Why Online Privacy Is Broken 220
Trailrunner7 writes "One of the more trite and oft-repeated maxims in the software industry goes something like this: We're not focusing on security because our customers aren't asking for it. They want features and functionality. When they ask for security, then we'll worry about it. Not only is this philosophy doomed to failure, it's now being repeated in the realm of privacy, with potentially disastrous effects. A quick search of recent news on the privacy front reveals that just about all of it is bad. Facebook is exposing users' live chat sessions and other data to third parties. Google is caught recording not only MAC address and SSID information from public Wi-Fi hotspots, but storing data from the networks as well. But the prevailing attitude among corporate executives in these cases seems to be summed up by Google CEO Eric Schmidt, who famously said this not too long ago: 'If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.' If you look beyond the patent absurdity of Schmidt's statement for a minute, you'll find another old maxim hiding underneath: Blame the user. You want privacy? Don't use our search engine/photo software/email application/maps. That's our data now, thank you very much. Oh, you don't want your private chats exposed to the world? Sorry, you never told us that."
User generated content belongs to the user... (Score:5, Insightful)
If we had continued improving on P2P instead of giving in to centralized servers we wouldn't be there...
Ignorance, not indifference. (Score:5, Insightful)
I would think (and hope) that customers aren't asking for it because they're not aware of the risks, not because they don't care. Like when people stop using debit cards everywhere only after their card gets duplicated.
We just need legislation (Score:4, Insightful)
The actions made by these companies, right or wrong, are legal. You can't expect companies (or governments... or individuals) to stop doing this if it is convenient, profitable, and legal. We need some legislation that basically says that they can't publish, transmit, or sell personal information without prior consent. And that any such release - intentional or accidental - must be reported to the individual.
In the US, we have such legislation but it only applies to medical information. That is silly - there's just no reason for companies to be giving this stuff out.
Actually, let me go a step further -- they shouldn't even store this information. I walked into Target and returned some merchandise. It was really simple -- because they kept my credit card on file. I never told them they could do that. As I walked away, they said "Thank you [my name]" so they knew that too. Why is it okay for a store clerk to have this? Why did my credit card company give out the credit card number and name? They don't need that. They need to know "User 81234756897 authorized purchase for $57.34 to vendor 9234857 on 2010/05/23 17:24 with authorization #239485768934." That's it. It should have been illegal for my credit card company to even give the information. Then for Target to store it. As a nice side-benefit, this also prevents fraud since no one in the chain can use my credit card.
Online privacy never existed (Score:3, Insightful)
There is no online privacy, anything you do online is public. If you would not say it in public do not say it online.
Odd and Misleading Summary (Score:5, Insightful)
One of the more trite and oft-repeated maxims in the software industry goes something like this: We're not focusing on security because our customers aren't asking for it. They want features and functionality. When they ask for security, then we'll worry about it.
Let me counter that with one the more trie and oft-repeated maxims from businessmen in the 80s: Don't you worry about security, let me worry about blank.
Not only is this philosophy doomed to failure, it's now being repeated in the realm of privacy, with potentially disastrous effects.
And yet Facebook thrives and not until last week did Google offer secure searching and they're a giant. Sounds to me like companies that don't worry about privacy are doing pretty well -- maybe even the industry leaders. Maybe they're on to something about it being unimportant to the consumer?
A quick search of recent news on the privacy front reveals that just about all of it is bad.
Oh give me a break. Ninety percent of news stories are negative. Because it sells eyeballs. Really, do you expect a news article about the really great privacy that Slashdot offers Anonymous Cowards to appear? When privacy works, it's not news. Hell, when privacy is kept intact people don't even know. Your reasoning here is severely flawed.
Facebook is exposing users' live chat sessions and other data to third parties.
Yep, marketing's a bitch, ain't it? But then again, we're getting Facebook for free and I don't think there's been any case of someone suffering serious harm from Facebook dumping a chat to marketing. Certainly unsettling but has there been any sort of actual case of abuse and harm to the user? I use Facebook and I don't care much. I'm putting my data on their servers and they had me agree to some BS impossible to read ToS so I just mitigate that by keeping anything sensitive off it. If Diaspora takes off -- hey, great -- but until I can communicate with all my friends and family on it who are half a continent away no thanks.
