>>> Don’t be surprised if your insurance company starts charging you more because of how it thinks you should live your life!
I almost stopped reading there. The author does not understand that the privacy right is held by the individual. It can be waived. A generation ago we thought that people wanted to protect their privacy. We now know that many don't. Many will trade their entire life history for a discount coffee. Why should we deny these people their right to abandon their own privacy?
As long as they were clearly marked, I don't see why not. They'd probably be better than the food from dumpsters that people get when they can't afford to buy from the supermarket.
Food safety is often about issues that by definition are not going to be labeled. The consumer, for instance, isn't going to know if the producer used adulterated ingredients irregardless of what is labeled, and sometimes irregardless of whether it is deadly or not. Likewise, it may not be obvious if something was stored at an improper temperature (or otherwise mishandled) and is also likewise unsafe to eat.
These type of food safety issues aren't one where choice is an option, these are issues of malice or neglect.
The right of privacy is individual, sure, and can be waived for purposes. Some might not mind. I'm personally okay with that side. But I also think it's pretty easy to come up with examples of private data being misused due to malice and/or neglect. (Particularly the later... it sure seems like companies have a poor track record in keeping data secure.)
Food safety is often about issues that by definition are not going to be labeled.
I don't understand your argument. Why are they by definition not going to be labeled?
We're discussing the merits of replacing the current law that bans the sale of potentially unsafe food with one that requires such food to be clearly labeled. To know which food they can't sell, producers must know which food is potentially unsafe, therefore they could label it instead. And if you're going to assume that producers will break the law, why would they respect the law banning the sale?
I also think it's pretty easy to come up with examples of private data being misused due to malice and/or neglect.
It's pretty easy to find malice and neglect in almost every possible social interaction. By itself, it can't be a sufficient argument, otherwise we'd be prohibiting people from having children!
Let's take a sample case: the widely known case of Chinese milk producers that sold milk adulterated with melamine. You assume simply labeling the milk with the melamine is all that is required? That the responsibility of not ingesting what could be a lethal poison that can cause renal failure should fall entirely on the consumer alone?
Personally, I doubt it (at any rate I am aware of no law where victim ignorance is a defense for a malicious act).
Now, I do understand what you are saying for cases where the safety risk is more minimal or specific, labeling is all that is needed. So food safety laws often are fine with people consuming, say, undercooked / raw seafood, provided a warning is given that certain people probably should avoid this type of food. I think in a way we're talking about different things, but "food standards" cover a lot of things.
Anyways, this is where I come from in regard to privacy. I don't believe that every time you waive your right to privacy, something awful happens. So I'm not talking about a general ban of waiving the right to privacy. However, I do believe privacy standards need to be strengthened to help prevent (or at least correct) such cases as malicious misuse of private data (example: doxxing) and neglect of private data (example: hacked websites that expose databases of information to criminals).
You assume simply labeling the milk with the melamine is all that is required?
Not just having melamine in the list of ingredients, but actually clearly labeling the danger. Obviously nobody would sell milk saying "Danger of death", therefore that case is irrelevant (selling without the label would still be illegal, since it's fraud, not just "protecting people from their own decisions", which is what I'm arguing against).
However, I do believe privacy standards need to be strengthened to help prevent (or at least correct) such cases as malicious misuse of private data (example: doxxing) and neglect of private data (example: hacked websites that expose databases of information to criminals).
I fully agree, and I'm quite happy to live in the EU which has at least some decent privacy protections, but those aren't cases in which people are willingly giving up anything.
it seems unlikely that Google, Facebook, etc. are offering us a good deal in exchange for our data; why would they when we don't even know what the fair price is
They have some idea, given that they're largely responsible for monetizing it. The economy in trading personal information certainly assigns a set value to it. In any case, there is also the question of how many people underage, or otherwise not in a position to give what a reasonable person would see as "informed consent" are swept into this as well.
I agree that the before mentioned companies most likely have a pretty good idea, but also that a lot of users cannot give informed consent to use your words. When we go to a restaurant we can at least make a comparison based on experience; in the case of personal data we are rarely given access to data that allows us to build up any such intuition.
Sure you can: you can compare the various types of services (search engines, social networks, etc) and see who offers the best bang for the private data buck.
Sure, if you don't mind companies selling your data for their profit nobody is taking away that right from you. But for those of us who do mind, there is no option whatsoever. People who care about Privacy are the ones denied of their choice. If 99% of the service providers I use today are telling me they won't give me service unless I share my data, what kind of choice does that leave me?
They will take your data but there isn't anything saying you have to give it to them, or that it must be accurate. Tor, pgp, VPNs, Adblockers, noscript, linux ... there are always choices. Imho we actually live in a bit of a golden age for privacy. Never have there been as many so sophisticated tools available for those who care to use them.
Also, these tech-savvy choices require extra steps to be set up and don't integrate well on all operating systems. Average users simply do not know how to protect themselves, unless they get out of their way to do so.
I categorically disagree with the premise that we live in anything resembling a golden age of privacy. On the contrary, IMHO we are approaching the clichéd Orwellian system of Big Brother. Don't forget for a second that the privacy tools we currently have only exist due to the rampant and ubiquitous nature of tracking these days.
CCTV cameras. "Real Name" policies. Corporate monetization of user data. Third-party cookie networks. Password/data leaks. Doxxing. Tape over laptop webcams. PRISM. TVs with built-in microphones and cameras. Facebook listening to your ambient audio. It is an incessant and relentless reality that everything we say, do, and soon think, is being collated to enable later correlation possibly years from now.
Encryption and anti-tracking tools are at a peak, sure, but that's a response to the dark ages of tracking. Privacy tools have developed in direct proportion to the steadily-growing loss of baseline privacy; much of what you list solves privacy issues that simply didn't exist until recently.
