Are We Living in a World Where You Can't Opt Out of Data Sharing? (fivethirtyeight.com) 126
Long-time Slashdot reader Mr_Blank quotes the senior science writer at FiveThirtyEight on a new type of privacy violation:
It's what happens when one person's voluntary disclosure of personal information exposes the personal information of others who had no say in the matter. Your choices didn't cause the breach. Your choices can't prevent it, either. Welcome to a world where you can't opt out of sharing, even if you didn't opt in... We all saw this in action in the recent Cambridge Analytica scandal. The "privacy of the commons" is how the 270,000 Facebook users who actually downloaded the "thisisyourdigitallife" app turned into as many as 87 million users whose data ended up in the hands of a political marketing firm.
Much of the narrative surrounding that scandal has focused on what individuals should be doing to protect themselves. But that idea that privacy is all about your individual decisions is part of the problem, said Julie Cohen, a technology and law professor at Georgetown University. "There's a lot of burden being put on individuals to have an understanding and mastery of something that's so complex that it would be impossible for them to do what they need to do," she said...
[E]xperts say these examples show that we need to think about online privacy less as a personal issue and more as a systemic one. Our digital commons is set up to encourage companies and governments to violate your privacy. If you live in a swamp and an alligator attacks you, do you blame yourself for being a slow swimmer? Or do you blame the swamp for forcing you to hang out with alligators? There isn't yet a clear answer for what the U.S. should do. Almost all of our privacy law and policy is framed around the idea of privacy as a personal choice, Cohen said. The result: very little regulation addressing what data can be collected, how it should be protected, or what can be done with it.
Much of the narrative surrounding that scandal has focused on what individuals should be doing to protect themselves. But that idea that privacy is all about your individual decisions is part of the problem, said Julie Cohen, a technology and law professor at Georgetown University. "There's a lot of burden being put on individuals to have an understanding and mastery of something that's so complex that it would be impossible for them to do what they need to do," she said...
[E]xperts say these examples show that we need to think about online privacy less as a personal issue and more as a systemic one. Our digital commons is set up to encourage companies and governments to violate your privacy. If you live in a swamp and an alligator attacks you, do you blame yourself for being a slow swimmer? Or do you blame the swamp for forcing you to hang out with alligators? There isn't yet a clear answer for what the U.S. should do. Almost all of our privacy law and policy is framed around the idea of privacy as a personal choice, Cohen said. The result: very little regulation addressing what data can be collected, how it should be protected, or what can be done with it.
Yes, so limit what you share (Score:2, Informative)
Re: (Score:2)
Re: (Score:1)
But laws like GDPR do. Glad I live in Europe.
Too bad the US government is a massive pile of shit that cares more about fear mongering and big business than it does the people.
Re: (Score:2, Insightful)
But laws like GDPR do. Glad I live in Europe.
Good for you. I agree that the GDPR offers more protection of individuals than US laws do.
Too bad the US government is a massive pile of shit that cares more about fear mongering and big business than it does the people.
Gee thanks. Perhaps US lawmakers have been a bit reluctant to legislate the digital world to death the past 10 years? It's not all Dirty Donald's doing, ok? And perhaps being regulation-happy means the EU must get it right once in a while? Is that worth it? Well, you decide.
And err, whatever happened to "Old World courtesy"?
Re:Yes, so limit what you share (Score:5, Insightful)
And how is that going to stop Google from reading half the emails I ever send, because although I have nothing to do with them, many people I communicate with are using Google mail services behind other domains and I have no way to even know it's happening? Should I just not send email any more?
How about phone calls? Any friend, family member or work colleague with my phone number in their phone has potentially uploaded it to the likes of Facebook, again without my knowledge or consent. Should I give up on using the phone as well?
None of this is actually new, of course. The Cambridge Analytica mess may have increased public awareness, but getting people to spy on each other has always been the thing that made the data-hoarding social networks most effective (and most dangerous), and plenty of us have been criticising it for a long time.
