Are We Living in a World Where You Can't Opt Out of Data Sharing?

Long-time Slashdot reader Mr_Blank quotes the senior science writer at FiveThirtyEight on a new type of privacy violation: It's what happens when one person's voluntary disclosure of personal information exposes the personal information of others who had no say in the matter. Your choices didn't cause the breach. Your choices can't prevent it, either. Welcome to a world where you can't opt out of sharing, even if you didn't opt in... We all saw this in action in the recent Cambridge Analytica scandal. The "privacy of the commons" is how the 270,000 Facebook users who actually downloaded the "thisisyourdigitallife" app turned into as many as 87 million users whose data ended up in the hands of a political marketing firm.

Much of the narrative surrounding that scandal has focused on what individuals should be doing to protect themselves. But that idea that privacy is all about your individual decisions is part of the problem, said Julie Cohen, a technology and law professor at Georgetown University. "There's a lot of burden being put on individuals to have an understanding and mastery of something that's so complex that it would be impossible for them to do what they need to do," she said...

[E]xperts say these examples show that we need to think about online privacy less as a personal issue and more as a systemic one. Our digital commons is set up to encourage companies and governments to violate your privacy. If you live in a swamp and an alligator attacks you, do you blame yourself for being a slow swimmer? Or do you blame the swamp for forcing you to hang out with alligators? There isn't yet a clear answer for what the U.S. should do. Almost all of our privacy law and policy is framed around the idea of privacy as a personal choice, Cohen said. The result: very little regulation addressing what data can be collected, how it should be protected, or what can be done with it.

Yes, so limit what you share

That's all I have to say. Anonymous

Re:Yes, so limit what you share

[Sique]

This is exactly what does not help in the situation TFA is talking about.

Re:Yes, so limit what you share

[Anonymous+Brave+Guy]

And how is that going to stop Google from reading half the emails I ever send, because although I have nothing to do with them, many people I communicate with are using Google mail services behind other domains and I have no way to even know it's happening? Should I just not send email any more?

How about phone calls? Any friend, family member or work colleague with my phone number in their phone has potentially uploaded it to the likes of Facebook, again without my knowledge or consent. Should I give up on using the phone as well?

None of this is actually new, of course. The Cambridge Analytica mess may have increased public awareness, but getting people to spy on each other has always been the thing that made the data-hoarding social networks most effective (and most dangerous), and plenty of us have been criticising it for a long time.

The recent change is that we're starting to see privacy laws, such as the GDPR in the EU, that either require active consent from the actual data subject or some sort of legitimate interests argument that is specifically balanced against the rights of data subjects, and if the data hoarders can't make that happen (which presumably they won't be able to in almost all cases of shadow profiles and the like) then this sort of collection-by-proxy is effectively going to be illegal.

Re:Yes, so limit what you share

[rmdingler]

Do I have to limit the amount of semen I deposit into your colon when fucking your ass?

All I can say is Thank Goodness your semen is going into an orifice in which reproduction is an unlikely outcome.

Re:Yes, so limit what you share

[rmdingler]

None of this is actually new, of course. The Cambridge Analytica mess may have increased public awareness, but getting people to spy on each other has always been the thing that made the data-hoarding social networks most effective (and most dangerous), and plenty of us have been criticising it for a long time. The recent change is that we're starting to see privacy laws, such as the GDPR in the EU...

Pretty much spot on... Prior to computerized social media data mining, realms interested in information gathering relied on more intentional (and undoubtedly less accurate) ratting on each other.

The only flaw in legislation that protects privacy laws is the people who have the most to gain from defying information gathering restrictions have the least to lose when caught in violation of them.

Re:Yes, so limit what you share

[Kjella]

[and] then this sort of collection-by-proxy is effectively going to be illegal

Well the theory is nice. But I'm guessing that this will be routed through off-shore shell companies and sold back as some sort of service, while the actual data will be as easy to get rid of as leaked nude photos.

Re:Yes, so limit what you share

[Anonymous+Brave+Guy]

It won't matter. EU data protection law distinguishes between data controllers and data processors. If you're pulling the strings, you're generally going to be a controller, even if you delegate the processing.

This is a big part of how the EU is trying to extend its authority extra-territorially. If you're a controller who is violating the GDPR and within the reach of EU authorities, you'll potentially be subject to some very expensive fines once the new regulations come into effect. One way you can be violating the GDPR is by working with a data processor who isn't compliant. And that means data processors outside the EU have to make sure they're compliant if they want business from data controllers inside the EU.

Re:Yes, so limit what you share

But laws like GDPR do. Glad I live in Europe.

Too bad the US government is a massive pile of shit that cares more about fear mongering and big business than it does the people.

Re:Yes, so limit what you share

[Alypius]

Cancelling out votes like this is why I'm proud to vote.

Re: Yes, so limit what you share

[phantomfive]

Someone recently has been working hard to prove Betteridge's law of headlines wrong.

