Nearly 10 Years After Data and Goliath, Bruce Schneier Says: Privacy's Still Screwed (theregister.com) 56
Ten years after publishing his influential book on data privacy, security expert Bruce Schneier warns that surveillance has only intensified, with both government agencies and corporations collecting more personal information than ever before. "Nothing has changed since 2015," Schneier told The Register in an interview. "The NSA and their counterparts around the world are still engaging in bulk surveillance to the extent of their abilities."
The widespread adoption of cloud services, Internet-of-Things devices, and smartphones has made it nearly impossible for individuals to protect their privacy, said Schneier. Even Apple, which markets itself as privacy-focused, faces limitations when its Chinese business interests are at stake. While some regulation has emerged, including Europe's General Data Protection Regulation and various U.S. state laws, Schneier argues these measures fail to address the core issue of surveillance capitalism's entrenchment as a business model.
The rise of AI poses new challenges, potentially undermining recent privacy gains like end-to-end encryption. As AI assistants require cloud computing power to process personal data, users may have to surrender more information to tech companies. Despite the grim short-term outlook, Schneier remains cautiously optimistic about privacy's long-term future, predicting that current surveillance practices will eventually be viewed as unethical as sweatshops are today. However, he acknowledges this transformation could take 50 years or more.
The widespread adoption of cloud services, Internet-of-Things devices, and smartphones has made it nearly impossible for individuals to protect their privacy, said Schneier. Even Apple, which markets itself as privacy-focused, faces limitations when its Chinese business interests are at stake. While some regulation has emerged, including Europe's General Data Protection Regulation and various U.S. state laws, Schneier argues these measures fail to address the core issue of surveillance capitalism's entrenchment as a business model.
The rise of AI poses new challenges, potentially undermining recent privacy gains like end-to-end encryption. As AI assistants require cloud computing power to process personal data, users may have to surrender more information to tech companies. Despite the grim short-term outlook, Schneier remains cautiously optimistic about privacy's long-term future, predicting that current surveillance practices will eventually be viewed as unethical as sweatshops are today. However, he acknowledges this transformation could take 50 years or more.
Have to? (Score:5, Insightful)
As AI assistants require cloud computing power to process personal data, users may have to surrender more information to tech companies.
Have to? Why 'have to?' This is the part of the AI hype I don't understand. Why are we defaulted to opted-in? Windows does it. Google does it. Any service you use does it. I don't know of a way to opt-out if I want to use my computer and leave the network turned on for my recording system. As nice as Linux is, I still can't get some of my plugins working on it for my DAW system. The DAW itself works fine. But it does me little good if I can't use my drum plugin.
Why is the assumption that we "have" to give up more privacy? Why can't the end-user have any choice in the matter?
Re: (Score:2, Redundant)
Because tracking is still legal.
Re:Have to? (Score:4, Interesting)
I gotta respect the privacy warriors on the internet, but I suspect that they're basically fighting the incoming tide.
Re:Have to? [Prove who you are] (Score:4, Interesting)
Took me a while to figure out what kind of question you were asking before I can even attempt to tackle it...
The superficial answer is because we are stupid about wanting "free" stuff. So we are willing to give up personal information in exchange. I think the deeper problem there is broken economic models that favor anti-freedom monopolists... I've suggested pro-freedom anti-greedom taxation as a solution there, but...
Meanwhile the deeper problem is that they want to know who you are so they can manipulate you. Mostly to sell you junk (including junky political candidates). From that perspective my new interest is in validating human identity. Then we could worry about giving the real people more rights than the sock puppets?
One idea involved interactive personal timelines. Network validation based on places where the timelines overlap between people. But as AI empowers the sock puppets... "That trick never works."
Smart guy, and I enjoyed that book, but... I think we are increasingly screwed and solutions are in a place such that "We can't get there from here." (Reading two more cybersecurity books now. The MIT book was a major disappointment (as I approach the end), but the other one is from a police perspective and has included some interesting ideas.)
Re: (Score:2)
Because users aren't willing to pay what the service would cost with the additional revenue from selling your personal information.
Make it more profitable for them not not sell it, and they won't.
Re: (Score:3)
Because users aren't willing to pay what the service would cost with the additional revenue from selling your personal information.
