It's been a while since I disagreed this much with a privacy-related article. It's a good reminder to me that the privacy community is reasonably diverse, and that different people can advocate for the same policies for very different reasons.
I advocate for privacy a lot, but my end goal definitely isn't data ownership. If anything, I'd like to see IP protections start to go in the opposite direction. I'm not against the idea of copyright as a purely practical invention, but I certainly don't believe anyone has an intrinsic moral right to a monopoly on creative or factual information.
So I take some issue with the idea that privacy is just a gateway to something else. To me, privacy and anonymity are the end goal. There's not a secondary, deeper issue behind that. I'm not mad that Facebook is making money off of my information, I'm mad that they were able to get it in the first place.
This is important, because when you transition to talking about data ownership as the underlying problem, then you start to lose ground on questions like, "why is it important that the government not be able to track my GPS location anytime they like? What was really wrong with programs like PRISM?" Because Government privacy concerns don't really have anything to do with data ownership.
To me the biggest issue with advocating for data ownership is that it puts the burden of privacy back on the user. I.e., I shouldn't have to micromanage my data-foot-print and give or deny explicit access. That just opens the doors for a barrage of requests levied against the average Joe user with lots of room for "accidental" approvals (similar to the "this site uses cookies" popups).
Privacy should not be a chore that the user is tasked with performing every day. Privacy should be implicit and extensive.
>Because Government privacy concerns don't really have anything to do with data ownership.
Could you expand on this? I want to agree here too, but I don't think I fully understand what you're getting at.
The burden is something I worry about myself, but I imagine smart people could solve this or automate it. Perhaps I have a profile of any types of requests that I automatically approve, so I only get notifications on the outliers.
Also, I think it changes the annoyance level when there's real money on the other side of it. If 2 minutes gets me $10, that's probably a trade most people would make over and over again. I don't know if the numbers will end up being that good, worse, or better, but I think it's worth exploring.
People don't avoid investing in stocks or a house because of all the administration involved. They're happy to put in the work because the gains are worth it.
Anything is probably too strong a word for me to use here. There's almost certainly some overlap with stuff like the 4th Amendment. But while you probably could use property rights as an alternative way to get at some government abuse, you've changed the overall nature of your argument.
TLDR, privacy is something that's intrinsic to you as a person, and property is something external that you just happen to have right now.
The typical arguments that are used to defend property rights (including the arguments that OP uses in this article) are largely centered around economic harm. In longer conversations this usually ends up being even worse than OP's apple example because the most direct analogy that gets brought up when discussing information ownership is copyright, which has a concept of fair use.
A pretty large component of nearly all existing IP systems is that there is a somewhat tangible value to information, and when someone takes your information they are taking that potential value away from you. And OP is probably right, if you tell an average person that Google is stealing from them, you will get a bigger reaction than if you tell them that Google is violating their privacy.
But privacy as I view it is not about economic harm, or even about my right to control how a piece of information gets used. Privacy is, very roughly, about my right to hide.
Right or wrong, if you go to an average person on the street (or even an average Congressperson) and tell them that putting all of your phone call metadata in a database violates your property rights, they're going to somewhat reasonably say, "that doesn't effect your potential market. It's not really harming you or preventing you from exercising your property rights. And if it ever does harm you for some reason, then you can argue it in court then."
But when I talk about PRISM in terms of privacy instead of property, the arguments I make are more direct. Violating someone's privacy has an observable chilling effect on freedom of speech and freedom of association regardless of whether or not future action is taken. In the US, we already have Supreme Court precedent on the books that a right to anonymity is often an essential part of exercising freedom of speech. We don't have any similar precedent that I'm aware of around IP or even general property rights.
Property rights additionally lead to undesirable questions like, "can the government tax your information?", or "if the government really wants your information, can it use eminent domain to seize it?", or "If you die, and no one inherits your information, can the government take it then?"
I sort of agree with this. I'm cynical that the genie can be put back in the bottle. I also think for a certain crowd whose support you'll need for any changes along these lines, the term "freedom of speech" has become politicized too much. I'm not sure it's an ideal that we can still rally around as a country.
What we seem to be able to rally around is money. And I think once people realize they're sitting on some real monetary value, they'll be galvanized to pursue some of the things we hope to get with privacy advocacy.
These are great things to point out and part of why I started this blog. I knew there were smarter people out there that would think of all the things I'm not thinking of.
I'm also not a fan of the profit viewpoint, but part of the concept of property is definitively having the right to exclude people from it. In fact, that's already being used for data protection: they must get a warrant to get data from your phone, but not from an FB account, because the servers are not your property.
And this applies to copyright as well - for example, without it, Bill Watterson wouldn't have been able to stop companies from using Calvin & Hobbes on their ads and other marketing crap. The GPL is also an example of it being used to exclude certain uses of it, rather than profiting from it.
but that becomes near impossible with digital information. just try removing something from the internet right now
I belive that the entire internet is changing so that this becomes every more feasible and I don't think that this is a good thing.
I think that if I have some data in my computer nobody (not even entities claiming to "own" or "have created" such data) should have the right to force me to delete said data. Just as an example imagine the information is not really digital data but something you have learned. Should anybody have the right to force you to forget something because it is "theirs"!?
I was going to respond to parent but you brought up the point I was going to bring attention to: requiring anyone to forget/destroy/not disseminate information is an infringement on their liberty. While I understand that we do have laws that attempt to stop the intentional, public dissemination of false information, I think the focus (in relation to privacy) should be more on creating an environment where people can choose to prevent the release of that information in the first place and less on restricting what it can he used for.
It is true that privacy and data ownership are two separate ideas that are often conflated. I think the user having more control over what happens to their data, empowers them to decide who has access to what, and where they choose to host their data.
For gaia hubs, we enable users to host their own data wherever they choose, revoke access to apps writing to their data, to delete data, or keep it and render it to another application whitelisted to interact with their data. A work in progress, but I feel confident Blockstack is on the forefront of pushing this idea of data ownership, while also enabling an authentication protocol that associates an immutable identity with gaia hubs, to enable data privacy as well.
The immutable identity being anonymous is debatable depending on how the user chooses to identify themselves, but the authentication protocol enables app developers to choose whether to implement end to end encryption, as some cases might not be needed.
The reality is there is a catch22 associated with (someone elses comment) the "simple" solution which is to throw everything on a local hard drive. How do you share data with people care about, or companies you do business with dynamically with high and real time performance this way? We are trying to answer those questions at Blockstack with gaia hubs: https://docs.blockstack.org/storage/overview.html But I would honestly love to see other ideas similar and learn more about the eco system of people approach data ownership, where data ownership enables users to decide what they want to be private, or not.
I think the root issue goes back to your second sentence: the average user doesn't want to be empowered when it comes to data harvesting. In fact, the average user would probably be firmly set against it. They have nothing to hide, no complaints about the current system, and see no value in having control over their data. Perhaps even negative value in taking time out of their busy schedule to manage it.
The trick to turning the tide in the data privacy battle won't be finding the right argument or implementing the right policy - it'll be finding a way to communicate the magnitude and potential impact of this problem to the masses before it's too late.
