> I first started thinking about this during the debate over what would become the ACA. The rhetoric was filled with this idea that people want choice in their medical care: people want control.
> No! People want good health care. If they don’t trust systems to provide them good health care, if they don’t trust their providers to understand their priorities, then choice is the fallback: it’s how you work the system when the system isn’t working for you. And it sucks! Here you are, in the middle of some health issue, with treatments and symptoms and the rest of your life duties, and now you have to become a researcher on top of it? But the politicians and the pundits could not stop talking about control.
I would want to choice not to place my physical and financial health in the hands of profiteering insurers, but that's currently the only reasonable choice we (people in the U.S.) have.
If you're worried about that you should be worried about government profiteering as well. Particularly since a very common failure mode of publicly-funded services is for the government to give the contract to friends of the bureaucrats who administer the program. If that's forbidden, a common failure mode is to give the administrator position itself (and usually, a fat salary) to friends of those in charge.
I'm not sure why this is downvoted - it's a little bit counter to the scope of the parent article, which applies to all sorts of design decisions, not just data retention and usage, but I would agree that this /is/ the base level of control over any data that a third party has from me and should be enshrined in law.
It has been great to see Apple, for example, move more towards better awareness and defaults for C, but by and large the internet is still a mess of hostile defaults, opaque privacy statements, and no way to know that this weather app is selling your location to advertisers when they could've just asked you for your location, if they wanted to be a weather app.
The truth of "users want control" depends on how closely your users' preferences resemble each other with regards to the particular service you're providing. If you can make one set of choices that works for all users, then no, users don't want control. If you can't, then the users will be demanding that control whether you give it to them or not, and if you don't they'll go elsewhere.
If you're small, you get to sidestep this distinction by defining your market carefully. Apple is one company that famously does not give users control. Is it true that PC users don't want control? No. That's why Windows has 80% market share in PCs and Android has 75% market share in mobile. But it's true of Apple customers, and in return for giving up control, they get a well-integrated user experience that's relatively bug-free, just works, and requires no extra thought on their part. You could look at dealing with hardware incompatibilities, avoiding crapware, integrating systems, and so on as services that Apple provides to its customers, and as a result they can charge a premium on their devices and make handsome profits.
This model falls down for public policy, like privacy, because people have different priorities that lead to different tradeoffs. I will happily give Google my location if it helps me avoid traffic jams, something many HN readers object to. I will post semi-identifiable comments on Hacker News, because I've derived fairly significant benefit from comments here. I don't generally post pictures of my family on Facebook. I certainly don't document my every waking moment with Instagram. Many other people make different tradeoffs, and that's their right.
It's debatable which bucket health care falls into - I suspect most people are in the "just make it work" camp until they dig into the details of exactly what experience and cost "just make it work" entails. I'll point out that the Apple experience for health care is completely possible with Kaiser Permanente and other managed HMOs, if you are willing to give up your choice of providers. Stay within their network and everything "just works", but then you have to stay within their network.
Apple gives their users forms of control, but not necessarily the forms that HN commenters agree with.
For example, this week I was explaining to someone how different the iOS (possible) and Android (impossible) processes are for finding and removing spying crap if you don’t know how to operate technology very well.
I showed them Settings > General > Profiles on my phone, explained briefly that I’d opted in to them, and that they wouldn’t have that because they weren’t a developer.
They had it! For a coupon email spam account. That they’d tried out a year ago and were now unable to completely remove. They removed it immediately.
No, we can’t root iOS devices reliably (rarely at all), but in exchange, non-technical users gain control over their device to a degree that rootable devices make impossible.
It’s not about whether you have control, it’s about whether you have the degree of control you desire, and whether that control provides the needs you desire.
I, an advanced technical user, use iOS because I can prove efficiently that it’s unharmed. I consciously gave up a rooted device with a keyboard for it. I have a 50% typo rate and I miss a lot of things. But the need for safety is paramount, or else everyone protected by my MFA tokens is at risk from attacks so severe I can’t even fathom.
I can't use iOS because it doesn't meet my needs: T9 Dialer, Homescreen customization, Guest mode/Multiuser (not Guided Access), better notifications, real Firefox, better multi-tasking etc.
Add: I also think it's unfair to compare the security capabilities of a handful of Apple phones with the countless Android phones out there. People have the option of buying Android phones from Google, which have comparable security guarantees as any iOS device (while allowing root access to people who actually desire that).
If it can be rooted by you, it can be rooted by someone close to you, at which point it can be modified to install competent spyware tooling that hides that it’s rooted. Women who have been stalked by their exes will be quite familiar with the risk this poses. So will people who need Tor Browser to keep them safe from their governments.
I’d accept this as fine if I had to order it rooted from Google in hardware, so that the bootloader could show an unskippable “This is a rooted device and lacks critical security protections against malware attacks” warning.
Sadly, that’s not currently on offer. While your needs are legitimate, offering rooting in software on consumer-facing devices is more dangerous than they can afford. To me, the harm that comes to others isn’t worth it.
It means it cannot be secretly "rooted by someone close to you", or any one else for that matter.
If you grab your phone one day, and it is completely wiped, you will notice this right away. At this point, you can investigate -- this can be as simple as looking at screen during the boot; or non-trivial key combo, as Samsung requires [0]. If indicator shows non-tripped, you can be sure the phone is not rooted.
I agree that this is more complex than Apple, but in practice, it never happens -- I had a few phones slowly fail on me, and they never spontaneously self-wiped. So if your non-technical relative wants to get Android phone, just tell them: "Phone suddenly forgetting every single account is VERY BAD and a sign of EVIL HACKERS. If this happens, call me right right away from a landline, do not use this phone at all". And they will be as secure as if they had Apple.
I used to regularly backup and restore an Android phone after rooting it, because I was updating carrier files and testing out different releases. I’m sure that the capability to take a backup and restore it is available to spyware software developers. If I have competent software in-hand to use the root access to copy over non-HSM internals, then this argument is void.
And for non-technical folks, the same spyware devices that police use to make perfect replicas could just as easily restore them with a spyware infection.
They’d lose HSM-stored things like fingerprints and NFC payment tokens, but people shrug off things like that and just go set it up again or enter their passwords when a pop up appears.
If this Knox throws up an unavoidable, non-technical warning in that scenario, that openly cautions them not to enter any passwords and to take their phone to the authorities, then I will happily accept that things are better than I expected for Android today.
Huh. The last time I tried to take a normal backup and restore it, it got less than half the apps. I absolutely depend on Titanium Backup and without it I have to reinstall everything.
> I'd accept this as fine if the bootloader could show an unskippable “This is a rooted device and lacks critical security protections against malware attacks” warning. Sadly, that's not currently on offer.
It is on offer, that is already how Android rooting works on most phones (at least, every Nexus, Motorola, HTC, and LG I've used already does this). You already get that warning you requested and your phone shows some sort of "unlocked" icon on every single startup to remind you your phone has been rooted and your phone auto-wipes all data itself before unlocking too.
We can argue over the particular clarity of the wording and icons and such. But generally speaking, the functionality you are asking for has already been Android standard default for many years now.
The Motorola one is partially acceptable. I had no idea, thank you! It’s unfortunate they fail to mention the threat of spyware, since that would make more sense to a typical consumer than “you’ll shoot your eye out, kid” as shown here. More work to do here, Motorola.
Do all manufacturers offer that sort of clear warning text, or just Motorola? The unlock icon alone is meaningless.
Do they warn non-technical users on every boot that their device could be used to spy on them in language plainly understandable to a consumer?
I’m glad they have any warning at all - but warning in tech developer terms and warning in consumer-understood terms are entirely separate problems, as Motorola’s insufficient developer-focused terminology demonstrates.
You have moved the goalpost quite a bit by expecting such high standards from Android. As in you're asking for a message that absolutely every user can understand, while for iOS you've been totally fine with power users being necessary to identifying threats.
My Sony and a Huawei I set up for a family member show similar warnings after unlocking them, btw.
At least on my Motorola phone (which isn't the very very latest model, but still), the warning can certainly be bypassed by simply swapping out the boot logo animation (and personally I'm glad about that).
> and your phone auto-wipes all data itself before unlocking too.
This is something I hate with a passion, at least until Google manages to provide a solution that allows me to do a full device backup including all media, game data, Authenticator tokens, whatever, and restore it to another device with nothing missing, and that does NOT work via uploading everything in clear to the cloud.
Apple does this, Android requires rooting via hacks to do a real backup.
It does, because the only way to infect an iOS device is to install a profile, which is immediately apparent upon a three tap inspection, and can be then removed with no technical skills at all.
