same everywhere - for instance, the US tends to be more suspicious of government than of (large, public) corporations whereas elsewhere it's the complete opposite.
But salary and bank balance should probably be added.
ADP is one of the largest paycheck processors in the United States. But almost no one realizes that if their paycheck comes through ADP, their salary information is being sold. Remember, this is also a company that knows when you've been hired, fired, has your Social Security Number, and a lot of other very personal financial information. According to a New York Times article from a few years ago, ADP is selling you out worse than even the cell phone companies. Yet, there was zero uproar about it that I noticed.
As for bank balances, I was very surprised to learn recently that bank balances are not part of credit scoring. I have a substantial amount of emergency savings. The last time I pulled my credit reports, it wasn't on any of them.
Bank information does appear in some other lesser know reporting agencies - but savings aren’t “credit” so it’s understandable they don’t appear on a credit report.
Framing seems to matter. If someone was following you all around town and you could physically see them taking notes I don't know a single person that wouldn't feel uncomfortable with this. But as soon as you can't see that person, people care less. But we all essentially have a world class private investigator following us at all times and this is a bit weird to think about.
I think it is true of the population as a whole (when the subject of such tracking is brought up most people are not comfortable with it.) But the population as a whole has the attitude of “what can you do” and aren’t willing to give up their fun apps and smart phone in exchange for this tracking going away; truth be told neither am I.
> This is a popular view here. I don't think it's true of the population as whole.
I think you're right. They can get to the point where they care, but my intuition is that it'd take a real crisis, and even then there's plenty of incentive with this topic to move on as fast as possible. We (the public) are pretty fickle, and it's psychologically threatening to admit we've had a voyeur living in our bedroom for a decade.
It could be argued (pretty convincingly) that the collection of PSYCHOMETRIC data, (like what Cambridge Analytica did in 2011-2015; via innocent-seeming "personality quizzes" on social media - then the weaponization of that data by foreign intelligence services to target ads directly at people with certain personality types, in order to subvert the democratic election process on a massive scale, in order to affect a nation's foreign policy, and therefore the strategic balance of powers in the world - does, indeed represent "a real crisis".
(the real horror here, is they only had to sample a small subset of social media users, then compare their profiles with everyone else via "likes" and whatnot to develop accurate personality profiles of users who had no fucking idea they were being profiled because they never took a personality test).
I assume that data like that, unless refreshed, gets stale and useless fairly rapidly. But holy shit we're just sitting here, blind to the dangers of this data collection.
Or it could be as mundane as Russia's CozyBear group hacking a Ukrainian app store to insert malware into popular messaging apps, and using that app installed on a Ukrainian soldier's phone to direct artillery fire. Maybe THAT'S "a real crisis"?
Yes, absolutely. Because in the general case: computers are more dangerous than guns.
You can literally do far more harm with data than with automatic weapons.
Because that data gives you access to narrow-band propaganda. Instead of hope-for-the-best broad messaging you can target specific groups with content, signifiers, and emotional tone that is known to be effective for them, and encourage specific collective beliefs and behaviours.
It's not even persuasion any more in the ad tech sense. When it's done by hostile troll farms or state actors with a covert political agenda it's literally psychological warfare.
IMO the industry needs to take a long hard look at itself and start asking questions about whether this is really where it wants to go.
Hacker culture has a benign, goofy, on-the-spectrum, somewhat arrogant but mostly harmless reputation.
The reality couldn't be further from the truth. Data collection and social media systems are psychological weapons. They're absolutely hostile to rational informed choice and participative democracy.
And given the temptation to abuse that power in various ways, we should be having more of a conversation about this than we have so far.
Add to this... everything you said is a forever kept thing. So over decades this stuff can be mined and a tiny needle can be found if it's meaningful to the searcher. It's terrifying.
Add to this that no one cares about whether the data is even correct. A glitch in the location tracking and, bam, you have an affair. Some wrongly assigned search queries or speech requests and suddenly you are a pedophile. A terrorist selecting you as a cover identity and you wake up in Guantanamo.
Add to this that no one cares about whether the data is even correct.
It's interesting how our culture has adopted the mantra that "computers are never wrong." Yet, every day in the media there are dozens or hundreds of articles about computers and systems making mistakes. I wish we could break that cycle of believing anything that comes off a screen.
I fight my own minor battles against this weekly. As part of my job, I maintain an online directory of about 70,000 businesses related to the one I work for. I regularly get e-mails from people saying things like, "The phone number for X is wrong. Google says it's this...!"
Then when I look into it, Google is wrong. But because it's Google, people assume it's right, and my web sites are wrong. We need to teach people that not only do computers make mistakes, but Google is the king of all mistake-generating engines.
And as we already see happening, when cultural values shift over time, you will definitely be judged by things you did or said decades ago. Even if by contemporary standards they were typical.
Would you please demonstrate to me how I, Joe Q. Public, can find out, via collected data that I can access, with whom another person is sleeping with?
Or, in lieu of that, walk me through how that would be done with Facebook's, Google's, or Apple's data via your first-hand knowledge of those data and where and how they are stored and accessed?
These fear mongering comments about data collection have never demonstrated real world harms, AFAIK. It reminds me of the genetically engineered foods bogeyman that, in spite of a complete lack of empirical evidence, continues to be trotted out as a huge danger.
If you think the problem is merely Facebook, Google, or Apple, then I think you are underestimating the amount of data and who is processing it. There is an entire industry of companies you have never heard of that are thinking up ever more creative ways to put data together from various sources, identify it, correlate it, and then sell the 'insights' to whoever wants to pay.
At the very least, at a bare minimum, I think we need legislation that covers how this kind of data processing happens by third-party companies and we need to provide a way for citizens to at least see what data has been collected about them and what 'insights' it has generated.
Which company, apart from Facebook, Google and Apple, would remotely have access to any of the data on that list? Facebook Google and Apple don't share data with data brokers.
Up until very recently, a lot of this could be done by any of a number of innocuous looking apps with tracking toolkits installed. Sometimes knowingly, sometimes not.
Even now, the problem is that you want the data sometimes. Like maybe you use Life360 because it's handy for your family. Well, it knows how fast you drive (it likes to tell me my wife's top speed after she goes somewhere...). It has enough accelerometer access to decide if you've been in a wreck. It's a GPS app so of course it has pretty tight location information. And maybe you consent to all this, but hidden somewhere in the TOS it says Life360 may share this info with selected partner companies. Now it gets slurped up by big data warehouses.
Maybe you install a sleep tracking app. Now they know how well you sleep, and I would bet they could pretty accurately figure out if/when you're having sex. Depending on the device, they might even be able to guess whether or not it was solo.
Perhaps you don't like the limited options Apple has for pedometer data, so you install Pedometer++. Another possible avenue for data collection.
This is a good point and a good reason to prefer first-party apps!
No need to hide it, Life360 clearly states right near the top of its privacy policy "In order to keep our Service free for most users, we generate revenue through trusted data partnerships. We share device data, including location and movement data, with trusted data Partners for tailored advertising"
That covers one or two of the list I suppose, but is there any reason to believe Akamai is lying to its customers and harvesting their users' data? I can't think of any incentive for them to do that, it would be brazen fraud for an insignificant revenue source.
I wasn't trying to make a point other than sharing examples of companies, like Akamai, that store a lot of personal data on behalf of others. Storing data with Apple is storing it with Akamai, and all of the other third parties involved--where "third parties" becomes a blanket term in privacy policies and not an exhaustive list. The "chain of trust" in this regard has some missing links.
So far as their businesses are concerned, the data is safeguarded and I would never expect it to be sold--not by the top of the data food chain in any case.
But there's the issue of data being stored with US companies requiring being subject to US laws, such as the USA PATRIOT Act.
All the internet access examples on that list would use encrypted connections, so a cellular company wouldn't be privy. Cellular companies do have course location data, but to be pedantic that doesn't really apply to any of OP's list.
"One company told the Wall Street Journal that the practice was "common" and a "dirty secret". ...Google indicated that the practice was not against its policies."
That article is just describing gmail APIs, which requires explicit user consent via oauth to enable. This is no more shocking than gmail supporting IMAP.
"The companies said they had not asked users for specific permission to read their Gmail messages, because the practice was covered by their user agreements."
Regardless of what those third party companies told their users, users would have had to accept a pretty clear dialog [1] delegating access to their Gmail accounts. That's just how google oauth works.
Facebook, Google, et. al. might not make the data available to you, but they have it.
If the information is stored on servers in China, then the Chinese government has it as well. Maybe you aren't a Chinese citizen so you don't care, but it's at least worth considering.
The politicians we elect to craft and enact legislation that affects the big data companies are always at risk of being essentially blackmailed by those companies with the incredibly detailed and personal information that those companies have on politicians.
I am very skeptical about the implications of this take. You paint this as "big data companies are actively lobbying/threatening politicians to enact legislation helpful for big data using their big data troves." There are politicians who work in good faith and have non-controversial backgrounds who would not be liable to these blackmails and still don't work hard enough to enact legislation to protect citizens. This is not a big data conspiracy as much as lack of political willpower.
> These fear mongering comments about data collection have never demonstrated real world harms
Notable examples:
* Strava revealed the position of US military bases
* Muslim prayer apps sharing location data with US military
In my own experience, I work for a call center. We have many important American companies as clients. They give us access to their systems so that we can service their clients. I am overseas dealing with their customers and I can access their personal information. I can see their face linked to their Facebook profile. I admit I've been tempted to misuse the information any time a customer makes me angry.
I'm undecided on this topic, but playing devil's advocate: Does the fact that this knowledge exists, and only in the hands of some of the largest (and most pervasive) tech companies in the world, make this information 'safer', or does it mean that it's a 'force multiplier' that increases the risk that this information will be used a) to enable anti-competitive behavior or b) be co-opted by authoritarian governments to suppress dissent.
I personally think that if I give this data to a company, and they keep it "safe" and only to support features that are beneficial to me, that's totally OK, but I wouldn't like companies reselling my mobility data to health insurers (without aggregation or cohorting) to give me a 100% customized insurance rate, regardless of how beneficial that would be.
Data that's used to distill people down to a number and value them precisely seems to have a potential to enforce systematic inequalities and further improve the lives of "haves" at the cost of "have nots".
Safer in what sense ? What would be your take on government tolerance to the existence of such data ? Someone from the clandestine teams would always want to utilise it ? How well could the businesses resist.
Anti competitive behavior, I would think comes automatically with such massive centralisation. What's scary is the ability to mass incite riots, using knowledge of the most susceptible audience to fake news and pushing it out incendiary posts to exactly that audience. India has faced multiple such incidents already. Deliberate ? Maybe in the sense of affinity algorithms.
With the backdrop of the Stanford experiment, and a host of other biases giving almost tribal warrior behavior, should such affinity data be allowed for collection ?
My apologies if this sounds drastic, but data collection generates micro nukes, generated based on turning individuals into an array of microcrucibles.
Or on the flip side of that question: is it safer in the hands of the user, to be shared as desired, by explicitly opting in, or would it be safer in the hands of a corporate entity?
You don't get it. It's not just FAANG and the risk adds everyday. Eventually some of those companies will go bankrupt, be hacked and the data will get in the hands of malicious actors and will be use to commit fraud, to blackmail, etc. Also even if it's used legally and 'ethically' it means things like: 1- we will pay you less because you only earned X at your last job, 2 - we will increase your healthcare costs because you bought a pregnancy test online.
Think along the lines of dating apps that show your distance to other users. That could be mined for changes in proximity over time - one day you are miles apart, then next day you are within 500ft of each other for the whole night.
There was Uber's "God View" which showed travel history of customers, which was at one point available to anyone who could pass Uber's driver onboarding process.
Venture capitalist Peter Sims wrote about being tracked in a blog post this September. Back in 2011, he wrote, he was in an Uber car in Manhattan when he started receiving text messages from someone he barely knew telling him exactly where he was. That person later told him that she was at an Uber launch party in Chicago, where Sims' movements were being tracked via God View on a large public screen.
Commuter data is good, so is foot traffic. Data sets centered around health and income or quality of life can be beneficial as well. The game is to use publicly available information about your person to tie them conclusively to set of entries in an 'anonymized' data set.