[citation needed]
One of the major problems today is the often unspoken assumption that the above is true. And yet I know plenty of people who would be willing to pay entirely viable amounts of money, or extra money, for untainted products and services comparable to what we have today. The failure of the market to provide for that group of customers, whose size is unknown but certainly significant, is probably the strongest argument there is that capitalism has failed here and government regulation is needed
Re: (Score:2)
Because users aren't willing to pay what the service would cost with the additional revenue from selling your personal information.
Make it more profitable for them not not sell it, and they won't.
I'm one of the folks that has gone out of his way to pay when there's an option to specifically to avoid this somewhat fallacious argument. I've even dropped services that I was paying for when they've changed terms after I've signed up specifically so that they could justify tracking and selling my information, or because they've started feeding my data to the AI training sets, which is just another way of stating tracking today. Offer us the option. Most of the time, these services just do it and offer no
Re: (Score:1)
Have to? Why 'have to?' This is the part of the AI hype I don't understand.
Beats me, there is a massive amount of freely available open source AI people can download and use on their machines without lame restrictions. If anything AI does the exact opposite giving people access to information in ways that previously required access to an external network.
Why are we defaulted to opted-in? Windows does it. Google does it. Any service you use does it. I don't know of a way to opt-out if I want to use my computer and leave the network turned on for my recording system. As nice as Linux is, I still can't get some of my plugins working on it for my DAW system. The DAW itself works fine. But it does me little good if I can't use my drum plugin.
From group policy editor settings / security / firewall with advanced settings disable rule merging and set default rule for outbound connections to block. Now you can opt to have any software you want to have LAN and or Interne
Re: (Score:2)
I'm using Ted Felix's web page instructions and setup with De
Re: (Score:2)
way off topic but... What DAW are you using? I built a linux based DAW in the last few months and ..well... it's been painful and a ton of learning... but I'm getting stuff done now and know a lot more than I did. Do you know of any plugins or tools that will take a rythmically sloppy midi file and 1. create an accompanying drum track and/or 2. take same rythmically sloppy midi file and recognize the beats and put the bar lines in the right place?
I'm using Ted Felix's web page instructions and setup with Debian/Jack/Qsynth/Rosegarden.
Sorry, man. Drum MIDI was one of my bigger complaints in Linux land. I only ever really used the built in DAW MIdi editors. Mixbus 32c and Reaper both worked well, or as well as they ever work. I wouldn't recommend Mixbus. Stability gets worse as time goes on and they supposedly patch older problems, while creating new ones. I used freely available Drum sample packs and VSTs to get the audio from the MIDI edited in the DAW piano rolls
Training will be the excuse (Score:2)
To quote: "A major privacy win since 2014 is the prevalence of end-to-end encryption for services like messaging and data archiving. But those only work for systems where the cloud doesn't have to do work on your data. One of the promises of AI is personal digital assistants. We are going to want them to train on all of our p
Re: (Score:2)
As AI assistants require cloud computing power to process personal data, users may have to surrender more information to tech companies.
Have to? Why 'have to?' This is the part of the AI hype I don't understand. Why are we defaulted to opted-in? Windows does it. Google does it. Any service you use does it. I don't know of a way to opt-out if I want to use my computer and leave the network turned on for my recording system. As nice as Linux is, I still can't get some of my plugins working on it for my DAW system. The DAW itself works fine. But it does me little good if I can't use my drum plugin.
Why is the assumption that we "have" to give up more privacy? Why can't the end-user have any choice in the matter?
The assumption isn't that we "have" to give up more privacy, the assumption was that by now laws would have caught up so we didn't have to give up more privacy. They largely have in Europe with things like the GDPR but when the US refuses to protect the privacy of it's own citizens (let alone the reality of choosing corporate greed over public good) then we end up in a position where you have to give up more privacy.
Re: (Score:2)
Why is the assumption that we "have" to give up more privacy? Why can't the end-user have any choice in the matter?
Because you do not matter. You can participate or die. They do not care which you choose. There are over 300 million people in the USA who do not matter. Actually, it is likely closer to 350 million that do not matter, but the hundreds of thousands that do matter need a buffer, so those 50 million additional people who do not matter all feel like they do actually matter. But once that few hundred thousand are 100% confident of their position, even the 50 million person buffer will dissolve.
(numbers pulled o
Re: (Score:2)
Why is the assumption that we "have" to give up more privacy? Why can't the end-user have any choice in the matter?
Because you do not matter. You can participate or die. They do not care which you choose. There are over 300 million people in the USA who do not matter. Actually, it is likely closer to 350 million that do not matter, but the hundreds of thousands that do matter need a buffer, so those 50 million additional people who do not matter all feel like they do actually matter. But once that few hundred thousand are 100% confident of their position, even the 50 million person buffer will dissolve.
