A common refrain in arguments that we don't need laws to protect privacy is that the market will take care of it. The market can't act against what it can't see. Privacy loss is often irreversible.
A common refrain in arguments that we don't need to reject closed source software to protect privacy is that being closed source doesn't hide the behaviour, and people will still notice backdoors and privacy leaks. Sometimes they do, sometimes they don't.
Parts of the US Governments unlawful massive domestic surveillance apparatus were described in the open in IETF drafs and patent documents for years. But people largely didn't notice and regarded reports as conspiracy theories for a long time.
Information being available doesn't necessarily make any difference and making a difference is what matters.
The market only acts fairly when the product is a commodity. The time for the market to react for a product with the complexity of a mac is decades.
As the ecosystem grows, the cost of switching increases. Therefore market starts acting more and more inefficiently.
This is why countries have state intervention in such cases. And anti trust exists.
If the option was a mac with privacy vs a mac without privacy but $10 cheaper, I'd think the market would pick the mac with privacy. No such choice within the budget exists, and if a company has a monopoly on the ecosystem, then the market cannot react when held hostage. The cost to transition to a different ecosystem is thousands of $'s when you've been using a mac your entire life. It's not like you'd want to relearn many things when you get older, perhaps the sunk cost fallacy as many would define it.
It's a bundled deal, it's not like you can pick the parts you like and throw away the ones you don't like it would be in an efficient market.
If even someone like me cannot be bothered to move to more privacy friendly platforms, then I don't have hope for other people. It's just not worth it. Until the majority face the consequences of their apathy, any action you take is fruitless. Let them taste the pain, then offer the solution.
I know I can be tracked. So what? I can't verify the silicon in my device, can I? Gotta trust someone, maybe blockchain will solve the problem of trust among humans, in a verifiable way.
There's so much wrong with this post I'm not even sure where to start. Literally almost every paragraph starts something untrue. The whole article is written from a false understanding.
If you’re going to claim Schneier is wrong on crypto stuff, you’ll want to bring a suitcase of evidence along if you want people to take your claim seriously.
If you’re going to claim Schneier is wrong on crypto stuff, you’ll want to bring a suitcase of evidence along…
How about $348 billion dollars that says he's wrong about his take on Bitcoin?
Look, I get it. I respect Schneier's knowledge on encryption but he is wrong about blockchains and about Bitcoin in particular.
But he wouldn't be the first establishment technologist/economist/politician to be wrong about Bitcoin.
As I write this, the market cap of Bitcoin is a little over $348 billion dollars [1]; there's no way it gets to this valuation if its distributed trust model didn't work.
He's making social and process arguments, not technical ones.
> How about $348 billion dollars that says he's wrong about his take on Bitcoin?
Market bubbles are a thing. For a while there everyone was convinced that small plush toys were going to help them retire. The market also convinced itself for nearly a decade that "housing prices never go down". Lots of people can be wrong for a surprisingly long time.
Market bubbles are a thing. For a while there everyone was convinced that small plush toys were going to help them retire.
Yes, bubbles are a thing, but Bitcoin appears to be something different. It's passed ever test and attack. It's now being taken seriously by mainstream financial professionals, CEOs of publicly traded companies and Wall Street.
These facts themselves can't prove that Bitcoin is not a bubble but it does mean if you buy into that line of thinking, then encryption and math have to be suspect as well, since Bitcoin's functioning relies on them.
> Also, Bitcoin has been the best performing asset of the past 10 years in which most people didn't take it seriously
You're literally describing the bubble. An asset that is worth $20k one day, and worth $6k 6 months later, is worthless to anyone except speculators, speculating on... a bubble.
You're literally describing the bubble. An asset that is worth $20k one day, and worth $6k 6 months later, is worthless to anyone except speculators, speculating on... a bubble.
This is short term thinking and a general mischaracterization.
First, we've never seen a new form of money created in realtime, so it's hard to say how it's supposed to perform.
However, nobody should expect something that will fairly soon have the same market cap as gold (about $10 trillion dollars) to not have a lot volatility as it grows. The tech darlings of today—Apple, Google, Twitter, etc. were also quite volatile as they grew.
There's a lot of ups and downs for Apple as it went from darling startup to nearly going out of business in the mid-90's to a $2 trillion dollar market cap today.
As you may know, the mantra in the bitcoin community is to HODL—hold on for dear life, not to time the market. For long term investors, the ups and downs don't matter.
> First, we've never seen a new form of money created in realtime, so it's hard to say how it's supposed to perform.
This hasn't changed with Bitcoin. BTC is money like a gold bar, beanie baby, or block of IPv4 addresses is money.
> However, nobody should expect something that will fairly soon have the same market cap as gold (about $10 trillion dollars) to not have a lot volatility as it grows. The tech darlings of today—Apple, Google, Twitter, etc. were also quite volatile as they grew.
Nobody describes the tech darlings as money, or as an alternative form of currency. They're equities you can invest in, and comes with the expected volatility.
> As you may know, the mantra in the bitcoin community is to HODL—hold on for dear life, not to time the market. For long term investors, the ups and downs don't matter.
It's nice that there's a backcronym that's been created from a typo. I still don't invest in money, I use money to invest in assets.
> First, we've never seen a new form of money created in realtime.