And yes, I feel capable of choosing how much of my data I give away. But that's a feeling I get by virtue of being a privacy-concerned software developer. To get what I would consider a basic level of control in a web browser requires half a dozen scripts, extensions, or settings changes. Do you really expect someone who's never heard of Javascript to understand why disabling execute-scripts-by-default is an important step for privacy and security?
I've had smart, STEM-employed family members ask me to "set up privacy stuff on my computer". Even at a medium-low level (no VPN, no Linux) it takes me a decent amount of time and thought, and I already know the tools and topics I want to deal with. My mom shouldn't need a third college degree to understand how to protect her privacy.
> Why should we deny these people their right to abandon their own privacy?
Because desperate people can be coerced to give up anything, whether they truly want to or not. Because these sorts of issues form the basis for many kinds of discrimination that society finds unacceptable.
Big="L" Libertarians and Randians opinions notwithstanding, there are worse things than preventing a race-to-the-bottom society built on degradation of the weakest individuals.
Privacy issues aside, I'm not sure that the folks who trade their privacy for a discount coffee count as "desperate" in any sense of the word.
I do think that they perhaps haven't thought through the implications of what giving up their purchasing history could mean in a decade or two. Or maybe they have, and they're making the very rational choice to focus on the concrete effects of the here & now rather than some abstract consequences in the future. Data has an expiration date, after all.
I think that, as the fight over 'metadata' implies, most people haven't realized how powerful non-central data can be. People who wouldn't tell you their home address, relationship status, or buying history share that information with a dozen companies that collect it implicitly.
Of course, we do make some conscious decisions to give up privacy - I don't give a damn who knows what I buy at the grocery store, so I'll have it tracked for 3% off - but a lot what people agree to isn't.
> I'm not sure that the folks who trade their privacy for a discount coffee count as "desperate" in any sense of the word.
I think you have a point, but consider that there are many people who are counting every penny. But more importantly, consider the larger point that privacy shouldn't be only for those who can afford it.
If people are selling their private data because they need every penny to eat, we shouldn't prohibit it and ensure they actually starve! We should instead offer them a third alternative.
Prohibiting doesn't fix the actual problem, only the symptom. It does, however, allow many to sleep well at night knowing they "helped" the poor.
> Prohibiting doesn't fix the actual problem, only the symptom
Society prohibits many things and often it works fine. You can't run red lights, violate sanitation laws in your restaurant, defraud your customers, violate zoning laws, burn down your neighbor's house, practice medicine without a license, etc. Many of these rules have demonstrable positive outcomes.
Rather than applying an ideological theory to reality, I think we need to examine the data - the messy details - on what actually has worked and what hasn't, and where that's unavailable use serious, non-ideological economic analysis.
We successfully regulate many business practices to protect consumers, and Europe appears to successfully regulate privacy. Privacy doesn't seem particularly difficult to regulate, but I'm open to research on it.
> It does, however, allow many to sleep well at night knowing they "helped" the poor.
This starts with a fallacy about 'prohibiting', creates a fictional person who 'sleeps well' (implying the fictional person has some shallow view of the world), and mocks the fictional person. It's possible their feelings are hurt; perhaps you should consider apologizing?
Society prohibits many things and often it works fine.
Yes it does. I'm talking about this specific kind of prohibitions - taking away options from the poor for "their own good".
And I fully agree that privacy can be regulated and the EU does a decent job of it. They also happen to not prohibit me from giving/selling one's personal data away, so I'm not sure how it helps that argument.
As for the fallacy about prohibiting, the context of this conversation is about "deny[ing] these people their right to abandon their own privacy". What's denying a right if not prohibiting? If your argument is that privacy should be regulated in general, not that people should be denied the right to give it up, then you should say so, we're not mind readers.
I see what you are saying. In principle, I agree that laws shouldn't restrict people's freedom to choose to do such things but reality is messy, as always: This issue is more complex than a simple principle and there are different, equally valid ways to conceptualize it:
* Most importantly, we often preserve people's fundamental freedoms by protecting them. You can't agree to be slave, for example; that is, you can say you agree and even play the role, but at any moment you can walk away and sue for unpaid wages and the employer/owner will be guilty of having violated labor laws. I think people's rights to privacy should similarly be protected.
* While maybe we shouldn't outlaw people's rights to sell private data, we can outlaw others from buying them.
* In some circumstances, people have literal freedom but not a realistic ability to make a choice, due to lack of expertise or exploitation: We don't let people choose to be part of dangerous medical experiments, for example; the experiments must be approved. People lack the expertise to make an informed choice (and even approved medical experiments take care with how prospective subjects are informed). We don't let vulnerable populations be used for medical experiments; For example, prisoners and children can too easily be pressured into participating, against their will. I'm honestly not sure to what degree privacy fits this category; people understand the concept, but they have no idea of how their information is used and the risks of that.
I know we as western societies take similar positions on other issues; I'm generally critical of them. People don't need to be experts to make informed decisions; FSM knows politicians aren't experts on most things they decide upon.
Informing, requiring consent and - especially - offering better alternatives to the "exploitative" option should, in my opinion, be used instead of the paternalistic prohibition (which is often just a cover for other interests).
Why should we deny people the right to sell themselves into slavery? It's their life, after all. Perhaps in a generation or two our society will degrade to the point that, to the poor, slavery looks like a pretty attractive option. For some, perhaps it already does.
In any capitalist system, if anything is permitted, someone (i.e. the poor) will be coerced into doing it.
Well of course a compassionate society would provide basic needs for everyone, but while we sit around holding hands praying for utopia to come to America overnight in the form of the end of free-market capitalist extremism let's do what we can to stop people from being exploited in the meantime.
We aren't discussing restructuring all of society radically and enacting a massive cultural and political revolution right now, we are discussing specific privacy law in specific technical settings in our socioeconomic and legal circumstances.