However - in light of the Motorola approach I think Apple should forcefully notify users that there are profiles installed at every boot, which will be once a month or so on their usual update cycles. That would be perfect. I’ll open a bug for them now.
> offering rooting in software on consumer-facing devices is more dangerous than they can afford
Mac books have offered "rooting in software" for years and years. And it has not been "more dangerous than [consumers] can afford".
> So will people who need Tor Browser to keep them safe from their governments.
Remember the Apple vs. FBI saga from a few years ago? There, a "non-rootable" device protected someone (briefly) from a government. But remember, that a "non-rootable" device is actually a device that only the manufacturer and their authorized agents can root. In other words, the device is secure against the user to prevent the user from doing as he pleases and for the manufacturer. This is exactly what a malevolent governement would need to spy on people.
> No, we can’t root iOS devices reliably (rarely at all), but in exchange, non-technical users gain control over their device to a degree that rootable devices make impossible.
Can you elaborate on that? I read up on Apple's configuration profiles and they sound like Android's device administrators -- which can be easily removed from Settings -> Security -> Device Administrators [0]
While I agree with the rest of your post I want to respond to this particular part of it:
>I will happily give Google my location if it helps me avoid traffic jams, something many HN readers object to.
The premise of this statement is that you have to give them this data to avoid traffic jams as part of an inherent bargain, but that's not the case. Yes at a very basic level maps apps need to access GPS to work, but the implementations matter. Apple Maps was specifically designed so that you can have those features in a privacy-preserving manner [1]:
>“We specifically don’t collect data, even from point A to point B,” notes Cue. “We collect data — when we do it — in an anonymous fashion, in subsections of the whole, so we couldn’t even say that there is a person that went from point A to point B. We’re collecting the segments of it. As you can imagine, that’s always been a key part of doing this. Honestly, we don’t think it buys us anything [to collect more]. We’re not losing any features or capabilities by doing this.”
>The segments that he is referring to are sliced out of any given person’s navigation session. Neither the beginning or the end of any trip is ever transmitted to Apple. Rotating identifiers, not personal information, are assigned to any data or requests sent to Apple and it augments the “ground truth” data provided by its own mapping vehicles with this “probe data” sent back from iPhones.
>Because only random segments of any person’s drive is ever sent and that data is completely anonymized, there is never a way to tell if any trip was ever a single individual. The local system signs the IDs and only it knows to whom that ID refers. Apple is working very hard here to not know anything about its users. This kind of privacy can’t be added on at the end, it has to be woven in at the ground level.
Google is obviously trying to reframe the privacy debate into "yes we take your data, but it's necessary to give you valuable services" [2][3][4] (these last two takes seem to have just gone with the Google PR rep's package, given the titles) but that obfuscates that they're collecting way more data in a completely unfettered way outside of a specific purpose in connection with providing a service (something GDPR addresses but will probably need to be litigated). Apple repeatedly insists that providing great features/functionality doesn't have to come at the expense of your privacy. And I believe them for the simple fact that Google hasn't really been able to demonstrate what value they offer that only the Surveillance Capitalism model can provide.
Apple Maps not being as good as Google Maps has nothing to do with data collection. The privacy part is just an aside in that article, the main part is how they're making their maps better.
That's a big claim, knowing the GPS coordinates along a whole road, for example, instead of a segment means that road can be mapped. Knowing hotspots of users allows both reporting of congestion likelihood and focus for manual corrections.
I mean a full journey record is useful in itself for some people; no data collection means no telling when someone set off, no feature to keep relatives informed of your location, all sorts of things are ruled out.
Perhaps you mean they only keep anonymised data, but even that rules out some of these neat features.
location sharing is brilliant, i've shared my location with every one of my close friends. if they want to hang out they just ask me if i'm free and instantly show up. of course i disable it on vacations and such but it's really pleasant to not have to coordinate carefully when i'm out and about in everyday life.also makes life amazingly simple in amusement parks to the point where i don't know why amusement parks don't give out location sharing devices to families - no setup, just go
The dominance of Windows and Android has nothing to do with whether users want control. It is because they are cheaper.
If you compared how many people buy a $1000 iPhone vs. a $1000 high-end Android phone, you would see completely different numbers.
My anecdotal observation is that when people aren’t price-conscious (either because someone else is paying for their device, or because they have a lot of disposable income themselves), they prefer Apple >95% of the time.
Your assumption doesn't account for the fact that the most common devices are Samsung Galaxy phones which aren't the cheapest on the market. While pricing certainly has an impact on some markets, in others it's more about prestige and surpringly iPhones have lost a lot of their prestige as they aren't far and away better phones than Android phones. They're still good phones and the Apple watch is hands down the best smartwatch on the market. My evidence is based on sales figures year after year. Currently devices like the Xiaomi Redmi and Samsung Galaxy lines are tops. When Apple tried a cheaper line it didn't sell as well as their higher end line. I'd argue that Android dominance isn't currently because of control either, it's because of ecosystem. It's easier to find an Android phone that meets your needs than an iPhone. That because there's only a few iPhones and hundreds of Android devices.
> I will happily give Google my location if it helps me avoid traffic jams, something many HN readers object to.
The fact remains, you have no clue what they do with that information, how long they keep it, and how many other people have done so. You can't review the code that collects the data, sends the data, processes the data, purges the data. You can't predict how the data will be combined with other data, and you can't control whether or not they share it with third parties, law enforcement, or intelligence agencies. You can clear your history and hope they abide by their word and comply with relevant laws, but fundamentally you don't know.
In essence, you have no clue what you are getting yourself into. Because traffic, or something.
Society-scale, this is a serious issue, especially when the default is "on". Opt out!
It's unrealistic that an organization can predict exactly what users want. If you try to do that, it's like central planning of the economy. It just doesn't maximize people's happiness.
However, if you give them lots of control and monitor choices, you can modify your defaults to improve that situation... but don't expect preferences to remain static.
> Control is what you need when you want something and it won’t happen on its own.
Err. Well. No, not usually. Usually it runs the other way. I want control because I specifically do not want you taking over my life, not because I disagree with the way you're taking it over. I don't want it to happen on its own.
I can imagine the author in an automaker board room, arguing vehemently that if they only move from a ten-speed automatic transmission to a twelve-gear, the smoothness and low-end power will make it so nobody wants a manual transmission anymore.
But that simply isn't the case. Freedom has inherent value. Simplicity and approachability have inherent value. People prefer to drive rather than fly or take a train because they want to be in the front seat - literally. Control has a value to it that far exceeds the mere pedestrian concern of whether your approach was good enough.
"There are some cases when a person really does want control. If the person wants to determine their own path, if having choice is itself a personal goal, then you need control. That’s a goal about who you are not just what you get. It’s worth identifying moments when this is important ..."
I think this “a car give you freedom” American thing to be somewhat funny because to me it’s the opposite: a car is a huge investment, it costs you a ton of money per year, puts you down in one place (and thus prevents you from moving to another place easily), makes you mostly sit in traffic while going to work while contributing heavily to destroying the planet. I personally enjoy taking a train to where I’m going much more, especially in places where it’s convenient.
> makes you mostly sit in traffic while going to work
Cherry picking this part of your argument: the last time I switched jobs this is what I told myself to rationalize commuting 50 mins one way (plus 15 mins last mile stuff). It works out _terribly_ if the mode of transport is not super reliable.
And most teenagers don’t work more than 20-25 hours a week.
They would bring home around $600 a month after FICA if they had no other taxes taken out.
For the typical middle class family where the teenager either gets an old beater or a hand me down car where the parents buy a new car, the money they make from working is a wash and the parents let them/make them get a job to foster a work ethic.
It's definitely very American, but the feeling of cruising down an empty highway in a piece of "Detroit iron" is something that has to be experienced to be understood --- if all you've ever driven or ridden in are smaller or less comfortable vehicles, I can see how you would think driving isn't very enjoyable. Even with lots of traffic around, I still think that sitting in my own "personal lounge" is better than sharing a cramped train or bus with all sorts of strangers.
The train doesn't need to be cramped. And if you aren't occupied with controlling a vehicle, you can actually use your time for something useful or enjoyable.
And while cruising down an empty hightway might be very nice, it's excedingly rare for anyones daily commute to be like that.
That is not a commute. That you can do what you describe on holidays and weekends when the weather is fair and there isn't much traffic is not a good reason to create traffic, destroy the climate and the local environment, waste your own money and being frustrated in traffic jam.
People are buying cars because they believe in the commercials where the car means freedom. But people use cars to waste their lives in traffic.
I hear people make this argument all the time, but it makes no sense to me.
How does a car "put you down in one place" or "prevent you from moving easily"? A house prevents you from moving, a car literally moves you to many places. Cars are inherently mobile, that's kind of the whole point.