If you aren't at least investigative journalist tier or the resources you need cost too much/require a corporate presence, then hire someone to do it for you who already has the pipeline set up. PI's have been available to Joe Q. for years and they still are. This all just makes them even more efficient.
There have been a number of instances here in .au where centralised location/health/etc data has been misused (stalking, checking out potential dates, domestic abuse or aiding domestic abusers) through inappropriate access. I doubt we're unique.
I'd argue that it doesn't need to be "Joe Q. Public", because companies are made up of Joe Q. Publics.
Not all of it is data you can access as the public. However as the author of a program with access to internet and location you can easily upload where the phone is at all times and thus figure out when two are near each other. (this is why newer phones OSes let users choose if the program can access these things all the time or only when active)
> No one sane would ever want all their relatives, friends, work colleagues, and neighbors
I'd happily share basically all of that information with that specific group of people - except maybe my neighbor that keeps reporting me to the city, they don't need to know my life, but if in turn I could know who was googling city ordinances in the middle of the night it might make up for it.
At worst I get a funny look for something I googled in the middle of the night?
To your point, it's 100% the government I'm worried about. They've got legal and lethal authority to do far worse than a weird look.
> They've got legal and lethal authority to do far worse than a weird look.
Society scares me more. The government has the authority, but society has the power and the inclination to weaponise it. The government would never bother reacting to anything that RMS said but people did.
Agreed. For example, it's unlikely a government agency is going to care about your personal web page talking about how you're open to theories about UFOs. But a potential employer may decide not to hire you because your mind is open to the possibility. Or worse, an employment screening company's "algorithm" will score you lower because of it.
But how would you trust any company to properly respect who you share stuff with? There's a multitude of anti-patterns that make some things public already with social media.
I think we should all be looking at this as either they're getting -all- of your data and sharing it with -everyone- (because that means more $$$) or they're NOT getting your data and they CANT share it cuz they don't have it.
We cannot trust companies to respect our privacy because it goes against their core value of turning a profit.
Either they sell the data, or they keep it protected as a fuck you to google (aka apple) or they potentially get a data leak because they aren't following best practices in the slightest (aka Experian).
I remember being out of college and finally being able to buy adobe products to do photography and then Adobe got hacked and my un/pw was out in the wild. It was safer to pirate their stuff and trust some crazy keygen software that's definitely doing something nefarious cuz at least I could run that in a VM.
If you Facebook friend your work colleagues and introduce your wife then they already have easy access to what you like and who you're sleeping with, no?
Search history and medical info would be more concerning than that information, on average, I would guess.
> how fast you drive, even if you don't have a smart car, because your phone contains an accelerometer
Minor nitpick: you can't measure speed with an accelerometer, at least not with a cheap one like the one in your phone. I mean, in theory you can numerically integrate the acceleration to get the speed, but in practice the noise will be so big as to render the result useless after a few seconds. It's much better to have a GPS and derive the speed from the position.
Signed: someone who spent too long programming an IMU and fighting with stupid bosses full of misconceptions.
Other than that, I totally agree with your comment.
TBH it's very routinely done with onboard GPS tracking instruments which also have accelerometers, (or apps running on phones) - used by insurance companies, car rental agencies, and other fleet operators.
Its location is a bit more obscure, but I think there's a much simpler list of privacy practices to follow: whatever Mark Zuckerberg does. Anything he does to protect himself in the data realm is what we should be doing. Yes, I know there was the "Mark's FB has better defaults than yours" story some years ago, but this is outside of FB (though applicable anywhere).
So what is it? Exploding email addresses? Making friends with someone with DMV database access? Temporary credit-card numbers? Tinted windows? Never carrying a wallet? Having an entourage take care of all of this for you? All of the above? Anyway, it would be nice if the zillionaires who have put a lot of resources into personal safety told us what they've learned. Heck, if adopted wide enough their practices might put the crunch on data criminals (though probably also data businesses, which would maybe be a reason they'd resist it.)
I thought that was interesting too. Looks like the research on it came out 10 years ago. A couple of links from some quick searching. The second link has some charts and graphs, though it limits its estimates to 65+ age groups.
Just to respond seriously for a second: it's good to remind ourselves that ML isn't magic. If it knew your weight and age it would use those for predicting life expectancy instead. Same for smoking history, sleep habits, etc. But all it has access to is the accelerometer, and a weak correlation is better than nothing, so that's what it uses.
Someone previously illustrated sceneries where the algorithm hiccupped on your data and erroneously labeled you as a pedophile and/or terrorist (at the same time!).
If you think about it, bad ML (or your words: "...ML isn't magic.") is just as bad, if not worse, than infallible ML.
Apple Health and many fitness tracker apps can estimate your Vo2Max score based on your height, weight and how your heart rate varies during brisk walks and runs.
It's not incredibly accurate but Vo2Max is regarded as an important indicator of your cardiovascular health.
>No one sane would ever want their relatives, friends, work colleagues, and neighbors to be able to know (quoting from the OP):
The things you mentioned are kind of how it was before the advent modern civilization. Before Facebook tracking it was old biddy tracking. Through gossip everyone knew pretty much everyone's business.
That said, there's not an immediately obvious connection between surveillance and our neighbors knowing things. I have 0 information about who my neighborhors are sleeping with based on their cell phone tracking.
I downvoted this because I can’t read this as anything but a disingenuous comparison. Surely you can understand the difference in scale and motive behind village gossip and global surveillance by profit-seeking corporations.
"global surveillance by profit-seeking corporations" is a string of scary words, but gossip is much more likely to cause the average person clear, tangible harm. Just pointing out that digital tracking is creepy doesn't do much to convince most people to inconvenience themselves at all.
The point is that everyone knowing everyone's business is the "natural" state of human society. For most of human history all my neighbors would know who I'm banging. It doesn't take some sort of insanity to live like that.
And you've only addressed half my argument. I don't know who my neighbor is banging because of cell phone tracking. You don't know who your neighbor is banging. Nobody in this thread knows who their neighbor is banging. It's an entirely theoretical danger that has not yet come to pass.
>Before Facebook tracking it was old biddy tracking. Through gossip everyone knew pretty much everyone's business.
As already noted the difference in scale, but obviously if you didn't like what the old biddies tracked about you in your small town you could move to a new one and start over - you can't with the global surveillance system.
finally it should be obvious that not everyone lived in a small enough town that the old biddy network was actually useful for tracking you.
Yeah, it's in grandma's forgetful brain, and to be fair she probably (a) has usually learned the value of discretion, (b) will pass away in a few years and (c) can sometimes be dismissed as a fibber.
The computer on the other hand, is an eternal record and can be dumped into the open by any hacker or wannabe-hacker for ill intent or just for fun.
I guess, there's no appropriate reputation scale for what we see on the internet (it's either perfectly trustworthy or a total sham), there's no forgetfulness in terms of minor misdeeds, and there's no way to argue with the public consensus once they've made up their hivemind...
"No really, I've changed in the 10 years since I wrote that post!"
If spying is tomorrow's only viable "economy" we are in trouble.
This is why "Big Tech" is a joke. Spying, like legally selling opiates, is not a legitimate business. It does not matter how much money can be made doing it.
>> Many of these companies call themselves “data brokers.” I call them data vultures.
Perfect. Except it is insulting to vultures, who at least put carrion back in the food chain.
This is straight-up theft of our data and privacy, for profit, and it needs to be both outlawed and shamed.
Seriously, but these slime should be more despised than common burglars (tho maybe a notch above mobsters). Seriously, these people are not respectable, and should not be respected or tolerated in polite society. So, don't.
> We need a New Declaration of Human Rights for the 21st century that takes into account rapidly advancing technologies for collecting and acting on data at mass scale.
I actually look through that and see quite a few things on that list I would be fine with my friends and relatives knowing. The difference between them and my work colleagues is that they are people who truly have my best interests at heart.
As opposed to most companies that are tracking me to try to take advantage of me.
I had a wedding to make sure everyone closest to me knew who I was sleeping with (Emily as is already public record). It took a fair bit of time and money to coordinate and hold that event.
When people ask how I'm doing, I tell them and that includes whether my problems are impacting my daily routines and needs. (Not lately)
I've shared the results of my IQ tests and had plenty of discussions about the validity and lack thereof of those results (145-160+ depending on test). Facebook likes are the least good mechanism to work that out by.
I think one of the helpful things I do is share really good places to eat and find things I want. (Nirmal's is my favorite in Seattle)
I hope driving monitoring helps us shift from a penalize infrequent rule breaking instances to helping manage attention and grow skill. I speed when conditions let that be safe.
I suffer depression and have my whole life as everyone I know is aware and now is more public on the internet.
You'll have to ask her but I'm not looking to leave. I'm very honest and want that in my closest relationships so if we were going that direction she'd be among the first people I spoke with. If she feels she needs to leave I'll try and help us both find happier lives but I hope it never comes to that.
I respect that you have a different level of openness. I think a good criticism of my post is that I have a ton of privilege to feel safe sharing these things. I've chosen to live a life I feel entirely comfortable sharing. Clearly I'm not handing out credentials but... I prefer a world that is more honest and intimate and that simply requires I be open, honest, and self-reflective.
Good of you to offer concrete examples. I don't mean these as ad hominems since I don't know you, more as counter examples:
> I've shared the results of my IQ tests (145-160+)
I wonder if the part of the population with <100 IQs are similarly open with their results.
> I speed when conditions let that be safe.
Admitting to breaking the law is an excuse for higher insurance premiums and for the police to hassle you.
> I suffer depression
This is one of the few relatively "safe" mental health conditions to announce. Who's lining up to hire someone who's openly struggling with addiction or has psychopathy?
> I'm very honest and want that in my closest relationships
Let's say your partner gets served ads about how your single, attractive co-worker has been googling you late at night, how your location histories have significant overlap, and by clicking the ad they can find out more. Not everyone will get suspicious, but some people definitely will click.
~~~
It would be great if we could all be open like you say you are, but society isn't even close to ready for that. Any rapid transition (like wide-scale encryption breaks) would be traumatic on so many levels.
You have my gratitude for this comment. I don't take it as ad hominem at all but rather excellent challenges and realities that move the conversation forward. These are good examples of the privilege I mentioned and I appreciate them being raised.
I agree that there is a long way to go before pervasive feelings of safety will exist. You also seem right that the transition, if we choose it, will more positively be consensual and gradual. This conversation seems to be often spoken of with binary models. Further, the preference clusters are implied to be in opposition so I hoped to offer a counter to that in case it might have a positive effect over the long term.
This naturally invites the question, what percentage of the general populace is in fact sane? (sincerely curious to know what number hn readers would assign to that.)
From reading this list, I can deduce OP just made up most of them, because over half of them contains details that are total BS.
Also I happen to think we'd be a better society if we all knew everything about each other. Instead of discouraging companies from analyzing us, encourage them to publish everything all the time. Let governments join in on the fun. Everyone should be tracking an analyzing everyone else.
Solves the issue with companies manipulating us to sell our data, because if they publish it they can't sell it. Solves the ransomware problem as well. Publish everything, no privacy for anyone. You can't blackmail someone for data everyone has.
I wanna know what you think right now. I'm not asking you to tell me, I'll scan your brain instead. And I'll know what your dream last night was. And you'll know the same for me as well.
You say that you think this would lead to a better society. That aside, how would you personally feel if this vision was to become reality?
For me, I’m certain my mind being totally exposed like that would lead to debilitating mental illness and possibly even the loss of the will to live. I can’t imagine human beings, either as individuals or a collective, being fundamentally equipped to deal with such a thing.
Did you ever read David Brin's The Transparent Society (used to be a web article, I think it might be a book now). He argues that as networking and miniaturization progress, and given the curiosity of 9 year olds, we have 2 choices: everyone has all data about everyone else, or, the powerful (gov't corps rich) have all data about everyone else, and the powerful have privacy. I'm not sure if I think that's true, but I can't really think of a counter-argument.