Prohibition works very well, depending on the circumstances. But you know this, of course: you are simply making a rhetorically contentless incendiary broad generalization. Murder is illegal and there is less murder. Fraud is illegal and there is less fraud.
we can to stop people from being exploited in the meantime.
My point is that they are being exploited, because even being exploited is better than the alternatives they have, and by prohibiting it, you're actually harming the people you're supposedly trying to help. My argument is not a Nirvana fallacy. I'm saying that we're actually better off doing nothing than prohibiting people from taking the least worse option they have.
If we want to help, we should provide an alternative (and no, this certainly doesn't require an end of capitalism). If we can't do that, we should leave it alone.
Prohibition works very well, depending on the circumstances. But you know this, of course: you are simply making a rhetorically contentless incendiary broad generalization. Murder is illegal and there is less murder. Fraud is illegal and there is less fraud.
I thought it was clear from context, but I'll be specific: I'm talking about Prohibitionism as in preventing people from deciding what to do with their lives "for their own good", much like the Prohitibion Party did with alcohol in the early 20th century.
I don't think there's much risk of people losing the right to abandon their privacy - much more likely is losing the right to maintain that privacy.
How many people do you think are fully aware of what tracking they're subject to? Every time you hit a webpage, or see a "share on Facebook" button, or take a smartphone somewhere, that's another data point. Usually the concession of privacy is made before you know what you're agreeing to - you open a webpage, then see how many tendrils of user tracking you've just been touched by.
If you want to talk about whether I should be able to sell my private information, absolutely. I can sell it for discounts (on insurance, say) or straight cash (see Datacoup) and that's my right. But it feels like burying the real issue to discuss that instead of the unannounced, implicit-consent tracking that defines most of our technology today.
Here is an unsolicited email I sent last night. I sent it to spinn3r, but any company doing "competitive intelligience", market research, big data, ect can be subbed in here for their name, because the browser and search engine wars are starting. The email:
Just read the blog post on optimizing the elasticsearch cluster. It sounds like you have a pretty awesome deployment setup. Now, I know competitive intelligience is "hot" and "trendy", I mean, for sure it isn't mobile-first omni-channel blockchain bitcoin disruptive "trendy", but it's prety close. Now, I jest, but what I am about to say next I am dead serious about: your product is a search engine, just let people use it as a goddamn search engine.
Now, let me explain. For like probably over a year now I have been making the case that between google, elastic and apache there is just a goddamn open source version of google sitting out there. Would a consumer facing pay for search engine be profitable? idk, is your product profitable? I suspect there is a lot of people who would pay a $9.99 a month to upload and control page rank and not have google own them. Lets assume you were able to capture even 0.01% of googles customers e.g. 1 billion people and got them to pay you like $9.99, then you'd have just shy of $1M MRR, and $11.98M annually. Obviously, you could do some nice caching of resources like stack overflow, reddit, hacker news, and wikipedia and simply store peoples preferences (sort of a heirarchical git like system) and then you would have some pretty swiggity sweet optimizations.
You know what might really add value? Having NLP on your own custom tailored information database. I bet people (who search and use the internet daily) would probably see much higher leverage from this than the sentiment analytics you can give them on a competitor. Also, as an aside, you should be mining the competitors customer support channels not only for sentiment but for their inabiliy to service feature requests/complaints. Proabably one of the biggest predictors of why wealthfront lost MS to betterment. Regardless though, if you guys are looking for an expansion strategy or a pivot, this is it.
tl;dr. Peter Theil was wrong (no, not just about Clinkle) but it is true that:
The next larry page & sergei brin will build a search engine.
Having "been there, done that, got the t-shirt" I can tell you that no, there currently is no market for an unbiased search engine. We (Blekko) couldn't even get enough people to give up an email address in exchange for more control over their search experience.
I respect that. The site just has "acquired by IBM watson team" so I don't know. However, it is possible you were too early. Also, it is impertive that the expereince is built inside a browser. Not 100% sure whate happened to blekko (although looks like you guys landed on your feet) however, if anyone is building a search engine (or you yourself are) I will write up a full marketing plan and strategy and product playbook for free, because it is just so goddamn important.
I think the only Blekko team member stupid enough to still be interested in building a search engine is me, building search for the Wayback Machine at the Internet Archive. And we have a business plan, we're a charity! :-)
I liked DuckDuckGo's approach, they have really benefited from a user first strategy. That said, it has been interesting how the cost of compute and storage going down has led to such a large number of non-pages on the web. I was reading a paper which estimated that there were probably 10 trillion web documents reachable on the web, and fewer than 10 billion of them were "meaningful" (meaning they had accurate and unique information). If their estimates are correct, literally 99.9% of the web is crap pages. That is a huge discrimination problem.
>We (Blekko) couldn't even get enough people to give up an email address in exchange for more control over their search experience.
The venn diagram of "people who want more control over their search experience" and "people who are sick up to the back teeth with companies who insist on an email address even to take their product for a trial spin" is pretty much a cross section of an egg, and control over search is the yolk.
FWIW, having worked in Google Search before and now working with the open-source/IaaS big data equivalents, there's no comparison. Elasticsearch is light years behind where Google ranking is, and the way the APIs are setup and the service is architected, it's doubtful you could ever use it to build a system that rivals Google. Some of the key signals that Google uses just require a different data organization than all the open-source tools support out of the box.
You have to understand that google is solving a much harder problem, but as a user, a personal solution is much easier to develop for and has higher leverage. If you gave me the ability to curate resources and browse sites I was interested in and upload pools of information as seed data, I would be able to tell (and build) the initial training set much much easier than google.
I only have to be correct for my own use case (with nearly 28 years experience being myself) and google has to be correct for everyone with (at best) 18 years of search results, of which you have to back out what the user is searching for. e.g. If I look for George Washingtons birthday I could look for information about the person george washington, the actual query george washington birthday, where I might find the data wikipedia:george washington, or an event that could contain it preseidents day.