Google is caught recording not only MAC address and SSID information from public Wi-Fi hotspots, but storing data from the networks as well.
"Caught?" That's funny. If you don't want to "catch" people "recording" your shit, stop broadcasting it and put some encryption on it and use a hidden SSID. You know, like the hundred or so Slashdot posts have pointed out.
But the prevailing attitude among corporate executives in these cases seems to be summed up by Google CEO Eric Schmidt, who famously said this not too long ago: 'If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.'
"Prevailing?" So prevailing that you need to reference a half a year old quote that is about all we have of that attitude. That's the predominant force out there? Care to come up with more companies using that sentiment? Care to put that quote into context for me [slashdot.org]? Put the pressure on them and the companies will change. Fact is that nobody's putting any pressure on them so why should they stop doing something which allows them to better market to you with ads and make more money?
If you look beyond the patent absurdity of Schmidt's statement for a minute, you'll find another old maxim hiding underneath: Blame the user. You want privacy? Don't use our search engine/photo software/email application/maps. That's our data now, thank you very much. Oh, you don't want your private chats exposed to the world? Sorry, you never told us that.
[citation needed] Prosecutor is leading the witness. Seriously, you're putting words into their mouths. Evil, yes they are. Saying that they claim your data is now theirs by way of their actions is ridiculous. Then from there y
anyone vs everyone (Score:5, Insightful)
Google CEO Eric Schmidt, who famously said this not too long ago: 'If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.
There are very few things that I don't want anyone to know, there are a host of things that I don't want everyone to know.
Re:We just need legislation (Score:4, Insightful)
Has it ever occurred to you that some customers actually like that kind of customer service? That's why you can't just ban everything and make everyone happy - some infringements of privacy have good uses, and some people actually prefer convenience to privacy. Letting the free market sort it out, with some companies offering convenience and others dedicated to privacy, is in my mind the best solution.
I call TROLL (Score:5, Insightful)
Both the Facebook chat bug and the Google recordings are unintentional mistakes. If they show anything, it's that completely bug free engineering is hard to do. I think we knew that already.
The Schmidt quote is just a statement about how this flawed world is, not how it should be.
The concept of privacy in these times and the future is a very interesting topic, but this post is just a whiny mini rant, not a serious attempt to understand the real issues.
When ads are more important than users (Score:5, Insightful)
The whole idea of "if you don't want it public, don't put it on the internet" always reminds me of this Onion video:
Google Opt Out Feature Lets Users Protect Privacy By Moving To Remote Village
http://www.theonion.com/video/google-opt-out-feature-lets-users-protect-privacy,14358/ [theonion.com]
There's no reason that we can't have a reasonable expectation of privacy, even in our online lives. Especially from a technical standpoint. If I share some photos with 10 people, and one of those people decides to copy that photo into an email and send it off to 100 people, then that's a social failure, not a technical one. People I trusted betrayed my trust, on a social level.
But on a technical level, I should be able to share videos or photos or journal posts with a small group of trusted people, and be reasonably secure in the idea that only they will see them. That advertisers won't have access to that photo, that an api won't be able to pull the data without permission, etc. There's nothing extraordinary about that requirement, and that it's treated as absurd and unreasonable shows how far we've fallen from a basic perspective on internet privacy.
Open source can fill the gap. Our incentive, as open source software developers, is to provide the best software possible, and to not skimp on important features like privacy and security. We aren't trying to cater to advertisers, or to build empires based on fads and hype. I've been working on an open source, distributed social networking alternative to Facebook (and Myspace and other "walled gardens") that called Appleseed that focuses on strong privacy.
http://opensource.appleseedproject.org/ [appleseedproject.org]
But most of all, by distributing these services, and allowing users to cancel their profile on one site, sign up for another site, and plug right back into the network they lost, it creates a level of competition so that social networking sites *have* to listen to the concerns of their users. They can't take them for granted. Not just in social networking, if we can continue push for open standards, open protocols, open platforms, etc., it means we have some leverage when a popular service decides to privilege it's revenue stream over the privacy of it's users.