Similarly, a car is not a huge investment. A house is a huge investment. College is a huge investment. Any trip to a hospital in the US is a huge investment. Cars are cheap, all things considered. It's a climate-controlled, roll-cage-protected closet, with a built in luxury couch + radio + satnav system + emergency cellular connection, that can also propel itself quickly and reliably for hours at a time. And the total cost of ownership for most people is somewhere less than $300/month or so (even when including a loan payment for the upfront price). That's pretty darn cheap.
I could own 5 extra cars, for less than the cost of a single tiny 1bed apartment. I could own 3 extra cars, for less than the cost of daycare for one child. I could own 3.5 extra cars, for less than the cost of health insurance. Cars are pretty cheap, all things considered.
And unfortunately, there's literally nothing that can match that on comfort/speed/reliability/coverage right now. Just to get those same trips out of a train or airplane would easily cost 5x to 10x higher price. Busing can occasionally be cheaper (because a bus is literally just a shared car), but it only does that by making huge sacrifices on comfort/speed/reliability/coverage.
> I personally enjoy taking a train to where I’m going much more
I mean, I totally get that. I love trains too. (I ride Seattle Light Rail, just for fun, and we take Amtrak to Chicago semi-regularly). Trains are fun. Trains are cool.
But trains aren't really good at transportation of people. Trains go almost nowhere, almost no one has access to trains in the first place, and the cost of trains is significantly higher than cars (both on what a single person has to pay to ride either, and on what the total infrastructure costs are for the entire system). It's pretty understandable how a car would give people a lot of real-world freedom, in a way that a train never could.
I could own 5 extra cars, for less than the cost of a single tiny 1bed apartment.
Not every place in the US is ridiculously expensive. The median price of a home is $200K (https://www.cnbc.com/2017/06/29/what-the-median-home-price-o...) and anyone with barely passable credit can get an FHA loan with 3.5% down. Most lenders are going to be wary about you having more than two car notes.
I could own 3 extra cars, for less than the cost of daycare for one child.
I'm not really sure what your getting at. I agree with all of your numbers, that's what all of my figures were already based off of in my original post.
(For example, a $200k home on a 30yr 3.5% down mortgage is roughly $1500/month, which is equal to the average total monthly ownership cost of about 4 to 5 cars)
I don't really understand why people think cars are so expensive. Sure, they can be, but that's true of anything.
In 20 years, I've never owned a car worth more $4000. Hardly seems like a huge investment. I have friends with bicycles worth more than my current vehicle.
A car does not tie you down in one place in America, if anything it's the opposite. The places where you can easily live without a car are limited, especially if you aren't from the area and don't know which areas have good transit service between them. And if it's not a major area, it might not have any real options for getting into it besides car anyway. I looked into bussing to my hometown recently, and it takes 15 hours and over $200 in bus tickets to cover what would otherwise be a 6 hour drive.
Yes, but this is happening within a context. What subset of choices do you want to be able to make? Freedom to WHAT?
Something here about the difference between positive and negative rights but also in your specific example - what if I want freedom from all the negative externalities associated with car use (motorized vehicle deaths, non-pedestrian and bike friendly roads, sprawl, ground level pollution, etc), well now we have a conflict.
I agree with you that autonomy is a value in an of itself that may exist strongly or lightly in your user base, but it's still autonomy within a context.
(ie; i'd way rather have control over my location data going to third parties than have the freedom to change my keyboard, but that's a freedom that is hard to choose in my mobile phone)
Control require investment on your part. For example when you drive, you don't do anything else (hopefully). There is only a limited amount of things you can control.
That's why VIPs like heads of state, high profile CEOs, etc... typically decide very little about their daily life. Some time it goes as far as not choosing what they wear and what they eat. That's because they have so much power that they can only control a very small part of it, and negotiating billion dollar contracts is more important than cooking breakfast.
Truth is, even if you think of yourself as a control freak, you probably have a whole lot of things you just want to work by itself. If you are a car enthusiast, you will probably want control over your car: manual transmission, self maintenance, use of aftermarket parts, custom paint job, etc... The car is one area where you want control for control sake, and that's fine and acknowledged in the article. But maybe fashion is not your thing, and when you want a suit for some formal event, you just go to a highly rated shop, ask the salesman and call it a day. Here, you don't want control, you don't want to spend hours finding the color that suit you best, match everything, etc... you just need a nice suit because you don't want to look like a clown during the event.
Making a decision to delegate something is very different from not having control over it.
Running with your example, I have complete control over the suit I wear; choosing to delegate that decision to the salesman is an explicit judgment call on my part. If I were to pick out my own suit and the salesman didn't agree with my taste, warning me that it looks bad is completely different from refusing to sell it to me.
Sometimes what users want is what users think of as a solution to their problem in the context they have. For example, users want better taxi services -> turns out ride-sharing is a better solution. Taxi service is a solution to the problem of getting point A to B.
Ride-sharing is a better taxi service. Or rather, the uber/lyft thing that is misnamed "ride-sharing" is a better taxi service. Better because of the experience of hailing a ride, and better because it is cheaper due to externalizing a bunch of costs onto the drivers and society. But not different.
I am reminded of a passage in the book "the subtle art of not giving a f*ck":
"For a relationshipt to be healthy, both people must be willing and able to both say no and hear no. Without that negation, without that occasional rejection, boundaries break down and one person's problems and values come to dominate the other's."
The problem is that users are not given the choice to say no.
The perfect situation is you make strong choices instead of delegating everything to users, and you make the right choices.
Next worse is delegating to users.
The worst is you make strong choices and those choices don't work for your users.
Which is all a way of saying that the stakes are high, and there are worse things than giving people the choice. It's a cop out if you can do better, but if you can't do better, then the alternative is worse. But here's the catch: how do you know whether you can do better, and whether you have?
I just saw ads on that blog post. I thought that was odd given the context. I went back to see again, and they were not there anymore. Is one of the included script tags up to no good?
:( Probably Disqus, I turned off ads but it looks like they've turned them back on for free accounts. I'd change comment providers, but doing it for new posts while leaving Disqus on old posts is beyond my energy level.
> For instance, we say “users want control over their privacy,” but what people really want is some subset of:
> To avoid embarrassment
> To avoid persecution
> … sometimes for doing illegal and wrong things
> To keep from having the creeping sensation they left something sitting out that they didn’t want to
> They want to make some political statement against surveillance
> They want to keep things from the prying eyes of those close to them
> They want to avoid being manipulated by bad-faith messaging
-----------
You forgot the two most important ones. Users want their privacy because.
A) they do not trust you.
B) They expect that everything they do, will be used against them. (eg providing an email address will result to receiving spam. Providing personal details to advertisers using them etc).
C) Info they leak, is leaked out forever. Today that might be ok, but circumstances might change tomorrow.
It is a bit dishonest to say that users want privacy because they want to do illegal things. Or that they want to make a statement against surveillance.
Wanting privacy is not a statement, it is an end-goal on its own.
Yes I am missing the point of the article but I had to point the above out.
A feel like your A & B are covered by the last and second points.
A) they do not trust you. Hence, they want to avoid manipulation in bad faith.
B) They expect private details to be used against them. Hence, they want to avoid persecution.
C, however, is an interesting point bearing further discussion. It's something that a developer can't address directly except to not have whatever private data is under consideration in the first place.
I agree, software developers are easily responsibility-shamed and the most insidious form of this is to tell them users want their employers to be in complete control of data and experience.
There's a kernel of truth, of course, which is that most users are happier to be unaware of when their privacy is at stake. Educating users about the consequences of using your product is always more of an effort than not educating them. That's the real responsibility that shouldn't be ducked, but for companies it's better to convince developers that "responsibility" means the cheaper route of keeping users in the dark.
>There are some cases when a person really does want control. If the person wants to determine their own path, if having choice is itself a personal goal, then you need control. That’s a goal about who you are not just what you get. It’s worth identifying moments when this is important. But if a person does not pay attention to something then that person probably does not identify with the topic and is not seeking control over it. “Privacy advocates” pay attention to privacy, and attain a sense of identity from the very act of being mindful of their own privacy. Everyone else does not.
From a healthcare background I find your points to be incredibly rare in practice, and the articles more on point.. which makes sense given the context of the article.
For the most part patients trust their healthcare providers in privacy concerns, even in relatively speaking formerly strained contexts (predominant black patients with white providers).
I ask patients everyday about illegal or embarrassing or “wrong” activities with little resistance to candor.
Tech and social media has engendered a much more toxic attitude that the healthcare industry as a whole has avoided.
I wonder how much of that is due to the strong disincentives to misuse of health data by providers.
