[HN Gopher] Why Privacy Matters ___________________________________________________________________ Why Privacy Matters Author : Clo_S Score : 223 points Date : 2020-09-01 12:31 UTC (10 hours ago) (HTM) web link (thistooshallgrow.com) (TXT) w3m dump (thistooshallgrow.com) | erikerikson wrote: | These discussions never seem to recognize the role of privacy for | empowering oppressors. Shining light into the darkness is the | metaphor used by journalists. What if there was no or drastically | less darkness? | | How would the Uyghur example be different if the Chinese | governments discussions, plans, and actions were public | knowledge? More implementable, if every citizen concerned that | they were at risk ran a self monitoring system that could be | purchased or issued by NGOs or reporters which created a public | document of their treatment. | | What if the German population had been shown the images of | torture and abuse so that they could know what the politics were | doing? What if married soldier's philandering and rape were | shared with their partners? | | What if today in the U.S. the smaller scale oppressions of | domestic violence were thoroughly documented for courts and | automatically detected to provide systemic support? What if "he | said, she said" was a problem of the past? | | What if every government official's behavior was publicly | documented so that any bad actors could be proactively and | clearly identified and their good actions could be commended? | | What if your argument with your partner(s) or friends were | reviewable so that you never had to argue about what you said, | you could check it and apologize for what you said (or be | apologized to) and get back on track to building understanding | instead of entrenching in conflict? | | There are obvious challenges that would need to be thought | through but it might be worth considering. | mindfulhack wrote: | I like this article because it reminds us of the relationship | between privacy and freedom. Important freedom. Freedoms that go | far beyond our computer code. In fact, survival. | oshea64bit wrote: | Maybe I'm missing something, but it seems like the foreword has | little to do with the rest of the article. I was hooked after | reading the beginning anecdote, but the transition to a general | overview of security concepts felt a bit abrupt. I agree with the | general sentiment of the article though. I'm glad that there's | been an increasing amount of attention placed on privacy lately. | [deleted] | XCSme wrote: | So, why does it matter? The article talks about random security | things, that have nothing to do with the title. | yboris wrote: | Somewhat related: _Privacy is Power_ - Why and How You Should | Take Back Control of Your Data by Carissa Veliz | | https://www.amazon.com/Privacy-Power-Should-Take-Control-ebo... | ryosuke wrote: | I'm not sure who this article is meant for. | | If the idea is to convince non-technical people of the importance | of privacy, the article should have just stuck to that. Parts | like the free vs. open source discussion seem unnecessary. | stereolambda wrote: | I don't think that striking high chords, historical and | political, is all that useful when talking to people about these | things. They tend not to take it seriously or at best just file | it mentally with other bad things in the world that they have | little agency about. Of course, you may already get the broad | societal ramifications if you're already in the privacy camp, but | perhaps it's not a very effective entry point. | | (It's another thing if we're talking about politics, not about | individual choices. In pure politics big picture arguments, like | "what if there'll be a dictatorship", might be more proper). | | I would try to frame it, for individual people, as a question of | quality and technical savvyness. If a supposedly hi-tech company | behaves like a scammy phone marketing operation selling you | garbage bundled with hidden subscriptions, we should treat is as | such. They _should_ be able to treat you seriously, i.e. give you | good quality, reliable products for the money, without scheming | behind your back and siphoning all the data they can. Their | business model should be sound without this. If they don 't, it's | just an inferior product and you're being exploited. | | A related point is that I don't like products being sold solely | on privacy. The tone should be more, we provide you an excellent | thing (inside our capital constraints) and of course, it also | respects your data. | | Currently I see a tendency among people to be more-or-less aware | of privacy invasions and their potential, but to think that's | ultimately a fact of life and they'd have to be some crazy nerds | to do something about it. The thinking should be more that | they're using low quality stuff and hurting themselves. (I'm not | saying that you should now go and antagonize people in your | social bubble, just that it may be a communication strategy if | there's an opportunity.) | | Besides, trying to defend ourselves from the future state will be | probably always perceived as