I know both what my query is, and what a successful answer to my query is (at least the format of an acceptable return). Google has to infer that a query like presidents day and then a query like george washington are related and a successful result was the resource: wikipedia, because it contained george washington's birthday.
The point is:
* these examples are contrived. However, a person can be given the tooling to organize their own data & potential data.
* a person will have insight into what they want, almost certainly better than google.
* if they are wrong/the resources hasn't been cached for them, well, the personalized engine can just simply default to google if no results exist and return them
* privacy.
edit: not only this but having every site I visit (if I wanted this and private & personally encrypted) available and searchable is hugely valuable. Google receives takedown requests, resources move, or I forgot how I received them. Caching/downloading/storing video, images and web results and having them remain private and searchable is pretty much reason enough for me to tell you to take my money.,
Because people won't trust google soon (google != alphabet). When adblockers are fully implemented and used by the entire population, google will look like societ russia after the collapse of the CCCP. It is going to start moving into any business where information is valuable (every business) and it will be super scary as they have the entire worlds data and they have been using it to train a very complex and highly sophisticated AI for nearly 2 decades with billions of records of training data a second in every category you can imagine.
So people will want to protect their data & privacy, especially companies.
People will want to have a better search experience, which means that things that are on the internet that they want to see will be there. Google is probably the most monitored for takedown requests/deindexing and they control most of the video portals and certainly the window you view the interent through so they are a target to legitimate and illegitimate takedown requests.
edit: they also have built the components and outsourced them. Hadoop/Map Reduce, most of Apache's products, elasticsearch, and another google offering tensorflow can certainly be made into a search engine. Obviously not google scale, but certainly an individual.
Ordinary people, particularly young people, clearly care far, far, far, far, far less about privacy than you think. The average middle-class ten year old literally has more pictures of herself than the number of days she's been alive, and an enormous number of those pictures are already online. Moreover, she's constantly putting more and more of her life online.
If anything, I think people want to have more of the interesting parts of their lives be more public (in other words, they want to be "famous", whether just among their friends or on a bigger stage). They do want many things to be "private" in the sense that they don't want certain people to see certain things online. But I think we're deluding ourselves if we think they care at all about the fact that google is scanning their emails or search history, or that twitter is mining their tweets, or that snapchat is using their location data.
There's also a big irony about talking about privacy on Hacker News, where our political views are preserved for eternity on the Internet for anyone to read. ;-)
you aren't wrong. It was an off the cuff email I sent at 3am, it was purely a rediculous top down analysis comletely devoid of research, simply to ilustrate a point. The point is, if you were able to get a million people to use your service and pay you $9.99, you would be making decent money. This is important, because there is a strong revenue stream tied to a service you provide whereas many companies struggle to get to 1 million users which if achieved, will complicate engineering and increase costs. After those challeneges are faced, well, then they need to convert those users into some sort of payment scheme...
I like the article, but a line in it triggers one of my pet peeves.
>These companies are basically engaging in mass surveillance. Just as governments justify tracking us to prevent terrorist attacks, these companies are tracking us online, without our consent, ...
This equivalence that people often draw bugs me, because companies don't coerce people into being tracked. I can choose to or withold my consent with regards to companies. I can pick and choose to do business with more privacy-respecting companies, and I can block my browser from talking to popular tracking domains. Companies can't threaten me with legal trouble (jail, etc) if I want to run my own websites or programs that respect privacy or use cryptography.
It's government surveillance that I don't have a choice of avoiding, short of avoiding the internet. Sure, cryptography does a lot of good, but it's a freedom that is repeatedly threatened, especially it seems like whenever anyone makes a too-convenient tool for it.
That's technically true, but not practically; tracking pixels, embedded 'like' buttons, etc. You are being followed around the internet by large companies, even if you don't directly use their services and avoid FB, Google, etc. entirely (which I think is a reasonable standard for an average user).
I agree the distinction is important in that you can e.g. elect to not be a customer of a company, but can't exactly opt out of the government. But there are still plenty of underhanded privacy violations that companies can 'coerce' you into unknowingly.
The best-practice security and privacy tools you cite, like Tor, end-to-end crypto, etc, are just as effective protecting against government privacy violations as they are coporate ones.
I agree with numlocked that the option of opt-out from companies is less clear, in part because we are on a course where this becomes increasingly strange and irrational.
It's the type of thing you'd say to yourself and others if you worked at one of those companies that mine people for data.
Everybody can't be RMS. Hell, even RMS can't be RMS. For all practical purposes, you're stuck in a hell where you choose between options, all of which track you like a laboratory animal.
Hey AgentME, I'm Mael the co-founder of https://snips.ai, we wrote the article on TechCrunch to explain why we are building an AI which respect people's privacy.
You are entirely right in saying that people mostly wilfully accept to be tracked by companies, but we feel they do because they don't have alternatives, so they can only assume that some services will only be available if they share their data.
We are building Snips because we want to prove that it is feasible to build an AI without storing the data of users on websites where it is exposed to hackers or governments, or to future decisions made by the company (or its next "evil CEO") that users may not yet be aware of.
We believe it will one day be possible to build our AI alter-egos, capable of doing most grunt tasks at our place, if they can access our most intimate data. And this will be only possible through privacy-by-design
Building systems with privacy-by-design is the only workable way to minimize risks over time for users!
> people mostly wilfully accept to be tracked by companies
Most people accept this because they do not know the extent to which they are being tracked, and because they assume their data isn't being widely shared for purposes beyond being served 'better' advertisements.
Most people accept tracking because they don't understand the implications of mass surveillance. Most people are unwilling to think about their government's efforts towards population-scale control. Even in the era of surveillance whistleblowing, it is still taboo, and in the realm of conspiracy, to speak of these things.