I suspect many people are more willing to be honest with health care providers about illegal or embarrassing or “wrong” activities because they know there is legal protection and harsh sanctions (e.g. loss of license, prosecution, requirements for professional education and exams in ethics as part of education/licensing, etc) if the provider breaches that trust. That sort of thing isn't typically present in the tech industry.
There's a difference between wanting privacy and wanting control over privacy though, right? I have a lot more respect for a company that doesn't collect information on me in the first place than one that lets me configure all the ways in which they collect my data.
It's more of "I would rather go to a party where everyone is wearing any mask they want than a party where every mask is required to have 1) at least one hole for an eye, 2) at least 50% transparency, and 3) cover no more than one-third of the face."
Of course, in the second case I am free to "choose" which eye to show or which portion of the face to leave covered, but if I'm concerned about privacy, I'd much rather go to the first ball.
In almost all cases I'd rather the product made decisions for me. I can use the product or not.
Ultimately, I don't care about products; I care about whatever I want to get done, and any knob-fiddling I have to do to configure it is a distraction.
D) you don't want to be accused of a crime you didn't do just because circumstantial evidence implies that you did.. like when reddit or some other groups dox you online.
you have to define control first. personally i think it is a dev to users in the form of options but you have to create options that will get the most need and has mostly the most following for the most part. with advanced users almost on par with developers some times a light hackable modular design is better.
As a user of services, I do want control. Whether my privacy needs are met is not good enough unless mathematically guaranteed, and even then there are social/integration features that may add side channels that require control. An example of such a feature would be Signal requesting your contact list to find out whom, among your friends, is also using Signal (which isn't too horribly an anti-pattern in this case because the app still works without read access to your contacts).
Why? Because I want to be able to revoke access to any of several specific details about me or my device based solely on whether I feel like it. As soon as this is taken for granted, it is devalued and users lose leverage. Then the conversation during development becomes whether a proposed new feature is "worth" an encroachment on user privacy.
I mean, it is. If the plane could fly itself correctly, and know how to fix this problem without their intervention, then yes, they dont need or even care about control.
How about a thought exercise where you replace users with the customers of the Boeing 737 Max flights---the passengers? They don't want control. They want to be flown somewhere without dying.
True. People didnt care about who had their data until the data started being used unethically. But now these unethical practices are so common, they are considered ethical.
We used to print books with everyones name and number in the city. You would give your phone number out freely. But now, people keep their phone number hidden because its abused more then its actually used these days.
Frankly I'd settle for control of the hardware I paid good money for. Root access on my android devices. Full control over Windows Update without having to boot into Linux and rip DLLs straight out of the system folder.
> People don’t want to lose their data, but having personal control over your data is a great way to lose it, or even to lose control over it.
I don't think "personal control" implies that nobody else has full access to one's data. If that were true then NDAs would be useless.
The idea of users "wanting control" simply means they want ubiquitous software to work like the best parts of ubiquitous social structures they've grown up with that aren't the internet.
That is: facilitate personal growth and self-expression in a framework where individual failures and oversights don't accumulate to create a goddamned international environmental hazard.
For example-- I'd bet there are a lot of Youtube posters who would love the following two features:
1. Painlessly upload videos that assert their opinionated world view at that moment in time.
2. Have people find it without plugging into a recommendation rabbit hole of contention that reframes their content as yet another rusty nail in a goddamned international environmental hazard.
> But if, as technologists, we can’t map functionality to desire, it’s a bit of a stretch to imagine everyone else will figure it out on the fly.
And one level above that-- if you don't have a legal framework where it's against the law to put cocaine in soft drinks then mapping functionality to desire will often be an unethical endeavor.
How does he know what users want? I presume by the term "user" he means someone is not one of the authors or who cannot1 themselves modify the software as they wish.
As a user, I do not ever recall being asked what I wanted by anyone at Mozilla nor have I ever heard of any other user being asked.
1 I could modify Firefox but the compile process requires more time and resources than what I consider reasonable.
Mozilla uses telemetry in their products to try to understand what Firefox users want. We only use telemetry to improve our products (which is directly related to understanding user desires), and we have a data review policy to ensure we are collecting data in an attempt to improve things for those people we collect data from.
Additionally Mozilla regularly surveys samples of its user base, and conducts in-depth interviews of the public to try to understand desires.
"try and understand underlying motivations whenever you see 'want control of X'" is neat point.
I'd think "if the system satisfies all the desires, people don't need autonomy" and "people need control/power, because systems inevitably fail" are two contrasting viewpoints.
I'll offer a contrarian opinion. A lot of the issues raised recently in our industry around privacy or algorithmic bias come from the fact that as an industry tech has the hubris to believe that it knows better than its users what is best for them. Under the pretense of simplicity and scalability, we think that every individual behavior and tastes can be reduced into a one-size-fits-all product and business model, sprinkled with machine learning to give the illusion of a product experience tailored to different people, when in fact it is only mildly so. And I'm saying this as someone building machine learning models for a living.
I agree with you here. The majority of the people involved are trying to do something good. I’d wager the egomaniacs are a much smaller percentage than those who want to build better things.
Perhaps I am thinking too narrowly, but I think the algorithm-driven approach is much less hubris than someone at the company making a decision. These models reflect what users do -- isn't that much more democratic than employees deciding?
There is an orthogonal argument that this is also harmful to some people's aspect, but "give the people what they want" doesn't seem like it's reductive. Especially when it seems like people in our society can be clustered and have some clear groupings occur.
Is the algorithm-driven approach really any better, though? If our UI leads users to accidentally take an action, our data will actively mislead us into thinking it's what they want!
Designing clear interfaces, measuring things and coming up with models are all really hard. Data needs to be paired with human judgment and decision making.
>These models reflect what users do -- isn't that much more democratic than employees deciding?
What users do is different from what users would like to do. If people's aspirations lined up with their real behaviors, Planet Fitness wouldn't have a business model. But when navigating the world people often want to improve themselves into something they want to be, not fall deeper into the worst tendencies they exhibit in any given moment.
You aren't wrong, but that's presumptive on humans being able to create algorithms that aren't implicitly bias. 2, hopefully not overly simplistic examples, A) Automatic Paper Towel dispensers that don't work nearly as well with people with dark skin. (Unintentional bias on the hands of the designers) B) People getting google banned and then being totally helpless and useless and not being able to get themselves unbanned (an algorithm determined there was abuse, and there is no recourse to tell the machine that it was mistaken, the entire thing was automated away via algorithms.)
So two competing priorities in a) giving users all the control/configurability they want and b) per OWASP and most SQL security standards “never trust user input”
Explain straddling that line ... oh and the third axis is cost.
Those two are perfectly compatible actually - although doing both is harder and thus economically more expensive.
Not trusting user input is about security. Verify that everything is something which they /should/ be able to do. Think say for a game's bank account. They should never be able to directly change that value without valid transactions to and from.
If they can lose money by writing a check to null that is bad. If they can /gain/ money by writing a negative check to null that is /really/ bad. Also really bad is being allowed to just take money from banks of others without a validated transaction.
Configurability lets them do anything that is in their rights. If they can access their bank balance and set it as part of their signature that is allowed along with say setting their crosshair to display the target HP which they already know. If they can create a custom texture of their bank balance repeated ad nauseam that is fine. So long as they are capable of that stuff already.
You can actually get emergent conflicts from this in somewhat unexpected ways. When users are enabled to export a bunch of private data in the name of choice and control, they can be encouraged to do so unwisely. Users rarely stop and read warning messages, no matter how simple and clear and straightforward they are.
I don't see that as a contrarian opinion, at least not with my reading of the post.
Bicking isn't saying you should decide exactly what your users want and give them that and only that. (Well, he's not saying to not do that either, if in a situation where that's doable...) He is simply saying that if your final conclusion is "users want more control", then you're copping out. You are giving up on figuring out what your users really want (whether they know what it is or not), and just throwing options at them in hopes that they'll be able to make something out of them. Or at least stop complaining.
Giving your users control isn't bad. Not figuring out why your users are asking for more control is bad.
Most users don't want control - more things to think about takes energy and time. The users that do want control, however, are likely to be the users championing your product. Take a standard transmission in automobiles - the extra control it gives isn't necessary, and a large number of consumers prefer the automatic transmission. But the racecar drivers and car lovers are much more likely to want a standard. If you have intelligent, invested users, they'll want control options, and they'll usually tell you what they should be.
On the flip side my government insists on giving me a choice of schools for my child. I don't really want choice, I want the local school to be good and for my children to go there.
In this view, users still don't want control, its just a symptom of the failure to provide what users do actually want.
> I want the local school to be good and for my children to go there
That's assuming there's a universal "good" - even if a school meets some general standards one school can have a better arts program, the other might be more biased towards sports, etc. I don't see anything wrong with having choice - having a good baseline everywhere is a separate issue.