Call me when I can buy my latte and groceries with bitcoin, or pay my mortgage. Until then you've made an investment vehicle, not money.
> The tech darlings of today—Apple, Google, Twitter, etc. were also quite volatile as they grew.
Survivorship bias. Pointing to a handful of random successful companies and trying to draw conclusions is literally meaningless.
> As you may know, the mantra in the bitcoin community is to HODL—hold on for dear life, not to time the market. For long term investors, the ups and downs don't matter.
Yeah, this isn't something you actually say about money. Honestly, it would be a kind of cultish thing to say about an investment too. I don't need a mantra for how I invest in my 401k, why does Bitcoin need one?
> A publicly traded company that puts its treasury of $425 million into Bitcoin isn't speculating
That's the literal definition of speculation, a risky one at that.
Schneier is good at times, but he doesn't always do as much due diligence as he should, and he never bothers to interact with his comment threads, answer questions, or publish retractions.
As a result, I've had more than one experience of arguing with people who take his old blog posts as gospel without ever thinking critically about them.
His article denouncing the XKCD password scheme is a gem, he doesn't bother (if it were anyone else I'd be less charitable and say doesn't know how) to calculate the entropy, and then he proposes an alternate scheme he invented that almost certainly provides less entropy and is more vulnerable to dictionary attacks.
I’m actually curious what’s wrong about it? I read it from an outsider perspective and it’s full of very convincing arguments against “blockchains.” You’re absolutely correct that he’s writing from his understanding, but Schneider’s been in the field for decades (more than many Bitcoin proponents are old), so I’m more inclined to believe he knows what he’s talking about than some other random person on the internet.
I think the main reason for the dissonance is that Schneier talks about the trust that happens (and maybe has to happen in real-world scenarios) while the bitcoin community likes to talk about the minimum amount of trust necessary.
You don't have to trust the software, you can verify it or implement your own. You don't have to trust your internet uplink, the protocol would work over carrier pigeons or with dead drops. You don't have to trust exchanges, just exchange bitcoin for local currency with your neighbor. And even if you use an exchange you shouldn't store money there anyways. The minimum required trust is tiny (basically you yourself), but of course as Schneier points out the amount of trust involved in practise isn't nearly as low, and for many people the failure cases are much worse
> You don't have to trust the software, you can verify it or implement your own.
This is a common refrain among software people, but in reality approximately 0% of the market actually rewrites such software on their own. Most people can't code, and the percentage of those who have the time, interest, and specialized programming skills to rewrite their own financial software is an incredibly tiny pool. In practice, you have to trust someone's code.
And auditing doesn't get you very far either. That takes time too, and auditing secure software is really hard. I doubt I could do it, personally.
> You don't have to trust your internet uplink, the protocol would work over carrier pigeons or with dead drops.
Be serious. Nobody does this, aside from maybe as a joke.
> You don't have to trust exchanges, just exchange bitcoin for local currency with your neighbor.
You don't have to, yet everyone seems to. Convenience matters, pretending to the contrary is a fool's game.
> And even if you use an exchange you shouldn't store money there anyways.
Crypto fans say this all the damn time, and yet nobody seems to listen. Maybe because it's foolish advice to give? While this advice is technically strong, it fundamentally fails to understand what people using any financial system want and what motivates them. Nobody wants to turn the process of moving money around into an elaborate song and dance; they want to click a few buttons and have it work. If your system counts on either telling people to avoid the most convenient option to accomplish the task, your advice will continually fail.
I just want to check to see if you read the GP all the way through to the final sentence. You're tearing it apart piece by piece as though the author was making those claims, but you neglected to quote the part of the post that revealed their true opinion.
> The minimum required trust is tiny (basically you yourself), but of course as Schneier points out the amount of trust involved in practise isn't nearly as low, and for many people the failure cases are much worse
This is pretty much how I interpret it as well, in regards to trust.
One detail Schneier misses though is:
> Honestly, cryptocurrencies are useless. They’re only used by speculators looking for quick riches, people who don’t like government-backed currencies, and criminals who want a black-market way to exchange money.
The second statement contradicts the first. People who don't like/trust government-backed currencies aren't fanatics. The way the big banks handle money is quite reckless and dangerous, as we've seen time and time again. And buying drugs for your own personal use should be legal (IMO) but is not. Cryptocurrencies are useful. Maybe not to most people, or to Bruce Schneier, but that (blanket) statement is simply false.
This just feels like moving the goalposts, though. Bitcoin has been pushed as this revolutionary thing that's going to fundamentally change currency and payments for everyday people. It hasn't. It likely won't. Maybe some other blockchain-based currency will at some point, but I'm skeptical of that claim.
Beyond that, Bitcoin as a simple store of value is an incredibly risky proposition. Someone upthread posted a link to an article claiming that Bitcoin has been the best performing asset over the last 10 years, but that ignores the gut-wrenching volatility it's gone through.
And even if you stretch to suggest that Bitcoin has been a good investment, a good investment vehicle is generally not a great currency. If I had a $100 bill that, a week later, was worth $50, I'd be pissed. If another week later it was worth $200, I'd be pleased, but would feel very uncomfortable thinking I can rely on that "currency" to continue to pay my bills over the long term.
I'm not saying Bitcoin has failed or that it's useless in general, but as a generic currency replacement I'd say it's pretty weak and unreliable, mainly only suitable for use by people at the margins, people who often can't bear the risk that Bitcoin foists upon them.
