HN Theater @HNTheaterMonth

These Bruce Schneier Talks at Google try to explain this:

Liars and Outliers: https://youtu.be/m3NJ-Ow2Lvg

Click Here to Kill: https://youtu.be/GkJCI3_jbtg

Hidden Battles to Collect Your Data and Control Your World: https://youtu.be/GhWJTWUvc7E

Highly recommended it since you seem interested.

⬐ alexvaut

Thanks for the links, so from Bruce Schneier, the problem needs to be taken care of by citizens (politic) like it was done for many industries (car, food, pharma...). Except that this is going to be much more complex in the information era where everything is a computer. Hence there is a need to have tech people in the public sector to help decisions to be wisely made. Enforcing the rules is the only way to make the industry to change, in this case, in terms of security and privacy.

However I tend to think I have more power as a consumer than as a citizen. I spent dollars everyday while I vote every 2 years. It seems that since there is no other way, the last resort is to go through the political way. I'm happy we have governments but still, I'm convinced there is a way to convince consumer. Do you ?

⬐ ignoramous

I personally agree with Schneier. I don't see how BigTech can be made to respect privacy given the current status quo and the data wars. I think regulation and government intervention is very much necessary at this point.

In some instances, BigTech, BigTelco, and govts have incentives aligned (surveillance and censorship), so its paramount for folks part of the tech industry to help steer the conversation and laws.

You are absolutely right that we need laws and regulations to govern all the tracking that's going on, much like how call-tapping is illegal.

Bruce Schneier has written a book on the topic, and you can view him speak on it here: https://youtube.com/watch?v=GkJCI3_jbtg Highly recommend it.

I'm no expert but I do not agree with the 'failing battle' part... still quite a way to go in that regard, I think, specifically because the Math behind crypto hasn't failed us yet (ocassionally, the implementation has) and because the government agencies themselves need tech that helps them stay underground (Tor, for instance, continues to get funding from the US Government).

Is it getting difficult? Yes, absolutely. People still hold the 'nothing to hide' stance and most are okay giving up privacy esp if it means their life becomes a little more secure and things get more convenient (most would support AI powered street surveillance that helps keep tabs on criminals, for instance).

⬐ DavideNL

In the end unfortunately none of the ad/tracker blocking solutions are solid; All an app developer has to do is use an IP address to fetch ads (avoiding dns resolution and thus dns based blocking won't work.)

Or, fetching the ads from the same hostname as also used by the app itself to provide whichever service the app provides, which means that hostname can't be blocked even by a firewall because the app itself will stop working.

So i agree, the only proper solution is laws to stop the privacy abuse.

⬐ ignoramous

One could do a reverse DNS lookup and firewall the IPs too (admittedly, the IPs would have to be refreshed, and there might be issues with multi-record DNS enteries). See discussion: https://news.ycombinator.com/item?id=19258717

⬐ crankylinuxuser

The laws won't work.

The internet isn't a "US" thing. It's not a "EU" thing. It's not even a "China" thing (GFoC aside).

The internet's a worldwide thing. And that means, sure your puny law may say you can't do X (ad tracking). Ok. I'll just make a shell company in shithole country, pay some protection money, and run tracking or whatever. And that data I generate will be sold to anyone who wants to buy. I'll make it so everybody has to buy to compete - even if against the law.

And it too is a failing battle in the US. Experian, Equifax, and Transunion... If what happened regarding Equifax didn't bring the corporate death penalty either by fines or dissolution of their corporate charter, nothing will.

⬐ your-nanny

Actually, in that case the centrality or Monopoly of the Apple store and the Google play store makes regulation easier. Censure Apple or Google for the apps sold in their marketplaces that violate the law and they will be taken down.

⬐ crankylinuxuser

I'm not seeing that case for:

     1. spying apps
     2. the saudi arabian woman-tracking/permission app
     3. chinese social credit app

In the end, it makes them a pile of money, allows them to function in that country and access to that market, and nobody with power cares.