Re:Yes, so limit what you share

[Trax3001BBS]

And how is that going to stop Google from reading half the emails I ever send, because although I have nothing to do with them, many people I communicate with are using Google mail services behind other domains and I have no way to even know it's happening? Should I just not send email any more?

When I was on the newsgroups the headers changed to Google using the 10.0.0.0 block (public IP's) to forward pretty much everything.

But this isn't a privacy issue with me as I expect it with Google, and I'm sure in their TOS, I've not read.

Re:Yes, so limit what you share

[golodh]

But laws like GDPR do. Glad I live in Europe.

Good for you. I agree that the GDPR offers more protection of individuals than US laws do.

Too bad the US government is a massive pile of shit that cares more about fear mongering and big business than it does the people.

Gee thanks. Perhaps US lawmakers have been a bit reluctant to legislate the digital world to death the past 10 years? It's not all Dirty Donald's doing, ok? And perhaps being regulation-happy means the EU must get it right once in a while? Is that worth it? Well, you decide.

And err, whatever happened to "Old World courtesy"?

Re:Yes, so limit what you share

[ohgary]

You can encrypt your emails to solve the email issue. Prior to cell phones there was a complete list of phone number, It had a magical name, It was called the phone book. YOU actually had to pay money NOT to be in the BOOK.

Re:Yes, so limit what you share

[Anonymous+Brave+Guy]

You can encrypt your emails to solve the email issue.

Not if the person on the other end is reading it through GMail...

YOU actually had to pay money NOT to be in the BOOK.

I'm not in the phone book, and have never paid any money for that choice. You must be looking back a very long time if you had to pay to be removed.

Curiously, that's actually quite a good example of how data protection should ideally work, though. I wouldn't mind someone being able to look up my phone number if it's friends or family or work colleagues who are calling for legitimate purposes, but the books started getting abused by people who were cold-calling and the like. Same data, different purpose for processing. In the modern age where instead of a physical book we have databases and online access for everything, distinguishing having access to data from what you can do with it seems like an essential step.

Re:Yes, so limit what you share

[Anonymous+Brave+Guy]

GDPR does indeed strengthen things though because you have more rights in saying how your data can be used, and as you say, you have to actively consent to it being handed over and used, and can withdraw permission for certain usage - you could for example agree to Google's over-reaching usage policy, then subsequently withdraw consent for use of your data for marketing for example, it's up to Google if they want to then refuse your custom at that point and wipe everything they've ever known about you from all their systems.

One of the curious things about the new law is that businesses might not be able to refuse your custom even if you withdraw consent. The choice to give consent has to be meaningful, and if it's fundamentally tied to getting something else then it's been coerced.

This is one of the controversial things about the GDPR, because some businesses -- including the likes of Google and Facebook -- rely on consent to process people's profiles for the purposes of targeting ads, and those ads are how they fund their business. Allowing people to withdraw consent for such processing is one thing, but requiring these businesses to continue providing substantial services with significant operating costs to those people anyway potentially undermines their whole business model.

How their lawyers are going to try and spin this as having some sort of legitimate interest basis for processing the data anyway and having that take precedence over data subjects' right to object will be interesting to watch, but it's possible that the law is simply unreasonable and unworkable in this situation and may have unintended and quite bad consequences.

Re:Yes, so limit what you share

[ncc74656]

I'm not in the phone book, and have never paid any money for that choice. You must be looking back a very long time if you had to pay to be removed.

Last time I had a landline was ~12 years ago, and I'm fairly sure you got listed in the white pages by default. I don't recall if they charged extra for unlisted numbers, as I never had one.

(Wait a sec...the second line on which I used to run my BBS and that I then used for demand-dialed Internet access before I switched to cable-modem service was unlisted, and I wasn't charged extra for that. I had that line from 1992 to 2000, IIRC.)

That listing went away when I replaced the landline with VoIP, even though it was on the same number.

Nowadays, I don't think the local phone company is even publishing yellow pages, let alone white pages. Back when they were still dropping them off on doorsteps, I usually chucked them straight into the dumpster as I had no use for them.

It was a minor shock when I visited an aunt and uncle a couple of weeks ago and they pulled out a phonebook to look up an address for something, not knowing that I could punch the name into Google Maps and get directions before they could even get their book off the shelf.

Re:Yes, so limit what you share

[Rick+Schumann]

If you're worried about Google snooping in your email, then don't use Google anymore.
If you're worried about your phone calls being listened in on, then don't discuss sensitive subjects on the telephone, do it in person, in private locations, away from anyone or anything that might be listening.
If you're worried about Facebook/Twitter/whoever on the Internet snooping into what you're doing, then you'll have to decide whether or not these so-called 'services' are worth the intrusion into your private life -- or perhaps you should modify what you post in those places.