Not arguing any of that. Bitcoin is not very useful as a currency. But I trust bitcoin as a concept more than I trust USD, which is currently being devalued/inflated in favor of the stock market, solely for the gain of people who are more well off than most. I'm not a doomsday prophet nor an economist but the future of the world economy is not looking great.
Bitcoin was created as something that governments/banks/corporations couldn't control or manipulate and that's something that's worth a lot in itself, I think.
And as I mentioned Monero is quite convenient for shopping on the dark web, without government intervention.
If you trust your government, banks, politicians, and agree with all the laws and taxes, then yeah, you might truthfully state that cryptocurrencies are useless. But some believe and argue that governments shouldn't have that kind of control and people should have a higher degree of freedom and privacy.
The “false understanding” is most likely how he starts at the conclusion of “Bitcoin == bad” and works from that instead. But both types of essays are ok. The former is just an “argumentative” or “persuasive” essay, while the latter is akin to a “compare and contrast” one.
> If the option was a mac with privacy vs a mac without privacy but $10 cheaper, I'd think the market would pick the mac with privacy.
I'm curious about this, and there are some ways we could test it if we had access to sales data.
Amazon sells a Kindle that displays ads on the screen while the device is asleep, and a more expensive model without ads. How many people buy the one without ads? (I'm assuming the device sends back a record as to what ads were seen or interacted with, which has privacy implications.)
Hulu has a plan that shows adverts when you watch a show, and a more expensive plan that doesn't. How many people pay for the more expensive plan?
More generally, what's the price spread that would cause most people to flip from buying one version or the other? To use your example, I'm sure most people would pay for a "mac with privacy" if the difference (on a multi-hundred-dollar or $1k+ product) was only $10. But what if the difference was $50? $100?
And that's not even the exact same example, since a "mac with privacy" might look, to the average user, to be identical in operation to the "mac without privacy". Paying more to avoid advertisements has a clear impact on the experience of using a device/service. But knowing that your $X-more-expensive mac isn't sending application launch data to Apple doesn't change your day-to-day experience much.
Apple buyers are in the premium price segment. Kindle Fire or whatever is for the most price sensitive segment.
Companies pay lots of money per user to secure their computer work. They could save lots of licencing by running obsolete software. Companies that do that are hacked, and sometimes mortally wounded. I'm not so sure users price privacy so cheaply.
> The time for the market to react for a product with the complexity of a mac is decades.
This makes me think of the 2 slit experiment as applied to basketballs. There is a period of time that decisions need to be properly considered, presumably simple decisions need little time, and complex decisions need more time. There is also a period of time that is required to make a decision, and a level at which the decision is made.
There are lowly software engineers making decisions like this, some of which may not even percolate to daily stand-up, yet will require the Supreme Court to unpack 10 years from now. And no one really knows.
It's like trying to pass a basketball through a slit. Yes, there's a theoretical interference pattern, and you can calculate it, but you can't do the experiment because you can't pass the basketball through a slit that small (in the case of basketballs, if I recall, the largest slit is angstroms if not smaller).
So in software development, You've got huge uncertainty in the societal implications of some decisions about what information you're going to pass over the network, but you can't even get them all through daily stand-up, let alone to Congress or the Supreme Court. Somewhere along the way, some of them end up on Hacker News with people mis-quoting Eric Hoffer, “Every great security decision starts off as a movement, turns into a business, and ends up as a racket.”
> It's like trying to pass a basketball through a slit. Yes, there's a theoretical interference pattern, and you can calculate it, but you can't do the experiment because you can't pass the basketball through a slit that small (in the case of basketballs, if I recall, the largest slit is angstroms if not smaller).
I know this doesn't have too much to do with the core of your post, but I want to mention it nevertheless: QM does not imply that there is an interference pattern for basketballs. There might or might not exist one, but we would need an answer to the question of measurement to predict one way or the other.
I've never had a non-eInk Kindle, so maybe it is different for them, but I've had eInk Kindles both with and without ads. My first was without ads. Since you can add the "without ads" option to a "with ads" Kindle later by paying the difference, I bought my second with ads to see how bad it was.
Here are the only differences I've noticed:
• With ads, the sleep screen displays some artwork from a book Amazon is selling [1] and some text suggesting you come to the store and buy books,
• The home screen has an ad at the bottom.
Since when I'm not using the Kindle the sleep screen is hidden behind the cover, and when I am using it I'm somewhere other than the home screen 99.9% of the time, I never saw any reason to add the "without ads" option, and when it was time to replace that Kindle I again went with ads.
I suspect that the vast majority of people that buy the "no ads" option up front do so because when they see "with ads" they are envisioning a web-like experience where the ads are all over the place and intrusive and animated and distracting.
[1] Usually a romance novel for me, even though I've never bought any romance novels from Amazon, nor anything even remotely like a romance novel. In fact, I don't think any book I've bought from them even had any romantic relations between any of its characters.
On the eink kindle, I paid for ad removal just in general principles. I probably could have lived with the lock screen ads, but the home screen ad was unacceptable. Vast majority of my book purchases over the past ten years have been ebooks. I’ve gone a bit sentimental in thinking of the book list as my library. And I didn’t want a billboard of any sort in my library. Real or virtual. Have a feeling there are at least dozens of us who are that allergic to ads.
