29
votes
Why do everyone care about privacy so much?
Let's take Google, for example. Google tracks where you physically are - why are some people so much against it? It doesn't hurt me, google just uses it to serve me personalized ads. Why are people so concerned about it?
Google even tracks, which websites do I visit - again, why should I care? When I want to browse anonymously, I use VPN. If I wanted to do something illegal, I guess I won't use google at all and install tor? I'm not sure what should I do in that case, but I'm sure, there are ways to get away from google's sight when people need to.
I don't understand, why some people fight for internet privacy so much. Could someone help me to understand it? What's your opinion on privacy and internet tracking?
"Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say."
—Snowden
This quote sums it up pretty well.
But he speaks of the right to privacy, not things like tracking that Google does - surely he said this quote in the context of the illegal stuff NSA were/are doing?
Everyone has the right to privacy, and I don't see that right going anywhere (not in my country at least, DK). And you absolutely can have that privacy - you just need to give up on things like your phone, PC, internet, etc. to have privacy. Unless you install VPNs and whatnot, I guess.
Also, is it pronounced preyevacy or preevacy? I keep hearing both.
Your link labelled copperhead goes to lineageos.
Fundamentally, if you want the closest to absolute privacy (as it is regarded that there isn't such a thing realistically) copperheadOS sets the bar with its hardened core-utils and complete abolishment of Google services, while also relying on its users to keep the same lifestyle its OS attempts to provide you. The caveat here is that as you can see on the release page, only 6 mobile devices are supported, ones which generally allow the most customisation to occur for this OS to exist.
LineageOS on the other hand can easily be regarded as a leap up away from stock OSes, and runs on thousands of devices in degrees of compatibility. Running stock without Gapps limits most tracking that's performed on you but it still has some low-level telemetry that so far cannot be stripped completely towards Google. If a normal user were just to install LineageOS, use a trusted VPN service whilst not making use of Gapps and only using Free Software, it's a hell of a step-up to keeping your privacy in-check if you don't wish for Google and its subsidiaries to know everything about you and what you do.
So in short, they're nothing close purely based on the way they're built, the compatibility list, and target audience.
I should also make a sidenote: the upcoming Purism Librem 5 is a fantastic prospect for privacy, where you can choose to install up to 6 different operating systems all as free as the next one, without any cumbersome proprietary blobs breaching that.
How so?
For example, if I connect to a server in Belgium and I do not live in Belgium, a website would think I was in Belgium. Would that not be a form of privacy?
Also, it stops my ISP from seeing what I'm doing, is that also not a form of privacy?
Now, if I use some credentials that could be used to identify me, then a VPN isn't doing much good, that is true, but that's not a flaw inherent to a VPN.
In this case, it would depend on how much you trust your VPN. I always liked this tweet about VPNs. "Prove to me your VPN isn't run by a dude wearing a dolphin onesie with the nipples cut out. Go ahead, I'll wait." Even assuming that you can, you still have to trust that they do not keep logs. They can be helpful for privacy, but finding one that you can prove is helpful is difficult.
Then, would it be better to use a VPN company not based in where the user lives? So, even if the VPN company were to keep logs, whoever (i.e. government or business) wanted the logs would have a hard time getting to them.
That would be useful if it was hosted in a country that did not have a treaty with your home country for data sharing of some sort.
Besides countries in the Anglosphere and Europe are there any others that we know that actively share data with each other?
edit: missed a letter
I think at this point it is reasonable to assume that all countries who are allied with the United States have a data sharing agreement of some kind. I do not know enough to say for certain, but I think it is probable.
I agree that it is a safe assumption to be making.
I also want to ask, if a person is not in the US or an allied country, would you still recommend not using a VPN hosted in a US or allied country?
My opinion boils down to if you live in U.S. or allies, a Russian VPN would be safest and vice versa.
As far as I know, in America it's pronounced "preye- vacy" and in Britain I've heard "prih- vacy" where the "ih" sounds like "fit."
Makes sense, thank you!
I know this might feel sort of dated, but census information is how the Nazis were able to so efficiently grab Jews, homosexuals and other minorities. Once your information is out there, it's out there forever, and you can't guarantee how it will be used.
To add to this because it was note stated explicitly.