When? (Score:3, Insightful)
I just don't get why this is suddenly such a big deal. What exactly did Google do that other's couldn't have? If you leave your wi-fi unencrypted and someone accesses it it's somehow THEIR fault???
If you don't want people to know your business start by not announcing everything you do in a public forum.
Re:We just need legislation (Score:4, Insightful)
Claiming privacy for public actions? (Score:1, Insightful)
Re:Ignorance, not indifference. (Score:5, Insightful)
With a credit card, they're spending the creditor's money. With a debit card, they're spending your money. Even if all the protections are identical, which do you think will inconvenience you more?
Re:Ignorance, not indifference. (Score:5, Insightful)
Apathy is blamed for a lot of things that people really aren't apathetic about at all. One example is voter turnout: they say 50% of voters stay home because they don't care, when the real reason they stay home is they don't see much if any difference between candidate A and candidate B. It isn't apathy, it's a conscious decision to boycott the system.
As TFA notes, security is another one. People complain about their virus-infested computers so they aren't apathetic, they're simply ignorant; they don't know HOW to not get viruses, and they bitch loudly because they bought NcAffee and Norton and turned Windows firewall on and STILL get viruses because they DLed Metallica-FreeSpeechForTheDumb.MP3.exe and played it by clicking the file. They have no clue that the file is an executable, because Microsoft hides the file extension by default.
The same goes for privacy. As TFA (again) mentions, most users want both privacy AND social networking. As the article summarises: "Blame the user? Here's a better idea: Listen to the user."
Fat chance of that happening though. The user isn't the customer.
Re:anyone vs everyone (Score:2, Insightful)
There are very few things that I don't want anyone to know, there are a host of things that I don't want everyone to know.
Takes a single trusted 'someone' to disclose your info to everyone. It's a sad, losing battle. People can say 'happy birthday' or 'sorry that your wife died', 'sorry you got fired,' etc and the damage would be done before you could delete the comment and have a chat about what is too sensitive to disclose freely to your other friends.
You ARE to blame (Score:5, Insightful)
Sorry, but please take some responsibility for yourself. If in fact there is something so important that you don't want anyone to know, then don't do it online, PERIOD. This is nothing new and there are very few if any technological measures that can ever be deployed that will guarantee that your privacy / security will ever be secure. The level of hassle involved with making really improbable-to-break security is really hard and requires diligence on the part of the individual. If Vista taught us anything, it is that users do NOT want real security. They want to do what they want and not worry about how the system does it. Well guess what? The system isn't perfect and neither is the security. We live with the imperfection for the sake of simplicity.
"Facebook is exposing users' live chat sessions"
This was a defect in their IM system. This could happen in EVERY SINGLE store and forward based messaging system (AKA basically all of them).
If you expect each facebook user to generate their own Public/Private key then you're diluted (plus it breaks the online chat thing unless you're sharing your private key with facebook which would defeat the purpose).
If you expect software to be perfect then you're an idiot.
"and other data to third parties"
You agree to this when you clicked through their EULA (which is your fault).
"MAC address and SSID information from public Wi-Fi hotspots ..."
Data was wide open (which is your fault) and the company erroneously captured it.
Re:Online privacy never existed BUT... (Score:3, Insightful)
I'm looking at you, Facebook.
Re:We just need legislation (Score:2, Insightful)
Let innovation take it's course.
Been saying it all along--now will you believe me? (Score:4, Insightful)
Google is an advertising/marketing company. Their motives and actions are consistent with advertising/marketing companies. They seem to be more "generous" than many other advertising/marketing companies in that they give away better "swag" but they are still an advertising/marketing company... and a very successful one at that.
Within their motives you can determine your expectations of them... and altruism isn't one of them.
How Precisely Could P2P Solve This? (Score:5, Insightful)
If we had continued improving on P2P instead of giving in to centralized servers we wouldn't be there...