If someone can slip cameras into what looks to me like gnats and film my bathing, well, my bathing isn't so exciting, but how can we prevent it? Some weird EM shielding arms race on nano-bots or something? And still all the sound I utter will be recorded. I wouldn't want to live on a planet with no insects. If I were 9 and I had a "build your own flying gnat" kit, pretty sure I might try to find out about what naked people look like. Now I grew up in a relatively repressed family and society, so maybe the cool Europeans have a different take on it. Maybe if there's 10M "watch people all the time" public channels with video feeds from all over the planet, peoples mental health would adjust somehow. I suspect we'll find out. Most people (that I talk to in real life) are stolidly uninterested in the "omg, do you know what the data people are gathering thru your phone" facts.
I for sure don't want to live in a society where the powerful have privacy and none of the regular people do.
The worst thing about the information economy of today is absolutely the inequality of access. We would be better off if everything that is collected was public.
I don't think that means we don't need privacy. It absolutely has value.
The problem is when privacy is only available to the rich and powerful, while the details about the rest of us are hoarded and used by the very same powerful people who pay such a premium for their privacy.
If we allow the collection of information, that information should absolutely be public, but that doesn't mean we should allow everything to be collected.
> I never heard any convincing argument about why privacy has value.
You have either _never_ had to keep a secret (which I highly doubt, unless you happen to be a literal child) or you simply aren't arguing in good faith.
Assuming that you are arguing in good faith, let's consider a potential reason why someone might value their privacy:
Some people are born attracted to the same-sex (gay, lesbian, bi, pan, etc.).
There are some countries where being gay is a criminal offense; there are even some countries where you can face the death penalty for this. [1]
If a gay person lives in one of those countries, don't they have a right to keep this fact about themselves private simply in order to protect themselves? Or does their life have less value than the profit that can be generated by the "Data Economy"?
Without some expectation of privacy it would have been impossible for people to gather together with others who had been similarly criminalized.
Without those gatherings, organizing against anti-gay propaganda (equating it to pedophilia, claiming it would be the downfall of civilization, etc.) would have been impossible and it's unlikely that the laws criminalizing homosexuality would have ever been changed.
If you kill privacy then you'll also kill the ability of marginalized groups to organize against any future oppression.
I doubt you actually believe that privacy doesn't matter however, because you're posting here under a pseudonym and haven't linked any social media accounts or anything which could reveal "private" details like your full legal name, place of residence/work, etc.
>Without some expectation of privacy it would have been impossible for people to gather together with others who had been similarly criminalized..
Impossible is a really strong word. I'm not saying that its going to be easy but I doubt that its impossible. That's my point lets spend the effort to figure out/solve this problem instead of trying to hide information.
>I doubt you actually believe that privacy doesn't matter however, because you're posting here under a pseudonym and haven't linked any social media accounts or anything which could reveal "private" details like your full legal name, place of residence/work, etc.
I would love to have everything for everyone to be public so that I don't have to worry about hiding those information. The problem is right now I can't. That's why I'm advocating we spent the effort on solving the problem that arise when the information is public rather than trying to hide information.
Likewise, if I'm gay I would much much prefer to have gay to be decriminalized rather than hiding my sexual orientation.
> I'm not saying that its going to be easy but I doubt that its impossible.
So you're willing to concede that people being unable to make the choice to keep something about themselves private will make it harder for them to promote their own rights? Can you understand how a lack of the ability to have private conversations, relationships, etc. could cause serious problems for some people?
Because earlier in the thread you said: "I never heard any convincing argument about why privacy has value." but now you are seem to be implying that privacy actually does have value to some people, correct?
> That's why I'm advocating we spent the effort on solving the problem that arise when the information is public rather than trying to hide information.
That would be a reasonable statement if you weren't also earlier criticizing the concept of privacy and stating that it had no value. You can choose to reject the idea that people should have individual privacy and try to push for a world where people didn't feel that they had to keep secrets, but you'd need to fix all the systemic issues before you could ethically promote the sort of radical transparency that you're talking about.
Trying to claim that privacy doesn't matter because it'd "be better if everything was public" without first addressing these other issues is terribly callous and could only seek to increase the amount of trauma in the world.
> Yes it could cause serious problem but not the privacy itself that the problem, its other people using it to harm other people is the problem.
So is it OK to advocate for the destruction of people's privacy in this situation or not?
If it is, then you're admitting that you just don't care about the harm that could occur (and trying to minimize the responsibility you'd have by hand-waving the issue as being "other people")
If it is not OK to destroy people's privacy in this situation, then your entire argument about how the coerced loss of privacy isn't a problem is contradictory.
>If it is, then you're admitting that you just don't care about the harm that could occur (and trying to minimize the responsibility you'd have by hand-waving the issue as being "other people")
No, to minimize harm is my eventual goal.
There are multiple way to achieve that.
You can try to by privacy or by fixing the actual issue.
I would much prefer the actual issue to be fixed.
When you fix the actual problem, the privacy become irrelevant.
>If it is not OK to destroy people's privacy in this situation, then your entire argument about how the coerced loss of privacy isn't a problem is contradictory
My argument is the loss of privacy by itself its not a problem.
So I gave you a real-world example of a situation where someone could be harmed by loss of privacy, and then asked if you thought it was OK to advocate the destruction of a person's privacy in that situation.
Your response was that you would "much prefer the actual issue to be fixed" and that "When you fix the actual problem, the privacy become irrelevant".
Which (presumably intentionally) sidesteps the question of whether you think it is reasonable to advocate for the destruction of someone's privacy when it is likely to cause them harm.
In your advocacy for the destruction of privacy in this thread, you haven't proposed anything which could minimize harm for people who rely on privacy; in fact you have taken great steps to even acknowledge that there are people who could be harmed by the destruction of their privacy.
At the same time, you're willing to acknowledge that you don't want to post comments here using anything other than a pseudonym because "the problem is right now I can't". So you are admitting that you'd prefer to keep some privacy around your identity.
This could be a reasonable position if you were willing to acknowledge that people (other than you) could be harmed by the loss of their privacy. You have refused to acknowledge this and so that argument is untenable.
Finally, you stated that your argument was that "the loss of privacy by itself is not a problem". You haven't provided any evidence nor explanation of why you believe this to be the case and have refused to acknowledge the value of privacy, despite multiple examples and the obvious hypocrisy of not "practicing what you preach" (though I'd be willing to accept this if you didn't claim that privacy has no value whatsoever)
I did give an example of a situation where someone could be harmed and you didn't bother to address it.
I think you're just being disingenuous and I don't see the point in engaging any further in this discussion.
None, but if we're looking at this situation (where the government is finding secret homosexuals and prosecuting them) and asking "what policies ought we enact to fix this" if your answer is "better privacy" that seems like it's looking at the wrong problem.
You are assuming that perfect and fair governance is a reasonably achievable state. Reality begs to differ. In reality, there are people in the USA who are in the closet or of fear of persecution by their communities.
Privacy provides a fundemental protection from persecution by your government. This is precisely why the constitution includes specific privacy protections.
So while we should fight governments that persecute homosexuality, we also need to protect at least some aspects of privacy to keep protections for the next persecuted group.
And what if it's a domestic company that is destroying those people's privacy and a foreign government that is using this to prosecute them?
Should we avoid preventing further damage that the domestic company is doing? Or should we limit ourselves to dealing with the issue diplomatically, and not do anything else for fear of "looking at the wrong problem"?
I don't understand why you'd seriously suggest that reducing the likelihood of known harm (by ensuring some level of privacy) is the wrong thing to think about when it doesn't prevent other actions from being taken too. It's possible for groups of people to do different things at the same time, after all.
Ultimately, your argument will never result in a situation where privacy is taken seriously because you could substitute in any issue and your conclusion could just as easily be that "better privacy is looking at the wrong problem."
People spend money on privacy. This gives it value.
I don’t know anyone that would want to spend money on a hotel if there was a security camera in the room. I would get the more expensive room without the camera, probably go to a different hotel.
Doctor and patient confidentiality is implicitly understood. Do you think doctors should be able to tell advertisers what their patients are going through.
Maybe your own individual privacy doesn’t have value to you, and that’s okay, but other people value their privacy, and these corps profiting off data definitely find value in lack of privacy.
The basic problem is that people undervalue data about themselves. They don’t imagine the kinds of conclusions that can be made, or the consequences.
It’s been more than a decade, but I was impressed by this research from Allessandro Acquisti that suggested people valued their data only in the pennies.
When 25 Cents is too much: An Experiment on Willingness-To-Sell and Willingness-To-Protect Personal Information, Jens Grossklags, Alessandro Acquisti, Workshop on the Economics of Information Security (WEIS), 2007
Why ? because some one could stole my money or because someone else could log in without my authorization? What if there is a way to prevent that without PIN or private key ?
Both because someone could stole your money or authorize unwanted action.
What other way of preventing that do you propose? Fingerprint? I will will send the data of fingerprint. Facial recognition? I will just grab your profile picture. What kind of method do you envise that could prove you are you and not somebody malicious?
I'm obviously not the expert, my point is we should try to seek the solution to the problem that arise when the information is public instead of trying to hide the information.
Here is another example: some people argue for privacy because the information can be used to criminalized gay people.
Well then fix the criminalization of gay people instead of trying to hide the fact that they are gay.
Don't change the example. I want to know how do you imagine a method of authentication not requiring any privacy could work. What could be the way to prevent a theft without PIN or private key if your credit card number leak to public?
Since you yourself said you are not an expert, then ask yourself, why do experts make security based on hidden passwords instead of focusing on creating those public-indifferent solutions? Could it be that passwords/PINS/secrets are one of the easiest, cheapest and reliable way of preventing unauthorized access since the ancient times?
You know, before anybody starts working on something, they need to at least have a hint it may work and not be easily compromised - e.g. what's preventing hacker from just copying the expected data from facial recognition system and pasting it themselves since it's public?
You say "just fix it to detect whether it's legit data" - how? Deep fakes are getting better by the day, we already have problems with recognizing them ourselves.
>You say "just fix it to detect whether it's legit data" - how? Deep fakes are getting better by the day, we already have problems with recognizing them ourselve
Again, I'm not the expert, every situation will may require its unique solution.
>You say "just fix it to detect whether it's legit data" - how
Yes this my attempt to at least give a hint with my far from expert knowledge.
My point is we should spend our effort to solve this instead of trying to make information private.
> Yes this my attempt to at least give a hint with my far from expert knowledge.
No, this isn't a hint, because I already stated why it wouldn't work: thief will just use publicly available data and create deep fake to mimic the owner of the bank account.
If we had technology which could magically determine whether received data is genuine, the only safety check would be "Are you an owner? [y/n]"
> My point is we should spend our effort to solve this instead of trying to make information private.
Again, nobody sane ever have spend any effort on something without even a hint for it being possible. I am asking: what's your argument to even think it's possible?
Somehow organizations get an immense amount of value out of tracking everything you do, say, think, and buy; everywhere you go; and everyone you meet. Two questions:
1. Why should they profit off of my data without my consent? (Hint: they shouldn't.)
2. Why is it so hard for me to get value out of it? Shit, if it's gonna be collected, aggregated, and analyzed anyway, I should just do it my damn self and actually get something out of it. It's like we need an open source community for personal data collection, aggregation, and analysis.
I don't think so. It is not the data itself that has value. It is a game of information asymmetry and that corporations can make you desire things you wouldn't desire without that interaction. They then convert a fraction of that desire into money flowing from you to them that you otherwise would have kept.
Maybe I am old school or too naive, but I don't see how I would make a personal margin with my own data.
If you had a clear list of "these sort of news items/OC from friends makes me more susceptible to being convinced by questionable ideas/donate money/stay up at night." then you could perhaps take steps to preserve your ability to stay more rational, more the way you want yourself to be and less easy to manipulate by ads/partisans/etc.
That sounds like it would be very useful, but doesn't really have a (monetary) "value" in the sense that most people use when talking about sharing the profits of the Data Economy.
It'd be much more interesting to see that sort of data sharing/access occurring than simply saying that people are entitled to some percentage of the profit that was "generated using their data" (which would be highly susceptible to creative accounting).
Preserving the privacy of individuals would still be challenging though.
Let's say on average you need to see one hundred ads before you see something you want to buy. Now if you had personalized ads, maybe on average you need to see ten ads before you want to buy something.
