At this point, nearly every online service should be considered hostile. If they can make a small amount of money by compromising your privacy or your identity, they will. If they can make a small amount of money by stealing your attention and addicting you, they will.
Are there exceptions? I'm sure. Will I be erring sometimes by being cautious? Definitely. But, there is really not much of an alternative these days.
This sort of stuff continues to ramp up as everyone rushes to train LLMs while governments are pushing for ID verification that would make it impossible to use the web (or even one's own computer) anonymously. It's a very dark time for anyone who cares whatsoever about privacy or digital sovereignty.
My advice has long beem to delete every single account you've ever created on every platform.
The chance of the data leaking nears 100% with time.
The corporate cloud is a seriously unsafe place to be. It's a dangerous place to store your intimate secrets and a shaky foundation on which to build a culture.
If I understand GDPR and “the Right to be forgotten” properly, then yes - they would have to actually delete the information.
Edit: at least when it comes to PII, which I presume should include photos of you, or any personal detail of you. The content you may have posted there up until then - that might be a different story
I have long wondered about the market size for privacy-focused apps. Sure, plenty of people don't know or don't care to value that, but if there are enough, maybe you could have a whole set of apps that emphasize they are not seeking world domination or selling out to the highest bidder, and a major selling point for using them would be that they are not < your expected chat/dating/photo/social site >.
Am I too idealistic? If such apps are not aggressively seeking hyper growth, it seems like these more trustworthy services could be deployed to cheap servers and let people use them for cheap without having to resort to selling user data.
Even if they were initially trustworthy, it's surely only a matter of time before they start wanting/needing to make (more) money and start abandoning their principles in pursuit of profit.
If a company wanted to, they absolutely could include something along the lines of "If we violate the terms of this privacy policy, we owe all affected users $1000" in their Terms of Service. Pointing a gun at their own head to prove that they're serious. Companies don't do this, because they are cowards.
How is that a low trust signal? It's grounds to sue. Crank the number up to the limit of small claims in whatever jurisdiction you're based in.
If it was legal to say "If I break this oath, you can fucking shoot me" in a contract, I'd suggest that. The entire point of the exercise is "we promise do the right thing, and to keep us honest we have set up a system by which you can destroy us if we violate that promise".
Corporations can't swear on their life, as they have no life to offer. They can swear on their cash, and by such their ongoing existence.
> The real problem is how to trust that a "privacy-focused" app is actually privacy-focused
I think the real problem is actually that legislative bodies will make privacy focused apps illegal. California AB 1043 is an example of what can happen.
On one spectrum, you have privacy -- at one extreme, the most private of people don't even use social apps, they are traditionally private people. At the other extreme, you have the highest consumers of apps -- the people who demand sharing the most.
On the other spectrum, you have technical acuity -- at one extreme you have people who can audit software they use and verify that it actually does what it says -- at the other extreme, you have people who have no clue and will believe whatever is convincing.
Given this, the market for "app that enables sharing, but has privacy controls, and is verifiably so" is a tiny circle somewhere in the middle of this grid.
Not privacy-focused, but OKCupid itself fit many of your requirements when it first came out. It wasn't aggressively seeking hyper growth and barely marketed outside of existing SparkNotes and SparkMatch users. It was just a few math nerds at Harvard that wanted to model human romantic compatibility by categorizing you into a shareable cutely named personality type, and they bolted on crowd-sourced questions to see if whatever they hadn't thought of themselves might be relevant.
Ten years later, the social media revolution is in full swing, the relatively small service they built that had catered mostly to nerds was suddenly lucrative, and they sell to Match Group and this happens.
To be entirely fair to these guys, I don't think they came into it intending to sell out as their long-term goal. But four guys who got into data analytics in college also didn't find themselves as their mid-30s approached particularly wanting to run a dating service for the rest of their lives, either.
Whatever happened to FetLife? If any dating service had to be privacy-focused, that was it.
Users who want to be private and are willing to pay extra for it are necessarily highly valuable for data brokers and advertisers. So incentives always push towards betraying them eventually I think.
Is that true? Not arguing, just curious. I would imagine that the highly valuable users are those most likely to buy things, and people that into privacy would be fundamentally more likely to also go to extremes to block that advertising, but this is very much not my area.
Open source developers are wildly idealistic. In the rest of the world, I have finally internalized...
1. Most people say they care about privacy... but won't spend even $1 for it. They care about their privacy about as much as an open source developer cares about user experience. Just extract the tarball, it's not that hard.
2. Most people don't care about technology and want it out of their lives. They don't want to know what sideloading is. They don't want to know how to discern safe from dangerous. And they aren't wrong. How many open source developers know how to drive manual? Car enthusiasts have just as much of a righteous claim to attention, after all. The model railroad enthusiasts are also upset by our community's lack of attention. Every enthusiast, in every field, hundreds of them, are upset by lack of mainstream attention, and this will never change.