Alright, I know that a few projects like Diaspora are supposed to utilize this but I am still largely confused by this. Peer to peer implies that by owning my own personal data, it is on my home computer or laptop. Some people only have a laptop and some people like to power down their machines when they're away. So this seems to imply that you need to either have this disseminated to other peers in order for people to access it while you're offline. On top of that if you're disseminating photos or videos, this could get crazy for upload speed. So then your stuff is on another person's machine and who knows if they didn't just take and modified the Diaspora code to record all your stuff. Can you trust their node anymore than Facebook? Sure, it might be encrypted but it's hard to believe that it wouldn't be susceptible to a man in the middle attack or eventually crack the encryption by brute force. So you're kind of at that point back to the same problem as you are with entrusting Google or Facebook with your data. Otherwise you need to pay for a dedicated hosting server and they're not going to be cheap if you're miss popular with thousands of photos and that's not really P2P.
So how was P2P supposed to fix this problem? Especially for people with just a laptop or even like my parents who have a dial up connection out on a farm house with very tiny upload bandwidth. I'm just not getting a clear picture of how the average person would handle this.
Re:Ignorance, not indifference. (Score:4, Insightful)
Re:They said the same about cars (Score:4, Insightful)
Federal safety standards are pitiful compared to insurance company standards.
Federal standards mandate airbags, but only for the driver, not the passenger or side airbags they've been putting in. All of that is coming from the insurance industry - and except for the fact that all drivers must have insurance, it's completely free market. Things like better crumple zones and such are all designed to boost their ratings with insurance companies, because people look at how much the insurance is going to cost them when they think about buying a car.
Re:User generated content belongs to the user... (Score:5, Insightful)
A big problem is simply NAT. Non-technical people are not going to set up port forwarding. This basically broke the Internet, and pushed its development in undemocratic directions.
UPnP partially fixes this, but opens up a whole bunch of other problems, which are even worse.
IPv6 is supposed to fix this for real, but I don't count on it because IPv4 is "good enough," and I bet that it'll be easier for people to keep throwing NAT and subdomains at the problem. E.g., companies don't need to bother maintaining their own webservers and having their own public IPs; the way things are going they'll just point people to "facebook.com/companyName" (I heard an ad do this on the radio yesterday, in fact).
Re:We just need legislation (Score:4, Insightful)
Has it ever occurred to you that some customers actually like that kind of customer service?
Nothing I've said decreases the level of customer service. The return could have been done without them saving the credit card number.
Letting the free market sort it out, with some companies offering convenience and others dedicated to privacy, is in my mind the best solution.
I always prefer free market solutions, but I don't see how to make one work here. The free market only works when the buyer is aware. Companies don't tell me what information they disclose about me. I only find out when I suddenly get charges on my credit card because the store clerk got all my credit information, or because some hacker broke into the stores and took it. I would be open to laws that require them to disclose it to me, but I don't want to read a 25-page legal document to buy something from a store. Since there is no benefit to me from them keeping the information (see the first paragraph for the explanation of why) the restrictive solution is the best one.
Re:Ignorance, not indifference. (Score:3, Insightful)
You overestimate how much the average person cares -- yes, some people skip voting, as a (seriously misguided, IMO) protest boycott. Most of the people who don't vote, however,do so out of apathy, not principle. There's always a third party candidate (at least in the presidential race, and surprisingly often in lesser races) so you can make your voice heard as being in opposition to those parties, and if there were _really_ anything like 50% of people so disgusted with the two parties we currently have, and (more importantly) the voting system that keeps control limited to two parties at a time, you'd think it'd be damned easy to organize a range-vote or approval-vote party whose sole purpose is electoral reform, and consistently get, if not an outright win, a vastly greater popular vote than third-parties normally get.
With computers, you're not half wrong, but it's not like they don't have a browser in front of them -- if they really aren't apathetic, you'd think they'd seek to inform themselves...
Re:Ignorance, not indifference. (Score:4, Insightful)
my check card (debit card that allows you to run it as a credit card anyplace that accepts mastercard, but takes the money from your account with 0% interest owed instead of racking up money you owe to faceless megacorp with 18% interest) has the exact same protections as a credit card.
So, your check card is stolen, your account is zero'd. Now all your legit paid bills bounce. Each individual merchant wants $25 and up, directly from you, for bouncing a check. How does your check card protect you from that? My theory is, it does no such thing.
Also I owe 0% interest on my CC. Simply pay your bill each month, no big deal.