If you are already looking through a bunch of ads for the sole purpose of trying to buy something, then your personal data is valuable to you because it saves you time. But that's definitely not the situation with most big tech products.
The response to expect with #2 is that you get paid back in the form of fast search results, map directions, live communications, personalized news feeds, targeted advertisements, etc.
Pay no attention to the fact that you’re not getting versions of these things that maximize your benefit either...
I don't think that's the same thing. If you are a youtube creator and you want your videos to be monetized, you need advertisers to want to advertise on your content. As amply demonstrated by many youtube creators, you are free to go out and land your own sponsorship deals, and then you don't need to worry about demonetization.
I think many people find lots of value in search, free email, Android, and other services dependent on this model. The argument that you're not getting anything out of it rings false.
"If you don't use Facebook we will still collect[1] and sell all the data about you we can"
"But I never agreed to that."
"Too bad."
Under what circumstances would you describe that as consensual?
And that's not even getting into the concept of _informed_ consent; something that they clearly don't have given the amount of user anger that gets directed at Facebook every time when a new leak/breach/data collection method is revealed.
[1] https://news.ycombinator.com/item?id=5921092
In addition to the fact that they collect information about people who don't join Facebook (and agree to the ToS) by virtue of the information that others (often unwittingly) submit to Facebook, like group photos, mobile phone address books, etc.
You're getting their service. You want to use Facebook to talk to your family and keep up with your friends. You pay them in info, they pay you with the service you're using. Same with every other site, vox, theverge, slashdot, etc...
Sure there are a few companies you pay that also collect your data and I wish they didn't but even then they'd raise the price (maybe willing to pay more) if they didn't subside the service via your info
Not sure why the above got downvoted, it seems to echo the other sentiments.
As a developer I have a hard time imagining building an application that doesn't use data to provide a higher level of experience in some way. Of course there is a very long rabbit hole on how data collected to create a novel experience then gets used in other ways to provide revenue.
We just live in a world where applications are able to hide almost everything that is happening behind the scenes from the user, and advertising drives the majority of free applications, and this opens a gateway to major abuse...
There are paid options for example for email, but still people prefer the free options. Market has spoken. People just don't care about being tracked, specially if they get free goodies.
As an anecdote: I am the only one in my extended family who does not use the car insurance tracker. Everyone is calling me out on why I dont get the "free" discount.
I pay for email services (and make some use of gmail for junk/transactions).
I also would never use one of the insurance trackers. They literally have zero clue of what they are doing and interpret things backwards. E.g., they interpret higher g-forces as bad driving. Yet, as someone who has been through countless high-performance driving and race schools, had racing lisenses, and won multiple racing championships, I can tell you that what high-performance driving, whether racing or getting out of emergencies, is about wringing out of the vehicle, suspenseion and tires, every last bit of grip to maximally accelerate, brake, and/or turn. Of course, I'm usually very smooth and low-g on public roads, but if I do something like maneuver around an animal in the road, they'd see a high-G maneuver and charge me for bad driving, when in fact, I probably saved them from a claim.
It is a lovely concept, but the institutional idiocy really bothers me.
The fee you pay would almost certainly be less than the value they can extract from your metadata (especially since it can only grow more valuable as time passes)
I get free searches from DuckDuckGo without paying with my personal information. It is absolutely possible to provide free services, supported by ads, while collecting little to no personal information.
I don't get why this is so easily glossed over all the time... yeah, absolutely you should be able to control your data and know how it's being used. You should be able to opt out of unnecessary data collection. But the idea that you're not getting compensated for your data just isn't true - you get some really amazing tools without paying a dime for them.
Exactly, there’s a dollar value to you that they’re not paying you. You’d need a “property right” over it. (You are your own “property” already anyway.)
I think the root problem is the indirect nature of that dollar value. It's not concrete / obvious enough for normal people to understand it. Seems to be a sales / marketing problem as much as a technical one.
And I could imagine a similar line of reasoning being applied for the value of the land native Americans “sold” to the colonists - when they themselves didn’t have a conception of such ownership before or after that encounter.
This is a fundamental, and perhaps insoluble, problem with the moral principle of liberty and self-ownership: to what extent should you be permitted to voluntarily limit, surrender, or exchange that ownership?
One can certainly make a case that even limited-scope non-compete clauses in employment contracts are an affront to human dignity; on the other extreme, there are those who would claim that freedom necessarily includes the "right" to sell one's self into indefinite servitude. Where do we draw the line? I don't see an intrinsic "bright line" or Schelling Focus on the question. What is the "statute of limitations" on the Present Self being constrained by the choices of the Past Self (at least, in the context of contract enforcement)?
I can't claim to have a complete answer to that question, but it seems that every time that the line is drawn too far towards the direction of slavery (i.e. away from individual liberty) there is a substantial power-imbalance.
That seems to suggest that any situation where there is a large power (information, monetary, etc.) asymmetry between two parties will lead to one side being heavily disadvantaged, almost certainly due to the intentional structure of that arrangement.
If true, that would suggest that any circumstance where there could be a large power imbalance between parties must be carefully moderated and that limiting "individual freedom" by not allowing people to sign away their rights in a way that mostly benefits someone else could be a reasonable way of approaching this problem.
there are ways to be paid, just don’t expect google/apple/fb to do that until they will be forced. eg see new eu laws coming forward, and some companies soon will disrupt this space. it will happen like gdpr, someone is already preparing for it, without making too much noise...
Explaining to people what they should do regarding matters that there are no ways to achieve the stated goals is the laziest, lowest value category of journalism. It's a plague.
Just because something is impractical or a solution is unknown doesn't make it valueless.
There are possible truths that exist in mainstream math formalisms[1]... for which the formalism says there may be no proof of. Just because the formalism can't explain everything doesn't mean we should throw it out!
I view communications like this as:
a. making ppl aware (who may not be technical)
b. doing the work that may not be worth $$$
c. avoiding future coordination failures of society
All of these in a hyper-optimized and hyper-educated societies may seem inefficient, but in a non-optimized and not highly educated world we live in they are the difference between chaos and not.
You can point out a problem without having a solution. Part of the reason why this issue feels unsolvable is that people don't really care enough to do anything. A piece of journalism that makes people care more is a step in the right direction.
There's a way to achieve the stated goals: have the government come down real hard both on the low-level data crime and the big players that are supposedly legit.
I sense this would have been in the Bill of Rights had the notion been around back then. They knew the government needed to protect property rights as a fundamental principle and that is written throughout the legal code and constitution. So endowing citizens with ownership of the date of where they are, what they’re doing, and how they use sites seem like extensions of the personal property right. In a sane universe, there might only need to be a Supreme Court judgement somehow establishing this from the current legalization, for that matter.
I doubt it. If you ask me "who lives next door" I'll tell you "Oh, the Smith's live next door, John, Jane, Jill, and Jacob. John's a blacksmith, Jane makes the best apple pie, Jill is studying to be a doctor and Jacob just turned 14"
I doubt the forefathers would have thought there needed to be a law against me passing on info.
The US Constitution is around a century too old to care about lists of people, but I think even they would react badly to some powerful organization going around classifying everybody by some random feature.
> The US Constitution is around a century too old to care about lists of people, but I think even they would react badly to some powerful organization going around classifying everybody by some random feature.
Probably not, since it created a new powerful orgabization (the federal government) and mandated it to go around classifying everybody by a particular set of feature (whether they were a “free person”, an “indian not taxed”, or an “other person”.)
Given that when the framers were scared of a powerful organization doing something, their first concern tended to be about government doing it, and their response tended to be to prohibit at least the federal government from doing it, I think the fact that they mandated the federal government to do it indicates that it was neither something they feared nor something they failed to fear out of lack of consideration.
Easier said than done. What we're seeing is advertising as a business carried to its logical conclusion. If you "burn it all down", you have to end, in effect, all advertising. Advertisers try to target their budget as effectively as possible; the more they know about their target demographic, the better able they are to do that.
Good luck. All those so-called hearings with social media companies? Excuses to get those CEO's into the back rooms, where the REAL discussions -- and graft -- sorry, campaign donations -- happened. Our government is completely captured by the organizations that are most-hostile to our long-term well-being.
It's lazy when it doesn't come with a proposal to replace the stuff that you want to burn down.
It's like the US tax code... it is insanely complicated and in a lot of ways doesn't serve the public well (because rich folks can use the complexity of it to escape taxation), so it's easy and popular to say let's just get rid of it and start with a new, simple tax code.
The problem is it got to be the way it is for a reason. We want to incentivize people to own homes and buy electric cars and a thousand other things, and we use the tax code to do that. If you tear it down without a plan on how to keep incentivizing all the things you want, you're going to end up with some undesirable results that you then have to fix.
It's fine to say let's throw it out and start over, but if that's as far as your plan goes then it's pretty lazy.
> It's lazy when it doesn't come with a proposal to replace the stuff that you want to burn down.
And what do we want to replace targeted ads, surreptitious tracking, and a system that exploits its users for money while not being held accountable to its users with?
I'd say we're better off with nothing. So yes, in this instance, burn it all down actually is a solution.
I'm aware I'm ignoring the externalities, I'm aware it's complicated, and I'm aware what I'm proposing actually is lazy. I'm aware a bunch of people will lose their jobs (mostly in tech though so I really don't feel bad, having spent most of life in that industry). I'm saying in this instance it doesn't matter. We're still better off burning it all down.
Someone else proposed what I consider a very reasonable solution. Just make whatever data they have 100% transparent, and you as the user can choose to offer less (or more) at any point in time. This should be regulated similar to HIPAA with serious penalties for any violations, because it absolutely is about avoiding privacy violations.
And if you as the user want to share no data at all, you should have that option. This is the company's problem, not the customer's problem - or at least that's the world I want to live in.
And obviously don't hide anything behind dark patterns, and all the other common sense gotchas. Violations should be treated as criminal fraud with prison time (assuming they are found guilty in a court of law, and proving criminal fraud is notoriously difficult but the threat needs to be real).
Sure - that's absolutely fair. But with that said, I do think that a lot of people would agree that a lot of the incentives are good (I for one am glad that the government is trying to get people to move to electric cars) and would want to maintain something to keep promoting the same things even if the tax code were restarted from scratch.
I'm surprised you haven't heard it before. "As a matter of cosmic history, it has always been easier to destroy than to create," as one wise man put it.
"Burn it all down" is easy to say. You can apply it to anything, with no further thought. It's precisely what I'd call "lazy".
To avoid being lazy, you'd have to couple it with exactly what you intend to build from scratch, and ideally how you'd go about it. That's a ton of work, not just because you have to have a concrete idea, but because you have something that people can point out the flaws of. Many of whom will say, "It's terrible, burn it down."
I'm also surprised you haven't heard of this before. Every New Year millions make resolutions that are not kept because 'it is easier to start from scratch' or a clean slate, but it is very difficult to actually follow through.
People who diet non stop because they might get to day 20 and it isn't working and the solution is to start over in a week or so.
It is much easier to make yourself think that behavior will change if only one got a clean start. But inevitably you find yourself at a similar point, and a similar result.
In order to start from scratch and make it effective, you should have a reason why things will be different in the future.
"It isn't working" is also lazy, when you're describing an industry that powers half the economy, and frankly, civilization is trucking along pretty OK with the data industry warts and all.
There are certainly problems, but you haven't put enough thought into what the statement even _means_ (Would this eliminate EMR systems? Bank transfers? Credit scores?) to consider what "burning it down" means, or "it's not working" means.
Here's another industry that relies on aggregating your data: Credit reports.
Go ahead. Figure out how to opt out of Experian, Transunion, or Equifax collecting everything they can about you, including pretty much every piece of data needed for identity theft, possibly confusing it with someone with a similar name, and then putting it in a badly-secured database.
No, really, if you can figure it out I'd love to know. Every now and then I am reminded they exist and that they are silently creating these vast troves of data without anyone's consent, and all I can do is hope that if my identity information is included in a data breach, I am both small enough and lucky enough to not be impacted.
You can't opt out of cities' car culture by not driving: the rest of the city is all there all the time. You can't opt out of a data economy by your individual isolated action: the rest of the economy is vacuuming up similar people's data all the time.