"the average user doesn't want to be empowered when it comes to data harvesting"
I think this is an extremely presumptuous statement that writes off how little empowerement the average user has by conflating the ignorance about data privacy and ownership, and the lack of user friendly options they have around understanding their data and how it can be owned/migrated and who has access to what, with carelessness or otherwise now in tech known as "consent" or "accept and agree with the fineprint or don't use this platform required for work, modern day life, etc" or "allow this app that is in no way shape or form related to pictures, social networks or social communication access to your pictures, phonecalls, all stored data on your phone and access to your contact otherwise don't download"
I think the news shows it's pretty clear most people are not happy about how companies like facebook and others are using it, now that they know. They have not known for a while, and furthermore what alternatives do they have?
This idea is very similar to telling a person because they never knew this was being done to them, and that because also in addition they have no other options currently if they do know about it, that this equates to consent or carelessness/lack of wanting to be empowered. This is just false, and furthermore, a dangerous trajectory of thought to apply to any situation.
Are you guys hiring junior devs? This looks like one of the few sane applications of blockchain technology that actually would make the world a better place...
WRT to the relationship with IPFS, with IPFS you really need to find a decent number of other people to "pin" your content. Filecoin would solve the problem of how to ensure that people with whom you have no relationship actually do this.
Good points, thanks for reading even though you disagree.
In my mind data ownership makes the arguments against those questions stronger. They can't track your location because you didn't give them permission. Right now we have the situation where they do track your location, or could if they wanted to, with no real legal fallout. If they were clearly stealing this data in the eyes of the law, that would give more teeth in court. And it would give standing to those outside of existing cases to bring law suits based purely on this theft. It would be like if the FBI used your house to spy on your neighbors without telling you.
The idea that you could prevent them from collecting it in the first place is perhaps an ideal I agree with, but I can't see how that would happen. Even the most tech savvy people leak data left and right. And it's easier and easier to infer insights from less and less data. This might be more of a reality on a decentralized web, but isn't it a waste to just throw away that data that you're keeping from potential spies? Why not at least be given the chance to monetize it if you so choose.
And about keeping stuff from Facebook. People obviously want to use social networks, probably with varying degrees of openness and sharing. Shouldn't they be able to use a service like that knowing that if anyone uses their data, it's akin to property theft? Enforcement is another issue, but if we're talking about ideals, I think privacy is a subset of data ownership, and in the form I'm thinking of it, it would only add value to any of privacy's goals, not take away.
That's true only if "I own my data" means all the data are kept on devices exclusively controlled by me. This is not the case at all for our personal information. Nor do most hardware allow for complete control.
You are getting a cut of it, in the form of the voluntary usage of a free service. That's voluntary barter, you're trading your data for usage of a service and is perfectly fine.
If your point is "I want my cut in money", then you need to find someone who's willing to give you a cut in money.
> If I deny the use of my data (opt-out, right to be forgotten), I need a way to enforce that.
But that's easy to do: don't provide your data.
Your argument seems to be more like "bartering access for data should be illegal" or "it should be illegal to offer a free, ad-funded online service without offering the same service without any ads or tracking by the price that I want, a shrubbery, a nice one, not too expensive".
It isn't wrong, but it is a different argument.
PS: Sorry for the shrubbery joke, wasn't meant to ridicule anyone but myself :)
Content-meant-as-public and content-meant-among-a-limited-group (friends, family, work, interests) are distinct sets.
Not all words are meant for all ears, and so long as the intent and/or impacts fall within socially benign grounds, this is a fair starting point.
Privacy is a much misunderstood and vaguely-defined notion, even among experts. I'll suggest that it is an emergent response to ever more effective and intrusive informational regimes, and consists fundamentally as the ability to both define and enforce limitations on information disclosure.
Much conflict emerges when information-made-public (literally: published) is asserted as under private control, or when information-meant-private is forced into public (or at least more widespread) view.
Disagree, as the main issue is prepping and cleaning bad data. It's a massive time sink and a waste of resources. Data ownership done right is a beneficial relationship for the farmer and the farmed
Why does Facebook own your identity and personhood just because they monopolize the social network? Clearly if you don't own your data then these entities will abuse any intent of law or ethics as long as they can circumvent the law (or you know just come up with a new edge case).
The model of letting other entities molest your private data has been tried. It's been a human rights violation from the get go. I don't think we need more propaganda supporting the poor little tech giants. They can come up with a humanistic business model like everyone else. Even if it hurts their profits - idgaf.
If I visit a webpage does the fact that I did so belong to me, or the site owner, or both? Clearly, it's a record of my activity, so it should belong to me. But it's also a record of the server's activity, which should belong to the site owner ("Served page X to User at 123.123.123.123 a 4:03 PM EST on April 3, 2019") I don't see an easy way to make a case that they don't have at least partial ownership of it.
Location data is a little more clear that it belongs to the user, since you aren't requesting anything from anyone, they are just collecting it, sometimes without telling you.
Voice assistants are also complicated. Does the information "Analyzed noise XXX at such such time - determined it was not the word 'Alexa' " belong to the company doing the analysis? After all, you bought it and asked it to listen to you and respond when you said a certain thing.
If my normal route for lunch is down the street to the hotdog stand to get a dog and coke, then into the park to read. Do I own that information? If a friend goes to the hotdog vendor and asks if I'd been by there, when he replies is he giving away my information or his?
That's a good question. If they were asking "Did you see a person who looked like (description of JustSomeNobody)?" That seems like it's clearly the vendor's information, because it's asking about his memory of what he did or didn't see. It doesn't seem right that your memories should belong to someone else.
On the other hand, if he happened to have a photographic memory and remembered your exact credit card number, expiration date and CCV, we would all say that that is not his information to give out however he wishes.
So, yeah. I don't know what point I'm trying to make except maybe introducing the idea of data "ownership" just creates more problems than it solves.
If someone sees wild berries growing next to the road and takes some, are they stealing? Perhaps technically yes, but not rising to a level where invoking the concept is worthwhile. If enough people do this that it bothers the owner so they put up a sign, only then does that paradigm start to matter.
We're in this small-scale realm when talking about access_logs and friends' lunch routes. For the hotdog vendor scenario, we've developed informal social ways of dealing with this that don't revolve around fundamentalist-style ownership and access control. "Hey, I just saw your friend! He was headed to the park" vs "That other guy is always inviting himself to lunch with me and I really just want to read, so if he comes asking can you pretend I wasn't here" (which is only necessary if the "friend" hasn't responded to the first round of social hints to stop inviting himself to your lunch).
But the small scale is not what we're talking about! In the berries analogy, what Google et al are doing is each sending around a crew at night to harvest a few "free" berries from each bush. Many bush owners put up signs (Do not track), but the companies keep right on harvesting under a theory that they're just doing the same thing as a hungry person taking berries for personal consumption.
But the total revenue and business model of the companies paint a much different picture. And that's what we're dealing with here - something that on a small scale appears worthless, but in aggregate is quite valuable. In fact, that's basically just the fundamental thesis of "big data". Myopically focusing on each individual fact in isolation is simply not an appropriate way to analyze society-level surveillance.
A business transaction is mutual information - we both know it went down, and we both can share that information at will... ignoring legal and market incentives to stay quiet (eg medicine, sex toys).