Well lets go out on a limb and say all schools are good, and specialise in one subject. Which should I send my 5 or 11 year old to?
I mean they like football, but they also like drawing, but then neither of those are well known for paying the bills. So I still circle back making sure they get a balanced education.
The problem though is that choice is the supposed solution to not having good schools. That may be UK specific though.
The idea (although rather poorly implemented in the UK state system) is that choice leads to competition, and competition leads to improvement even of those at the bottom (and even for those who don’t really pay attention to the choice/don’t care). It’s a market philosophy of sorts.
I know that's the idea. The result is schools spending a non trivial amount of time jumping through hoops for the benefit of people who are ill equipped to evaluate those schools. On top of that the number of places are fairly static year to year so all schools end up getting filled anyway, but the 'better' schools are filled with the students that arguably least need the benefits, whereas the worst schools are filled with the children of the least able.
Yes. The 'market' mechanism for popular schools to find money and permission to expand while less popular ones are closed or taken over is missing and subject to too much political interference. So it arguably ends up as the worst of both worlds.
Ah, exactly the issue that sprung to my mind too. The tyranny of "choice" as introduced into various UK governmental systems is so bloody annoying. Great, I can "choose" my kids school, armed with a spreadsheet and looking at various progress, attainment and wellbeing metrics, that never actually seem to capture how happy and fullfilled the kids are at school. I can "choose" my hopsital consultant using the choose-and-book system.
No. I want to send my kid to the local school that will be good and I want to go to the local hospital where I will be treated by a well qualified caring medical professional. I don't want to have to create pivot tables.
It also provides the strange incentive to optimize for glossy powerpoint presentation that communicates our core values to parents. Organizations which never had to have a marketing department finds themselves struggling without one.
>On the flip side my government insists on giving me a choice of schools for my child. I don't really want choice, I want the local school to be good and for my children to go there.
Yeah, people mostly start asking for control when you make the default experience shitty. They want control to escape the hell they've been put in, but they have to pay a price for it either in money or time. So functionally, "give users more control" is really saying "make the user pay more to use my product."
In an ideal world everything would be bespoke and custom tailored for me, but the idea there is that the tailor knows how to create what I want. Not that I have to go tailoring all my own stuff. I'm not competent enough to do that unless it's my hobby.
In Germany consumers certainly do not prefer automatic transmissions (I do and it puzzles me why most people don't). So there's at least some culture/history involved in these preferences. I'd assume "wanting control" is also a bit of a cultural issue.
In the end, I think/fear that on average lazyness wins every time.
automatic acceleration feels really neutered in every car i've come across, being in control feels better than waiting for the car to kick in automatically.
then again i ride bikes too and prefer a more active driving experience
Manual transmissions are the default in most of Europe. They're cheaper, they're more efficient and they make the most of small engines with limited torque.
>they make the most of small engines with limited torque.
Ding. Ding. Ding. We have a winner!
People like manuals because they can choose when to up-shift whereas the guys programming the automatic transmission will program it to up-shift as soon as they think they can get away with (for fuel economy and emissions). With a manual you can let your 1L hornets nest scream along at 4k all the time giving you close to peak power on tap whenever you want it. Basically manuals are a hack around regulations that force manufactures to build cars with performance characteristics nobody wants (under-powered engines and transmissions that up-shift at the drop of a hat). Those regulations are much stronger in Europe so the value proposition of a manual transmission is better there.
force manufactures to build cars with performance characteristics nobody wants
Well... performance characteristics that everybody wants -- for everybody else. They themselves want warp drive, but prefer everybody else help hold down the price of gasoline and the carbon content of the atmosphere.
Most of the time I drive economically and up-shift very early. Sometimes I want to have some fun and fly out of corners at 4 or 5K on my small 1200cc car.
The feeling of slamming into second as you come out of a corner in a little sports car. In an automatic, its just a pedal and the wheel, in a manual you physically engage the warp mode. It feels good, gives a greater sense of power in your actions and also contributes to enjoyable familiar muscle memory. Humans dig physical ritual.
That is a separate issue from control - one of defaults. You can have a simple default that works or a complex one with defined behavior which have usability issues.
Customization gives control to those who want to take it.
Automatic transmission cars are very unpopular across Europe. In all seriousness, I don't know if I've ever even seen an automatic in real life, except for travelling to the US.
There's a big difference between "choice" and "control". iOS doesn't allow you to customise your home screen, but it does offer strong guarantees about what happens to your personal data. My local convenience store has a hundred different kinds of sugar-sweetened beverages, but no fresh fruit. My cellphone company offers dozens of different price plans, but they're so confusing that I strongly suspect that I'm being ripped off.
Choice only amounts to control if those choices are meaningful and legible.
This is absolutely not true. This is what they ACT like, but this is not their true motivation. These companies want all control to be theirs, and they want to be free to do what they want with users and their data, and they want to spend as little time, money and effort as possible while doing it. They know they can't state this honestly, so they dress it up in excuses, rationalisations and outright lies.
They KNOW they don't know better than its users. But they don't want to let users decide, because users would make decisions that go against their own profits, so they remove the choice and lie about why.
A lot of the issues raised recently in our industry around privacy or algorithmic bias come from the fact that as an industry tech has the hubris to believe that it knows better than its users what is best for them.
A good way to summarize, "users want control," is to note that, "users don't want to be screwed." Users don't want to be put into a situation where they have lost so much power, they don't have practical options, or the only options they have left are punitively unpleasant.
>A lot of the issues raised recently in our industry around privacy or algorithmic bias come from the fact that as an industry tech has the hubris to believe that it knows better than its users what is best for them.
I don't think this is that bad, on its own. Choice is a pain in the ass, so it's useful to have things pick for you, when you don't care to choose yourself (which is very common).
The main issue is that there is never offered a means to correct the algorithm, when it chooses something the user decidedly doesn't want. That is, there's no user-inputted feedback mechanism; they go for implicit tracking like "eyeball-time" to correct the algorithm, despite the user (me) being both able and willing to give an explicit answer. I want Netflix to give me better recommendations, and I'm willing to put in a bit of effort to support that.
Netflix used to have those explicit feedback mechanisms via user star ratings, and even ran a contest to improve their recommendations based on the data[0], but it turns out "that explicit star ratings were less relevant than other signals. Users would rate documentaries with 5 stars, and silly movies with just 3 stars, but still watch silly movies more often than those high-rated documentaries."[1]
Changing from stars to thumbs increased the quantity of data (at the expense of granularity), but didn't change the relative advantage of tracking behavior over explicit ratings.
Now, your ratings may be free of these issues, but that data isn't very useful in isolation, so blame the bad data from other users for the removal of the feedback mechanism.
175 comments
[ 4.5 ms ] story [ 217 ms ] thread> No! People want good health care. If they don’t trust systems to provide them good health care, if they don’t trust their providers to understand their priorities, then choice is the fallback: it’s how you work the system when the system isn’t working for you. And it sucks! Here you are, in the middle of some health issue, with treatments and symptoms and the rest of your life duties, and now you have to become a researcher on top of it? But the politicians and the pundits could not stop talking about control.
https://www.firstquotehealth.com/health-insurance-news/non-p...
C - control when you collect it.
R - read what you have on them, and know how you read it and/or share it with others.
U - update it, e.g. when it is wrong.
D - delete it.
Most users just want non-hostile defaults, but all users should have CRUD-control.
It has been great to see Apple, for example, move more towards better awareness and defaults for C, but by and large the internet is still a mess of hostile defaults, opaque privacy statements, and no way to know that this weather app is selling your location to advertisers when they could've just asked you for your location, if they wanted to be a weather app.
If you're small, you get to sidestep this distinction by defining your market carefully. Apple is one company that famously does not give users control. Is it true that PC users don't want control? No. That's why Windows has 80% market share in PCs and Android has 75% market share in mobile. But it's true of Apple customers, and in return for giving up control, they get a well-integrated user experience that's relatively bug-free, just works, and requires no extra thought on their part. You could look at dealing with hardware incompatibilities, avoiding crapware, integrating systems, and so on as services that Apple provides to its customers, and as a result they can charge a premium on their devices and make handsome profits.
This model falls down for public policy, like privacy, because people have different priorities that lead to different tradeoffs. I will happily give Google my location if it helps me avoid traffic jams, something many HN readers object to. I will post semi-identifiable comments on Hacker News, because I've derived fairly significant benefit from comments here. I don't generally post pictures of my family on Facebook. I certainly don't document my every waking moment with Instagram. Many other people make different tradeoffs, and that's their right.