A person would have to live a Kaczynski-like lifestyle to not interact with services that aggregate and sell data. No credit card, no cellphone, no internet. Cash only.
The point is that for each person that ends their interaction with these companies the less data they have on everyone. If only one tenth of my friends use facebook they will have less data on me than if 9 tenths do.
Convincing even one person to choose more privacy friendly choices helps a little.
In theory. I've deleted my Facebook account. Few years later needed to create new one and used same e-mail address. Guess what welcomed me! My old account! Heck, even posts I had deleted and whole journal (or however its called) related to them, yes it was back again, waiting to be clicked "unhide".
Its heartbreaking that on HN, the one place that should be informed about this, you still see the ignorant commend "well you don't have to use facebook"
Even if you are homeless and living under a bridge, facebook will have photos of you, uploaded by others, they will know who you are and whwre you like will sell some data relating to you to someone
Which is what the article implies with statements like "we should not allow X." There are several specific rules it suggests, which clearly would have to be laws.
Anyone engaged in the collection and sale of data should be required to maintain a list of their customers. Upon the sale of data, the customer should be required to provide their list to the broker. At the point of collection/consent, the list should be made available to the consumer.
For example:
You want to vote in an online poll by company A. Company A collects data about you and sells it, so you must agree to their privacy policy. Company A's privacy policy discloses that they sell your data to Companies B, C and D. Companies B, C and D have provided a list of its customers to Company A, and Company A includes those lists as well. In addition, the customers of those companies provide lists (as all data brokers would be required to do).
If its seems like it could get overly complicated with huge lists of data brokers for a simple online poll, that's the idea. You shouldn't have to wonder how many entities you're giving access to your information when, for example, you want to vote for MLB All-stars. MLB wants your name, address, email, phone number, and they disclose they'll "share it with partners" but they don't say who those partners are, how many exist, and if they have their own "partners". Vote for your favorite player and you could be getting a phone call for life insurance 15 minutes later after your number has been passed through 5 different companies.
CCC has a longstanding policy demand called the "Datenbrief" ('data letter'). Under this proposal, every corporation that keeps personal information about a natural person would be obligated to, once a year, mail the subject a letter containing their information, with instructions how to exercise their existing statutory deletion/correction rights.
If you keep PII, you'd also need to keep some contact info for the subject, and use it to ensure they know about their rights / the data. The existence of the data-related right would imply an obligation to inform the subject about it.
I guess I'd prefer a web interface displaying all the data holders with little "delete" buttons, over getting a gazillion letters, but if this is implemented by a single organization that actually has all your data (even if only for the purpose of faciltating GDPR), it could be a central point of failure.
We need to go back to the TV model. I mean we sold things back in 1995 right?
You go to a website about babies, you get baby ads.
You go to a website about electrified fences, you get ads for trucks, tractors, backhoe rentals (even in your area because of your IP address - but that's it)
Does anybody know if targeted ads based on tracking even work? Are they worth all the extra cost and complexity compared to traditional ads? It doesn’t seem like it. Half the time I see a super-targeted ad, it’s for a product I already purchased.
Also, what ever happened to showing ads to people who aren’t already interested in your product to expand your brand and maybe bring in new customers? The current ad model feels overfitted to me.
Yes, yes they do work. That's why it's a billion dollar industry. It allows industries to micro-target specific ads for communities and speak to them directly. It gives you more ability to expand your brand to new customers, not less, as it allows to you to specifically target niche groups who previously had no interest in you. It's important to get a sense of the extreme level of refinement that firms have access to through data-driven marketing. Want to design a marketing campaign for dog-owning, outdoorsy lesbians? Subaru launched an ad campaign in the 90s using subtle coding in their wide-net ads. Now companies can do that much more effectively by directly targeting those communities.
As for the common complaint that you always see ads for products you already purchased, that's actually a very good time to make an impression. What are the odds that you are thinking about buying a new dishwasher at any given moment? Probably next to 0. You probably would completely ignore any dishwasher ad you saw. Now imagine you just replaced your dishwasher with a new one. You probably noticed that dishwasher ad now. You might have even clicked on it to see if you got a good deal on it. You probably care more right now about dishwasher specs than you ever have in your life up to this point. Maybe there's a better deal out there. This is the perfect time to send you more dishwasher ads.
The last point is wrong: once I have purchased the dishwasher i care _less_ about a dishwasher at any previous point, because I am not most likely to have a functional dishwasher and even if yours is better I am not going to buy one more.
If marketers would only get this they would make so much more money, and I would get better ads for more relevant products. Instead I get ads that target me because I am in AGE_RANGE and live in country, or ads for scam products.
>once I have purchased the dishwasher i care _less_ about a dishwasher [than] at any previous point //
Ever recommended something to a friend/relative, or bought a second one of something that works/fits/performs well? Or even ever thought you should. I've definitely bought a pair of trainers (sneakers) and then thought, oh I should have bought another pair. If the shop had sent me an email, "get a second pair postage free" a few weeks later then they'd probably have made a sale.
I know people who have second homes definitely would re-buy white-goods, for example.
I don't know that straightforward data on this will ever be forthcoming. And we can produce theoretical arguments every which way, not entirely unlike how classical philosophers were able to prove, through reason alone, that objects in nature tended to only travel in perfect circles and straight lines, and never shapes like ellipses and parabolae, and probably produce about the same volume of useful epistemological output in the process.
I'd think that the more interesting thing would be to try and find some proxies we can use as an ersatz empirical test. For example, what about ad prices? If personalization based on tracking really does work better than other forms of ad targeting, then one would expect that that difference would yield a noteworthy difference in ad prices.
In short: If it really works so well, then you'd expect personally targeted ads to cost significantly more per impression than ads that use content-based targeting. And I'd assume that that information is reasonably public.
Absolutely. A vegetarian/vegan restaurant being able to advertise exclusively to those people is one great example. In that example you're a new customer, but you've shown interest in similar products so you're much more likely of a customer(and better spend of advertising) than advertising to somebody on a carnivore diet.
It helps with being able to measure whether you're advertising to the right people. Traditional mass media advertising made a lot of money off of showing ads to completely irrelevant people. Targeted advertising makes even more money off of showing ads to mostly irrelevant people.
I'm surprised that most people don't understand this. It's not about being more effective. It's all about have sales or conversion attribution to be able to do stuff like A/B testing.
Nowadays cable TV targets ads too. If your diabetic grandma connects to your cable provided wifi router, you will get ads for glucose monitors and insulin pumps. Targeted advertising should be illegal.
The direct mail advertising industry was thriving in 1995. You could buy datasets of people by income, car ownership, shopping habits, etc even easier than you can now.
Honestly, I'm kind of sick of how bad a rap advertising gets. Now sure, companies knowing a lot about your personal life is creepy on an intuitive level, but the fact of the matter is that cookie tracking data has NEVER been associated with any leak or data breach that resulted in personal harm. The thing people SHOULD be worried about is stuff like the Experian leak, where credit companies collect your non-anonymized personal data.
Also, fact is that matching consumers with products that they like doesn't just have enormous business value, but is actually socially positive! If you can more easily reach a niche audience, you can build better more targeted products. And the open data exchanges were a great moat against platform centralization like FB. The fight against open data exchanges make the comparative advantage FB has in advertising to you larger. That's actually pretty bad, because FB has some pretty bad incentives wrt to the attention economy and optimizing for engagement. A world where advertising on independent websites is effective is a much better one - it would let websites put out better content, it would decrease the power of social networks, it could fund better journalism (which is being decimated right now), etc.
> Also, fact is that matching consumers with products that they like doesn't just have enormous business value, but is actually socially positive!
Well, sometimes. But what people want is not always good for them or for society at large. Targeted advertising has a side effect of hiding what exactly is being advertised to society. There's obviously the extreme cases of "vices," but what about things like junk food? People love it. Targeted advertising can induce cravings that make people buy and eat things they know are not good for them. Or for another example, what about pesticides and gas guzzling trucks? I don't want all my neighbors' vanity being exploited in order to pollute my neighborhood. We can openly talk about what we all see on TV, in newspapers, or on billboards, but if I'm not seeing the same ads as my neighbors online, those conversations aren't going to happen.
Advertizing needs to be pull, not push. That is, when I have disposable income and am looking to spend it, there ought to be a place I can go to browse ads.
Otherwise, get the fuck off my attention span, stop bloating the web, and stop polluting public spaces with irrelevant information!
> Honestly, I'm kind of sick of how bad a rap advertising gets. Now sure, companies knowing a lot about your personal life is creepy on an intuitive level, but the fact of the matter is that cookie tracking data has NEVER been associated with any leak or data breach that resulted in personal harm. The thing people SHOULD be worried about is stuff like the Experian leak, where credit companies collect your non-anonymized personal data.
I mean, why not both? I simply cannot think of someone who dislikes tracking-as-advertisement and is pro central clearinghouses for more targeted personal information.
> Also, fact is that matching consumers with products that they like doesn't just have enormous business value, but is actually socially positive!
Only with the unstated premise that tracking _will_ happen and it's better if that tracking is done in a decentralized fashion. Sure, I can agree that there shouldn't be a monopoly at the focus on online tracking-as-advertising, but there's an additional argument that the space _should not exist in itself_. These arguments have been rehashed endlessly online and especially on HN so they probably don't bear repeating here, but the either or choice you represent is disingenuous.
The premise is slightly different. I'm mostly differentiating between cookie tracking and social networks (and some other large online platforms). The large online platforms don't need to track you - you give them your data willingly. Facebook knows a lot about you not because it's tracking you, but because you keep posting things to it. Cookie tracking is an alternative way to build up an effective advertising profile that is decentralized and anonymized, which I think has some value.
> The large online platforms don't need to track you - you give them your data willingly.
Most people don't know the extent to which companies track them across the internet and their devices. It really would be better described as "stalking" given that there is a clear intent by most online platforms to be as stealthy as possible when it comes to their data collection activities.
> Facebook knows a lot about you not because it's tracking you, but because you keep posting things to it.
That's not at all true. People who have explicitly chosen to _not_ have a Facebook account still have their data sucked into the maws of Facebook's data collection systems. [1]
> Cookie tracking is an alternative way to build up an effective advertising profile that is decentralized and anonymized
Cookies cannot possibly be used to build up any sort of decentralized "advertising profile" across the internet - either you allow third-party cookies for tracking and the advertisers become the centralized data collectors or you don't and the cookies don't really provide any information that a website couldn't already collect (and which, critically, wouldn't be useful to produce an advertising profile for anything other than a single website).
> [..] which I think has some value.
Value for whom? It seems that you're very interested in talking about the value of data for those who collect it and are completely disregarding the value or cost to the people who are being tracked.
> Also, fact is that matching consumers with products that they like doesn't just have enormous business value, but is actually socially positive! If you can more easily reach a niche audience, you can build better more targeted products.
Maybe this works well for some products, like "I know i need to buy milk, what should i buy?" but it has often been used in a form that appears like an abusive relationship.
Think about all of the kid-targeted ads from 30 years ago which peddled sugars and psychological tricks to get kids frothing at the mouth over their food and toy products. These weren't merely advertisements, but targeted attacks to the brain. And of course things haven't changed, it's just iconic to talk about early TV's cereal commercials hah. As with many product advertisements, they're not just trying to make you aware of the product - they're trying to bypass your consciousness and hook straight into your brain.
That was 30 years ago, and we've had the misfortune of seeing this evolve. Now social media advertisements are hyper targeted with similar tactics but more nefarious goals. Misinformation at the hands of targeted advertisements has been the source many-a controversies of recent years.
My point is i'd agree with you if advertisements haven't been so blatantly manipulative over the last 50+ years. If they were simply "Hey, you like X, try Y?"; but they're not. That ship sailed before i was even born. And it's only gotten worse with time.
The only data that can't be leaked is the data people don't have. When the OPM could be hacked, everything can be hacked.
Based on this, the only solution is to make sure nobody has any information that may possible be leaked and, at the time or later, be connected to me.
In addition to that nobody targets ads with value, because valuable products are super rare and don't need advertising because those show up in magazines, on blogs etc created by people interested in the field, because sharing those products give value to their readers.