Re:We just need legislation (Score:2, Insightful)
Re:But he's right (Score:4, Insightful)
No he's not, at least not when taken out of context. There are a lot of things I don't want people to know. I color my hair, for example. I'd rather people just think I'm not quite as old as I am (or conversley, I'd rather people not think I'm older than I really am). Hair coloring isn't an illegal act, or even immoral for that matter.
Put into context:
If you shouldn't do something, or don't want people to know about something, you probably shouldn't do it in public.
Now, if you were to substitute "public web site" or "public places on the internet" or even "in a business establishment" for public, you'd be talking about the same thing. See, these are public places, and there's really no expectation of privacy except a wink and a nod.
Now, lets change that and make it a place you own. Your own bedroom. Your own living room. Your cabin in the mountains. Your own server. You can do just about anything you want. Clip that ugly toenail. Watch Glee. Revel in mounted animal heads. Store all your balloon porn. But if you're going to go do those things in the local pub, you probably shouldn't be thinking that they are private.
See, most of these sites are "free" (as in beer). Even if they didn't make money on selling your eyeballs and preferences for marketing, they still wouldn't be private places. There are places on the internet which are private. You can sign up and encrypt all your stuff, and keep the key. But they're not convenient for sharing. Just as drinking a fifth of Jack in your kitchen isn't nearly as much fun as drinking it in a bar with fifty friends.
Privacy isn't dead, it just needs a bit of explaining. Just remember - if you didn't pay for it, it's probably not a private place.
Re:We just need legislation (Score:4, Insightful)
Re:How Precisely Could P2P Solve This? (Score:4, Insightful)
As for distributing the data across the network, it is very easy to solve that problem cryptographically. You encrypt your data, and the decryption key is distributed as part of the "friending" process. In theory, if your friends are out to get you and want your privacy to be undermined, they could distribute the key further, but this is not much different than the current situation, where they could just copy your data from a website and hand it out to people.
The difference there is that your relatively small key holds the potential for everything on your page. If someone copies and mails a few pics of me, big deal. But that key could be easily copied and sent covertly with the copier taking their sweet time to look at all my stuff -- and for how long before I catch on? And how long before key collecting viruses run rampant and phone home to a black market provider's server where all Diaspora data is cached? The killer there is that you'd never even know and two if you had to change your key then you need to refriend everyone to get the key out. I understand how asymmetric key encryption works in PGP but that requires that you have a single person you are sending the message to ... do you need to build a PGP public/private key for each of your friends? Then I guess my next question is where does this decryption take place? Obviously it has to take place on your friend's box otherwise the people in the middle would have your key and your unencrypted data. So your friend logs on to check out your picture on Facebook ... but he's on his netbook so he has to wait to get the encrypted data then decrypt the data on a possibly low CPU intensive device.
... and wait for legal action to get a potential file sharer's key by court order ...
... there's gotta be a lot of storage donated from people getting absolutely nothing in return from using that storage. My gigs of pictures need to be hosted by dogooders who have no access to them when I'm offline and my friends want to see them. I just don't see that sort of mentality happening. People seed on bittorrent because they can use the files that they're seeding but they're not going to be able to use my encrypted files that people might want when I'm offline nor will I be able with a netbook to help them out with hosting their files.
And then when people start posting unlicensed songs and movies to their pages you'll have the MPAA and RIAA trying to sue the crap out of everyone ever connected to it and then they'll start caching as a Diaspora node
I don't know, my imagination just takes off sometimes but it's not like your proposed method is a silver bullet for Social Networking
Re:How Precisely Could P2P Solve This? (Score:3, Insightful)
FTFY
Re:We just need legislation (Score:3, Insightful)
They insist that you send them not only the total but a list of what the person is buying.
Part of that is for their fraud detection algorithm. (Which would not be as necessary if they didn't give out the information).
As for the other stuff - sounds like you should have sued them.
Re:We just need legislation (Score:3, Insightful)
It should have been illegal for my credit card company to even give the information.
You know, I've got a story on this topic. A couple of months ago I bought a piece of furniture (Ikea, got a nice dresser for a nice price). Upon unpacking it, I discovered it was broken. Given that the store is 60 miles away, I waited awhile before taking it back for an exchange. My wife and I finally made it out to Philadelphia with the broken item in tow, only to realize that while my wife thought she had the receipt on her, she didn't.