kooky. Better do something about | politics directly if you're in a moderately free country. It's | more about rogue actors inside the companies and in the broad | underworld. There was a time when people installed the damn | antivirus. | css wrote: | I do not understand what this article is trying to communicate. | It starts with a rambling anecdote and ends with a list of some | unrelated terms barely tangential to privacy. | levosmetalo wrote: | uBlock orogin is blocking 88% of requests for me. Still, I'm | able to read the actual content. | | I don't want to know how does surfing looks like without | uBlock. | II2II wrote: | This is one of the few times that I found the rambling anecdote | relevant, perhaps because it dealt with a significant | historical period. | | Two things struck me: the Jewish census and the human | smugglers. I would have to look up the origin and intent of the | census, but the moral is that the existence of such records put | people in peril. As for the smugglers, the lesson is that | trusted people can use that information to betray you. | | How this relates to the modern world is an open question, but | the author goes on to suggest parallels: governments | persecuting entire peoples, trusted parties collecting data; | and solutions: being able to inspect what our software does. | rigel_kentaurus wrote: | I loved the anecdote on the Jewish census. Because I am always | struggling to find examples about why sharing information might | not be dangerous now, but it can be later, and you never really | now. | | I wish the article were about that, about what kind of | information we are sharing in the present time, that may come | to bite us back. | | Here is my spin: Information can be used to your advantage | (Relevant ads are good when they work), but it can also be | weaponized (Oh, you search a lot for medical conditions?, maybe | your insurance provider is interested. Or worse like we saw | with Cambridge Analytica, "you seem to be democrat, let me see | if I can bias you a little by hitting you where it hurts") | | Here is my personal take on the situation from my experience: | We are in a data collection period. Google, Facebook, Amazon, | even Apple. Apple might be the worst actually. Silently | amassing and hoarding data, researching the proper databases | that can hold the data. We have seen things coming up in the | last years like NoSQL, like Spark, massive analytical tools and | real time databases. This is the equivalent of building a | weapon. | | Then the time of using that weapon comes. How? I wish I knew. I | remind myself that we are just one CEO away of things being | really bad. We are now under the shadow of people that grew in | a different time, with a different set of ethics. Google still | has the original founders on the board, Tim Cook is of the | Steve Jobs school, Amazon is on its first CEO run. A few | decades down the board, a new CEO gets appointed, and new CEO | finds that he/she just inherited a massive data repository that | can be used whatever he pleased. "Oh, we will never do that"? | Sure, wait for the next guy to change their mind very fast, in | the name of profits, or protecting a stock going down, or less | strict ethics because they didn't live in the time where lack | of privacy can kill you personally. | | Sometimes I hold from sharing my thoughts, because people might | label me as a conspiracy theorist :) But it is indeed on the | back on my mind. | unabst wrote: | The implications were not that bad until companies were able | to obtain enough information to change our minds and change | our votes. Cambridge Analytica weaponized information. Russia | weaponized information. Bots and fake accounts are rampant. | Facebook is a warzone, in the most literal sense of the word. | Their current implementation is a national security threat | and a threat to democracy. And Mark Zuckerberg is that CEO | that let it happen. | | It doesn't matter what information you share. Facebook buys | information from everywhere. They aleady know if your | relationship status even if you leave it blank. That's the | trap. Then their paying customers are given access to you, | based on who they want to convince. | rsync wrote: | "I loved the anecdote on the Jewish census. Because I am | always struggling to find examples about why sharing | information might not be dangerous now, but it can be later, | and you never really now." | | The best example of this is the handwritten notes of the | Tsars Russian imperial intel/police services in the very late | 19th and early 20th centuries. | | Handwritten records and notes stored in shacks that were | retrieved and indexed around (forgive hazy dates) 1905 and | used to track down "revolutionaries". | AnonHP wrote: | > Google still has the original founders on the board | | While technically true, they signed out a long time ago from | what Google ought to be or ought not to be. That much is | evident from Google's actions and the relegation of "Don't be | evil" and all that. | Clo_S wrote: | I see a lot of non-technical people around me who don't get the | importance of