American just don't want privacy

Data can be lost, sure, but can you truly lose a video on youtube? Or anything posted on facebook? Pictures on instagram? I’m inclined to think not.

3 Likes

What do they say about short term solutions? They create long term problems? It’s a good read - your article. And I agree - but I wonder how much of this is the indestructibility of youth though? Either way, it doesn’t seem beautiful. And it doesn’t seem to fit with, “land of the free”. My take.

FTA - “Graduates will be well prepared … to embrace 24/7 government tracking and social credit systems,” one commenter on the Slashdot message board said. “Building technology was a lot more fun before it went all 1984.”

Yup. Unless you’re into fighting 1984. That’s kind of fun too.

5 Likes

True but I think the point being made could be summarised as: Data that you don’t want to lose can be lost while data that you do want to lose can’t be lost.

The points kind of tie together too because the obvious solution to worrying about losing your own data is to upload it to a cloud backup provider … but exactly how secure and private is that? (It could be solid if it is done properly, or it could be horrible.)

4 Likes

It is true, many of us Americans do not appreciate privacy or understand its value. When a population is conditioned to work with things like the TSA as if it is something normal and not an infringement of any rights, to provide the full detail of life online via social media, to allow ongoing location tracking for various conveniences, continuous access to microphone, camera, face scanner (or to even have a face scanner!), etc. and that is all the members of that group have ever known… privacy… what is privacy?

Lets just wait for it to hit the fan. Hopefully enough people will add a word to their vocabulary to make a real difference in the world.

3 Likes

or it could be EPICSHELTER … :sweat_smile:

The same used to be said of Myspace (yeah I know I’m old) yet here we are with plenty of data no longer available because of a paradigm shift.

This is more akin to what I think people should be taught to think about, but I’d even point out that just because you can’t get rid of it doesn’t mean it can’t be lost. Microsoft lost huge amounts of corporate email in the early days of their Online hosting with a statement to the effect of “yes we have backups but it wouldn’t be cost effective for us to use them to restore the data it’s more for legal discovery than availability”.

This then leads to is lost data really gone and often this can’t be definitively proven, but if there’s no practical way to access it then the data is effectively gone. (Going back to my Myspace example, some Government may have the traffic that went to/from stored somewhere and eventually it could be decrypted then reconstructed, but being as there is no incentive that data is effectively gone)

3 Likes

Americans “just” want very few things, everything else is up to the seller to create a good story for. This is not a “failure” of Americans to want the right things, especially something as abstract and removed from essential needs like food and water, but a failure for those of us who understand the importance of security and privacy to communicate to them. This reminds me of the “open” vs. “native” arguments that existed in the early 2010s with regard to mobile apps and web apps. One side talked endlessly about abstract things like “openness” and “compatibility” while the other presented casual tangible arguments like “native is faster” and “has 3d games”. So unfortunately the argument actually became “open” vs. “good”, which was always going to be a losing battle.

Americans should in theory be primed to care a lot about security. Look at the reasoning for gun ownership or the market for home security services. Of course, those deal with very visceral and “real world” (although ironically in my opinion ultimately fake) concerns. “The physical protection of my family”. I am not saying we should lower ourselves to the level of fear-based FUD in order to advance these positions, but we seem to often do the opposite. Most people have probably only heard largely philosophical or entirely hypothetical and technical defenses for computer security and privacy.

This situation is exacerbated by the fact that privacy and security are unnecessarily difficult. And I don’t mean in the traditional sense, but rather that even if you do entertain the idea of getting these devices you often experience a lot of collateral annoyance such as popular software missing from OS platforms or only slower processors being available, etc. Again, I am not trying to lay blame or rant about things outside of our control, my only goal is to say that it is unfair to make an assertion like “Americans don’t care about privacy” with no control variables. The truth is we’ve never had a situation where Americans could choose between two otherwise equal platforms with the sole exception of one being more secure and private than the other.