The recent change is that we're starting to see privacy laws, such as the GDPR in the EU, that either require active consent from the actual data subject or some sort of legitimate interests argument that is specifically balanced against the rights of data subjects, and if the data hoarders can't make that happen (which presumably they won't be able to in almost all cases of shadow profiles and the like) then this sort of collection-by-proxy is effectively going to be illegal.
Re: (Score:2)
None of this is actually new, of course. The Cambridge Analytica mess may have increased public awareness, but getting people to spy on each other has always been the thing that made the data-hoarding social networks most effective (and most dangerous), and plenty of us have been criticising it for a long time. The recent change is that we're starting to see privacy laws, such as the GDPR in the EU...
Pretty much spot on... Prior to computerized social media data mining, realms interested in information gathering relied on more intentional (and undoubtedly less accurate) ratting on each other.
The only flaw in legislation that protects privacy laws is the people who have the most to gain from defying information gathering restrictions have the least to lose when caught in violation of them.
Re: (Score:2)
[and] then this sort of collection-by-proxy is effectively going to be illegal
Well the theory is nice. But I'm guessing that this will be routed through off-shore shell companies and sold back as some sort of service, while the actual data will be as easy to get rid of as leaked nude photos.
Re:Yes, so limit what you share (Score:5, Informative)
It won't matter. EU data protection law distinguishes between data controllers and data processors. If you're pulling the strings, you're generally going to be a controller, even if you delegate the processing.
This is a big part of how the EU is trying to extend its authority extra-territorially. If you're a controller who is violating the GDPR and within the reach of EU authorities, you'll potentially be subject to some very expensive fines once the new regulations come into effect. One way you can be violating the GDPR is by working with a data processor who isn't compliant. And that means data processors outside the EU have to make sure they're compliant if they want business from data controllers inside the EU.
Re: Yes, so limit what you share (Score:3)
Re: (Score:2)
And how is that going to stop Google from reading half the emails I ever send, because although I have nothing to do with them, many people I communicate with are using Google mail services behind other domains and I have no way to even know it's happening? Should I just not send email any more?
When I was on the newsgroups the headers changed to Google using the 10.0.0.0 block (public IP's) to forward pretty much everything.
But this isn't a privacy issue with me as I expect it with Google, and I'm sure in their TOS, I've not read.
Re: (Score:1)
Re: (Score:2)
You can encrypt your emails to solve the email issue.
Not if the person on the other end is reading it through GMail...
YOU actually had to pay money NOT to be in the BOOK.
I'm not in the phone book, and have never paid any money for that choice. You must be looking back a very long time if you had to pay to be removed.
Curiously, that's actually quite a good example of how data protection should ideally work, though. I wouldn't mind someone being able to look up my phone number if it's friends or family or work colleagues who are calling for legitimate purposes, but the books started getting abused by people who
Re: (Score:2)
Last time I had a landline was ~12 years ago, and I'm fairly sure you got listed in the white pages by default. I don't recall if they charged extra for unlisted numbers, as I never had one.
(Wait a sec...the second line on which I used to run my BBS and that I then used for demand-dialed Internet access before I switched to cable-modem service was unlisted, a
Re: (Score:2)
If you're worried about your phone calls being listened in on, then don't discuss sensitive subjects on the telephone, do it in person, in private locations, away from anyone or anything that might be listening.
If you're worried about Facebook/Twitter/whoever on the Internet snooping into what you're doing, then you'll have to decide whether or not these so-called 'services' are worth the intrusion into your private life
Re: (Score:2)
If you're worried about Google snooping in your email, then don't use Google anymore.
Sorry, but you totally missed the point there. I don't use Google for my mail, but I have no way to determine whether anyone else I'm communicating with does. If I'm sending a message, it's for the intended recipient, not for Google to profile me without my knowledge or consent. But the third party spying doctrine says Google have the technical ability to profile me anyway.
