At this point, nearly every online service should be considered hostile. If they can make a small amount of money by compromising your privacy or your identity, they will. If they can make a small amount of money by stealing your attention and addicting you, they will.
Are there exceptions? I'm sure. Will I be erring sometimes by being cautious? Definitely. But, there is really not much of an alternative these days.
This sort of stuff continues to ramp up as everyone rushes to train LLMs while governments are pushing for ID verification that would make it impossible to use the web (or even one's own computer) anonymously. It's a very dark time for anyone who cares whatsoever about privacy or digital sovereignty.
My advice has long beem to delete every single account you've ever created on every platform.
The chance of the data leaking nears 100% with time.
The corporate cloud is a seriously unsafe place to be. It's a dangerous place to store your intimate secrets and a shaky foundation on which to build a culture.
If I understand GDPR and “the Right to be forgotten” properly, then yes - they would have to actually delete the information.
Edit: at least when it comes to PII, which I presume should include photos of you, or any personal detail of you. The content you may have posted there up until then - that might be a different story
I have long wondered about the market size for privacy-focused apps. Sure, plenty of people don't know or don't care to value that, but if there are enough, maybe you could have a whole set of apps that emphasize they are not seeking world domination or selling out to the highest bidder, and a major selling point for using them would be that they are not < your expected chat/dating/photo/social site >.
Am I too idealistic? If such apps are not aggressively seeking hyper growth, it seems like these more trustworthy services could be deployed to cheap servers and let people use them for cheap without having to resort to selling user data.
Even if they were initially trustworthy, it's surely only a matter of time before they start wanting/needing to make (more) money and start abandoning their principles in pursuit of profit.
If a company wanted to, they absolutely could include something along the lines of "If we violate the terms of this privacy policy, we owe all affected users $1000" in their Terms of Service. Pointing a gun at their own head to prove that they're serious. Companies don't do this, because they are cowards.
> The real problem is how to trust that a "privacy-focused" app is actually privacy-focused
I think the real problem is actually that legislative bodies will make privacy focused apps illegal. California AB 1043 is an example of what can happen.
On one spectrum, you have privacy -- at one extreme, the most private of people don't even use social apps, they are traditionally private people. At the other extreme, you have the highest consumers of apps -- the people who demand sharing the most.
On the other spectrum, you have technical acuity -- at one extreme you have people who can audit software they use and verify that it actually does what it says -- at the other extreme, you have people who have no clue and will believe whatever is convincing.
Given this, the market for "app that enables sharing, but has privacy controls, and is verifiably so" is a tiny circle somewhere in the middle of this grid.
Not privacy-focused, but OKCupid itself fit many of your requirements when it first came out. It wasn't aggressively seeking hyper growth and barely marketed outside of existing SparkNotes and SparkMatch users. It was just a few math nerds at Harvard that wanted to model human romantic compatibility by categorizing you into a shareable cutely named personality type, and they bolted on crowd-sourced questions to see if whatever they hadn't thought of themselves might be relevant.
Ten years later, the social media revolution is in full swing, the relatively small service they built that had catered mostly to nerds was suddenly lucrative, and they sell to Match Group and this happens.
To be entirely fair to these guys, I don't think they came into it intending to sell out as their long-term goal. But four guys who got into data analytics in college also didn't find themselves as their mid-30s approached particularly wanting to run a dating service for the rest of their lives, either.
Whatever happened to FetLife? If any dating service had to be privacy-focused, that was it.
Users who want to be private and are willing to pay extra for it are necessarily highly valuable for data brokers and advertisers. So incentives always push towards betraying them eventually I think.
Open source developers are wildly idealistic. In the rest of the world, I have finally internalized...
1. Most people say they care about privacy... but won't spend even $1 for it. They care about their privacy about as much as an open source developer cares about user experience. Just extract the tarball, it's not that hard.
2. Most people don't care about technology and want it out of their lives. They don't want to know what sideloading is. They don't want to know how to discern safe from dangerous. And they aren't wrong. How many open source developers know how to drive manual? Car enthusiasts have just as much of a righteous claim to attention, after all. The model railroad enthusiasts are also upset by our community's lack of attention. Every enthusiast, in every field, hundreds of them, are upset by lack of mainstream attention, and this will never change.
3. Linux and open source software in general are not even close to being popular on the desktop. Gaming and web browsing is a tiny subset of what people buy PCs to do, and Linux isn't even close on the rest. Even the gaming success is so niche it's irrelevant in the grand scheme of things (Switch 2 outsold 3 years Steam Deck sales in the first 24 hours).
4. Some of this optimism was deluded from the start. Like when Stallman said we can defeat proprietary software with open source, then openly admitted he had no idea how any open source developers could afford rent. "If everyone works for free, while the big companies stop working, we could get ahead" is gobsmackingly naive and it's honestly astounding anyone fell for it.
I want to say "we structured the system like that, right?", i.e. maximize profit at all costs.
But it seems to be the natural outcome of the incentives, of an organization made of organisms in an entropy-based simulation.
i.e. the problem might be slightly deeper than an economic or political model. That being said, we might see something approximating post-scarcity economics in our lifetimes, which will be very interesting.
In the meantime... we might fiddle with the incentives a bit ;)
Another point to add, is that old saying: if the service is free, you are the product. I have long considered that dating apps are taking all of our data, and selling it. What's more personal than social media? What do you think about dating. Who you swipe on, the information you put in there, all deeply personal. Sometimes more so than what you put on places like Facebook
This deserves a few qualifiers. I think this should be applied to any service that is
- "free" or "freemium"
- wrapped as a black box which gives no way out for customers.