Just because the original agent who gathered your information is benign, does not mean it will never be used in a malicious way against you. Like in the example above, or a password that you have used across multiple accounts that is now compromised because of a credit agency's incompetence
Once you give up your data it is very hard to get control of it again.
And a little addition to your post, people don't realize how much data, meta or otherwise, needs to be removed to remain anonymous. A lot of people think just clearing your first name or using your initials is enough.
This is super important. Most people are not able to think as would an adversary, slow to imagine what bad faith could do, poor at coming up with the worst circumstance, which is why most software is swiss cheese. I distinctly remember sitting around a table with (then) fellow Google colleagues who couldn't understand why the UK NHS wouldn't want to handover medical data for machine learning. Just because you can't imagine how an information asymmetry can be used to disadvantage you doesn't mean it won't.
If the service is free the product is probably you. I think people are generally 'fine' with the normal data they share getting packaged and sold for normal advertising purchases. But then users look at Cambridge Analytica and Facebook and even though they share something like "I voted" they're upset at the attempts of third parties to use it for electioneering purposes.
Additionally, some data users erroneously expect will be kept from third parties. Gindr users were shocked to find out their HIV statuses were shared with third parties, for example. Or what happens when 23 and Me sells genetics information and some dictator uses it as a predicate to murder a bunch of people in the name of eugenics?
The real issue is: are these companies capable of self-policing or is there need for a regulatory scheme to be implemented in how your data is handled? We keep seeing efforts at the latter which is starting to result in a fractured Internet of competing markets and competing privacy regulations.
For the longest time I sorta halfassed agreed with the "if you have nothing to hide..." argument. I knew that the data falling into the wrong hands could be bad, but I always sorta assumed the government will always be filled with non-evil people.
After watching the movie The Lives of Others, I changed my opinion. I never fully considered what an evil government could do with such info. There's absolutely zero guarantee that a future government will not be evil, yet they will inherit control of this data. From there, anything you've ever said or done could be made illegal in the future. Associating with the wrong people, for any reason, could put your every move under scrutiny.
There's a good talk called Don't Talk to the Police where a law professor and a cop both lay out in clear terms that you are very likely doing something illegal every single day. That no one, even the government itself, knows how many laws there are, and you have absolutely no idea what crimes you're implicating yourself of every waking moment.
Given every single detail about your life, there's virtually zero chance that in a given day you can't be arrested for something. If the government were evil and wanted to come after you, you can be charged today for something you did today, under current law, even if you "have nothing to hide". That's fucking scary.
Maciej Ceglowski (one of my favorite writers/speakers about the tech industry) has some really good examples in his talk "Haunted by Data": http://idlewords.com/talks/haunted_by_data.htm
I'll just quote one relevant section:
That was an excellent read. Thank you!
I had never considered the possibility of running analyses on data in a steaming fashion, without any data storage... What a great idea! I think that offers the best of both worlds.
Thank you for this, I'll definitely check it out.
If we were on Reddit: Δ
I can't recommend watching The Lives of Others enough. That movie and Look Who's Back are, in my opinion, essential viewing material (the latter being a bit more on the comedy side of things, but still very much relevant to modern day politics).
I also hate the feeling of having a virtual entity shadow my activity. I hate being sold stuff. Hate. It. As a habit, about 90% of the time I open an incognito window when searching for a product or service (anything that has a price tag attached to it). I use "normal" search for knowledge questions, where I think it is helpful to have my query refined by previous searches.
Hey, someone else that does that! :highfive: I personally do it because I got tired of having useless ads and autocomplete for things that I will only ever search for once.
"google just uses it to serve me personalized ads"
You don't know that.
We actually know it’s not that.
We do know that. Take a look at Google privacy policy. Its just ads and monitoring usage of their products (hey, a lot of users do this particular action, we should do more things like this).
Because I’m not comfortable with a company knowing me better than I know myself. I don’t care for personalized ads (they’re kinda creepy, plus I block all ads anyway), I don’t care much for Google’s personalized services. I do care about them scanning through every email, constantly recording my location, building a profile of my interests with my search history, etc.
Just because I have nothing to hide doesn’t mean I want to let Google, Facebook, etc. keep a creepily detailed profile on me. I understand it’s a trade off (my privacy for their services), but I value the former far too much.