I tested it recently on youtube, both by my locked in account (15? year old google account with a ton of info) and in a firefox container. The first ad was for some casual mobile game/scam and the second was for something I can't remember anymore. I also don't remember the first ad I got on the account that wasn't logged in, but the second one was for a website that sold used iPhones, something that I am very much interested in.
So, despite knowing a ton of me, Google couldn't show me a related ad that was better than the ad it showed when it had no data.
For a very long time the ads in gmail were all about getting loans no matter how poor my credit was, when my issue was that I need a good place to invest my money, not take on expensive loans.
Currently they were trying to sell me extra chargers for electric cars, of which I don't own any.
Facebook showed me a generic ad for cancer awareness aimed at somebody 15 years older than me (they know my real date of birth).
Previous to that they showed me a ton of ads for extra comfy travel trousers.
Twitter got the closest by showing me ads for places to buy crypto (yes I am interested in that space, no I won't by stuff from ads that scream scam to me).
I don't know what will replace ads, and it is possible that ads might bring some value in specific cases but in general they are a waste of money. I suspect Google etc knows this, but can't say it for obvious reasons.
Brand awareness ads might make sense, but it doesn't really make sense to target those much.
> cookie tracking data has NEVER been associated with any leak or data breach that resulted in personal harm.
This is a very specific statement. It may be true. But, even if we accept for the sake of argument that it is, it's not quite the same statement as, "Mass personal data collection has never resulted in personal harm," which, while seeming quite similar, also happens to be false.
But "[m]ass personal data collection" is a huge superset of "cookie tracking data"; the former encompasses all credit card information database breaches (such as Sony's), along with all government and healthcare database 'leaks'.
We could limit it to "for marketing purposes" (which is what I meant, though I failed to specify it) and still find plenty of clear-cut examples of harm. This isn't breaking news. I took a class in graduate school that was largely devoted to studying examples of them and discussing their ethical and policy implications, and that was years and years ago.
I'm trying to differentiate between data that is anonymized (cookies), and data that is not. I'm unaware of any data leak of anonymized data that resulted in any harm, but if I'm wrong I'd love to hear about it.
How about intentional publishing of "anonymized" data? It's intentional, so it should be even less potentially harmful than an unintentional leak, right?
That's just one of many apparently "anonymized" datasets that has been trivially deanonymized by researchers/hackers/internet-stalkers; so there's plenty of harm to be done.
Fun fact: one of the top 5 digital advertising platforms "anonymizes" user identifiers with a simple hash algorithm and "salts" all of the hashes with the same "salt". Can you guess the "salt"? Hint: it is commonly found on a dinner table and is used to season food.
I can't say I'm at all surprised. I've had similar conversations in a non-advertising field with non-technical managers where their attitude basically boiled down to "What do we care?" when it came to problems that would cost someone else money.
I also can't see attitudes like that changing until companies that collect data are seriously held to account for any leaks/abuses of the data that they collect.
Potential penalties would probably have to include criminal charges, in much the same way that individuals and companies can be held criminally liable for mishandling toxic waste.
I think you are right - this was a brain dump of some things I've been thinking about, specifically on how the fight against cookie tracking is making centralization worse and companies like Facebook more powerful. This article generically criticizes both, but I think there's actually a tradeoff here, and not making the distinction may lead to bad policies
> Also, fact is that matching consumers with products that they like doesn't just have enormous business value, but is actually socially positive!
What is the math here? How do you account for society-wide lost productivity from spending time consuming advertising? Or for people making sub-optimal purchasing decisions when products that are worse for their needs happen to have bigger advertising budgets?
>Honestly, I'm kind of sick of how bad a rap advertising gets.
Work in advertising by any chance?
If you read the article, it's not primarily about advertising. It's about privacy and the negative impact to society on losing it.
The ad tech firms were certainly pivotal in creating the dystopian surveillance world we live in. They deserve every single bit of bad rap they get for that and, personally speaking, I really hope there's a lot more bad rap heading their way.
>the fact of the matter is that cookie tracking data has NEVER been associated with any leak or data breach that resulted in personal harm
I don't know if you're deliberately positioning that duplicitously or not. I'll give you the benefit of the doubt.
Whether there are cookie-based breaches or not is, in practical terms, irrelevant. Read the article. With cookies, and without breaches, the Facebooks and Googles of the world allow advertisers to promote smoking to children or payday loans to those with financial troubles.
Advertising is a wide spectrum. At one end it's relatively benign: billboards and the like. Some feel even that is unacceptable. At the other is the FB/G hyper-targeted end. In and of itself it is extremely creepy. But the article is about much more than just the weird experience of wondering how they knew to target you for erectile dysfunction treatment. Or divorce lawyers.
Ad tech has bootstrapped a global panopticon. That's the problem here.
Oh, and next time your insurance premium goes up mysteriously, have a think about your browsing history.
>If you can more easily reach a niche audience, you can build better more targeted products.
in practice, these two concepts are incompatible. everyone has buttons that can be pushed with the help of detailed psychological profiles made by advertisers.
if you push those buttons enough times, it's typically unhealthy for the person and financially beneficial for the pusher all the while.
I see a couple some framing issues your comment. For example, the comment links (A) cookie tracking data with (B) people giving advertising a bad wrap. But, I think that people give advertising a bad rap for many reasons beyond simply cookie tracking. Given that, I worry that the idea "cookie tracking never led to harm" distracts me from the larger issue of generalized corporate and governmental data surveillance, especially considering that it seems like personal data breaches usually deal subtle harm to people.
Is not advertising, it's sales: the seller establishes a personal relationship with the buyer, finds out what the buyer's needs and wants are, and proposes a product or service to them that satisfies those needs and wants. Advertising is nothing like that.
Not to mention that most things that get advertised for, nobody sells the way I just described above. The only products most people buy that get sold that way are houses and cars, and those aren't the kinds of things advertisers are trying to sell using harvested personal data. Most products that people buy that are advertised that way, they choose themselves, they don't have a personal sales person helping them.
Data can still be anonymized and dangerous. In extreme cases de-anonymization is available and for all the rest it still results in the targeted individual being exposed to manipulations and attempts at influence. And the amount of influence that advertisers wield absolutely needs to be curbed to an absolute minimum or, even better, non existence. People need to be making decisions on their own rational self-interest and not emotional overtures amplified by an intimate understanding of someone's fears and sensitivities.
Their claim is logically dubious anyway. It’s not the cookies themselves but all the associated data that cookiesnlet big tech associate to profiles. This claim they are making about cookies are not associated with a breach is highly suspicious and not a good faith argument IMO. Even if they are not directly linked, cookies and tracking tools exist in a system and don’t exist in a vacuum. They are the tip of the spear. Sure the tip isn’t what kills you, but having the whole spear rammed through you sure does.
Well, it's hard to prove the absence of a negative - I think that it's on the people claiming harm to provide some examples. However, I'm not even sure what a cookie data leak would look like. The large advertising brokers are handling petabytes of cookie tracking data per day. To gain any insight out of it you need to run jobs on giant clusters. The volume of the data makes it basically impossible to exfiltrate. So yeah, I'm pretty confident in this statement.
> The large advertising brokers are handling petabytes of cookie tracking data per day.
Citation needed.
Also, you don't need a copy of every single byte that a tracking company collects; summaries are more than enough to be useful to track individuals across the internet.
> The volume of the data makes it basically impossible to exfiltrate.
An attacker doesn't need to try to exfiltrate a large fraction of collected data; only the data that's likely to be interesting to them.
See Facebook/Cambridge Analytica [1] for an example of just how incompetent a technically-sophisticated company can be when it comes to protecting their users' (and their own!) data from potential adversaries.
[1] In particular, the comments from Alex Stamos, the CSO who said “We have the threat profile of a [...] defense contractor, but we run our corporate networks [...] like a college campus" (from https://www.cnbc.com/2017/10/19/facebook-security-chief-alex... )
Exactly. It's not the tracking that is the problem, it's the lack of control/transparency. I want a personal data bank where I can decide who knows what about me.
"Marketing is manipulation and deceit. It tries to turn people into something they aren’t — individuals focused solely on themselves, maximising their consumption of goods that they don’t need"
What these kinds of articles (that basically just say how much of our data is being collected, and assert that it's bad) miss is the whole "attention economy" side of the equation, which I believe is more detrimental.
Data is concretely used to maximize engagement, outrage, polarization, etc. in order to get more attention, which is at a root of a lot of the public discourse challenges we have these days. It would be much more benign if tracking was really just about trying to see what I am most likely to buy and target that to me.
This is the point I feel most as well. I think this trend of burning attention is both destructive in ways and depth we don't completely understand yet - possibly making unrecoverable damage to our society on ridiculously large scale - and a blunt exploitation of the bias to consider attention as an infinite resource / not a real cost.
Personally I dislike also the "tracking to show me what I'm most likely to buy" but this itself (assuming such thing could exist in a vacuum, which seems unrealistic to me) has an inherently limited impact.
I think a big part of the problem here is that our computers, and the associated data they collect, are part of our extended brains. They're not record players, hotel registers, or any other metaphor society or our legal system has used in the past. It's virtually as if you could take part of your brain out and hand it to somebody, perhaps to whistle a tune you remember from school or recount that chat you had with your previous SO.
It's not okay to take a person and hold them against their will, even if they've signed some sort of agreement. Indentured servitude and slavery are considered non-viable business arrangements. No matter what I promise you or what our trade-off is, these contracts cannot exist.
I think the only way this reasonably ends is when the rest of society catches up to that conclusion. It might be a while, though. I honestly don't think most people _want_ to know what's going on, since it's quite frightening and there's nothing they can do about it. This is going to have to get more and more stressful to the average citizen until most folks realize what kind of world we've crept into.
The "data economy" is just an extension of the "Advertising Economy".
Of course the idea of an "Advertising Economy" should cause people to pause a bit since advertising, by its nature, can only help maximize profits for somebody else. In theory the money that gets pumped into advertising can only be squeezed from the profits of other companies who are doing some optimization, weighing the cost of advertising vs the increase in their market. The maximum amount it makes sense to pay an advertiser is proportional to the increase in the audience they provide, with the assumption that your profit - fee * population_ads > profit * population_no_ads.
One thing should be very clear, advertising cannot create value, it can only extract some of the surplus value that other companies are creating. This puts a pretty hard limit on how big advertisers can grow.
The solution to this was of course to take the byproduct of advertising, the generation of large amounts of demographic data, and transform that into a product. Suddenly selling, sorting and manipulating data create an entirely new class of products and create demand for new professionals as well.
The advertising industry, specializing in creating the illusion of value when their may be none, has done a brilliant job of convincing everyone that data is inherently values. Allowing tech companies to sell not only their data, that is often of questionable actual value, but the infrastructure to use this data, and sell training in the skills necessary to work with big data.
The "data economy" is just advertising turned in on itself. Anyone who works with data knows deep down that all of this is a farce, but I think we still have a bit of time before all of this hits the fan, so enjoy the ride.
Damn sometime I think as an analyst in LE that the obsession with data while crime skyrockets is stupid. I also vehemently hate advertising. Never thought that the whole time I pivoted from public policy > stats > data as a result of advertising’s influence. Makes me sick, time to crawl back towards stats and get out of this world.
Data feels like the next resource (like hydrocarbons or other resource extraction) where it can be exploited for massive profit while its costs externalized for the rest of society to bear.
Like how it took decades for society to come around to human influenced climate change, it will probably take a while for people to accept the social and mental health costs associated with the extraction and use of this resource, or we will get to a point where people are manipulated enough to be insulated from such a realization.
The article implies a lot of risk for having so much personal data circulating around without our control. but the article, and many others like it fail to show how all that risk can adversely affect us.
I mean, so what if my neighbor gets a different ad than I did? maybe he's into red shirts and I like blue shirts. so what if he got a cheaper plane ticket advertisement? I'm not going to buy a ticket unless it's cheap enough to do so. so what if i didn't get an advertisment for a college degree, it's not going to impact whether or not I'm going back to school, etc. so what if an ad uses emotional language specifically targetted towards my political demographic, it's not going to make a difference to me after I investigate the matter objectively.