I think the reality is that the demand for truly private platforms will remain very small because people trust Google and Apple, and at the end of the day, they have 'nothing to hide', so mass surveillance does not affect them.
> I can choose to or withold my consent with regards to companies. I can pick and choose to do business with more privacy-respecting companies, and I can block my browser from talking to popular tracking domains.
Maybe you can, but realistically very few others can. I have the technical skill to do it, but certainly not the time.
For the great majority of end-users, many/most don't know they are being spied on, few grasp the scope of it, very few understand the technology or have the skills to do anything about it, and few understand the consequences.
One reason few understand what's going on is that companies (and government) take steps to hide it. If everyone is choosing to do it willingly and there's nothing wrong, then why hide it?
Withdrawing your consent (eg checking Do Not Track) will hardly affect the behavior of these companies.
I agree that the best assurance is indeed technical, but let us not set our moral bar too high, blaming users when they do not do everything possible. The data leaks in our software are security vulnerabilities, which these companies are exploiting.
There is little fundamental difference with government surveillance. After all, backbone providers are commercial entities that once again you are voluntarily using, who then voluntarily pass your data to USG. There only seems to be a gap because private-no-competition ISPs haven't fully gotten around to monetizing your traffic yet.
Whilst what you say is true, if you want any sort of "normal" relationship with friends and family, choosing to not interact with privacy abusing companies is going to effectvely disconnect you.
Most people I know now plan birthdays, weddings, parties etc on Facebook, or in apps. Now that they've long ago reached critical mass, if I choose to withhold consent, I'm now relying on someone remembering that I'm not on FB and to throw me a text or phone call.
The coercion isn't from the companies as such, it's from your peers, near everyone you know. Participate or miss out on normal life. So it's just a Hobson's choice.
So I find there's effective equivalence for nearly everyone.
I am the founder of https://snips.ai. At Snips, we are building an assistant that is private by design: what I describe in the article are things we actually work on today :-)
Happy to share my thoughts on it and contribute to the debate!
More details about what we do:
Like the big software companies (the G, the A, the F, the M), we want to build an AI to help you get what you want more effectively.
But we believe this can only be done if we take care of people privacy: your AI should ultimately know your favorite restaurant, your girlfriend’s name, but also your health record and everything else you might not always feel comfortable sharing with the world at large.
This is why an AI alter-ego will have to work with privacy-by-design. You should not have to trust any company whose CEO might soon be replaced by another not as trustful one.
We think about your data as your most intimate and valuable property, and we want to use it without compromising its safety!
> your AI should ultimately know your favorite restaurant, your girlfriend’s name, but also your health record and everything else you might not always feel comfortable sharing with the world at large.
No. It should know what the user wants it to know. Which may or may not be those things.
Of course! But if one day you want it to help you with your health habits, it will help if it can guarantee that it is private-by-design, so you know that the information about your health won't leak
I'm glad that the general public is growing more aware of privacy issues but the more cynical part of my brain tells me that, since the government and a very large industry share an interest in eroding privacy as much as possible, putting stronger privacy protections into place won't be easy no matter how many people say that's what they want. I want to feel confident betting on privacy, I really do, but I won't until I see some evidence that growing public awareness is getting politicians to address privacy issues directly instead of brushing them aside to focus on other, politically sexier issues.
I think the debate comes more and more often in the public opinion, and I believe privacy will soon become something people will demand when they buy hardware and software, just like memory capacity or battery usage.
But we don't need to wait for politicians to move on this issue, we can already do a lot without tem! There is growing research on privacy-by-design algorithms, on which we work at my company Snips (https://snips.ai), which will ultimately prevent governments and companies to use data without having the explicit permission of users, what we believe is their right!
I find it interesting that TechCrunch publishes (albeit through the "contributor network") a piece that derides tracking and declares "Privacy [a]s a fundamental human right" on the same day it runs another piece saying that one of the only US federal laws protecting privacy (the VPPA) is "anachronistic" and "illogical and unclear." I'm not all the way on the "fundamental human right" side, but I do think consumers should have more control over their privacy and laws the VPPA help--especially when an easy way to get around the VPPA is to get consent!
I am almost baffled by the notion that here we're seeing divulging profoundly personal information being flipped on its head with the concept of privacy-by-design, but since we now live in the post-1984 era, I guess this refined level of doublespeak should not be so surprising. "Don't be such a worry worm. If you don't trust us, you can trust our algorithm all the same as your very soul mate. Honest!"
70 comments
[ 2.8 ms ] story [ 144 ms ] threadI almost stopped reading there. The author does not understand that the privacy right is held by the individual. It can be waived. A generation ago we thought that people wanted to protect their privacy. We now know that many don't. Many will trade their entire life history for a discount coffee. Why should we deny these people their right to abandon their own privacy?
What do you think would happen if supermarkets were allowed to have shelves with cheaper groceries that are not subject to the usual health standards?
People will gladly trade their health for discount coffee as well. Do you think that's a good idea as well?
Also, as people who are into cheese or beef will tell you: you should go for the oldest one available at the shelf anyway ;-)
These type of food safety issues aren't one where choice is an option, these are issues of malice or neglect.
The right of privacy is individual, sure, and can be waived for purposes. Some might not mind. I'm personally okay with that side. But I also think it's pretty easy to come up with examples of private data being misused due to malice and/or neglect. (Particularly the later... it sure seems like companies have a poor track record in keeping data secure.)
I don't understand your argument. Why are they by definition not going to be labeled?
We're discussing the merits of replacing the current law that bans the sale of potentially unsafe food with one that requires such food to be clearly labeled. To know which food they can't sell, producers must know which food is potentially unsafe, therefore they could label it instead. And if you're going to assume that producers will break the law, why would they respect the law banning the sale?
I also think it's pretty easy to come up with examples of private data being misused due to malice and/or neglect.