What people seem to forget is that we used to live productive, fulfilling lives before there was an 'Internet'. You could drop it today for the most part, use it only for 'official' purposes (if necessary), and you'd get along just fine without it otherwise. Sure, you'd have people look at you funny (because they don't get it) and some things would be less convenient than they used to be. But you wouldn't starve, or die of exposure, or be forced to become a hermit. You'd just have to adjust.

I'm one of those who gets looked at funny. I don't use so-called 'social media' at all anymore, haven't for about 10 years now. In the last year or so I stopped using plastic to pay for things if at all possible, and pay cash instead, so purchases can't be tracked. I do not own nor do I want to own a smartphone, so you can't track/surveil me with that; I have a cheap clamshell phone, and it's not even turned on unless I'm actively using it, if you don't leave a voicemail then it must not be very important to contact me. I can't avoid all the gods-be-damned cameras everywhere in public, but I doubt my every move is being tracked with them anyway, and there are plenty of places I go where there aren't any cameras anyway (unless they start putting them in the woods, LOL). And so on.

The bottom line is you can protect (and reclaim) much of your privacy if you're willing to do what it takes -- which these days includes, sadly, some small-minded, short-sighted people looking at you like you're a nutjob. Are you swayed (or ruled) by peer pressure? If yes then I guess you give up on privacy and become one of the herd. If no then you take back what was once yours and have some dignity.

Re:Yes, so limit what you share

[Anonymous+Brave+Guy]

If you're worried about Google snooping in your email, then don't use Google anymore.

Sorry, but you totally missed the point there. I don't use Google for my mail, but I have no way to determine whether anyone else I'm communicating with does. If I'm sending a message, it's for the intended recipient, not for Google to profile me without my knowledge or consent. But the third party spying doctrine says Google have the technical ability to profile me anyway.

If you're worried about your phone calls being listened in on

Again, I'm afraid you totally missed the point. It wasn't about phone calls being monitored. It was about people with apps that upload the contacts list from my friend's or colleague's phone, and in doing so get my details. Combine a few dozen cases of that happening, and someone can wind up with a disturbingly accurate picture of who you are just from your metadata and personal network.

You could drop it today for the most part, use it only for 'official' purposes (if necessary), and you'd get along just fine without it otherwise.

The trouble is, that's not really true, unless your definition of "official purposes" is so broad as to be almost meaningless. It is now assumed that everyone has Internet access and social media and smartphones, and you really can't live without them unless you are willing to become almost a hermit. My personal friends and family do understand why I choose not to participate in some of these things and do know how to reach me if they want to. But that doesn't help with all the government services I have to deal with personally and for my businesses. It doesn't let me park my car where the cash meters have been replaced by phone apps. It doesn't help me deal with professional services like lawyers and accountants who need electronic records. It doesn't help me respond to a customer who expects my business to be contactable by email or on social media.

You write as if you're the only person in the world who prefers not to be tracked and is willing to give up some convenience to avoid it, but you're not. I have similar views, and so do plenty of other people. But there is a cost, and sometimes it is unavoidable. IMNSHO, we shouldn't have to pay that cost or be trapped in a catch 22 situation just for the privilege of being able to communicate like normal human beings.

Re:Yes, so limit what you share

[Rick+Schumann]

You're saying I'm missing your point, meanwhile you're missing my point: You can only do what you can do, and you can't control anyone but yourself. You can reclaim some of your privacy. If you want more (or all) of it back then you have to cut everything and everyone off. Until the world changes (unlikely) that's the way things are. You can try policing your friends, tell them not to share your contact information, not upload things, no pictures of you, etc, but it's an uphill battle when people don't understand. How far do you want to take this? That's what you have to ask yourself.

Re:Yes, so limit what you share

[Anonymous+Brave+Guy]

Well, arguably the central premise of this discussion is changing things so you do have more control over data and aren't just getting spied on by proxy all the time, without having to cut yourself off. So I'm not sure what point you're trying to make here. Yes, the situation has been bad. No-one is disputing that; it's why laws are starting to change to address the issue and why this subject is interesting right now.

Re:The solution is simple

[Desler]

Utilities usually run a credit check on you so giving them fake information doesn’t usually work.

Could copyright be the answer?

Say we gave everyone by default the copyright to their own personal information, as an intrinsic human right. Then nobody can copy your data without your permission, or else you can sue them. We've already established that personal data is worth money. Well, I don't want people copying that shit and making money off it without showing me any of the profit.

Re:Could copyright be the answer?

[davecb]

That's the case for inaccurate information in Canada and the EU: you can require inaccurate or no-longer-accurate (outdated) information be removed. Accurate? That's harder.

Public records

[The+Good+Reverend]

If you want real protection, you're gonna have to change the way records are made and kept public. FB is an easy target (and Slashdot stories in the past few months show how obsessed people are with FB, but not anyone else), but it's not as big of a deal as large aggregating data companies like LexisNexis. And where do they get the bulk of their data? Public records.