I have also purchased a Fire during a Black Friday sale. Got rid of the ads on that one too, but for free since some nice person over at xda made an automated process for that. On a side note, with Termux it isn’t entirely horrible as a 7 inch laptop when paired with a hinged keyboard case. A portable system at a similar price to a Pi.
Heh. With ads, this was always one of the ways I could embarrass my Bride. You are reading '50 Shades of Grey' or whatever trashy novel shows up on the cover of her gadget. Always makes her blush.
The tracking is somewhat inherent to the software — syncing what page you've read up to in a book between devices (a feature many people find crucial!), cannot really be divorced from having the raw data to create server-side metrics about people's reading habits.
Even if you E2E-encrypt each user's data for cloud storage and have devices join a P2P-keybag, ala iMessage, consider the ad-tech department of your same company as if they were an external adversary for a moment. What would an external adversary do in that situation? Traffic analysis of updates to the cloud-side E2E-encrypted bundle. That alone would still be enough to create a useful advertising profile of the customer's reading habits, since your app is single-purpose — the only reason for that encrypted bundle to be updated, is if the user is flipping pages!
And, together with the fact that your ad-tech department also knows what books the customer is reading (because your device can only be used to read books you sell, and thus books you have transaction records for selling them), this department can probably guess what the user is reading anyway. No matter how much your hardware-product department tries to hide it.
My position on data privacy is slightly different from other people on this site—unlike some, I don’t care all that much if Amazon knows my reading habits, but I do not want it to show ads, provide recommendations, or otherwise tailor my experience based on what it knows. I’m concerned that this “tailoring” puts me in a filter bubble, and locks me in to a narrow set of preferences for the rest of my life.
In this regard, Amazon is among the worst of the big tech companies that I interact with. Google lets me turn off personalization—when I go to Youtube, I see an extremely generic set of recommended videos. But I can’t do it on Amazon.
(I don’t use Facebook, not sure what can be switched off.)
> syncing what page you've read up to in a book (a feature many people find crucial!), cannot really be divorced from having the raw data to create server-side metrics about people's reading habits.
Sure it can. You encrypt the data so the client can read it and the server can't. When you add a new device, you e.g. scan a QR code on your old device so that it can add the decryption key to the new device, and the server never knows what it is.
The next few paragraphs were not originally in the post. And you obviously get less information from knowing the user has updated some encrypted data than having the specific page of the specific book. It is also not inherently necessary for the server to have even that information; it could be sent directly from one device to the other(s) or via an independent third party relay (e.g. Tor).
This. Distributed consensus is easy and cheap to implement when all participants can be trusted (as opposed to the Byzantine problem that I.e. blockchain tries to solve). It’s even easier if you’re ok with approximately eventual consistency with a reasonably high probability of convergence. Page state seems like it fits into this category
For the non-tablet Kindle, I'm not sure if the differentiation between tracking and ads makes a lot of sense. You (well, I at least) already use Amazon to buy the books that are on my Kindle. I guess they could track how fast I read them. But that seems trivial compared to already knowing what I'm reading.
They sold a lot of the ad enabled tablets one black friday for like $80 which seemed like a good deal at the time despite not running google apps which most people desire, having ads on the lock screen, and having the worlds shittiest home screen app for android. I bought one for my wife. If you are lazy or not inclined you can actually pay after the fact to remove ads.
Alternatively you can deliberately break the ad functionality, install google apps, and android lets you change your home screen.
1 and 2 worked but they broke the ability to set your own home so the fix is a hacky app to hijack the home button to show the right home of your choosing. This worked for over a year then they repeatedly blacklisted such apps, then it worked but with a 2 second delay which is basically horrible and extensions started crashing the gmail app.
I wish i could pay for no ads on everything. If there are only like three ad networks for 99 percent of the internet, and they can track me easily, and they know how much I'm worth to them, can't they just email me every month and say, "if you want a no-Doubleclick ad experience next month, it will cost you $4.65, click here to pay." Not like they aren't already doing the tracking, and this would increase the value to their ad customers since they wouldn't pay for views from people who don't want to see ads.
I think its worthwhile trying to test the hypothesys, but i dont think anyone takes privacy on a book reader with the same passion as they do on a mobile phone.
I imagine it more as a tragedy of commons situation. I don't care that much about my privacy right now to sacrifice a lot of convenience. However if enough consumers rejected products that encroach on privacy, we’d get privacy and keep most of convenience.
> I'd think the market would pick the mac with privacy.
What "privacy" means here is a huge issue.
I would not agree that this would be the case.
I think you'll find the majority looking to save 10$, which is almost nothing for many people but a non-trivial amount for most in the US.
> A common refrain in arguments that we don't need laws to protect privacy is that the market will take care of it.
Stronger privacy laws hurt Google, Facebook, and Amazon far more than Apple. Most of Apple's privacy gaffs are just bonehead moves like this one which shouldn't happen, but also don't drive revenue.
I've always thought Apple's focus on privacy (putting aside the current incident) is rather clever as Google have no way to respond. Any improvements to privacy undermine their business model.