There are plenty of companies out there who provide services based on FOSS, but we collectively shy away from paying them because it seems "silly" to pay for software that people can run for free.
I think eventually we will revert back to a Dark Forest model for online services, where people stay hidden and anonymous to carefully avoid being preyed on by looming corporations.
This incident was from 2014. I wonder how many OKCupid employees and shareholders from then are still at/invested in the company. What do corporate punishments do if the people who made the mistake aren't even there to receive them?
I suspect that instead of them "giving" the photos to the facial recognition firm they sold them. Those photos and the PII data associated with them are the only things of value that a site like OKCupid controls.
In a free market the company that makes every cent they can has a survival advantage. Enough time and transactions and the market will be made entirely of survivors. The rest will have been out-competed.
One counter-pressure is regulation. But hey the US has a fetish about deregulation and so here we are.
Google GCP updates me with a list of third party subprocessors which potentially interact with my data. All end users of any service should be informed of direct and transitive subprocessors.
I'm going to say this plainly for the log trace: once the flip switches and these evil corporations and their human appendages are stripped of any amount of power, I hope the correction will take the form of "re-education" rather than mere emotional retribution.
93 comments
Are there exceptions? I'm sure. Will I be erring sometimes by being cautious? Definitely. But, there is really not much of an alternative these days.
https://news.ycombinator.com/item?id=47589055
The chance of the data leaking nears 100% with time.
The corporate cloud is a seriously unsafe place to be. It's a dangerous place to store your intimate secrets and a shaky foundation on which to build a culture.
Edit: at least when it comes to PII, which I presume should include photos of you, or any personal detail of you. The content you may have posted there up until then - that might be a different story
Am I too idealistic? If such apps are not aggressively seeking hyper growth, it seems like these more trustworthy services could be deployed to cheap servers and let people use them for cheap without having to resort to selling user data.
> I have long wondered about the market size for privacy-focused apps.
The real problem is how to trust that a "privacy-focused" app is actually privacy-focused. You certainly can't take the publisher's word for it.
The only safe stance is to withhold as much personal information from as much software and services as possible.
> The real problem is how to trust that a "privacy-focused" app is actually privacy-focused
I think the real problem is actually that legislative bodies will make privacy focused apps illegal. California AB 1043 is an example of what can happen.
On one spectrum, you have privacy -- at one extreme, the most private of people don't even use social apps, they are traditionally private people. At the other extreme, you have the highest consumers of apps -- the people who demand sharing the most.
On the other spectrum, you have technical acuity -- at one extreme you have people who can audit software they use and verify that it actually does what it says -- at the other extreme, you have people who have no clue and will believe whatever is convincing.
Given this, the market for "app that enables sharing, but has privacy controls, and is verifiably so" is a tiny circle somewhere in the middle of this grid.
Ten years later, the social media revolution is in full swing, the relatively small service they built that had catered mostly to nerds was suddenly lucrative, and they sell to Match Group and this happens.
To be entirely fair to these guys, I don't think they came into it intending to sell out as their long-term goal. But four guys who got into data analytics in college also didn't find themselves as their mid-30s approached particularly wanting to run a dating service for the rest of their lives, either.
Whatever happened to FetLife? If any dating service had to be privacy-focused, that was it.
> Am I too idealistic?
Open source developers are wildly idealistic. In the rest of the world, I have finally internalized...
1. Most people say they care about privacy... but won't spend even $1 for it. They care about their privacy about as much as an open source developer cares about user experience. Just extract the tarball, it's not that hard.
2. Most people don't care about technology and want it out of their lives. They don't want to know what sideloading is. They don't want to know how to discern safe from dangerous. And they aren't wrong. How many open source developers know how to drive manual? Car enthusiasts have just as much of a righteous claim to attention, after all. The model railroad enthusiasts are also upset by our community's lack of attention. Every enthusiast, in every field, hundreds of them, are upset by lack of mainstream attention, and this will never change.
3. Linux and open source software in general are not even close to being popular on the desktop. Gaming and web browsing is a tiny subset of what people buy PCs to do, and Linux isn't even close on the rest. Even the gaming success is so niche it's irrelevant in the grand scheme of things (Switch 2 outsold 3 years Steam Deck sales in the first 24 hours).
4. Some of this optimism was deluded from the start. Like when Stallman said we can defeat proprietary software with open source, then openly admitted he had no idea how any open source developers could afford rent. "If everyone works for free, while the big companies stop working, we could get ahead" is gobsmackingly naive and it's honestly astounding anyone fell for it.
I mean, an app that starts out as "privacy focused" won't necessarily stay that way.
But it seems to be the natural outcome of the incentives, of an organization made of organisms in an entropy-based simulation.
i.e. the problem might be slightly deeper than an economic or political model. That being said, we might see something approximating post-scarcity economics in our lifetimes, which will be very interesting.
In the meantime... we might fiddle with the incentives a bit ;)
> every online service
This deserves a few qualifiers. I think this should be applied to any service that is
- "free" or "freemium"
- wrapped as a black box which gives no way out for customers.
There are plenty of companies out there who provide services based on FOSS, but we collectively shy away from paying them because it seems "silly" to pay for software that people can run for free.
Reduces anxiety.
So... Their punishment for breaking the law is having to promise to follow the law going forward?
I wish I had that superpower, too.
[0]: https://en.wikipedia.org/wiki/Biometric_Information_Privacy_...
One counter-pressure is regulation. But hey the US has a fetish about deregulation and so here we are.
I don't participate in this stuff anymore the dating app algos have put me in the ugly stack, sad but true
Also nowadays hard to tell if people are real