It's pretty easy to find malice and neglect in almost every possible social interaction. By itself, it can't be a sufficient argument, otherwise we'd be prohibiting people from having children!
Personally, I doubt it (at any rate I am aware of no law where victim ignorance is a defense for a malicious act).
Now, I do understand what you are saying for cases where the safety risk is more minimal or specific, labeling is all that is needed. So food safety laws often are fine with people consuming, say, undercooked / raw seafood, provided a warning is given that certain people probably should avoid this type of food. I think in a way we're talking about different things, but "food standards" cover a lot of things.
Anyways, this is where I come from in regard to privacy. I don't believe that every time you waive your right to privacy, something awful happens. So I'm not talking about a general ban of waiving the right to privacy. However, I do believe privacy standards need to be strengthened to help prevent (or at least correct) such cases as malicious misuse of private data (example: doxxing) and neglect of private data (example: hacked websites that expose databases of information to criminals).
Not just having melamine in the list of ingredients, but actually clearly labeling the danger. Obviously nobody would sell milk saying "Danger of death", therefore that case is irrelevant (selling without the label would still be illegal, since it's fraud, not just "protecting people from their own decisions", which is what I'm arguing against).
However, I do believe privacy standards need to be strengthened to help prevent (or at least correct) such cases as malicious misuse of private data (example: doxxing) and neglect of private data (example: hacked websites that expose databases of information to criminals).
I fully agree, and I'm quite happy to live in the EU which has at least some decent privacy protections, but those aren't cases in which people are willingly giving up anything.
Could we not argue that poor privacy standards create a toxic environment for everyone, not just the poor who are directly subjected to it?
By moving privacy to "only those who have paid for it" you're moving the liability for privacy to the victim rather than the perpetrator.
A lot, I suspect.
CCTV cameras. "Real Name" policies. Corporate monetization of user data. Third-party cookie networks. Password/data leaks. Doxxing. Tape over laptop webcams. PRISM. TVs with built-in microphones and cameras. Facebook listening to your ambient audio. It is an incessant and relentless reality that everything we say, do, and soon think, is being collated to enable later correlation possibly years from now.
And yes, I feel capable of choosing how much of my data I give away. But that's a feeling I get by virtue of being a privacy-concerned software developer. To get what I would consider a basic level of control in a web browser requires half a dozen scripts, extensions, or settings changes. Do you really expect someone who's never heard of Javascript to understand why disabling execute-scripts-by-default is an important step for privacy and security?
I've had smart, STEM-employed family members ask me to "set up privacy stuff on my computer". Even at a medium-low level (no VPN, no Linux) it takes me a decent amount of time and thought, and I already know the tools and topics I want to deal with. My mom shouldn't need a third college degree to understand how to protect her privacy.
Because desperate people can be coerced to give up anything, whether they truly want to or not. Because these sorts of issues form the basis for many kinds of discrimination that society finds unacceptable.
Big="L" Libertarians and Randians opinions notwithstanding, there are worse things than preventing a race-to-the-bottom society built on degradation of the weakest individuals.
I do think that they perhaps haven't thought through the implications of what giving up their purchasing history could mean in a decade or two. Or maybe they have, and they're making the very rational choice to focus on the concrete effects of the here & now rather than some abstract consequences in the future. Data has an expiration date, after all.
Of course, we do make some conscious decisions to give up privacy - I don't give a damn who knows what I buy at the grocery store, so I'll have it tracked for 3% off - but a lot what people agree to isn't.
I think you have a point, but consider that there are many people who are counting every penny. But more importantly, consider the larger point that privacy shouldn't be only for those who can afford it.
Prohibiting doesn't fix the actual problem, only the symptom. It does, however, allow many to sleep well at night knowing they "helped" the poor.
Society prohibits many things and often it works fine. You can't run red lights, violate sanitation laws in your restaurant, defraud your customers, violate zoning laws, burn down your neighbor's house, practice medicine without a license, etc. Many of these rules have demonstrable positive outcomes.
Rather than applying an ideological theory to reality, I think we need to examine the data - the messy details - on what actually has worked and what hasn't, and where that's unavailable use serious, non-ideological economic analysis.
We successfully regulate many business practices to protect consumers, and Europe appears to successfully regulate privacy. Privacy doesn't seem particularly difficult to regulate, but I'm open to research on it.
> It does, however, allow many to sleep well at night knowing they "helped" the poor.
This starts with a fallacy about 'prohibiting', creates a fictional person who 'sleeps well' (implying the fictional person has some shallow view of the world), and mocks the fictional person. It's possible their feelings are hurt; perhaps you should consider apologizing?
Yes it does. I'm talking about this specific kind of prohibitions - taking away options from the poor for "their own good".
And I fully agree that privacy can be regulated and the EU does a decent job of it. They also happen to not prohibit me from giving/selling one's personal data away, so I'm not sure how it helps that argument.
As for the fallacy about prohibiting, the context of this conversation is about "deny[ing] these people their right to abandon their own privacy". What's denying a right if not prohibiting? If your argument is that privacy should be regulated in general, not that people should be denied the right to give it up, then you should say so, we're not mind readers.
* Most importantly, we often preserve people's fundamental freedoms by protecting them. You can't agree to be slave, for example; that is, you can say you agree and even play the role, but at any moment you can walk away and sue for unpaid wages and the employer/owner will be guilty of having violated labor laws. I think people's rights to privacy should similarly be protected.
* While maybe we shouldn't outlaw people's rights to sell private data, we can outlaw others from buying them.
* In some circumstances, people have literal freedom but not a realistic ability to make a choice, due to lack of expertise or exploitation: We don't let people choose to be part of dangerous medical experiments, for example; the experiments must be approved. People lack the expertise to make an informed choice (and even approved medical experiments take care with how prospective subjects are informed). We don't let vulnerable populations be used for medical experiments; For example, prisoners and children can too easily be pressured into participating, against their will. I'm honestly not sure to what degree privacy fits this category; people understand the concept, but they have no idea of how their information is used and the risks of that.
