The Concerted Effort to Remove Data Collection Restrictions

Discussion in 'privacy general' started by MrBrian, Sep 12, 2014.

  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  2. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,089
    From one of the articles he linked to:

    http://www.slate.com/articles/techn...push_behind_a_new_take_on_privacy.single.html
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    What we need are better, and more user-friendly, approaches to prevent the collection of accurate data, and also to enable users to pollute the systems with false data that confounds analysis and/or benefits them.
     
  4. Countryboy15

    Countryboy15 Registered Member

    Joined:
    Sep 7, 2014
    Posts:
    82
    Well, it seems the problem with your suggestion is that there now is too much money to be made off of it.
     
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    That's not an issue for those who code idealistically ;)
     
  6. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    Trust us to use it properly. All will be well. Honestly. We mean it. Haven't we behaved properly in the past?
     
  7. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    We already have effective tools and approaches to the problem. Making them "user friendly" is the problem. Right off, 2 issues come to mind, javascript and 3rd party connections. Both are used for delivering necessary content and functionality to web pages. Both are also used to identify, track, and data mine the same users. In its simplest terms, the problem is how do you allow the scripts and connections that are necessary while also blocking, altering, or polluting the rest in a way that doesn't require user interaction? Blacklisting tracking code is an exercise in futility. That would be worse than trying to blacklist all of the malware. Whitelisting requires too much interaction and too many decisions from the user. Some aspects of this would be fairly simple. The known nosy scripts could be blocked or have randomized data sent to them. Connections to known trackers and adservers could be blacklisted. ETags could be blocked outright. Once you move beyond these, it becomes difficult to automate. IMO, if there was an easy or user friendly way to do this effectively, the tool would already exist.
     
  8. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Yes, it's a tough problem. Maybe it's hopeless.
     
  9. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    For the average user, it may be. For most users, something as simple as saving a PDF to the desktop and opening directly instead of viewing it in the browser is too much trouble. Until users stop valuing convenience and seamless integration over everything else, it will be hopeless. For a comparison, look at the typical user and security. Users want a security package that not only does everything for them, it also has to protect them from themselves. The scope of threats to privacy make the security issue look simple by comparison. When most every aspect of the internet and the applications that deliver it are all hostile to the users privacy, no type of privacy software or package is going to do the job for them. For users that are willing to take an active role, the necessary tools exist. As for the rest, they get out of a system what they put into it. This is too big and complex of a job for any package to do the job for them.
     
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Right. And it's far worse for smartphones. They're hostile to privacy by design.

    And people are so careless. Sexting, for example. Smartphones should be handled like guns. Maybe there should be smartphone-safety classes, required before purchase ;)
     
  11. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,089
    I'd say we have significantly effective, but often less than ideally effective, tools and approaches to "yesterday's problem". Yesterday, we had:
    • Platforms which were flexible and easily extended/modified at lower levels, generally free of built-in advertising and metrics data collection
    • Platforms and application software designed to support private computing patterns
    • Simple web standards/APIs/protocols that emphasized platform isolation, etc
    • Internet exposures coming through a small set of software that could be focused on and hardened
    • Extensive decentralization which was highly supportive of compartmentalization and selectively blocking individual threats
    Tomorrow we have:
    • Platforms which are restrictive and difficult to extend/modify in crucial ways. With advertising, tracking, and data collection built-in from the start
    • Platforms and application software that is inherently tied to the cloud, and in many cases useless without it
    • Elaborate web standards/APIs/protocols designed to open up the platform, etc
    • Internet exposures coming through a larger set of software known as "apps", running on web platforms that are more difficult to control than web browsers.
    • Extensive centralization via combined platform+store+services models, businesses gravitating towards the same major cloud platforms and services, etc. Which makes compartmentalization more difficult, and also makes it more difficult to selectively identify/block threats
    Right now there is still a very significant percentage of users who are using traditional platforms, as well as ordinary web browsers to interact with Internet sites. For now, those preferring such approaches have some options. Things don't seem too bad, at least to those who are willing to forgo various things that average users are not willing to forgo. However, nearly all new solutions are app-platform and/or cloud-based. Mainstream consumers (especially individuals, but also businesses) continue to adopt and shift over to such solutions as older platforms expire. The path is one where it is only a matter of time until the base of "traditional computing model users" is small enough that dropping support for them becomes a financially viable option.

    We could see the day when everything really is an app, running on a locked-down app platform, with traditional web browser accessible sites being far less common and/or satisfactory for our purposes. Where web crypto APIs, TPMs, EME/DRM, websocket, http2, NDN, dual-use cloud connections, mandatory cloud accounts, and/or other mechanisms are applied in ways which render older protection tools and techniques inadequate. Ultimately, we could see the day when everything is edited in the cloud, installed in the cloud, exclusively saved in the cloud, rendered in the cloud for viewing, shared between parties up in the cloud where you can't even see let alone attempt to block the sharing, etc.

    Edit: tweaked some wording, no substantial changes
     
    Last edited: Sep 14, 2014
  12. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    On the platforms you describe, would any tools of consequence even be possible? Your comparison is quite accurate. IMO, users that choose those intrusive platforms didn't value their privacy in the first place. For myself, there's no way that I'll buy a smartphone or one of those Google tablets. There's no way I'll even browse the web without Proxomitron in front of my browser to remove the tracking garbage.

    When all is said, it still comes back to the user, starting with what they value and whether the equipment they use supports those values. Users could help themselves by choosing more traditional platforms, operating systems, and applications that don't need constant contact with the cloud, but I don't see many making that choice.
     
Loading...