This video is great. It not only sums up the problem in the elegant terms of choice, but it also proposes starts at solutions in the elegant terms of working code. It made my day to watch this.
I usually tend to avoid the 1 to 2 hour long video/talks. However in this case, the value received from its content absolutely justified every minute of its length. I wish more people would not dismiss it because of its length like I almost did.
The problem isn't Google so much as it is a lack of an understanding of the value of privacy and anonymity on the internet among the general population.
And it is also a matter of the lack of serious support for maintaining such privacy and anonymity at the internet infrastructure level, and at the level of applications that interface with the internet (web browsers in particular).
These things go hand in hand. As the general public becomes more educated about the value of privacy and anonymity (and what happens when, due to the lack of either, abuses occur) there will be more demand for technology that supports keeping their data and lives more private.
Then software, hardware, and services that protect privacy and anonymity will become more economically viable, and companies like Google will have a much harder time spying on their users.
This is why education about the value of privacy and anonymity is so valuable.
Until that happens, people will voluntarily leak information about themselves all over the place. Witness the popularity of Facebook, or hundreds of other sites where people gladly give up their privacy for various dubious enticements.
I wonder if the public ever will become educated about the value of privacy. A few days ago I've tried to explain a friend who often uses Internet cafes how to use Google's two factor authentication for Gmail. Her answer was: "Why should I do this, this just makes it more complicated". When I explained to her that it prevents other's from being able to read her mails she responded that there's nothing interesting in her mailbox and she doubts anyone is interested in doing so.
A decade or so ago I still had hope that tools like PGP/GPG will be widespread amongst the Internet population. But this all completely changed. People who used to use PGP to encrypt their mails and who've used to run their own mailservers because they didn't trust their provider just use GMail today.
We're moving from a decentraliced infrastructure to a pure client/server infrastructure and there's not much you can do about this. There are a few areas where it's possible to avoid the cloud, but in most other areas the choice is either to use the prevalent centralized infrastructure or to not communicate with others.
It seems like privacy law is the proper domain to control these things for the public. Your pants, while not transparent, do not pose much of a roadblock from a determined party looking inside them. That it's illegal for anyone to do so without your consent is the actual deterrent -- not any intrinsic property of your pants.
Email is the primary medium for lost password recovery. If someone else gets access to her email account, they have access to most of her other accounts as well. If she understood this, she would show more concern for two factor authentication.
It depends on the attack vector you're trying to protect against. If you're on a machine you control (e.g., a personal laptop) and can vouch for its security -- that is, you're sure there's no kind of spyware installed -- https should be sufficient protection when connecting on public networks (especially open wireless connections).
Two-factor auth, on the other hand, protects you when you can't guarantee the security of the machine you're using -- someone able to capture the logon sequence won't be able to replay it at a later point in time.
Note that two-factor auth without https isn't clearly of huge benefit, as an attacker with access to your network may be able to capture the session token (e.g., through firesheep or similar tools).
Thank You, that clears it up for me. I don't think I am able to upvote you, or haven't figured it out. Maybe someone else will, for your kindness and time.
nothing if she lacks a basic knowledge of how this information is _very_ interested to spammers, insurance companies, car sellers, cell phone carriers, everyone that has something to sell to her and treat her as a "lead".
"in most other areas the choice is either to use the prevalent centralized infrastructure or to not communicate with others"
That's the choice now. But it doesn't have to remain that way in the future.
The problem is that most people are relatively ignorant about technology and its potential for abuse (especially when they don't guard or value their privacy).
Not only is this ignorance not inevitable, but there's every sign that it's decreasing.
People are becoming more technologically savvy, and computer literacy is spreading. Along with this, and with the various media exposes on viruses, identity theft, etc.. people are slowly starting to become more security conscious, bit by bit.
The main thing that's lacking right now is a strong appreciation for privacy and anonymity. This is especially troubling and prevalent among the youth, who are growing up in a world where so many people's lives are on display on Facebook, Twitter, MySpace, etc..
They don't really realize or appreciate how much of what they reveal can come back to haunt them and bite them in the ass in the future: from the potential for stalking, to various abuses of private information by employers, insurers, etc.
But, as more and more people get bitten by these sorts of abuses, I think it's inevitable that a greater appreciation for privacy and anonymity will emerge. It may take some time. But the process can be accelerated with deliberate education campaigns and efforts from people who do understand the value of privacy now.
"They don't really realize or appreciate how much of what they reveal can come back to haunt them and bite them in the ass in the future: from the potential for stalking, to various abuses of private information by employers, insurers, etc."
Personally, I don't put much personal info on Facebook. I do post non-anonymously almost all the time though, and want to try to fix some of the problem.
I wonder if the public ever will become educated about the value of privacy.
a lot of people became aware that they could be tracked down for downloading movies and mp3s because of all the lawsuits.
perhaps it will take a few (more) lawsuits or criminal cases where prosecutors use data retrieved from google or facebook before people realize they are voluntarily putting a lot of data out there that could come back to bite them in the ass.
Google is not a surveillance company. It's an AI company with a rapacious appetite for data so that it can learn about the world and make better decisions.
Not Google nor even Facebook are privacy’s real threats, they are just easy targets.
There is a fine line - it would seem - between a security expert and an alarmist. That line is getting crossed more often as of late seeing as spreading FUD is their marketing strategy.
Yes privacy is important but some people are loosing all prospective in advocating for it, and in doing so are entrenching on other rights mainly freedom of speech.
I'm curious to know what you think privacy's real threats are, then?
I had two motivations in giving this talk. One was to explore the shift in where data accumulates and is collected on the internet. The other was to explore the concept of "choice," in terms of how these technologies are subsequently presented to us.
Given the events of the past year, along with the CALEA II conversations that have recently begun in DC, it doesn't seem particularly alarmist to start having a conversation about these things.
I'm not sure whether you watched the talk or not, but my premise isn't that everyone should stop using Google or Facebook, as you seem to assume. Because I don't actually believe that's even possible. Or at least, that it's not a simple choice.
I found your talk to be one of the more pragmatic takes on current challenges to privacy that I've heard for precisely this reason. While people can and sometimes do choose to opt-out, I've never been personally comfortable with the high costs of doing so. It's a neat research agenda to start from that observation and try to mitigate the cost to privacy.
Your relevant link is hilariously funny when it suggests that being less private would help people find other similarly minded folks online a la the events in Egypt. I may have LOL'd my pants. Here's my unsubstantiated but hopefully compelling retort: if those revolting in Egypt could have been a priori identified online, there would have been no revolution.
Don't be an idiot. Privacy online and privacy in the real world are very different beasts.