privacy. Family who buys Alexa and use Facebook | for everything. I wrote this in an attempt to explain how far | privacy breaches can get, how the implications can be. Then, I | tried defining some security terms that non-technical people | might run into. Security helps protect their privacy, so I hope | to help them make sense of what those terms mean and how they | benefit from them. | css wrote: | Are you trying to equate buying an Alexa device or using | Facebook to your anecdote? I do not really understand how the | concepts are related. | Clo_S wrote: | No, that's not what I said. I'm trying to show what sharing | sensitive information with companies and governments can | lead to. | stickfigure wrote: | Your thesis seems to be "Facebook knows you're shopping | for a new car therefore Nazis." However well intentioned, | it strains credulity. You should make a better case for | why privacy matters. | lalos wrote: | Your thesis seems to be, right now things are good | therefore at no point in the future will a 'bad actor' | government make Facebook comply and facilitate whatever | they need to fulfill their goals. Matter fact, there | could be a long term scenario were the company gets | nationalized or the data centers confiscated and that's | the end of it. This is why other countries don't let | foreign social networks operate in their 'digital soil', | they are aware of the power of it. | | The irony is that this same mentality of 'everything is | good' was the same mentality that people probably had | when they walked over to auto-register on the census as | Jewish back in the day. They just didn't see it coming. | If we can learn something from history is that every | 100-200 years the status quo gets thrown out the window. | AnthonyMouse wrote: | Turn it around. Not "Facebook knows things about you, | therefore Nazis" but rather "Nazis existed as a | historical fact, therefore what Facebook knows about you | is incredibly dangerous." | stickfigure wrote: | What percentage of your purchases do you make with credit | cards? | mhh__ wrote: | When I discuss privacy with a friend who doesn't share the same | liberalism as me (Chinese, make of that what you will), I often | have to point out that it's easy to forget that the spooks will | get into bed with political conspiracy - Watergate, COINTELPRO | for example. There are very few checks and balances in the US, | and arguable none in the UK (You can at least put the US | Constitution on your pocket) | | "I have nothing to hide" should be considered equal to "I have | nothing to say, therefore I have nothing to say" | Koshkin wrote: | The "I have nothing to hide" trope is _patently_ false. We hide | all the time - we hide our private parts under the clothing; in | our dwellings, we hide ourselves behind blinds and curtains; we | hide most of our thoughts by keeping them to ourselves. 99% of | all information is hidden (and should stay that way). | whhone wrote: | I learnt "why privacy matters" from this Glenn's TED: | https://www.ted.com/talks/glenn_greenwald_why_privacy_matter... | epoch_100 wrote: | Related: https://whyprivacymatters.org | chaostheory wrote: | With the existence of shadow profiles, is ideal privacy even | possible unless you live in a remote area with a tech averse | population? What about the census? The data you provide to the | gov is also very sensitive and has a history of being abused (see | the role of the US Census Bureau in Japanese Internment Camps). | However if you don't provide it, it affects gov funding for your | demographic. What about the computer in your pocket? Most of it | isn't open source | leakr wrote: | "is ideal privacy even possible" - It is, but 99% of the world | population won't be able to attain it. Your machines | (smartphone, PCs) can be fingerprinted with a 99% accuracy even | if you navigate using Tor or a VPN. I think | https://panopticlick.eff.org/ can be part of an answer! | tboyd47 wrote: | Satoshi Nakamoto apparently did it. | mLuby wrote: | It is possible. | | A census counts people. It might need to know who's a citizen | or who's eligible to vote, or maybe even generation or sex. It | doesn't need to know name, address, eye color, medical history, | fingerprint, etc. The aggregation provides privacy (unless the | sample size is incredibly small, like in an extremely remote | district). | | Another example is the TSA: their job is to protect vehicles | and passengers, which means preventing weapons on airplanes. | But it doesn't matter who's wielding the weapons. So they don't | need ID to do their job, and asking for it (and worse, | recording it where it can be leaked) is an unnecessary breach | of privacy. | | The general problem is there are incentives for collecting | excessive information and very few disincentives. Laws and | regulation can change that. | maproot wrote: | Privacy tools and OS really matter: privacytoolslist.com | wnd_pn wrote: | I totally agree with you. Unfortunately as of today, people are | not putting enough attention on who they give their sensitive | information to. Data breaches are increasing in number, billion | of accounts