You'd think that'd be how it worked out, but funnily enough, it's net negative even when Google actively tries to enhance privacy! Using Apple's privacy-sensitive ad blocker standard made people protest the limitations of a fixed count of sites, and competitors spun it into a way for Google to advantage themselves (details on that somewhat murky, i.e. nonexistent)
We have a long way to go as an industry on keeping users _well_ informed on their privacy, and I'm afraid Apple's set us back years by morphing it into an advertising one-liner over actually helping users along.
I don't look at it that way. I think privacy is secondary to Apple, and that they use privacy as a selling point when it suits them. Their overall goal is tight control over the entire computing experience, and in places where that degrades privacy, so be it.
This isn’t that. I’ve been aware of this for some time, pretty sure it was in the security white paper and talked about as a feature.
People forget about CRLs because browsers mostly ignore them.
People just go crazy for any Apple story because it attracts attention. People have been paying to send all sorts of app launch analytics to AV companies for example since the 90s.
> I’ve been aware of this for some time, pretty sure it was in the security white paper and talked about as a feature.
That doesn't invalidate what the parent said. The only way awareness helps is if it's general knowledge. I don't believe it was, and you personally having known about it doesn't make it so.
Lying to the customer about what your product does, or having secret functionality, should be a criminal offence in the same way as breaking and entering or stalking are.
Then, we would find out very quickly what people value.
I firmly believe this ecosystem (as in privacy violating ad and data selling business model) is only dominant because companies are able to mislead with impunity, so it's basically a form of fraud
But I've also known that macOS verifies signatures for as long as it's been doing it. This was no secret, it was advertised as a feature.
I assumed it wasn't being done in plaintext, because who would be so foolish as to code it that way? and I'm still plenty mad about that. Anyone could have checked this at any time, presumably people did, and the only reason it became a story is because the server got really slow and we noticed.
Apple says there will be a fix next year, which... eh better than nothing, not even 10% as good as shipping the feature correctly to begin with.
But of the many things about this episode which are worthy of criticism, Apple being deceitful is nowhere among them. Never happened.
It was mentioned in a developer presentation with very few details as to how it worked. Apple did not go into details; the information presented here was mostly reversed by app developers and security engineers.
Was it widely known that this feature was implemented as a privacy-leaking phone-home feature? Simply saying "macOS verifies application signatures before running them" doesn't necessarily imply that it's shipping execution data to Apple. All of that can happen offline, if Apple had chosen to implement it that way.
"Mac apps, installer packages, and kernel extensions that are signed with Developer ID must also be notarized by Apple in order to run on macOS Catalina"
Firstly, this is not 'advertised' - this is not a material average apple consumer reads.
Secondly, it does not actually say anything about the OS phoning home and preventing the user from launching an app. The appleinside talks vaguelt of 'Notarisation', something thay can be inplemented in a variety of ways, like signing application with a certificate
Here is a Forbes article (do “normal” people read Forbes?) that says to run apps in Catalina one will need permission from Apple. It even anticipated this problem with the server. Sure, it doesn’t mention sockets but remember this is for normal people and I think people are smart enough to assume that Apple is probably not giving permission to launch an App by carrier pigeon.
There are 100s of articles like this. Gatekeeper was a keynote feature.
- Can you demonstrate the provenance of every phone number, email address and other contact mode on your phone? Note people's birthdays? Sure, you only want to target companies. Make sure you choose your acquaintances wisely, I guess, or make sure you record their grant of permission to email them, because people abuse laws like this to harass each other every single day.
- This also punishes possession, not use. If you think about that for a minute, it should become clear both how this doesn't attack the right problem, and how companies would evade it.
- Finally... how are you going to audit Ford or Geico? Honest question. Who pays for the audit of "every piece of unattested PII on every individual"? How often, what is the dispute mechanism, and who administers that? Seriously - this sounds like a job for a new agency combining significant portions of the IRS, the FBI and PwC.
If companies were immune to data breaches or leaks, then maybe this wouldn't be such a big deal. But I don't trust most companies to securely hold my data, even if they don't use it at all.
And besides, by the time a company uses the data in a privacy-destroying way, it's too late. The cat is out of the bag. Sure, the law against use could serve as a deterrent, but companies will push the law past the breaking point all the time. If you make possession trigger legal action, you can mop these things up before they get to use your data. Sure, you still have the problem of finding out about that possession. But also consider that if you have laws against possession and "bad" use, and a company does something, you can charge them for both things and hurt them more. That's a larger deterrent.
Yes. There are many laws (e.g. accounting) that only apply to companies, when it's scale that amplifies harm.
> possession, not use
How are they different, in this context? The latter requires the former, and the former is unprofitable without the latter.
> how are you going to audit Ford or Geico?
As you note, similarly to how we audit now, albeit hopefully more proactively. If the law requires a signed off third-party PII audit, and holds an auditor legally liable for signing off on one... I expect the problem would (mostly) take care of itself.
PII is always going to be a game of edge cases, but we've managed to make it work with PCI and PHI in similarly messy domains.
Right now, companies have GDPR & CCPA to nudge them in data architecture. National laws would just further that. I can attest to major companies retooling how they handle and track consumer data just due to the CCPA.
I thonk we are both arguing that clear consent must be present, and the customer must have clearly agreed to whatever you are doing with the data - that appears similar to GDPR.
However, how do you prove John Doe has actually agreed to this? What if John says he did not click accept button? Do we require digital signature with certificates, given that most people don't have them or know how to use them?