Informing, requiring consent and - especially - offering better alternatives to the "exploitative" option should, in my opinion, be used instead of the paternalistic prohibition (which is often just a cover for other interests).
In any capitalist system, if anything is permitted, someone (i.e. the poor) will be coerced into doing it.
A truly compassionate society would offer better alternatives, so that nobody would be coerced.
Prohibitionism is not a solution to anything except to the guilt in the moral conscience of the well-fed middle class.
We aren't discussing restructuring all of society radically and enacting a massive cultural and political revolution right now, we are discussing specific privacy law in specific technical settings in our socioeconomic and legal circumstances.
Prohibition works very well, depending on the circumstances. But you know this, of course: you are simply making a rhetorically contentless incendiary broad generalization. Murder is illegal and there is less murder. Fraud is illegal and there is less fraud.
My point is that they are being exploited, because even being exploited is better than the alternatives they have, and by prohibiting it, you're actually harming the people you're supposedly trying to help. My argument is not a Nirvana fallacy. I'm saying that we're actually better off doing nothing than prohibiting people from taking the least worse option they have.
If we want to help, we should provide an alternative (and no, this certainly doesn't require an end of capitalism). If we can't do that, we should leave it alone.
Prohibition works very well, depending on the circumstances. But you know this, of course: you are simply making a rhetorically contentless incendiary broad generalization. Murder is illegal and there is less murder. Fraud is illegal and there is less fraud.
I thought it was clear from context, but I'll be specific: I'm talking about Prohibitionism as in preventing people from deciding what to do with their lives "for their own good", much like the Prohitibion Party did with alcohol in the early 20th century.
How many people do you think are fully aware of what tracking they're subject to? Every time you hit a webpage, or see a "share on Facebook" button, or take a smartphone somewhere, that's another data point. Usually the concession of privacy is made before you know what you're agreeing to - you open a webpage, then see how many tendrils of user tracking you've just been touched by.
If you want to talk about whether I should be able to sell my private information, absolutely. I can sell it for discounts (on insurance, say) or straight cash (see Datacoup) and that's my right. But it feels like burying the real issue to discuss that instead of the unannounced, implicit-consent tracking that defines most of our technology today.
Just read the blog post on optimizing the elasticsearch cluster. It sounds like you have a pretty awesome deployment setup. Now, I know competitive intelligience is "hot" and "trendy", I mean, for sure it isn't mobile-first omni-channel blockchain bitcoin disruptive "trendy", but it's prety close. Now, I jest, but what I am about to say next I am dead serious about: your product is a search engine, just let people use it as a goddamn search engine.
Now, let me explain. For like probably over a year now I have been making the case that between google, elastic and apache there is just a goddamn open source version of google sitting out there. Would a consumer facing pay for search engine be profitable? idk, is your product profitable? I suspect there is a lot of people who would pay a $9.99 a month to upload and control page rank and not have google own them. Lets assume you were able to capture even 0.01% of googles customers e.g. 1 billion people and got them to pay you like $9.99, then you'd have just shy of $1M MRR, and $11.98M annually. Obviously, you could do some nice caching of resources like stack overflow, reddit, hacker news, and wikipedia and simply store peoples preferences (sort of a heirarchical git like system) and then you would have some pretty swiggity sweet optimizations.
You know what might really add value? Having NLP on your own custom tailored information database. I bet people (who search and use the internet daily) would probably see much higher leverage from this than the sentiment analytics you can give them on a competitor. Also, as an aside, you should be mining the competitors customer support channels not only for sentiment but for their inabiliy to service feature requests/complaints. Proabably one of the biggest predictors of why wealthfront lost MS to betterment. Regardless though, if you guys are looking for an expansion strategy or a pivot, this is it.
tl;dr. Peter Theil was wrong (no, not just about Clinkle) but it is true that:
The next larry page & sergei brin will build a search engine.
Do you think that Duck Duck Go's (relative) success shows that there are still possibilities here?
The venn diagram of "people who want more control over their search experience" and "people who are sick up to the back teeth with companies who insist on an email address even to take their product for a trial spin" is pretty much a cross section of an egg, and control over search is the yolk.
I only have to be correct for my own use case (with nearly 28 years experience being myself) and google has to be correct for everyone with (at best) 18 years of search results, of which you have to back out what the user is searching for. e.g. If I look for George Washingtons birthday I could look for information about the person george washington, the actual query george washington birthday, where I might find the data wikipedia:george washington, or an event that could contain it preseidents day.
I know both what my query is, and what a successful answer to my query is (at least the format of an acceptable return). Google has to infer that a query like presidents day and then a query like george washington are related and a successful result was the resource: wikipedia, because it contained george washington's birthday.
The point is:
* these examples are contrived. However, a person can be given the tooling to organize their own data & potential data.
* a person will have insight into what they want, almost certainly better than google.
* if they are wrong/the resources hasn't been cached for them, well, the personalized engine can just simply default to google if no results exist and return them
* privacy.
edit: not only this but having every site I visit (if I wanted this and private & personally encrypted) available and searchable is hugely valuable. Google receives takedown requests, resources move, or I forgot how I received them. Caching/downloading/storing video, images and web results and having them remain private and searchable is pretty much reason enough for me to tell you to take my money.,
So people will want to protect their data & privacy, especially companies.
People will want to have a better search experience, which means that things that are on the internet that they want to see will be there. Google is probably the most monitored for takedown requests/deindexing and they control most of the video portals and certainly the window you view the interent through so they are a target to legitimate and illegitimate takedown requests.
edit: they also have built the components and outsourced them. Hadoop/Map Reduce, most of Apache's products, elasticsearch, and another google offering tensorflow can certainly be made into a search engine. Obviously not google scale, but certainly an individual.