My problem is unjustifiable aggregation of data that provides personal information. If a stalker gets some information from the vendor, the problem is the stalking behavior - deriving an intimate view of my personal life without justification. The line has been crossed, whatever they use the information for is just additional problems.
Commercialized stalking isn't OK on or offline. I have no problem with HN tracking that I visited this thread - mutual information - but services deriving personal information using this visit as one of many signals is crossing the line.
It’s not one or the other, both parties have the information, and without a prior agreement of confidentiality, there isn’t any reason to expect confidentiality from any party other than common courtesy.
In that case, let's talk about a current privacy problem and see if the model OP is advocating helps.
One of the ways that Facebook fills out relationship graphs is by reading contacts. Both I and my brother own the information that we're related to each other. Both I and my brother own my phone number (I didn't make him sign a confidentiality agreement when I gave it to him), so outside of the bounds of common courtesy, I can't force him not to tell anyone else.
So if my brother decides to let Facebook scan his phone contacts, he's just giving away information that he owns, which is his right to do.
But if information ownership under this model doesn't provide any real protection to stop one of Facebook's primary data gathering techniques, then what's the value in it at all? What privacy infringement would this protect me from? If a store that I walk into could still claim ownership of the fact that I walked in and track my movements everywhere with facial recognition, and a website can still log that I visited and track where my mouse moves, and if they have co-ownership of that information, then they can still sell it to whomever they want.
A big issue with information ownership is that in order to make it logically scale, it has to be neutered to the point where it's no longer useful.
You know, if you have a conversation with someone (without an NDA, etc.) they are free to tell anyone about it, but in a number of states they (or anyone acting with their permission) would not be free to record the conversation because of all-party consent laws.
I wonder if that's the kind of model that we need to consider expanding into personal data collection in a number of areas. (And maybe reinforcing with separate, affirmative consent requirements for some uses; e.g., I've posted notice and you entered the property may be sufficient consent for video recording used exclusively for normal security purposes, but perhaps not for outside sharing, as targeting, etc.)
"but in a number of states they (or anyone acting with their permission) would not be free to record the conversation because of all-party consent laws."
I'm against that due to the power dynamics in place. I'd rather anyone be able to record anyone without saying anything. The whole situation, start to finish, will need to be recorded to make sure they're not cherry picking. I've found that lots of arrogant, evil people will be too cocky to realize someone is recording something or even that folks around them are listening. Gives us a way to deal with more of them. I've known quite a few people that protected themselves that way.
I haven't seen a strong argument in terms of practical effects for full disclosure of that. If anything, less people in abusive environments would be able to prove abuse since abusers would hide it second they know someone is recording evidence. So, I'm for rolling back those all-party, consent laws into one-party or no consent. At least for dealing with harms to person recording. We could require consent before publishing something if no provable harm was done.
"I wonder if that's the kind of model that we need to consider expanding into personal data collection"
Interesting. Not sure about that one. I do prefer it for businesses collecting consumer data given they do most of the abuses. They also have most of the power in this space.
"reinforcing with separate, affirmative consent requirements for some uses"
They'll mostly just click through the dialogs or whatever. It might still be good for few it helps. I don't know. This is a security feature that fails the most unless they already know ahead of time how valuable or important something is. They already have to want to protect whatever it is. Plus, sacrifice whatever product/service is being offered to them, esp free. We could try it to see what happens, though.
I'd say the primary problem with this argument on its own terms is that one of the natural questions to ask is "OK, then, how much are these companies stealing from me?" and the answer is roughly "At the upper end, probably on the order of $10/month". That's going to be hard to build a social movement around. I could argue that if we were being paid a fair price, it would be worth more, but that's a chicken & egg problem; until we have such a free market, we can't really know what will happen with enough confidence to make a strong argument that we need a market of some sort.
The real problem with all this surveillance isn't the direct impact to me, it's the impact to society. It merely turns it into a sick joke that my social order is being upended and social contracts rewritten for an amount of money I'd happily hand to them to just... not. (I mean, that has it's own issues if it actually came to be, but in its current form, yes, I'd happily pay $10/month in hard cash for them to just leave me entirely alone.)
In the long term, I'm much more concerned about the fact that knowledge is power. I don't particularly look forward to the era of "SELECT name, current_location FROM citizens WHERE dissidence_level >= .6 ORDER BY dissidence_level DESC". But until that happens, to a much greater extent than it has, and it visibly manifests in the real world, it's going to be hard to get people to care, until it happens and it's too late.
What really scares me is idea that the reason why it hasn't happened yet is precisely that the people who want to do that are deliberately waiting until it would be too late.
> * I don't particularly look forward to the era of "SELECT name, current_location FROM citizens WHERE dissidence_level >= .6 ORDER BY dissidence_level DESC". But until that happens...*
Well, that kind of already happened at least during WWII when e.g. documents had to be burned in city halls to avoid that they would fall into the German's hands, e.g.:
On 27 March 1943, a cell of the Dutch resistance committed an attack on the municipal register of Amsterdam. The German occupier had found this register to be extremely convenient: it contained the details of 70.000 Jews in Amsterdam. Also, it proved useful as a means of cross-checking information on identity cards.
But apparently people have forgotten this or did not abstract/expand such events to apply them to current tech (but I was reminded about this by my father, who is german [now some DB will store that zepearl's father is german, damn...], when I was having a discussion about Facebook with him many years ago).
The Yugoslavian (ethnical) conflict was too early from a technological point of view, but more recently, for Erdogan (Turkey) having access to a local company (DB) that tracked preferences/relationships/commentaries of a majority of its population would have been pure gold to identify people against him, puah.
I just recently argued this on HN, but this is a bad example because it ends up vilifying the census takers as if they were complicit in the crimes of the Nazis. Censuses are a hugely important part of the basic infrastructure of democracy and knowing the size and makeup of the citizenry is paramount to serving the needs of that citizenry. The remote possibility that this information can eventually be used by a totalitarian regime shouldn't be the sole reason that this information isn't collected. Instead there should be an assessment done on whether the value of having that information outweighs that potentially remote downside. I think the census is one area in which that is the case.
Blaming the census for assisting in the Nazis crimes would be like blaming the transportation infrastructure. Sure, it made things easier, but no one in the US would ever suggest we get rid of the interstate highway system because "What happens if Nazis take over the US?"
> Censuses are a hugely important part of the basic infrastructure of democracy and knowing the size and makeup of the citizenry is paramount to serving the needs of that citizenry
Censuses should know much about population without knowing anything about a specific citizen. X% of population are yews, but is Jon Smith a jew?
Well, I think that you're wrong because you're focusing only on the "census" area - this reflects in my opinion the typical "black or white"-tendencies/extremes or today's times.
I was trying to post a simple example - the event mentioned by the article is not the only occurrence and I guess that city halls had as well records about e.g. votes (which would relate a person to a specific party/movement/way-of-thinking), which would not be related directly to census but which had to be destructed as well.
I do not blame the census (and I agree that the pros of census overweight the cons). It's just that the infos that we can release today are not gathered and administered by the national-census-authority and that the their detail go in some areas well beyond what the census would gather.
I was speaking about the census because that was your example, but the concept applies to all data.