⬐ your-nanny

I'm not sure I see the objection? Are you saying that the US government doesn't have sufficient carrots and sticks to get app stores like the Apple Store or Google Play to remove apps from US markets that violate US law?

⬐ PeterisP

The advertising infrastructure is largely funded by the big advertisers, and legal issues certainly matter to them.

When (for example) Toyota is paying a bunch of money to target customers in France, they're playing with the same rules as Ford is when targeting the same customers. They don't have to do things against the law to compete in advertising, and they'll even be eager to identify competitors breaking advertising law to screw them over; there has been lots of legal action taken as a result of such industry self-policing to ensure that competitors aren't able to benefit from misleading advertising.

Sure, there are lots of businesses who would by "under the table" data and apply it illegally, and it is a huge advertising market - but it's absolutely dwarfed by the much, much, much larger advertising market funded by the major international public companies. The advertising money flowing from a single company such as Procter&Gamble or Nestle is larger than all the total advertising turnover from whole smallish industries. If you cut off the tracking-adtech companies from the legal market, it's like restricting oxygen for them - they'll still have some customers, but they'll get an order of magnitude less money to do their things.

⬐ Skunkleton

Its a failing battle to try and outsmart the people who are _professionally_ prying into your private information. You might make it harder for them, even harder to the point where you partially fall out of their datasets, but you will never truly escape. These days it isn't even enough to stop using privacy comprising technology. As I said above, the only real solution is a social one. If you try a technological solution you will always lose because you are significantly out funded.

Also: vote with your wallet. If you see a technology that aligns with your ethical goals, pay for it. To that end I will probably buy a Librem 5, even though I don't expect it will actually do much for my privacy.

Sorry. I guess the sarcasm was too dry to be obvious?

I listed down things that other nation states (NSA? Abu Gharib/Patriot Act? Wall along the Radcliffe Line?) have done in the past in response to persistent danger. And are guilty of taking populist measures at a great expense, sometimes.

There's always been such knee-jerk reaction from nation states, that then resort to drastic initiatives partly because they do not understand technologies involved (Secure Golden Key?), or they aren't held accountable as often and get away with a lot (WMDs?).

Here's Bruce Schneier on the topic https://youtu.be/GkJCI3_jbtg

Couple of reasons why I think the fuzz is approp:

1. The fact that things are already bleak doesn't justify a more bleaker tomorrow. The fact that a large section of humanity is oblivious to privacy breaches doesn't mean the select few who do care about it should stop protesting against it, regardless of behaviour of the masses [0].

2. The law makers (governments) and the king makers (tech conglomerates) shouldn't be given a free-pass to do as they please at the expense of security, privacy, free-speech, and other ethos that make internet such a powerful medium. Policies needs to be continually renewed in response to emerging threats at pace [1] and so it is important to keep naming/shaming said entities to drive the dialogue.

--

[0] Bruce Schneier on Censorship, Surveillance, Propaganda, and User Control https://www.youtube.com/watch?v=m3NJ-Ow2Lvg

[1] Bruce Schneier, again, on Security of Everything https://www.youtube.com/watch?v=GkJCI3_jbtg

⬐ iforgotpassword

Fair points. And I didn't intend to say google should go unpunished for this, in case it came across as defending them.

Added those vids to my queue, thanks.

⬐ grokas

I have a bad feeling Bruce's fears might be realized in my lifetime

⬐ daveslash

I absolutely agree with you. However, I do have a good feeling that someone (Bruce) is talking about this now. Talking about it extensively, with a consistent message (for over 20 years), building a reputation, and building a wealth of knowledge that'll be accessible to policy makers, lawmakers, and laypeople when things really start to catch on fire. When the policy makers and lawmakers start to freak out and ask "where can I learn more about this?", there will already be a wealth of Bruce's work to reference.

⬐ woodandsteel

We are so lucky to have someone like Scheier who both understands the problems at a deep level and is able to explain it to non-techy's in a way they can understand.