Privacy is important because it protects you from the influence of others. The more companies know about you, the more power they have over you. If they know you are desperate for money, they will take advantage of your situation and show you ads for abusive payday loans. If they know your race, they may not show you ads for certain exclusive places or services, and you would never know that you were discriminated against. If they know what tempts you, they will design products to keep you hooked, even if that can damage your health, hurt your work, or take time away from your family or from basic needs like sleep. If they know what your fears are, they will use them to lie to you about politics and manipulate you into voting for their preferred candidate. Foreign countries use data about our personalities to polarize us in an effort to undermine public trust and cooperation. The list goes on and on.
There are quite a few stories that have cropped up over the last decade or two that show this is actually happening.... the most precient one I can recall was where Target outted a pregnant teenager to her parents before she even knew she was pregnant:
The big issue to me was always the data falling into malicious hands.
Sure it's not a big deal if you buy a red shirt and I buy a blue shirt but it is a big deal if you can piece together the security questions (thankfully falling out of fashion as a recovery method) for my bank account.
It's not a big deal when you don't get an advertisement for your local university but if an authoritarian government roots out gay people because they have access to credit card data for Grindr subscription charges that's probably not great.
I guess my impression is that it's not what's happened so far (although certainly innumerable lives have been sullied for weeks, months or years at a time due to identity theft, credit card fraud, and the rest), it's the potential of what could be.
The so-called "data economy" has improved our lives in immeasurable ways. I can more easily discover products that are relevant to me. Deserving innovations are granted a platform for quicker adoption. The world at large is more efficient, because relevant products and services are being delivered more quickly and efficiently than ever before.
The author is extremely paranoid. She uses the word "should" a whole lot, but does not back up her dictatorial statements with any reasoning.
Efficiency is not always a good thing. We’re not machines and we shouldn’t aspire to some Wall-E existence where we do nothing but consume without any inconvenience.
There has to be limitations to the use and distribution of data. E.g. sensitive topics should be disallowed to be tracked. Otherwise, personalized ads are great. They make our lives immeasurably richer by enabling a free internet. They make small businesses grow and thrive. They allow users to find products they need w/o looking for them endlessly.
I'm all for significantly limiting the "data economy", but I suspect too many people have become too used to getting free stuff. I see this all over the place - there are products and services that are quite expensive to build and provide, but they're free because people (often unwittingly) exchange data about themselves in place of the actual cost. If you still want those products/services without the data industry supporting it, someone will have to pay for them. I think lots of people opposed to the data economy will become less opposed when faced with actually paying for stuff it supports.
I learned this the hard way trying to sell something that competed with free tools from Facebook/Google/[other giant data monetizing companies]. Our tool was/is competitive, but we aren't in the business of data harvesting or advertising - so, the engineering cost (many years of effort) would have to be paid from actually selling the product. The response? People want the free ones, and could really care less how the engineers that built it were paid as long as THEY (the consumer of the tool) got it for free.
As long as the "someone else will pay for X so I can have it for free" attitude is acceptable and widespread, we're likely stuck with a pervasive and deep data economy.
People should own the data about them, and should be free to rent or trade usage of it to companies in exchange for money or services. Actual ownership should continue to rest with the person, however, who can revoke access the same way that a landlord can evict tenants or a worker can quit.
The biggest barrier to this has been that lots of valuable data (eg. Facebook's social graph, Android contact data) is data about relationships between people, not the people themselves, and so would logically have multiple owners. But that's not really a big barrier with modern technology: the crypto world solved multi-person ownership with multisig wallets several years ago.
Simply assigning a price to an activity doesn't solve the ethical and moral issues that can arise from that activity.
Having a price for something doesn't exactly help victims of human trafficking (whether the illegal organ trade, prostitution or anything else). What can help those victims is regulation and aggressive criminal prosecution of anyone who seeks to gain from the suffering of others.
Unless people actually have a realistic and practical way of "revoking access" to their data which results in serious penalties for companies which continue to use said data (including company-destroying or even criminal penalties for senior managers/benefactors) then the negative-externalities of data-collection won't ever really be curtailed.
The difference that ownership would give is consent. Western liberal democracies are based on the idea that you can do what you want as long as all parties agree to it.
I willingly give my personal information over to a variety of firms knowing what they do with it, because I value the services I receive more. It's not your place to say whether that's okay or not, because it doesn't affect you.
Human trafficking + consent = immigration. Organ trade + consent = organ donation. Prostitution between consenting adults arguably should be legal anyway, and already is in many places in Europe.
And yes, there should be a practical way to revoke access to data. There are ways to accomplish this technologically (eg. capability-based security keeps the data within your possession and you export the particular query that an outside firm would use; federated learning lets them train machine-learning models on the data without the data ever leaving your possession). We just don't use them yet, for the most part.
> The difference that ownership would give is consent. Western liberal democracies are based on the idea that you can do what you want as long as all parties agree to it.
No, there are things that two parties cannot legally agree to do even when there is a stated agreement between those parties.
Most of these things aren't legal because society has recognized the immense harm or potential for harm that they have.
For example, you can't legally sign yourself into slavery, nor could you (as a minor) sign a contract with an adult which would make sex legal; even if all parties say that they agree to it.
The slow destruction of privacy is creating situations which have the potential for immense harm for specific people around the world (e.g. people who criticize certain governments). To ignore these sorts of situations whenever there's a discussion on privacy is foolish at best, and maliciously disingenuously at worst.
> I willingly give my personal information over to a variety of firms [...] It's not your place to say whether that's okay or not, because it doesn't affect you.
It absolutely can affect me (or anyone else) if some of that information reveals details about anyone who isn't you. This is exactly the case with (e.g.) all of the social-graph information that Facebook collects. It doesn't matter if someone went through the process of deleting their account if information about them is still being collected by proxy.
That's not to say that any data that could reveal information about someone needs to be treated as though it "belongs" to all parties, but does mean that claiming some form of ownership over the data is not at all straightforward and that merely using the idea of ownership over data is unlikely to address many of the issues that have arisen from mass collection of data on people.
> Human trafficking + consent = immigration.
No. That is entirely wrong. Human trafficking is, by definition, done without informed consent. Stating that just "adding consent to the equation" makes it into immigration is completely ignorant of the motivations, realities and harms of that particularly disgusting criminal enterprise.
The problems with human trafficking don't arise because someone "didn't consent to something"; they arise because of the deliberately-engineered power imbalance between criminal organizations and their victims and the intention of forcing people into indentured servitude and forcing them to make money for the criminals.
> Organ trade + consent = organ donation.
Also no. Organ donation is (or should be) done without any sort of financial benefit to the donor. It's done that way to prevent the organ trade from flourishing. This is exactly the point I was making that assigning a "value" to something doesn't suddenly remove or negate the harms that that thing can cause. In fact, in the case of organ donation, there are a lot of rules which have been set up to explicitly prohibit someone from buying a human organ, specifically because of the known harm that the organ trade does.
> And yes, there should be a practical way to revoke access to data. There are ways to accomplish this technologically [...] We just don't use them yet, for the most part.
There are many ways of collecting aggregate data about populations that don't have to result in individual privacy being destroyed. They aren't used because, under current laws, it's more profitable to just collect all the data and not worry about preventing it from being abused; because there aren't any real penalties for companies and individuals who cause harm by gathering/selling/losing control of this data.
That is to say, it's not (and never has been) a technical issue. It's a political one which requires that people have an informed discussion that isn't heavily swayed by people with a vested interest (e.g. the online advertising industry, as I suspect that many people in this thread are in)
We derive great benefit from the "data economy" in the form of services which are NOT free to develop or operate but have no cost associated with their usage. We also enjoy the benefits when it comes to social connections, disaster recovery, and tracking our lost valuables. It is not going away.
The potential pitfalls of the data economy are about overbearing or violent governments, or about poorly managed data protection. This has much more to do with the bad actors than the tools they are using. It's sort of like saying we should ban information distribution because bad actors can spread misinformation.
We can't really stop the Data Economy. If we're bleeding data all over the place then we can only maintain good habits of data hygiene. But then we know that will never be perfect. Some fingerprints will always remain, some breadcrumbs will always be hoovered up by the bots.
I use adblockers and vpns and other such things but then I have accounts with facebooks and whatsapps. Could I camouflage my 'scent' with perfume? What's more - could I feed misleading data in? I really wouldn't mind being a VIP in the eyes of these shitty algorithms.
Saying "We can't really stop the Data Economy" is like saying that humanity can't do anything about climate change because we can't afford to upset the petrochemical industry.
We can have a discussion about the costs and benefits of the Data Economy but to simply state that it's impossible to do anything about it is reductive to the point of absurdity and, frankly, only serves the interests of those who want to continue profiting without bearing any of the societal costs.
No no - I mean 'we' as in we here right now, in this conversation. I'm all for regulating the Data Economy and all the efforts to impose laws and regulations and what not. It's just that all these devices and microchips have opened a way to trade on data that we'll never be able to regulate and control with 100% clarity and precision. So we're definitely gonna have to get more clever than just asking the government to ban them.
> It's just that all these devices and microchips have opened a way to trade on data that we'll never be able to regulate and control with 100% clarity and precision. So we're definitely gonna have to get more clever than just asking the government to ban them.
There's nothing fundamentally different about the technology in the last ~decade that has caused this trade to explode. Bandwidth, storage and compute have all gotten cheaper, but there's not much more that has actually technologically changed to cause this explosion.
What has changed is that companies now see this sort of data-gathering as a potential source of profit and have essentially never had to pay more than a fraction of the costs that they incur on society when this data is abused/leaked, etc.
If there was actual civil and criminal liability attached to negligence, misuse of user data, etc. then most of these problems would disappear pretty quickly. The reason why this hasn't already happened is almost certainly related to the immense amounts of money and influence that the data-gathers can wield on politicians.
A key part of any sort of effective regulation in this space would also require that breaches or misuses of data that didn't involve negligence were also heavily punished (similar to how some toxic waste spills are handled). This would create a powerful incentive for companies to just not collect the data in the first place unless there was a serious business need for it which justified the additional risk to the company.
I can't see that ever being popular here though given how entrenched online advertising $$$ is in SV/YC/HN...
One big thing has changed in the last ten years though - smartphones. Literal sponges for data that all non-technical people just trust with everything. Could you imagine something like this 15 years ago? With computers? No way - I still remember my boomer parents being afraid to even pull out a credit card in front of a computer.
I think a lot of people around here know how the sausage is made. But when you’re designing meat grinders you’re not gonna call attention to where the meat is coming from.
I think the way the wind is blowing is slowly changing direction though.
Yeah, I think we're both in agreement that things need to change.
Fundamentally though, I think that there will have to be a bigger catalyst for that change to happen and while I think people are slowly becoming more aware of how bullshit the "consent" argument for data gathering is, I don't think a general "uneasy feeling about doing things online" will actually be enough to push for useful regulatory fixes when it would require going against the incredibly large resources of the various data-mining (credit & insurance industries, etc.) and tech lobbies.
One thing I would say about smartphones is that I think that humanity would probably be in a far better place (in terms of individual privacy) if mobile networks were about 10 years behind where they are now in terms of spectral efficiency and per-bit energy requirements.
That would mean that you would have fairly ubiquitous powerful mobile hardware where there was a serious performance/battery penalty to just transmitting data up to some cloud service at all times of the day but you'd still have enough local compute and storage to do just about everything that people use their phone for today (with the exception of mobile video streaming).
It makes me think that one of the sparks for a more privacy-respecting system could be if mobile data became very unreliable/expensive but phone/OS/app developers knew that they had to actually deal with this and couldn't just ignore the lack of connectivity. Unfortunately, I can't think of any situations where that could be the case which wouldn't involve some sort of massive social upheaval (like a war or significant and widespread infrastructure damage) so I certainly wouldn't be hoping for such an event to be the catalyst.
I'm curious, can insurance companies get access to this information to potentially affect policy rates?
That would be insane. If they know how sedentary you are, or if you aren't sleeping well, or if you are driving too fast, driving at dangerous hours, or if you hang out at the bar too much ... can you imagine the implications?