Their official return/exchange policy requires a receipt, but they were able to look up the transaction by credit card number. Thus, I received a replacement dresser 15 minutes later, and has happily on my way. I'm perfectly fine with them having my credit card information.
If fraudulent transactions occur on one of my accounts (and I have been though that, three times in fact), I simply dispute the charges and submit an affidavit on the matter. Boom, I get my money back. To be perfectly frank, I don't see any value whatsoever in what you're proposing, and it seems to ring all too much of "sky is falling" cries over something that is a solved problem.
Re:How Precisely Could P2P Solve This? (Score:5, Insightful)
The difference there is that your relatively small key holds the potential for everything on your page.
Why does it have to be a global key?
I understand how asymmetric key encryption works in PGP but that requires that you have a single person you are sending the message to ... do you need to build a PGP public/private key for each of your friends?
Why not, it's cheap? You don't have 1M friend either...
Then I guess my next question is where does this decryption take place? Obviously it has to take place on your friend's box otherwise the people in the middle would have your key and your unencrypted data. So your friend logs on to check out your picture on Facebook ... but he's on his netbook so he has to wait to get the encrypted data then decrypt the data on a possibly low CPU intensive device.
It's not so much about encryption solution (that could be worked out anyway) as it is about access control.
The main question is actually how are update going to be disseminated and validated chronologically... beyond that it's already an improvement on the current situation.
And then when people start posting unlicensed songs and movies to their pages you'll have the MPAA and RIAA trying to sue the crap out of everyone ever connected to it and then they'll start caching as a Diaspora node ... and wait for legal action to get a potential file sharer's key by court order ...
FreeNet integration?
Popular files get spread more...
I don't know, my imagination just takes off sometimes but it's not like your proposed method is a silver bullet for Social Networking ...
Nothing is, just much better socially than what we currently have, let's talk about its weaknesses and improve on them :-)
there's gotta be a lot of storage donated from people getting absolutely nothing in return from using that storage.
Oh, like everyone's hard drive is not on average 70% empty or such?
My gigs of pictures need to be hosted by dogooders who have no access to them when I'm offline and my friends want to see them. I just don't see that sort of mentality happening.
The concept of being offline is not really trendy these days and is going away very rapidly in any case, you should really think about running a small home server like Eben Moglen suggested in that case to solve the issue.
People seed on bittorrent because they can use the files that they're seeding but they're not going to be able to use my encrypted files that people might want when I'm offline nor will I be able with a netbook to help them out with hosting their files.
Some people also don't upload on Bittorrent cause they are selfish fools. If we want this to work, just like FOSS, we need to have enough people willing to share bandwidth for the model to work.
And it seems like P2P and FOSS has proven to work up till now quiet well in that respect despite the morons... And in a social case you'd be dealing with your friends who are much more willing to share with/for you.
Re:We just need legislation (Score:3, Insightful)
and the Track-9 data from your card is the only real proof that you were there for the transaction.
I can see how the number was needed before the systems were electronic. But now, they get an authorization number right away. The Auth# and signature should be sufficient for them to go back and prove the transaction was valid.
I agree with your definition of "private data" and I think that is where we need to go. Private, unless otherwise stated.
Also, food for thought:
Actually, your name and credit card number are both encoded on the mag stripe on your card.
Several people pointed this out to me. I think people assumed that I didn't know because I said that the credit card company gave it to the merchant. In my opinion, they did. I never told the merchant my name. And the cashier never looked at my card to read it. So the fact that the credit card company encoded it onto a magnetic stripe, and then I scanned the card into the machine, should not mean that *I* gave the information. That would allow a big loophole.
Now, if it was printed on the card and they physically saw my card then one could argue that I knew it was on there and I gave it to the merchant. But I think the definition needs to be such that the companies can't do an end-run around me by putting my marital status on the card, then making me scan the card, and thus concluding that I told the cashier my marital status. (Or replace "marital status" with "address" or "purchasing history" or whatever other information should be protected).
It could be stronger than that (Score:3, Insightful)
Why should they have to ask for it?