Mortgage records, public housing data, court records, public directories, etc. They've got other stuff, of course, but the public stuff are all the things that can really screw with you (compared to your advertising preferences, which is the bulk of what FB, Twitter and others deal in). But anyone interested can do the same as those companies do, with just a visit to the local courthouse or library.

The problem here, however, is that public records are important for everyone. It's good and important to know who owns property. It's good to know who's involved in a court case, who's been sued, and who owns a business. So do we limit this information? Or somehow limit how it's collected? Are there free speech issues involved if individuals are allowed to access public information, but companies can't? Does the answer to that question change when it's the private companies that make the data useful to the public (because otherwise, it's hard to get at, all in one place)?

There are a lot of questions, and the answers are never as easy as "just stop sharing things" or "Make Facebook stop". Living in a large society necessitates having public records easily available, for the sake of all of us. And feeling high and mighty because you don't use Facebook is just fooling yourself. This is a complex issue, and we'll need to decide what we want to give up for the sake of the privacy we think we need/deserve.

Re:Public records

[Xylantiel]

The discussion is about personal information, like pictures of your children or pictures of you during childhood, or your location minute to minute, your web and viewing history. Public records are a whole different thing and have much more well-defined controls and usage. The issue is that I can choose to not give my location history to dataminers, but as soon as my friend gets in the car with their phone they are basically spying on me. Only social pressure will fix this issue. If people start getting ostracised for using spyware on their phones rather than the opposite, that will make a difference. If people reacted like that, facebook would be banned from the app store like all the other spyware apps. (I would claim the fact that it isn't already is a double standard, as you are basically pointing out.)

Re:Public records

[Alypius]

And even then, the "owner" is likely a trust with no singular identifiable parties. It's called "asset protection" and was intended to keep grandma from losing her savings and social security because someone threw themselves in front of her Cadillac. It's actually more important now than ever, particularly in states with high fraud rates like CA; before leasing his i3 (the only way to get a HOV sticker anymore), my brother had to take out a seven-figure insurance policy to protect his house as it is apparently common in SoCal for illegals to get into car wrecks and sue for the house (no citation, other than the dealer who refused the lease without the proof of policy. YMMV.)

Re:Public records

[Dog-Cow]

Unless your friend also takes a photo of you sitting in the car and uploads it with location data embedded, no one is spying on you.

Re:Public records

[Sique]

If the friend is updating the status to "in the car with Xylantiel", someone is.

Re:Public records

[grep+-v+'.*'+*]

The problem here, however, is that public records are important for everyone.

Years ago, a local weather (news?) figure was arrested in a weird hot-tub death. With dog collars. And what-not. Fine, whatever.

But I looked up the public police report (PI stuff redacted) and was able to access it. From home. Late Saturday night. In my underwear no less. (TMI, I know.)

But that's my point -- it's public, but it's public ALL of the time from anywhere. Anybody, anywhere could and probably still can access up that report Should some records be accessible "in an office" or with some inertia added somehow? (with no penalties for "pirating" either. The ORIGINAL bits are exactly right where they were.) It's not their data, just harder to access. I'm not advocating, but asking.

For opposition to this, you've got FOIA pushback examples -- for example, I've heard of data release (as an example) for "only" $100 per PDF page and $1000/hour of a clerk's time to research the issue. If it's public info, that's not right either.

And on the third hand, you might be asking for data right NOW that they don't have -- microfish images for example -- where those prices might actually be reasonable.)

Re:Public records

[Registered+Coward+v2]

If you want real protection, you're gonna have to change the way records are made and kept public. FB is an easy target (and Slashdot stories in the past few months show how obsessed people are with FB, but not anyone else), but it's not as big of a deal as large aggregating data companies like LexisNexis. And where do they get the bulk of their data? Public records.

Technology is making it easier to aggregate data even if the person is not a user of your services. For example, as facial recognition improves, coupled with tagging, FB and others will be able to identify a person, and as they get more hits narrow down who they are and where they probably live. By trolling other sites such as linked in they can build a pretty good data set which can be coupled with publicly available information. If they can get DL pictures a person doesn't even have to be online for a company to build a profile of them. The increasing ability to process, analyze and link vast sets of data is changing what is meant by privacy.

The only way to ensure some privacy is to have a big enough political entity pushing it; which is why previously available information on carry permits is now no longer available in some states, and gun purchase records are purged after a short period.

Re:Public records

[Actually,+I+do+RTFA]

gun purchase records are purged after a short period.

Citation needed. I didn't think gun purchases records were ever purged in the US.

Re:Public records

[Rick+Schumann]

Probably the best thing that can be done about public records of people, at least until someone comes up with a better idea, is to put a financial barrier in the way: you have to pay a fee in order to access public records about a private citizen. This might prevent (or at least curtail) 'scraping' of public records databases by 'bots. Beyond that I have no idea; require verifiable government ID if you want to access public records, and the access is logged? That way at least you'd know who has been snooping into your life.