are hacked every day (I just discovered one of my | side-accounts got hacked through https://haveibeenpwned.com/), | nevertheless the majority of us is still not protecting its data | properly (perhaps the problem relies on ignoring the problem | itself?). And the situation is even more dramatic in the B2B | market: I work in the cybersecurity industry and every day I see | companies being hit by these attacks. That is why, I always | advice the people I know to start using privacy-oriented tools | that could actually prevent or help preventing something like | this to happen. Like using a password manager | (https://1password.com)to create strong password and store them, | or a secure email system (https://protonmail.com), or "simply" by | keeping your systems and softwares up-to-date or by backing up | your data. | | We, at Cubbit, are contributing to the mission of getting back | our privacy by building a distributed and encrypted cloud storage | service that puts users in control of their data | (https://business.cubbit.io). | devanon wrote: | https://privacytoolslist.com/#leak-test-tools full list of such | tools and many others. And protonmail is anti-privacy. They | have access to emails and happy to give access to any data on | demand | AzuraJergen wrote: | Even when you do intentionally accept to give your sensitive | information to X player, you don't what other players will get | their hands on that data, whether through breaches, sale of | information, etc. | Clo_S wrote: | Oooh yes! The 2nd part of this article is about all the tools I | use that help with privacy and security, including ProtonMail | and Have I Been Pwned! I will look into Cubbit, thank you | wuliwong wrote: | The title of the article is "The Why and How of Privacy and | Security." That should be the title on this HN post as well. | tremon wrote: | ... published on a site that accesses 7 different top-level | domains. And that's even before allowing any javascript to run. | | Oh the ironing. | jacquesm wrote: | Ironing? | | Are we going to see the same comment on every article about | privacy? | atoav wrote: | If you are writing about the importance of privacy, you might | consider what you are doing about it yourself if you want to | be taken seriously. | | It is 2020, setting up a website that doesn't send off the | data of your trusting visitors to third parties should be | totally standard. Yet not even people advocating for privacy | can get this done. | | BTW. one benefit of not collecting and tracking is that you | won't have to show that silly cookie banner. | Clo_S wrote: | Oh I'm well aware and I wish I didn't have to show the | banner. If you know an alternative with which I could build | that website, that doesn't force me to use cookies on | users, I'm all ears | jpttsn wrote: | HTML | rexpop wrote: | This is awfully dismissive. Not everyone with technical | skills in one domain or another are capable of building a | website from scratch, and that's perfectly fine. | leakr wrote: | Yeah that's a great theorical piece of advice. But here's | the thing. In 2020 if you don't wanna self-host your | website and have a resilient and flexible website, you | don't have other options than squarespace/wix and other | platforms using cookies. | Nextgrid wrote: | I use Squarespace and you can configure it to disable any | tracking and not have to show a consent banner. Not sure | about Wix. | sanderjd wrote: | Sure you do. Those may be the easiest ones, but they are | not the only options. There is probably a discoverability | problem though. It's not great if the best way to learn | about the other options is through HN comments... | leakr wrote: | Your "standard" user without any git or HTML/CSS/JS or | command line knowledge hasn't a lot of options imho. | Obviously, self-hosting with https://sitejs.org/ or | something similar would be ideal but when you don't have | a dev/IT background and you're looking for a way to host | a blog there isn't a plethora of viable and easy-to-use | solutions, especially if you don't want to use a service | provided by Microsoft, Google, Facebook etc... I did the | research a few months ago and maybe I missed some options | though? If you have resources I'm interested! | Clo_S wrote: | Yes, that's something I'd love to do differently. The problem | is I don't have the technical skills to build that website | myself. As I said in the cookie banner, I disabled all the | trackers I could. Unfortunately, Squarespace doesn't let its | customers disable _all_ of them, which is extremely annoying. | msc1 wrote: | I liked your article, why don't you check out Ghost? I can | help you spin up a VPS and a Ghost blog if you like in an | hour, pro bono of course. | | https://ghost.org/marketplace/ | addajones wrote: | I would love info on this, I only see their plans. Thank | you! | Clo_S wrote: | Thank you! I've heard of Ghost but it seemed to be only for | blogs, so I didn't think it'd fit. I'll check it again. | leakr wrote: | Ghost is pretty neat! It's self-hosted solution though, | which means that you have to update your OS and the | software (Ghost related