If you're worried about your phone calls being listened in on
Again, I'm afraid you totally missed the point. It wasn't about phone calls being monitored. It was about people with apps that upload t
Re: (Score:2)
Re: (Score:2)
Well, arguably the central premise of this discussion is changing things so you do have more control over data and aren't just getting spied on by proxy all the time, without having to cut yourself off. So I'm not sure what point you're trying to make here. Yes, the situation has been bad. No-one is disputing that; it's why laws are starting to change to address the issue and why this subject is interesting right now.
Re: (Score:1)
Re: (Score:2)
GDPR does indeed strengthen things though because you have more rights in saying how your data can be used, and as you say, you have to actively consent to it being handed over and used, and can withdraw permission for certain usage - you could for example agree to Google's over-reaching usage policy, then subsequently withdraw consent for use of your data for marketing for example, it's up to Google if they want to then refuse your custom at that point and wipe everything they've ever known about you from all their systems.
One of the curious things about the new law is that businesses might not be able to refuse your custom even if you withdraw consent. The choice to give consent has to be meaningful, and if it's fundamentally tied to getting something else then it's been coerced.
This is one of the controversial things about the GDPR, because some businesses -- including the likes of Google and Facebook -- rely on consent to process people's profiles for the purposes of targeting ads, and those ads are how they fund their bus
Re:Yes, so limit what you share (Score:5, Insightful)
Do I have to limit the amount of semen I deposit into your colon when fucking your ass?
All I can say is Thank Goodness your semen is going into an orifice in which reproduction is an unlikely outcome.
Re: (Score:2)
Re: (Score:2)
Utilities usually run a credit check on you so giving them fake information doesn’t usually work.
Re: (Score:1)
Re: (Score:2)
All you have to do is not use your real life information when signing up for services. Same goes for utilities.
I've used www.fakenamegenerator.com for many years now, mostly on Rooted Android devices.
I'll reroll the info till I get something close to home.
This would be used on servers and such, no money involved.
Re: (Score:2)
Disinformation doesn't mean doodley, even if you come out of a Tor node exit. They characterized your browser long ago, and by probing your browser's state, they know who you are.
You surfed enough to different places to get a capture that shows your activities. They get your logon name, because you didn't use plugins that tell your browser than you're doing a cleartext post from within an otherwise https site. They look and cross-ref that ID, because you're lazy like everyone else.
They know who you are. It
Could copyright be the answer? (Score:1)
Say we gave everyone by default the copyright to their own personal information, as an intrinsic human right. Then nobody can copy your data without your permission, or else you can sue them. We've already established that personal data is worth money. Well, I don't want people copying that shit and making money off it without showing me any of the profit.
Re: (Score:2)
Public records (Score:5, Informative)
If you want real protection, you're gonna have to change the way records are made and kept public. FB is an easy target (and Slashdot stories in the past few months show how obsessed people are with FB, but not anyone else), but it's not as big of a deal as large aggregating data companies like LexisNexis. And where do they get the bulk of their data? Public records.
Mortgage records, public housing data, court records, public directories, etc. They've got other stuff, of course, but the public stuff are all the things that can really screw with you (compared to your advertising preferences, which is the bulk of what FB, Twitter and others deal in). But anyone interested can do the same as those companies do, with just a visit to the local courthouse or library.
The problem here, however, is that public records are important for everyone. It's good and important to know who owns property. It's good to know who's involved in a court case, who's been sued, and who owns a business. So do we limit this information? Or somehow limit how it's collected? Are there free speech issues involved if individuals are allowed to access public information, but companies can't? Does the answer to that question change when it's the private companies that make the data useful to the public (because otherwise, it's hard to get at, all in one place)?
There are a lot of questions, and the answers are never as easy as "just stop sharing things" or "Make Facebook stop". Living in a large society necessitates having public records easily available, for the sake of all of us. And feeling high and mighty because you don't use Facebook is just fooling yourself. This is a complex issue, and we'll need to decide what we want to give up for the sake of the privacy we think we need/deserve.
People forget the IRS... (Score:1)
A few years back they were pushing 'mandatory e-file' if you had certain kinds of tax filings. The interesting part? eFile was only available through third party companies, not the IRS itself.