Why isn't our private information considered intellectual property? Corporations try to make every aspect of their business protected, why should consumers do the same? I guess it would require a Supreme Court that not only are corporations considered "people" but that people are considered people.
A corporation can distribute data on a DVD or CD and yet claim that it should be illegal for me to copy and pass that data along. Why shouldn't I be able to give my private information to companies that I want to do business with and expect the same sort of protections?
I'm proposing the People Are Almost As Important As Corporations Act of 2010. I wonder how many legislators I'd be able to get to sign on as co-sponsors.
Re:Ignorance, not indifference. (Score:3, Insightful)
One example is voter turnout: they say 50% of voters stay home because they don't care, when the real reason they stay home is they don't see much if any difference between candidate A and candidate B. It isn't apathy, it's a conscious decision to boycott the system.
You're doing it wrong. If you actually care, but don't want to vote for any of the candidates, then you should vote for a third party candidate, write in a vote, or leave the response blank. That shows you are actually willing to do something. Not to mention, a boycott of the voting system doesn't do anything but give more power to the remaining few who do actually vote. Those people aren't going to feel very motivated to push you to vote.
Otherwise you just get lumped in with the people who are apathetic. And there are a lot of them. Including me at times in the past.
Re:Ignorance, not indifference. (Score:3, Insightful)
The problem is that social networking websites make their money by undermining user privacy;
Since the only exposure that I have had to Facebook and the like is comments on Slashdot and I have never knowingly visited the Facebook website, your comment here strikes me as very odd.
Isn't the POINT of Facebook to get yourself "out there" and be-your-own-celebrity? If so, isn't it contradictory to say "OMG they are stealingj/invading my privacy!" since that's the point of the website in the first place. After all, the only information that they have to "make public" is information that you have voluntarily provided to them for that exact purpose.
What am I failing to understand about this issue?
Re:Ignorance, not indifference. (Score:3, Insightful)
Bitter mods aside this weekend, there's not much of a difference between the two. One you believe what you're told because you enjoy that pov and refuse to look outside your safety box. The other you believe what you're told because you don't know any better, and refuse to examine the data yourself.
Re:Ignorance, not indifference. (Score:3, Insightful)
Of course, the very first customer will say "what the hell, where's the door?" Or if they have a door but a shoddy lock that can be opened by any persistent neighborhood cat, then it may take some time before a house is broken into and something stolen, then they'll say "what the hell is this cheap lock doing on my luxury condo?" And then the manufacturer could say "most customers have had no complaints about people wandering into their houses and are happy with the products we delivered."
The problem is that many people who visit online sites implicitly assume there is security, and so they don't explicitly ask for it. You have to essentially be a pessimist and/or cynic to worry about this stuff, when it should be built in by default.
Not Broken, Changing (Score:2, Insightful)
It's not online privacy that's broken. All that's changing is people's awareness (or more importantly lack of) of what privacy means in the digital connected world.
Street view is a good example, no one bothered to drive around the world taking 360 pictures of everything and logging the gps coords, so before Google did it, that information just wasn't accessible but more importantly it wasn't private either. By making it easily accesible to all, made people jump to outragous claims of privacy invasions. But afaik there isn't a single country where the roads aren't owned by the 'public'. So everyone has the right to go down a street and 'look' and so the drunks, cats in windows and people leaving sex stores with Black Mamba dongs where doing so in public and could have been seen by anybody. Just because Google 'looked' and stored what they saw, doesn't change this fact. If you don't want Google or anybody else to see what your doing, don't do it in a public or publicly visible space. You've never had the right to stop people looking through your windows, but you do have the right to block those windows, that's your choice.
The wifi mac/ssid issue is similar, you are publicly broadcasting those bits of information, anybody can retrieve them from the 'public' electromagnetic waves and store it. You decided to make those bits of data public when you chose to use WiFi tech, the fact you (and a lot of others) don't understand or care how WiFi works is irrelevant. Again you have the choice not to use WiFi.
Similar with FaceBook, you are choosing to publish information to a third-party. At the end of day it doesn't matter what privacy you thought you'd agreed to when you hit 'submit'. You've choosen to make it less private.
I think it boils down to: "People are slowly realising just because no-one gathered or analysed the information before, doesn't make that information private."