Re:Public records

[Registered+Coward+v2]

gun purchase records are purged after a short period.

Citation needed. I didn't think gun purchases records were ever purged in the US.

You're right. Federal firearms licensed dealers are required to keep records indefinitely; state laws vary though the feds trump state laws. I mean to say background check records are deleted.

There's no choice.

"There's a lot of burden being put on individuals to have an understanding and mastery...

There's no choice. It is the only solution.

You cannot depend on governments to guard your privacy. Snowden's disclosures showed the 5 eyes / 11 eyes / whatever group wants to harvest your data just as much as FB and G.

And even you could trust Norway or whatever, what about all the people who don't live in a nice friendly western democracy? What about those living in repressive regimes?

No, we have to protect ourselves, and take back our digital privacy.

And why shouldn't people be expected to understand what they are doing with all of their data? We expect drivers to understand the rules of the road. We expect pilots to understand how to safely operate airplanes. We expect HAM radio operates to abide certain rules to avoid destroying the common medium. Why shouldn't we also expect internet users to act responsibly toward the internet, and stop supporting the worst ideas?

We let anyone flood not the net in the 90's without a shred of comprehension or willingness to learn. We sat by while they made terrible choices, while they made companies like Facebook into international surveillance behemoths, while they spied on we who made better choices by acting as proxies of FB after installing spyware on their own devices.

No... it's long past time to expect better, and for there to be real consequences for those who act poorly, just as we remove driver's licences from people who abuse the public road network and endanger others.

No law can solve this. The solution can only be cultural.

Re:There's no choice.

[rmdingler]

"There's a lot of burden being put on individuals to have an understanding and mastery...

There's no choice. It is the only solution.

You cannot depend on governments to guard your privacy. Snowden's disclosures showed the 5 eyes / 11 eyes / whatever group wants to harvest your data just as much as FB and G.

And even you could trust Norway or whatever, what about all the people who don't live in a nice friendly western democracy? What about those living in repressive regimes?

No, we have to protect ourselves, and take back our digital privacy.

And why shouldn't people be expected to understand what they are doing with all of their data? We expect drivers to understand the rules of the road. We expect pilots to understand how to safely operate airplanes. We expect HAM radio operates to abide certain rules to avoid destroying the common medium. Why shouldn't we also expect internet users to act responsibly toward the internet, and stop supporting the worst ideas?

We let anyone flood not the net in the 90's without a shred of comprehension or willingness to learn. We sat by while they made terrible choices, while they made companies like Facebook into international surveillance behemoths, while they spied on we who made better choices by acting as proxies of FB after installing spyware on their own devices.

No... it's long past time to expect better, and for there to be real consequences for those who act poorly, just as we remove driver's licences from people who abuse the public road network and endanger others.

No law can solve this. The solution can only be cultural.

Your post is filled with wise observations and sage advice.

Once rationality is restored to the majority voting populace, it'll be clear to us that the government works for us, and things like our privacy are off limits to the data collection efforts of corporations and governments alike.

We're in, virtually, no danger, unless the slow thinkers somehow out-breed the erudite.

Re:There's no choice.

[techno-vampire]

And feeling high and mighty because you don't use Facebook is just fooling yourself.

Absolutely. I've never used Facebook, but enough of my friends and family do that I'm sure that they've got an extensive profile on me and there's nothing that I can do about it. Yes, I suppose that I could join, request that my data be removed then terminate my account, but I have no reason to think that they're going to delete anything that they had before I joined.

Yes

[GlennC]

Next question.

People forget the IRS...

A few years back they were pushing 'mandatory e-file' if you had certain kinds of tax filings. The interesting part? eFile was only available through third party companies, not the IRS itself.

They will just find some other way to violate our privacy by outsourcing it to a third party then legally mandating it. Americans are screwed without a major shift in our legislative priorities.

Re:People forget the IRS...

Americans are screwed without a major shift in our legislative priorities.

Americans are screwed regardless. The American "Empire" is in decline. Unless that changes, and it won't because that would mean those in power would loose some of it, their government will only increase their survailence and intrusion into the lives of their people. Why? Because they know they've screwed the pooch, and they want to know when the revolution starts getting organized, so they can squash it before it becomes a threat to them.

Make no mistake, they could easily fix these issues if they wern't so focused on increasing their own power and wealth. They have plenty of people lined up ready to fix crap (the millitary they can't stop spending money on), and plenty of funds to do it with (once again they spend how much on the millitary compared to other areas of government? Also, many of them have their own companies that refuse to pay their workers a living wage. Never mind all of those "campgain contributions" they've gotten over the years.) They refuse to do jack.