or not) on it regularly if you | don't want it to be vulnerable which isn't ideal if you're | not technical and don't want to deal with this. | actiondoes wrote: | If you value privacy and want to post your voice anonymously | online, then don't use or even support tools that you cannot | understand. Who cares if things dont look "professional". If | they are professional then they probably were created by | someone you don't know with intentions you don't know. A | perfect blogging site in my mind is one that you own, hosted | using a domain with privacy protection and is written in code | that you can understand. Basic code knowledge is a must if | you want privacy | Karunamon wrote: | You may wish to give Wordpress a look. It's infamously easy | to install, and will happily run on a $5/month digitalocean | VM. Installing a caching addon (one or two clicks from the | store) will make a site that can survive being linked to | directly on HN. | | Last I knew Squarespace had an export option, so you might be | able to just bring all your content over without much hassle. | Clo_S wrote: | Thanks! I had a WP site before, but it was getting too | complicated for me. I have basic CSS skills, but they | weren't enough so I was always asking my SO for help. I had | plugins to update but I was never sure of how safe they | were, if they were going to break the site, etc. With the | skills I have, something like Squarespace is more | manageable and easier to tailor | user5994461 wrote: | Get a fully managed wordpress from wordpress.com. That | will cost you a few dollars per month and you won't have | to manage Linux/PHP/SQL or any plugin. There is a bunch | of themes included that look pretty good overall. | | GitHub Pages are also a good suggestion but they don't | come with comments, stats or themes. There's quite a bit | of development and design to do to match | squarespace/wordpress. | leakr wrote: | Unfortunately WordPress is a pain in the butt to maintain, | every plugin and even the core is a security liability if | you don't auto update everything (which is likely to | randomly wreck your blog someday) and Wordpress's default | configuration (with its XMLRPC API) is far from perfect. | tremon wrote: | I guess the cookie banner only shows up after enabling | javascript; at least, I never noticed it (reader mode worked | fine for rendering the text). | | As for the content, I think it's a bit all over the place. | You start with references to abuses of vast data stores, and | then immediately jump into a technical expose of personal | protective measures, but the introduced concepts have no | relation to each other, nor do they appear to protect against | the abuses that you started out with. | | What was/is your intended audience? | mhh__ wrote: | I would have a look at GitHub pages, for a static site it's | really all you need (blog, right?) | | I haven't actually used it for anything yet but I have a | script that turns LaTeX into nice looking HTML pages, saves | messing around with the CSS for hours. | Clo_S wrote: | Thanks! I've heard of GitHub pages, and yes I just need a | static site. I'd have to look if I can allow newsletter | subscription with GitHub pages. | jedimastert wrote: | You could try MailChimp. I've used it for a few gigs | StavrosK wrote: | You may like Quick Site (https://quicksite.stavros.io/), | which I made for exactly this purpose. | Clo_S wrote: | Thank you! I've bookmarked it, I'll look at it with my SO, | he's the more technical one :D | StavrosK wrote: | Great, hopefully it won't be too hard to set up. | zygy wrote: | Nice work, this looks cool! | StavrosK wrote: | Thanks! | encom wrote: | uBlock says 9 domains, and the article starts with a "trigger | warning". Hard pass. | driverdan wrote: | > the article starts with a "trigger warning". Hard pass. | | You're passing because someone is attempting to help people | with mental health problems? Perhaps the problem is with you, | not the warning. | rexpop wrote: | It's truly horrific how many people are disdainful of those | of us who have PTSD, as though this "weakness" were a moral | failing, and therefore also a moral failing to accommodate. | encom wrote: | Or perhaps the problem is taking a concept that is poorly | understood by most, and running it into the ground until it | loses its meaning. | | Triggers and warnings are concepts that are absolutely | real, but in most usage is instead a fad and a virtue | signal. That much is obvious in this case, when the author | puts up a warning for authoritarianism. Please. | mhh__ wrote: | > trigger warning | | I dislike them, but I have met people who genuinely do not | want to think about bad things. I can accept the viewpoint, | but these are the people that turn a blind eye during | genocides. If you really can't handle discussing topics like | these I don't mind a warning, at least rather than self- | censoring. | | However, I'm reminded of the fuss that was made over the term | "Joyplot" due to the term Joy Division - ignoring that band | is named after the historical term as an artistic statement, | it just seems like pandering