I’ve managed to de-google my life almost completely, except for Youtube and search (tried DDG for a year, just ended up banging google into every search because the results were so much better).
Have you tried Startpage? Also, if you want to watch a YouTube vid privately, use hooktube, which limits the amount of Google scripts that load.
To piggyback on this, I can recommend StartPage. I've tried other engines as well, but I'm so familiar with how Google works, and StartPage is a great substitute. Also, check out FreeTube as a kind of YouTube replacement. It's fairly new I think, but it's a decent little app. I think they're going to start working with the creators of NewPipe soon to help better the FreeTube app. NewPipe is a good Android replacement for YouTube.
Because not all services use your information properly. Facebook practically gave out information for anyone to use. While I don't mind some companies having my information (specifically if they're using this information to better their server for me, not just for advertisers), I do mind someone collecting more information they need to sell to advertisers.
Some people are way more passionate about security than I am, so I'm not going to give as detailed of an answer as they are. But as long as the company keeps my information between them and me, I'm good.
If the wrong people get access to the information they've collected on you it can be used in a very negative way. Plus why do we need a reason to care about privacy?
The constant argument I see is that "Well just because you have nothing to hide doesn't mean you shouldn't want privacy". But that isn't the issue at all. I have plenty I don't want others knowing even if it isn't illegal. But the fact of the matter is unless you are VERY cautious and willing to forego LOTS of basic conveniences (google maps, any search engine, good browsers, most programs, almost all websites, all social media, most modern phones, laptops, etc.) you are going to have to give up privacy. It's a compromise.
What I do care about, and what EVERYONE should care about is what happens to the data after it is collected. What companies get to see it, how locked down is it, what are their security practices, where else does it go (other companies? selling data? ads?) and of course how does it benefit me. These services are great but they also allow more tailored ads, easier search, suggestions about what you want based on searches, customized playlists and browsing lists, etc. The product is your data but it is also used to benefit you and make your life easier.
Thus, the security practices of all companies are paramount in considering privacy because whether you like it or not they're going to have it except if you are the most careful and remote person ever, and even then... So it's better to ensure they are handling it correctly rather than trying not to let them handle it at all.
Ultimately I think that there's a difference between using data that's personal and breaching privacy. For example, I'm totally okay with the google maps app using my phone's GPS to determine my current location. What I'm not okay with is google maps secretly sneaking away that location information and giving it back to google the company. That's a breach of privacy.
I get that there's nothing illegal that you may be doing. However, what if your personal data was saved well enough that it could be used against you in the future when social mores have changed? What if in 20 years watching porn is akin to armed robbery, and while you're trying to go for an elected office Google just happens to leak information about your porn habits 20 years ago in order to affect the election's outcome?
Personal data can be used to control people - both literally that individual and people in general - so it makes sense to be wary of anyone who wishes to amass lots of personal data.
A lot of people are skipping over an important point. Maybe the service you think you are giving your information to is, for the most part, harmless. But what happens when that information is stolen? Who gets your information then? What is it used for?
We've seen some of this with comments posted on the FCC website. Identities can be used online to make it look like you're doing something your not. That could have large consequences. Imagine you decide to run for office and someone digs up that 'you' (someone pretending to be you) spoke up against net neutrality. Imagine your wife Googles your name and finds out that 'you' are signed up to multiple online dating services, or the government thinks 'you' are funneling money to a terrorist organization.
Even if your identity isn't taken, a lot of the pieces of information you give to google can be used to determine the unknown fragments. The same information that advertisers use to build a picture of you for harmless purposes can be used for harmful purposes as well.
As long as it stays with Google, it's a relatively low risk. But it doesn't stay with Google. That's the concern.
Some of us are (rightfully, but of course I would say that, as I fall into this group—yet this admission convinces me no less of my being right) suspicious of the motives companies and governments have for keeping such close tabs on consumers and citizens. It's not just a question of whether we've done anything wrong; most of us haven't. What is relevant is the question of whether we want to allow such already-powerful entities even more power—and whether they have a right to it and to our private information in the first place. And it's a question of what they'll be able to do with that greater power should they decide (and, in my view, it's an inevitable decision) to use it against us.