Of course if it becomes a problem domestically they will offshore it. Worked well enough for fixing the wage issue they had, and the can't listen in on our own citizens problem, should work fine for fixing the social media problem. Just put it outside of the border and suddenly they can't touch it, or at least so they will claim to the public while bombing hospitals and police stations in the middle east in blatent violation of international law.

The best part? Americans are too stupid to figure out where the data even is. They think that all of those 500mb videos shot on their iDevice is stored on said iDevice in an app called iCloud. They think that somehow despite giving away control over the data to facebook that they are somehow protected when they make their profile "private". Or how when a state government uploads all of their student records into the "private" cloud run by the SIM (Student Information Manager) software that it is somehow under constant monitioring of the state that cannot be interrupted. These idiots don't realize a fundamental truth of IT: "Who ever possesses the data, controls it."

Buckle up everyone. It's going to get a lot worse before it gets better.

Been saying it

[war4peace]

For a long time I've been saying it: Average Joe forfeited their digital privacy years ago, without realizing it, let alone consenting. Furthermore, "digital privacy" is a contradiction of terms. As soon as your data, any data whatsoever, is posted anywhere online, you lost control over it. Someone being able to read it means someone being able to share it, period.

You can corrupt or falsify your data, but all it takes is one slip.
Have you inadvertently given your phone number to anyone? They might upload it to the cloud (contacts backup), where it can be read and cross-referenced with other data sources, leading to you. Bah, merely getting a phone subscription means your data is not online and WILL be used to make money off it, legally or not.
Have you ordered anything online? Bad idea: your data can now be shared with unknown third parties.
Do you have a static IP address provided by your ISP? Or is your IP address part of a limited pool? Not good: it's saved in logs on ALL websites you visit and can be used to build a comprehensive map of everything you do online.

The moment you connect tot he Internet is the moment you're screwed. Your digital data can be exhumed years after being generated. There are methods which can mitigate the issue but then again, all it takes is ONE slip, e.g. forgetting to start VPN or clicking a malformed URL by mistake, etc.

Re:Been saying it

[CrimsonAvenger]

Have you inadvertently given your phone number to anyone?

And just how useful is a phone number if noone knows it? Note that in the pre-digital days, we had this thing called the Phone Book, which was nothing more or less than a listing of pretty much every phone number (less the "unlisted numbers", which were meaningful right up until "caller ID" came along).

And did you really think that your friends never talked about you to their other friends? And those other friends to still others (we used to call it "gossip")....

Computerized gossip

[mi]

Welcome to a world where you can't opt out of sharing, even if you didn't opt in...

We've lived in this world since we learned to speak. People could always tell other about you, spreading gossip and rumours — some accurate, some libellous. Government agencies, private detectives, and organizations like the Inquisition have also kept files on people.

The "new" thing here is that computers are used, which provides for actual accuracy of the information and vastly expands the scale...

Re:Computerized gossip

[Attila+Dimedici]

The "new" thing here is that computers are used, which provides for actual accuracy of the information...

That is the mistake that everyone makes. It does NOT provide anymore for accuracy of the information than previous methods of compiling it. What it does provide for is that the information never goes away, whether it is accurate or not. Or more precisely, it provides for that information to be retrievable. That information is just as likely as before to be accurate or libelous.

Re:Computerized gossip

[mi]

What it does provide for is that the information never goes away, whether it is accurate or not.

Like digitized music, the information may bad to begin with. But it will not deteriorate with time and each replica will be a perfect copy of the original. That's what I meant.

Re:Computerized gossip

[AmiMoJo]

This is also how you fight back. Separate profiles for everything, and loads of fake ones with harmless misinformation that obviously isn't you when anyone checks.

A while back someone demonstrated AI that could build brand new faces from a dataset of celebrities. Sounds like a great source of fake profile images. Unfortunately it will also be used by the Russian and 4chan trolls...

Re:Computerized gossip

[Attila+Dimedici]

My point still stands, one of the biggest problems with computerized information is that people assume it is accurate without considering how credible its source was.

Re:Computerized gossip

[Registered+Coward+v2]

The "new" thing here is that computers are used, which provides for actual accuracy of the information and vastly expands the scale...

And therein lies the problem. People assume because information comes from a computer it is accurate, and once it is in a database it is hard to correct and keep corrected. The vastly expanded scale also means it is much easier to spread inaccurate information and have it in places besides the original repository, adding to the problem of fixing it.

Many "click through" agreements should be invalid.

[ErikTheRed]

One of the foundations of contract law has always been that a valid agreement requires a "meeting of the minds" - that both parties essentially agree upon and desire the outcomes specified in the contract. Somehow this got thrown out the window with the "click agree to continue" mode of doing business. I'm not going to knock long lists of terms and conditions - from a technical, legal standpoint they are often necessary to protect both sides and allow business to be conducted in a reasonable manner, and there are plenty of instances they are honest and straightforward parts of the bargain.