To be as general as possible, people focus too much on the negative value of data without considering the positive value. If the positive value is definite and the negative value is remote, we shouldn't let the existence of that negative value prevent us from receiving the positive value.
(wow, I just had one of those "cooldown-enforced"-moments here on YC that did not provide the "reply"-link...)
> people focus too much on the negative value of data without considering the positive value. If the positive value is definite and the negative value is remote, we shouldn't let the existence of that negative value prevent us from receiving the positive value.
Mmmhhh, I have personally the opposite feeling (people focus too much on the positive side of data/app and underestimate the negative side, which is how Facebook & Google & others can continue to thrive).
> If the positive value is definite and the negative value is remote, we shouldn't let the existence of that negative value prevent us from receiving the positive value.
E.g. those poor people in Nigeria definitely got a definite positive value while actively sucking oil from the ruptured pipeline, ignoring negative remote outcome (of blowing up), until it blew up.
It is an open secret that you can click on a post's age to open a comment and reply immediately to avoid the cool down periods.
I am not suggesting that remote potential outcomes should be ignored (which is what probably happened in your two examples). I am suggesting that remote outcomes should be kept in perspective.
Let's make numbers up for that second example. Let's say that the pipeline is guaranteed to generate $1 billion over its lifetime but has a .1% chance of failure that causes $10 billion in damage. Some people might view that $10 billion potential damage as disqualifying. However if you do the multiplication the expected negative value is only $10 million. Therefore the expected value of the pipeline is $990 million and the pipeline is probably still a good idea (I admit I am oversimplifying this issue). This is the same reason why a nuclear power plant is generally a better option over a coal plant even though the nuclear plant has the chance of a much greater catastrophic failure.
There is also always the question of who receives the positive and negative value. The census example was good because the positive and negative values both impact the general population. The Google/Facebook and Nigeria examples are a little different because the people bearing the brunt of the negative value likely don't benefit as much from the positive value as they should. That distorts incentives in a different way, but that is another debate entirely.
Ironically, the interstate highway system exists because it was useful to the Nazis. Eisenhower authorized its construction because as a general in Europe, he saw firsthand how useful the German road network was in quickly deploying troops to wherever they were needed.
I realize that and that was partially my point. No one worries about the interstate highway system falling into the wrong hands even though it is much more linked to military power than the census. So why do we worry about the census falling into the wrong hands?
Yes, you hit the nail on the head! The societal impacts have to be considered. If you rely on each person to rationally decide whether or not to sell 'their own' data, you'll have a tragedy of the commons situation.
Maybe we will see a health insurance company that costs half as much as the rest, but to apply you have to give them all your social data and they run "CREATE TABLE rejected_applicants AS SELECT name, id FROM insurance_applicants WHERE health_risk_level >= .7".
All the healthy people will rationally sell their data and try to join this company, and all the other companies will have sicker pools and have to double their prices. For a person who couldn't get accepted into the cheaper company, the fact that they can sell their own data is cold comfort.
Privacy harms will always fall disproportionately on the marginalized: the poor, the sick, dissidents, and minorities. The framework of 'data ownership' can never make these harms right because it fails to recognize that half the people selling their data often hurts the other half.
I see this insurance argument often and I don't understand it. High risk applicants should pay more. If the society decides to support the marginalized it can still do so without an obfuscation layer.
Having said this, the insurance company should get the risk assessment only (without concrete data used to compute the risk).
I disagree because I believe that everyone should have health insurance. Forcing people to pay different amounts for insurance isn't much of 'insurance' at all, then, in my view. At the very least, there should be some limit on the difference in amounts that people pay; in the hypothetical I gave, that difference would grow as predictions become more and more accurate.
I think this is a pretty common position (at least the weaker construction), but if you disagree, I understand how the argument wouldn't work for you.
> Forcing people to pay different amounts for insurance isn't much of 'insurance' at all, then, in my view.
I would argue that this is the core of insurance.
I propose the following example:
A thousand people have a 1% chance of owing $1000. Their EV is -$10. If company A offers insurance for $12, the company benefits by making $2 * 1000 and the individuals benefit by removing variance from their life.
Lets add in a single person who has a 10% chance of owing $1000. Their EV is -$100. In a free market, why would A offer insurance for any amount less than $100?
I am not saying that not everyone should have health insurance, but that perhaps insurance isn't the best system for healthcare.
> perhaps insurance isn't the best system for healthcare
Certainly insurance tied to your employer is stupid. Someone gets cancer, loses their job due to being temporarily disabled during treatment, loses their insurance with their job? What kind of useless "insurance" stops paying out the moment you get sick?
Enough with the paternalism. Let me use my data as I see fit. It's mine. Not yours. Stop putting limits on it.
If I want to trade my information for money I should be allowed to.
The problem with you guys is not that your ultimate goal isn't data ownership. The problem with you is that your ultimate goal is that you own and control everyone's data. You want to make the rules as to what they can do with it.
By your own choice? Even if the first answer was "yes" (and, to be honest, it still isn't; if you had control I virtually guarantee that you would choose to change something about how it is distributed), this answer is certainly "no". You're not choosing right now. You're having done to you.
If you want to complain about people making choices about what to do with your data, I can't fathom why you'd file that complaint against someone who wants to give you vastly more control than you have now.
What do you mean? Sure, currently personal data is being used without much control by the person. But the GP is not proposing more control, they're saying people should still not have choice, as that may harm the marginalized.
I'm not saying that people shouldn't have the choice whether or not to sell their data - I'm saying that even if they have that choice, it doesn't prevent many society-wide harms. (Edit: Which implies that we do need to restrict some uses of large datasets that would cause these harms.)
I'm not sure how you would characterize my position in terms of increasing or decreasing 'control' or 'choice' - I find those terms tricky to apply in this case, so I prefer to apply concrete concepts like 'harm'.
Harm is not a concrete concept in your characterization. It's pretty non-concrete and you've demonstrated no manner in which it occurs under the circumstance, only the possibility of it occurring.
If my friends and I all decide to self-insure as a group and we will pool our money to do so and we all agree to be covered by our collective-owned policy only so long as we submit our data in to the group, I want that to be permissible.
This is us choosing to interact with each other as a freely-associating group. That's our business. I don't want it restricted because I have lots of friends.
And I'm sick of people continually taking away my right to use my data with other people who choose to use their data. There is a societal cost to not allowing freedom. I'm not game for some Communist-style Committee for Personal Use of Personal Data Voluntarily Given. Yes, CoPUPeDVoG is not okay.
I am comfortable with my data being used as it is currently. I do not require further restrictions. I consent to the collection that is done currently.
> If you want to complain about people making choices about what to do with your data, I can't fathom why you'd file that complaint against someone who wants to give you vastly more control than you have now.
Vastly more control? By banning sharing of my information with my insurer? Brotherman, I'd like you to explain why you believe this to be more control.
When you're talking about 'me' or 'my data' here, do you mean 'me' as in 'scarejunba' or 'me' as in 'the hypothetical CEO of a large health insurance corporation that wants to set discriminatory prices based on a huge data trove'?
When you're talking about 'you' here, do you mean that I, 'floe', personally want to own and control all of your data? Or do you mean 'you' as in 'every single person working to build democratically-controlled restrictions on the use of data'?