into the void. | mLuby wrote: | If you saw your family and friends murdered in a genocide | and were understandably traumatized, it's reasonable to not | force you to relieve that experience unprepared. A trigger | warning for genocide would help you emotionally prepare to | engage with the topic, or if you're still not ready, to | avoid it. | | It's not for society at large to dismiss controversial | topics (though some people mistakenly use it that way). | 1vuio0pswjnm7 wrote: | If you control your own "DNS" this site does not access any of | those different domains. I do this, for speed and reliability, | not privacy. When I access this site, the only domain my client | accesses is "thistooshallgrow.com", which is hosted on | squarespace. That hosting company requires a UA in addition to | Host and Connection headers otherwise no others are required. | Most sites do not require a UA header. I like to control the | headers I send, too. Not for privacy; I just like the control | and minimalism. This site, like most any site, works just fine | for me in a text-only browser. I read the same content as | anyone using a "modern" browser, minus the ads, tracking or | other nonsense. I see no irony. Except perhaps that you are | using a browser that defaults to enabling those automatic | accesses to different domains, a browser that is in fact | supported by the web advertising industry. You need an | extension to modify the program's behaviour to block ads, etc. | [deleted] | teddyh wrote: | I vastly prefer Bruce Schneier's take (from 2006): | | _The Eternal Value of Privacy_ | | https://www.wired.com/2006/05/the-eternal-value-of-privacy/ | Clo_S wrote: | Oh thanks, I'll give it a read | matz1 wrote: | So privacy matters because the information can be used against | you. That is reasonable but hiding information is not the only | the way to fix the issue. | | Knife can be used to harm people, sure you can fix it by | banning/destroying knife but thats not the only way to fix the | issue. | | I'm more interested to solution where we assume the information | will be public and fix the issue that arise due to that. | auslegung wrote: | I think your knife analogy is poor. Banning/destroying data is | not what privacy is about. Privacy is about ensuring no one has | your data who shouldn't. Knife safety also involves ensuring no | one has a knife who shouldn't, such as toddlers. | | Assuming all information is public and fixing the issues that | arise is like giving everyone (even toddlers) a knife and then | fixing the issues that arise from that. There is no fixing the | issues that arise from a toddler having a knife. The solution | is to take the knife away, they should not have a knife. The | same solution is there for data, take the data away from the | people who shouldn't have it, they should not have it. Or even | better, don't get a knife to a toddler/your data to people who | shouldn't have it in the first place. | matz1 wrote: | >Privacy is about ensuring no one has your data who shouldn't | | Yes and that is because that someone can use it to harm you | and you'll suffer. Ensuring no one has your data who | shouldn't is only one way but not the only way to prevent the | suffering. | | Let say you know my credit card account number, the reason I | don't want other people to know the number is because it can | be used to stole my money. | | But what if there is way that even though you know my credit | card number, you can't stole my money, then having my credit | card number public would not be an issue for me. | | Analogy is not perfect, but with knife, my point is we let | everyone to easily obtain knife even though we know that it | can be used to harm people. One way we do this is by having a | severe enough punishment as a deterrent for people who use it | to harm other. This is what I mean by fixing the issue that | arise due to easily accessible knife. | auslegung wrote: | I'm fairly certain we will always require privacy. If I | have your credit card number and I want to use it to hurt | you, I can, unless there's something else I need that I | don't have, perhaps a security code. If someone can figure | this out without needing privacy that'd be pretty | phenomenal, but my little brain can't conceive of such a | thing. And until then, we need very strong privacy. | matz1 wrote: | The solution for the credit card problem would be hard | but there are plenty of situation where the solution is | not that inconceivable. | | One way that it may work is if there is way you can trace | any transaction good enough so that you can't use the | credit card number without revealing yourself. | | Another example would be if I'm gay. This information can | be used to really hurt me in the past but not so much | these days. Sure I can hide this information to prevent | people to hurt me but I rather to fix the issue of the | need of hiding it in the first people. | | I would imagine if people can hide being gay perfectly | there wouldn't be that much acceptance today. ___________________________________________________________________ (page generated 2020-09-01 23:01 UTC)