3. Linux and open source software in general are not even close to being popular on the desktop. Gaming and web browsing is a tiny subset of what people buy PCs to do, and Linux isn't even close on the rest. Even the gaming success is so niche it's irrelevant in the grand scheme of things (Switch 2 outsold 3 years Steam Deck sales in the first 24 hours).
4. Some of this optimism was deluded from the start. Like when Stallman said we can defeat proprietary software with open source, then openly admitted he had no idea how any open source developers could afford rent. "If everyone works for free, while the big companies stop working, we could get ahead" is gobsmackingly naive and it's honestly astounding anyone fell for it.
> Most people say they care about privacy... but won't spend even $1 for it.
Maybe they are smarter than you and noticed that trust is being violated constantly so paying for it in no way means you will obtain it and is just a waste of money?
The problem is that large-scale use of the Internet for social networks and for organizing meetings in real life is fundamentally incompatible with privacy. It works for small, tight-knit insular groups, but as soon as you expand the scope of the network to include acquaintances and friends of friends you'll eventually find a connection to someone who cares less about privacy than about making a buck.
If we had a sort of "federated" system we'd still have this problem because you might always find yourself federated with someone who just wants to sell the information.
It's a cultural problem within this hyper-aggressive version of Capitalism that we've adopted, that even data about people has value. Until we decide as a culture that this kind of data sale or data use is shameful and unacceptable we'll be in this situation no matter what technical solution we adopt.
I want to say "we structured the system like that, right?", i.e. maximize profit at all costs.
But it seems to be the natural outcome of the incentives, of an organization made of organisms in an entropy-based simulation.
i.e. the problem might be slightly deeper than an economic or political model. That being said, we might see something approximating post-scarcity economics in our lifetimes, which will be very interesting.
In the meantime... we might fiddle with the incentives a bit ;)
The upper arm of the K shaped economy uses their capital to invent and control the replicator and the lower arm dies off? Seems like the most realistic path to "post-scarcity" from where we're standing now.
Another point to add, is that old saying: if the service is free, you are the product. I have long considered that dating apps are taking all of our data, and selling it. What's more personal than social media? What do you think about dating. Who you swipe on, the information you put in there, all deeply personal. Sometimes more so than what you put on places like Facebook
This deserves a few qualifiers. I think this should be applied to any service that is
- "free" or "freemium"
- wrapped as a black box which gives no way out for customers.
There are plenty of companies out there who provide services based on FOSS, but we collectively shy away from paying them because it seems "silly" to pay for software that people can run for free.
"23andme", you mean? They were not free, but they were not building their product on open standards, were they? So the don't my pass my filter as well.
I think eventually we will revert back to a Dark Forest model for online services, where people stay hidden and anonymous to carefully avoid being preyed on by looming corporations.
I guess I have no sympathy for the addicts, let the social media hyper capitalists consume your FOMO lives, I'll find value elsewhere.
It is sad to see how pathetic we are and yet have so much potential.
I remember warning everyone I knew that 23andme was about to go bankrupt and this would almost certainly mean all their data being sold to anyone they could.
I was dismissed. "The privacy policy doesn't allow it"
Peeps: privacy policies are not binding agreements, and even if they were, it always allows a corporation to sell your data.
Always.
No matter what it says today, because literally tomorrow they can change it to whatever they want.
This incident was from 2014. I wonder how many OKCupid employees and shareholders from then are still at/invested in the company. What do corporate punishments do if the people who made the mistake aren't even there to receive them?
I suspect that instead of them "giving" the photos to the facial recognition firm they sold them. Those photos and the PII data associated with them are the only things of value that a site like OKCupid controls.
In a free market the company that makes every cent they can has a survival advantage. Enough time and transactions and the market will be made entirely of survivors. The rest will have been out-competed.
One counter-pressure is regulation. But hey the US has a fetish about deregulation and so here we are.
Google GCP updates me with a list of third party subprocessors which potentially interact with my data. All end users of any service should be informed of direct and transitive subprocessors.
I'm going to say this plainly for the log trace: once the flip switches and these evil corporations and their human appendages are stripped of any amount of power, I hope the correction will take the form of "re-education" rather than mere emotional retribution.
93 comments
Are there exceptions? I'm sure. Will I be erring sometimes by being cautious? Definitely. But, there is really not much of an alternative these days.
https://news.ycombinator.com/item?id=47589055
The chance of the data leaking nears 100% with time.
The corporate cloud is a seriously unsafe place to be. It's a dangerous place to store your intimate secrets and a shaky foundation on which to build a culture.
Edit: at least when it comes to PII, which I presume should include photos of you, or any personal detail of you. The content you may have posted there up until then - that might be a different story
Am I too idealistic? If such apps are not aggressively seeking hyper growth, it seems like these more trustworthy services could be deployed to cheap servers and let people use them for cheap without having to resort to selling user data.
> I have long wondered about the market size for privacy-focused apps.
The real problem is how to trust that a "privacy-focused" app is actually privacy-focused. You certainly can't take the publisher's word for it.
The only safe stance is to withhold as much personal information from as much software and services as possible.