I see no such claims that they have any desire to own and control everyone's data, and I don't see how personal jibes like that are advancing any dialogue here.
You bring up some good points and I don't have an answer for how data ownership would affect every industry or product category.
On the $10/month figure, I would point out that this is likely per data silo. So Facebook's data on you may be around $10/month, but also Google's, which is a different data set. And so on. It's not much money now because it's only available to advertisers who want to buy ads on a specific platform.
If you owned and controlled your data, you may have 100 different buyers at $10/mo, ranging from medical researchers to product marketers, which starts adding up. I don't have figures to back this up, but my intuition is that all the data we've been creating for decades will only have more and more value as we try to feed our machine learning algorithms with more data, to get more insights.
But what if critical information about you is used to get you to pay more for your next airline ticket? Or more for your next car? Or your next house?
Or in a different fashion, what if it prevents you from seeing a job for younger people, or prevents you from getting an insurance or credit card offer that other people see? (this is the more likely scenario)
This isn't your government checking to see if you're a dissident, but you're being sort of imprisoned in a different way.
Not that the dissident thing can't happen, but nobody in the US will care because they've never lived under a change of government. The europeans are more concerned about privacy, because some of them HAVE witnessed a change of government.
Individual ownership of data doesn't solve the problem because there's an inherently unequal relationship between the data's owner and the data's consumer. The consumer whether public or private has limited use for an individual data point and is really interested in the collective sum of individuals' data. We see this unequal relationship in plenty of other domains and it always collapses into giving into the demands of the larger entity just for the privilege to participate.
What really would make more sense is the collective ownership of data. Allow for data owners the power to form a body to collectively bargain with entities that want access to their data.
Yes, and the legal frameworks for people to pool their data and _license the pool_ are now being explored. One such framework is the so-called "data trust" (trust as in legal entity).
Yes, I've been thinking about this. I still think the focus should be on individual ownership, because then that individual could opt-in to a bundled data purchase. Their cut would be small, but maybe it's automated so you get a lot of small payments without doing anything. I think you need to leave the door open for an individual's data having stand alone value though, like a unique mutation in their genes that cures cancer.
It's a relief to see that the top-voted comments already disagree with this article. I disagree so much however that I need to voice it, I can't just upvote others. So, here it goes:
Nope, nope nope nope. Personal data property is a bad idea. And it probably does not come from people who actually care about privacy. It is an ideological push towards more and more privatization and "free market" economy.
Think of it for a minute. If personal data protection is based on private property that you can sell or rent, it means that rich people get a right to privacy, while others will necessarily rent or sell their data so they can pay for rent or feed their kids. It means power over personal data belongs with money. That's not what anyone actually fighting for the right to privacy actually wants.
Now, people should have control over their personal data, that's a fact. But control means rights, it does not mean that a notion of property is necessary (or maybe a loosely derived notion, like something resembling moral rights [1], in addition to control). It also means regulation of data controllers and data processors. The fight for actual privacy is not the fight for ownership, it's the fight for control.
For those who, rightly, think that "control" is a vague term: it was, but it has been properly defined [2], and more recently formally modeled [3] (disclaimer: I'm one of the author of the latter article).
1. data for web apps should be stored separate from the servers as the code.
2. this separate data store should be owned by the user (not the provider of the web app).
3. user should be able to point the web app to another datastore if needed.
so, for example, if you user basecamp for project management. basecamp should be designed so that all data writes happen to a separate database or datafile. the data that i enter in web app (basecamp) should never be stored on basecamp servers. at setup i should be asked for a data store location (that I pay for and manage).
ofcourse, for non-privacy consicous customers, the existing status quo option can also be provided.
This ownership analogy isn't working well, because ownership is a concept invented for physical things, whereas data can be copied. We can keep it, and pass it on. We know from copyright how painful it is, to put ownership on digital "things".
Did data ownership ever work like that in the physical world? Say we see a person walk by, someplace, at some time: is my sensory impression and memory like data? Is it a privacy intrusion to remember that later? Tell somebody? What would be the equivalent online? (Do we have a private "house" online, and public space?)
If the person who walks by did something memorable and unique then we do own that experience and it very much translates into meaningful data. If I was a witness to a crime happening on the street I can convey that information to the police or media as a witness. Even if it was something silly I witnessed it might make a good story to tell friends about. I own the decision to tell others or not.
> Did data ownership ever work like that in the physical world?
Insider trading is a crime in which someone takes an action based on data they had no right to. (Trading on corporate secrets, or data that belongs to the corporation and not the individual profiting.)
If a student finds a copy of the answers to a test, even if the student finds the data in a completely legitimate way, it is considered academically dishonest for the student to take the test after learning this information.
In many games learning certain information is considered cheating. For example, in Poker it is cheating to know another players cards expect after a player folds and chooses to show their cards.
Until very recently it was illegal to make a copy of "Happy Birthday" in the form of a live performance at restaurants in the United States.
Yes, in the real world data has owners and it can be illegal/restricted to provide copies of the data or to perform certain actions with the data.
I hope I didn't come across as someone from the if-you-don't-have-anything-to-hide crowd.
I do think your conclusion is a bit quick, though.
> Yes, in the real world data has owners
Things happen in the real world, and people perceive and know it as a consequence. We came to call some of that data (if recorded with machines I guess).
We wouldn't think of perceptions in terms of ownership. It just wouldn't work. We don't have a response for intrusion, e.g. If someone catches us in the act, there's just no protocol. We often just pretend it didn't happen, and are embarrassed. You can't unsee it, or punish someone for seeing something private.
We can throw them out of our house, if they trespass. But if they see you through the window, what do we do?
My point earlier was only: ownership as an analogy for data is not as helpful as some think it is.
But if you stick with ownership, you possibly end with making very strict rules around personally identifiable information (PIN), like in Europe. Some of that ends in log files, like IPs. I think that is a bit like walking by and peeking into a shop window. The shop owner might see you too (perception). Why is that the shoppers protected information? I think it's rigid and comes from off analogies. That's not to say some data doesn't need to be private.
In the end, when this cultural development is further along the way, we might have very specific rules. Like with books, and movies, which have fair-use rules etc.
There are types of situations where I think it gets really blurry and complicated, but I think we need to start with things that we intuitively feel like we own, like DNA, or the 3D map of our face. Then as we move out into grayer territory we can rely on precedent, social norms, or consensus to draw lines where needed.
The physical analogy is different because a hundred years ago we couldn't infer a lot of very sensitive and private information from easily accessible public info. Hell - our longest lived president was wheelchair bound and wouldn't have won his last election or two in the modern day. The only reason he got in was because they hid his disability from the public. Can you imagine trump getting away with that now?
Back in the day of physical goods privacy was plentiful. Now it's a scarcity. The difference is not just between physician and intangible property. It's a complex matrix and at some point we have to protect citizens to accomodate to the world that we live in.
Protecting users data is a very hard problem to solve in current tech landscape. There are enormously profitable business build around this and are driving significant portion of economy.
Only solution I can see is to build alternative economic model that can thrive while protecting data, otherwise it would be an uphill battle with all tech giants that are going after user data for profit.