(numbers pulled out of thin air are approximations)
Are you a government official? Because that sounds like the mentality behind every government decision made within my lifetime.
Getting worse (Score:5, Informative)
Also from Schneier:
DOGE as a National Cyberattack
https://www.schneier.com/blog/... [schneier.com]
That essay is just a few days old, and already there are more examples:
Elon Musk's DOGE asks for access to IRS taxpayer data
https://abcnews.go.com/Politic... [go.com]
Re:Getting worse (Score:5, Insightful)
If it wasn't obvious, this is fascism. We need to trust the state with a lot of information about us, e.g. so we can have a tax system. That data must be strongly protected, both from access and from abuse.
This is the moment. You have to stop this or very bad things will happen. Are already happening.
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
Maybe, but haven't they been breaking laws? Most of what they have done so far seems to be illegal.
Re: (Score:2)
Sure, but they also have ex-presidents that have criminal convictions and at least get house-arrest. Not like the US where the criminal-in-chief simply walks free and gets to crap all over the justice system in addition.
Re:Getting worse (Score:4, Insightful)
Elmo getting tax data does a few things for the fascists.
1. Elmo gets to spy on his competition.
2. la Presidenta and Elmo get to see what the IRS has on them so they can instruct the potted plant they put in charge of the IRS to lose that data.
3. la Presidenta gets to see information on all the people who crossed him, looked sideways at him, walked in front of him, etc.
4. They both get to use IRS data to draw up new enemies lists.
Re: (Score:2)
Elmo getting tax data does a few things for the fascists.
1. Elmo gets to spy on his competition.
2. la Presidenta and Elmo get to see what the IRS has on them so they can instruct the potted plant they put in charge of the IRS to lose that data.
3. la Presidenta gets to see information on all the people who crossed him, looked sideways at him, walked in front of him, etc.
4. They both get to use IRS data to draw up new enemies lists.
You're thinking too small, like a normal person.
It's far worse than that... they get to cross reference that data against your health records, criminal and non-criminal legal records, known associations and memberships, ownership records (property, company directorships, et al.), any time you've applied for planning permission... The whole kit and caboodle The kind of thing that would give the Gestapo or Stasi a wet dream.
And they don't even have the good, god damned common decency to be secret when
Re: (Score:2)
If it wasn't obvious, this is fascism.
Indeed, it is. And it is surveillance-fascism, which is a lot worse than regular fascism. And, as usual, the voter is completely clueless as to what is going on.
Re: (Score:2)
lol, it is FAR too late to prevent this now.
The Democrats spend decades building their nests which allowed an infiltrated Republican party to abuse that security-seeking behavior to get to where they are now. The Christo-Fascists are being taken advantage of too! There is something deeply dark going on here that is far beyond what Democrats encouraged, Republicans embraced, and Christo-Fascists paid for.
All parties are bad, but there is something deeper and more evil. All parties and religions need to be ex
Re:Getting worse (Score:4, Insightful)
How would it be different than the IRS bringing in any other consultancy?
There is no contract.
Re: (Score:3)
If you own a business, you can hire whomever you want. If you're the American government, you SHOULD be using a process to contract out.
Re: (Score:2)
Yes, the OP was kind of confused about these simple things. Probably never had a competitive government contract of any kind.
Re: (Score:2, Insightful)
Are you a bot, or just an idiot?
There are very specific laws that prohibit offloading *my* information to external servers. Trump has no right to bypass those laws.
And just to make it worse he's handing that data off to holocaust-denying assholes who are claiming that known data discrepancies are somehow proof that ~70% of the social security number are fraudulent.
Re: (Score:1)
The USA is a black comedy.
Let grandpa dismantle everything you held dear for 250 years based on the whims of a foreign born avenging angel. No checks, no balances, just Elon.
Re: (Score:3, Informative)
Everyone mad about DOGE and America first, is engaging in conduct that is borderline traitorous.
DARVO! [wikipedia.org]
GFY, traitor.
Re:Getting worse (Score:5, Insightful)
Unvetted, no-contract hiring without proper Governmental hiring oversight.
Lets see.. to get a job as a contractor for the US, I am required to have the following for every employee:
* Current Drug screening test
* Current Citizenship/Work permit documents
* Current, and clearly disclosed to the GAO, list of employees
* Pass all sorts of Safety checkes.