I think the problem is more tractable for physical products running firmware - there you have real proof of purchase, and, at present, firmware that does whatever it wants.
It's analogous to the credit card fraud problem, no? E.g. disputing charges and chargebacks?
I don't work in that space, but my understanding is that the card processors essentially serve as dispute mediators in those instances.
So it would seem unavoidable (although not great) to have some sort of trusted, third-party middle person between collectors and end users, who can handle disputes and vouch for consent.
Blockchain doesn't seem like a solution, given that the problem is precisely in the digital-physical gap. E.g. I have proof of consent (digital) but no way to tie it to a (disputed) act of consent (physical).
> If your company has PII, then you by law must be able to produce a consented attestation chain all the way back to the source.
So...basically the GDPR? Well, not quite, since the GDPR doesn't require consent attestation, "merely" a legal basis. Of which consent is just one (the most useless one to use as a company).
That's human nature. As soon as something beneficial to few and detrimental to others is banned, those who benefit seek to find other ways to continue benefitting, again to the detriment of others.
This doesn't mean we shouldn't continue trying to stop them.
And we stop them through laws.
Common sense is not that common and human decency doesn't scale.
In the US, the typical citizen commits an average of a felony a day. The legal code and associated regulations are so lengthy no one can read all of them. The tax code alone is 2,600 pages and associated rulings 70,000 pages.
When you have so many laws, they can be applied selectively depending on your political status, or to benefit the regulators or their friends. We just caught the sheriff of Santa Clara extorting citizens for tens of thousands of dollars to get concealed carry permits, which is why many people carry illegally, just like criminals.
Creating a law where non-disclosure of the smallest feature opens you up to government regulators harassment is another avenue for graft and corruption. Like when the EU selectively prosecutes US companies, or US regulators selectively harass companies not in lock step with the current administration.
I think if you really need a nanny state to protect you from your own decisions you should be required to give up all your decisions to the state.
For your argument to make sence you have to demonstrate that this amounts to nanny state.
I don't think it does, I think is fraud. For it to be consequences of of my choices, what choice do I make to select a mobile phone carrier that does not sell data of my location? Such choice does not exist.
You can't 'non-disclose' some 'small feature' of a mortgage contract, of a loan, etc. Personal data deserves similar respect.
Lastly, we can and do have different laws for individuals and multi-billion dollar corporations - you cant use this as an argument when we are discussing securities fraud and banking regulations.
Laws can always be applied selectively. They have always been applied selectively.
The point of laws is statistics: you can't discourage everything, you need to discourage enough to have order.
And there is a middle ground between no laws and giving everything up.
Also, I give up my liberties and obey laws in exchange for protection from many nasty things people do when there are no laws.
Based on your examples and vocabulary ("nanny state" is a clear giveaway), you're American. Go live for 5-10 years in a country with lax or non-existent laws and law enforcement. We call those countries bad names for a solid reason.
> In the US, the typical citizen commits an average of a felony
Sorry but that’s just obvious BS. If it were true, you’d include examples and far more people a certain world leader doesn’t like would be “locked up”.
Perhaps this is why Apple did not ask for permission from the user to add some delay every time the user launches an application. If the user were presented with the choice what would she choose.
If we look at the example of OCSP in the website certificate context, the notion of the delay added by OCSP (not to mention privacy concerns) being objectionable has already been acknowledged. As a result we have OCSP stapling. For some reason, in the Apple developer certificate context, OCSP is deemed acceptable by default.
> A common refrain in arguments that we don't need to reject closed source software to protect privacy is that being closed source doesn't hide the behaviour, and people will still notice backdoors and privacy leaks. Sometimes they do, sometimes they don't.
And there are cases where it's not practical for "people to notice." For instance: a privacy leak that only uses the cell network connection of a phone, which would avoid easily-sniffed connections.
> The market can't act against what it can't see. Privacy loss is often irreversible.
You're not wrong, but on the other hand has "the market" shown any serious signal that it cares about privacy? From what I can see people seem more than glad to trade privacy and personal information for free services and cheaper hardware. Take Samsung putting ads on their "smart" TV's UI and screenshotting what people are watching for profiling, that's been known for a while now. The market seems fine with it.
And I mean, at this point I could just gesture broadly at all of Facebook.
I hear this argument a lot but I think it is exactly OPs point when he says, “The market can’t act against what it can’t see”.
Your average consumer doesn’t know the extent of what they’re trading. Take Facebook, even with high profile stories and documentaries it’s reasonable for your average consumer to assume that what Facebook tracks about them is what they actively give to Facebook themselves.
I’ve had conversations with people that say, “I rarely even post on Facebook” and “If they want to monitor pictures of my food/dog/etc whatever who cares”, without any solid understanding of what even having the app installed alone is giving Facebook.
It's ok, if they will be educated they will care. Just like they care now about not using single use plastics, buying the biggest and most gas guzzling SUV or flying on holidays across the globe.
They won't care even when they'll know. And they might not ever know.
Yes exactly. I don't think an abstract understanding of the costs is enough. If the cost isn't physically or viscerally felt, it just doesn't factor into people's decision making.
This is where the pricing system really comes into great effect. People buy and drive fewer SUVs when gas is more expensive. If we want people to buy fewer SUVs, increase the fuel tax.