It's debatable which bucket health care falls into - I suspect most people are in the "just make it work" camp until they dig into the details of exactly what experience and cost "just make it work" entails. I'll point out that the Apple experience for health care is completely possible with Kaiser Permanente and other managed HMOs, if you are willing to give up your choice of providers. Stay within their network and everything "just works", but then you have to stay within their network.
For example, this week I was explaining to someone how different the iOS (possible) and Android (impossible) processes are for finding and removing spying crap if you don’t know how to operate technology very well.
I showed them Settings > General > Profiles on my phone, explained briefly that I’d opted in to them, and that they wouldn’t have that because they weren’t a developer.
They had it! For a coupon email spam account. That they’d tried out a year ago and were now unable to completely remove. They removed it immediately.
No, we can’t root iOS devices reliably (rarely at all), but in exchange, non-technical users gain control over their device to a degree that rootable devices make impossible.
It’s not about whether you have control, it’s about whether you have the degree of control you desire, and whether that control provides the needs you desire.
I, an advanced technical user, use iOS because I can prove efficiently that it’s unharmed. I consciously gave up a rooted device with a keyboard for it. I have a 50% typo rate and I miss a lot of things. But the need for safety is paramount, or else everyone protected by my MFA tokens is at risk from attacks so severe I can’t even fathom.
I can't use iOS because it doesn't meet my needs: T9 Dialer, Homescreen customization, Guest mode/Multiuser (not Guided Access), better notifications, real Firefox, better multi-tasking etc.
Add: I also think it's unfair to compare the security capabilities of a handful of Apple phones with the countless Android phones out there. People have the option of buying Android phones from Google, which have comparable security guarantees as any iOS device (while allowing root access to people who actually desire that).
I’d accept this as fine if I had to order it rooted from Google in hardware, so that the bootloader could show an unskippable “This is a rooted device and lacks critical security protections against malware attacks” warning.
Sadly, that’s not currently on offer. While your needs are legitimate, offering rooting in software on consumer-facing devices is more dangerous than they can afford. To me, the harm that comes to others isn’t worth it.
If you grab your phone one day, and it is completely wiped, you will notice this right away. At this point, you can investigate -- this can be as simple as looking at screen during the boot; or non-trivial key combo, as Samsung requires [0]. If indicator shows non-tripped, you can be sure the phone is not rooted.
I agree that this is more complex than Apple, but in practice, it never happens -- I had a few phones slowly fail on me, and they never spontaneously self-wiped. So if your non-technical relative wants to get Android phone, just tell them: "Phone suddenly forgetting every single account is VERY BAD and a sign of EVIL HACKERS. If this happens, call me right right away from a landline, do not use this phone at all". And they will be as secure as if they had Apple.
[0] https://support.samsungknox.com/hc/en-us/articles/1150135620...
And for non-technical folks, the same spyware devices that police use to make perfect replicas could just as easily restore them with a spyware infection.
They’d lose HSM-stored things like fingerprints and NFC payment tokens, but people shrug off things like that and just go set it up again or enter their passwords when a pop up appears.
If this Knox throws up an unavoidable, non-technical warning in that scenario, that openly cautions them not to enter any passwords and to take their phone to the authorities, then I will happily accept that things are better than I expected for Android today.
It is on offer, that is already how Android rooting works on most phones (at least, every Nexus, Motorola, HTC, and LG I've used already does this). You already get that warning you requested and your phone shows some sort of "unlocked" icon on every single startup to remind you your phone has been rooted and your phone auto-wipes all data itself before unlocking too.
Screenshot of the warning message (Motorola) -> http://androidadvices.com/wp-content/uploads/2014/11/unlocke...
Screenshot of the warning message (HTC) -> https://img.xda-cdn.com/zgUZzE19yICj6wdJm--RJopG_-U=/http%3A...
Screenshot of the every-single-boot reminder icon (Google/Nexus) -> https://fscl01.fonpit.de/userfiles/4774964/image/AndroidPIT-...
We can argue over the particular clarity of the wording and icons and such. But generally speaking, the functionality you are asking for has already been Android standard default for many years now.
Do all manufacturers offer that sort of clear warning text, or just Motorola? The unlock icon alone is meaningless.
I’m glad they have any warning at all - but warning in tech developer terms and warning in consumer-understood terms are entirely separate problems, as Motorola’s insufficient developer-focused terminology demonstrates.
My Sony and a Huawei I set up for a family member show similar warnings after unlocking them, btw.
This is something I hate with a passion, at least until Google manages to provide a solution that allows me to do a full device backup including all media, game data, Authenticator tokens, whatever, and restore it to another device with nothing missing, and that does NOT work via uploading everything in clear to the cloud.
Apple does this, Android requires rooting via hacks to do a real backup.
(1) Have physical control of the device
AND
(2) Have the OS-level password.
So, you're pwned anyway, it doesn't matter that your phone is unrootable.
However - in light of the Motorola approach I think Apple should forcefully notify users that there are profiles installed at every boot, which will be once a month or so on their usual update cycles. That would be perfect. I’ll open a bug for them now.
Mac books have offered "rooting in software" for years and years. And it has not been "more dangerous than [consumers] can afford".
> So will people who need Tor Browser to keep them safe from their governments.
Remember the Apple vs. FBI saga from a few years ago? There, a "non-rootable" device protected someone (briefly) from a government. But remember, that a "non-rootable" device is actually a device that only the manufacturer and their authorized agents can root. In other words, the device is secure against the user to prevent the user from doing as he pleases and for the manufacturer. This is exactly what a malevolent governement would need to spy on people.
Can you elaborate on that? I read up on Apple's configuration profiles and they sound like Android's device administrators -- which can be easily removed from Settings -> Security -> Device Administrators [0]
[0] https://www.redmondpie.com/how-to-check-for-hidden-device-ad...
>I will happily give Google my location if it helps me avoid traffic jams, something many HN readers object to.
The premise of this statement is that you have to give them this data to avoid traffic jams as part of an inherent bargain, but that's not the case. Yes at a very basic level maps apps need to access GPS to work, but the implementations matter. Apple Maps was specifically designed so that you can have those features in a privacy-preserving manner [1]:
>“We specifically don’t collect data, even from point A to point B,” notes Cue. “We collect data — when we do it — in an anonymous fashion, in subsections of the whole, so we couldn’t even say that there is a person that went from point A to point B. We’re collecting the segments of it. As you can imagine, that’s always been a key part of doing this. Honestly, we don’t think it buys us anything [to collect more]. We’re not losing any features or capabilities by doing this.”
>The segments that he is referring to are sliced out of any given person’s navigation session. Neither the beginning or the end of any trip is ever transmitted to Apple. Rotating identifiers, not personal information, are assigned to any data or requests sent to Apple and it augments the “ground truth” data provided by its own mapping vehicles with this “probe data” sent back from iPhones.
>Because only random segments of any person’s drive is ever sent and that data is completely anonymized, there is never a way to tell if any trip was ever a single individual. The local system signs the IDs and only it knows to whom that ID refers. Apple is working very hard here to not know anything about its users. This kind of privacy can’t be added on at the end, it has to be woven in at the ground level.
Google is obviously trying to reframe the privacy debate into "yes we take your data, but it's necessary to give you valuable services" [2][3][4] (these last two takes seem to have just gone with the Google PR rep's package, given the titles) but that obfuscates that they're collecting way more data in a completely unfettered way outside of a specific purpose in connection with providing a service (something GDPR addresses but will probably need to be litigated). Apple repeatedly insists that providing great features/functionality doesn't have to come at the expense of your privacy. And I believe them for the simple fact that Google hasn't really been able to demonstrate what value they offer that only the Surveillance Capitalism model can provide.
[1] https://techcrunch.com/2018/06/29/apple-is-rebuilding-maps-f...
[2] https://stratechery.com/2019/google-fights-back/
[3] https://www.nytimes.com/2019/05/07/technology/google-privacy...
[4] https://char.gd/recharged/daily/google-finds-religion-in-pri...
I mean a full journey record is useful in itself for some people; no data collection means no telling when someone set off, no feature to keep relatives informed of your location, all sorts of things are ruled out.
Perhaps you mean they only keep anonymised data, but even that rules out some of these neat features.
If you compared how many people buy a $1000 iPhone vs. a $1000 high-end Android phone, you would see completely different numbers.
My anecdotal observation is that when people aren’t price-conscious (either because someone else is paying for their device, or because they have a lot of disposable income themselves), they prefer Apple >95% of the time.
High end Galaxy phones are not the most common on the market and not even the most common phones that Samsung sells.
How could they be if the average selling price of a Samsung phone is $227? (https://www.androidauthority.com/price-gap-samsung-apple-sma...)