* Pass all sorts of background checks for any job that MIGHT even access Personal information about anyone.
All of these are listed as "publicly disclosable" items that the Government may be requested to pride to the public. This is in the contract used to hiring a contractor, not the law itself. It they are actual Federal Employees then there standards are even higher. If Mr. Musk is an appointed Department head, then he needs to stand before the Senate and be Confirmed. If he is just a Contractor then the contract needs to be vetted like any other.
Most answers will be Pass/Fail when the question gets asked. So I would like to know has Each and EVERY member of DOGE Passed all of these, and Specifically has Mr. Musk passed the Drug test? Remember, THC is still a Class I Drug, and is a Federal offense to have used. Several other Drugs that Mr. Musk claims to use are also Class I, and some are Class II that require medical observation, Medical administering, and close monitoring. These are all tested for in the 'standard' drug screening required by Federal employment contracts.
I would like to see these same answers for anyone claiming to be DOGE, and a clear Federal ID saying they are a member of DOGE before I would let them into my facility. ANYONE can claim to be DOGE, so unless you can back that up with the proper ID (which requires the other screenings) I will block entry. I will also block access to any information that I have under my control from them. Once they follow proper procedure then they may have access, but even that would be supervised.
There is nothing Traitorous about protecting ones information in the face of an "unknown" and "unsubstantiated" hunt. President Trump MUST follow the law just like the rest of us, and that law says these things need to happen. They have not, as far as I can find. So therefor until they do, this DOGE group may be Traitors themselves. They are at least *potential* criminals.
I am not going to hide behind any Anonymity on this. These people need to follow the law and do the job. Are they right to do it? Maybe. Are they doing it in the right way? Doesn't look like it to me. Are they breaking the law? Very Likely.
Az
Re: (Score:2)
Everyone mad about DOGE and America first, is engaging in conduct that is borderline traitorous.
Spoken like a true fascist. Well done, you are an abysmally bad person. Want to advocate mass-murder next? Or maybe just forced sterilization and labor?
Re: (Score:1)
Screwed? (Score:2)
It is non-existing, gone, vanished, null. Actually, given away, for free.
Hang on. (Score:2)
I'll read the rest of the article when I return. There's an unmarked van in front of the house and I need to see who's knocking on my door right now.
Re: (Score:2)
Re: (Score:2)
Of course it doesn't, Navalny and his followers were posting videos of their arrests and then from the police vans for several years before they were sent to die behind the polar circle.
And in the US it will start only after trump takes over Greenland and Canada. Alaska's not enough, only a third is in it.
Re: (Score:2)
Let me try for funny? Your mileage may differ.
Next the orange man's going to rename the East and West America Oceans. After Canada becomes the great state of Trumpsylvania he'll rename that ocean as the North America Ocean. Orangeland will be his private resort, unless he decides to use that brand for the cleansed Gaza. But wait... How about Greenland renamed as Palestineland?
Re: (Score:2)
How about Greenland renamed as Palestineland?
I don't think the orange shitgibbon will let any palestinians on any land he's occupied, or their name on his island.
Greenland will live as New American Land or MAGALand or somesuch.
Re: (Score:2)
Sounds like you aren't following the news. Or maybe you saw it and thought it was a Poe's Law joke?
Last week's news: A Trumplican congress-critter from Georgia submitted a bill to rename Greenland as "Red White and Blueland".
I've heard that at least 70% of Americans are still calling the Gulf of Mexico by that name. So that implies about 40% of the lunatics found that renaming a bridge too far? Probably higher when you consider the strongholds of stupidity called Texas and Florida.
Oh wait. More renaming nee
Still screwed? (Score:4, Interesting)
Recently, I asked Microsoft to use PGP to sign an email chain, and the number of excuses they made, and are still making, dear lord! They wanted me to use their technology, which holds the privacy key, which means, they would vouch for me, being me, and I had to accept that, shut up, and pay them. This is the state of privacy, where you have to pay the abuser, thank them, and make sure you stay lubed.
Ideal privacy is the opposite, it's where I hold the key, that can prove I'm me, and they have to request limited record access to my data.
Let's assume we're dealing with my doctors, I'm in Ontario, Canada. The doctor would have to use a system to send me a request to access records A, B and C. Since I hold the private key, I would issue a public key that can only decrypt A, B and C, with a limited life span. This means the doctors, government, insurance are all shutouts, until I let them see what they request. Of course, this has problems, and issues, and would require a complete redesign of data policy, but, is there another way?