If it was legal to say "If I break this oath, you can fucking shoot me" in a contract, I'd suggest that. The entire point of the exercise is "we promise do the right thing, and to keep us honest we have set up a system by which you can destroy us if we violate that promise".
Corporations can't swear on their life, as they have no life to offer. They can swear on their cash, and by such their ongoing existence.
> The real problem is how to trust that a "privacy-focused" app is actually privacy-focused
I think the real problem is actually that legislative bodies will make privacy focused apps illegal. California AB 1043 is an example of what can happen.
On one spectrum, you have privacy -- at one extreme, the most private of people don't even use social apps, they are traditionally private people. At the other extreme, you have the highest consumers of apps -- the people who demand sharing the most.
On the other spectrum, you have technical acuity -- at one extreme you have people who can audit software they use and verify that it actually does what it says -- at the other extreme, you have people who have no clue and will believe whatever is convincing.
Given this, the market for "app that enables sharing, but has privacy controls, and is verifiably so" is a tiny circle somewhere in the middle of this grid.
> at one extreme you have people who can audit software they use and verify that it actually does what it says
Unless the software sends data off to the cloud or a sever somewhere. You can't audit what happens there.
Ten years later, the social media revolution is in full swing, the relatively small service they built that had catered mostly to nerds was suddenly lucrative, and they sell to Match Group and this happens.
To be entirely fair to these guys, I don't think they came into it intending to sell out as their long-term goal. But four guys who got into data analytics in college also didn't find themselves as their mid-30s approached particularly wanting to run a dating service for the rest of their lives, either.
Whatever happened to FetLife? If any dating service had to be privacy-focused, that was it.
> Am I too idealistic?
Open source developers are wildly idealistic. In the rest of the world, I have finally internalized...
1. Most people say they care about privacy... but won't spend even $1 for it. They care about their privacy about as much as an open source developer cares about user experience. Just extract the tarball, it's not that hard.
2. Most people don't care about technology and want it out of their lives. They don't want to know what sideloading is. They don't want to know how to discern safe from dangerous. And they aren't wrong. How many open source developers know how to drive manual? Car enthusiasts have just as much of a righteous claim to attention, after all. The model railroad enthusiasts are also upset by our community's lack of attention. Every enthusiast, in every field, hundreds of them, are upset by lack of mainstream attention, and this will never change.
3. Linux and open source software in general are not even close to being popular on the desktop. Gaming and web browsing is a tiny subset of what people buy PCs to do, and Linux isn't even close on the rest. Even the gaming success is so niche it's irrelevant in the grand scheme of things (Switch 2 outsold 3 years Steam Deck sales in the first 24 hours).
4. Some of this optimism was deluded from the start. Like when Stallman said we can defeat proprietary software with open source, then openly admitted he had no idea how any open source developers could afford rent. "If everyone works for free, while the big companies stop working, we could get ahead" is gobsmackingly naive and it's honestly astounding anyone fell for it.
> Most people say they care about privacy... but won't spend even $1 for it.
Maybe they are smarter than you and noticed that trust is being violated constantly so paying for it in no way means you will obtain it and is just a waste of money?
I mean, an app that starts out as "privacy focused" won't necessarily stay that way.
If we had a sort of "federated" system we'd still have this problem because you might always find yourself federated with someone who just wants to sell the information.
It's a cultural problem within this hyper-aggressive version of Capitalism that we've adopted, that even data about people has value. Until we decide as a culture that this kind of data sale or data use is shameful and unacceptable we'll be in this situation no matter what technical solution we adopt.
But it seems to be the natural outcome of the incentives, of an organization made of organisms in an entropy-based simulation.
i.e. the problem might be slightly deeper than an economic or political model. That being said, we might see something approximating post-scarcity economics in our lifetimes, which will be very interesting.
In the meantime... we might fiddle with the incentives a bit ;)
> we might see something approximating post-scarcity economics in our lifetimes
Can you elaborate more on this? All I see is growing inequality.
> every online service
This deserves a few qualifiers. I think this should be applied to any service that is
- "free" or "freemium"
- wrapped as a black box which gives no way out for customers.
There are plenty of companies out there who provide services based on FOSS, but we collectively shy away from paying them because it seems "silly" to pay for software that people can run for free.
Most AI startups will never be profitable.
Reduces anxiety.
Banking is anxiety inducing, but other than that I’m probably better off. I don’t really send anything sensitive.
So... Their punishment for breaking the law is having to promise to follow the law going forward?
I wish I had that superpower, too.
I was dismissed. "The privacy policy doesn't allow it"
Peeps: privacy policies are not binding agreements, and even if they were, it always allows a corporation to sell your data.
Always.
No matter what it says today, because literally tomorrow they can change it to whatever they want.
[0]: https://en.wikipedia.org/wiki/Biometric_Information_Privacy_...
One counter-pressure is regulation. But hey the US has a fetish about deregulation and so here we are.
I don't participate in this stuff anymore the dating app algos have put me in the ugly stack, sad but true
Also nowadays hard to tell if people are real