They will just find some other way to violate our privacy by outsourcing it to a third party then legally mandating it. Americans are screwed without a major shift in our legislative priorities.
Re: (Score:1)
Americans are screwed regardless. The American "Empire" is in decline. Unless that changes, and it won't because that would mean those in power would loose some of it, their government will only increase their survailence and intrusion into the lives of their people. Why? Because they know they've screwed the pooch, and they want to know when the revolution starts getting organized, so they can squash it before it becomes a threat to
Re: (Score:2)
Re: (Score:3)
Unless your friend also takes a photo of you sitting in the car and uploads it with location data embedded, no one is spying on you.
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
The problem here, however, is that public records are important for everyone.
Years ago, a local weather (news?) figure was arrested in a weird hot-tub death. With dog collars. And what-not. Fine, whatever.
But I looked up the public police report (PI stuff redacted) and was able to access it. From home. Late Saturday night. In my underwear no less. (TMI, I know.)
But that's my point -- it's public, but it's public ALL of the time from anywhere. Anybody, anywhere could and probably still can access up that report Should some records be accessible "in an office" or with som
Re: (Score:2)
If you want real protection, you're gonna have to change the way records are made and kept public. FB is an easy target (and Slashdot stories in the past few months show how obsessed people are with FB, but not anyone else), but it's not as big of a deal as large aggregating data companies like LexisNexis. And where do they get the bulk of their data? Public records.
Technology is making it easier to aggregate data even if the person is not a user of your services. For example, as facial recognition improves, coupled with tagging, FB and others will be able to identify a person, and as they get more hits narrow down who they are and where they probably live. By trolling other sites such as linked in they can build a pretty good data set which can be coupled with publicly available information. If they can get DL pictures a person doesn't even have to be online for a com
Re: (Score:2)
Re: (Score:2)
You're right. Federal firearms licensed dealers are required to keep records indefinitely; state laws vary though the feds trump state laws. I mean to say background check records are deleted.
Re: (Score:2)
There's no choice. (Score:2, Interesting)
"There's a lot of burden being put on individuals to have an understanding and mastery...
There's no choice. It is the only solution.
You cannot depend on governments to guard your privacy. Snowden's disclosures showed the 5 eyes / 11 eyes / whatever group wants to harvest your data just as much as FB and G.
And even you could trust Norway or whatever, what about all the people who don't live in a nice friendly western democracy? What about those living in repressive regimes?
No, we have to protect ourselves, and take back our digital privacy.
And why shouldn't people be expected to understand w
Re: (Score:2)
"There's a lot of burden being put on individuals to have an understanding and mastery...
There's no choice. It is the only solution.
You cannot depend on governments to guard your privacy. Snowden's disclosures showed the 5 eyes / 11 eyes / whatever group wants to harvest your data just as much as FB and G.
And even you could trust Norway or whatever, what about all the people who don't live in a nice friendly western democracy? What about those living in repressive regimes?
No, we have to protect ourselves, and take back our digital privacy.
And why shouldn't people be expected to understand what they are doing with all of their data? We expect drivers to understand the rules of the road. We expect pilots to understand how to safely operate airplanes. We expect HAM radio operates to abide certain rules to avoid destroying the common medium. Why shouldn't we also expect internet users to act responsibly toward the internet, and stop supporting the worst ideas?
We let anyone flood not the net in the 90's without a shred of comprehension or willingness to learn. We sat by while they made terrible choices, while they made companies like Facebook into international surveillance behemoths, while they spied on we who made better choices by acting as proxies of FB after installing spyware on their own devices.
No... it's long past time to expect better, and for there to be real consequences for those who act poorly, just as we remove driver's licences from people who abuse the public road network and endanger others.
No law can solve this. The solution can only be cultural.
Your post is filled with wise observations and sage advice.
Once rationality is restored to the majority voting populace, it'll be clear to us that the government works for us, and things like our privacy are off limits to the data collection efforts of corporations and governments alike.