This would be great, but for that model to work, the end users themselves would have to pay to have their data protected, when in principle I think most people would argue that their privacy should be protected in the first place.
For data protection to work efficiently, there has to be a centralized store of data that's deemed private, with a way to authorize / deauthorize consumers of your data. Of course, with centralization, it paints a big red 'hack me' crosshair.
Privacy is already lost. There are already cameras everywhere, be it personal home Nest cams, or surveillance cameras inside grocery stores, or street cameras at traffic lights. The fights now for data protection, IMO, are just feel-good initiatives that aim to provide a false sense of data privacy. Take Facebook for example - they've pledged to protect your privacy, offer data protection tools, a way to export all your data. Before privacy became a huge thing, I'm pretty sure people felt comfortable putting all their photos and data in Facebook due to the trust in them being a large enough company that they should protect your data, right? Same goes with Equifax. Same goes with banks and credit card processors.
The burden of data privacy and protection lies more towards the end-user than towards multi-billion dollar companies you entrust your data with. They may provide the tools, but once your information is out there, it's retrievable via various means by bad actors. You can keep guns in your home to protect your family, but if you aren't educated enough to use them properly or if you leave your doors and windows unlocked, it's not going to help.
Edit: my case in point - Facebook records found in public Amazon cloud servers [0]
This is mostly a convoluted metaphor comparing data to apples. Only a single line about a mystical "data locker" type object that would store all of our data in a decentralized way.
Yes, it's imperfect for sure, but I'm trying to get people who don't think about these things to understand how the thefts is analogous to physical items we value. Data has its own unique properties so any physical metaphor or analogy is going to fail pretty quick. Tried to keep it simple to make the point.
This is exactly what we're trying to solve with debut. (https://landing.debutapp.social) The underlying technology uses blockstack where users own their own data and information is not stored in a central database.
Beyond data ownership, the future goal is to add a layer of security around your information through encryption. Only user approved parties could access your secured data through a private key.
Most, if not all, arguments on data ownership are arguments by analogy. This makes them ipso facto invalid. Using that same line of inductive reasoning, we could argue that we own the trash we generate, and that's not a reductio ad absurdum.
An encrypted 'digital locker' is a naive and unreal solution, at least until homomorphic encryption is mature. How would I request data I'm interested in from people without knowing if they have it in the first place? Issue a million requests? And if I'm issuing such requests, do people have to pay me now because it's data that I have generated?
We are agreeing on the terms and policies of all information services we use and generate data from. It's not like they took us by surprise, except for few Analytica cases of course. If we follow the data ownership argument, which has (re)surfaced mostly due to media attention on FB and the likes, such services will become dysfunctional right away.
Privacy isn't the weak argument, it's just not very well enforced yet mostly because most people don't care much. Ideally, if a company wants to sell your data, as part of their ToS/PP, they notify you. If you approve, you get a share of that sale (basically what Nukleosome is doing). If you don't, they just move on.
To be charitable, maybe we all click Agree in the same way that we consent to being searched at the airport: there's no other choice, so it's a begrudging accept, not an enthusiastic accept.
I didn't claim it's an enthusiastic one. My claim is that all the sudden "privacy-is-not-enough" arguments make it seem like some breach happened without our agreement. To use your words, it's almost as if they're complaining about airport security/searches because we were never very explicitly warned about it.
If we don't do security checks or don't agree to some ToS, we'll be left out (of flights or online services). How many people would do that in exchange for 'ownership'?
Also, if you go to a bakery for couple months buying the same bread. Would you sue the bakery if the seller automatically knew what you're going to get, after two months of transactions, and wrapped your favorite bread for you with a smile (not the Amazon smile)? Is that also data you should own and encrypt?
Does your physician need your consent on every visit to unlock your health information in his brain and be able to follow up?
Imagine that this comment I'm writing here is locked into my very own encrypted vault and HN needs my consent every time someone wants to read it (although I used HN to write it!). I cannot imagine how would the discourse evolve this way.
So justifying 'ownership' as the future solution using invalid argumentation by analogy isn't solid. A more solid approach is to actually build products with well-enforced privacy and transparency rather than just theorize about it. Or even build and experiment with the 'ownership' proposition and see how would that play out.
It's not enough anymore because many people are just learning about how widely their data is shared around.
For example, most people that use a loyalty card at their grocery store has no idea that what they buy is being sold to Facebook. People have just discovered that Facebook is tracking them even if they have never had a Facebook account and never consented to anything from Facebook. Same goes for Four Square. Not many people have a Four Square account yet Four Square has built a giant location data empire. MasterCard is trading your purchase data. The list of examples like this is long.
There needs to be some regulation around the ownership and use of information by and about individuals. I don't have a relationship with Four Square so they shouldn't be allowed to hold any data about me.
I'm not advocating against that, quite the opposite! My work involves solving exactly this class of problems and good privacy ensures such behavior does not take place.
What I don't see is how changing the nomenclature to 'ownership' would solve all of this. It's like calling some statistical models AI models. You see my point?
I've come to believe that most disagreements online come down to definition, and could go to more interesting places if both parties got crisp with definitions early instead of arguing X and X' 10 replies deep only to then realize that X and X' are subtly different.
>> Privacy for privacy's sake is a weak argument, and privacy advocates should abandon it.
But, why? Why is it that "privacy for privacy's sake is a weak argument"?
Why is it so hard to find a way to respect peoples' wishes to avoid doing things that offend their dignity? What is that great need to spy on everyone that is so indispensible to the progress of human civilisation that this strong concern of many people must be brushed aside as "a weak argument", an irrelevant and obsolete affectation that can just be ignored?
And who is making an argument in the first place? Is anyone arguing for or against the need for dignity in the last days of one's life? Is anyone arguing for or against the need to respect bereavement? Arguments exist for and against the limits of such things, but not their actual need. We need to be able to live our lives with dignity and worth, else our lives are meaningless, we are in constant conflict with everyone around us and the peaceful coexistence and collaboration that supports human societies goes to hell in a hand cart.
This is what tech companies have to understand: you can't just take a big, smelly dump on peoples' sensibilities and not face consequences just because you have "arguments".
The analogy used in this article is too ill-fitting to find compelling. It does prompt me to wonder to what extent a person's digital traces left upon the world could be construed as a creative output that they own as a form of intellectual property, like a form of artistic expression. That analogy too seems tortured, unless possibly you're Nietzsche. But it seems less ill-suited than trying to compare one's data traces to a material good.
> What we need is a digital locker that encrypts all our data and stores it for us.
Or, alternatively, we we need to simply do what people did for ages before us: buy a couple of hard drives and store this stuff offline. If people want to come see our photos, we can either grab them and email them over or they can come review them at our house.
People keep talking the fix for technologies problems is more technology—but sometimes it's actually _less_ technology.
> we can either grab them and email them over or they can come review them at our house.
Better yet, we all have functional first class per-machine ipv6 addresses and our respectful ISPs provide us DNS records for convenience to route to our home machines.
We can use credential-locked software to remote wake our computers, which then publish our data at our discretion and control via built in site hosting services.
Since we all have gigabit landline fiber connections, having our peers and relatives just wake on demand our machines to browse our photos or videos is not an inconvenience.