Apple may be an interesting case study here, they seem to be doing an OK job of using privacy and security as a marketing technique (again, leaving aside how true it actually is).

We need to stop looking at privacy and security like a philosophical goal and start thinking about it as a product: currently “privacy as a product” has had a really shitty ad campaign. No one wants to wait in line around the block for the new Privacy X coming out at midnight. No one thinks you’re a loser 'cuz you’re on the pathetic last year’s model without Privacy Pro (“mom, you can’t send me to school with this non-privacy phone, everyone will make fun of me!”). I am aware that what I am describing may sound at best boring (marketing is less interesting than engineering), or at worst distasteful (patronizing to the customer), but I think it’s actually about something deeper: communication is important. I am convinced that it is possible to communicate and get people excited about these things. Companies get people excited about worthless stuff all the time, there’s no magic curse on computer privacy and security that makes it particularly hard to communicate (although admittedly there are plenty of vested interests working in the opposite direction). But right now I think our problem is more “us” than “them”, and for the record I think Purism is a step in the right direction.

5 Likes

why would you leave that aside ? ah the TL;DR threat … lol

2 Likes

I left it aside because whether or not iOS actually maintains privacy and security is orthogonal to whether Apple has succeeded in marketing iOS’s privacy and security as a desirable feature. The initial question posited in this post is whether Americans will ever care about privacy – as such, if we find a company that has successfully made them care about privacy (regardless of whether the solution they provide actually delivers on that promise of privacy), then it sufficiently demonstrates that Americans can care about privacy. So, the relevant question (in this context) is whether any “normal Americans” are actually buying iOS devices over Android devices because of this privacy marketing or not. It is not immediately obvious to me since it’s hard to establish control variables here: iOS and Android have many differences, so its hard to tell which individual difference (privacy or otherwise) is moving the needle for customers.

2 Likes

the android kernel is only about 25% linux the rest is heavily moded and proprietary so no way to audit the claimed marketing BS.

for iOS it’s mostly proprietary so even LESS audit ability there …

just glad we have the gnu/linux options on the market NOW …

i think the FACT that Americans have permitted you government to amass a GLOBAL data treasure speaks for itself in regards to the OP privacy claims …

2 Likes

American haven’t “allowed” anything. The most depressing part about “democracy” is the strange sense of misplaced responsibility it creates. It brilliantly offers little additional agency but creates a completely false sense of culpability. No one voted for amassing a GLOBAL data treasure trove, hell, most people don’t even know it exists. The reality is that a million different issues are condensed into roughly 3 meaningful decisions every 2 to 4 years: who your representatives are and the president. If we had a direct democracy then maybe you could make an argument like this, but we don’t. So you are forced to combine the choice of who will give you health care with the choice of who will reduce oil dependency with the choice of … and then somewhere low on the list is “who reasonably will increase privacy”.

This doesn’t even touch on the fact that only 78% of Americans are even ALLOWED to vote. Of the 300 million people living in America, almost one quarter are either too young or permanent residents (who pay taxes and thus SUPPORT these decisions with no say in them). And on top of that, we have a strange counting system where even if more actual people vote for one candidate, the other can still win. So what does it even mean to speak about what American “want”? You can maybe make some weird statement about what the emergent behavior of the unified distributed consciousness of the electoral college “wants”, but that’s fairly meaningless and equivalent to talking about what “mother nature” wants or something.

Should Americans know more about what’s going on? Should they be more pro-active? Maybe. But a system that essentially requires your full-time job to be informed and active just to be sufficient stopping energy to every individual crazy bill with a well funded backing vested interest to be passed in the House is in my opinion not one where you can draw any fair conclusions of what Americans “want” simply by looking at outcomes.

Look, there are two approaches to life: you can get angry and yell at the sun for leaving every night, or you can study physics and invent the lightbulb. Human psychology can be studied. We know how to make people tear up in a movie theater with the right musical cues. Instead of getting angry at people for not caring about the right things, let’s figure out how to convince them, on their terms.