(edit:rephrased)The reason many people don't understand the significance of privacy is usually two-fold:
First, outside European civil laws countries the concept of the right to privacy is very shallowly codified and enforced; thus the topic isn't taught or debated extensively either. Among the average citizen there is often little awareness of the entire scope of privacy, which for the most part, it should be your fundamental, inalienable right to remain in control of.
Second, the consequences of breaches to privacy rarely materialize in a perceptibly relatable form. Not only, by nature you do not discuss related issues unless they end up on public record, the most important ramifications affect the societal rights, norms and development a lot more more than individuals directly.
It's a bit similar to discrimination. If you haven't experienced or properly studied this matter, you will have trouble perceiving, conceptualizing, and internalizing how the experience affects both the victims; but you also miss what it eventually does to society before it is too late.
To simplify, privacy corresponds to control, as other civil rights similarly do.
Tracking, for instance, stands for recording and profiling someone's behavior, expressions, thoughts, etc. A search engine history or browsing behavior is much more a part of thoughts than it is an instance of speech.
So if you do not have the right to control how that information is observed and accessed, it may eventually be used to control you; whether control means to learn how to make you believe a certain story, to make you buy something, to adapt your insurance premiums, to not employ you for a particular position, to make a case against you in court, to not let you into a country.
In the US, the law is more concerned about ownership and usually you do not that right over the collected data. So tracking data can be shared, third-parties can collect it from multiple sources, and eventually identify and build a profile on you, which can be used in the above mentioned examples.
I think that data mining is a good thing —provided the user consents to it.
Google actually has a pretty decent model. They give you a whole page of privacy settings, and you have control over your data...at least it looks that way. I have no idea what happens to the stuff they suck up with Google Analytics.
Now, data is a double edged sword, it can be used for good, or bad.
It’s not necessarily bad, as you said, personalized ads, but imagine if Google suffered a data breach. Would you be comfortable with your location data being leaked for all to see? Imagine what stalkers could do.
Google collects a shit ton of stuff. Now, if you trust Google to secure what they. collect (which I do), and think that they don’t intend to do anything malicious with it, then sure, there’s no problem with Google. The advantages (personalized ads, Android, Google stuff) probably outweigh the potential disadvantages (far future data breaches, Larry Page turning evil, etc.)
Compared to Microsoft and (shudder) Facebook, I don’t think Google is that bad.
Except I can’t use there services without handing over a baseline amount of info, even after limiting it. And I can’t ever erase the stored data google has or has sold.
On the contrary, you can delete many individual pieces of information (e.g. ads interests, your account activity, all the data in your account), or even your entire Google account. And Google doesn't sell your data; they say so themselves.
If you don't trust Google to tell the truth about how your data is used, you should of course be worried. But then why trust anyone?
My b on google selling the data to third parties. I do, however, not trust that I can delete my entire history from google analytics. Maybes that’s just being cynical/paranoid though. And the reason that would worry me is something like a government request for info.
You can delete info Google collected about you - if you live in EU, it's illegal for Google to not allow you to delete all data about you and I believe, Google offers the option to everyone (even outside EU). You have as well option to review all data Google ever gathered about you. See your Google account activity.
And btw, they do not sell data about you.
Others have captured the general idea that or privacy should be ours despite companies claiming to use it for “harmless” ads. I really started to tighten up my security when this administration took place because I’m a sometimes/sometimes not protected minority that gets targeted by them. So, there’s some privledge to not having to worry so much about what Facebook might know.
My opinion on privacy and internet tracking is that you're the product using the service to the company. For internet companies, their profiting off of not your wallet, but your personality and behavior.
Adam Ruins Everything talked about this in one of the segments in "Adam Ruins the Internet" where it shows just how deep the privacy breaches go with Facebook, and Google. At the end of the clip, he says that Facebook's information for you is worth just $12.00. "Your interests, your personality, your relationships, your privacy. Those things are priceless. But you gave them all away just to avoid paying twelve dollars." The clip can be found here.
Why shouldn't you?
I think people need a reason to do something - for example to care about privacy. When I have no reason to jump from a bridge, I won't. When I have no reason to care about google knowing what I do, where I do it, and which apps do I use - why should I care?