That being said, there are also many instances companies are sneaking in stuff that has nothing to do with the other party's conception of the agreement. Courts have been upholding this bullshit, and they should not. Virtually every case where privacy issues become problematic involve these situations.

My suggestion would be to have three or four "standard forms" for Internet agreements that are reasonably easy to understand (the idea modeled very loosely on the Creative Commons concept - straightforward options, with icons indicating what is included / excluded). I would start with "free as in beer," "pay with money," "pay with ad viewing," and "pay with your life data." These can contain the overwhelming majority of the "boilerplate" and be explained fairly easily. This leaves the exceptions, which in most cases should be short enough for a person to deal with. If you can't start with this and have a humanly manageable agreement, then your product or service is probably sketchy as fuck and people should stay away.

1984

People may have read it, but did not learn from it. Now you pay the price.

Re:1984

[yuriklastalov]

Plenty learned from it, seeing as how it's an instruction manual and all.

A warning... how cute.

Bad analogy time

[Dutch+Gun]

If you live in a swamp and an alligator attacks you, do you blame yourself for being a slow swimmer? Or do you blame the swamp for forcing you to hang out with alligators?

Yes, I often ponder this as I'm being attacked by alligators in the swamp I live in. /sarcasm

General writing protip: the whole point of an analogy is to relate a situation that's difficult to understand to a more COMMON scenario. I'm more confused by this bizarre analogy, while I understand the actual issue of digital privacy just fine.

Re:Bad analogy time

[_Sharp'r_]

Also, swamps don't have agency. They don't "force" people to do things like hang out with alligators. If you're swimming in a swamp, presumably that's the result of previous choices by you and/or others. The swamp didn't have anything to do with making those choices, so why would you be blaming the swamp for anything?

All this analogy demonstrates is that the writer doesn't understand analogies and possibly even doesn't know what the concept of responsibility means.

Systems that work can be developed

[Xylantiel]

There are people working toward systems that works properly, it just takes more effort and it doesn't make money for a centralized company. See Hubzilla. Another problem is that there is not a billion-dollar promotional campaign behind things that don't allow exploitation of the users. They have to be developed from the edges in basically by definition. The federated identity-aware web is slowly and steadily coming together, but it is happening in projects like hubzilla, ostatus, mastodon, owncloud, etc that the main stream media just ignores because they aren't being pushed by those trying to create get-rich-quick schemes by cheating people.

We had this with Oath/Yahoo

[davecb]

They included language in an agreement that had anyone who agreed to use their email service grant permission to contact their friends with ads. Unlawful in Canada, and now withdrawn... in Canada.

We are living in a Global Village

[DalM]

Remember when the term "Global Village" was all the rage? With all the talk about the benefits that a global village would bring, people forgot that there are parts of living in a village that suck. One of those is that there is no place to hide. Everyone knows your business.

So, welcome to the global village.

Sure you can, not all. but a chunk.

[oldgraybeard]

Keep in mind almost every App in the market place is designed for 1 reason and 1 reason only. To provide a perceived value so that you use it and get more and more tied in. Facebook, Google, Bing, Twitter, Instagram and the rest of the social media/search sitesApps in the ecosystem are the same.
The reason they provide these apps/tools and sites is to collect as much of your personal information as they can so they can sell it and market ads at you for the highest bidder.
That is how capitalism works,.also keep in mind these are businesses, they do not care about you, except in the value of selling your personal information/making money on you. If something happens, their goal is not to help make you whole, it is not to get sued.
Welcome to the real world.

Just my 2 cents ;)

Re:Sure you can, not all. but a chunk.

[welshie]

Which is why I never install a mobile phone app when there's no good reason for collecting any further information from me. Often, there's a perfectly functioning website, and you have far more control over what data you provide, and tracking functions from a browser - private browsing modes, adblock etc, than you do with a bespoke mobile phone application.
I recently encountered some online shop, whose web site refused to give out any useful information about the products on offer, insisting that customers download their mobile phone app, which probably gathered far too much information than needed to perform any sales transaction. Net result to them was lost sales.

Ask a question...

[Notabadguy]

Maybe.

Re: The solution is simple

[KixWooder]

My electric company and internet provider did a credit check.

I blame LinkedIn...

... back when LinkedIn started up, when people created accounts they were asked to grant LinkedIn access to their address book.

If you said yes, aside from stealing all your contacts' info, LinkedIn would send spam email to all your contacts (in your name) asking you to sign up.

I might be very good at managing my digital privacy, but I can't prevent other people from adding my phone number, contact info, etc. to their phones (which will then get stolen/taken by other apps).

Re:Computerized life.

[mi]

It works both ways, though. Once, after a job-interview, I looked up the prospective boss — and found, he was once arrested during a meeting in defence of Free Speech. Made me want to work for him — and for the company, that employed people like him in positions of authority...

Data about a person is personal IP

[pedz]

I think we could figure out a way to state that a piece of data that describes a person (can be tied back to an individual) is the property of that person. And each piece of data is worth a minimum of $1. This is property -- not copyright so there is no "fair use".