3 Likes

You have, in my opinion, really well reasoned and balanced arguments. I agree with them. I’m not sure I necessarily agree with your conclusion. Hear me out.

Perhaps it’s just good enough to leave well enough alone and let those that don’t care about privacy to continue on and those that do, well, good for them as well. I challenge the notion at some level that we just need to find the right narrative, the right series of demonstrations, the right mental lever, and it will all click together and people will wake up. Those that wish to slumber will do so.

I have, as an example, someone very close to me - who knows the line of work I’m in, knows how close I am to much of the surveillance and security we’re discussing, and from time to time will ask a question about their phone, Facebook, etc. They know at an intellectual level the immediate and forecasted consequences of their choices. Yet it does not change behavior. Because it has yet to impact them in a tangible way - the cost of change is too high. It’s all academic. It’s all mental.

Waking up is a highly personal thing. For those that wish to do so, and are sincere, it will happen in good time. And for the rest, well, that doesn’t make them less anything. Well, maybe less private. And associating with them carries a certain element of risk. And it’s associating with them that is a choice; one each of us can choose to do or not. That’s our free agency.

The curse of Cassandra was that, while she should could see the future, no one would believe her. Perhaps this forum is populated with Cassandras. Perhaps our scene is. Perhaps not. Time has yet to really deliver a tangible result that impacts middle America in a palpable way that would drive change. And here we are.

Sidenote - ya’ll are beautiful and I love this debate. <3

4 Likes

you bring something up here … glad you took the bait :sweat_smile:

it’s about what Snowden brought up in his “Permanent Record” where he spoke about XKEYSCORE … he said that while he was researching the extreme capabilities of this NSA uber-collection program he could have gone in-depth into the lives of the highest ranking members of the state to see what they were up to but he chose not to …

he said that he doubts that the acting president at that time along with some of the closest people in charge from the oval office were even AWARE of what the ACTUAL capabilities of this program were and the extents of it’s power …

i hope you don’t take offense in what i brought up it’s just that Americans ARE people just like any other Nation around the globe (we are human beings after all) and … well … on the internet it does make sense to establish the hot-zone in a purely-geographical sense since the Utah NSA facility does reside on US soil …

another fun fact if you look closely at the XKEYSCORE slides it shows how the GLOBAL FIBER OPTIC cables are laid out on the ocean floor-bed and which are most important … Japan and Brazil take the cake :sweat_smile:

So I suppose that perhaps one difference in goals here is whether we consider “waking up” to be an essential feature and/or pre-requisite to a more privacy-friendly technology space. I believe part of what I am proposing is that the answer may be no. That is to say, it is possible to make Americans care about privacy for reasons we deem less fundamental, or alternatively, to merely make privacy be comorbid with successful systems instead of unsuccessful ones. From a consequentialist perspective, if we could accidentally have a more private-by-default ecosystem, would it matter that we didn’t arrive there “the right way” or “for the right reasons”? There are good arguments for both sides. I am torn, but would take it over nothing.

I don’t think technology started appreciating typography or good design necessarily for the right reasons – people didn’t study ergonomics or become well-versed in design. A really excellent product experience from a group of people that cared about that brought it to the forefront. Similarly, I don’t know if the reason marijuana made its astounding 180 degree turn in the public opinion in the last 15 years was because America as a whole became more empathetic to non-violent drug users or more well-versed in drug usage in general.

My primary points are: 1) I don’t know what Americans want, and I’m not willing to take the current set of circumstances as anything other than historical accident – the same way that a series of historical accidents led to tobacco and alcohol being the “blessed” drugs in America, but a completely different set of initial conditions could have yielded an America with 2 completely different legal accepted drugs. 2) Regardless of what Americans “want”, I don’t believe attitudes to be immutable. I’ve seen too many surprising changes in opinions in my life (some for the better, some for the worse), to be very skeptical of the continued reign of the status quo.