We could discuss schools using Microsoft and Google software, but that's another topic for another day, and so we're clear, schools digitally molest students like it's a contest.
Re: (Score:2)
Re: (Score:2)
The EU is doing pretty well now with the GDPR. Not perfect, but that thing has teeth and successful lawsuits are getting more and more.
Re: (Score:2)
1. Fully encrypted client data, as in, the data can't be read by anyone outside the company, and is only unlocked / decrypted by logging in, with a company approved login, think ProtonMail.
2. PGP sign
Re: (Score:2)
When did we ever have privacy?
When I was a kid, the hippys all said to NEVER discuss anything over the phone or even NEAR the phone. The general public said they were paranoid... and yet we find out many years later that they could take a phone "off the hook" without physically lifting the receiver, thereby allowing someone to hear anything near the phone.
Long story short, this evil appears to not have been beaten in 1944 and is in fact flourishing using the USA as a host. World War 3 is guaranteed unless someone in the right place at t
Herd immunity applies to privacy (Score:5, Informative)
The widespread adoption of cloud services, Internet-of-Things devices, and smartphones has made it nearly impossible for individuals to protect their privacy
One of the biggest problems is that there is no longer any way to opt-out of surveillance while also remaining a member of the global technological civilization. The only remaining privacy is remote locations in, say, a separatist religious compound in Idaho, or a mountain village in Nepal, or the interior south american rainforests. It no longer matters if you, specifically, always pay cash, or click the "reject unnecessary cookies" button, or activate every possible privacy option in your hardware/software devices, or use network management tools to black-hole outgoing packets, or even go without a cell phone entirely.
The rest of the herd around you has infected all public spaces with so many Prying Pry-ons that your activity - your presence in any space outside your home, what you say out loud, whether you drive or take the bus - can now be systematically surveilled, aggregated, chronologized, and processed by software to build a good-enough profile of you from other people's devices even if you never touch a computing device yourself. All those CAPTCHAs and other algos we've been training now have the capacity to fully dox every single person in every single place, using the same approach the DOD/CIA/FBI use to figure out where a hostage/terrorist video was taken.
15-20 years ago people hand-waved away our deep concerns by saying, "Get over yourself. You're not the main character. The government doesn't have time or care to devote resources to monitoring you. No FBI agent is getting paid to read your text messages". Well... that completely changed in one single generation.
Data aggregating and tokenizing is no longer a limit.
Automated processing is no longer a limit.
Compute time is no longer a limit.
Assigning a human agent is no longer a limit.
Your attempts at privacy are as effective as an immunocompromised person living in a community of unvaccinated people. Everyone else's phones, watches, laptops, cars, TVs, lightbulbs, stereos, Echos, Alexas, Siris, Copilots, are turn on, are listening, are unfiltered, unsecured, unencrypted. The herd has chosen for you. The only true opt-out choice left is to either live in the herd and expose yourself, or opt-out by moving to Alaska, and wear a burka every time you go somewhere publicly -- and even then you can be algorithmically doxed merely from the pattern of when and where you enter/exit The Grid.
YHBD.
YHL.
HAND.
Re: (Score:2)
This is 100% correct and also why despite all those consumer facing functions that are correctly pointed out as not enough will never be enough, the only way to have some semblance of privacy is via regulation through legislative law (you know laws, those things we were supposed to care about) and even that is not enough in practical terms but its really the only way today for an average user to have any, even remote, form of recourse.
The companies that want the data have every incentive to grab it and ther
Re: (Score:2)
You're right. If you interact with society, you will be tracked. It's implicit in using any government, medical service, or booking an airplane, or banking. You have to authenticate yourself to legitimately use/access the service. So there is a kind of fallback position though, which I use. Think of yourself as a series of "digital personas". You have a public persona for booking a flight. You then should use a PRIVATE VPN and put your key contacts on it and use all encrypted m
Re: (Score:2)
The government doesn't have time or care to devote resources to monitoring you
This is why AI is so important to The Powers That Be.. Not for monetary reasons, but control reasons. Companies are just trying to get something out of the hype train, but they are not the real drivers. The Federal Government is.
Elon Musk FAP FAP FAP .. (Score:1)
DOGE as a National Cyberattack [schneier.com]
That essay is just a few days old, and already there are more examples:
Elon Musk's DOGE asks for access to IRS taxpayer data [go.com]