We're in, virtually, no danger, unless the slow thinkers somehow out-breed the erudite.
Re:There's no choice. (Score:4, Insightful)
Absolutely. I've never used Facebook, but enough of my friends and family do that I'm sure that they've got an extensive profile on me and there's nothing that I can do about it. Yes, I suppose that I could join, request that my data be removed then terminate my account, but I have no reason to think that they're going to delete anything that they had before I joined.
Yes (Score:2)
Next question.
Been saying it (Score:2)
For a long time I've been saying it: Average Joe forfeited their digital privacy years ago, without realizing it, let alone consenting. Furthermore, "digital privacy" is a contradiction of terms. As soon as your data, any data whatsoever, is posted anywhere online, you lost control over it. Someone being able to read it means someone being able to share it, period.
You can corrupt or falsify your data, but all it takes is one slip.
Have you inadvertently given your phone number to anyone? They might upload it
Re: (Score:2)
And just how useful is a phone number if noone knows it? Note that in the pre-digital days, we had this thing called the Phone Book, which was nothing more or less than a listing of pretty much every phone number (less the "unlisted numbers", which were meaningful right up until "caller ID" came along).
And did you really think that your friends never talked about you to their other friends? And those other friends to still others (we used to call i
Computerized gossip (Score:5, Informative)
We've lived in this world since we learned to speak. People could always tell other about you, spreading gossip and rumours — some accurate, some libellous. Government agencies, private detectives, and organizations like the Inquisition have also kept files on people.
The "new" thing here is that computers are used, which provides for actual accuracy of the information and vastly expands the scale...
Re: (Score:2)
It works both ways, though. Once, after a job-interview, I looked up the prospective boss — and found, he was once arrested during a meeting in defence of Free Speech. Made me want to work for him — and for the company, that employed people like him in positions of authority...
Re: (Score:2)
The "new" thing here is that computers are used, which provides for actual accuracy of the information...
That is the mistake that everyone makes. It does NOT provide anymore for accuracy of the information than previous methods of compiling it. What it does provide for is that the information never goes away, whether it is accurate or not. Or more precisely, it provides for that information to be retrievable. That information is just as likely as before to be accurate or libelous.
Re: (Score:2)
Like digitized music, the information may bad to begin with. But it will not deteriorate with time and each replica will be a perfect copy of the original. That's what I meant.
Re: (Score:2)
Re: (Score:2)
This is also how you fight back. Separate profiles for everything, and loads of fake ones with harmless misinformation that obviously isn't you when anyone checks.
A while back someone demonstrated AI that could build brand new faces from a dataset of celebrities. Sounds like a great source of fake profile images. Unfortunately it will also be used by the Russian and 4chan trolls...
Re: (Score:2)
The "new" thing here is that computers are used, which provides for actual accuracy of the information and vastly expands the scale...
And therein lies the problem. People assume because information comes from a computer it is accurate, and once it is in a database it is hard to correct and keep corrected. The vastly expanded scale also means it is much easier to spread inaccurate information and have it in places besides the original repository, adding to the problem of fixing it.
Many "click through" agreements should be invalid. (Score:2)
One of the foundations of contract law has always been that a valid agreement requires a "meeting of the minds" - that both parties essentially agree upon and desire the outcomes specified in the contract. Somehow this got thrown out the window with the "click agree to continue" mode of doing business. I'm not going to knock long lists of terms and conditions - from a technical, legal standpoint they are often necessary to protect both sides and allow business to be conducted in a reasonable manner, and the
1984 (Score:1)
People may have read it, but did not learn from it. Now you pay the price.
Re: (Score:2)
Plenty learned from it, seeing as how it's an instruction manual and all.
A warning... how cute.
Bad analogy time (Score:4, Insightful)
If you live in a swamp and an alligator attacks you, do you blame yourself for being a slow swimmer? Or do you blame the swamp for forcing you to hang out with alligators?
Yes, I often ponder this as I'm being attacked by alligators in the swamp I live in. /sarcasm
General writing protip: the whole point of an analogy is to relate a situation that's difficult to understand to a more COMMON scenario. I'm more confused by this bizarre analogy, while I understand the actual issue of digital privacy just fine.