Since it was all built in to our freedom-respecting hardware and software it didn't require technical literacy to set up beyond creating your user account and using a wizard to associate devices via occupying the same LAN akin to how Bluetooth pairing works with confirm code dialogs.
I might have ate something strange because these flying pigs spinning around my head are really tantalizing.
I agree with you in principle, but then we're giving up the redundancy and safety offered by multiple data centers. The cost also comes down at cloud scale so that you're only paying a few dollars a month instead of large up front purchases.
There's also a technical hurtle for the average person. Are they going to manually sync all their data from devices every time?
Somewhat. There are (were?) some companies trying to break into a personal cloud (WD MyCloud) and I think companies like Buffalo and Synology are making it a lot easier to spend $500-600 and be able to reasonably protect your data from pretty much everything but fire (though, you can buy hard drives that claim fire protection, too).
But at a deeper level, we claim that we want to store and keep all this data but do we need to? Really? I mean, back before digital photos, I took some (but not a lot) physical photos. They were dear to me. Still are. But now I have so many photos that I hardly ever look at them except for maybe a few that I've explicitly put into albums. A lot of them never get used.
Perhaps even then we don't really need to protect all of it—if it was important to us then perhaps we really should think about how we'd protect it just like we'd protect those old photo albums that people leave with during hurricanes/flooding.
My thinking is that you just don't know what will be important to you in the future. Those photos probably weren't that important to you when they were first taken, but now they are. I would advise that everyone store even the seemingly most trivial piece of data. There could be an algorithm in the future for which that is the missing key. I trust in our inability to predict the future more than our ability to predict it.
You can see the apps utilizing this framework on app.co My personal favorite right now is debutsocial.app It's a decentralized social network where every user owns their own data using gaia hubs.
This was one of the things that really drove me to get a Drobo back in the day. I liked the idea that I could effectively just throw hard drives in it and it would run. And run it did. Slowly, but it worked!
Drobo looks cool. That is the idea with gaia. Right now our master branch allows you to docker-compose-up and use the admin api calls to configure "disk" to however you want.
The main motivation here was regardless of what images were deployed on optional cloud host providers, the default was set to local disk to support users actually owning this data locally.
Additionally, we support a variety of other drivers, like azure blobs, etc.
It is nice that the hubs are set up to interact with an API where developers by default are storing data in this decentralized way.
I will check out Drobo more.
"Slowly, but it worked!" making things work is important! haha
Every comment submitted here is kept by Y Combinator and they own it in the same way facebook or "applebook" would own it, except they don't run ads. But if you were to apply to their accelerator they would use your comments to determine if they want to accept your business idea so there is definitely added value to them of your data being surrendered to them freely.
You don't have to tell them your handle. They ask for it if you'd like, but they'd be bad investors if they declined applications from people who said something like "I'm a lurker and don't have an account"
One of the big challenges with data ownership is policing it. If I grant one-time access to my data to some company, the company can store the data and use it many times over, potentially distribute it etc.
I can see this working for datasets like website interactions or search history which companies could pay a subscription for and receive periodic updates which would be of continued value.
The author mentions at the end that monetization of your own data is the option offered by data ownership. But I am not sure that there is money to be made by an individual. Facebook makes about $25 / user / year. Say there are 100 companies willing to buy your data -- would you sell all of your data (out of your "digital locker") for $2500 / year?
If it's the equivalent of what's already given for free, yes. I'm skeptical that this is remotely plausible, but yes, I would happily accept $2500 for the status quo.
The article presents an economic model of privacy. While I think that is important (and part of the argument for the indieweb - https://indieweb.org/ ) there are more arguments to be made about privacy, including not only the individual, but also collective harms that the violation of privacy can impact. That argument is challenging to make, because harm changes depending not only on the individual or group and their reason to need privacy, but also on the type of information gathered, and the possible uses of it, which change over time. That kind of shape-shifting argument is challenging to get across, so I can appreciate something simpler. However, when I hear the framing of this as "the problem" I feel nervous, because I hear that as reducing consideration of other possibilities.
Well, I have been in the hacker scene since like 1997 and it's ethos has always been about free information and secondarily about anonymity. Hence, data as ownership privacy is a no go. What is going to happen is what Julian Assange outlined in his book "Freedom and the Future of the Internet" lays out.
The article lays out that even the hackery of the hackers are having a hard time. I don't know what the hell he is talking about. A hard time like a hard time in not eating a chocolate cookie of convenience lays out but nothing more.
Elite hackers will always have privacy and it will not always be glorious. It is the masses who think the hackers will save them who are delusional.
Annendum :
I think some hackers will pick and choose when to be anonymous and others will be 100% of the time. I am the former.
Sorry, for the repost I had to edit it for lucidity.
Well, I have been in the hacker scene since like 1997 and it's ethos has always been about free information and secondarily about anonymity. Hence, data as privacy is a no go. What is going to happen is what Julian Assange outlined in his book "Freedom and the Future of the Internet" lays out.
The article lays out that even the hackery of the hackers are having a hard time. I don't what the hell he is talking about. A hard time like a hard time in not eating a chocolate cookie of convenience lays out but nothing more.
Elite hackers will always have privacy and it will not always be glorious. It is the masses who think the hackers will save them who are delusional.
That was neither "us trying data ownership" or "society rejecting it".
That was tech titans smearing each other with feces, trying to dodge responsibility for tracking teenagers as if they (companies) were pedophiles in power.
Besides, Apple? Is almost always on the side of themselves as brokers of your data.
Ownership is an odd concept to apply to something like data, I don't have a problem specifically with ownership of data as much as I have a problem with statements of form applying X to Y where that relationship previously did not exist. To take it for granted that there should not be a debate about the possibility and the implications of such relationship and just presume the existence of it seems odd to me.
Theoretically, we have all the measures in place the article described. We do sell our data - simply not for money, but for services, e.g. FB. The digital locker is actually called data privacy rights. Companies do need to ask you directly, in form of the privacy policy when you sign up to the services. The flaws of the current privacy situation lie in the execution in practice. In theory, everything is fine.
Yes, but there's something about the lack of knowledge on the part of many software users that makes the consent portion debatable. That, and there's no other way to pay to use a service that you want to use.
The Applebook metaphor in the article breaks down because data is infinitely copyable. It's actually costing less than nothing for this hypothetical "Applebook" to store (copies of) my apples: if there's a disaster back home and my orchard is wrecked, I can partially rebuild from the redundant apples that Applebook has stored. By my calculus, that's a net positive for me.
Suppose what everyone is saying is true: "We pay for the services companies provides us with our data".
Normally, depending in which jurisdiction you're in, you could get your money back for "bad" service. If someone still wants to use our data as a service payment, how do you propose we get our data back for bad service?
If you tell me a story and I sing you a song in exchange, neither of us can "take back" the thing we did for bad service. But we've bartered (and hence paid for the experience). That's just life. You can't take away an experience.
So you can take away the data but you can't take away the fact that they had the data.
I agree w/ OP. Using cryptography for privacy and data control is a step in the right direction and needs some critical mass behind it for broader adoption.