If anything, I think people want to have more of the interesting parts of their lives be more public (in other words, they want to be "famous", whether just among their friends or on a bigger stage). They do want many things to be "private" in the sense that they don't want certain people to see certain things online. But I think we're deluding ourselves if we think they care at all about the fact that google is scanning their emails or search history, or that twitter is mining their tweets, or that snapchat is using their location data.
Reminds me of this story:
http://www.musicthinktank.com/blog/and-if-only-1-of-those-pe...
TechCrunch is part of Aol, which is now a content farm service.
One more TechCrunch tracker blocked, thanks TechCrunch!
>These companies are basically engaging in mass surveillance. Just as governments justify tracking us to prevent terrorist attacks, these companies are tracking us online, without our consent, ...
This equivalence that people often draw bugs me, because companies don't coerce people into being tracked. I can choose to or withold my consent with regards to companies. I can pick and choose to do business with more privacy-respecting companies, and I can block my browser from talking to popular tracking domains. Companies can't threaten me with legal trouble (jail, etc) if I want to run my own websites or programs that respect privacy or use cryptography.
It's government surveillance that I don't have a choice of avoiding, short of avoiding the internet. Sure, cryptography does a lot of good, but it's a freedom that is repeatedly threatened, especially it seems like whenever anyone makes a too-convenient tool for it.
I agree the distinction is important in that you can e.g. elect to not be a customer of a company, but can't exactly opt out of the government. But there are still plenty of underhanded privacy violations that companies can 'coerce' you into unknowingly.
The best-practice security and privacy tools you cite, like Tor, end-to-end crypto, etc, are just as effective protecting against government privacy violations as they are coporate ones.
Reminded me of a post on algorithms (data) and conformity: https://www.schneier.com/essays/archives/2016/01/the_risksan...
It's the type of thing you'd say to yourself and others if you worked at one of those companies that mine people for data.
Everybody can't be RMS. Hell, even RMS can't be RMS. For all practical purposes, you're stuck in a hell where you choose between options, all of which track you like a laboratory animal.
You are entirely right in saying that people mostly wilfully accept to be tracked by companies, but we feel they do because they don't have alternatives, so they can only assume that some services will only be available if they share their data.
We are building Snips because we want to prove that it is feasible to build an AI without storing the data of users on websites where it is exposed to hackers or governments, or to future decisions made by the company (or its next "evil CEO") that users may not yet be aware of.
We believe it will one day be possible to build our AI alter-egos, capable of doing most grunt tasks at our place, if they can access our most intimate data. And this will be only possible through privacy-by-design
Building systems with privacy-by-design is the only workable way to minimize risks over time for users!
Most people accept this because they do not know the extent to which they are being tracked, and because they assume their data isn't being widely shared for purposes beyond being served 'better' advertisements.
Most people accept tracking because they don't understand the implications of mass surveillance. Most people are unwilling to think about their government's efforts towards population-scale control. Even in the era of surveillance whistleblowing, it is still taboo, and in the realm of conspiracy, to speak of these things.
I think the reality is that the demand for truly private platforms will remain very small because people trust Google and Apple, and at the end of the day, they have 'nothing to hide', so mass surveillance does not affect them.
Maybe you can, but realistically very few others can. I have the technical skill to do it, but certainly not the time.
For the great majority of end-users, many/most don't know they are being spied on, few grasp the scope of it, very few understand the technology or have the skills to do anything about it, and few understand the consequences.
One reason few understand what's going on is that companies (and government) take steps to hide it. If everyone is choosing to do it willingly and there's nothing wrong, then why hide it?
I agree that the best assurance is indeed technical, but let us not set our moral bar too high, blaming users when they do not do everything possible. The data leaks in our software are security vulnerabilities, which these companies are exploiting.
There is little fundamental difference with government surveillance. After all, backbone providers are commercial entities that once again you are voluntarily using, who then voluntarily pass your data to USG. There only seems to be a gap because private-no-competition ISPs haven't fully gotten around to monetizing your traffic yet.
Most people I know now plan birthdays, weddings, parties etc on Facebook, or in apps. Now that they've long ago reached critical mass, if I choose to withhold consent, I'm now relying on someone remembering that I'm not on FB and to throw me a text or phone call.
The coercion isn't from the companies as such, it's from your peers, near everyone you know. Participate or miss out on normal life. So it's just a Hobson's choice.
So I find there's effective equivalence for nearly everyone.
I am the founder of https://snips.ai. At Snips, we are building an assistant that is private by design: what I describe in the article are things we actually work on today :-)
Happy to share my thoughts on it and contribute to the debate!
More details about what we do:
Like the big software companies (the G, the A, the F, the M), we want to build an AI to help you get what you want more effectively.
But we believe this can only be done if we take care of people privacy: your AI should ultimately know your favorite restaurant, your girlfriend’s name, but also your health record and everything else you might not always feel comfortable sharing with the world at large.
This is why an AI alter-ego will have to work with privacy-by-design. You should not have to trust any company whose CEO might soon be replaced by another not as trustful one.
We think about your data as your most intimate and valuable property, and we want to use it without compromising its safety!
No. It should know what the user wants it to know. Which may or may not be those things.
I think the debate comes more and more often in the public opinion, and I believe privacy will soon become something people will demand when they buy hardware and software, just like memory capacity or battery usage.
But we don't need to wait for politicians to move on this issue, we can already do a lot without tem! There is growing research on privacy-by-design algorithms, on which we work at my company Snips (https://snips.ai), which will ultimately prevent governments and companies to use data without having the explicit permission of users, what we believe is their right!
Here's the link to the other article. http://techcrunch.com/2016/05/24/a-vhs-era-privacy-law-in-th...