Education is not enough, and in fact might not even be necessary at all. Just introduce real costs to capture the "abstract" costs (externalities) and the problem will likely correct itself.
> has "the market" shown any serious signal that it cares about privacy?
Depends on what you consider a serious signal of care. If 'voting with you wallet' is the measure, increasing levels of income inequality, stagnant wages, weakening employee rights through the gig-economy, etc. are effectively taking away that choice, as most market participants cannot afford to make the choice.
Also, what is the paid alternative to Apple or Google photos that allows me to have the same end user experience, without giving up my privacy? "the market" doesn't even have such an offer that I can see. The closest I can find (and that's through here) is photostructure.com, and even that's lacking all the local-ML-foo that makes Apple/Google photos a compelling option over anything else.
> Take Samsung putting ads on their "smart" TV's UI and screenshotting what people are watching for profiling, that's been known for a while now.
Known by who? I'd wager a year's salary that >50% of Samsung TV owners (and bump that number up to >75% of Samsung TV users) do not know this is happening.
No one suggested they are. But they still make it much less likely for the average Joe to put money and effort to protect their privacy, and this is known to those that make major pricing decisions.
We’re talking about Apple here. People who can afford a Mac over a cheap pc/chrome book already have disposable income and are making trade-offs with it.
That is not really true. Many people of lower income will buy a Mac after their cheap laptops break because they perceive them, correctly or not, to be the most reliable and thus less expensive on the long term laptops. Sometimes even second hand.
Also, Chromebooks are not viable alternatives for many people especially of lower income. Having to rely on being always online is an issue when you can't always guarantee having internet. Been there, done that.
> That is not really true. Many people of lower income will buy a Mac after their cheap laptops break because they perceive them, correctly or not, to be the most reliable and thus less expensive on the long term laptops.
This is not true. The tiny user-base of OSX compared to Windows is already evidence that most people are not buying MacBooks.
> From what I can see people seem more than glad to trade privacy and personal information for free services and cheaper hardware
I'd argue that's more of what parent was talking about with regards to visibility.
"Privacy" isn't something anyone can see. What you see are the effects of a lack of privacy.
Given the dark market around personal data (albeit less in the EU), how are consumers to attribute effects to specific privacy breaches?
If Apple sells my app history privately to a credit score bureau, and I'm denied a credit card despite having a stellar FICO, how am I supposed to connect those dots?
> You're not wrong, but on the other hand has "the market" shown any serious signal that it cares about privacy?
Is there a pro-privacy Google out there whose products languished while Google's succeeded?
The Silicon Valley VC network did not fund nor support companies that promoted privacy. I can not think of a single example.
Not a single major venture from SV VC network even attempted to innovate the "business model". We can make machines reason now but, alas, a business model that does not depend on eradicating privacy is beyond the reach of the geniuses involved. It is "Impossible"? I think, "undesirable" is more likely. No one is even seriously trying. Point: money behind SV tech giants is not motivated at all to fund the anti-panopticon.
The salient, sobering, facts are that all these companies are sitting on a SV foundation that was and remains solidly "national security", "military", and "intelligence". The euphemism used is to mention SV's "old boy network".
Ask a representative sample and I wager only a very small percentage of people are actually aware of (1) the breaches of privacy that are happening (e.g. your TV sending mic dumps and screenshots of what you're watching), and (2) the hard consequences of those invasions (that is, beyond the immediate fact that you're being snooped upon), like higher insurance premiums on auto and health, being targeted by your opinions, etc.
To be honest I would expect if you told people "your TV will report what you're watching" they will think "wait, doesn't my cable company already know what I'm watching???"
If you tell them it's the manufacturer this time in addition to the cable company, I'm not sure how many would freak out over the extra entity.
I'm not sure how you'd measure it, but there seems to be a huge disconnect between techie privacy advocates and the rest of the world. The former keeps claiming the latter just doesn't understand, or needs to be informed, but I just don't think that's realistic.
I think it's pretty common knowledge that these companies are harvesting all imaginable data to serve users more / better advertisements and to keep them on the site, yet usage continues to grow despite all the scandals. I think advocates need to make more convincing claims to everyone else that they're being harmed.
In my anecdotical experience, that's not remotely true. Yes there is a disconnect between techies and regular people, in that for us it's obvious that these companies are harvesting all this data and processing it in all this ways and sharing it with all these people, but for the majority of people it's not. Even for you, do you think you fully understand how your data is being utilised and what the consequences are?
I think we've been repeatedly shown that people don't care. From Cambridge Analytica, to what Snowden shared, to voice-based assistants (like Amazon Alexa), every instance is met with feigned surprise and then a collective shoulder shrug.
> Even for you, do you think you fully understand how your data is being utilised and what the consequences are?
I don't think anyone can say with certainty, but I read these threads so I'm quite aware they're collecting and monetizing every imaginable thing they can. It's difficult to articulate any measurable / real negative consequences to me, personally.
> You're not wrong, but on the other hand has "the market" shown any serious signal that it cares about privacy? From what I can see people seem more than glad to trade privacy and personal information for free services and cheaper hardware. Take Samsung putting ads on their "smart" TV's UI and screenshotting what people are watching for profiling, that's been known for a while now. The market seems fine with it.