Returning to my original question, I think that the key missing factor in privacy as a fickle popular trend may be completely unrelated to privacy itself. Perhaps what is needed is a Halo-effect for privacy tools: if Linux had some other completely unrelated killer consumer feature, we might end up with privacy becoming an accepted norm that then people find weird to deviate from. I recognize this is not as great or as resilient as some sort of “mass awakening” and appreciation for privacy, but I think to some degree that’s the way most of the world works. Few Americans actively care about worker safety on a day-to-day basis, but we’ve lived long enough in a world with worker regulations that people become aghast when workers get hurt in large numbers. But this is not an “essential” state for society to be in: a mere hundred years ago, incredibly dangerous worker conditions were the norm. When it is believed that that is the necessary price to build a bridge or a skyscraper, people chalk it up to a necessary evil.

We unfortunately currently live in a similar wild west period of computing. It’s still early days! People have only ever known a world where banking accounts get hacked regularly, and feel that someone looking at your photos or details is “the price” for those services existing at all. Which if it were true, might be a fine personal decision. I understand and agree that its a supremely difficult task to make something popular and amazing in its own right, which then happens to be secure, but lacking an immediate short-term benefit for privacy and security, that might be what it takes.

My perception is that this has not been an approach taken very seriously. That is to say, creating systems that are cool and exciting for reasons completely unrelated to privacy, and then building in privacy as a matter-of-fact. Similarly, an attempt at bridging computer privacy to “real world” privacy (like referring to credit card storage vs password storage) is something else I haven’t seen attempted much. All this to say, I think there’s a lot of stuff left to try before I will personally consider this a lost cause.

1 Like

so you are saying that the Cathedral can be private AND secure but the bazar can’t … because what “tradition” ?

I’m sorry I can’t find this on another platform but this talk by Moxie is timely for this conversation: https://www.youtube.com/watch?v=Nj3YFprqAr8

1 Like

is that available only on snoop-tube ?

It was up on CCC for a minute but now it’s producing an error 404: https://media.ccc.de/v/36c3-11086-the_ecosystem_is_moving

I did another search and was able to locate a copy here: https://peertube.co.uk/videos/watch/12be5396-2a25-4ec8-a92a-674b1cb6b270

1 Like

I’d agree with that seeing as I’m aware of privacy issues and yet I whore my personal data to prodedge for cents on the dollar in amazon gift cards.

Screenshot%20from%202020-01-02%2018-30-01

^ Hey, 20 cents is 20 cents.

In fact, I’ve wondered if almost everything in my online life being associated with a not necessarily not entirely untrue user profile has actually protected my privacy to some extent (kinda like peppering disinformation to obscure (?)) I’ve also found myself feeling somewhat indignant in recent years when asked if I ‘have a few moments to answer a few questions’ without offer of payment because I know my data/consumer opinion is a commodity on a very real level now.

I have spent some reflecting on your argument both directly and by proxy through this article post published on why PGP “should die”: https://latacora.micro.blog/2019/07/16/the-pgp-problem.html. One of the rhetorical questions I’ve ruminated upon is whether or not it’s valid to give up on email encryption because it’s forward-insecure. A totally valid assertion! Send an encrypted email -> it’s decrypted -> the decrypted contents gets forwarded unencrypted. So should PGP be extinct because of the numerous flaws in its implementation? And getting back to this argument, should effort be extinguished because of the numerous flaws in enrollment?

Perhaps not. I think I have changed my mind. Or rather, have decided to let it be changed by others. Your analogy with worker safety interests me. I remember reading someplace that in the United States, people are more likely to suffer hamstring tightness because we tend to lift everything, heavy and light, with our legs and thusly do not give them a chance to stretch. That’s some serious workplace safety engraining I suppose. I’m curious what the analogous practice would be for the digital life?