Shameless plug - that is exactly what Tozny provides. An easy way to have end to end crypto with a sharing model that keeps data in control of the original writer.
Data ownership is the goal behind Solid (Inrupt) https://solid.mit.edu/ - project led by Sir Tim Berners-Lee. From the website: Users should have the freedom to choose where their data resides and who is allowed to access it.
poor people will have to sell. rich people won't. poor people will have to sell cheap.
Anne Frank didn't think that she had anything to hide. Anne Frank didn't have anything to hide. Anne Frank got killed. Why? Because Anne Frank's parents disclosed their religion to the Dutch census. The Dutch government was benevolent, liberal. Bigotry was rare in Holland. Then Nazi's.
This can happen to you. Anne was a child. This can happen to children.
Privacy, for privacy's sake, is one of the strongest arguments that I have ever come across.
Hi Keith, have a look at https://mysafe.io and business.mysafe.io
We are the first privacy and data protection ecosystem -
With data and infrastructure owned by data subjects. Keen to get your thoughts.
Well, I have been in the hacker scene since like 1997 and it's ethos has always been about free information and secondarily about anonymity. Hence, data as privacy is a no go. What is going to happen is what Julian Assange outlined in his book "Freedom and the Future of the Internet" lays out.
The article lays out that even the hackery of the hackers are having a hard time. I don't know what the hell he is talking about. A hard time like a hard time in not eating a chocolate cookie of convenience lays out but nothing more.
Elite hackers will always have privacy and it will not always be glorious. It is the masses who think the hackers will save them who are delusional.
Annendum :
I think some hackers will pick and choose when to be anonymous and others will be 100% of the time. I am the former.
Sorry, for the repost I had to edit it for lucidity.
No. The "ownership" goal should be within the company. Does Legal own it? Does so-called Product own it? Does Engineering own it? Data Science? Ad clients? Without better governance, you will have misuse.
And at some point you have to ask yourself(Zuck), is poor governance on data ownership a bug or a feature?
Privacy is nothing more that be allowed individuality. What google and facebook do is to steal your identity and everything that it means to be you. They can then normalise your personality through algorithms, erasing whatever is left of you.
I still find it shocking that many people in society quote what originates from dystopian propaganda. The phrase "You have nothing to fear if you have nothing to hide." is commonly attributed to Goebbels, because he popularized it. Though there's an earlier precedent[0], it is also a dystopian reference. So I think there's something wrong when people are quoting literal Nazi propaganda, and having that belief ingrained.
> As soon as you connect to the internet, there is a vast surveillance infrastructure tracking your every move. Even the most hackery of hackers have trouble moving in complete anonymity.
> For most of us, however, our brains assume our pre-internet intuitions are still accurate. That what we do in our own home stays private until we decide otherwise. We feel violated when we discover how much is known about our online activity.
I am not -- in an meaningful sense -- a "hacker". I'm a reasonably technical guy. And I know how to use a bunch of tools. But "hacker"? No way.
So, my first point. Assuming that "what we do in our own home stays private until we decide otherwise" is foolish. Unless you include implementing strong OPSEC in "decide otherwise".
And second, you need not be a "hacker" to avoid surveillance. You just need to learn some OPSEC, and how to use a few simple tools. The core point is never communicating (saying, writing, imaging, etc) anything without a studied awareness of who might be observing.
I have a few Internet-facing machines. One is plain-vanilla. Just a box with basic apps, sitting behind a pfSense firewall. But of course, with no WiFi. The others, each on its own LAN, run VirtualBox, and host various VMs.
There are some low-security VMs, which reach the Internet through nested VPN chains. Which are implemented with pfSense VMs as VPN gateways. That's what Mirimir, and some of his sub-personas, use. They basically just talk about stuff. And do some consulting work. But nothing at all iffy.
Then there are a bunch of Whonix instances, which reach Tor through those nested VPN chains. That's where I do whatever interests me, with no concerns about consequences.
All of these machines are full-disk encrypted. And they're on a UPS, with a kill switches on my desk, and in the kitchen and bathroom. Although I mainly focus on being hard to find, I am prepared for discovery.
I'm not prepared, I admit, for sitting in prison, after refusing to reveal decryption passphrases. I'll probably claim ministroke and memory loss, but that damn iffy.
And then there's my physical workspace. It's basically a walk-in closet. My desk faces the door, and there's a wall behind me. There are no windows.
I painted all of the interior surfaces myself, using black EMF-blocking paint (carbon plus Al dust). For the wall behind me, I applied a series of bright washes, using custom-mixed colors.
It's locked when I'm not using it. And I live in a multifamily building, in a very cohesive community. So there's very little chance that adversaries could secretly plant bugs. They'd need to enroll or compromise one of my neighbors. That's not impossible, I know. But hey.
Anyway, my point is just that you need to keep in mind, always, that adversaries are trying to snoop. And act accordingly.
Wow everyone on here defending tech giants owning their personal data. Is this Facebook trolls working their propaganda?
What exactly do we stand to lose if Facebook can't aggregate data on a level akin to a hyper advanced dystopiam government? Are we worried out advertisements will become less funny? Are we worries well be less manipulable on a mass scale? Are we worried well have options on our tech overlords instead of being stuck with 4?
Its my data and I should own it. Just like I can't login to Facebooks servers and take their data. The only thing that separates Facebook from having privacy and the user is Facebook has billions of dollars of leverage. But hey if yall like billionaires owning you then let's keep it up - let's not say we own what's ours. Make the billionaires even stronger.
I personally don't use facebook, and don't advocate for others to use facebook. If you do use facebook, then you are accepting the deal they have offered you.
>What exactly do we stand to lose if Facebook can't aggregate data on a level akin to a hyper advanced dystopiam government?
This is how facebook makes money, and stronger how they survive as a platform. If they couldn't do this, then more then likely we would lose facebook. I personally don't see this as such a huge loss, but apparently you do.
One of the major complaints about Facebook is their tracking of non-users, of people who haven't accepted any 'deal' nor given them any data - e.g. Facebook is known to do matching of non-users full name with phone numbers and other contact information based on what other people have in their phone contacts, combined with tracking their visits on third-party websites which embed e.g. facebook like buttons.
There are ongoing court cases proving such practices, and Facebook insisting in court that it should be allowed to continue to violate privacy even for people who, like you, have intentionally chosen to avoid Facebook.
As has been explained so many times including my message, you can't opt out. Data collection is beyond that. They take it without you doing anything. It doesn't go away because you ignore it.
I advocate for privacy a lot, but my end goal definitely isn't data ownership. If anything, I'd like to see IP protections start to go in the opposite direction. I'm not against the idea of copyright as a purely practical invention, but I certainly don't believe anyone has an intrinsic moral right to a monopoly on creative or factual information.
So I take some issue with the idea that privacy is just a gateway to something else. To me, privacy and anonymity are the end goal. There's not a secondary, deeper issue behind that. I'm not mad that Facebook is making money off of my information, I'm mad that they were able to get it in the first place.
This is important, because when you transition to talking about data ownership as the underlying problem, then you start to lose ground on questions like, "why is it important that the government not be able to track my GPS location anytime they like? What was really wrong with programs like PRISM?" Because Government privacy concerns don't really have anything to do with data ownership.