I googled around a bit and found the chart on this page, which contradicts your point completely.
https://www.cultofmac.com/544737/iphone-x-is-the-best-sellin...
The fact remains, you have no clue what they do with that information, how long they keep it, and how many other people have done so. You can't review the code that collects the data, sends the data, processes the data, purges the data. You can't predict how the data will be combined with other data, and you can't control whether or not they share it with third parties, law enforcement, or intelligence agencies. You can clear your history and hope they abide by their word and comply with relevant laws, but fundamentally you don't know.
In essence, you have no clue what you are getting yourself into. Because traffic, or something.
Society-scale, this is a serious issue, especially when the default is "on". Opt out!
However, if you give them lots of control and monitor choices, you can modify your defaults to improve that situation... but don't expect preferences to remain static.
So... more telemetry. This user says no thanks.
Err. Well. No, not usually. Usually it runs the other way. I want control because I specifically do not want you taking over my life, not because I disagree with the way you're taking it over. I don't want it to happen on its own.
I can imagine the author in an automaker board room, arguing vehemently that if they only move from a ten-speed automatic transmission to a twelve-gear, the smoothness and low-end power will make it so nobody wants a manual transmission anymore.
But that simply isn't the case. Freedom has inherent value. Simplicity and approachability have inherent value. People prefer to drive rather than fly or take a train because they want to be in the front seat - literally. Control has a value to it that far exceeds the mere pedestrian concern of whether your approach was good enough.
"There are some cases when a person really does want control. If the person wants to determine their own path, if having choice is itself a personal goal, then you need control. That’s a goal about who you are not just what you get. It’s worth identifying moments when this is important ..."
Cherry picking this part of your argument: the last time I switched jobs this is what I told myself to rationalize commuting 50 mins one way (plus 15 mins last mile stuff). It works out _terribly_ if the mode of transport is not super reliable.
They would bring home around $600 a month after FICA if they had no other taxes taken out.
For the typical middle class family where the teenager either gets an old beater or a hand me down car where the parents buy a new car, the money they make from working is a wash and the parents let them/make them get a job to foster a work ethic.
And while cruising down an empty hightway might be very nice, it's excedingly rare for anyones daily commute to be like that.
I'm doing something enjoyable. I'm cruising down the freeway with the windows open, good tunes on the radio, and I can choose to go anywhere I desire.
People are buying cars because they believe in the commercials where the car means freedom. But people use cars to waste their lives in traffic.
How does a car "put you down in one place" or "prevent you from moving easily"? A house prevents you from moving, a car literally moves you to many places. Cars are inherently mobile, that's kind of the whole point.
Similarly, a car is not a huge investment. A house is a huge investment. College is a huge investment. Any trip to a hospital in the US is a huge investment. Cars are cheap, all things considered. It's a climate-controlled, roll-cage-protected closet, with a built in luxury couch + radio + satnav system + emergency cellular connection, that can also propel itself quickly and reliably for hours at a time. And the total cost of ownership for most people is somewhere less than $300/month or so (even when including a loan payment for the upfront price). That's pretty darn cheap.
I could own 5 extra cars, for less than the cost of a single tiny 1bed apartment. I could own 3 extra cars, for less than the cost of daycare for one child. I could own 3.5 extra cars, for less than the cost of health insurance. Cars are pretty cheap, all things considered.
And unfortunately, there's literally nothing that can match that on comfort/speed/reliability/coverage right now. Just to get those same trips out of a train or airplane would easily cost 5x to 10x higher price. Busing can occasionally be cheaper (because a bus is literally just a shared car), but it only does that by making huge sacrifices on comfort/speed/reliability/coverage.
> I personally enjoy taking a train to where I’m going much more
I mean, I totally get that. I love trains too. (I ride Seattle Light Rail, just for fun, and we take Amtrak to Chicago semi-regularly). Trains are fun. Trains are cool.
But trains aren't really good at transportation of people. Trains go almost nowhere, almost no one has access to trains in the first place, and the cost of trains is significantly higher than cars (both on what a single person has to pay to ride either, and on what the total infrastructure costs are for the entire system). It's pretty understandable how a car would give people a lot of real-world freedom, in a way that a train never could.
Not every place in the US is ridiculously expensive. The median price of a home is $200K (https://www.cnbc.com/2017/06/29/what-the-median-home-price-o...) and anyone with barely passable credit can get an FHA loan with 3.5% down. Most lenders are going to be wary about you having more than two car notes.
I could own 3 extra cars, for less than the cost of daycare for one child.
The average cost of child care is between $5000 - $15000 a year (https://www.epi.org/child-care-costs-in-the-united-states/)
I could own 3.5 extra cars, for less than the cost of health insurance. Cars are pretty cheap, all things considered.
The average cost of family medical insurance is a little over $14K (https://www.ehealthinsurance.com/resources/affordable-care-a...)
(For example, a $200k home on a 30yr 3.5% down mortgage is roughly $1500/month, which is equal to the average total monthly ownership cost of about 4 to 5 cars)
Something here about the difference between positive and negative rights but also in your specific example - what if I want freedom from all the negative externalities associated with car use (motorized vehicle deaths, non-pedestrian and bike friendly roads, sprawl, ground level pollution, etc), well now we have a conflict.
I agree with you that autonomy is a value in an of itself that may exist strongly or lightly in your user base, but it's still autonomy within a context.
(ie; i'd way rather have control over my location data going to third parties than have the freedom to change my keyboard, but that's a freedom that is hard to choose in my mobile phone)
That's why VIPs like heads of state, high profile CEOs, etc... typically decide very little about their daily life. Some time it goes as far as not choosing what they wear and what they eat. That's because they have so much power that they can only control a very small part of it, and negotiating billion dollar contracts is more important than cooking breakfast.
Truth is, even if you think of yourself as a control freak, you probably have a whole lot of things you just want to work by itself. If you are a car enthusiast, you will probably want control over your car: manual transmission, self maintenance, use of aftermarket parts, custom paint job, etc... The car is one area where you want control for control sake, and that's fine and acknowledged in the article. But maybe fashion is not your thing, and when you want a suit for some formal event, you just go to a highly rated shop, ask the salesman and call it a day. Here, you don't want control, you don't want to spend hours finding the color that suit you best, match everything, etc... you just need a nice suit because you don't want to look like a clown during the event.
Running with your example, I have complete control over the suit I wear; choosing to delegate that decision to the salesman is an explicit judgment call on my part. If I were to pick out my own suit and the salesman didn't agree with my taste, warning me that it looks bad is completely different from refusing to sell it to me.
Just leaving this here: Win a minimum of $10 in CoinCircle's Daily Competition https://coincircle.com/l/50VVxbObg3
"For a relationshipt to be healthy, both people must be willing and able to both say no and hear no. Without that negation, without that occasional rejection, boundaries break down and one person's problems and values come to dominate the other's."
The problem is that users are not given the choice to say no.
Next worse is delegating to users.
The worst is you make strong choices and those choices don't work for your users.
Which is all a way of saying that the stakes are high, and there are worse things than giving people the choice. It's a cop out if you can do better, but if you can't do better, then the alternative is worse. But here's the catch: how do you know whether you can do better, and whether you have?
> To avoid embarrassment
> To avoid persecution
> … sometimes for doing illegal and wrong things
> To keep from having the creeping sensation they left something sitting out that they didn’t want to
> They want to make some political statement against surveillance
> They want to keep things from the prying eyes of those close to them
> They want to avoid being manipulated by bad-faith messaging
-----------
You forgot the two most important ones. Users want their privacy because.
A) they do not trust you.
B) They expect that everything they do, will be used against them. (eg providing an email address will result to receiving spam. Providing personal details to advertisers using them etc).
C) Info they leak, is leaked out forever. Today that might be ok, but circumstances might change tomorrow.
It is a bit dishonest to say that users want privacy because they want to do illegal things. Or that they want to make a statement against surveillance.
Wanting privacy is not a statement, it is an end-goal on its own.
Yes I am missing the point of the article but I had to point the above out.
A) they do not trust you. Hence, they want to avoid manipulation in bad faith.
B) They expect private details to be used against them. Hence, they want to avoid persecution.
C, however, is an interesting point bearing further discussion. It's something that a developer can't address directly except to not have whatever private data is under consideration in the first place.
There's a kernel of truth, of course, which is that most users are happier to be unaware of when their privacy is at stake. Educating users about the consequences of using your product is always more of an effort than not educating them. That's the real responsibility that shouldn't be ducked, but for companies it's better to convince developers that "responsibility" means the cheaper route of keeping users in the dark.