The one exception would be public records such as titles, etc. The authorized body would be allowed to store that data with no payment to the owner. e.g. the county court house can record the deeds, mortgage, etc about your house. But they can not give it away.

Possession of data that has not been paid for is treated the same as possession of stolen property.

Aggregate data that can be tied back to a person is still considered personal data even if each single piece of data can not be tied back to a particular person.

"tied back" is if it is possible for a piece of data to be deduced to be about a particular individual. The argument of "possible" would be done by the court system.

Personal data would be treated much like a material item when it comes to such things are guardianship, etc.

The ownership would start at conception and would survive death.

This is more or less off the cuff. The point is that if personal data was taken to be the same as personal property and viewed in that light, with laws set so each piece of personal data has a minimum value, then the way it is handled would suddenly change completely.

Another thing I would add is some way to make it that unnamed third parties can never receive any personal data. I don't want to allow something like a license where part of the license is for me to "willingly" give the other party permission to sell or distribute my personal data to third parties.

Anyhow, the point here is to not figure out all the precise language but I'd like to see people start thinking along those lines -- that the data about me is my personal property. There are a lot of details to work out.

So What’s New?

[mschwanke97402]

Big companies have been slurpng up your data for decades. You have not always agreed to it or even been aware of it. Credit bureaus sound familiar?

Stop with

[AHuxley]

Twitter, Facebook.
That removes a lot of the tracking.
Use a browser that can stop the ad, social media and malware requests.

Maybe the trick is not to prevent companies...

[thadtheman]

from collecting data. Rather it's to put out a lot of data about yourself that is false. Then when the system becomes gummed up with false data, it will have no value and companies will stop collecting it.

Listen to Richard Stallman

[lylefile]

"We need laws to stop this data being collected in the first place"

- R. Stallman

Credit rating agencies

[Karmashock]

The consumer finance industry is absurdly rife with pervasive data transparency contrary to the knowledge and wishes of the people that generate the data.

Finance industry in general is pretty bad with this... they're trying to do the same thing to medical data... just enter everything into a big database somewhere that you opted to share your data through in some giant EULA or whatever and if you say no then you're basically treated like you're Amish.

Its everywhere.

Its the state of things at the moment. If you think your data isn't out there then you're confused.

The best we can do is fill in false information where practical and use anonymizing tech. But that doesn't make you invisible to the government or the banks... and they share with everyone and know more information about you then most people would guess.

really?

[geekprime]

None of my social media accounts link to my real life. None of them. I tell my friends that theirs should not either and I do not accept "friend requests" and I tell them why not to do that either.

Re:The solution is simple

[Trax3001BBS]

All you have to do is not use your real life information when signing up for services. Same goes for utilities.

I've used www.fakenamegenerator.com for many years now, mostly on Rooted Android devices.
I'll reroll the info till I get something close to home.

This would be used on servers and such, no money involved.

Game over, man. No privacy allowed.

[biggaijin]

Worrying about whether someone else's disclosure exposes you is a waste of time. There is no privacy left, and the only way to safely live in peace is to never disclose anything to anyone. Once it is out of your mouth, it will be scraped up into the great data bank in the sky, where it will live forever. Historians and researchers in 300 years will be able to determine the precise day when you had a hemorrhoid operation, a tooth filled, or you purchased a new coffee pot. We will never need to speculate about things like George Washington's false teeth with our contemporaries, because we will be able to retrieve the precise model, the date they were fitted, and the amount of sales tax paid when they were purchased. Fortunately, we have a benevolent government that will only use this information to help us.

Scott McNealy

[ebvwfbw]

Scott said this 10-15 years ago? He said we have no privacy. Get over it.

Re:Can't Opt Out, But Can Corrupt It

[postbigbang]

Disinformation doesn't mean doodley, even if you come out of a Tor node exit. They characterized your browser long ago, and by probing your browser's state, they know who you are.

You surfed enough to different places to get a capture that shows your activities. They get your logon name, because you didn't use plugins that tell your browser than you're doing a cleartext post from within an otherwise https site. They look and cross-ref that ID, because you're lazy like everyone else.

They know who you are. It just takes some trivial digging.

You can do all of the sophomoric gigglies you want, but don't kid yourself. They know who you are, and can detect the signal from your noise no matter how clever you think you are.

It's not a game to the people that want to know, and while they themselves are sometimes not very clever, they have acres of spinning disks and too much cpu power to not eventually win.

This is the dismaying part. There are tricks to provide real, no-shit anonymity on the Internet, but they're short term, and like a burner phone, have to be thrown away. It just makes the trail harder to follow. Sooner or later, if they want you, they'll correlate enough interesting data to make a good guess. This isn't paranoia, this is a living for a small group of people. They like to win. Information has always had value, and until yours is worth something, be carefree.