Re: (Score:2)
Also, swamps don't have agency. They don't "force" people to do things like hang out with alligators. If you're swimming in a swamp, presumably that's the result of previous choices by you and/or others. The swamp didn't have anything to do with making those choices, so why would you be blaming the swamp for anything?
All this analogy demonstrates is that the writer doesn't understand analogies and possibly even doesn't know what the concept of responsibility means.
Systems that work can be developed (Score:2)
We had this with Oath/Yahoo (Score:2)
We are living in a Global Village (Score:3)
Remember when the term "Global Village" was all the rage? With all the talk about the benefits that a global village would bring, people forgot that there are parts of living in a village that suck. One of those is that there is no place to hide. Everyone knows your business.
So, welcome to the global village.
Sure you can, not all. but a chunk. (Score:3)
The reason they provide these apps/tools and sites is to collect as much of your personal information as they can so they can sell it and market ads at you for the highest bidder.
That is how capitalism works,.also keep in mind these are businesses, they do not care about you, except in the value of selling your personal information/making money on you. If something happens, their goal is not to help make you whole, it is not to get sued.
Welcome to the real world.
Just my 2 cents
Re: (Score:2)
Which is why I never install a mobile phone app when there's no good reason for collecting any further information from me. Often, there's a perfectly functioning website, and you have far more control over what data you provide, and tracking functions from a browser - private browsing modes, adblock etc, than you do with a bespoke mobile phone application.
I recently encountered some online shop, whose web site refused to give out any useful information about the products on offer, insisting that customers
Ask a question... (Score:2)
Maybe.
I blame LinkedIn... (Score:1)
... back when LinkedIn started up, when people created accounts they were asked to grant LinkedIn access to their address book.
If you said yes, aside from stealing all your contacts' info, LinkedIn would send spam email to all your contacts (in your name) asking you to sign up.
I might be very good at managing my digital privacy, but I can't prevent other people from adding my phone number, contact info, etc. to their phones (which will then get stolen/taken by other apps).
Data about a person is personal IP (Score:2)
I think we could figure out a way to state that a piece of data that describes a person (can be tied back to an individual) is the property of that person. And each piece of data is worth a minimum of $1. This is property -- not copyright so there is no "fair use".
The one exception would be public records such as titles, etc. The authorized body would be allowed to store that data with no payment to the owner. e.g. the county court house can record the deeds, mortgage, etc about your house. But they
So What’s New? (Score:3)
Stop with (Score:2)
That removes a lot of the tracking.
Use a browser that can stop the ad, social media and malware requests.
Maybe the trick is not to prevent companies... (Score:1)
Listen to Richard Stallman (Score:1)
"We need laws to stop this data being collected in the first place"
- R. Stallman
Credit rating agencies (Score:2)
The consumer finance industry is absurdly rife with pervasive data transparency contrary to the knowledge and wishes of the people that generate the data.
Finance industry in general is pretty bad with this... they're trying to do the same thing to medical data... just enter everything into a big database somewhere that you opted to share your data through in some giant EULA or whatever and if you say no then you're basically treated like you're Amish.
Its everywhere.
Its the state of things at the moment. If
really? (Score:2)
None of my social media accounts link to my real life. None of them. I tell my friends that theirs should not either and I do not accept "friend requests" and I tell them why not to do that either.
Game over, man. No privacy allowed. (Score:1)
Worrying about whether someone else's disclosure exposes you is a waste of time. There is no privacy left, and the only way to safely live in peace is to never disclose anything to anyone. Once it is out of your mouth, it will be scraped up into the great data bank in the sky, where it will live forever. Historians and researchers in 300 years will be able to determine the precise day when you had a hemorrhoid operation, a tooth filled, or you purchased a new coffee pot. We will never need to speculate
Scott McNealy (Score:1)
Scott said this 10-15 years ago? He said we have no privacy. Get over it.