>There are some cases when a person really does want control. If the person wants to determine their own path, if having choice is itself a personal goal, then you need control. That’s a goal about who you are not just what you get. It’s worth identifying moments when this is important. But if a person does not pay attention to something then that person probably does not identify with the topic and is not seeking control over it. “Privacy advocates” pay attention to privacy, and attain a sense of identity from the very act of being mindful of their own privacy. Everyone else does not.
Even if some majority of users do not care about privacy i dont believe our most fruit bearing path is build w/less autonomy.
There is so much distance between how things need to be built and whether or not end users identify with some component of the system.
For the most part patients trust their healthcare providers in privacy concerns, even in relatively speaking formerly strained contexts (predominant black patients with white providers).
I ask patients everyday about illegal or embarrassing or “wrong” activities with little resistance to candor.
Tech and social media has engendered a much more toxic attitude that the healthcare industry as a whole has avoided.
I suspect many people are more willing to be honest with health care providers about illegal or embarrassing or “wrong” activities because they know there is legal protection and harsh sanctions (e.g. loss of license, prosecution, requirements for professional education and exams in ethics as part of education/licensing, etc) if the provider breaches that trust. That sort of thing isn't typically present in the tech industry.
That's like "I like masks, so only want to be invited to masked balls, not parties where I can choose to wear a mask"?
Of course, in the second case I am free to "choose" which eye to show or which portion of the face to leave covered, but if I'm concerned about privacy, I'd much rather go to the first ball.
Ultimately, I don't care about products; I care about whatever I want to get done, and any knob-fiddling I have to do to configure it is a distraction.
Why? Because I want to be able to revoke access to any of several specific details about me or my device based solely on whether I feel like it. As soon as this is taken for granted, it is devalued and users lose leverage. Then the conversation during development becomes whether a proposed new feature is "worth" an encroachment on user privacy.
"The difference between Excel and a database is if they use Excel they don't have to talk to your elitist ass."
Too true
I don't think "personal control" implies that nobody else has full access to one's data. If that were true then NDAs would be useless.
The idea of users "wanting control" simply means they want ubiquitous software to work like the best parts of ubiquitous social structures they've grown up with that aren't the internet.
That is: facilitate personal growth and self-expression in a framework where individual failures and oversights don't accumulate to create a goddamned international environmental hazard.
For example-- I'd bet there are a lot of Youtube posters who would love the following two features:
1. Painlessly upload videos that assert their opinionated world view at that moment in time.
2. Have people find it without plugging into a recommendation rabbit hole of contention that reframes their content as yet another rusty nail in a goddamned international environmental hazard.
> But if, as technologists, we can’t map functionality to desire, it’s a bit of a stretch to imagine everyone else will figure it out on the fly.
And one level above that-- if you don't have a legal framework where it's against the law to put cocaine in soft drinks then mapping functionality to desire will often be an unethical endeavor.
As a user, I do not ever recall being asked what I wanted by anyone at Mozilla nor have I ever heard of any other user being asked.
1 I could modify Firefox but the compile process requires more time and resources than what I consider reasonable.
Additionally Mozilla regularly surveys samples of its user base, and conducts in-depth interviews of the public to try to understand desires.
I'd think "if the system satisfies all the desires, people don't need autonomy" and "people need control/power, because systems inevitably fail" are two contrasting viewpoints.
I suppose morally there's a difference, but that's just us and our biases.
There is an orthogonal argument that this is also harmful to some people's aspect, but "give the people what they want" doesn't seem like it's reductive. Especially when it seems like people in our society can be clustered and have some clear groupings occur.
Designing clear interfaces, measuring things and coming up with models are all really hard. Data needs to be paired with human judgment and decision making.
What users do is different from what users would like to do. If people's aspirations lined up with their real behaviors, Planet Fitness wouldn't have a business model. But when navigating the world people often want to improve themselves into something they want to be, not fall deeper into the worst tendencies they exhibit in any given moment.
Explain straddling that line ... oh and the third axis is cost.
Not trusting user input is about security. Verify that everything is something which they /should/ be able to do. Think say for a game's bank account. They should never be able to directly change that value without valid transactions to and from.
If they can lose money by writing a check to null that is bad. If they can /gain/ money by writing a negative check to null that is /really/ bad. Also really bad is being allowed to just take money from banks of others without a validated transaction.
Configurability lets them do anything that is in their rights. If they can access their bank balance and set it as part of their signature that is allowed along with say setting their crosshair to display the target HP which they already know. If they can create a custom texture of their bank balance repeated ad nauseam that is fine. So long as they are capable of that stuff already.
Bicking isn't saying you should decide exactly what your users want and give them that and only that. (Well, he's not saying to not do that either, if in a situation where that's doable...) He is simply saying that if your final conclusion is "users want more control", then you're copping out. You are giving up on figuring out what your users really want (whether they know what it is or not), and just throwing options at them in hopes that they'll be able to make something out of them. Or at least stop complaining.
Giving your users control isn't bad. Not figuring out why your users are asking for more control is bad.
In this view, users still don't want control, its just a symptom of the failure to provide what users do actually want.
The truth is probably between these 2 outlooks
That's assuming there's a universal "good" - even if a school meets some general standards one school can have a better arts program, the other might be more biased towards sports, etc. I don't see anything wrong with having choice - having a good baseline everywhere is a separate issue.
I mean they like football, but they also like drawing, but then neither of those are well known for paying the bills. So I still circle back making sure they get a balanced education.
The problem though is that choice is the supposed solution to not having good schools. That may be UK specific though.
No. I want to send my kid to the local school that will be good and I want to go to the local hospital where I will be treated by a well qualified caring medical professional. I don't want to have to create pivot tables.
Yeah, people mostly start asking for control when you make the default experience shitty. They want control to escape the hell they've been put in, but they have to pay a price for it either in money or time. So functionally, "give users more control" is really saying "make the user pay more to use my product."
In an ideal world everything would be bespoke and custom tailored for me, but the idea there is that the tailor knows how to create what I want. Not that I have to go tailoring all my own stuff. I'm not competent enough to do that unless it's my hobby.
OTOH, if "user control" is seen as table stakes or baseline, it can limit the shittiness level that users will tolerate by lowering switching costs.
In the end, I think/fear that on average lazyness wins every time.
then again i ride bikes too and prefer a more active driving experience
Germany is a huge exporter of precision-engineering so there might be a cultural sentiment there.
Not substantially.
>they're more efficient
Not any more.
>they make the most of small engines with limited torque.
Ding. Ding. Ding. We have a winner!
People like manuals because they can choose when to up-shift whereas the guys programming the automatic transmission will program it to up-shift as soon as they think they can get away with (for fuel economy and emissions). With a manual you can let your 1L hornets nest scream along at 4k all the time giving you close to peak power on tap whenever you want it. Basically manuals are a hack around regulations that force manufactures to build cars with performance characteristics nobody wants (under-powered engines and transmissions that up-shift at the drop of a hat). Those regulations are much stronger in Europe so the value proposition of a manual transmission is better there.
Well... performance characteristics that everybody wants -- for everybody else. They themselves want warp drive, but prefer everybody else help hold down the price of gasoline and the carbon content of the atmosphere.
Can't do that with most automatics.
The feeling of slamming into second as you come out of a corner in a little sports car. In an automatic, its just a pedal and the wheel, in a manual you physically engage the warp mode. It feels good, gives a greater sense of power in your actions and also contributes to enjoyable familiar muscle memory. Humans dig physical ritual.
Customization gives control to those who want to take it.
Choice only amounts to control if those choices are meaningful and legible.
They KNOW they don't know better than its users. But they don't want to let users decide, because users would make decisions that go against their own profits, so they remove the choice and lie about why.
A good way to summarize, "users want control," is to note that, "users don't want to be screwed." Users don't want to be put into a situation where they have lost so much power, they don't have practical options, or the only options they have left are punitively unpleasant.
I don't think this is that bad, on its own. Choice is a pain in the ass, so it's useful to have things pick for you, when you don't care to choose yourself (which is very common).
The main issue is that there is never offered a means to correct the algorithm, when it chooses something the user decidedly doesn't want. That is, there's no user-inputted feedback mechanism; they go for implicit tracking like "eyeball-time" to correct the algorithm, despite the user (me) being both able and willing to give an explicit answer. I want Netflix to give me better recommendations, and I'm willing to put in a bit of effort to support that.
But Netflix doesn't want me to help them help me.
And thats just stupid.
Changing from stars to thumbs increased the quantity of data (at the expense of granularity), but didn't change the relative advantage of tracking behavior over explicit ratings.
Now, your ratings may be free of these issues, but that data isn't very useful in isolation, so blame the bad data from other users for the removal of the feedback mechanism.
[0] https://www.netflixprize.com/
[1] https://variety.com/2017/digital/news/netflix-thumbs-vs-star...