I'd guess that most of that's due to information asymmetry. Privacy losses aren't advertised(and often hidden) and are more difficult to understand, but price is and is understood by everyone.
Take that Samsung example: it's not like they had a bullet point on the feature list saying "Our Smart TVs will let us spy one what you're watching, so we can monetize that information."
On argument to make is that the market only cares about the majority of their customers, not all of them. If 0.5% of their customers has their privacy busted by a backdoor, or that 0.01% of google users have their account arbitrarily deleted, this percentage of users is screwed like no one and the company doesn't suffer any damage.
As far as I understand it, most vendors ship a single digit amount of apps. If you start the Tor browser, everyone on your network will know. If you start Firefox, everyone on your network will know you started a Mozilla product, most likely Firefox. If you start the Zoom client, everyone on your network knows you started the Zoom client.
I don't think the "it's only the vendor" defense of Apple is any good.
On MacOS, developer certificate requests are NOT done for every application launch. Responses are cached for a period of time before a new check is done.
FYI -- Both Firefox and Safari use OCSP to check server certificates. Anybody sniffing your network could figure out which websites you visit. Chrome still uses CRL; it trades precision for performance.
HTTP is specified in the RFC. Only the developer certificate is checked. OCSP is also used by web browsers to check the revocation status of certificates used for HTTPS connections. Apple leveraged OCSP for its Gatekeeper functionality. This is not the same thing as notarization, which is checked over HTTPS.
> The market can't act against what it can't see. Privacy loss is often irreversible.
I would add that the market can't act to prevent risks that are outside the market and not taken into account by the market.
The big risks from widespread privacy loss are the exploitation of private data by criminals, foreign unconventional warfare by terrorists or hostile states, and the rise of a totalitarian government here in the USA.
Criminal action can to some extent be priced into a market, but the other two really can't be.
> Parts of the US Governments unlawful massive domestic surveillance apparatus were described in the open in IETF drafs and patent documents for years.
Related tangent: for those interested in this topic of "unlawful massive domestic surveillance", I heartily recommend Cory Doctorow's "Little Brother" novels -- esp the most recent, "Attack Surface". They get the technical details right while remaining accessible and engaging regardless of the reader's geek acumen.
This protocol was created so that monitoring infrastructure could reprogram asic-based packet filters on collection routers (optical taps feed routers with half-duplex-mode interfaces), which grab sampled netflow plus specific targets selected by downstream analysis in realtime. It has to be extremely fast so that it can race TCP handshakes.
I don't think it's much of an exaggeration to say that the technical components of almost all the mass surveillance infrastructure is described in open sources. Yes, they don't put "THIS IS FOR SPYING ON ALL THE PEOPLE" on it, but they also don't even bother reliably scrubbing sigint terms like "tasking". Sometimes the functionality is described under the color of "lawful intercept", though not always.
One of the arguments that people made against the existence of widescale internet surveillance -- back before it was proved to exist-- was that it would require so much technology that it would be impossible to keep secret: the conspiracy would have to be too big. But it wasn't kept secret, not really-- we just weren't paying attention to the evidence around us.
> The techniques are described herein by way of example to dynamic flow capture (DFC) service cards that can monitor and distribute targeted network communications to content destinations under high traffic rates, even core traffic rates of the Internet, including OC-3, OC-12, OC-48, OC-192, and higher rates. Moreover, the techniques described herein allow control sources (such as Internet service providers, customers, or law enforcement agencies) to tap new or current packet flows within an extremely small period of time after specifying flow capture information, e.g., within 50 milliseconds, even under high-volume networks.
> Further, the techniques can readily be applied in large networks that may have one or more million of concurrent packet flows, and where control sources may define hundreds of thousands of filter criteria entries in order to target specific communications.
The laws are already there. If you care about this and have some free time you may try to make a complain to the Irish data protection commission.
I'm not sure if it's infringing though. If Apple says that they do not collect personal data and that the information is thrown away and this is done for a legitimate business purpose or for the customers (i.e. protecting customers), it may well be fine according to the GDPR.
Ya no thanks. Top down regulation will just make startups less likely to enter new disruptive tech. The solution is choice, stop using Apple products and all their shadyness stops being an issue.
> Ya no thanks. Top down regulation will just make startups less likely to enter new disruptive tech. The solution is choice, stop using Apple products and all their shadyness stops being an issue.
And since people have demonstrated that they're not appropriately incentivized to stop, that's where the regulations snap in, which brings us back to where we started: there's a need for it.
Solution could just be to regulate based on a tightly managed definition of age. Enable younger companies to have a bit more flexibility in determining their business model as controls slowly snap in as the company ages. There are some pretty clear loopholes that immediately come to mind (e.g. re-chartering the company every few years and transferring assets) that'll need to somehow be managed, but it should be enough to give companies runway to figure out how to disrupt and monetize while coming into compliance with consumer protections.
A common refrain in arguments that we don't need to reject closed source software to protect privacy is that being closed source doesn't hide the behaviour, and people will still notice backdoors and privacy leaks. Sometimes they do, sometimes they don't.
Parts of the US Governments unlawful massive domestic surveillance apparatus were described in the open in IETF drafs and patent documents for years. But people largely didn't notice and regarded reports as conspiracy theories for a long time.
Information being available doesn't necessarily make any difference and making a difference is what matters.