It gets even wilder with things like Fitbit Charge 4 where this data, in the hands of data brokers, can include data like your resting heart rate, your SpO2 levels, exactly where/when you walk.
The data collectors only provide anonymized data. But it's possibly for a company that collects PII to stitch together their own user profile data with the anonymous data. So, yeah, maybe. Like if you login to your car insurance website and that website is using third-party tracking to piece together a profile, they can correlate to your identity. I don't think I've actually seen this done and I'm not sure if it's entirely legal.
Articles that make declarations about how bad X is and then follow that up with empty calls to action like "We need to end X" to get people nodding their heads in agreement are common and cheap. What's your solution? Is there one?
Sure, you can draw attention to something bad, but if all you ever do is live off the drama and frantically declare that X "needs to stop" (I loathe that airheaded phrase like few others), what good are you? Who's going to stop it? Passive voice does not impress. When I need to eat, I eat. I don't say "I need to eat" and leave it at that. I'd starve.
Clearly you think it can be stopped. Clearly you think it's not just an unfortunate malady of the age that we must bear. You think it can be fixed. Where's your proposal? How are we going to shift the tech economy away from surveillance?
The growth of the data economy is like the growth of finance. Neither finance nor data gathering actually produce anything. They can help produce something, inform or facilitate the production, but it's not productive in itself. In the limit, you're left with a hot potato economy where people gather data to sell for the purpose of gathering more data.
Maybe this is incentivized by the killing of the industrial base. Everything we buy is from China. All the US does is consume.
Disclaimer: I work at a company that collects user data.
The author is fearmongering big tech because she envies all the money they are making. Facebook does not sell user data, and I'm pretty sure the author knows this but intentionally perpetuates this misconception anyways. Facebook would collect about as much user data regardless of whether they used it for targeted advertising.
There certainly are firms that will sell a dossier on you employers or anyone else who wants it, it's just not any of the players mentioned in the article. That's why I hate these articles filled with non sequitur fuzzy thinking. If you want to end the data economy you need to start with the real players: telcos, payment processing networks, ISPs, insurance companies, credit bureaus.
If you're a background check company, it seems like a dangerous game to attempt to systematically match data from such unofficial sources to potential employees.
Aren't they opening themselves up to lawsuits if they match the wrong person to the wrong potential employee?
Additionally, isn't it illegal to decide to hire/not-hire based on a bunch of protected traits? (age, sex, orientation, religion, etc.)
It seems like a lot of the quoted information would be off-limits.
Part of the data economy is this curious phenomenon: nicely styled web articles, where 99.9999% of the effort goes into producing the graphical artwork (often just for that article, not from a stock library!), and the text is just someone banging out some Reddit-comment-level crap for 5-10 minutes.
Imagine this in a plain document with no CSS:
<body>
<h2>Why We Should End the Data Economy</h2>
<p>The data economy depends on violating our
right to privacy on a massive scale,
collecting as much personal data as possible
for profit.</p>
<p>...</p>
...
Now it's just the rant of some loser who doesn't even know the first thing about making an attractive web page, and doesn't have any friends who are graphical designers or artists to help him or her sell the idea to the masses.
“They generate profits by compiling a profile of you from your data trail and then selling it to the highest bidder”
Connecting another dot on this point: The creation and widespread use of such profiles -which are not merely comprised of data, but are summary conclusions about people- may well make the U.S. into a genuinely caste society. Without rules regarding things like data aging, publicly accessible profile monitoring, and bad data correction… and when to provide some sort rehabilitation method, people will eventually become just a collection of their mistakes and forced into one bucket or another.
We need something akin to the Fair Credit Reporting Act and a set of laws that provide better guide-rails for when data can be collected, by who, for what purpose, when it can be sold or used for a purpose other than why it was first collected, etc.
As I understand it, CCPA means any California resident could hypothetically write a data broker, get their own file, and determine how much actual tracking is going on.
All the hypothetical examples are realistic, but... what are the names of companies that are actually providing that level of data about me?
And yet, with all this information about me, they still struggle to come up with even the slightest big of relevant advertising. 99.9% of the products I see advertised to me are either completely irrelevant to me or products I down right hate: and I never buy them. If they do have all the information the article claims, it just doesn't seem like they're able to use it in an effective manner. So what's the harm?
the key here, is, just don't buy products you don't want or don't need. as long as you do that, you'll be fine. I have yet to meet a single Ad that forced me to buy a product I didn't really want or need. And, just don't let the ads manipulate you.
Viewing the world through the data lens makes you blind to the things you didn't measure or that you cannot conceive a measurement for.
It also stifles original thought that is conceived independent of how things are or what people like ("culture becomes stuck").
When dealing with data you need to be aware of your own unfixable shortcomings as an observer. And if you can influence people's behavior at scale you're no longer an independent observer anyway, complicating things further (a measurement that becomes a target stops being a measurement).
There isn't one truth you could uncover in data; life is an open-ended chaotic system. Let's keep it that way.
I've been thinking about data-driven AI systems that generate art, photography and the like. One thing about these systems is that they are always learning from past works. They don't create in the same chaotic - as you say - way as we do.
Recognizing the limitation of these systems is key to be able to use them well and when not to use them.
These systems lack any form of coherent world view, artistic vision, moral imperative, culture or ability to reflect on their own surroundings, limitations and assumptions (higher-order thinking).
Even if one adds randomness to create new phenomena within their given framework, one can never compensate for that.
Uncarefully applied data-driven narratives have not enriched our thinking, they're blunting it. And they blind us to what could be.
Ending the data economy means ending inference. Most of the examples listed in the opening paragraph are not direct measurements, but mundane behavior that can associated with something interesting. I don’t think stopping inference is possible (or a good idea!), but it is easy to subvert and reign in, at least online.
Simply letting your browser emulate the browsing habits of a wide variety of people could knock down your uniqueness if done in bulk. I’m pretty sure there was a chrome extension a while ago that browsered major sites to obfuscate your actual traffic. I also like the EFF’s panopticon if you’d like to see some real value uniqueness scores.
This is a bit weird... The Reboot is sponsored by DFINITY, which is the company behind the Internet Computer and did a presentation at the World Economic Forum in 2020. (https://www.youtube.com/watch?v=FfTJEMj1GTw)
The WEF is 100% pro datamining the shit out of everyone, and AFAIK they only invite people who share their vision of the future. So, why is DFINITY making presentations for them while also sponsoring anti datamining journalism?
I'm not saying that "THIS IS WRONG!" I'm just confused as to what's going on here.
This reminds me of when people want to "reverse financialization" or "get rid of the shareholder value model." How are you going to reverse an idea and what are you going to replace it with?
Making "mass data collection" illegal seems pretty fraught. I doubt that anybody would want that in its literal form. I'm not sure anyone is too interested in nuking our tech sector either but maybe I'm wrong about that part.
Similar to KYC (Know your customer) [1] in financial services industry. We need Know your Data Broker for customers, where in customers can know which data brokers have used their information. Most of the data brokers run in the dark and very few outside of tech are aware of it.
Data Brokers should allows customers to be opted out and purge information from their systems if needed.
If only it were about advertising… Your attention is everything. Even beyond buying things or not. Your views about certain aspects of your life are affected by your senses and experiences, and so much comes from what you see, hear, and read online. Your data informs a lot of what ends up in your screen, which keeps shaping who you are. This vicious circle is what I call losing agency in the digital age. Are you OK with losing your individuality? What makes you… you? That’s my reason towards privacy.
The people who are OK with this kind of thing -- "But nothing bad has ever happened to anyone IRL" -- are obviously not part of a minority ethnic/religious/sexual orientation/gender group. This kind of technology is already used to do harm in China. Those of us in those groups don't have the luxury of "waiting to see if the nightmare becomes real" because of some of us would be in the crosshairs, not potential bystanders.
I highly suggest you guys checkout Decentr. They are building blockchain platform that allows individuals to have ownership over their personal data to exchange and leverage for economic benefits in a decentralized and secure way. I think it's false to say we can't collect data in a secure way therefore stop the data economy. We should be seeking to empower individuals with the ownership of their own data to create a true data economy.
All of your data is stored in an encrypted wallet/ID via decentralized storage solutions. Only you have access to your data and control over your data via a private key like a crypto wallet.
I remember a time when the virtue that separated the U.S. from, say, East Germany, was the assurance that your library borrowing history was sacrosanct.
The Data Economy is what enables "free" product for the end-user. Think about email, drive, video. Users are now used to get most of this stuff for free. And that's possible thanks to the Data Economy.
End such economy basically means the users will start paying for the internet. Never gonna happen.
Just have it so that any time a person or company's data is sold or leased, the company doing the selling must mail (via physical correspondence) the person or company with a notification of what data was sent and why.
People will get tired of the junk mail and companies will lose money trying to peddle data.
I'm in the data business, this article is wrong on many levels but whatever...
The biggest faux pas is "your PII is sold to the highest bidder". Not true, your PII (and mine) is sold to any bidder who hits the minimum threshold/rate, currently less the 12cents CPM
We need something like the Nutrition Facts label for digital consent: government mandated, consistent format, easy to scan. Even better if it was an interactive form to allow you to selectively consent to specific options
Wasnt here on hn someone who created a bot able to randomly like messages on FB, search for nonsense on Google, post random tweets on twitter etc, spoofs GPS etc. Would love to use something like that
Hogwash. Sharing data and having it stolen are two different things. Luddites did not account for what their idea of the future would miss out on. The data future offers new opportunities in reality based communication.
Working on serious problems like climate change would be hobbled without the rise of the data economy. But to be an economy it must have rules that protect private, personal and ethically important entities.
There's not a single person that doesn't understand the "why" of this, especially on HN. There's just no "how" there. It's pretty clear so far that GDPR/CCPA have been complete failures. Companies just design around them and consumers are in no position to jump through the hoops those companies have set up to defend themselves. The game is already over and we've lost and articles like these are just hope porn wishing for a better world that we will never see.
I think we should go further, into a full review of what it means to own something. However this is rather ambitious considering that the idea of ownerhsip lies at the very foundation of civilization as we do it.
But the nature of "digital property" has changed things. If you think the printing press changed the nature of human societies, just wait until the internet has existed for a few hundred years and their corresponding number of generations.
Capitalist market economies, trade-centric as they are, have evolved around a world in which all property is exclusive. However starting from printing press up to "model-T"--style mass production (the development of industrial societies) reduced the cost of copying and duplicating stuff more more until the creation of the internet brought about "digital goods" (such as all your personal data) which has duplication costs _below_ marginal (I think digital copying has essentially ZERO cost).
Digital goods provide a huge boon if we are able to stop trying to force-fit them into a system which works great for physical (i.e. exclusive) goods. Why and how did Microsoft become what it is during the 90s? because of huge savings in duplicating their software in a society that expected said duplication to have a not-negible cost.
> Ending the data economy may seem like a radical proposition,
Not in 2021. In 2018, GDPR went into force in the EU. In 2018, CCPA went into force in California, US. In 2021, VCDPA went into force in Virginia, US. At least with GDPR serious fines were passed.
The right to data privacy is no longer a John-Lennon-like hippie idea. It is law. Now go and fix you business model.
If greed is steam and capitalism is a steam engine, then surveillance capitalism is a modern steam engine with lots of sensors optimizing its performance.
> who you sleep with because both you and the person you share your bed with keep your phones nearby
> whether you sleep soundly at night or whether your troubles are keeping you up
> whether you pick up your phone in the middle of the night and search for things like "loan repayment"
> your IQ based on the pages you "like" on Facebook and the friends you have
> your restaurant visits and shopping habits
> how fast you drive, even if you don't have a smart car, because your phone contains an accelerometer
> your life expectancy based on how fast you walk, as measured by your phone
> whether you suffer from depression by how you slide your finger across your phone’s screen
> if your spouse is considering leaving you because she's been searching online for a divorce lawyer
No one sane is OK with corporations, governments, and other third parties being able to obtain and save this information either -- especially if their only hurdle is to get you to click "OK" to agree to some legal agreement almost no one has the time to read or expertise to understand in its full implications.
We need a New Declaration of Human Rights for the 21st century that takes into account rapidly advancing technologies for collecting and acting on data at mass scale.